matthieu
737e223ef8
Merge X server 21.1.8. tested by kn@ and op@.
2023-05-01 07:41:17 +00:00
matthieu
8c4424dd36
Add back the meson build system to xserver.
...
Not having those file only create noise when merging upstream releases.
2023-01-22 09:21:08 +00:00
matthieu
fd3c33bec8
Don't crash if the client argv or argv[0] is NULL.
...
Report from bauerm at pestilenz dot org.
With help from and ok millert@
2022-11-11 13:56:12 +00:00
matthieu
68328bb5ec
Update xserver to version 21.1.4.
...
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
2022-08-31 11:25:18 +00:00
matthieu
8a0d473d7b
Sync with xorg-server 21.1.3.
...
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.
This is going to be discussed again before 7.1
2022-02-20 17:41:34 +00:00
matthieu
e086cf5adf
Update to xserver 21.1.0
2021-11-11 09:03:02 +00:00
deraadt
9c065891c9
missing pathnames on unveil() error
2021-09-06 13:33:11 +00:00
matthieu
5bd77e1667
Update to xserver 1.20.13.
2021-09-03 13:19:11 +00:00
matthieu
04380bf421
GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid()
...
This adds the pid of the local clients to LocalLientCred.
ok espie@
2021-08-11 05:44:01 +00:00
jsg
93548c7ad2
don't fatally error if unveil(2) sets ENOENT
...
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
2021-02-12 12:51:53 +00:00
jsg
dc62af507f
add /dev/dri/card[0-3] to allowed devices
2021-02-12 10:40:15 +00:00
jca
3af997a65d
Safer workaround for the "kame hack": only override sin6_scope_id if zero
...
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.
ok claudio@ matthieu@
2021-01-21 22:46:18 +00:00
robert
1b93d47744
try to handle running out of file descriptors by refusing client connections
...
in case the X server is near the limit and only allow connections again if
there are resources freed up
this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit
with help from benno@, millert@, florian@
ok matthieu@, benno@
2021-01-10 19:33:10 +00:00
matthieu
56c8d99afe
Update X server to version 1.20.10. Tested by jsg@ and naddy@
2020-12-12 09:30:50 +00:00
matthieu
60964e1bb6
sync white space with upstream. No code change.
2020-06-14 16:02:38 +00:00
jcs
6b6f912425
revert local change which removed -retro flag and adjust -br to
...
properly override our default behavior of stippled root.
no objection from deraadt and kettenis
2020-06-12 14:45:55 +00:00
matthieu
ad9a065c46
Release unused filedescriptors in the privileged X server process.
...
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to by deraadt. ok kettenis@ deraadt@
2020-04-20 18:17:25 +00:00
matthieu
9064f8eee5
Update to xserver 1.20.8. ok jsg@ robert@
2020-04-13 08:06:58 +00:00
matthieu
40d42722f6
Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@
2020-01-26 13:48:54 +00:00
matthieu
9a532c5475
Update to X server 1.20.6. Tested by naddy@
2019-12-12 06:05:17 +00:00
matthieu
a77e9959f3
Update to xserver 1.20.5. Tested by jsg@
2019-07-27 07:57:06 +00:00
jcs
fa30b33449
when probing for wsmouse devices, check up to wsmouse9
...
ok deraadt
2019-06-11 14:51:34 +00:00
matthieu
e7e87a2ccb
Update to xserver 1.19.7. Tested by jca@ and stsp@.
2019-03-19 21:19:54 +00:00
mestre
e897f28b00
xserver's priv proc is responsible for opening devices in O_RDWR mode and send
...
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.
positive feedback from semarie@, OK matthieu@
2018-10-25 06:41:25 +00:00
matthieu
d9aef29941
set MSG_CMSG_CLOEXEC when receiving file descriptors.
...
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
2018-08-06 20:11:34 +00:00
matthieu
857585fc69
Update to xserver 1.19.6. bug fix release
2018-02-18 17:16:37 +00:00
matthieu
1a66cad3fb
Update to xserver 1.19.5.
...
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
matthieu
fe08a081d8
MFC: os: Make sure big requests have sufficient length.
...
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF. Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
matthieu
2666ed3f9e
Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on
...
the xorg-devel list. Thanks
2017-03-01 19:22:36 +00:00
matthieu
da8f098a38
Oops, in previous commit I forgot to remove the actual implementation
...
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list. Thanks.
2017-02-28 23:05:46 +00:00
matthieu
5d64bd18eb
regen
2017-02-28 18:33:44 +00:00
matthieu
e087a236fc
auth: remove AuthToIDFunc and associated functions. Not used anymore.
...
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
2017-02-28 18:32:53 +00:00
matthieu
eb3d247766
MFC: Use arc4random_buf(3) if available to generate cookies.
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541
MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72
regen
2016-10-11 22:14:30 +00:00
matthieu
6e1bcfb3c6
Update to xserver 1.18.4
...
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
e927c03e30
Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
...
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
f7d98a310c
pledge(2) for the X server privileged process. ok deraadt@
2015-11-11 21:07:49 +00:00
matthieu
4c6a4e1e00
Update to xserver 1.17.4.
...
tested by naddy@
2015-11-07 16:48:51 +00:00
matthieu
86ea9f12e2
Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@
2015-09-16 19:10:19 +00:00
matthieu
3e477e765c
Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option.
...
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date: Fri Sep 12 11:33:48 2014 -0700
os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]
This disables the tcp listen socket by default. Then, it
uses a new xtrans interface, TRANS(Listen), to provide a command line
option to re-enable those if desired.
v2: Leave unix socket enabled by default. Add configure options.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2015-06-20 10:03:56 +00:00
matthieu
5b19f6d757
Update to xserver 1.16.4.
...
Contains fix for CVE-2015-0255. ok dcoppa@
2015-02-11 20:58:46 +00:00
matthieu
7db4642f69
Update to xorg-server 1.16.3.
...
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
2014-12-21 11:41:44 +00:00
matthieu
797ed93386
Protocol handling issues in X Window System servers
...
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
matthieu
d1b6c6dea7
No more /dev/agp0
2014-10-18 14:39:40 +00:00
matthieu
64609bb78a
white space diff redux
2014-09-28 10:01:52 +00:00
matthieu
4f58590a42
Update to xserver 1.16.1.
...
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
matthieu
3bbfe7b179
Update to xserver 1.15.1.
...
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
matthieu
511a911dd8
Update to xserver 1.14.4
2013-12-08 10:53:01 +00:00
matthieu
577763cda7
Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@
2013-08-24 19:44:25 +00:00