Commit Graph

66 Commits

Author SHA1 Message Date
matthieu
857585fc69 Update to xserver 1.19.6. bug fix release 2018-02-18 17:16:37 +00:00
matthieu
1a66cad3fb Update to xserver 1.19.5.
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
matthieu
515a707d86 MFC: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
2017-10-14 09:24:30 +00:00
matthieu
3b3c79f0b0 MFC: Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)

This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
2017-10-14 09:20:42 +00:00
matthieu
2f2a50b99b MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
2017-10-14 09:06:06 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
matthieu
6e1bcfb3c6 Update to xserver 1.18.4
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
e927c03e30 Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
4c6a4e1e00 Update to xserver 1.17.4.
tested by naddy@
2015-11-07 16:48:51 +00:00
matthieu
86ea9f12e2 Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ 2015-09-16 19:10:19 +00:00
kettenis
a77282edc7 Use __MAP_NOFAULT to map shared memory passed through file descriptors. This
completely avoids the risk of getting killed by a signal because the backing
storage isn't there.

Use the __-prefixed name for now, as we might still change the name.

ok deraadt@, matthieu@
2015-02-09 09:45:32 +00:00
matthieu
797ed93386 Protocol handling issues in X Window System servers
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
matthieu
1cfce7c208 Update to xserver 1.16.2 2014-11-22 08:33:45 +00:00
matthieu
4f58590a42 Update to xserver 1.16.1.
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
matthieu
3bbfe7b179 Update to xserver 1.15.1.
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
matthieu
8742d82e5a Update to xserver 1.14.5 2013-12-28 14:40:01 +00:00
kettenis
29c59cee22 Avoid timeouts of ULONG_MAX milliseconds. Stops the X server from crashing
with "select returned EINVAL" messages.

ok matthieu@
2013-12-15 11:31:09 +00:00
matthieu
511a911dd8 Update to xserver 1.14.4 2013-12-08 10:53:01 +00:00
matthieu
5ae225f39c Update to xserver 1.14.3 2013-09-28 15:36:30 +00:00
matthieu
577763cda7 Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ 2013-08-24 19:44:25 +00:00
matthieu
adec87cf5d Update to X server 1.14.1. Tested by many during t2k13. Thanks. 2013-06-07 17:28:45 +00:00
matthieu
e26a212fd0 Regen autotools build system with a clean environment.
It was previously generated with a config pointing to OpenBSD's libtool
which is not ready yet.
2012-10-27 14:52:25 +00:00
matthieu
58d9658ddc regen 2012-10-14 08:59:33 +00:00
matthieu
eb59960f12 regen autotools 2012-08-05 18:14:29 +00:00
matthieu
e60da74507 Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. 2012-06-10 13:21:05 +00:00
matthieu
9576ef223d Update to xserver 1.11.4. tested by krw@, shadchin@. 2012-01-31 07:52:35 +00:00
matthieu
4344ac3914 Bugfix Update to xserver 1.11.3 2011-12-18 16:08:59 +00:00
matthieu
61a7d5427d Update to xserver 1.11.2 2011-11-05 13:32:40 +00:00
matthieu
a4d630d049 regen 2011-06-29 19:57:45 +00:00
matthieu
4a238ea6a4 Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@ 2011-04-02 16:08:38 +00:00
matthieu
90f7a9841a Xext: fix test on extension number for the swapped case. 2011-04-01 21:24:37 +00:00
matthieu
dd56fb17b5 Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@
in various configurations.
2010-12-21 20:10:44 +00:00
matthieu
428261197a Upgrade to xorg-server 1.9.2.
Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations
including multihead with both zaphod and xrandr.
2010-12-05 15:36:02 +00:00
matthieu
d57b1a146f regen (yes lots of files, since util-macros has been updated). 2010-09-01 13:43:24 +00:00
matthieu
95d684a05b Update to xserver 1.8. Tested by many. Ok oga@, todd@. 2010-07-27 19:02:24 +00:00
matthieu
b855bc3cce cope with the xinerama headers cleanup. From xserver git repository. 2010-04-27 20:12:19 +00:00
matthieu
49012820cb Add a configure test for newer proto headers and use it to enable
building xserver 1.6 with those headers. ok oga@.
2010-04-13 19:54:46 +00:00
matthieu
8542099ff7 Update to server 1.6.5. 2009-10-31 14:09:43 +00:00
matthieu
88f6f3ea75 update to xserver 1.6.4rc1. Tested by many, ok oga@. 2009-09-06 19:44:18 +00:00
matthieu
60021fe985 xserver 1.5.2. tested by ckuethe@, oga@, and others. 2008-11-02 15:26:08 +00:00
matthieu
2e211b412b CVE-2008-1379 - MIT-SHM arbitrary memory read.
(This patch was missing form the bunch of security patches committed
on june 11. noticed by brad@).
2008-06-17 21:53:45 +00:00
matthieu
97eda17882 Update to xserver 1.4.2. Tested by landry@, ckuethe@, jsing@ mbalmer@. 2008-06-15 00:17:32 +00:00
matthieu
52218799b8 Fixes for various integer overflow problems from X.Org:
CVE-2008-2360 - RENDER Extension heap buffer overflow
CVE-2008-2361 - RENDER Extension crash
CVE-2008-2362 - RENDER Extension memory corruption
CVE-2008-1379 - MIT-SHM arbitrary memory read
CVE-2008-1377 - RECORD and Security extensions memory corruption
2008-06-11 15:39:26 +00:00
matthieu
48bc822959 regen. 2008-05-24 20:39:01 +00:00
matthieu
807e8fa566 Fix from X.Org repository: untrusted access broken in 7.3. 2008-02-20 21:29:42 +00:00
matthieu
192dfccc63 3rd try... CVE-2007-6429: Always test for size+offset wrapping. From X.Org. 2008-01-21 21:38:22 +00:00
matthieu
68a7d32fea Previous shm fix for CVE-2007-6429 was incorrect.
Don't spuriously reject <8bpp shm pixmaps. From X.Org repository.
2008-01-18 20:53:51 +00:00
matthieu
5215f23408 Fix from X.Org for CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows. 2008-01-17 15:43:43 +00:00
matthieu
af2f977c6b Fix from X.Org for CVE-2007-6428 - TOG-cup extension memory corruption. 2008-01-17 15:43:06 +00:00
matthieu
19e04f544a Fix from X.Org for CVE-2007-5958 - File existence disclosure. 2008-01-17 15:41:53 +00:00