matthieu
342b1570d2
Properly validate server responses
...
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:01:03 +00:00
matthieu
269364ad66
Integer overflow on illegal server response
...
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:59:47 +00:00
matthieu
89e55bbf5a
Validation of server responses in XGetImage()
...
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:58:26 +00:00
matthieu
bd2560e2ec
The validation of server responses avoids out of boundary accesses.
...
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
2016-10-04 14:56:37 +00:00
okan
cdbe6c3bc9
Start simplifying menu code; and in turn, remove a cursor no longer
...
needed.
2016-10-03 18:43:49 +00:00
okan
6889482fc7
Defaults are split between defines and conf_init(); normalize these, as
...
well as give 'sticky' groups its own variable.
2016-10-03 14:42:34 +00:00
okan
dcdbf54e85
For both kb and mouse move, it is possible to grab a client and move it
...
completely off the screen/region; instead, if the pointer is outside of
the client bounds, warp the pointer to the closest edge before moving.
2016-10-03 13:52:17 +00:00
okan
3881d6ad85
client_ptrwarp should not deal with unhiding or raising clients (non ptr
...
requests); most callers do this already - deal with the few that do not.
client_ptrwarp becomes a simple wrapper (setpos) but it will be expanded.
2016-10-03 13:41:30 +00:00
matthieu
c542153d63
revert pixman-vmx.c to the version of pixman-0.32.8.
...
gcc 4.2 is not able to compile the new version.
XXX switch back to 0.34 once macppc switches to clang.
2016-10-03 06:57:44 +00:00
matthieu
1a97432a77
Fix ownership of fonts.dir and font.scale files as well as
...
fontconfig font caches.
mkfontdir and mkfontscale are now run out of font/alias at the end
of the build or install, like fc-cache.
fc-cache is using its -y (sysroot) flag that works if used correctly.
2016-10-02 20:55:09 +00:00
matthieu
400881a786
Fix ownership of /etc/fonts/conf.d/42-luxi-mono.conf link
2016-10-02 20:51:20 +00:00
matthieu
71be0511eb
Fix installation of libXaw.so.15.0 link.
2016-10-02 19:11:16 +00:00
matthieu
8587a95e4f
fix the ownership of the link /usr/X11R6/bin/X -> Xorg
2016-10-02 17:21:29 +00:00
matthieu
321b9b9f5f
regen
2016-10-02 17:17:04 +00:00
matthieu
b0eedeca6e
Handle the libXaw.so.xx.y symlink in afterinstall: in Makefile.bsd-wrapper
...
No more diffs with upstreams in autoconf files;
owneship of links for non-root/noperm installs is handled too.
2016-10-02 17:16:31 +00:00
matthieu
f086547c98
regen
2016-10-02 10:30:28 +00:00
matthieu
d9e10c2579
Remove local patch for platforms without shared libs
2016-10-02 10:30:06 +00:00
matthieu
99edbe0a23
Reduce diffs with upstreams
2016-10-02 10:00:36 +00:00
matthieu
836cc0eece
regen
2016-10-02 09:36:26 +00:00
matthieu
245607701d
Typo font.dir -> fonts.dir
2016-10-02 09:34:35 +00:00
tb
0ba6be2810
Explicitly set owner and group of the mouse(4) manpage symlink.
...
Needed for noperm release.
ok matthieu
2016-10-02 09:30:18 +00:00
tb
da27f01d12
Set owner and group of the XScreenSaver(3) manpage symlink.
...
Needed for noperm release.
ok matthieu
2016-10-02 09:28:53 +00:00
tb
d026ee755f
Set owner and group of the mandoc.db, the xetcsum file for sysmerge
...
and of the app-defaults symlink. Needed for noperm release.
ok matthieu
2016-10-02 09:25:23 +00:00
tb
2b5da2cd8d
Explicitly set owner and group of the symlinks in etc/fonts/conf.d and
...
of the fonts.dir and fonts.scale indexes. Needed for noperm release.
ok matthieu
2016-10-02 09:23:26 +00:00
tb
c3666a91f0
chown -h symbolic links in conf.d. Needed for noperm release.
...
There are a few remaining symlinks that will be fixed later.
ok matthieu
2016-10-02 09:19:28 +00:00
tb
7112b55027
Explicitly set owners of the xorg.db locate(1) database and of the
...
xetc.tgz set for sysmerge. Needed for noperm release.
ok matthieu
2016-10-02 09:16:22 +00:00
tb
c5b53bf9ac
Explicitly set the owner of the shell scripts in etc/X11/xdm and of the
...
chooser and xdm binaries to BINOWN:BINGRP. Needed for noperm release.
ok mathieu
2016-10-02 09:12:46 +00:00
matthieu
cb8938ecc4
Update to pixman 0.34.0.
2016-10-01 10:17:43 +00:00
okan
679d00b4fa
remove unused proto
2016-09-30 21:44:51 +00:00
okan
5a1d71fd93
Set the initial ptr position during client init, instead of waiting
...
until (maybe) a ptrwarp call. Likewise, explicitly ensure an inbounds ptr
position (same as initial) when saving.
2016-09-30 20:55:54 +00:00
okan
54cccf114b
Use instinsic X11 functions for key/btn/ptr grab/ungrab/regrab requests;
...
the one line wrappers provided no value and limited altering calls where
needed; additionally, most of them had but one caller.
2016-09-30 18:28:06 +00:00
okan
e49083a483
Replace mousefunc_sweep_draw() with a generic menu_windraw() using va
...
lists; use it appropriately for both window dimension and position in
the respective mousefunc calls.
ok bryent@
2016-09-30 15:12:19 +00:00
okan
e30959f62f
Switch to XWindowEvent() pulling out events that match the mask *and*
...
window.
2016-09-30 15:05:02 +00:00
okan
035ba40ddc
no need to unmap menu window again
2016-09-29 00:30:40 +00:00
okan
1b369f6063
Mechanical change: move screen menu bits to their own struct.
2016-09-29 00:21:55 +00:00
okan
b46a5b0b56
Inline Xft draw and extents wrappers; too much abstraction.
2016-09-28 17:06:33 +00:00
okan
7c35826ca9
Do not call sweep_draw() too early: don't yet have w/h dimensions; plus
...
we will get a MotionNotify event right away anyway, setting required
parameters.
2016-09-28 15:54:54 +00:00
matthieu
02593ff9e1
pixman: upstreams tarballs contain an empty ChangeLog.
...
So remove what we have here. Less gratuitous local changes.
2016-09-25 10:31:16 +00:00
matthieu
7c3e92162c
update
2016-09-24 19:09:33 +00:00
matthieu
2638f19466
update
2016-09-23 07:15:30 +00:00
okan
374d386034
Continue merging kb and mouse functions: fold
...
mousefunc_menu_{client,cmd,group} into the respective
kbfunc_menu_{client,cmd,group} functions; simply pass a flag down from
config denoting mouse action behaviour.
2016-09-22 14:36:03 +00:00
okan
c1ac946076
Allow ctrl-[ for abort (esc); from Benjamin Scher Purcell
2016-09-20 19:58:54 +00:00
okan
489250a384
de-static client_inbound()
2016-09-20 19:11:19 +00:00
okan
47ecd2dcf9
remove debug that accidentally snuck in
2016-09-20 18:23:12 +00:00
okan
d9f512008b
Get rid of curcc, instead cycle through the queue; removes the need for
...
client_none().
2016-09-20 18:21:32 +00:00
jca
cdd4bf21cb
Make video -i work ootb.
...
video(1) uses mmap and ioctls by default, those ioctls only work on
video(4) devices. If -i is passed, use read(2) instead of the mmap(2)
routines, instead of requiring the user to pass also pass the -g flag.
2016-09-16 20:29:03 +00:00
okan
9b943acf32
During init, query screen for _NET_ACTIVE_WINDOW and set that client as
...
active; while we already look at what's under the pointer, use this
information first, then look under the pointer (saving that round-trip).
This restores the active state to a client after restart even if the
pointer is not above it (and of course the pointer is not above another
client).
2016-09-16 14:32:02 +00:00
deraadt
cabc3c79ba
sync
2016-09-16 00:27:48 +00:00
okan
faafc6dd35
Some clients fail to setup hints at all, so initalize for them; fallout
...
from r1.218 switching to malloc - clearly missed this case.
found the hard way by brynet@
2016-09-14 21:00:24 +00:00
okan
b0ab7f2e87
Fix-up a few simple uses of client_current(): check CLIENT_ACTIVE flag
...
instead of relying on curcc.
2016-09-14 19:45:33 +00:00