Commit Graph

387 Commits

Author SHA1 Message Date
aoyama
55401507ab After updated to xserver 1.19.5, the con figure's default value of
--enable-glamor has changed from 'no' to 'auto'.
This makes an error running configure on luna88k, so disable it
explicitly with ${XENOCARA_BUILD_GL}=no machines.

ok jsg@
2018-03-15 10:02:36 +00:00
matthieu
857585fc69 Update to xserver 1.19.6. bug fix release 2018-02-18 17:16:37 +00:00
matthieu
6906cf1bc7 Remove code to pull softfloat libs.
It was needed at some point in the past, but doesn't compile and
isn't needed with clang. Reported by jsg@.
2018-01-20 12:25:26 +00:00
robert
b8144c0647 watch for events sent by drm(4) over kevent using EVFILT_DEVICE
and NOTE_CHANGE to notify the desktop environment to deal with
the change (e.g. after plugging in an HDMI cable)

with this change there is no need to manually do any randr commands
if your desktop environment supports it (gnome, mate, kde, etc.)

ok matthieu@, kettenis@
2018-01-15 15:30:36 +00:00
matthieu
1a66cad3fb Update to xserver 1.19.5.
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
bru
a6a6fd0c5a Use ws as default driver for touchpads.
ok matthieu@
2017-12-05 20:56:26 +00:00
matthieu
f51fea01a3 MFC: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) 2017-10-14 09:35:14 +00:00
matthieu
186982901a MFC: dbe: Unvalidated variable-length request in
ProcDbeGetVisualInfo (CVE-2017-12177)

v2: Protect against integer overflow (Alan Coopersmith)
2017-10-14 09:33:48 +00:00
matthieu
394a8aee54 MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
2017-10-14 09:32:30 +00:00
matthieu
74d10c412f MFC: Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer

[jcristau: originally this patch fixed the same issue as commit
211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the
addition of these checks]

This addresses CVE-2017-12179
2017-10-14 09:30:50 +00:00
matthieu
792e23cc09 MFC: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause
reading or swapping of values on heap behind the receive buffer.
2017-10-14 09:29:01 +00:00
matthieu
515a707d86 MFC: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
2017-10-14 09:24:30 +00:00
matthieu
d62483048a MFC: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
2017-10-14 09:22:49 +00:00
matthieu
3b3c79f0b0 MFC: Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)

This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
2017-10-14 09:20:42 +00:00
matthieu
fe08a081d8 MFC: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
matthieu
9b9efb1bdf MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
2017-10-14 09:15:11 +00:00
matthieu
fd77a34918 MFC: xkb: Escape non-printable characters correctly
XkbStringText escapes non-printable characters using octal numbers.
Such escape sequence would be at most 5 characters long ("\0123"), so
it reserves 5 bytes in the buffer. Due to char->unsigned int
conversion, it would print much longer string for negative numbers.
2017-10-14 09:12:44 +00:00
matthieu
2f2a50b99b MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
2017-10-14 09:06:06 +00:00
matthieu
c6ab499027 Force Intel Ironlake chipsets to use the xf86-video-intel driver.
stsp@ reported that modesetting(4) has been reported unreliable
on his laptop, while intel(4) works.

XXXX to be removed after 6.2 to figure out and fix the issue.

ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon.
2017-09-25 15:05:57 +00:00
matthieu
b8da768ee9 Disable SSE optimizations on i386/amd64 for SlowBcopy.
It is supposed to be slow, and when such instructions are used to copy
data from/to mapped video memory, some hypervisors (e.g. KVM,
Microsoft Hyper-V) can generate SIGILL or SIGBUS exceptions, causing
Xorg to crash.

Bug report to OpenBSD by Max Parmer, fix from FreeBSD (Dimitry Andric)
via kettenis@

ok kettenis@
2017-08-07 19:17:56 +00:00
kettenis
38475bb3b2 Create on OpenBSD-specific version of listPossibleVideoDrivers() that takes
care of autoconfiguration based on the information returned by the
WSDISPLAYIO_GTYPE ioctl of the console FD.  This should fix selection of
wsfb on loongson and sgi when using a non-KMS kernel driver.

ok matthieu@, jsg@
2017-08-07 12:30:34 +00:00
kettenis
d74e2cb101 Use the modesetting driver by default on 4th generation Intel Graphics and
later.  This matches what several Linux distros do these days as it tends to
work better than the intel driver in most cases.

There are some performance issues with vncviewer on at least Ivy Bridge and
Haswell.  But for now that regression outweighs the benefits.

ok robert@, tedu@, sthen@
2017-07-14 11:38:05 +00:00
kettenis
11bfbfff1e Add code to update the value of the RandR "Backlight" property based on the
KMS connector property of the same name if such a property is present.

ok matthieu@
2017-07-12 20:08:07 +00:00
matthieu
1862f5487a Merge upstream fixes to the X event swapping code.
(CVE-2017-10971 and CVE-2017-10972).
2017-07-07 06:22:19 +00:00
visa
55a8e552e5 Make X work with radeondrm(4) hardware on loongson.
OK jsg@
2017-05-21 13:18:29 +00:00
jsg
f372d76f12 make xserver build on arm64
ok matthieu@
2017-03-07 03:40:33 +00:00
matthieu
2666ed3f9e Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on
the xorg-devel list. Thanks
2017-03-01 19:22:36 +00:00
matthieu
da8f098a38 Oops, in previous commit I forgot to remove the actual implementation
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list.  Thanks.
2017-02-28 23:05:46 +00:00
matthieu
5d64bd18eb regen 2017-02-28 18:33:44 +00:00
matthieu
e087a236fc auth: remove AuthToIDFunc and associated functions. Not used anymore.
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
2017-02-28 18:32:53 +00:00
matthieu
eb3d247766 MFC: Use arc4random_buf(3) if available to generate cookies.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541 MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
deraadt
13cbbbd6c0 ignore chown error (for systems which don't install a Xserver) 2016-10-04 19:48:48 +00:00
matthieu
8587a95e4f fix the ownership of the link /usr/X11R6/bin/X -> Xorg 2016-10-02 17:21:29 +00:00
matthieu
b9d0c0fb7c Fix a bunch of gcc warnings.
- constify name field
- rename devname -> devnam
- replace deprecated Xprintf() with asprintf()
2016-09-12 21:57:14 +00:00
matthieu
595a0e50e5 sys/select.h -> sys/time.h 2016-09-12 21:46:25 +00:00
matthieu
d2533042e8 Fix build after headers cleanup.
include wscons headers after sys/ioct.h and sys/select.h
with deraadt@ and kettenis@
2016-09-12 21:44:30 +00:00
guenther
8113144b81 Remove zaurus keyboard model
ok matthieu@
2016-09-03 14:58:02 +00:00
matthieu
ee65902dd0 Kill remaining HP300 bits 2016-08-13 14:05:23 +00:00
matthieu
6e1bcfb3c6 Update to xserver 1.18.4
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
185312ce1c xserver: fix an off-by-one error that lead to asprintf("%s", NULL)
reported by deraadt@, fix reviewed in X.Org by Keith Packard.
2016-08-03 19:31:23 +00:00
matthieu
7d876864d7 Merge the build of Xephyr in the main xserver build.
Recent X server doesn't require to build the DIX with different
options for xfree86 and kdrive.

Tested for beeing a no-op on m88k by Kenji Aoyama. Thanks
2016-07-30 12:18:35 +00:00
matthieu
e927c03e30 Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
5b07d03465 No more hppa64 2016-05-12 07:19:50 +00:00
matthieu
6b14cdf954 Fix white space/indentation to match X.Org style. 2016-04-24 17:21:55 +00:00
matthieu
a009af0b91 Fall back to /dev/ttyC0 when the console device is not a wsdisplay(4)
Problem noticed by sthen@.
2016-04-24 17:20:04 +00:00
matthieu
a096d7ad4a Don't build the PCVT console backend anymore. 2016-04-02 16:57:58 +00:00
matthieu
3b5e851da5 Implement VT switching (based on the USL compat interface) in the
wscons console backend and use it by default.
ok kettenis@
2016-04-02 14:25:10 +00:00
matthieu
e44b23d20c Make alpha_video.c build in recent X server.
Completely broken on VGA cards (libpciaccess doesn't know about
the alpha specific ways of mapping the PCI space),
only XRender is broken on TGA cards.
2016-03-27 18:48:41 +00:00