Commit Graph

424 Commits

Author SHA1 Message Date
matthieu
bc29ab7850 Fix integer underflow in XRecordRegisterClients()
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:43:26 +00:00
matthieu
83d462e24d Fix integer underflow in XkbSelectEvents()
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:42:52 +00:00
matthieu
77c86a2898 Fix an integer underflow in XIChangeHierarchy()
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:41:59 +00:00
matthieu
02b8f73518 Correct bounds checking in XkbSetNames()
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2020-08-25 15:40:59 +00:00
matthieu
0a2f4bc72f fix for X Server Pixel Data Uninitialized Memory Information Disclosure
CVE-2020-14347

This vulnerability was discovered and reported to X.Org by Jan-Niklas
Sohn working with Trend Micro Zero Day Initiative.
2020-07-31 14:00:21 +00:00
matthieu
60964e1bb6 sync white space with upstream. No code change. 2020-06-14 16:02:38 +00:00
jcs
6b6f912425 revert local change which removed -retro flag and adjust -br to
properly override our default behavior of stippled root.

no objection from deraadt and kettenis
2020-06-12 14:45:55 +00:00
matthieu
ad9a065c46 Release unused filedescriptors in the privileged X server process.
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to  by deraadt. ok kettenis@ deraadt@
2020-04-20 18:17:25 +00:00
matthieu
806accb3da Remove unused files. 2020-04-18 09:41:18 +00:00
matthieu
ac0e12b4da dix: do not send focus event when grab actually does not change
upstream commit 364d64981549544213e2bca8de6ff8a5b2b5a69e

Fixes an issue in xserver 1.20 where some applications were loosing
focus. Naddy@ reported it appeards in SDL 1.2 games (burgerspace).

tested and ok naddy@
2020-04-14 17:29:21 +00:00
matthieu
9064f8eee5 Update to xserver 1.20.8. ok jsg@ robert@ 2020-04-13 08:06:58 +00:00
kettenis
fb24e5a8dd Use modesetting driver as the default for rkdrm(4).
ok patrick@, jsg@
2020-03-04 21:07:12 +00:00
matthieu
40d42722f6 Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ 2020-01-26 13:48:54 +00:00
matthieu
9a532c5475 Update to X server 1.20.6. Tested by naddy@ 2019-12-12 06:05:17 +00:00
kettenis
35220e47ea Add modesetting driver as a fall-back when appropriate such that we can
use it when running withour root privileges which prevents us from
scanning the PCI bus.

This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4),
radeondrm(4) and amdgpu(4).  In some cases this will result in using a
different driver than with xenodm(4) which may expose issues (e.g. when
we prefer the intel Xorg driver) or loss of acceleration (e.g. older
cards supported by radeondrm(4)).

ok jsg@, matthieu@
2019-09-15 12:31:08 +00:00
jsg
5e7792301a sync i965 pci ids with xserver git master
ok matthieu@
2019-08-24 01:20:16 +00:00
jsg
38e2fafc5f remove duplicate ids added by patch in xserver 1.20.5 update
ok matthieu@
2019-08-24 01:15:31 +00:00
matthieu
1e4dc55ae1 Don't prune duplicate modes there.
This function removes too many modes, causing trouble with the vesa
driver at least.  Problem reported by semarie@. Thanks.
2019-08-15 14:48:45 +00:00
matthieu
d719f7f316 Remove one more file that is no longer part of upstream tarballs.
Missed in previous commit.
2019-08-03 17:19:54 +00:00
matthieu
95df71afbd Remove files that are no longer part of upstream tarballs.
They accumulated over releases for various reasons.
No build change.
2019-08-03 16:56:01 +00:00
matthieu
a77e9959f3 Update to xserver 1.20.5. Tested by jsg@ 2019-07-27 07:57:06 +00:00
jcs
fa30b33449 when probing for wsmouse devices, check up to wsmouse9
ok deraadt
2019-06-11 14:51:34 +00:00
0f8d0b1f14 Enable colemak
OK matthieu@
2019-05-11 16:30:32 +00:00
jsg
4fd0ec7f37 Backport cf7517675d988c2d1ff967d6d162a17acbdad46 from xserver 1.20
xfree86: Hold input_lock across SPRITE functions in VGA arbiter

Fixes stack overflow crash with VGA arbiter used with multi GPU systems.
Report and fix identified by 'Joe M' on misc@. ok matthieu@
2019-04-28 03:12:53 +00:00
bentley
63a1f613db When checking keyboard variants, perform a stricter comparison.
This prevents kbd(8) layouts with particular bitmasks from being
wrongly detected as French.

Broken behavior reported by Diogo Galvao; thanks!

ok mpi@ matthieu@
2019-04-06 13:51:18 +00:00
matthieu
e7e87a2ccb Update to xserver 1.19.7. Tested by jca@ and stsp@. 2019-03-19 21:19:54 +00:00
jsg
c423099260 sync xserver dri2 pci_ids with the latest Mesa
the modesetting driver uses these to pick a dri driver name

ok phessler@ kettenis@ matthieu@
2019-02-18 02:41:24 +00:00
matthieu
5a9c7d77ed Call xf86OpenConsole() before probing for drivers.
On OpenBSD, we need the console fd to query wsdisplay type,
This was only causing problems with -keepPriv, since the privilege
separation code already calls xf86OpenConsole() earlier.
The function is idempotent, so there's no harm calling it
several times.
ok kettenis@
2019-01-03 19:31:25 +00:00
matthieu
aceb52e119 Explicitely disable xdm-authorization-1 support in X server.
It was previously disabled by a broken test for XdmcpWrap() in xdm and
later in xenodm but it won't be missed. (use of DES, no IPv6 support).
ok tb@ mortimer@
2018-11-03 14:05:28 +00:00
deraadt
d9d5fc591a Disable setuid on the X server. We have always known it is a trash fire
and we held out hope too long.  This will break some stuff.  Let's start
with non-setuid as the baseline, and see if it is worth trying to fix
the broken parts in some other way.
2018-10-25 21:55:18 +00:00
matthieu
2d6e93a5b7 MFC: Disable -logfile and -modulepath when running with elevated
privileges.  This Could cause arbitrary files overwrite.
CVE-2018-14665.
2018-10-25 15:44:27 +00:00
mestre
e897f28b00 xserver's priv proc is responsible for opening devices in O_RDWR mode and send
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.

positive feedback from semarie@, OK matthieu@
2018-10-25 06:41:25 +00:00
kettenis
8869fa7f9c Initialize PCI subsystem on arm64.
ok matthieu@
2018-08-20 21:48:55 +00:00
matthieu
e28c499980 Use priv_open_device() to open the dri device in glamor_dri3_open_client().
Fixes DRI3 with Xserver running as _x11 with xenodm.
close-on-exec is now default for priv_open_device().
ok kettenis@
2018-08-06 20:14:04 +00:00
matthieu
d9aef29941 set MSG_CMSG_CLOEXEC when receiving file descriptors.
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
2018-08-06 20:11:34 +00:00
jcs
65b51547fb setup WSMOUSE_TYPE_TOUCHPAD devices to use ws driver by default, but
allow them to work with xf86-input-synaptics

with and ok bru@
2018-07-30 16:00:39 +00:00
jcs
13d37ac4fa modesetting: setup colormap
Fixes utilities like xcalib

Upstream xorg commit ac138f9b31b0fba00742edbc3326afe66e28099a
ok matthieu
2018-04-19 14:52:34 +00:00
aoyama
55401507ab After updated to xserver 1.19.5, the con figure's default value of
--enable-glamor has changed from 'no' to 'auto'.
This makes an error running configure on luna88k, so disable it
explicitly with ${XENOCARA_BUILD_GL}=no machines.

ok jsg@
2018-03-15 10:02:36 +00:00
matthieu
857585fc69 Update to xserver 1.19.6. bug fix release 2018-02-18 17:16:37 +00:00
matthieu
6906cf1bc7 Remove code to pull softfloat libs.
It was needed at some point in the past, but doesn't compile and
isn't needed with clang. Reported by jsg@.
2018-01-20 12:25:26 +00:00
robert
b8144c0647 watch for events sent by drm(4) over kevent using EVFILT_DEVICE
and NOTE_CHANGE to notify the desktop environment to deal with
the change (e.g. after plugging in an HDMI cable)

with this change there is no need to manually do any randr commands
if your desktop environment supports it (gnome, mate, kde, etc.)

ok matthieu@, kettenis@
2018-01-15 15:30:36 +00:00
matthieu
1a66cad3fb Update to xserver 1.19.5.
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
bru
a6a6fd0c5a Use ws as default driver for touchpads.
ok matthieu@
2017-12-05 20:56:26 +00:00
matthieu
f51fea01a3 MFC: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) 2017-10-14 09:35:14 +00:00
matthieu
186982901a MFC: dbe: Unvalidated variable-length request in
ProcDbeGetVisualInfo (CVE-2017-12177)

v2: Protect against integer overflow (Alan Coopersmith)
2017-10-14 09:33:48 +00:00
matthieu
394a8aee54 MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
2017-10-14 09:32:30 +00:00
matthieu
74d10c412f MFC: Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer

[jcristau: originally this patch fixed the same issue as commit
211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the
addition of these checks]

This addresses CVE-2017-12179
2017-10-14 09:30:50 +00:00
matthieu
792e23cc09 MFC: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause
reading or swapping of values on heap behind the receive buffer.
2017-10-14 09:29:01 +00:00
matthieu
515a707d86 MFC: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
2017-10-14 09:24:30 +00:00
matthieu
d62483048a MFC: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
2017-10-14 09:22:49 +00:00