Commit Graph

82 Commits

Author SHA1 Message Date
matthieu
eb3d247766 MFC: Use arc4random_buf(3) if available to generate cookies.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541 MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
matthieu
6e1bcfb3c6 Update to xserver 1.18.4
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
e927c03e30 Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
f7d98a310c pledge(2) for the X server privileged process. ok deraadt@ 2015-11-11 21:07:49 +00:00
matthieu
4c6a4e1e00 Update to xserver 1.17.4.
tested by naddy@
2015-11-07 16:48:51 +00:00
matthieu
86ea9f12e2 Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ 2015-09-16 19:10:19 +00:00
matthieu
3e477e765c Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option.
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date:   Fri Sep 12 11:33:48 2014 -0700

    os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]

    This disables the tcp listen socket by default. Then, it
    uses a new xtrans interface, TRANS(Listen), to provide a command line
    option to re-enable those if desired.

    v2: Leave unix socket enabled by default. Add configure options.

    Signed-off-by: Keith Packard <keithp@keithp.com>
    Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2015-06-20 10:03:56 +00:00
matthieu
5b19f6d757 Update to xserver 1.16.4.
Contains fix for CVE-2015-0255. ok dcoppa@
2015-02-11 20:58:46 +00:00
matthieu
7db4642f69 Update to xorg-server 1.16.3.
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
2014-12-21 11:41:44 +00:00
matthieu
797ed93386 Protocol handling issues in X Window System servers
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
2014-12-09 17:58:52 +00:00
matthieu
d1b6c6dea7 No more /dev/agp0 2014-10-18 14:39:40 +00:00
matthieu
64609bb78a white space diff redux 2014-09-28 10:01:52 +00:00
matthieu
4f58590a42 Update to xserver 1.16.1.
Tested by naddy@, jsg@ & kettenis@
2014-09-27 17:52:59 +00:00
matthieu
3bbfe7b179 Update to xserver 1.15.1.
Tested by at least ajacoutot@, dcoppa@ & jasper@
2014-05-02 19:27:46 +00:00
matthieu
511a911dd8 Update to xserver 1.14.4 2013-12-08 10:53:01 +00:00
matthieu
577763cda7 Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ 2013-08-24 19:44:25 +00:00
kettenis
a9e4debd4a Handle more /dev/drmN devices.
ok matthieu@, jsg@
2013-08-13 18:14:31 +00:00
matthieu
adec87cf5d Update to X server 1.14.1. Tested by many during t2k13. Thanks. 2013-06-07 17:28:45 +00:00
matthieu
e26a212fd0 Regen autotools build system with a clean environment.
It was previously generated with a config pointing to OpenBSD's libtool
which is not ready yet.
2012-10-27 14:52:25 +00:00
matthieu
58d9658ddc regen 2012-10-14 08:59:33 +00:00
matthieu
1c882161e8 In priv_open_device() allow opening tty[E-J]0. While there remove
ttyD[1-7] from the list, since those devices will never get used by X.
2012-08-14 15:57:57 +00:00
matthieu
1996326d50 Fix a logic introducred in rev 1.23. The parent pid is initialized
by the main X server too late in the privsep case (already in the
unpriviliged child). So keep the early init for this case.
2012-08-12 14:06:42 +00:00
matthieu
5f8132e311 Add privsep prototypes to osdep.h 2012-08-07 20:16:12 +00:00
matthieu
c7c0180b4c In non-privilege sepration mode, avoid accidentally sending
a SIGUSR1 signal to init(8).

It can happen that xdm dies before the X server that it started.
In that case X's is reparented by init...

This is handled correctly when privilege separation is not compiled
but got overlooked in the privilege separation case.
2012-08-07 20:15:23 +00:00
matthieu
4f2bf5df6d Rename 'socket' parameter to avoid shadowing the global declaration. 2012-08-07 20:13:18 +00:00
matthieu
eb59960f12 regen autotools 2012-08-05 18:14:29 +00:00
matthieu
e60da74507 Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. 2012-06-10 13:21:05 +00:00
matthieu
b4a75b3e96 Return an error much earlier if recvmsg fails. 2012-04-04 20:34:55 +00:00
matthieu
9576ef223d Update to xserver 1.11.4. tested by krw@, shadchin@. 2012-01-31 07:52:35 +00:00
matthieu
4344ac3914 Bugfix Update to xserver 1.11.3 2011-12-18 16:08:59 +00:00
matthieu
61a7d5427d Update to xserver 1.11.2 2011-11-05 13:32:40 +00:00
matthieu
a05754665a Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.

Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
2011-10-18 14:58:36 +00:00
matthieu
b9f30b39b5 Remove warnings emitted when a device can't be opened. This
is just noise and now happens while the X autoconfiguration
code probes all /dev/wsmouse<n> devices.
If the error matters, the driver will emit a proper error
nevertheless.
2011-08-20 17:30:37 +00:00
matthieu
a4d630d049 regen 2011-06-29 19:57:45 +00:00
matthieu
4a238ea6a4 Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@ 2011-04-02 16:08:38 +00:00
matthieu
3870417379 restart recvmsg() if returning with errno==EINTR.
Fixes a crash on server reset on some machines.
Code inspired by ssh, with feedback from guenther@ and millert@
ok guenther@ miod@
2011-01-28 19:37:55 +00:00
matthieu
55b9b068ae Bring fix from rev 1.12 back once more. ok oga@. 2010-12-22 21:36:05 +00:00
matthieu
dd56fb17b5 Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@
in various configurations.
2010-12-21 20:10:44 +00:00
matthieu
428261197a Upgrade to xorg-server 1.9.2.
Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations
including multihead with both zaphod and xrandr.
2010-12-05 15:36:02 +00:00
matthieu
d57b1a146f regen (yes lots of files, since util-macros has been updated). 2010-09-01 13:43:24 +00:00
matthieu
95d684a05b Update to xserver 1.8. Tested by many. Ok oga@, todd@. 2010-07-27 19:02:24 +00:00
matthieu
49012820cb Add a configure test for newer proto headers and use it to enable
building xserver 1.6 with those headers. ok oga@.
2010-04-13 19:54:46 +00:00
matthieu
0026b7ed04 restore version 1.12 of privsep.c which got accidentally reverted
by my xserver 1.6 merge. noticed by oga@
2009-09-08 19:52:26 +00:00
matthieu
88f6f3ea75 update to xserver 1.6.4rc1. Tested by many, ok oga@. 2009-09-06 19:44:18 +00:00
oga
251e57a556 Make the !privsep and privsep paths a little more similar (still
checking the list), this allows drm to work in -keepPriv situations.

This diff has been in my tree awaiting proper testing for months, now
i'm sure it works correctly in it goes.

ok matthieu@ an aeon ago.
2009-07-14 18:25:16 +00:00
matthieu
8d98f5900d regen 2009-01-12 20:18:51 +00:00
matthieu
369cc172f4 Update to xserver 1.5.3 + latests commits on server-1.5-branch.
tested by stsp@, david@, form@, ckuethe@, oga@. thanks.
2009-01-12 20:17:47 +00:00
matthieu
60021fe985 xserver 1.5.2. tested by ckuethe@, oga@, and others. 2008-11-02 15:26:08 +00:00