Commit Graph

6110 Commits

Author SHA1 Message Date
okan
52a26c6c07 spacing 2017-12-07 15:39:47 +00:00
bru
a6a6fd0c5a Use ws as default driver for touchpads.
ok matthieu@
2017-12-05 20:56:26 +00:00
bru
6ca401a7ef Use ws as default driver for touchpads.
ok matthieu@
2017-12-05 20:51:11 +00:00
okan
ca283e4b1e Revert r1.109 (Switch to XWindowEvent() pulling out events that match the mask
*and* window.) of mousefunc.c. When a client destroys itself while we are
moving or resizing it, XWindowEvent() blocks. Found the hard way by Anton
Lazarov, and Lea°hNeukirchen found the right bit to revert - thanks! Reverting
since the reason to switch from XMaskEvent was unclear.
2017-11-30 18:18:51 +00:00
matthieu
a7369a3ccd update 2017-11-28 15:48:14 +00:00
matthieu
a53d7d2e18 Update to libXfont2 2.0.3 2017-11-28 15:47:53 +00:00
matthieu
698c744cef Update to libXfont 1.5.4 2017-11-28 15:47:29 +00:00
matthieu
e19bfc2895 Update to libXcursor 1.1.15 2017-11-28 15:46:58 +00:00
matthieu
4959227bfa update 2017-11-26 18:23:34 +00:00
matthieu
c2b83f553e MFC: adapt to XF86_CRTC_VERSION 7 2017-11-26 17:06:41 +00:00
matthieu
3cd2eaf67e MFC: Adapt to video API 22 2017-11-26 17:03:40 +00:00
matthieu
cc0541860a Adapt xf86-video-intel to xserver 1.19 ABI changes. Mostly
from upstreams commits.
Tested by many. Thanks.
2017-11-19 20:16:12 +00:00
matthieu
e172c9b2ce xdm -> xenodm in log and error messages 2017-11-12 17:10:12 +00:00
matthieu
663938b0b9 xf86-input-acecad: adapt to latest xserver input driver API. 2017-11-11 17:12:40 +00:00
schwarze
058038d574 use the proper macros in the AUTHORS section 2017-11-09 19:13:03 +00:00
matthieu
2219203c38 Use SA_RESETHAND rather than SA_ONESHOT
The latter is an obsolete non-standard, Linux only synonym for the
former. This caused syndaemon(1) to enter an an infinite loop whenever
it receives a SIGINT signal. Patch from  Luca Castagnini.  Thanks.
2017-10-29 09:29:52 +00:00
matthieu
c48e946165 This file isn't built anymore. So remove diffs with upstreams. 2017-10-23 17:28:26 +00:00
matthieu
a4b3344173 update 2017-10-23 17:13:17 +00:00
matthieu
d13adfd89f Unlink libpthread-stubs from xenocara builds.
ok sthen@ who will take care of the ports tree. Also ok espie@
2017-10-23 16:56:59 +00:00
matthieu
4b98ce0cc0 Remove all references to libpthread-stubs from xenocara.
"looks sane" guenther@.
2017-10-23 16:50:28 +00:00
matthieu
e58671c122 update 2017-10-22 09:22:17 +00:00
matthieu
017335785c update 2017-10-22 09:21:07 +00:00
matthieu
ea773baf11 update 2017-10-22 09:20:29 +00:00
matthieu
baa4f17b3a Update to libXfont2 2.0.2.
Not yet linked to the build
2017-10-22 09:19:25 +00:00
matthieu
92ff90df14 Update to libXfont 1.5.3.
No actual change since individual commits were already merged.
2017-10-22 09:18:25 +00:00
matthieu
d206353647 sync 2017-10-22 09:14:50 +00:00
matthieu
b9ca6f3dea Update to libXRes 1.2.0 2017-10-22 09:14:28 +00:00
matthieu
f51fea01a3 MFC: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) 2017-10-14 09:35:14 +00:00
matthieu
186982901a MFC: dbe: Unvalidated variable-length request in
ProcDbeGetVisualInfo (CVE-2017-12177)

v2: Protect against integer overflow (Alan Coopersmith)
2017-10-14 09:33:48 +00:00
matthieu
394a8aee54 MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
2017-10-14 09:32:30 +00:00
matthieu
74d10c412f MFC: Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer

[jcristau: originally this patch fixed the same issue as commit
211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the
addition of these checks]

This addresses CVE-2017-12179
2017-10-14 09:30:50 +00:00
matthieu
792e23cc09 MFC: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause
reading or swapping of values on heap behind the receive buffer.
2017-10-14 09:29:01 +00:00
matthieu
515a707d86 MFC: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
2017-10-14 09:24:30 +00:00
matthieu
d62483048a MFC: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
2017-10-14 09:22:49 +00:00
matthieu
3b3c79f0b0 MFC: Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)

This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
2017-10-14 09:20:42 +00:00
matthieu
fe08a081d8 MFC: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
matthieu
9b9efb1bdf MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
2017-10-14 09:15:11 +00:00
matthieu
fd77a34918 MFC: xkb: Escape non-printable characters correctly
XkbStringText escapes non-printable characters using octal numbers.
Such escape sequence would be at most 5 characters long ("\0123"), so
it reserves 5 bytes in the buffer. Due to char->unsigned int
conversion, it would print much longer string for negative numbers.
2017-10-14 09:12:44 +00:00
matthieu
2f2a50b99b MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
2017-10-14 09:06:06 +00:00
matthieu
7e1ada6240 MFC: pcfGetProperties: Check string boundaries (CVE-2017-13722)
Without the checks a malformed PCF file can cause the library to make
atom from random heap memory that was behind the `strings` buffer.
This may crash the process or leak information.
2017-10-14 09:03:00 +00:00
matthieu
dadc83bba7 MFC: Check for end of string in PatternMatch (CVE-2017-13720)
If a pattern contains '?' character, any character in the string is skipped,
even if it is '\0'. The rest of the matching then reads invalid memory.
2017-10-14 09:02:08 +00:00
matthieu
ca5563feca Remove xdm. Unhooked since more than 6 months. 2017-10-12 19:32:43 +00:00
matthieu
08a235a628 chown before chmod
This prevents a malicious user logging out from calling
chmod while still owning /dev/console and thus by-passing
the '622' mode that is set here.

Issue reported by Tim Chase. Thanks.


Merged from xdm upstreams
2017-10-04 18:28:59 +00:00
matthieu
c6ab499027 Force Intel Ironlake chipsets to use the xf86-video-intel driver.
stsp@ reported that modesetting(4) has been reported unreliable
on his laptop, while intel(4) works.

XXXX to be removed after 6.2 to figure out and fix the issue.

ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon.
2017-09-25 15:05:57 +00:00
matthieu
b11b21f03a updates 2017-09-17 10:54:40 +00:00
okan
b853354218 Case matters for menu matching on executables; from ben@lloyd.im. 2017-09-06 14:15:13 +00:00
deraadt
5150e677a9 backout hard-coded behaviour change which was not discussed, in
particular no justification for why the current behaviour is wrong
2017-09-05 17:48:07 +00:00
dcoppa
44401622e1 amend comment 2017-08-30 07:59:00 +00:00
dcoppa
7055fe14e7 Use 'unix:0' for the DISPLAY environment variable
ok matthieu@
2017-08-30 07:48:56 +00:00
anton
12dfb02fe0 Fix error check according to the secure idiom described in the snprintf(3)
manual.

ok dcoppa@
2017-08-29 08:50:37 +00:00