aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs
Commit message (Collapse)AuthorAgeFilesLines
* On realloc failure, free font_path_string instead of leaking itMike Gabriel2015-12-281-4/+7
| | | | | | | | | | | Flagged by cppcheck 1.62: [dix/dixfonts.c:1792]: (error) Common realloc mistake: 'font_path_string' nulled but not freed upon failure Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Keith Packard <keithp@keithp.com> Rebased against NX: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Replace 'pointer' type with 'void *'Keith Packard2015-12-28200-1367/+1378
| | | | | | | | | | This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer' is used throughout the X server for other things, and having duplicate names generates compiler warnings. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eric Anholt <eric@anholt.net> Rebased against NX: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Re-add -sync option back to nxagent to allow synchronous debugging of the ↵Mike Gabriel2015-10-063-0/+12
| | | | nxagent DDX.
* Correct manpages: --help -> -helpMike DePaulo2015-09-282-2/+2
| | | | | | | | | | | | | | | xorg-server does not follow the convention of using 2 dashes. Note that --help does produce the help output. However, it produces this additional output after it: Error: Aborting session with 'Unrecognized option: --help'. Session: Aborting session at 'Sun Jun 28 01:35:35 2015'. Session: Session aborted at 'Sun Jun 28 01:35:35 2015'. It also causes a return code of 1 rather than 0. Therefore, we should instruct users to call -help instead.
* nx-X11/config/cf: Drop unnecessary xf86site.def, xf86.tmpl, xfree86.cf.Mike Gabriel2015-09-286-18/+9
|
* imake clean-up: Enforce build of Mesa GLX extension. Drop all other GLX ↵Mike Gabriel2015-09-2812-45/+1
| | | | build methods (built-in DRI drivers, etc.).
* Drop unused / untested Xserver GLX extension support / build logic.Mike Gabriel2015-09-2813-208/+5
| | | | | | | * MS Windows (non-tested) * Mac OS X (not provided) * SGISI / opengl (not provided) * DRI support (nxagent uses Mesa software emulation only)
* Drop nx-X11/lib/GL and move Imakefile.inc include files into Xserver code tree.Mike Gabriel2015-09-2834-244/+1505
| | | | | | | | | | | | The client-side library libNX_GL.{a,so} is not built when building nx-libs. However, nx-X11/lib/GL/** ships several imake include files (Imakefile.inc) that are also used in nx-X11/programs/Xserver/GL/**. These files have been moved from the nx-X11/lib/GL/ code subtree to the nx-X11/programs/Xserver/GL/. Furthermore, we don't provide module builds of the GL extension anymore, as that feature is neither used in nx-libs.
* use xfree instead of free for xalloced dataUlrich Sibiller2015-09-262-3/+3
| | | | | This was brought in by a backport since in later versions xalloc/xfree have been replaced by malloc/free.
* Backport: xserver: Avoid sending uninitialized padding data over the networkPeter Åstrand2015-07-0232-5/+131
| | | | Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* Backport: Make RANDR 'set' timestamps follow client specified time. Bug 21987.Keith Packard2015-06-072-13/+2
| | | | | | | | The lastSetTime value which indicates when the configuration within the server was last changed was not getting set in the appropriate RandR requests. Signed-off-by: Keith Packard <keithp@keithp.com>
* Backport: randr: Clean up compiler warnings about unused and shadowing variablesKeith Packard2015-06-073-21/+5
| | | | | | | | | | | | set but not used variables shadowing a previous local A hidden problem was that the VERIFY_RR_* macros define local 'rc' variables, any other local definitions for those would be shadowed and generate warnings from gcc. I've renamed the other locals 'ret' instead of 'rc'. Signed-off-by: Keith Packard <keithp@keithp.com>
* Backport: randr: Fix REQUEST vs. REQUEST_SIZE_MATCH mismatchAaron Plattner2015-06-071-1/+1
| | | | | | | | | | | ProcRRGetScreenSizeRange uses REQUEST(xRRGetScreenSizeRangeReq) followed by REQUEST_SIZE_MATCH(xRRGetScreenInfoReq). This happens to work out because both requests have the same size, so this is not a functional change, just a cosmetic one. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Keith Packard <keithp@keithp.com>
* Backport: ProcRRGetScreenInfo: swap configTimestamp as wellAlan Coopersmith2015-06-071-0/+1
| | | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org>
* Backport: RRModeCreate: plug memory leak of newModes if AddResource failsAlan Coopersmith2015-06-071-2/+4
| | | | | | | | | | | | | | | | Reported by parfait 1.0: Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with realloc(((char*)modes), ((num_modes + 1) * 8)) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 82 with realloc(((char*)modes), ((num_modes + 1) * 8)). Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with malloc(8) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 84 with malloc(8). Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com>
* Backport: randr: fix server crash in RRGetScreenInfoJulien Cristau2015-06-071-2/+3
| | | | | | | | | | | We don't return rates to randr < 1.1 clients, so don't allocate space for them. This fixes a FatalError due to not all allocated space being used. X.Org bug#21861 <http://bugs.freedesktop.org/show_bug.cgi?id=21861> Reported-by: Guillaume Quintin <coincoin169g@gmail.com> Signed-off-by: Julien Cristau <jcristau@debian.org>
* Backport: randr: check for virtual size limits before set crtcTiago Vignatti2015-06-071-0/+12
| | | | | | | | | Return a error if the screen is configured to an invalid size. Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Signed-off-by: Keith Packard <keithp@keithp.com>
* Backport: Free randr crtc and output pointer arraysKeith Packard2015-06-071-0/+2
| | | | | | | | All of the crts and outputs were freed, but not the arrays full of pointers to them. Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* Backport: Drop a reference to user mode after createKeith Packard2015-06-071-1/+2
| | | | | User mode has no customer when create until assigned to some output.
* Backport: Bug 51375: Xorg doesn't set status for RRGetOutputInfoJaroslav Šmíd2015-06-071-0/+1
| | | | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=51375 https://bugs.freedesktop.org/attachment.cgi?id=63397 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org>
* Merge pull request #46 from ArcticaProject/pr/Xext-cve-fixesMike Gabriel2015-05-311-0/+20
|\ | | | | Xext CVE fixes in XVideo extension.
| * Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]pr/Xext-cve-fixesAlan Coopersmith2015-05-301-0/+20
| | | | | | | | | | | | | | | | | | | | | | v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: Xext/xvdisp.c
* | dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418).pr/dix-cve-fixesKeith Packard2015-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. Fix for regression introduced by fix for CVE-2014-8092. v2: backports to nx-libs 3.6.x (Mike Gabriel) v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) Signed-off-by: Keith Packard <keithp@keithp.com>
* | dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]Alan Coopersmith2015-05-301-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ProcPutImage() calculates a length field from a width, left pad and depth specified by the client (if the specified format is XYPixmap). The calculations for the total amount of memory the server needs for the pixmap can overflow a 32-bit number, causing out-of-bounds memory writes on 32-bit systems (since the length is stored in a long int variable). v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: dix/dispatch.c
* | Avoid use-after-free in dix/dixfonts.c: doImageText() [CVE-2013-4396] from ↵Mike DePaulo2015-05-301-0/+5
|/ | | | | | | | | | | | | | | | | | | | | | | xorg/Xserver http://lists.x.org/archives/xorg-announce/2013-October/002332.html Save a pointer to the passed in closure structure before copying it and overwriting the *c pointer to point to our copy instead of the original. If we hit an error, once we free(c), reset c to point to the original structure before jumping to the cleanup code that references *c. Since one of the errors being checked for is whether the server was able to malloc(c->nChars * itemSize), the client can potentially pass a number of characters chosen to cause the malloc to fail and the error path to be taken, resulting in the read from freed memory. Since the memory is accessed almost immediately afterwards, and the X server is mostly single threaded, the odds of the free memory having invalid contents are low with most malloc implementations when not using memory debugging features, but some allocators will definitely overwrite the memory there, leading to a likely crash. v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
* Merge pull request #36 from ArcticaProject/pr/render-cve-fixesMike Gabriel2015-05-261-2/+18
|\ | | | | XRender CVE fixes for nxagent (X.Org CVE-2014-8100)
| * render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]pr/render-cve-fixesAlan Coopersmith2015-05-241-1/+16
| | | | | | | | | | | | | | | | | | | | | | v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXrender.c rather than render.c (Mike DePaulo) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: render/render.c
| * render: check request size before reading it [CVE-2014-8100 1/2]Julien Cristau2015-05-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we may be reading outside of the client request. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXrender.c rather than render.c (Mike DePaulo) Signed-off-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Conflicts: render/render.c
* | hw/nxagent clean-up: Drop NXrandr.{c|h} client lib copy-of-code from nxagent ↵Mike Gabriel2015-05-204-1033/+3
| | | | | | | | hardware driver.
* | library clean-up: Don't build libNX_Xrandr anymore. Use system's libXrandr ↵Mike Gabriel2015-05-203-4/+4
|/ | | | shared library.
* library clean-up: Don't build libNX_Xdamage anymore. Use system's libXdamage ↵Mike Gabriel2015-05-011-2/+2
| | | | shared library. (Fixes ArcticaProject/nx-libs#6, X2GoBTS#826).
* dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418).Keith Packard2015-05-011-1/+1
| | | | | | | | | | | | The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. Fix for regression introduced by fix for CVE-2014-8092. v2: backports to nx-libs 3.6.x (Mike Gabriel) Signed-off-by: Keith Packard <keithp@keithp.com>
* imake cleanup: Drop references to X11 build-logic that is not present in nx-X11.Mike Gabriel2015-04-283-586/+7
|
* library clean-up: Don't build libNX_Xdmcp anymore. Use system's libXdmcp ↵Mike Gabriel2015-04-221-4/+4
| | | | shared library.
* library clean-up: Don't build and link libXfont.a anymore. Use system's ↵pr/libxfont-cleanupMike Gabriel2015-04-2219-76/+38
| | | | libXfont shared library and link dynamically.
* imake cleanup (nx-X11/programs/Xserver/Imakefile): Drop build rules for ↵Mike Gabriel2015-04-171-286/+2
| | | | XF86Server and XorgServer.
* NXAGENT_UPGRADE code cleanup:Mike Gabriel2015-04-1651-38857/+6098
| | | | | | | | | | | NX agent contains/ed two build trees. An old one (probably pre-3.x.y) and a "newer" one. The "newer" code tree used to become enabled by setting NXUpgradeAgentServer in nx-X11/config/cf/host.def to YES. As building the NXUpgradeAgentServer has been the default for years now, we drop all code that does not get used at build time for NXUpgradeAgentServer == YES (i.e., the code that belongs to the pre-3.x.y phase of NX agent).
* imake cleanup: nx-X11/programs/Xserver/Imakefile (drop non-provided Xserver ↵Mike Gabriel2015-04-051-286/+1
| | | | variants)
* imake cleanup: nx-X11/programs/Imakefile (reduce to minimal).Mike Gabriel2015-04-041-136/+0
|
* imake cleanup: Drop all references to BuildFontServer.Mike Gabriel2015-04-041-4/+1
|
* imake cleanup: Drop all references to XprtServer and BuildXprint*.Mike Gabriel2015-04-0411-2951/+8
|
* imake cleanup: Drop all references to XdmxServer and BuildXdmx*.Mike Gabriel2015-04-044-1209/+1
|
* imake cleanup: Drop all references to XVirtualFramebufferServer.Mike Gabriel2015-04-042-45/+3
|
* imake cleanup: Drop all references to XNestServer.Mike Gabriel2015-04-042-45/+3
|
* imake cleanup: Drop all references to XWinServer.Mike Gabriel2015-04-041-97/+2
|
* nx-X11: add more NULL guards to TEST and DEBUG sections of Render.c.Mihai Moldovan2015-03-291-65/+90
| | | | Cherry-picked from branch 3.5.0.x.
* nx-X11: fix typo in previous commit.Mihai Moldovan2015-03-291-1/+1
| | | | Cherry-picked from branch 3.5.0.x.
* nx-X11: handle source pictures (those without a Drawable surface) gracefully.Mihai Moldovan2015-03-294-20/+89
| | | | | | | | | | | | | | | | | | | Cherry-picked from branch 3.5.0.x. This is basically a merge of the most current xorg-server (1.17.1) code into nx-X11. It makes sure that for source pictures, which do not have a drawable surface, a filter is selected that is supported on the "main" and all other screens. Alternatively, if the requested filter is not available on all screens and the picture is a source picture, this function fails gracefully. Additionally, the ChangePictureFilter hook is now called for non-source pictures. This also needs an implementation in mipict.{c,h}. The default hook does nothing and returns a success value.
* nx-X11/**: Drop non-imake Makefile* files.Mike Gabriel2015-03-042-726/+0
|
* library clean-up: Don't build libNX_Xpm anymore. Use system's libXpm shared ↵Mike Gabriel2015-03-032-2/+2
| | | | library.