Age | Commit message (Collapse) | Author |
|
DRM_IOCTL_GET_PCIINFO ioctl.
ok kettenis@
|
|
DRM_IOCTL_GET_PCIINFO ioctl.
ok kettenis@
|
|
Always return DRM_BUS_PCI for now. No non-pci drm drivers are in the
kernel and this is unlikely to change anytime soon as the existing ones
aren't permissively licensed.
ok kettenis@
|
|
drm_get_device_name_for_fd() from the Mesa loader.
ok kettenis@
|
|
chowned instead of only the symlink.
no objections matthieu
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok matthieu@
|
|
This will give applications using this library the same X cursor search path
as the ones that use the legacy libXcursor.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now Subpixel hinting, also known as ClearType hinting, is enabled
by default.
OK matthieu@
|
|
to avoid using it on powerpc from Mesa.
Tested by matthieu@ on macppc.
|
|
|
|
|
|
|
|
|
|
This prevents autotools to try to rebuild themselve automagically
if configure.ac, Makefile.am or a few other have more recent time
stamps than the generated files.
It will allows to get rid of the NO_REORDER mechanism that touches
files in the source tree to ensure nothing gets rebuilt.
|
|
This is no longer needed and gets in the way of tightening
permission used during build. ok and suggestions natano@
|
|
|
|
without installed headers.
|
|
of the makekeys util. This means it's also rebuilt during install. First
as root during build, later by the BUILDUSER during release, which won't
be able to rewrite it, because it's now owned by root. With this result:
override rw-r--r-- root/wheel for ks_tables.h?
One step closer towards noperm release builds for xenocara.
ok matthieu
|
|
|
|
libGLw and libepoxy .pc files rather than manually generating them
as root in postinstall. Spotted by natano@ ok natano@.
|
|
|
|
If an empty string is received from an x-server, do not underrun the
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
up being -1.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
The Xv query functions for adaptors and encodings suffer from out of boundary
accesses if a hostile X server sends a maliciously crafted response.
A previous fix already checks the received length against fixed values but
ignores additional length specifications which are stored inside the received
data.
These lengths are accessed in a for-loop. The easiest way to guarantee a
correct processing is by validating all lengths against the remaining size
left before accessing referenced memory.
This makes the previously applied check obsolete, therefore I removed it.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
A lack of range checks in libXtst allows out of boundary accesses.
The checks have to be done in-place here, because it cannot be done
without in-depth knowledge of the read data.
If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
without a client sequence have attached data, an endless loop would
occur. The do-while-loop continues until the current index reaches
the end. But in these cases, the current index would not be
incremented, leading to an endless processing.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
Individual lengths inside received server data can overflow
the previously reserved memory.
It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.
The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|
|
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
|