Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
This adds the pid of the local clients to LocalLientCred.
ok espie@
|
|
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
|
|
ok matthieu@
|
|
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
|
|
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.
Fixes clang 11 build on mips64.
Input and OK jsg@
|
|
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git
originally from deraadt@
|
|
From Adam Jackson
f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git
avoids a large number of malloc(0) calls
ok deraadt@ who had almost the same diff
|
|
ok matthieu@ kettenis@
|
|
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
|
|
|
|
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.
ok claudio@ matthieu@
|
|
in case the X server is near the limit and only allow connections again if
there are resources freed up
this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit
with help from benno@, millert@, florian@
ok matthieu@, benno@
|
|
|
|
|
|
Avoid out of bounds memory accesses on too short requests.
ZDI-CAN 11572 / CVE-2020-14360
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
|
ZDI-CAN 11389 / CVE-2020-25712
Fix from Jan-Niklas Sohn working with Trend Micro.
|
|
fixes build breakage on alpha reported by deraadt@
|
|
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
|
|
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
|
|
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
|
|
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
|
|
CVE-2020-14347
This vulnerability was discovered and reported to X.Org by Jan-Niklas
Sohn working with Trend Micro Zero Day Initiative.
|
|
|
|
properly override our default behavior of stippled root.
no objection from deraadt and kettenis
|
|
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to by deraadt. ok kettenis@ deraadt@
|
|
|
|
upstream commit 364d64981549544213e2bca8de6ff8a5b2b5a69e
Fixes an issue in xserver 1.20 where some applications were loosing
focus. Naddy@ reported it appeards in SDL 1.2 games (burgerspace).
tested and ok naddy@
|
|
|
|
ok patrick@, jsg@
|
|
|
|
|
|
use it when running withour root privileges which prevents us from
scanning the PCI bus.
This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4),
radeondrm(4) and amdgpu(4). In some cases this will result in using a
different driver than with xenodm(4) which may expose issues (e.g. when
we prefer the intel Xorg driver) or loss of acceleration (e.g. older
cards supported by radeondrm(4)).
ok jsg@, matthieu@
|
|
ok matthieu@
|
|
ok matthieu@
|
|
This function removes too many modes, causing trouble with the vesa
driver at least. Problem reported by semarie@. Thanks.
|
|
Missed in previous commit.
|
|
They accumulated over releases for various reasons.
No build change.
|
|
|
|
ok deraadt
|
|
OK matthieu@
|
|
xfree86: Hold input_lock across SPRITE functions in VGA arbiter
Fixes stack overflow crash with VGA arbiter used with multi GPU systems.
Report and fix identified by 'Joe M' on misc@. ok matthieu@
|
|
This prevents kbd(8) layouts with particular bitmasks from being
wrongly detected as French.
Broken behavior reported by Diogo Galvao; thanks!
ok mpi@ matthieu@
|
|
|
|
the modesetting driver uses these to pick a dri driver name
ok phessler@ kettenis@ matthieu@
|
|
On OpenBSD, we need the console fd to query wsdisplay type,
This was only causing problems with -keepPriv, since the privilege
separation code already calls xf86OpenConsole() earlier.
The function is idempotent, so there's no harm calling it
several times.
ok kettenis@
|
|
It was previously disabled by a broken test for XdmcpWrap() in xdm and
later in xenodm but it won't be missed. (use of DES, no IPv6 support).
ok tb@ mortimer@
|
|
and we held out hope too long. This will break some stuff. Let's start
with non-setuid as the baseline, and see if it is worth trying to fix
the broken parts in some other way.
|