Commit Graph

1719 Commits

Author SHA1 Message Date
uwe 2c85024b98 libX11: Install Compose(5) manual page. 2022-05-01 22:54:59 +00:00
uwe 70503e8c99 libX11: Add missing MLINKS. 2022-05-01 13:45:46 +00:00
macallan adaa0690d9 add locations where pkgsrc installs X11 fonts to the default font path 2022-04-28 03:07:44 +00:00
rillig eb8885e7df liblua: ignore a few lint warnings 2022-04-19 22:00:53 +00:00
martin 5aadf4103d Do not assume we have a SYS_getrandom for the tools build. 2022-02-27 12:27:22 +00:00
christos 8cb2545f45 don't require arc4random_buf for tools build 2022-02-26 18:49:42 +00:00
christos e60236d7f0 re-enable getrandom for the non-tools build (thanks martin) 2022-02-26 15:40:09 +00:00
christos c7718d483a ah, wiz added another endif. 2022-02-26 13:17:39 +00:00
christos a6b78e7572 remove stray #if 0 2022-02-26 13:15:18 +00:00
martin 3e1a285a2f Try to fix the build: HAVE_GETRANDOM does not compile 2022-02-26 10:16:35 +00:00
wiz af8a5f6d21 libexpat: add matching #endif for #if 0 2022-02-25 21:52:47 +00:00
christos 7dabb11360 Update to latest (thanks rillig) 2022-02-25 20:52:49 +00:00
martin afd5ce9447 Add more -I to find expat_config.h 2022-02-24 06:34:32 +00:00
martin f02135dd24 Add more -I so that expat_config.h is found 2022-02-23 19:07:35 +00:00
mrg e535e7b190 build the newer version of the ati driver frontend, that knows how
to load amdgpu if that is found.
2022-02-23 17:28:31 +00:00
christos adc57c9705 merge conflicts between expat-2.2.8 and expat-2.4.6 2022-02-23 15:24:05 +00:00
christos 0315d31112 Upgrade expat from 2.2.8 -> 2.4.6 to include the security fixes from 2.4.5
Release 2.4.6 Sun February 20 2022
        Bug fixes:
            #566  Fix a regression introduced by the fix for CVE-2022-25313
                    in release 2.4.5 that affects applications that (1)
                    call function XML_SetElementDeclHandler and (2) are
                    parsing XML that contains nested element declarations
                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").

        Other changes:
       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Matt Sergeant
            Samanta Navarro
            Sergei Trofimovich
                 and
            NixOS
            Perl XML::Parser

Release 2.4.5 Fri February 18 2022
        Security fixes:
            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
                    sequences (e.g. from start tag names) to the XML
                    processing application on top of Expat can cause
                    arbitrary damage (e.g. code execution) depending
                    on how invalid UTF-8 is handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
                    characters in "xmlns[:prefix]" attribute values
                    made Expat send malformed tag names to the XML
                    processor on top of Expat which can cause
                    arbitrary damage (e.g. code execution) depending
                    on such unexpectable cases are handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
                    that could be triggered by e.g. a 2 megabytes
                    file with a large number of opening braces.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.
            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
                    only affects the encoding name parameter at parser creation
                    time which is often hardcoded (rather than user input),
                    takes a value in the gigabytes to trigger, and a 64-bit
                    machine.  Expected impact is denial of service.
            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
                    needs input in the gigabytes and a 64-bit machine.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Other changes:
       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Ivan Fratric
            Samanta Navarro
                 and
            Google Project Zero
            JetBrains

Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

        Bug fixes:
       #544 #545  xmlwf: Fix a memory leak on output file opening error

        Other changes:
            #546  Autotools: Fix broken CMake support under Cygwin
            #554  Windows: Add missing files to the installer to fix
                    compilation with CMake from installed sources
       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Carlo Bramini
            hwt0415
            Roland Illig
            Samanta Navarro
                 and
            Clang LeakSan and the Clang team

Release 2.4.3 Sun January 16 2022
        Security fixes:
       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                    resulting in
                      a) realloc acting as free
                      b) realloc allocating too few bytes
                      c) undefined behavior
                    depending on architecture and precise value
                    for XML documents with >=2^27+1 prefixed attributes
                    on a single XML tag a la
                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                    near memory allocation at multiple places.  Mitre assigned
                    a dedicated CVE for each involved internal C function:
                    - CVE-2022-22822 for function addBinding
                    - CVE-2022-22823 for function build_model
                    - CVE-2022-22824 for function defineAttribute
                    - CVE-2022-22825 for function lookup
                    - CVE-2022-22826 for function nextScaffoldPart
                    - CVE-2022-22827 for function storeAtts
                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                    and MSYS2 by not going through Wine on these platforms
       #527 #528  Address compiler warnings
       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #536  CI: Check for realistic minimum CMake version
       #529 #539  CI: Cover compilation with -m32
            #529  CI: Store coverage reports as artifacts for download
            #528  CI: Upgrade Clang from 11 to 13

        Special thanks to:
            An anonymous whitehat
            Christopher Degawa
            J. Peter Mugaas
            Tyson Smith
                 and
            GCC Farm Project
            Trend Micro Zero Day Initiative

Release 2.4.2 Sun December 19 2021
        Other changes:
       #509 #510  Link againgst libm for function "isnan"
       #513 #514  Include expat_config.h as early as possible
            #498  Autotools: Include files with release archives:
                    - buildconf.sh
                    - fuzz/*.c
       #507 #519  Autotools: Sync CMake templates
       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
                    - multi-config CMake generators (e.g. Ninja Multi-Config)
       #502 #503  docs: Document that function XML_GetBuffer may return NULL
                    when asking for a buffer of 0 (zero) bytes size
       #522 #523  docs: Fix return value docs for both
                    XML_SetBillionLaughsAttackProtection* functions
       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Dong-hee Na
            Joergen Ibsen
            Kai Pastor

Release 2.4.1 Sun May 23 2021
        Bug fixes:
       #488 #490  Autotools: Fix installed header expat_config.h for multilib
                    systems; regression introduced in 2.4.0 by pull request #486

        Other changes:
       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Gentoo's QA check "multilib_check_headers"

Release 2.4.0 Sun May 23 2021
        Security fixes:
   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                    (denial-of-service; flavors targeting CPU time or RAM or both,
                    leveraging general entities or parameter entities or both)
                    by tracking and limiting the input amplification factor
                    (<amplification> := (<direct> + <indirect>) / <direct>).
                    By conservative default, amplification up to a factor of 100.0
                    is tolerated and rejection only starts after 8 MiB of output bytes
                    (=<direct> + <indirect>) have been processed.
                    The fix adds the following to the API:
                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
                      signals this specific condition.
                    - Two new API functions ..
                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
                      .. to further tighten billion laughs protection parameters
                      when desired.  Please see file "doc/reference.html" for details.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
                    - Two new XML_FEATURE_* constants ..
                      - that can be queried using the XML_GetFeatureList function, and
                      - that are shown in "xmlwf -v" output.
                    - Two new environment variable switches ..
                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
                      - EXPAT_ENTITY_DEBUG=(0|1)
                      .. for runtime debugging of accounting and entity processing.
                      Specific behavior of these values may change in the future.
                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
                      for xmlwf to further tighten billion laughs protection
                      parameters when desired.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.

        Bug fixes:
       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
                    for UTF-16 payloads containing CDATA sections.
       #485 #486  Autotools: Fix generated CMake files for non-64bit and
                    non-Linux platforms (e.g. macOS and MinGW in particular)
                    that were introduced with release 2.3.0

        Other changes:
       #468 #469  xmlwf: Improve help output and the xmlwf man page
            #463  xmlwf: Improve maintainability through some refactoring
            #477  xmlwf: Fix man page DocBook validity
       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                    and CMAKE_INSTALL_INCLUDEDIR
       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
            #467  Resolve macro HAVE_EXPAT_CONFIG_H
            #472  Delete unused legacy helper file "conftools/PrintPath"
       #473 #483  Improve attribution
  #464 #465 #477  doc/reference.html: Fix XHTML validity
       #475 #478  doc/reference.html: Replace the 90s look by OK.css
            #479  Version info bumped from 8:0:7 to 9:0:8
                    due to addition of new symbols and error codes;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #456  CI: Enable periodic runs
            #457  CI: Start covering the list of exported symbols
            #474  CI: Isolate coverage task
       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
            #477  CI: Cover well-formedness and DocBook/XHTML validity
                    of doc/reference.html and doc/xmlwf.xml

        Special thanks to:
            Dimitry Andric
            Eero Helenius
            Nick Wellnhofer
            Rhodri James
            Tomas Korbar
            Yury Gribov
                 and
            Clang LeakSan
            JetBrains
            OSS-Fuzz

Release 2.3.0 Thu March 25 2021
        Bug fixes:
            #438  When calling XML_ParseBuffer without a prior successful call to
                    XML_GetBuffer as a user, no longer trigger undefined behavior
                    (by adding an integer to a NULL pointer) but rather return
                    XML_STATUS_ERROR and set the error code to (new) code
                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
                    of Clang 11 (but not Clang 9).
            #444  xmlwf: Exit status 2 was used for both:
                    - malformed input files (documented) and
                    - invalid command-line arguments (undocumented).
                    The case of invalid command-line arguments now
                    has its own exit status 4, resolving the ambiguity.

        Other changes:
            #439  xmlwf: Add argument -k to allow continuing after
                    non-fatal errors
            #439  xmlwf: Add section about exit status to the -h help output
  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
            #434  Windows: CMake: Detect unsupported Visual Studio at
                    configure time (rather than at compile time)
       #382 #428  testrunner: Make verbose mode (argument "-v") report
                    about passed tests, and make default mode report about
                    failures, as well.
            #442  CMake: Call "enable_language(CXX)" prior to tinkering
                    with CMAKE_CXX_* variables
            #448  Document use of libexpat from a CMake-based project
            #451  Autotools: Install CMake files as generated by CMake 3.19.6
                    so that users with "find_package(expat [..] CONFIG [..])"
                    are served on distributions that are *not* using the CMake
                    build system inside for libexpat packaging
       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
            #441  Address compiler warnings
            #443  Version info bumped from 7:12:6 to 8:0:7
                    due to addition of error code XML_ERROR_NO_BUFFER
                    (see https://verbump.de/ for what these numbers do)

        Infrastructure:
       #435 #446  Replace Travis CI by GitHub Actions

        Special thanks to:
            Alexander Richardson
            Oleksandr Popovych
            Thomas Beutlich
            Tim Bray
                 and
            Clang LeakSan, Clang 11 UBSan and the Clang team

Release 2.2.10 Sat October 3 2020
        Bug fixes:
  #390 #395 #398  Fix undefined behavior during parsing caused by
                    pointer arithmetic with NULL pointers
       #404 #405  Fix reading uninitialized variable during parsing
            #406  xmlwf: Add missing check for malloc NULL return

        Other changes:
            #396  Windows: Drop support for Visual Studio <=8.0/2005
            #409  Windows: Add missing file "Changes" to the installer
                    to fix compilation with CMake from installed sources
            #403  xmlwf: Document exit codes in xmlwf manpage and
                    exit with code 3 (rather than code 1) for output errors
                    when used with "-d DIRECTORY"
       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
       #383 #392  Autotools: Use -Werror while configure tests the compiler
                    for supported compile flags to avoid false positives
  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
                    e.g. ensure that they have the last word over flags added
                    while running ./configure
            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Detect and deny unsupported build combinations
                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
                    of -DEXPAT_BUILD_DOCS=OFF
  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
       #407 #408  CMake: Keep expat target name constant at "expat"
                    (i.e. refrain from using the target name to control
                    build artifact filenames)
            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
                    Windows
                  CMake: Expose man page compilation as target "xmlwf-manpage"
       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
                    to control generation of pkg-config file "expat.pc"
            #424  CMake: Add minimalistic support for building binary packages
                    with CMake target "package"; based on CPack
            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
                    default OFF to build fuzzer code against OSS-Fuzz and
                    related environment variable LIB_FUZZING_ENGINE
            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
    #354 #355 ..
       #356 #412  Address compiler warnings
       #368 #369  Address pngcheck warnings with doc/*.png images
            #425  Version info bumped from 7:11:6 to 7:12:6

        Special thanks to:
            asavah
            Ben Wagner
            Bhargava Shastry
            Frank Landgraf
            Jeffrey Walton
            Joe Orton
            Kleber Tarcísio
            Ma Lin
            Maciej Sroczy#ski
            Mohammed Khajapasha
            Vadim Zeitlin
                 and
            Cppcheck 2.0 and the Cppcheck team

Release 2.2.9 Wed September 25 2019
        Other changes:
                  examples: Drop executable bits from elements.c
            #349  Windows: Change the name of the Windows DLLs from expat*.dll
                    to libexpat*.dll once more (regression from 2.2.8, first
                    fixed in 1.95.3, issue #61 on SourceForge today,
                    was issue #432456 back then); needs a fix due
                    case-insensitive file systems on Windows and the fact that
                    Perl's XML::Parser::Expat compiles into Expat.dll.
            #347  Windows: Only define _CRT_RAND_S if not defined
                  Version info bumped from 7:10:6 to 7:11:6

        Special thanks to:
            Ben Wagner
2022-02-23 15:21:34 +00:00
uwe fd08dc3b6c libXi: Fixup libmansuffix in manual pages.
The manpages use unadorned libmansuffix instead of __libmansuffix__ or
@libmansuffix@ that the standard transformations handle.

Add ad-hoc s/// command for it.  It has "3" hardcoded because there's
no easy way to look up that mapping, but then that very same "3" is
hardcoded in the file names anyway.
2022-02-23 00:06:49 +00:00
uwe 688bac70ae libXi: Bring back manual pages. 2022-02-22 22:49:39 +00:00
uwe 739fa5515a libXxf86vm: Add missing XF86VidModeAddModeLine.3 mlink. 2022-02-22 15:42:09 +00:00
uwe 23312573e7 libXv: add missing man pages added in libXv-1.0.5
While here, split MAN and MLINKS into individual += assignments and
sort them.
2022-02-22 00:05:13 +00:00
uwe 66a03ef37b libXext: Fix MLINKS for XShape.3
XShapeQueryExtension.3 and XShapeQueryVersion.3 are not conjoined twins.
While here split XShape.3 links into separate MLINKS += src dst assignments
and sort them.
2022-02-21 02:13:47 +00:00
uwe b771e5de66 xsetwallpaper: Drop unused -lXpm.
This looks like a commit accident.  Ok mrg@.
2022-02-11 01:36:02 +00:00
martin 96e5fedbf4 Add back NOMAN for now to fix the build 2022-02-09 11:16:45 +00:00
mrg c9e8875407 fix the build of xsetwallpaper. 2022-02-09 07:30:35 +00:00
macallan 6175f9c248 don't blindly enable memory and IO access on macppc 2022-01-14 19:44:04 +00:00
mrg 9048226cab updates for xkeyboard-config 2.34. 2022-01-09 13:54:16 +00:00
christos f05ee516d7 Grr: need NOLINT=yes for the Makefiles that include Makefile.xf86-driver
early, and MKLINT:=no for the ones that include it late. Should fix that.
2021-12-15 16:27:10 +00:00
christos 101aeb8757 Lint2 is broken, so disable lint for now. 2021-12-15 15:45:26 +00:00
christos 3558a17058 Add -D__GNUC__ for all drivers. 2021-12-15 15:27:30 +00:00
christos 50808a0d18 Add -D__GNUC__ for lint 2021-12-15 15:24:11 +00:00
christos 34e4091dc9 Another instance of transparent struct/union 2021-12-14 21:37:06 +00:00
christos c28ae283cd Disable lint and explain why. 2021-12-13 20:53:22 +00:00
nia 788cddb534 PR misc/56541 ctwm complains about TitleFocus line in system.ctwmrc
TitleFocus is the default so it's likely safe to remove, it being
kept here was only left over from us previously having NoTitleFocus.
2021-12-09 07:33:24 +00:00
abs 9a317b44dd Add Xwsfb X server to pmax build
With the previous tweak to TURBOchannel framebuffers in sys/dev/tc this
should allows pmax to once again run X11.

TODO: Investigate pullup to -9
2021-12-06 17:51:59 +00:00
nia 725a88feb4 xorg-server: Enable wscons-based autoconfiguration.
This gets us features like automatic configuration of touchscreens,
and X's default keyboard layout matching the console's.
2021-12-05 22:59:32 +00:00
nia aac498ae10 xorg: sprinkle a little bit of USE_FORT around 2021-11-16 09:25:51 +00:00
nia 8b8c4023f4 mk: Add support for conditional compilation of parts of the tree with
partial RELRO when MKRELRO=full is set.

Currently the X server needs to be compiled with only partial RELRO
due to the way certain (but not all - it seems wsfb works with full
RELRO) graphics driver modules are loaded.
2021-11-01 10:05:18 +00:00
maya 172f2889fd Remove unused xf86-video-modesetting.
In newer xorg-server, it is integrated into the server
No users of old xorg-server use modesetting.

It requires drm drivers, but also, the sole possible user of old
xorg-server that could be handled by this Makefile is netwinder,
but it has a different ${MACHINE} and so seems like it never built the
driver.
2021-08-28 08:56:10 +00:00
mrg 417c57ddb5 don't install glu_mangle.h 2021-08-24 03:10:11 +00:00
mrg 86bd65c654 updates for xeyes 1.2.0. 2021-08-23 22:14:31 +00:00
tsutsui 192663a169 Fix link erorrs on ancient monolithic Xservers after DRI3 was enabled.
https://mail-index.netbsd.org/source-changes/2021/08/19/msg131652.html
> fix dri3 extension building and build it.
>
> needed for amdgpu.

XXX: I wonder if each Xorg server extension can be enabled/disabled
     per ${MACHINE} basis rather than in MI include/dix-config.h header.
2021-08-21 15:57:00 +00:00
mrg 21a95dabdc fix dri3 extension building and build it.
needed for amdgpu.
2021-08-19 11:03:04 +00:00
mrg e92fa7ec4e install amdgpu.ids. 2021-08-19 09:05:22 +00:00
mrg 4e8e245764 link in glamor and gbm. 2021-08-19 04:34:57 +00:00
maya 2c7aea0851 Fix glamor - don't use stub functions
${LDADD.gbm} seems to be empty - use -lgbm directly (couldn't find a better
fix)
2021-08-11 23:02:39 +00:00
andvar 7991f5a7b8 Fix all remaining typos, mainly in comments but also in few definitions and log messages, reported by me in PR kern/54889.
Also fixed some additional typos in comments, found on review of same files or typos.
2021-07-24 21:31:31 +00:00
mrg b0a0815669 find libgbm in libgbm.old. 2021-07-14 06:34:33 +00:00
mrg ba02891dc9 move the i18n modules into libX11 directly.
fixes at least alacritty, and saves memory too.
2021-07-13 05:53:12 +00:00
mrg c35012e8f1 also look for libgbm in ${OLD_SUFFIX}. 2021-07-13 05:22:27 +00:00