frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19,524 Commits 293 Branches 13 Tags 61 MiB
Commit Graph

19524 Commits

Author SHA1 Message Date
Alan Coopersmith d13ba4a9e5 Revert "xfree86: modes: move private definitions out of from xf86RandR12.h" 
This reverts commit ac5e95be49.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Alan Coopersmith 58f469947b Revert "xfree86: parser: move private defs from xf86Parser.h to xf86Parser_priv.h" 
This reverts commit d4724009ce.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Alan Coopersmith 98e082ffe4 Revert "xfree86: ddc: move private definitions from xf86DDC.h to xf86DDC_priv.h" 
This reverts commit 00c2a8fb0a.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Alan Coopersmith 781a12fb8d Revert "xfree86: move private definitions out of dri2.h" 
This reverts commit 1d3c26446d.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Alan Coopersmith 41a55b1e2a Revert "xfree86: move private definitions out of dri.h" 
This reverts commit cf03948572.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Alan Coopersmith 44c89ebf32 Revert "xfree86: sdksyms.sh: add more headers" 
This reverts commit 1efb2151e3.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2027>
 2025-06-19 16:03:01 +00:00
Olivier Fourdan 4fc4d76b2c os: Check for integer overflow on BigRequest length 
Check for another possible integer overflow once we get a complete xReq
with BigRequest.

Related to CVE-2025-49176

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Suggested-by: Peter Harris <pharris2@rocketsoftware.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2028>
 2025-06-18 11:40:54 +02:00
Marge Bot 2a0f6ec920 Merge branch 'revert-1591' into 'master' 
Revert parts of !1591 ("Xext: saver: misc cleanups & tiny bugfix (#1704)")

See merge request xorg/xserver!2023
 2025-06-17 21:06:02 +00:00
Alan Coopersmith 5ad38ac585 Revert "Xext: saver: skip unneeded zero init and zero-swapping" 
This reverts commit 40469a9d51.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2023>
 2025-06-17 21:02:03 +00:00
Alan Coopersmith 74182c52e9 Revert "Xext: saver: use explicit switch/case for dispatching" 
This reverts commit 8236ef3b56.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2023>
 2025-06-17 21:02:03 +00:00
Marge Bot 3e168d8e6a Merge branch 'revert-1519' into 'master' 
Revert !1519 ("refactor no*Extension flags")

See merge request xorg/xserver!2022
 2025-06-17 21:00:16 +00:00
Alan Coopersmith b82110826f Revert "os: move out extension disable flags to corresponing extensions" 
This reverts commit 356e18dcc6.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2022>
 2025-06-17 20:54:49 +00:00
Alan Coopersmith 33a11228cf Revert "include: unexport no*Extension flags" 
This reverts commit e3cbde9914.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2022>
 2025-06-17 20:54:49 +00:00
Marge Bot e610fa3234 Merge branch 'revert-xf86Msg' into 'master' 
Revert !1681 ("(trivial) xfree86: use LogMessageVerb() instead of xf86MsgVerb()")

See merge request xorg/xserver!2021
 2025-06-17 20:49:44 +00:00
Alan Coopersmith d7e741665b Revert "xfree86: drop xf86MsgVerb() in favor of LogMessageVerb()" 
This reverts commit 14767eccc0.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:06 +00:00
Alan Coopersmith 64593971d7 Revert "xfre86: drop xf86Msg() in favor of LogMessageVerb()" 
This reverts commit a136ce3d57.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:06 +00:00
Alan Coopersmith 746f249a0d Revert "xfree86: use LogMessageVerb() instead of xf86MsgVerb()" 
This reverts commit 6fc4f35f62.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Alan Coopersmith 6b60f92ac2 Revert "glx: use LogMessageVerb() instead of xf86Msg()" 
This reverts commit 76874498be.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Alan Coopersmith 692800af00 Revert "xfree86: i2c: use LogMessageVerb() instead of xf86Msg()" 
This reverts commit 1f93ec5c33.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Alan Coopersmith 714d7ea170 Revert "xfree86: os-support: use LogMessageVerb() instead of xf86Msg()" 
This reverts commit 4ba0cf1f55.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Alan Coopersmith 5b7b8f99cd Revert "xfree86: fbdevhw: use LogMessageVerb() instead of xf86Msg()" 
This reverts commit 5fd918421a.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Alan Coopersmith 8e8f28279d Revert "xfree86: common: use LogMessageVerb() instead of xf86Msg()" 
This reverts commit bcbc7479f3.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2021>
 2025-06-17 20:42:05 +00:00
Marge Bot 81b14fb1a6 Merge branch 'revert-1711' into 'master' 
Revert !1711 ("use dixDestroyPixmap() instead of direct driver calls")

See merge request xorg/xserver!2020
 2025-06-17 20:12:22 +00:00
Alan Coopersmith 2a9c3abf3e Revert "doc: document that ScreenRec->DestroyPixmap() shouldn't be called directly" 
This reverts commit 984da40fbb.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 60a224e457 Revert "Xext: saver: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 7ce19233bc.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith babe8e429d Revert "Xext: shm: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit c0f3b5bcef.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith dd823c7370 Revert "dix: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 5b541780c1.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 2de9ed7604 Revert "composite: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit eb5476381a.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith f0d6ec1c8a Revert "dbe: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 668d9fc40e.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith b91182cc16 Revert "dri3: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 4694b8488e.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith a5a89e9fa2 Revert "exa: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 9ca03e6da0.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 5ead727d52 Revert "fb: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 08ec122fa7.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 6142282bfe Revert "glamor: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 7a0f8301c5.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 37d2db4398 Revert "miext: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 372a510ef0.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 6f4ad392bd Revert "mi: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 4628254698.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 918a343710 Revert "randr: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit d2a93d0346.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 3802252040 Revert "render: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit c8607ca66f.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 9550b2d105 Revert "xnest: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 0a54e24721.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 51cfefd59f Revert "kdrive: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 4378656cbb.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 1b6b2bcee1 Revert "vfb: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit c117925ace.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith ab5e559771 Revert "xfree86: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 4d1953728e.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 21de52dfbe Revert "xwayland: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 0132baa422.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 23dcedf8ba Revert "glx: use dixDestroyPixmap() instead of direct driver call" 
This reverts commit 69837185c0.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith 8b47b53226 Revert "exa: simplify CreatePixmap()/DestroyPixmap() handlers error pathes" 
This reverts commit ee798cf212.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Alan Coopersmith e48b1aaa97 Revert "dix: add in-code docs for dixDestroyPixmap()" 
This reverts commit b61647f3a1.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2020>
 2025-06-17 20:02:16 +00:00
Olivier Fourdan 0235121c6a xfree86: Check for RandR provider functions 
Changing XRandR provider properties if the driver has set no provider
function such as the modesetting driver will cause a NULL pointer
dereference and a crash of the Xorg server.

Related to CVE-2025-49180

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 2025-06-17 14:21:24 +02:00
Olivier Fourdan 3c3a4b767b randr: Check for overflow in RRChangeProviderProperty() 
A client might send a request causing an integer overflow when computing
the total size to allocate in RRChangeProviderProperty().

To avoid the issue, check that total length in bytes won't exceed the
maximum integer value.

CVE-2025-49180

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 2025-06-17 14:21:24 +02:00
Olivier Fourdan 2bde9ca49a record: Check for overflow in RecordSanityCheckRegisterClients() 
The RecordSanityCheckRegisterClients() checks for the request length,
but does not check for integer overflow.

A client might send a very large value for either the number of clients
or the number of protocol ranges that will cause an integer overflow in
the request length computation, defeating the check for request length.

To avoid the issue, explicitly check the number of clients against the
limit of clients (which is much lower than an maximum integer value) and
the number of protocol ranges (multiplied by the record length) do not
exceed the maximum integer value.

This way, we ensure that the final computation for the request length
will not overflow the maximum integer limit.

CVE-2025-49179

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 2025-06-17 14:21:24 +02:00
Olivier Fourdan d55c54cecb os: Account for bytes to ignore when sharing input buffer 
When reading requests from the clients, the input buffer might be shared
and used between different clients.

If a given client sends a full request with non-zero bytes to ignore,
the bytes to ignore may still be non-zero even though the request is
full, in which case the buffer could be shared with another client who's
request will not be processed because of those bytes to ignore, leading
to a possible hang of the other client request.

To avoid the issue, make sure we have zero bytes to ignore left in the
input request when sharing the input buffer with another client.

CVE-2025-49178

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 2025-06-17 14:21:24 +02:00
Olivier Fourdan ab02fb96b1 xfixes: Check request length for SetClientDisconnectMode 
The handler of XFixesSetClientDisconnectMode does not check the client
request length.

A client could send a shorter request and read data from a former
request.

Fix the issue by checking the request size matches.

CVE-2025-49177

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Fixes: e167299f6 - xfixes: Add ClientDisconnectMode
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 2025-06-17 14:21:24 +02:00