matthieu
eb3d247766
MFC: Use arc4random_buf(3) if available to generate cookies.
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541
MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
...
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72
regen
2016-10-11 22:14:30 +00:00
matthieu
6e1bcfb3c6
Update to xserver 1.18.4
...
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
e927c03e30
Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
...
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
f7d98a310c
pledge(2) for the X server privileged process. ok deraadt@
2015-11-11 21:07:49 +00:00
matthieu
4c6a4e1e00
Update to xserver 1.17.4.
...
tested by naddy@
2015-11-07 16:48:51 +00:00
matthieu
86ea9f12e2
Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@
2015-09-16 19:10:19 +00:00
matthieu
3e477e765c
Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option.
...
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date: Fri Sep 12 11:33:48 2014 -0700
os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]
This disables the tcp listen socket by default. Then, it
uses a new xtrans interface, TRANS(Listen), to provide a command line
option to re-enable those if desired.
v2: Leave unix socket enabled by default. Add configure options.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2015-06-20 10:03:56 +00:00
matthieu
5b19f6d757
Update to xserver 1.16.4.
...
Contains fix for CVE-2015-0255. ok dcoppa@
2015-02-11 20:58:46 +00:00
matthieu
7db4642f69
Update to xorg-server 1.16.3.
...
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
2014-12-21 11:41:44 +00:00
matthieu
797ed93386
Protocol handling issues in X Window System servers
...
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
matthieu
d1b6c6dea7
No more /dev/agp0
2014-10-18 14:39:40 +00:00
matthieu
64609bb78a
white space diff redux
2014-09-28 10:01:52 +00:00
matthieu
4f58590a42
Update to xserver 1.16.1.
...
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
matthieu
3bbfe7b179
Update to xserver 1.15.1.
...
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
matthieu
511a911dd8
Update to xserver 1.14.4
2013-12-08 10:53:01 +00:00
matthieu
577763cda7
Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@
2013-08-24 19:44:25 +00:00
kettenis
a9e4debd4a
Handle more /dev/drmN devices.
...
ok matthieu@, jsg@
2013-08-13 18:14:31 +00:00
matthieu
adec87cf5d
Update to X server 1.14.1. Tested by many during t2k13. Thanks.
2013-06-07 17:28:45 +00:00
matthieu
e26a212fd0
Regen autotools build system with a clean environment.
...
It was previously generated with a config pointing to OpenBSD's libtool
which is not ready yet.
2012-10-27 14:52:25 +00:00
matthieu
58d9658ddc
regen
2012-10-14 08:59:33 +00:00
matthieu
1c882161e8
In priv_open_device() allow opening tty[E-J]0. While there remove
...
ttyD[1-7] from the list, since those devices will never get used by X.
2012-08-14 15:57:57 +00:00
matthieu
1996326d50
Fix a logic introducred in rev 1.23. The parent pid is initialized
...
by the main X server too late in the privsep case (already in the
unpriviliged child). So keep the early init for this case.
2012-08-12 14:06:42 +00:00
matthieu
5f8132e311
Add privsep prototypes to osdep.h
2012-08-07 20:16:12 +00:00
matthieu
c7c0180b4c
In non-privilege sepration mode, avoid accidentally sending
...
a SIGUSR1 signal to init(8).
It can happen that xdm dies before the X server that it started.
In that case X's is reparented by init...
This is handled correctly when privilege separation is not compiled
but got overlooked in the privilege separation case.
2012-08-07 20:15:23 +00:00
matthieu
4f2bf5df6d
Rename 'socket' parameter to avoid shadowing the global declaration.
2012-08-07 20:13:18 +00:00
matthieu
eb59960f12
regen autotools
2012-08-05 18:14:29 +00:00
matthieu
e60da74507
Update to xserver 1.12.2. tested by naddy@, krw@, mpi@.
2012-06-10 13:21:05 +00:00
matthieu
b4a75b3e96
Return an error much earlier if recvmsg fails.
2012-04-04 20:34:55 +00:00
matthieu
9576ef223d
Update to xserver 1.11.4. tested by krw@, shadchin@.
2012-01-31 07:52:35 +00:00
matthieu
4344ac3914
Bugfix Update to xserver 1.11.3
2011-12-18 16:08:59 +00:00
matthieu
61a7d5427d
Update to xserver 1.11.2
2011-11-05 13:32:40 +00:00
matthieu
a05754665a
Fix CVE-2011-4028: File disclosure vulnerability.
...
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.
Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
2011-10-18 14:58:36 +00:00
matthieu
b9f30b39b5
Remove warnings emitted when a device can't be opened. This
...
is just noise and now happens while the X autoconfiguration
code probes all /dev/wsmouse<n> devices.
If the error matters, the driver will emit a proper error
nevertheless.
2011-08-20 17:30:37 +00:00
matthieu
a4d630d049
regen
2011-06-29 19:57:45 +00:00
matthieu
4a238ea6a4
Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@
2011-04-02 16:08:38 +00:00
matthieu
3870417379
restart recvmsg() if returning with errno==EINTR.
...
Fixes a crash on server reset on some machines.
Code inspired by ssh, with feedback from guenther@ and millert@
ok guenther@ miod@
2011-01-28 19:37:55 +00:00
matthieu
55b9b068ae
Bring fix from rev 1.12 back once more. ok oga@.
2010-12-22 21:36:05 +00:00
matthieu
dd56fb17b5
Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@
...
in various configurations.
2010-12-21 20:10:44 +00:00
matthieu
428261197a
Upgrade to xorg-server 1.9.2.
...
Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations
including multihead with both zaphod and xrandr.
2010-12-05 15:36:02 +00:00
matthieu
d57b1a146f
regen (yes lots of files, since util-macros has been updated).
2010-09-01 13:43:24 +00:00
matthieu
95d684a05b
Update to xserver 1.8. Tested by many. Ok oga@, todd@.
2010-07-27 19:02:24 +00:00
matthieu
49012820cb
Add a configure test for newer proto headers and use it to enable
...
building xserver 1.6 with those headers. ok oga@.
2010-04-13 19:54:46 +00:00
matthieu
0026b7ed04
restore version 1.12 of privsep.c which got accidentally reverted
...
by my xserver 1.6 merge. noticed by oga@
2009-09-08 19:52:26 +00:00
matthieu
88f6f3ea75
update to xserver 1.6.4rc1. Tested by many, ok oga@.
2009-09-06 19:44:18 +00:00
oga
251e57a556
Make the !privsep and privsep paths a little more similar (still
...
checking the list), this allows drm to work in -keepPriv situations.
This diff has been in my tree awaiting proper testing for months, now
i'm sure it works correctly in it goes.
ok matthieu@ an aeon ago.
2009-07-14 18:25:16 +00:00
matthieu
8d98f5900d
regen
2009-01-12 20:18:51 +00:00
matthieu
369cc172f4
Update to xserver 1.5.3 + latests commits on server-1.5-branch.
...
tested by stsp@, david@, form@, ckuethe@, oga@. thanks.
2009-01-12 20:17:47 +00:00
matthieu
60021fe985
xserver 1.5.2. tested by ckuethe@, oga@, and others.
2008-11-02 15:26:08 +00:00