openbsd-baikal
/
openbsd-xenocara
mirror of https://github.com/openbsd/xenocara
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,468 Commits
1 Branch
0 Tags
542 MiB
Commit Graph

468 Commits (master)

Author SHA1 Message Date
matthieu fb763cc6fe Revert previous: 
unbreak build with clang-16 by fixing up function definitions to match
the whole CARD64 vs uint64_t issue needs more thinking.
Suggested by kettenis@
 2023-09-08 05:44:27 +00:00
robert 09bc32815c unbreak build with clang-16 by fixing up function definitions to match 
our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long
so the function pointer types in both glamor and xf86-video-amdgpu were
mismatched and clang-16 treats that as an error

ok matthieu@
 2023-09-06 11:42:37 +00:00
miod a012b5de33 Make sure we don't close(-1); buglet introduced in 1.26. 
ok matthieu@
 2023-08-12 16:16:25 +00:00
matthieu 737e223ef8 Merge X server 21.1.8. tested by kn@ and op@. 2023-05-01 07:41:17 +00:00
matthieu 1a68187e4c composite: Fix use-after-free of the COW 
CVE-2023-1393, ZDI-CAN-19866
 2023-03-29 12:12:13 +00:00
matthieu 1322100d79 Xi: fix use-after-free in DeepCopyPointerClasses 
CVE-2023-0494, ZDI-CAN-19596
 2023-02-07 06:32:18 +00:00
matthieu 6c8ea4fe58 Merge xserver 21.1.6. 
Includes a few fixes to the security patches already committed.
 2023-01-22 09:44:41 +00:00
matthieu 8c4424dd36 Add back the meson build system to xserver. 
Not having those file only create noise when merging upstream releases.
 2023-01-22 09:21:08 +00:00
matthieu 49a1671770 Fix serveral X server input validation errors that can cause varios issues: 
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
  overflow
* CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
  out-of-bounds access
* CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
  use-after-free
* CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
  use-after-free
* CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
  out-of-bounds access
* CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
 2022-12-14 10:29:00 +00:00
matthieu fd3c33bec8 Don't crash if the client argv or argv[0] is NULL. 
Report from  bauerm at pestilenz dot org.
With help from and ok millert@
 2022-11-11 13:56:12 +00:00
matthieu 68328bb5ec Update xserver to version 21.1.4. 
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
 2022-08-31 11:25:18 +00:00
matthieu 6bd883d148 MFC: Multiple input validation failures in X server extensions 
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
 2022-07-12 19:18:14 +00:00
matthieu 8a0d473d7b Sync with xorg-server 21.1.3. 
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.

This is going to be discussed again before 7.1
 2022-02-20 17:41:34 +00:00
jsg f2d69a3523 remove 0x2972 from the intel gen 2 and 3 list 
0x2972 is 946GZ which is gen 4
 2022-02-03 23:48:52 +00:00
visa 40f054ffd7 Recommit: compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

OK matthieu@
 2021-12-27 04:58:36 +00:00
matthieu c9b690e680 render: Fix out of bounds access in SProcRenderCompositeGlyphs() 
ZDI-CAN-14192, CVE-2021-4008
 2021-12-14 13:42:47 +00:00
matthieu d016d47aa9 Xext: Fix out of bounds access in SProcScreenSaverSuspend() 
ZDI-CAN-14951, CVE-2021-4010
 2021-12-14 13:42:21 +00:00
matthieu e66a53696b xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() 
ZDI-CAN-14950, CVE-2021-4009
 2021-12-14 13:41:38 +00:00
matthieu 43df806507 record: Fix out of bounds access in SwapCreateRegister() 
ZDI-CAN-14952, CVE-2021-4011
 2021-12-14 13:41:00 +00:00
matthieu bf77042029 when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out of 
bounds read. White-space fix and ok jsg@
 2021-12-06 19:41:55 +00:00
matthieu 7910ce0fb2 Initialize mode->name for modes generated by libxcvt. 
ok jsg@ on the upstream merge request.
 2021-12-06 19:38:32 +00:00
jsg 20ddf00a06 don't free uninitialised pointers in glamor 
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the
modesetting driver on amd64 would cause the xserver to
reliably crash.

problem introduced upstream in
2906ee5e4 ("glamor: Fix leak in glamor_build_program()")
which was backported to the 1.21 branch.

ok matthieu@
 2021-12-03 09:34:04 +00:00
matthieu c82bd5db57 Use the InternalEvent event structure in more places in events handlers. 
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
 2021-11-17 19:46:39 +00:00
matthieu a406534d9c Update to xserver 21.1.1 2021-11-11 09:10:04 +00:00
matthieu e086cf5adf Update to xserver 21.1.0 2021-11-11 09:03:02 +00:00
deraadt 9c065891c9 missing pathnames on unveil() error 2021-09-06 13:33:11 +00:00
matthieu 5bd77e1667 Update to xserver 1.20.13. 2021-09-03 13:19:11 +00:00
matthieu 04380bf421 GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() 
This adds the pid of the local clients to LocalLientCred.
ok espie@
 2021-08-11 05:44:01 +00:00
matthieu cbb2480f27 Close the console fd after probing if it's a wscons, even it fails. 
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
 2021-06-30 08:50:48 +00:00
drahn be6f9bdd31 Initial attempt to build xserver for riscv64 
ok matthieu@
 2021-06-15 13:57:42 +00:00
matthieu e26c45de6d Fix XChangeFeedbackControl() request underflow. 
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
 2021-04-13 14:11:12 +00:00
visa d9345257d8 compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

Fixes clang 11 build on mips64.

Input and OK jsg@
 2021-03-13 13:42:26 +00:00
matthieu a3d4d20555 Avoid sequences of malloc(0) / free() by checking the length. 
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git

originally from deraadt@
 2021-03-13 09:43:58 +00:00
jsg 589df0861f record: Fix undefined memcpy in RecordAClientStateChange 
From Adam Jackson
f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git

avoids a large number of malloc(0) calls
ok deraadt@ who had almost the same diff
 2021-02-26 14:10:26 +00:00
jsg 9d1e1e287e change from /dev/drm to /dev/dri/ in xenocara 
ok matthieu@ kettenis@
 2021-02-20 05:47:46 +00:00
jsg 93548c7ad2 don't fatally error if unveil(2) sets ENOENT 
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
 2021-02-12 12:51:53 +00:00
jsg dc62af507f add /dev/dri/card[0-3] to allowed devices 2021-02-12 10:40:15 +00:00
jca 3af997a65d Safer workaround for the "kame hack": only override sin6_scope_id if zero 
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.

ok claudio@ matthieu@
 2021-01-21 22:46:18 +00:00
robert 1b93d47744 try to handle running out of file descriptors by refusing client connections 
in case the X server is near the limit and only allow connections again if
there are resources freed up

this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit

with help from benno@, millert@, florian@

ok matthieu@, benno@
 2021-01-10 19:33:10 +00:00
matthieu 5b5b8e1a85 Add a root window property with the console device. 2021-01-10 09:14:48 +00:00
matthieu 56c8d99afe Update X server to version 1.20.10. Tested by jsg@ and naddy@ 2020-12-12 09:30:50 +00:00
matthieu dbbfd61190 Check SetMap request length carefully. 
Avoid out of bounds memory accesses on too short requests.

ZDI-CAN 11572 /  CVE-2020-14360
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
 2020-12-01 15:25:39 +00:00
matthieu dd9addae94 Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows 
ZDI-CAN 11389 / CVE-2020-25712
Fix from Jan-Niklas Sohn working with Trend Micro.
 2020-12-01 15:21:28 +00:00
jsg 851807c713 build with --disable-dri3 when XENOCARA_BUILD_DRI is "no" 
fixes build breakage on alpha reported by deraadt@
 2020-08-28 02:20:19 +00:00
matthieu bc29ab7850 Fix integer underflow in XRecordRegisterClients() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:43:26 +00:00
matthieu 83d462e24d Fix integer underflow in XkbSelectEvents() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:42:52 +00:00
matthieu 77c86a2898 Fix an integer underflow in XIChangeHierarchy() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:41:59 +00:00
matthieu 02b8f73518 Correct bounds checking in XkbSetNames() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:40:59 +00:00
matthieu 0a2f4bc72f fix for X Server Pixel Data Uninitialized Memory Information Disclosure 
CVE-2020-14347

This vulnerability was discovered and reported to X.Org by Jan-Niklas
Sohn working with Trend Micro Zero Day Initiative.
 2020-07-31 14:00:21 +00:00
matthieu 60964e1bb6 sync white space with upstream. No code change. 2020-06-14 16:02:38 +00:00