matthieu
fb763cc6fe
Revert previous:
...
unbreak build with clang-16 by fixing up function definitions to match
the whole CARD64 vs uint64_t issue needs more thinking.
Suggested by kettenis@
2023-09-08 05:44:27 +00:00
robert
09bc32815c
unbreak build with clang-16 by fixing up function definitions to match
...
our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long
so the function pointer types in both glamor and xf86-video-amdgpu were
mismatched and clang-16 treats that as an error
ok matthieu@
2023-09-06 11:42:37 +00:00
miod
a012b5de33
Make sure we don't close(-1); buglet introduced in 1.26.
...
ok matthieu@
2023-08-12 16:16:25 +00:00
matthieu
737e223ef8
Merge X server 21.1.8. tested by kn@ and op@.
2023-05-01 07:41:17 +00:00
matthieu
1a68187e4c
composite: Fix use-after-free of the COW
...
CVE-2023-1393, ZDI-CAN-19866
2023-03-29 12:12:13 +00:00
matthieu
1322100d79
Xi: fix use-after-free in DeepCopyPointerClasses
...
CVE-2023-0494, ZDI-CAN-19596
2023-02-07 06:32:18 +00:00
matthieu
6c8ea4fe58
Merge xserver 21.1.6.
...
Includes a few fixes to the security patches already committed.
2023-01-22 09:44:41 +00:00
matthieu
8c4424dd36
Add back the meson build system to xserver.
...
Not having those file only create noise when merging upstream releases.
2023-01-22 09:21:08 +00:00
matthieu
49a1671770
Fix serveral X server input validation errors that can cause varios issues:
...
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
overflow
* CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
out-of-bounds access
* CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
use-after-free
* CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
use-after-free
* CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
out-of-bounds access
* CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
2022-12-14 10:29:00 +00:00
matthieu
fd3c33bec8
Don't crash if the client argv or argv[0] is NULL.
...
Report from bauerm at pestilenz dot org.
With help from and ok millert@
2022-11-11 13:56:12 +00:00
matthieu
68328bb5ec
Update xserver to version 21.1.4.
...
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
2022-08-31 11:25:18 +00:00
matthieu
6bd883d148
MFC: Multiple input validation failures in X server extensions
...
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
2022-07-12 19:18:14 +00:00
matthieu
8a0d473d7b
Sync with xorg-server 21.1.3.
...
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.
This is going to be discussed again before 7.1
2022-02-20 17:41:34 +00:00
jsg
f2d69a3523
remove 0x2972 from the intel gen 2 and 3 list
...
0x2972 is 946GZ which is gen 4
2022-02-03 23:48:52 +00:00
visa
40f054ffd7
Recommit: compiler.h: don't define inb/outb and friends on mips
...
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.
OK matthieu@
2021-12-27 04:58:36 +00:00
matthieu
c9b690e680
render: Fix out of bounds access in SProcRenderCompositeGlyphs()
...
ZDI-CAN-14192, CVE-2021-4008
2021-12-14 13:42:47 +00:00
matthieu
d016d47aa9
Xext: Fix out of bounds access in SProcScreenSaverSuspend()
...
ZDI-CAN-14951, CVE-2021-4010
2021-12-14 13:42:21 +00:00
matthieu
e66a53696b
xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
...
ZDI-CAN-14950, CVE-2021-4009
2021-12-14 13:41:38 +00:00
matthieu
43df806507
record: Fix out of bounds access in SwapCreateRegister()
...
ZDI-CAN-14952, CVE-2021-4011
2021-12-14 13:41:00 +00:00
matthieu
bf77042029
when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out of
...
bounds read. White-space fix and ok jsg@
2021-12-06 19:41:55 +00:00
matthieu
7910ce0fb2
Initialize mode->name for modes generated by libxcvt.
...
ok jsg@ on the upstream merge request.
2021-12-06 19:38:32 +00:00
jsg
20ddf00a06
don't free uninitialised pointers in glamor
...
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the
modesetting driver on amd64 would cause the xserver to
reliably crash.
problem introduced upstream in
2906ee5e4 ("glamor: Fix leak in glamor_build_program()")
which was backported to the 1.21 branch.
ok matthieu@
2021-12-03 09:34:04 +00:00
matthieu
c82bd5db57
Use the InternalEvent event structure in more places in events handlers.
...
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
2021-11-17 19:46:39 +00:00
matthieu
a406534d9c
Update to xserver 21.1.1
2021-11-11 09:10:04 +00:00
matthieu
e086cf5adf
Update to xserver 21.1.0
2021-11-11 09:03:02 +00:00
deraadt
9c065891c9
missing pathnames on unveil() error
2021-09-06 13:33:11 +00:00
matthieu
5bd77e1667
Update to xserver 1.20.13.
2021-09-03 13:19:11 +00:00
matthieu
04380bf421
GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid()
...
This adds the pid of the local clients to LocalLientCred.
ok espie@
2021-08-11 05:44:01 +00:00
matthieu
cbb2480f27
Close the console fd after probing if it's a wscons, even it fails.
...
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
2021-06-30 08:50:48 +00:00
drahn
be6f9bdd31
Initial attempt to build xserver for riscv64
...
ok matthieu@
2021-06-15 13:57:42 +00:00
matthieu
e26c45de6d
Fix XChangeFeedbackControl() request underflow.
...
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
2021-04-13 14:11:12 +00:00
visa
d9345257d8
compiler.h: don't define inb/outb and friends on mips
...
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.
Fixes clang 11 build on mips64.
Input and OK jsg@
2021-03-13 13:42:26 +00:00
matthieu
a3d4d20555
Avoid sequences of malloc(0) / free() by checking the length.
...
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git
originally from deraadt@
2021-03-13 09:43:58 +00:00
jsg
589df0861f
record: Fix undefined memcpy in RecordAClientStateChange
...
From Adam Jackson
f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git
avoids a large number of malloc(0) calls
ok deraadt@ who had almost the same diff
2021-02-26 14:10:26 +00:00
jsg
9d1e1e287e
change from /dev/drm to /dev/dri/ in xenocara
...
ok matthieu@ kettenis@
2021-02-20 05:47:46 +00:00
jsg
93548c7ad2
don't fatally error if unveil(2) sets ENOENT
...
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
2021-02-12 12:51:53 +00:00
jsg
dc62af507f
add /dev/dri/card[0-3] to allowed devices
2021-02-12 10:40:15 +00:00
jca
3af997a65d
Safer workaround for the "kame hack": only override sin6_scope_id if zero
...
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.
ok claudio@ matthieu@
2021-01-21 22:46:18 +00:00
robert
1b93d47744
try to handle running out of file descriptors by refusing client connections
...
in case the X server is near the limit and only allow connections again if
there are resources freed up
this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit
with help from benno@, millert@, florian@
ok matthieu@, benno@
2021-01-10 19:33:10 +00:00
matthieu
5b5b8e1a85
Add a root window property with the console device.
2021-01-10 09:14:48 +00:00
matthieu
56c8d99afe
Update X server to version 1.20.10. Tested by jsg@ and naddy@
2020-12-12 09:30:50 +00:00
matthieu
dbbfd61190
Check SetMap request length carefully.
...
Avoid out of bounds memory accesses on too short requests.
ZDI-CAN 11572 / CVE-2020-14360
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2020-12-01 15:25:39 +00:00
matthieu
dd9addae94
Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
...
ZDI-CAN 11389 / CVE-2020-25712
Fix from Jan-Niklas Sohn working with Trend Micro.
2020-12-01 15:21:28 +00:00
jsg
851807c713
build with --disable-dri3 when XENOCARA_BUILD_DRI is "no"
...
fixes build breakage on alpha reported by deraadt@
2020-08-28 02:20:19 +00:00
matthieu
bc29ab7850
Fix integer underflow in XRecordRegisterClients()
...
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:43:26 +00:00
matthieu
83d462e24d
Fix integer underflow in XkbSelectEvents()
...
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:42:52 +00:00
matthieu
77c86a2898
Fix an integer underflow in XIChangeHierarchy()
...
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:41:59 +00:00
matthieu
02b8f73518
Correct bounds checking in XkbSetNames()
...
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:40:59 +00:00
matthieu
0a2f4bc72f
fix for X Server Pixel Data Uninitialized Memory Information Disclosure
...
CVE-2020-14347
This vulnerability was discovered and reported to X.Org by Jan-Niklas
Sohn working with Trend Micro Zero Day Initiative.
2020-07-31 14:00:21 +00:00
matthieu
60964e1bb6
sync white space with upstream. No code change.
2020-06-14 16:02:38 +00:00