mestre
2288d216a5
If input_name is provided we can unveil(2) it with read permissions, if
...
output_name is provided we need to unveil(2) this one with rwc. Additionally
depending on the different combinations of if these files are passed via args
or from stdin/to stdout we can also pledge(2) accordingly to the code path.
OK deraadt@
2018-10-26 17:12:03 +00:00
deraadt
d9d5fc591a
Disable setuid on the X server. We have always known it is a trash fire
...
and we held out hope too long. This will break some stuff. Let's start
with non-setuid as the baseline, and see if it is worth trying to fix
the broken parts in some other way.
2018-10-25 21:55:18 +00:00
matthieu
2d6e93a5b7
MFC: Disable -logfile and -modulepath when running with elevated
...
privileges. This Could cause arbitrary files overwrite.
CVE-2018-14665.
2018-10-25 15:44:27 +00:00
mestre
e897f28b00
xserver's priv proc is responsible for opening devices in O_RDWR mode and send
...
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.
positive feedback from semarie@, OK matthieu@
2018-10-25 06:41:25 +00:00
jsg
45bb3d5b2d
sync
2018-10-23 08:15:04 +00:00
jsg
0a79225c68
update
2018-10-23 06:46:39 +00:00
jsg
19f2c52c66
Merge Mesa 17.3.9
...
Mesa 18.x needs an ld with build-id for at least the intel code
Mesa 18.2 assumes linux only memfd syscalls in intel code
Tested by matthieu@, kettenis@ and myself on a variety of hardware and
architectures. ok kettenis@
2018-10-23 06:35:32 +00:00
jsg
587354b697
Import Mesa 17.3.9
2018-10-23 05:40:45 +00:00
matthieu
2c83b87d07
update
2018-10-20 19:26:12 +00:00
matthieu
5c831511f8
Update to libSM 1.2.3
2018-10-20 19:25:32 +00:00
matthieu
7070f339ed
Update to libX11 1.6.7
2018-10-20 19:23:25 +00:00
matthieu
edd3ecfc7c
Explicitely disable xf86misc
2018-10-20 19:09:19 +00:00
matthieu
792e7828ab
update
2018-10-16 19:33:35 +00:00
matthieu
71dca55fd9
Update to libxcb 1.13.1, a small bug fix release.
...
ok naddy@
2018-10-04 20:17:48 +00:00
matthieu
4a94cb7b79
update
2018-09-30 08:58:33 +00:00
deraadt
f6e29c09b7
sync
2018-09-27 03:41:24 +00:00
deraadt
97f61bb6a9
sync
2018-09-18 13:30:35 +00:00
jsg
227a344eb5
update
2018-09-13 12:05:53 +00:00
jsg
e30e37f12c
sync
2018-09-13 12:04:37 +00:00
jsg
d4accf8419
Merge libdrm 2.4.94
2018-09-13 12:02:27 +00:00
jsg
a81d3f52ae
Import libdrm 2.4.94
2018-09-13 11:55:15 +00:00
matthieu
1bd966a0de
update
2018-09-11 19:38:31 +00:00
matthieu
2c9ca21d14
sync
2018-09-11 19:35:55 +00:00
matthieu
bba3e9eeb5
Update to libxcb 1.13. ok tb@
2018-09-11 19:34:56 +00:00
matthieu
cf8b8cfede
Update to xcb-proto 1.13. ok tb@
2018-09-11 19:31:11 +00:00
matthieu
f4445f7d08
Add an option to disable the active area. From Sebastien Marie.
...
ok claudio@ Thanks.
2018-09-06 07:21:34 +00:00
deraadt
5ee5cf05ca
sync
2018-08-28 06:41:41 +00:00
kettenis
d5e3922245
Build radeon drivers on arm64.
...
ok jsg@, matthieu@
2018-08-27 15:04:15 +00:00
kettenis
cca6245e3f
Build xf86-video-ati on arm64.
...
ok jsg@, matthieu@
2018-08-27 15:03:23 +00:00
matthieu
809bf3c6dd
update
2018-08-23 20:44:11 +00:00
matthieu
c73330a68c
sync
2018-08-23 20:42:57 +00:00
matthieu
b39f51f9a1
Udate to libX11 1.6.6. bug fixes release - no API/ABI changes.
2018-08-23 19:38:11 +00:00
kettenis
8869fa7f9c
Initialize PCI subsystem on arm64.
...
ok matthieu@
2018-08-20 21:48:55 +00:00
matthieu
e3db5b957d
update
2018-08-15 11:03:19 +00:00
matthieu
e28c499980
Use priv_open_device() to open the dri device in glamor_dri3_open_client().
...
Fixes DRI3 with Xserver running as _x11 with xenodm.
close-on-exec is now default for priv_open_device().
ok kettenis@
2018-08-06 20:14:04 +00:00
matthieu
d9aef29941
set MSG_CMSG_CLOEXEC when receiving file descriptors.
...
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
2018-08-06 20:11:34 +00:00
matthieu
857c4a5264
libXpresent depends on libXrandr. Noticed by naddy@. Thanks
2018-08-06 15:09:42 +00:00
matthieu
3cefccc9c7
update
2018-08-05 12:21:23 +00:00
matthieu
1c54b6db3b
sync
2018-08-05 12:21:07 +00:00
matthieu
8f7485cfef
Link libXpresent to the build.
2018-08-05 12:20:17 +00:00
matthieu
6075741e3c
regen
2018-08-05 12:10:01 +00:00
matthieu
97a2cbad8d
add BSD build infrastructure
2018-08-05 12:06:41 +00:00
matthieu
d92eed431d
Import libXpresent version 1.0.0
2018-08-05 12:04:39 +00:00
jcs
65b51547fb
setup WSMOUSE_TYPE_TOUCHPAD devices to use ws driver by default, but
...
allow them to work with xf86-input-synaptics
with and ok bru@
2018-07-30 16:00:39 +00:00
matthieu
02339cbc79
use #define XXX 0 to explicitelty disable an option.
2018-07-21 09:31:22 +00:00
matthieu
214a961ee2
Explicitely disable paste64 and readline options, to disable bracketed paste.
...
readline was not enabled, but paste64 which was on by default enables it.
requested by deraadt@
2018-07-21 09:16:42 +00:00
matthieu
3d6a226675
Typo. Reported by feinerer@. Thanks.
2018-07-19 12:45:31 +00:00
matthieu
5ea3272c22
Document how to update XCB
2018-07-19 12:14:37 +00:00
matthieu
bbb3c76e2e
Remove the code that allowed to install xcbgen under /usr/X11R6/lib/
...
We can now use x11/py-xcbgen if needed.
2018-07-19 11:58:46 +00:00
matthieu
437b06c43f
Document the use of this Makefile with x11/py-xcbgen.
...
(not part of standard xenocara builds)
2018-07-19 11:52:37 +00:00