Commit Graph

74 Commits

Author SHA1 Message Date
matthieu
3e477e765c Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option.
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date:   Fri Sep 12 11:33:48 2014 -0700

    os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]

    This disables the tcp listen socket by default. Then, it
    uses a new xtrans interface, TRANS(Listen), to provide a command line
    option to re-enable those if desired.

    v2: Leave unix socket enabled by default. Add configure options.

    Signed-off-by: Keith Packard <keithp@keithp.com>
    Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2015-06-20 10:03:56 +00:00
matthieu
5b19f6d757 Update to xserver 1.16.4.
Contains fix for CVE-2015-0255. ok dcoppa@
2015-02-11 20:58:46 +00:00
matthieu
7db4642f69 Update to xorg-server 1.16.3.
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
2014-12-21 11:41:44 +00:00
matthieu
797ed93386 Protocol handling issues in X Window System servers
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
matthieu
d1b6c6dea7 No more /dev/agp0 2014-10-18 14:39:40 +00:00
matthieu
64609bb78a white space diff redux 2014-09-28 10:01:52 +00:00
matthieu
4f58590a42 Update to xserver 1.16.1.
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
matthieu
3bbfe7b179 Update to xserver 1.15.1.
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
matthieu
511a911dd8 Update to xserver 1.14.4 2013-12-08 10:53:01 +00:00
matthieu
577763cda7 Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ 2013-08-24 19:44:25 +00:00
kettenis
a9e4debd4a Handle more /dev/drmN devices.
ok matthieu@, jsg@
2013-08-13 18:14:31 +00:00
matthieu
adec87cf5d Update to X server 1.14.1. Tested by many during t2k13. Thanks. 2013-06-07 17:28:45 +00:00
matthieu
e26a212fd0 Regen autotools build system with a clean environment.
It was previously generated with a config pointing to OpenBSD's libtool
which is not ready yet.
2012-10-27 14:52:25 +00:00
matthieu
58d9658ddc regen 2012-10-14 08:59:33 +00:00
matthieu
1c882161e8 In priv_open_device() allow opening tty[E-J]0. While there remove
ttyD[1-7] from the list, since those devices will never get used by X.
2012-08-14 15:57:57 +00:00
matthieu
1996326d50 Fix a logic introducred in rev 1.23. The parent pid is initialized
by the main X server too late in the privsep case (already in the
unpriviliged child). So keep the early init for this case.
2012-08-12 14:06:42 +00:00
matthieu
5f8132e311 Add privsep prototypes to osdep.h 2012-08-07 20:16:12 +00:00
matthieu
c7c0180b4c In non-privilege sepration mode, avoid accidentally sending
a SIGUSR1 signal to init(8).

It can happen that xdm dies before the X server that it started.
In that case X's is reparented by init...

This is handled correctly when privilege separation is not compiled
but got overlooked in the privilege separation case.
2012-08-07 20:15:23 +00:00
matthieu
4f2bf5df6d Rename 'socket' parameter to avoid shadowing the global declaration. 2012-08-07 20:13:18 +00:00
matthieu
eb59960f12 regen autotools 2012-08-05 18:14:29 +00:00
matthieu
e60da74507 Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. 2012-06-10 13:21:05 +00:00
matthieu
b4a75b3e96 Return an error much earlier if recvmsg fails. 2012-04-04 20:34:55 +00:00
matthieu
9576ef223d Update to xserver 1.11.4. tested by krw@, shadchin@. 2012-01-31 07:52:35 +00:00
matthieu
4344ac3914 Bugfix Update to xserver 1.11.3 2011-12-18 16:08:59 +00:00
matthieu
61a7d5427d Update to xserver 1.11.2 2011-11-05 13:32:40 +00:00
matthieu
a05754665a Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.

Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
2011-10-18 14:58:36 +00:00
matthieu
b9f30b39b5 Remove warnings emitted when a device can't be opened. This
is just noise and now happens while the X autoconfiguration
code probes all /dev/wsmouse<n> devices.
If the error matters, the driver will emit a proper error
nevertheless.
2011-08-20 17:30:37 +00:00
matthieu
a4d630d049 regen 2011-06-29 19:57:45 +00:00
matthieu
4a238ea6a4 Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@ 2011-04-02 16:08:38 +00:00
matthieu
3870417379 restart recvmsg() if returning with errno==EINTR.
Fixes a crash on server reset on some machines.
Code inspired by ssh, with feedback from guenther@ and millert@
ok guenther@ miod@
2011-01-28 19:37:55 +00:00
matthieu
55b9b068ae Bring fix from rev 1.12 back once more. ok oga@. 2010-12-22 21:36:05 +00:00
matthieu
dd56fb17b5 Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@
in various configurations.
2010-12-21 20:10:44 +00:00
matthieu
428261197a Upgrade to xorg-server 1.9.2.
Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations
including multihead with both zaphod and xrandr.
2010-12-05 15:36:02 +00:00
matthieu
d57b1a146f regen (yes lots of files, since util-macros has been updated). 2010-09-01 13:43:24 +00:00
matthieu
95d684a05b Update to xserver 1.8. Tested by many. Ok oga@, todd@. 2010-07-27 19:02:24 +00:00
matthieu
49012820cb Add a configure test for newer proto headers and use it to enable
building xserver 1.6 with those headers. ok oga@.
2010-04-13 19:54:46 +00:00
matthieu
0026b7ed04 restore version 1.12 of privsep.c which got accidentally reverted
by my xserver 1.6 merge. noticed by oga@
2009-09-08 19:52:26 +00:00
matthieu
88f6f3ea75 update to xserver 1.6.4rc1. Tested by many, ok oga@. 2009-09-06 19:44:18 +00:00
oga
251e57a556 Make the !privsep and privsep paths a little more similar (still
checking the list), this allows drm to work in -keepPriv situations.

This diff has been in my tree awaiting proper testing for months, now
i'm sure it works correctly in it goes.

ok matthieu@ an aeon ago.
2009-07-14 18:25:16 +00:00
matthieu
8d98f5900d regen 2009-01-12 20:18:51 +00:00
matthieu
369cc172f4 Update to xserver 1.5.3 + latests commits on server-1.5-branch.
tested by stsp@, david@, form@, ckuethe@, oga@. thanks.
2009-01-12 20:17:47 +00:00
matthieu
60021fe985 xserver 1.5.2. tested by ckuethe@, oga@, and others. 2008-11-02 15:26:08 +00:00
matthieu
9c77348456 Close well known connections in ServerAbort().
Gets rid of dangling /tmp/.X11-unix/X0 sockets after server crash.
2008-10-30 19:59:59 +00:00
mbalmer
6ce13d3a8e Add /dev/tty04 to the list of devices privilege separated X can open.
(The IBM SurePos 500 has six serial lines and the touch screen is at
this device).

ok oga@
2008-08-28 17:50:21 +00:00
matthieu
97eda17882 Update to xserver 1.4.2. Tested by landry@, ckuethe@, jsing@ mbalmer@. 2008-06-15 00:17:32 +00:00
mbalmer
c0e3e5ed7f Add amdmsr(4) to the list of privsep devices.
ok matthieu
2008-06-14 21:37:13 +00:00
oga
4b526e486b change /dev/dri/card0 to /dev/drm0. Subdirs in /dev considered
irritating.
2008-06-12 22:20:24 +00:00
oga
bfd8533a7d Deal with devices that need to be opened differently to what we do in
privsep ( O_NONBLOCK | O_RDWR | O_EXCL) by turning the list of allowed
devices into a struct, with the flags we're supposed to use, then using
these values with open(). Add /dev/dri/card0 there too (more'll be needed to be
added when it matters).

This gives privsep with dri a chance to work.

ok matthieu
2008-06-12 18:50:19 +00:00
matthieu
48bc822959 regen. 2008-05-24 20:39:01 +00:00
matthieu
d00d2dd896 msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len).  This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis. From deraadt@
2008-03-24 21:24:52 +00:00