Commit Graph

5881 Commits

Author SHA1 Message Date
okan
9cb17b0e3b clean up search_match_client(); no behaviour change 2016-10-22 19:16:43 +00:00
czarkoff
b679f961ab add NetWM-compliant fullscreen support
OK jung@
2016-10-21 09:48:48 +00:00
okan
4811ec0433 Refactor callbacks to take a void * so as to not try and generalize into
client_ctx in keypress and buttonpress event handlers; pass appropriate *ctx's
based on context.

While here, limit some globals, replace defines with appropriate variables and
fix some naming.
2016-10-18 17:03:30 +00:00
deraadt
1ff45b9ce5 sync 2016-10-17 03:18:30 +00:00
jsg
7b82e376e1 update 2016-10-16 06:23:05 +00:00
jsg
ba9a17a75c sync 2016-10-16 06:19:55 +00:00
jsg
512a658c47 Merge libdrm 2.4.71 2016-10-16 06:11:11 +00:00
jsg
d855f0143e Import libdrm 2.4.71 2016-10-16 06:01:17 +00:00
matthieu
0bdf08793d Update build instructions 2016-10-14 18:29:18 +00:00
natano
97b021efa8 Port the de-escalation mechanism we have in src to xenocara's make
bootstrap/obj/build. This is now possible due to a normal build not
writing to the source tree anymore.

ok deraadt
2016-10-14 10:14:00 +00:00
okan
9a3b6b7fd4 remove another unused proto 2016-10-12 16:11:15 +00:00
matthieu
0f8f5eae25 sync 2016-10-11 22:37:16 +00:00
matthieu
ecf19b24f5 Remove the REORDER_DEPENDENCIES mechanism.
The xenocara build process is not writing in the source tree.
This and previous commits was done in cooperation with natano@
and deraadt@
2016-10-11 22:36:53 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
matthieu
c9d0110642 Force AM_MAINTAINER_MODE in all Xenocara packages built by autotools
This prevents autotools to try to rebuild themselve automagically
if configure.ac, Makefile.am or a few other have more recent time
stamps than the generated files.

It will allows to get rid of the NO_REORDER mechanism that touches
files in the source tree to ensure nothing gets rebuilt.
2016-10-11 21:54:35 +00:00
matthieu
d9fc70eb7c Remove the global 'make includes' step from 'make build'.
This is no longer needed and gets in the way of tightening
permission used during build. ok and suggestions natano@
2016-10-10 13:34:43 +00:00
matthieu
178fb5f1c1 Move headers files to 'GL/' so that the library can be built
without installed headers.
2016-10-10 13:27:14 +00:00
deraadt
f8fe4cae65 sync 2016-10-10 01:59:40 +00:00
shadchin
e505251050 update 2016-10-09 11:51:41 +00:00
shadchin
e4a819d748 Update to xkeyboard-config 2.19
ok matthieu@
2016-10-09 11:49:40 +00:00
matthieu
8cc5efb076 Provide a default clean target now that bsd.subdir.mk doesn't. 2016-10-09 09:54:56 +00:00
natano
6c14b73344 ks_tables.h is always considered out of date due to the forced rebuild
of the makekeys util. This means it's also rebuilt during install. First
as root during build, later by the BUILDUSER during release, which won't
be able to rewrite it, because it's now owned by root. With this result:

	override rw-r--r--  root/wheel for ks_tables.h?


One step closer towards noperm release builds for xenocara.

ok matthieu
2016-10-08 21:51:47 +00:00
matthieu
dde5cc23a3 Put back the NOPROFILE= that I accidentally removed in previous commit 2016-10-08 19:29:18 +00:00
matthieu
dd04a74464 use the pkg-config support from bsd.xorg.mk to handle
libGLw and libepoxy .pc files rather than manually generating them
as root in postinstall. Spotted by natano@ ok natano@.
2016-10-08 19:09:34 +00:00
matthieu
eef7efd841 update 2016-10-08 16:25:45 +00:00
matthieu
f8928160a7 Fix package version in fontconfig.pc 2016-10-08 14:09:10 +00:00
okan
a1a192d258 Rename 2 kbfunc to match closer to what they do 2016-10-06 14:53:52 +00:00
okan
a53fef7b1e Add an argument to the callbacks to pass the xevent context, button or
key press. This allows to remove a few hacks to duplicate functions only
for behaviour changes; now differing behaviours are pushed down to the
callback. Also will allow for previously unavailable actions to be bind-able
down the road.
2016-10-06 14:41:19 +00:00
okan
4e1d180946 Check the ptr bounds in the new client during cycling, since not all
actions do ptrsave, such as restoring client geometry; adapted from a
diff by Vadim Vygonets.
2016-10-06 14:30:05 +00:00
okan
4a70ba0924 More accurate to say 'toggle', rather than 'select', for group[n]/nogroup. 2016-10-05 14:01:23 +00:00
okan
62af7b9761 Add CM-a for 'nogroup' (CM-0 stays for now); update manpage to reflect. 2016-10-05 13:35:17 +00:00
okan
ddbad284c7 Stash wmname into conf. 2016-10-05 13:10:59 +00:00
okan
c42b7d0a28 When removing xrandr regions, ensure clients are within the bounds of
the screen; adapted from an ancient diff from Sviatoslav Chagaev. Things
in this area will likely change, but put this in so it works now and
serves as a reminder.
2016-10-04 20:15:55 +00:00
deraadt
13cbbbd6c0 ignore chown error (for systems which don't install a Xserver) 2016-10-04 19:48:48 +00:00
okan
a7e1d9acfc Calculate client nameqlen in client_setname(), the only place it's
needed/used.
2016-10-04 15:52:32 +00:00
okan
d592dd99f7 Turn CALMWM_NGROUPS define into variable, ngroups. 2016-10-04 15:18:20 +00:00
matthieu
e61292a300 Avoid buffer underflow on empty strings.
If an empty string is received from an x-server, do not underrun the
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
up being -1.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:11:05 +00:00
matthieu
1e4e5956d0 Protocol handling issues in libXv
The Xv query functions for adaptors and encodings suffer from out of boundary
accesses if a hostile X server sends a maliciously crafted response.

A previous fix already checks the received length against fixed values but
ignores additional length specifications which are stored inside the received
data.

These lengths are accessed in a for-loop. The easiest way to guarantee a
correct processing is by validating all lengths against the remaining size
left before accessing referenced memory.

This makes the previously applied check obsolete, therefore I removed it.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:09:40 +00:00
matthieu
ce0f69616f Out of boundary access and endless loop in libXtst
A lack of range checks in libXtst allows out of boundary accesses.
The checks have to be done in-place here, because it cannot be done
without in-depth knowledge of the read data.

If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
without a client sequence have attached data, an endless loop would
occur. The do-while-loop continues until the current index reaches
the end. But in these cases, the current index would not be
incremented, leading to an endless processing.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:08:08 +00:00
matthieu
26cabdb32f Validate lengths while parsing server data.
Individual lengths inside received server data can overflow
the previously reserved memory.

It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:05:13 +00:00
matthieu
9f957a9f79 Avoid OOB write in XRenderQueryFilters
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.

The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:03:48 +00:00
matthieu
aebb61b811 Avoid out of boundary accesses on illegal responses
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:02:31 +00:00
matthieu
342b1570d2 Properly validate server responses
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:01:03 +00:00
matthieu
269364ad66 Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.

A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:59:47 +00:00
matthieu
89e55bbf5a Validation of server responses in XGetImage()
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:58:26 +00:00
matthieu
bd2560e2ec The validation of server responses avoids out of boundary accesses.
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
2016-10-04 14:56:37 +00:00
okan
cdbe6c3bc9 Start simplifying menu code; and in turn, remove a cursor no longer
needed.
2016-10-03 18:43:49 +00:00
okan
6889482fc7 Defaults are split between defines and conf_init(); normalize these, as
well as give 'sticky' groups its own variable.
2016-10-03 14:42:34 +00:00
okan
dcdbf54e85 For both kb and mouse move, it is possible to grab a client and move it
completely off the screen/region; instead, if the pointer is outside of
the client bounds, warp the pointer to the closest edge before moving.
2016-10-03 13:52:17 +00:00
okan
3881d6ad85 client_ptrwarp should not deal with unhiding or raising clients (non ptr
requests); most callers do this already - deal with the few that do not.
client_ptrwarp becomes a simple wrapper (setpos) but it will be expanded.
2016-10-03 13:41:30 +00:00