summaryrefslogtreecommitdiff
path: root/xserver
AgeCommit message (Collapse)Author
2024-04-27Update to xserver 21.1.13.Matthieu Herrb
2024-04-07Update to xserver 21.1.12Matthieu Herrb
The security patches were already commited, sync with the rest of the 21.1.12 relase.
2024-04-07The DMX extension was removed in xserver 21.1.Matthieu Herrb
2024-04-03Fix refcounting of glyphs during ProcRenderAddGlyphs() (CVE-2024-31083)Matthieu Herrb
2024-04-03Need to use unswapped length to send reply inMatthieu Herrb
ProcXIGetSelectedEvents() (CVE-2024-31080) and ProcXiPassiveGrabDevice() (CVE-2024-31081)
2024-01-28Update to xserver 21.1.11.Matthieu Herrb
All the security fixes have already been committed.
2024-01-19WSDISPLAY_TYPE_RKDRM was renamed to WSDISPLAY_TYPE_KMSMark Kettenis
2024-01-16Multiple issues have been found in the X server and XwaylandMatthieu Herrb
implementations: 1) CVE-2023-6816 can be triggered by passing an invalid array index to DeviceFocusEvent or ProcXIQueryPointer. 2) CVE-2024-0229 can be triggered if a device has both a button and a key class and zero buttons. 3) CVE-2024-21885 can be triggered if a device with a given ID was removed and a new device with the same ID added both in the same operation. 4) CVE-2024-21886 can be triggered by disabling a master device with disabled slave devices. 5) CVE-2024-0409 can be triggered by enabling SELinux xserver_object_manager and running a client. 6) CVE-2024-0408 can be triggered by enabling SELinux xserver_object_manager and creating a GLX PBuffer.
2024-01-07Update xserver to 21.1.10.Matthieu Herrb
The security fixes have already been committed.
2023-12-13The previous fix from X.Org was incorrect. This fixes it.Matthieu Herrb
Xi: allocate enough XkbActions for our buttons CVE-2023-6377
2023-12-13randr: avoid integer truncation in length check of ProcRRChange*PropertyMatthieu Herrb
CVE-2023-6478
2023-12-13Xi: allocate enough XkbActions for our buttonsMatthieu Herrb
CVE-2023-6377
2023-10-29Update to xserver 21.1.9.Matthieu Herrb
All the security patches have already been committed. Udated autoconf to 2.71 explains the large build infrastructure diff.
2023-10-25Fix several input validation errors in the X serverMatthieu Herrb
CVE-2023-5367 CVE-2023-5380 CVE-2023-5574
2023-09-20Fix out of bounds write in glamor_xv_query_image_attributes for NV12Matthieu Herrb
image format. This is a format with num_planes == 2, so we have only 2 elements in offsets[] and pitches[]. Bug found by otto@ using his strict malloc checking.
2023-09-08Revert previous:Matthieu Herrb
unbreak build with clang-16 by fixing up function definitions to match the whole CARD64 vs uint64_t issue needs more thinking. Suggested by kettenis@
2023-09-06unbreak build with clang-16 by fixing up function definitions to matchRobert Nagy
our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long so the function pointer types in both glamor and xf86-video-amdgpu were mismatched and clang-16 treats that as an error ok matthieu@
2023-08-12Make sure we don't close(-1); buglet introduced in 1.26.Miod Vallat
ok matthieu@
2023-05-01Merge X server 21.1.8. tested by kn@ and op@.Matthieu Herrb
2023-03-29composite: Fix use-after-free of the COWMatthieu Herrb
CVE-2023-1393, ZDI-CAN-19866
2023-02-07Xi: fix use-after-free in DeepCopyPointerClassesMatthieu Herrb
CVE-2023-0494, ZDI-CAN-19596
2023-01-22Merge xserver 21.1.6.Matthieu Herrb
Includes a few fixes to the security patches already committed.
2023-01-22Add back the meson build system to xserver.Matthieu Herrb
Not having those file only create noise when merging upstream releases.
2022-12-14Fix serveral X server input validation errors that can cause varios issues:Matthieu Herrb
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free * CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access * CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
2022-11-11Don't crash if the client argv or argv[0] is NULL.Matthieu Herrb
Report from bauerm at pestilenz dot org. With help from and ok millert@
2022-08-31Update xserver to version 21.1.4.Matthieu Herrb
The security patches were already committed as part of july 24 errata. This brings a few other bug fixes. Tested by Walter Alejandro Iglesias.
2022-07-12MFC: Multiple input validation failures in X server extensionsMatthieu Herrb
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
2022-02-20Sync with xorg-server 21.1.3.Matthieu Herrb
This does *not* include the commit that reverts the new computation of the screen resolution from dimensions returned by the screen since many of you told they prefer the new behaviour from 21.1.1. This is going to be discussed again before 7.1
2022-02-03remove 0x2972 from the intel gen 2 and 3 listJonathan Gray
0x2972 is 946GZ which is gen 4
2021-12-27Recommit: compiler.h: don't define inb/outb and friends on mipsVisa Hankala
From Julien Cristau 0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git without arm_video.c changes. OK matthieu@
2021-12-14render: Fix out of bounds access in SProcRenderCompositeGlyphs()Matthieu Herrb
ZDI-CAN-14192, CVE-2021-4008
2021-12-14Xext: Fix out of bounds access in SProcScreenSaverSuspend()Matthieu Herrb
ZDI-CAN-14951, CVE-2021-4010
2021-12-14xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()Matthieu Herrb
ZDI-CAN-14950, CVE-2021-4009
2021-12-14record: Fix out of bounds access in SwapCreateRegister()Matthieu Herrb
ZDI-CAN-14952, CVE-2021-4011
2021-12-06when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out ofMatthieu Herrb
bounds read. White-space fix and ok jsg@
2021-12-06Initialize mode->name for modes generated by libxcvt.Matthieu Herrb
ok jsg@ on the upstream merge request.
2021-12-03don't free uninitialised pointers in glamorJonathan Gray
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the modesetting driver on amd64 would cause the xserver to reliably crash. problem introduced upstream in 2906ee5e4 ("glamor: Fix leak in glamor_build_program()") which was backported to the 1.21 branch. ok matthieu@
2021-11-17Use the InternalEvent event structure in more places in events handlers.Matthieu Herrb
This fixes a crash when a DeviceEvent struct converted to InteralEvent was beeing copied as InternalEvent (and thus causing out of bounds reads) in ActivateGrabNoDelivery()
2021-11-11Update to xserver 21.1.1Matthieu Herrb
2021-11-11Update to xserver 21.1.0Matthieu Herrb
2006-11-26Importing xserver from X.Org 7.2RC2Matthieu Herrb
2006-11-26Importing xserver from X.Org 7.2RC2Matthieu Herrb
2021-09-06missing pathnames on unveil() errorTheo de Raadt
2021-09-03Update to xserver 1.20.13.Matthieu Herrb
2021-08-11GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid()Matthieu Herrb
This adds the pid of the local clients to LocalLientCred. ok espie@
2021-06-30Close the console fd after probing if it's a wscons, even it fails.Matthieu Herrb
This avoids keeping an open file descriptor on machines where /dev/console is not a wsdisplay device.
2021-06-15Initial attempt to build xserver for riscv64Dale Rahn
ok matthieu@
2021-04-13Fix XChangeFeedbackControl() request underflow.Matthieu Herrb
CVE-2021-3472 / ZDI-CAN-1259 Reported by Jan-Niklas Sohn via Trend Micro.
2021-03-13compiler.h: don't define inb/outb and friends on mipsVisa Hankala
From Julien Cristau 0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git without arm_video.c changes. Fixes clang 11 build on mips64. Input and OK jsg@
2021-03-13Avoid sequences of malloc(0) / free() by checking the length.Matthieu Herrb
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git originally from deraadt@