737e223ef8
Merge X server 21.1.8. tested by kn@ and op@.
2023-05-01 07:41:17 +00:00
8c4424dd36
Add back the meson build system to xserver.
...
Not having those file only create noise when merging upstream releases.
2023-01-22 09:21:08 +00:00
fd3c33bec8
Don't crash if the client argv or argv[0] is NULL.
...
Report from bauerm at pestilenz dot org.
With help from and ok millert@
2022-11-11 13:56:12 +00:00
68328bb5ec
Update xserver to version 21.1.4.
...
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
2022-08-31 11:25:18 +00:00
8a0d473d7b
Sync with xorg-server 21.1.3.
...
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.
This is going to be discussed again before 7.1
2022-02-20 17:41:34 +00:00
e086cf5adf
Update to xserver 21.1.0
2021-11-11 09:03:02 +00:00
9c065891c9
missing pathnames on unveil() error
2021-09-06 13:33:11 +00:00
5bd77e1667
Update to xserver 1.20.13.
2021-09-03 13:19:11 +00:00
04380bf421
GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid()
...
This adds the pid of the local clients to LocalLientCred.
ok espie@
2021-08-11 05:44:01 +00:00
93548c7ad2
don't fatally error if unveil(2) sets ENOENT
...
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
2021-02-12 12:51:53 +00:00
dc62af507f
add /dev/dri/card[0-3] to allowed devices
2021-02-12 10:40:15 +00:00
3af997a65d
Safer workaround for the "kame hack": only override sin6_scope_id if zero
...
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.
ok claudio@ matthieu@
2021-01-21 22:46:18 +00:00
1b93d47744
try to handle running out of file descriptors by refusing client connections
...
in case the X server is near the limit and only allow connections again if
there are resources freed up
this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit
with help from benno@, millert@, florian@
ok matthieu@, benno@
2021-01-10 19:33:10 +00:00
56c8d99afe
Update X server to version 1.20.10. Tested by jsg@ and naddy@
2020-12-12 09:30:50 +00:00
60964e1bb6
sync white space with upstream. No code change.
2020-06-14 16:02:38 +00:00
6b6f912425
revert local change which removed -retro flag and adjust -br to
...
properly override our default behavior of stippled root.
no objection from deraadt and kettenis
2020-06-12 14:45:55 +00:00
ad9a065c46
Release unused filedescriptors in the privileged X server process.
...
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to by deraadt. ok kettenis@ deraadt@
2020-04-20 18:17:25 +00:00
9064f8eee5
Update to xserver 1.20.8. ok jsg@ robert@
2020-04-13 08:06:58 +00:00
40d42722f6
Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@
2020-01-26 13:48:54 +00:00
9a532c5475
Update to X server 1.20.6. Tested by naddy@
2019-12-12 06:05:17 +00:00
a77e9959f3
Update to xserver 1.20.5. Tested by jsg@
2019-07-27 07:57:06 +00:00
fa30b33449
when probing for wsmouse devices, check up to wsmouse9
...
ok deraadt
2019-06-11 14:51:34 +00:00
e7e87a2ccb
Update to xserver 1.19.7. Tested by jca@ and stsp@.
2019-03-19 21:19:54 +00:00
e897f28b00
xserver's priv proc is responsible for opening devices in O_RDWR mode and send
...
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.
positive feedback from semarie@, OK matthieu@
2018-10-25 06:41:25 +00:00
d9aef29941
set MSG_CMSG_CLOEXEC when receiving file descriptors.
...
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
2018-08-06 20:11:34 +00:00
857585fc69
Update to xserver 1.19.6. bug fix release
2018-02-18 17:16:37 +00:00
1a66cad3fb
Update to xserver 1.19.5.
...
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
fe08a081d8
MFC: os: Make sure big requests have sufficient length.
...
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF. Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
2666ed3f9e
Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on
...
the xorg-devel list. Thanks
2017-03-01 19:22:36 +00:00
da8f098a38
Oops, in previous commit I forgot to remove the actual implementation
...
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list. Thanks.
2017-02-28 23:05:46 +00:00
5d64bd18eb
regen
2017-02-28 18:33:44 +00:00
e087a236fc
auth: remove AuthToIDFunc and associated functions. Not used anymore.
...
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
2017-02-28 18:32:53 +00:00
eb3d247766
MFC: Use arc4random_buf(3) if available to generate cookies.
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
9ddca5b541
MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
fd18c20e72
regen
2016-10-11 22:14:30 +00:00
6e1bcfb3c6
Update to xserver 1.18.4
...
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
e927c03e30
Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
...
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
f7d98a310c
pledge(2) for the X server privileged process. ok deraadt@
2015-11-11 21:07:49 +00:00
4c6a4e1e00
Update to xserver 1.17.4.
...
tested by naddy@
2015-11-07 16:48:51 +00:00
86ea9f12e2
Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@
2015-09-16 19:10:19 +00:00
3e477e765c
Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option.
...
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date: Fri Sep 12 11:33:48 2014 -0700
os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]
This disables the tcp listen socket by default. Then, it
uses a new xtrans interface, TRANS(Listen), to provide a command line
option to re-enable those if desired.
v2: Leave unix socket enabled by default. Add configure options.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2015-06-20 10:03:56 +00:00
5b19f6d757
Update to xserver 1.16.4.
...
Contains fix for CVE-2015-0255. ok dcoppa@
2015-02-11 20:58:46 +00:00
7db4642f69
Update to xorg-server 1.16.3.
...
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
2014-12-21 11:41:44 +00:00
797ed93386
Protocol handling issues in X Window System servers
...
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
d1b6c6dea7
No more /dev/agp0
2014-10-18 14:39:40 +00:00
64609bb78a
white space diff redux
2014-09-28 10:01:52 +00:00
4f58590a42
Update to xserver 1.16.1.
...
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
3bbfe7b179
Update to xserver 1.15.1.
...
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
511a911dd8
Update to xserver 1.14.4
2013-12-08 10:53:01 +00:00
577763cda7
Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@
2013-08-24 19:44:25 +00:00
matthieu