OpenBSD X11 changes summary for 2016-10-02 to 2016-10-09 inclusive ==================================================================
3RDPARTY MODULES Makefile app data dist distrib driver font lib xserver == 3RDPARTY ========================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/3RDPARTY 3RDPARTY > update (matthieu@) > update (shadchin@) == MODULES =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/MODULES MODULES > update (matthieu@) == Makefile ========================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/Makefile Makefile > Set owner and group of the mandoc.db, the xetcsum file for sysmerge > and of the app-defaults symlink. Needed for noperm release. > ok matthieu (tb@) == app =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/app app ~ xdm/Makefile.bsd-wrapper > Explicitly set the owner of the shell scripts in etc/X11/xdm and of the > chooser and xdm binaries to BINOWN:BINGRP. Needed for noperm release. > ok mathieu (tb@) ~ cwm/client.c ~ cwm/kbfunc.c ~ cwm/xevents.c > client_ptrwarp should not deal with unhiding or raising clients (non ptr > requests); most callers do this already - deal with the few that do not. > client_ptrwarp becomes a simple wrapper (setpos) but it will be expanded. > (okan@) ~ cwm/kbfunc.c ~ cwm/mousefunc.c > For both kb and mouse move, it is possible to grab a client and move it > completely off the screen/region; instead, if the pointer is outside of > the client bounds, warp the pointer to the closest edge before moving. > (okan@) ~ cwm/calmwm.h ~ cwm/client.c ~ cwm/conf.c ~ cwm/parse.y > Defaults are split between defines and conf_init(); normalize these, as > well as give 'sticky' groups its own variable. (okan@) ~ cwm/calmwm.h ~ cwm/conf.c ~ cwm/menu.c > Start simplifying menu code; and in turn, remove a cursor no longer > needed. (okan@) ~ cwm/calmwm.h ~ cwm/conf.c ~ cwm/group.c ~ cwm/screen.c ~ cwm/xutil.c > Turn CALMWM_NGROUPS define into variable, ngroups. (okan@) ~ cwm/calmwm.h ~ cwm/client.c ~ cwm/conf.c > Calculate client nameqlen in client_setname(), the only place it's > needed/used. (okan@) ~ cwm/calmwm.h ~ cwm/screen.c ~ cwm/xevents.c > When removing xrandr regions, ensure clients are within the bounds of > the screen; adapted from an ancient diff from Sviatoslav Chagaev. Things > in this area will likely change, but put this in so it works now and > serves as a reminder. (okan@) ~ cwm/calmwm.h ~ cwm/conf.c ~ cwm/xutil.c > Stash wmname into conf. (okan@) ~ cwm/conf.c ~ cwm/cwm.1 > Add CM-a for 'nogroup' (CM-0 stays for now); update manpage to reflect. > (okan@) ~ cwm/cwm.1 ~ cwm/cwmrc.5 > More accurate to say 'toggle', rather than 'select', for group[n]/nogroup. > (okan@) ~ cwm/client.c > Check the ptr bounds in the new client during cycling, since not all > actions do ptrsave, such as restoring client geometry; adapted from a > diff by Vadim Vygonets. (okan@) ~ cwm/calmwm.h ~ cwm/conf.c ~ cwm/kbfunc.c ~ cwm/mousefunc.c ~ cwm/xevents.c > Add an argument to the callbacks to pass the xevent context, button or > key press. This allows to remove a few hacks to duplicate functions only > for behaviour changes; now differing behaviours are pushed down to the > callback. Also will allow for previously unavailable actions to be > bind-able > down the road. (okan@) ~ cwm/calmwm.h ~ cwm/conf.c ~ cwm/kbfunc.c > Rename 2 kbfunc to match closer to what they do (okan@) == data ============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/data data ~ xkeyboard-config/Makefile.inc > Provide a default clean target now that bsd.subdir.mk doesn't. (matthieu@) ~ xkeyboard-config/man/xkeyboard-config.7 ~ xkeyboard-config/pc/Makefile ~ xkeyboard-config/symbols/Makefile > Update to xkeyboard-config 2.19 > ok matthieu@ (shadchin@) == dist ============================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/dist dist ~ xkeyboard-config/NEWS ~ xkeyboard-config/aclocal.m4 ~ xkeyboard-config/configure ~ xkeyboard-config/configure.ac ~ xkeyboard-config/po/af.po ~ xkeyboard-config/po/az.po ~ xkeyboard-config/po/bg.po ~ xkeyboard-config/po/ca.po ~ xkeyboard-config/po/crh.po ~ xkeyboard-config/po/cs.po ~ xkeyboard-config/po/da.po ~ xkeyboard-config/po/de.po ~ xkeyboard-config/po/el.po ~ xkeyboard-config/po/en_GB.po ~ xkeyboard-config/po/eo.po ~ xkeyboard-config/po/es.po ~ xkeyboard-config/po/fi.po ~ xkeyboard-config/po/fr.po ~ xkeyboard-config/po/gl.po ~ xkeyboard-config/po/hr.po ~ xkeyboard-config/po/hu.po ~ xkeyboard-config/po/id.po ~ xkeyboard-config/po/it.po ~ xkeyboard-config/po/ja.po ~ xkeyboard-config/po/ka.po ~ xkeyboard-config/po/ko.po ~ xkeyboard-config/po/ky.po ~ xkeyboard-config/po/lt.po ~ xkeyboard-config/po/nb.po ~ xkeyboard-config/po/nl.po ~ xkeyboard-config/po/pl.po ~ xkeyboard-config/po/pt_BR.po ~ xkeyboard-config/po/ro.po ~ xkeyboard-config/po/ru.po ~ xkeyboard-config/po/rw.po ~ xkeyboard-config/po/sk.po ~ xkeyboard-config/po/sl.po ~ xkeyboard-config/po/sq.po ~ xkeyboard-config/po/sr.po ~ xkeyboard-config/po/sv.po ~ xkeyboard-config/po/tr.po ~ xkeyboard-config/po/uk.po ~ xkeyboard-config/po/vi.po ~ xkeyboard-config/po/zh_CN.po ~ xkeyboard-config/po/zh_TW.po ~ xkeyboard-config/rules/base.extras.xml.in ~ xkeyboard-config/rules/base.ml_s.part ~ xkeyboard-config/rules/base.o_s.part ~ xkeyboard-config/rules/base.xml.in ~ xkeyboard-config/rules/evdev.extras.xml.in ~ xkeyboard-config/rules/evdev.xml.in ~ xkeyboard-config/symbols/Makefile.am ~ xkeyboard-config/symbols/Makefile.in ~ xkeyboard-config/symbols/cm ~ xkeyboard-config/symbols/de ~ xkeyboard-config/symbols/kz ~ xkeyboard-config/symbols/lk ~ xkeyboard-config/symbols/rs ~ xkeyboard-config/symbols/ru ~ xkeyboard-config/symbols/us ~ xkeyboard-config/symbols/sharp_vndr/sl-c3x00 + xkeyboard-config/symbols/au + xkeyboard-config/symbols/parens > Update to xkeyboard-config 2.19 > ok matthieu@ (shadchin@) == distrib =========================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/distrib distrib ~ sets/Makefile > Explicitly set owners of the xorg.db locate(1) database and of the > xetc.tgz set for sysmerge. Needed for noperm release. > ok matthieu (tb@) == driver ============================================================ 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/driver driver ~ xf86-input-mouse/Makefile.bsd-wrapper > Explicitly set owner and group of the mouse(4) manpage symlink. > Needed for noperm release. > ok matthieu (tb@) == font ============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/font font ~ dejavu-ttf/Makefile > Explicitly set owner and group of the symlinks in etc/fonts/conf.d and > of the fonts.dir and fonts.scale indexes. Needed for noperm release. > ok matthieu (tb@) ~ adobe-100dpi/Makefile.am ~ adobe-75dpi/Makefile.am ~ adobe-utopia-100dpi/Makefile.am ~ adobe-utopia-75dpi/Makefile.am ~ adobe-utopia-type1/Makefile.am ~ arabic-misc/Makefile.am ~ bh-100dpi/Makefile.am ~ bh-75dpi/Makefile.am ~ bh-lucidatypewriter-100dpi/Makefile.am ~ bh-lucidatypewriter-75dpi/Makefile.am ~ bh-ttf/Makefile.am ~ bh-type1/Makefile.am ~ bitstream-100dpi/Makefile.am ~ bitstream-75dpi/Makefile.am ~ bitstream-type1/Makefile.am ~ cronyx-cyrillic/Makefile.am ~ cursor-misc/Makefile.am ~ daewoo-misc/Makefile.am ~ dec-misc/Makefile.am ~ ibm-type1/Makefile.am ~ isas-misc/Makefile.am ~ jis-misc/Makefile.am ~ micro-misc/Makefile.am ~ misc-cyrillic/Makefile.am ~ misc-ethiopic/Makefile.am ~ misc-meltho/Makefile.am ~ misc-misc/Makefile.am ~ mutt-misc/Makefile.am ~ schumacher-misc/Makefile.am ~ screen-cyrillic/Makefile.am ~ sony-misc/Makefile.am ~ sun-misc/Makefile.am ~ winitzki-cyrillic/Makefile.am ~ xfree86-type1/Makefile.am > Typo font.dir -> fonts.dir (matthieu@) ~ adobe-100dpi/Makefile.in ~ adobe-100dpi/aclocal.m4 ~ adobe-100dpi/configure ~ adobe-75dpi/Makefile.in ~ adobe-75dpi/aclocal.m4 ~ adobe-75dpi/configure ~ adobe-utopia-100dpi/Makefile.in ~ adobe-utopia-100dpi/aclocal.m4 ~ adobe-utopia-100dpi/configure ~ adobe-utopia-75dpi/Makefile.in ~ adobe-utopia-75dpi/aclocal.m4 ~ adobe-utopia-75dpi/configure ~ adobe-utopia-type1/Makefile.in ~ adobe-utopia-type1/aclocal.m4 ~ adobe-utopia-type1/configure ~ arabic-misc/Makefile.in ~ arabic-misc/aclocal.m4 ~ arabic-misc/configure ~ bh-100dpi/Makefile.in ~ bh-100dpi/aclocal.m4 ~ bh-100dpi/configure ~ bh-75dpi/Makefile.in ~ bh-75dpi/aclocal.m4 ~ bh-75dpi/configure ~ bh-lucidatypewriter-100dpi/Makefile.in ~ bh-lucidatypewriter-100dpi/aclocal.m4 ~ bh-lucidatypewriter-100dpi/configure ~ bh-lucidatypewriter-75dpi/Makefile.in ~ bh-lucidatypewriter-75dpi/aclocal.m4 ~ bh-lucidatypewriter-75dpi/configure ~ bh-ttf/Makefile.in ~ bh-ttf/aclocal.m4 ~ bh-ttf/config.guess ~ bh-ttf/config.sub ~ bh-ttf/configure ~ bh-ttf/install-sh ~ bh-ttf/missing ~ bh-type1/Makefile.in ~ bh-type1/aclocal.m4 ~ bh-type1/configure ~ bitstream-100dpi/Makefile.in ~ bitstream-100dpi/aclocal.m4 ~ bitstream-100dpi/configure ~ bitstream-75dpi/Makefile.in ~ bitstream-75dpi/aclocal.m4 ~ bitstream-75dpi/configure ~ bitstream-type1/Makefile.in ~ bitstream-type1/aclocal.m4 ~ bitstream-type1/configure ~ cronyx-cyrillic/Makefile.in ~ cronyx-cyrillic/aclocal.m4 ~ cronyx-cyrillic/configure ~ cursor-misc/Makefile.in ~ cursor-misc/aclocal.m4 ~ cursor-misc/configure ~ daewoo-misc/Makefile.in ~ daewoo-misc/aclocal.m4 ~ daewoo-misc/configure ~ dec-misc/Makefile.in ~ dec-misc/aclocal.m4 ~ dec-misc/configure ~ ibm-type1/Makefile.in ~ ibm-type1/aclocal.m4 ~ ibm-type1/configure ~ isas-misc/Makefile.in ~ isas-misc/aclocal.m4 ~ isas-misc/configure ~ jis-misc/Makefile.in ~ jis-misc/aclocal.m4 ~ jis-misc/configure ~ micro-misc/Makefile.in ~ micro-misc/aclocal.m4 ~ micro-misc/configure ~ misc-cyrillic/Makefile.in ~ misc-cyrillic/aclocal.m4 ~ misc-cyrillic/configure ~ misc-ethiopic/Makefile.in ~ misc-ethiopic/aclocal.m4 ~ misc-ethiopic/configure ~ misc-meltho/Makefile.in ~ misc-meltho/aclocal.m4 ~ misc-meltho/configure ~ misc-misc/Makefile.in ~ misc-misc/aclocal.m4 ~ misc-misc/configure ~ mutt-misc/Makefile.in ~ mutt-misc/aclocal.m4 ~ mutt-misc/configure ~ schumacher-misc/Makefile.in ~ schumacher-misc/aclocal.m4 ~ schumacher-misc/configure ~ screen-cyrillic/Makefile.in ~ screen-cyrillic/aclocal.m4 ~ screen-cyrillic/configure ~ sony-misc/Makefile.in ~ sony-misc/aclocal.m4 ~ sony-misc/configure ~ sun-misc/Makefile.in ~ sun-misc/aclocal.m4 ~ sun-misc/configure ~ winitzki-cyrillic/Makefile.in ~ winitzki-cyrillic/aclocal.m4 ~ winitzki-cyrillic/configure ~ xfree86-type1/Makefile.in ~ xfree86-type1/aclocal.m4 ~ xfree86-type1/configure > regen (matthieu@) ~ bh-ttf/Makefile.bsd-wrapper > Fix ownership of /etc/fonts/conf.d/42-luxi-mono.conf link (matthieu@) ~ Makefile.inc ~ alias/Makefile.bsd-wrapper > Fix ownership of fonts.dir and font.scale files as well as > fontconfig font caches. > mkfontdir and mkfontscale are now run out of font/alias at the end > of the build or install, like fc-cache. > fc-cache is using its -y (sysroot) flag that works if used correctly. > (matthieu@) == lib =============================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/lib lib ~ fontconfig/conf.d/Makefile > chown -h symbolic links in conf.d. Needed for noperm release. > There are a few remaining symlinks that will be fixed later. > ok matthieu (tb@) ~ libXScrnSaver/Makefile.bsd-wrapper > Set owner and group of the XScreenSaver(3) manpage symlink. > Needed for noperm release. > ok matthieu (tb@) ~ libXaw/xaw7.pc.in ~ libXaw/man/Makefile.am > Reduce diffs with upstreams (matthieu@) ~ libXaw/configure.ac ~ libXaw/src/Makefile.am > Remove local patch for platforms without shared libs (matthieu@) ~ libXaw/configure ~ libXaw/src/Makefile.in > regen (matthieu@) ~ libXaw/Makefile.bsd-wrapper ~ libXaw/src/Makefile.am > Handle the libXaw.so.xx.y symlink in afterinstall: in Makefile.bsd-wrapper > No more diffs with upstreams in autoconf files; > owneship of links for non-root/noperm installs is handled too. (matthieu@) ~ libXaw/src/Makefile.in > regen (matthieu@) ~ libXaw/Makefile.bsd-wrapper > Fix installation of libXaw.so.15.0 link. (matthieu@) ~ pixman/pixman/pixman-vmx.c > revert pixman-vmx.c to the version of pixman-0.32.8. > gcc 4.2 is not able to compile the new version. > XXX switch back to 0.34 once macppc switches to clang. (matthieu@) ~ libX11/src/FontNames.c ~ libX11/src/ListExt.c ~ libX11/src/ModMap.c > The validation of server responses avoids out of boundary accesses. > From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016. (matthieu@) ~ libX11/src/GetImage.c > Validation of server responses in XGetImage() > Check if enough bytes were received for specified image type and > geometry. Otherwise GetPixel and other functions could trigger an > out of boundary read later on. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXfixes/src/Region.c > Integer overflow on illegal server response > The 32 bit field "rep.length" is not checked for validity, which allows > an integer overflow on 32 bit systems. > A malicious server could send INT_MAX as length, which gets multiplied > by the size of XRectangle. In that case the client won't read the whole > data from server, getting out of sync. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXi/src/XGMotion.c ~ libXi/src/XGetBMap.c ~ libXi/src/XGetDCtl.c ~ libXi/src/XGetFCtl.c ~ libXi/src/XGetKMap.c ~ libXi/src/XGetMMap.c ~ libXi/src/XIQueryDevice.c ~ libXi/src/XListDev.c ~ libXi/src/XOpenDev.c ~ libXi/src/XQueryDv.c > Properly validate server responses > By validating length fields from server responses, out of boundary > accesses and endless loops can be mitigated. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXrandr/src/XrrConfig.c ~ libXrandr/src/XrrCrtc.c ~ libXrandr/src/XrrMonitor.c ~ libXrandr/src/XrrOutput.c ~ libXrandr/src/XrrProvider.c ~ libXrandr/src/XrrScreen.c > Avoid out of boundary accesses on illegal responses > The responses of the connected X server have to be properly checked > to avoid out of boundary accesses that could otherwise be triggered > by a malicious server. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXrender/src/Filter.c > Avoid OOB write in XRenderQueryFilters > The memory for filter names is reserved right after receiving the reply. > After that, filters are iterated and each individual filter name is > stored in that reserved memory. > The individual name lengths are not checked for validity, which means > that a malicious server can reserve less memory than it will write to > during each iteration. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXrender/src/Xrender.c > Validate lengths while parsing server data. > Individual lengths inside received server data can overflow > the previously reserved memory. > It is therefore important to validate every single length > field to not overflow the previously agreed sum of all invidual > length fields. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXtst/src/XRecord.c > Out of boundary access and endless loop in libXtst > A lack of range checks in libXtst allows out of boundary accesses. > The checks have to be done in-place here, because it cannot be done > without in-depth knowledge of the read data. > If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied > without a client sequence have attached data, an endless loop would > occur. The do-while-loop continues until the current index reaches > the end. But in these cases, the current index would not be > incremented, leading to an endless processing. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXv/src/Xv.c > Protocol handling issues in libXv > The Xv query functions for adaptors and encodings suffer from out of > boundary > accesses if a hostile X server sends a maliciously crafted response. > A previous fix already checks the received length against fixed values but > ignores additional length specifications which are stored inside the > received > data. > These lengths are accessed in a for-loop. The easiest way to guarantee a > correct processing is by validating all lengths against the remaining size > left before accessing referenced memory. > This makes the previously applied check obsolete, therefore I removed it. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libXvMC/src/XvMC.c > Avoid buffer underflow on empty strings. > If an empty string is received from an x-server, do not underrun the > buffer by accessing "rep.nameLen - 1" unconditionally, which could end > up being -1. > From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 (matthieu@) ~ libX11/src/FontNames.c ~ libX11/src/GetImage.c ~ libX11/src/ListExt.c ~ libX11/src/ModMap.c ~ libXfixes/src/Region.c ~ libXi/src/XGMotion.c ~ libXi/src/XGetBMap.c ~ libXi/src/XGetDCtl.c ~ libXi/src/XGetFCtl.c ~ libXi/src/XGetKMap.c ~ libXi/src/XGetMMap.c ~ libXi/src/XIQueryDevice.c ~ libXi/src/XListDev.c ~ libXi/src/XOpenDev.c ~ libXi/src/XQueryDv.c ~ libXrandr/src/XrrConfig.c ~ libXrandr/src/XrrCrtc.c ~ libXrandr/src/XrrMonitor.c ~ libXrandr/src/XrrOutput.c ~ libXrandr/src/XrrProvider.c ~ libXrandr/src/XrrScreen.c ~ libXrender/src/Filter.c ~ libXrender/src/Xrender.c ~ libXtst/src/XRecord.c ~ libXv/src/Xv.c ~ libXvMC/src/XvMC.c TAGGED OPENBSD_6_0 > Protocol handling issues in X Window System client libraries > X.Org security advisory: October 4, 2016 > Fix a number of issues in the way various X client libraries handle > server responses. > Checked by tj@ (matthieu@) ~ libX11/src/FontNames.c ~ libX11/src/GetImage.c ~ libX11/src/ListExt.c ~ libX11/src/ModMap.c ~ libXfixes/src/Region.c ~ libXi/src/XGMotion.c ~ libXi/src/XGetBMap.c ~ libXi/src/XGetDCtl.c ~ libXi/src/XGetFCtl.c ~ libXi/src/XGetKMap.c ~ libXi/src/XGetMMap.c ~ libXi/src/XIQueryDevice.c ~ libXi/src/XListDev.c ~ libXi/src/XOpenDev.c ~ libXi/src/XQueryDv.c ~ libXrandr/src/XrrConfig.c ~ libXrandr/src/XrrCrtc.c ~ libXrandr/src/XrrOutput.c ~ libXrandr/src/XrrProvider.c ~ libXrandr/src/XrrScreen.c ~ libXrender/src/Filter.c ~ libXrender/src/Xrender.c ~ libXtst/src/XRecord.c ~ libXv/src/Xv.c ~ libXvMC/src/XvMC.c TAGGED OPENBSD_5_9 > Protocol handling issues in X Window System client libraries > X.Org security advisory: October 4, 2016 > Fix a number of issues in the way various X client libraries handle > server responses. > Checked by tj@ (matthieu@) ~ fontconfig/pc/Makefile TAGGED OPENBSD_5_9 > Fix package version in fontconfig.pc (matthieu@) ~ libGLw/Makefile ~ libepoxy/Makefile TAGGED OPENBSD_5_9 > use the pkg-config support from bsd.xorg.mk to handle > libGLw and libepoxy .pc files rather than manually generating them > as root in postinstall. Spotted by natano@ ok natano@. (matthieu@) ~ libGLw/Makefile TAGGED OPENBSD_5_9 > Put back the NOPROFILE= that I accidentally removed in previous commit > (matthieu@) ~ libX11/src/Makefile.am ~ libX11/src/Makefile.in TAGGED OPENBSD_5_9 > ks_tables.h is always considered out of date due to the forced rebuild > of the makekeys util. This means it's also rebuilt during install. First > as root during build, later by the BUILDUSER during release, which won't > be able to rewrite it, because it's now owned by root. With this result: > override rw-r--r-- root/wheel for ks_tables.h? > One step closer towards noperm release builds for xenocara. > ok matthieu (natano@) == xserver =========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/X11/xserver xserver ~ Makefile.bsd-wrapper > fix the ownership of the link /usr/X11R6/bin/X -> Xorg (matthieu@) ~ Makefile.bsd-wrapper > ignore chown error (for systems which don't install a Xserver) (deraadt@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
