Commit Graph

397 Commits

Author SHA1 Message Date
matthieu
5a9c7d77ed Call xf86OpenConsole() before probing for drivers.
On OpenBSD, we need the console fd to query wsdisplay type,
This was only causing problems with -keepPriv, since the privilege
separation code already calls xf86OpenConsole() earlier.
The function is idempotent, so there's no harm calling it
several times.
ok kettenis@
2019-01-03 19:31:25 +00:00
matthieu
aceb52e119 Explicitely disable xdm-authorization-1 support in X server.
It was previously disabled by a broken test for XdmcpWrap() in xdm and
later in xenodm but it won't be missed. (use of DES, no IPv6 support).
ok tb@ mortimer@
2018-11-03 14:05:28 +00:00
deraadt
d9d5fc591a Disable setuid on the X server. We have always known it is a trash fire
and we held out hope too long.  This will break some stuff.  Let's start
with non-setuid as the baseline, and see if it is worth trying to fix
the broken parts in some other way.
2018-10-25 21:55:18 +00:00
matthieu
2d6e93a5b7 MFC: Disable -logfile and -modulepath when running with elevated
privileges.  This Could cause arbitrary files overwrite.
CVE-2018-14665.
2018-10-25 15:44:27 +00:00
mestre
e897f28b00 xserver's priv proc is responsible for opening devices in O_RDWR mode and send
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.

positive feedback from semarie@, OK matthieu@
2018-10-25 06:41:25 +00:00
kettenis
8869fa7f9c Initialize PCI subsystem on arm64.
ok matthieu@
2018-08-20 21:48:55 +00:00
matthieu
e28c499980 Use priv_open_device() to open the dri device in glamor_dri3_open_client().
Fixes DRI3 with Xserver running as _x11 with xenodm.
close-on-exec is now default for priv_open_device().
ok kettenis@
2018-08-06 20:14:04 +00:00
matthieu
d9aef29941 set MSG_CMSG_CLOEXEC when receiving file descriptors.
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
2018-08-06 20:11:34 +00:00
jcs
65b51547fb setup WSMOUSE_TYPE_TOUCHPAD devices to use ws driver by default, but
allow them to work with xf86-input-synaptics

with and ok bru@
2018-07-30 16:00:39 +00:00
jcs
13d37ac4fa modesetting: setup colormap
Fixes utilities like xcalib

Upstream xorg commit ac138f9b31b0fba00742edbc3326afe66e28099a
ok matthieu
2018-04-19 14:52:34 +00:00
aoyama
55401507ab After updated to xserver 1.19.5, the con figure's default value of
--enable-glamor has changed from 'no' to 'auto'.
This makes an error running configure on luna88k, so disable it
explicitly with ${XENOCARA_BUILD_GL}=no machines.

ok jsg@
2018-03-15 10:02:36 +00:00
matthieu
857585fc69 Update to xserver 1.19.6. bug fix release 2018-02-18 17:16:37 +00:00
matthieu
6906cf1bc7 Remove code to pull softfloat libs.
It was needed at some point in the past, but doesn't compile and
isn't needed with clang. Reported by jsg@.
2018-01-20 12:25:26 +00:00
robert
b8144c0647 watch for events sent by drm(4) over kevent using EVFILT_DEVICE
and NOTE_CHANGE to notify the desktop environment to deal with
the change (e.g. after plugging in an HDMI cable)

with this change there is no need to manually do any randr commands
if your desktop environment supports it (gnome, mate, kde, etc.)

ok matthieu@, kettenis@
2018-01-15 15:30:36 +00:00
matthieu
1a66cad3fb Update to xserver 1.19.5.
Tested by bru@, jsg@ and others
2017-12-08 15:01:59 +00:00
bru
a6a6fd0c5a Use ws as default driver for touchpads.
ok matthieu@
2017-12-05 20:56:26 +00:00
matthieu
f51fea01a3 MFC: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) 2017-10-14 09:35:14 +00:00
matthieu
186982901a MFC: dbe: Unvalidated variable-length request in
ProcDbeGetVisualInfo (CVE-2017-12177)

v2: Protect against integer overflow (Alan Coopersmith)
2017-10-14 09:33:48 +00:00
matthieu
394a8aee54 MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
2017-10-14 09:32:30 +00:00
matthieu
74d10c412f MFC: Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer

[jcristau: originally this patch fixed the same issue as commit
211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the
addition of these checks]

This addresses CVE-2017-12179
2017-10-14 09:30:50 +00:00
matthieu
792e23cc09 MFC: Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause
reading or swapping of values on heap behind the receive buffer.
2017-10-14 09:29:01 +00:00
matthieu
515a707d86 MFC: hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
2017-10-14 09:24:30 +00:00
matthieu
d62483048a MFC: xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
2017-10-14 09:22:49 +00:00
matthieu
3b3c79f0b0 MFC: Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)

This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
2017-10-14 09:20:42 +00:00
matthieu
fe08a081d8 MFC: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
matthieu
9b9efb1bdf MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
2017-10-14 09:15:11 +00:00
matthieu
fd77a34918 MFC: xkb: Escape non-printable characters correctly
XkbStringText escapes non-printable characters using octal numbers.
Such escape sequence would be at most 5 characters long ("\0123"), so
it reserves 5 bytes in the buffer. Due to char->unsigned int
conversion, it would print much longer string for negative numbers.
2017-10-14 09:12:44 +00:00
matthieu
2f2a50b99b MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
2017-10-14 09:06:06 +00:00
matthieu
c6ab499027 Force Intel Ironlake chipsets to use the xf86-video-intel driver.
stsp@ reported that modesetting(4) has been reported unreliable
on his laptop, while intel(4) works.

XXXX to be removed after 6.2 to figure out and fix the issue.

ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon.
2017-09-25 15:05:57 +00:00
matthieu
b8da768ee9 Disable SSE optimizations on i386/amd64 for SlowBcopy.
It is supposed to be slow, and when such instructions are used to copy
data from/to mapped video memory, some hypervisors (e.g. KVM,
Microsoft Hyper-V) can generate SIGILL or SIGBUS exceptions, causing
Xorg to crash.

Bug report to OpenBSD by Max Parmer, fix from FreeBSD (Dimitry Andric)
via kettenis@

ok kettenis@
2017-08-07 19:17:56 +00:00
kettenis
38475bb3b2 Create on OpenBSD-specific version of listPossibleVideoDrivers() that takes
care of autoconfiguration based on the information returned by the
WSDISPLAYIO_GTYPE ioctl of the console FD.  This should fix selection of
wsfb on loongson and sgi when using a non-KMS kernel driver.

ok matthieu@, jsg@
2017-08-07 12:30:34 +00:00
kettenis
d74e2cb101 Use the modesetting driver by default on 4th generation Intel Graphics and
later.  This matches what several Linux distros do these days as it tends to
work better than the intel driver in most cases.

There are some performance issues with vncviewer on at least Ivy Bridge and
Haswell.  But for now that regression outweighs the benefits.

ok robert@, tedu@, sthen@
2017-07-14 11:38:05 +00:00
kettenis
11bfbfff1e Add code to update the value of the RandR "Backlight" property based on the
KMS connector property of the same name if such a property is present.

ok matthieu@
2017-07-12 20:08:07 +00:00
matthieu
1862f5487a Merge upstream fixes to the X event swapping code.
(CVE-2017-10971 and CVE-2017-10972).
2017-07-07 06:22:19 +00:00
visa
55a8e552e5 Make X work with radeondrm(4) hardware on loongson.
OK jsg@
2017-05-21 13:18:29 +00:00
jsg
f372d76f12 make xserver build on arm64
ok matthieu@
2017-03-07 03:40:33 +00:00
matthieu
2666ed3f9e Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on
the xorg-devel list. Thanks
2017-03-01 19:22:36 +00:00
matthieu
da8f098a38 Oops, in previous commit I forgot to remove the actual implementation
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list.  Thanks.
2017-02-28 23:05:46 +00:00
matthieu
5d64bd18eb regen 2017-02-28 18:33:44 +00:00
matthieu
e087a236fc auth: remove AuthToIDFunc and associated functions. Not used anymore.
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
2017-02-28 18:32:53 +00:00
matthieu
eb3d247766 MFC: Use arc4random_buf(3) if available to generate cookies.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541 MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
deraadt
13cbbbd6c0 ignore chown error (for systems which don't install a Xserver) 2016-10-04 19:48:48 +00:00
matthieu
8587a95e4f fix the ownership of the link /usr/X11R6/bin/X -> Xorg 2016-10-02 17:21:29 +00:00
matthieu
b9d0c0fb7c Fix a bunch of gcc warnings.
- constify name field
- rename devname -> devnam
- replace deprecated Xprintf() with asprintf()
2016-09-12 21:57:14 +00:00
matthieu
595a0e50e5 sys/select.h -> sys/time.h 2016-09-12 21:46:25 +00:00
matthieu
d2533042e8 Fix build after headers cleanup.
include wscons headers after sys/ioct.h and sys/select.h
with deraadt@ and kettenis@
2016-09-12 21:44:30 +00:00
guenther
8113144b81 Remove zaurus keyboard model
ok matthieu@
2016-09-03 14:58:02 +00:00
matthieu
ee65902dd0 Kill remaining HP300 bits 2016-08-13 14:05:23 +00:00