-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELNOTES.TXT
1301 lines (883 loc) · 48 KB
/
RELNOTES.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
X Window System, Version 11
Release 6.3
Release Notes
X Consortium, Inc.
December 23, 1996
Copyright c 1996 X Consortium
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, dis-
tribute, sublicense, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, subject to the fol-
lowing conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABIL-
ITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
Except as contained in this notice, the name of the X Consortium shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization from
the X Consortium.
X Window System is a trademark of X Consortium, Inc.
1. What Is Release 6.3
This is the last X Consortium implementation of the X Window System. X
is a vendor-neutral, system-architecture neutral network-transparent
window system and user interface standard. X runs on a wide range of
computing and graphics machines. For an overview of X, see the X manual
page.
R6.3 is an update to R6.1. It is compatible with R6 and R6.1 at the
source and protocol levels in all respects, and binaries are upward-
compatible.
What about Release 6.2? Release 6.2 is a proper subset of Release 6.3
produced at the request of the OSF Common Desktop Environment program.
It was produced by the X Consortium and is being released by OSF simul-
taneously with CDE 2.1. Release 6.2 contains only the print extension
and the Xlib implementation of vertical writing and user-defined charac-
ter support.
The X Consortium was an independent, not-for-profit membership corpora-
tion formed in 1993 as the successor to the MIT X Consortium and dis-
solved at the end of 1996. Refer to the Consortium man page for addi-
tional details about the X Consortium.
See xc/INSTALL.PS (PostScript) or xc/INSTALL.TXT (plain text) for
instructions on how to build and install this software.
1.1. Overview of the X Consortium Release
The X Consortium software and documentation in Release 6.3 is in direc-
tory xc/ and contains the following:
X Consortium Standards
The X Consortium produced standards: documents which define net-
work protocols, programming interfaces, and other aspects of the X
environment. See the XStandards manual page for a list of stan-
dards.
Implementations
For most of our standards, we provide high-quality implementations
to demonstrate proof of concept and to give early adopters and ven-
dors a base to use. These are not reference implementations; the
written specifications define the standards.
Fonts
A collection of bitmap and outline fonts are included in the dis-
tribution, contributed by various individuals and companies.
Utility Libraries
A number of libraries, such as Xmu and the Athena Widget Set, are
included. These are not standards, but are used in building X Con-
sortium applications and may be useful in building other applica-
tions.
Programs
We also provide a number of application programs. A few of these
programs, such as xdm (or its equivalent), should be considered
essential in almost all environments. The rest of the applications
carry no special status; they are simply programs that have been
developed and/or maintained by X Consortium staff. In some cases,
you will find better substitutes for these programs contributed by
others.
1.2. Supported Systems
We built and tested this release on the following systems:
AIX 4.2
Digital Unix 4.0A
HP-UX 10.01
IRIX 6.2
Solaris 2.5
UNIX System V/386 Release 4.2 (Novell UnixWare) Version 2.02
We also built this release on the following and did some minimal test-
ing:
FreeBSD 2.1.6
Linux 1.2.13 (Yggdrasil) and 2.0.0 (Slackware 3.1)
SCO Open Server 5.0
SunOS 4.1.4
Windows NT 4.0
In all cases except SunOS we have used the vendor's compiler. On SunOS
we build with gcc.
1.2.1. Supported Display Devices
This release includes the necessary device-dependent support to build a
native X server for the following platforms:
XFree86: See the XF_* man pages for supported video cards
AIX: Xibm with Skyway display adapter
HP-UX: Xhp
Digital Unix: Xdec on Alpha AXP with PMAG-B frame buffer
SunOS/Solaris: Xsun -- see the Xsun man page for supported frame buffers
Ultrix[1] :Xdec
In addition to the above, the Xvfb and Xnest servers can be built on
most platforms.
Native servers are not built on IRIX or Microsoft Windows NT.
1.3. The XC Tree
The general layout under xc/ is as follows:
config/ config files, imake, makedepend, build utilities
doc/ all documentation other than per-program manual pages
fonts/ BDF, Speedo, Type1 fonts
include/ include files shared by multiple directories
lib/ all libraries
nls/ national language support files
programs/ all programs, including the X server and rgb
util/ patch, compress, other utilities
bug-report bug reporting template
registry X Registry
This file is xc/RELNOTES.*, in various formats. The documentation
source files RELNOTES.ms and INSTALL.ms are in the xc/doc/misc/ direc-
tory.
1.4. X Registry
The X Consortium maintained a registry of certain X-related items to aid
in avoiding conflicts and to aid in sharing of such items.
The registry is in the file xc/registry in the distribution. The latest
version may also be available by sending a message to xstuff@x.org. The
message can have a subject line and no body, or a single-line body and
no subject; in either case the line should look like this:
send docs registry
1.5. Extensions Supported
The core distribution includes the following extensions: BIG-REQUESTS,
DOUBLE-BUFFER, LBX, MIT-SHM, MIT-SUNDRY-NONSTANDARD, Multi-Buffering,
RECORD, SECURITY, SHAPE, SYNC, X3D-PEX, XC-APPGROUP, XC-MISC, XFree86-
VidModeExtension, XIE, XInputExtension, XKEYBOARD, XpExtension (print-
ing), XTEST, and XTestExtension1.
Not all of these extensions are standards; see the XStandards manual
page. Some of these extensions are not supported on all platforms.
1.6. Implementation Parameters
Some of the specifications define some behavior as implementation-
dependent. Implementations of X Consortium standards need to document
how those parameters are implemented; this section does so.
XFILESEARCHPATH default
This default can be set at build time by setting the imake vari-
ables XFileSearchPathDefault, XAppLoadDir, XFileSearchPathBase, and
ProjectRoot in site.def. See xc/config/cf/README for instructions
and xc/config/cf/X11.tmpl[2] for details of how these configuration
variables are used.
By default ProjectRoot is /usr/X11R6.3 and XFILESEARCHPATH has
these components:
/usr/X11R6.3/lib/X11/%L/%T/%N%C%S
/usr/X11R6.3/lib/X11/%l/%T/%N%C%S
/usr/X11R6.3/lib/X11/%T/%N%C%S
/usr/X11R6.3/lib/X11/%L/%T/%N%S
/usr/X11R6.3/lib/X11/%l/%T/%N%S
/usr/X11R6.3/lib/X11/%T/%N%S
XUSERFILESEARCHPATH default
If the environment variable XAPPLRESDIR is defined, the default
value of XUSERFILESEARCHPATH has the following components:
$XAPPLRESDIR/%L/%N%C
$XAPPLRESDIR/%l/%N%C
$XAPPLRESDIR/%N%C
$HOME/%N%C
$XAPPLRESDIR/%L/%N
$XAPPLRESDIR/%l/%N
$XAPPLRESDIR/%N
$HOME/%N
Otherwise it has these components:
$HOME/%L/%N%C
$HOME/%l/%N%C
$HOME/%N%C
$HOME/%L/%N
$HOME/%l/%N
$HOME/%N
XKEYSYMDB default
Defaults to /usr/X11R6.3/lib/X11/XKeysymDB, assuming ProjectRoot is
set to /usr/X11R6.3.
XCMSDB default
Defaults to /usr/X11R6.3/lib/X11/Xcms.txt, assuming ProjectRoot is
set to /usr/X11R6.3.
XLOCALEDIR default
Defaults to the directory /usr/X11R6.3/lib/X11/locale, assuming
ProjectRoot is set to /usr/X11R6.3. The XLOCALEDIR variable can
contain multiple colon-separated pathnames.
XErrorDB location
The Xlib error database file is /usr/X11R6.3/lib/X11/XErrorDB,
assuming ProjectRoot is set to /usr/X11R6.3.
XtErrorDB location
The Xt error database file is /usr/X11R6.3/lib/X11/XtErrorDB,
assuming ProjectRoot is set to /usr/X11R6.3.
Supported Locales
X locales supported are in locale.dir; the mapping between various
system locale names and X locale names is in locale.alias. Both
files are shipped in the xc/nls/X11/locale/ directory and installed
in the XLocaleDir directory (e.g. /usr/X11R6.3/lib/X11/locale/).
Input Methods supported
The core distribution does not include any input method servers.
However, Xlib supplies a default built-in input method that sup-
ports compose processing in 8-bit locales. Compose files are pro-
vided for Latin-1 and Latin-2. The built-in input method can sup-
port other locales, given suitable compose files. See
xc/nls/X11/locale/Compose/iso8859-* for the supported compositions.
There are input method servers available on the net.
2. What is Unchanged in Release 6.3
As this is an update release, there is a great deal of stability in the
standards, libraries, and clients. No existing standards other than the
ICE library specification have changed in a material way, though several
documents have been updated with editorial improvements. There is one
new interface added to the ICE library libICE; see below. The extension
library, libXext, is updated to include the LBX, security, and applica-
tion group extension interfaces. All previous interfaces in these and
all other libraries are unchanged.
3. What Is New in Release 6.3
This section describes changes in the X Consortium distribution since
Release 6.1.
All libraries, protocols, and servers are compatible with Release 6 and
Release 6.1. That is, R6 and R6.1 clients and applications will work
with R6.3 libraries and servers. Most R6.3 clients will work with R6.1
and R6 libraries except those that use the new interfaces in libICE,
libXext, and libXp.
The major new functionality in R6.3 is support for World Wide Web
integration, protection of data from ``untrusted'' client connections, a
bandwidth- and latency-optimized protocol for using X across the Inter-
net, a print protocol following the Xlib API, and support for vertical
text writing and user-defined characters in the Xlib implementation.
3.1. OS Support
The following platforms have a newer operating system version supported:
System R6.1 R6.3
AIX 4.1.4 4.2
Digital Unix 3.2C 4.0A
HP-UX 10.01
IRIX 5.3 6.2
Solaris 2.4 2.5
UnixWare 2.02
We also built on the following platforms, however full support is not
guaranteed:
System R6.1 R6.3
FreeBSD 2.1.0 2.1.6
Linux 1.2.13 2.0
SCO Open Server 5.0
SunOS 4.1.3 4.1.4
Windows NT 3.5 4.0
3.2. New Standards
The following are new X Consortium standards in Release 6.3. Each is
described in its own section below.
Low Bandwidth X Extension
RX: X Remote Execution MIME type
Security Extension
Application Group Extension
Print Extension
Proxy Management Protocol
3.3. Low Bandwidth X Extension
The Low Bandwidth X extension (LBX) defines several compression and
local caching techniques to improve performance on wide area networks
and also on slower-speed connections. These reduce the amount of proto-
col data transported over the network and reduce the number of client-
to-server roundtrips required for common application startup operations.
LBX was referred to as X.fast in some materials but we elected to not go
through the implementation and change all the names. To avoid any con-
fusion with an external name different from the internal name in the
implementation, we elected to drop the ``X.fast'' moniker.
LBX is implemented in two pieces; an X server extension and a proxy
application. The X server extension provides the new optimized proto-
col. The proxy application, lbxproxy, translates a normal client X pro-
tocol stream into an LBX stream. This permits any existing application
to gain the benefit of the optimized protocol with no changes. The
proxy is especially useful when multiple applications are running on the
same local area network separated from the X server by a slower network.
In this case the full benefit of the local cache is shared by each
application using the same proxy process.
The specification for LBX is in xc/doc/specs/Xext/lbx.mif (FrameMaker
interchange source) and xc/doc/hardcopy/Xext/lbx.PS.Z (compressed
PostScript).
3.4. RX: X Remote eXecution
The remote execution (RX) service specifies a MIME format for invoking
applications remotely, for example via a World Wide Web browser. This
RX format specifies a syntax for listing network services required by
the application, for example an X display server. The requesting Web
browser must identify specific instances of the services in the request
to invoke the application.
The distribution contains a helper program (xrx) and a Netscape Naviga-
tor plug-in (libxrx) that demonstrate this protocol. The plug-in
requires Navigator 3.0.
We have only been able to test the plug-in on HP-UX, IRIX, Digital Unix,
and Solaris2. Netscape Navigator binaries for other platforms are
either not available at all or were not available in time to be included
in the testing for this release.
The specification for the RX mime type is in xc/doc/specs/RX/RX.mif
(FrameMaker interchange source) and xc/doc/hardcopy/RX/RX.PS.Z
(compressed PostScript).
The following section describes the procedure to set up your environment
and try the examples provided in this distribution.
3.4.1. Preparing Your Web Server
In order to demonstrate the RX helper program and the RX Netscape plug-
in you need to have access to an HTTP server to install ``common gateway
interface'' (CGI) scripts. While CGI programs can be written in any
compiled or interpreted language, the sample CGI programs in the distri-
bution are written in perl.
If you don't currently have a web server the NCSA server is a good one
to try. Binaries for various systems are available at:
http://hoohoo.ncsa.uiuc.edu/docs/setup/PreExec.html
If you don't have perl you can get the source code from:
ftp://prep.ai.mit.edu/pub/gnu/perl-4.036.tar.gz
You need to install the HTML, RX, and CGI sample files into your
server's HTML and CGI directories. The process can be partially
automated by adding the following definitions to your site.def or
host.def file:
WebServer defines the hostname and port of your web server, for
example
#define WebServer www.myorg.org:8001
HtmlDir defines the path at which HTML and RX documents are
installed, for example
#define HtmlDir /usr/local/etc/httpd/htdocs
CgiBinDir defines the path at which CGI programs are installed, for
example
#define CgiBinDir /usr/local/etc/httpd/cgi-bin
ProxyManager defines the transport scheme, hostname, and port for CGI
programs to contact the Proxy Manager. See the proxymngr
man pages for further details. Typically the proxy
manager host will be the same as your web server, for
example:
#define ProxyManager tcp/www.myorg.org:6500
Then make the Makefiles and build the directories with the following
command sequence:
cd xc/programs/xrx/htdocs
xmkmf ../../.. programs/xrx/htdocs
make
make install
cd ../cgi-bin
xmkmf ../../.. programs/xrx/cgi-bin
make
make install
These directories are not automatically built or installed by the top
level Makefile because they install outside the ProjectRoot.
You also need to configure your web server so that files with the exten-
sion name ``rx'' are of the MIME type ``application/x-rx''. See your
HTTP server's configuration documentation for the right procedure to do
so.
3.4.2. The RX Helper Program
The helper program, xrx, may be used with any Web browser to interpret
the new RX document type.
The RX helper program is installed in <ProjectRoot>/bin (e.g.
/usr/X11R6.3/bin/). You will need to configure your web browser to use
it for RX documents by adding a line to your $HOME/.mailcap:
application/x-rx; /X11/bin/xrx %s
You may need to refer to your web browser's documentation for exact
instructions on configuring helper applications.
The helper program is activated by your browser as soon as you retrieve
any document of the MIME type application/x-rx. All you need to do is to
point your browser at the URL:
http://your.web.server/xload.rx
The application (i.e. xload) should appear on your DISPLAY as a new
top-level client. The client will be running on your web server host
and connected to your X server. If your X server supports the SECURITY
extension the client will be running as an untrusted client.
3.4.3. The RX Netscape Navigator Plug-in
The Navigator plug-in supports all the functions of xrx and in addition
uses the new XC-APPGROUP extension, if your X server provides it, to
cause the remotely launched application to be embedded within the
browser page from which it was launched.
The HTML page links to an RX document via the EMBED tag, a Netscape
extension to HTML. The RX document provides the plug-in with the list
of services the application wants to use. Based on this information,
the plug-in sets the various requested services, including creating
authorization keys, and passes the relevant data to the application
through an HTTP GET request of the associated CGI script. The Web
server then executes the CGI script to start the application.
To be able to use the RX plug-in you need Netscape Navigator 3.0.
Binaries for various systems can be found at:
http://home.netscape.com/comprod/mirror/client_download.html
To complete the installation of the Netscape plug-in, find the file
named libxrx.so.6.3 or libxrx.sl.6.3 (or similar, depending on your
platform) in <ProjectRoot>/lib (e.g. /usr/X11R6.3/lib) and copy it to
either /usr/local/lib/netscape/plugins or $HOME/.netscape/plugins. Do
not install the symlinks libxrx.so or libxrx.sl; they may confuse
Netscape.
You should remove or comment out the line you may have previously added
in your mailcap file to use the RX helper program, otherwise the plug-in
will not be enabled. (The usual comment character for mailcap is
``#''.)
If you are already running Netscape Navigator, you need to exit and res-
tart it after copying the plug-in library so the new plug-in will be
found. Once this is done you can check that Navigator has successfully
loaded the plug-in by checking the ``About Plug-ins'' page from the Help
menu. This should show something like:
RX Plug-in
File name: /usr/guest/netscape/plugins/libxrx.sl.6.3
X Remote Activation Plug-in
Mime Type Description Suffixes Enabled
application/x-rx X Remote Activation Plug-inxrxYes
The plug-in will be activated by Netscape Navigator as soon as you
retrieve any document of the MIME type application/x-rx. Several sam-
ples are included in the distribution. The most basic one is xload. All
you need to do is point your browser at the page:
http://your.web.server/xload.html
If something goes wrong check on the all the previous steps listed above
and try again. Once xload is working you can try some of the other
examples in the distribution such as bitmap.html or dtcm.html.
3.4.4. Trying Embedding With an Old X Server
The Netscape Navigator plug-in, libxrx, will work with an X server that
does not contain the application group or security extensions. The
application will be started as a separate top-level client.
If you wish to try out the embedding facilities without replacing your
desktop X server, you may use the Xnest server.
A typical Xnest session would look like the following:
% Xnest :11
% xterm -display :11
These two commands start a ``nested'' server and a terminal emulator
within that server. Your favorite window manager and Netscape Navigator
can now be executed from the nested xterm window. You may wish to first
disable access control in the nested server by running ``xhost +'' in
the nested xterm.
3.4.5. Setting Up Your Own Applications To Run Over The Web
Based on the examples provided in the distribution it should be easy to
set up your web server to run your own applications. Every application
requires 3 additional files to identify it to Web browsers:
myapp.htmlAn HTML page to present the application embedded
myapp.rx The RX document describing the application
myapp.pl The CGI script to start the application
Note that the separate ``.rx'' file could be omitted by implementing the
CGI script such that if it is invoked without a QUERY_STRING it will
return the RX content. We decided not to do so in the distributed exam-
ples for purpose of clarity.
The xload demo provides a good starting point. Simply make a copy of
each of the files xload.rx, xload.html, and xload.pl. Then look inside
them for every instance of ``xload'' and change it to whatever is
appropriate for your application.
You will not be able to run the dtcm demo unless you have dtcm (a CDE
component) installed on your web server host. This example shows how a
CGI script would look when an X Print server is requested. The script
dtcm.pl is, for that reason, slightly more complicated than other exam-
ples.
3.5. Security Extension
The SECURITY extension contains new protocol needed to provide enhanced
X server security. This extension adds to the X protocol the concepts
of ``trusted'' and ``untrusted'' clients. The trust status of a client
is determined by the authorization used at connection setup. All
clients using host-based authorization are considered ``trusted''.
Clients using other authorization protocols may be either trusted or
untrusted depending on the data included in the connection authorization
phase.
The requests in the security extension permit a trusted client to create
multiple authorization entries for a single authorization protocol.
Each entry is tagged with the trust status to be associated with any
client presenting that authorization.
When a connection identifying an ``untrusted'' client is accepted, the
client is restricted from performing certain operations that would steal
or modify data that is held by the server for trusted clients. An
untrusted client performing a disallowed operation will receive protocol
errors. Such a client may be written to catch these errors and continue
operation.
When a client is untrusted, the server will also limit the extensions
that are available to the client. Each X protocol extension is respon-
sible for defining what operations are permitted to untrusted clients;
by default, the entire extension is hidden.
The specification for the SECURITY extension is in
xc/doc/specs/Xext/security.tex (LaTeX source) and
xc/doc/hardcopy/Xext/security.PS.Z (compressed PostScript).
3.5.1. Untrusted Application Behavior
Most applications work normally when run as untrusted clients, but since
the security extension changes the semantics of certain parts of the X
protocol, it is no surprise that some clients behave differently when
untrusted. We note the following significant behavior changes,
separated into two categories: changes that we expect could disappear or
mutate if the implementation were improved in a future release, and
changes we expect are permanent, legitimate defenses against data loss
or leakage.
3.5.1.1. Behaviors That Are Implementation-Dependent
The following behaviors when running the respective applications as
untrusted are not mandated by the security design but are side effects
of limitations in the current implementation.
oclock is square because the SHAPE extension hasn't been marked secure
yet. Similarly, Xaw applications that use oval buttons will have rec-
tangular buttons instead.
Any application that depends on an extension other than XC-MISC, LBX, or
BIG-REQUESTS will have different behavior, as no other extensions are
currently marked secure. The core clients affected are xieperf and all
the xkb utilities.
emacs exits with a Window error when trying to use the QueryPointer
request on the root window when you click in a buffer.
FrameMaker, and xwd -root both exit with a Window error when trying to
use the GetWindowAttributes request on a window manager frame window.
All the remaining changes are involved in some way with window proper-
ties. Some of these behaviors can be modified with changes to the Secu-
rityPolicy file; see the Xserver man page.
Several clients exit with a Window error when trying to use the
DeleteProperty request on various properties on the root window. These
include xcmsdb -remove, xprop -root -remove, and xstdcmap -delete.
xprop exits with an Atom error when attempting to access protected pro-
perties.
The following two changes require, in addition, a ``trusted selection
intermediary'' to provide selection transfer from untrusted to trusted
clients (and vice-versa). R6.3 does not include such a trusted
intermediary.
xterm exits with an Atom error when it tries to store the property value
during a selection transfer (paste) to a trusted selection requester.
The ``copy 0 to PRIMARY'' button of xcutsel does not work.
Selection transfer from untrusted clients to trusted clients fails when
the untrusted client attempts to use SendEvent to generate the Selec-
tionNotify event for the requester. Most requesters will treat this as
a transfer timeout and continue. Xt-based applications will create an
additional Atom each time such a transfer is attempted.
3.5.1.2. Behaviors That Are Not Likely To Change
The following behaviors represent actions performed by the applications
that are disallowed by design.
editres will fail when pointed at a trusted client when it tries to read
window properties on a window owned by that client.
Xnest exits on startup with an Access error as it tries to use the
ChangeKeyboardControl request.
The new generate option to xauth fails because untrusted applications
are not allowed to create additional authorizations.
xhost cannot be used to modify the host access list.
xmag gets an unending stream of Drawable errors as it tries to use the
PolyRectangle request on the root window. If you click to select a
location to magnify, xmag gets a Drawable error as it tries to use the
GetImage request on the root window. xmag could be modified to exit
gracefully under these conditions.
netscape exits on startup with a Drawable error when trying to use the
GetImage request on the root window.
xmodmap exits with an Access error when trying to use the ChangeKey-
boardMapping request.
xset with the b, c, led, or r options exits with an Access error when
trying to use the ChangeKeyboardControl request. With the bc option, it
can't find the MIT-SUNDRY-NONSTANDARD extension and exits gracefully.
xsetroot exits with a Window error when trying to use the ChangeWin-
dowAttributes request on the root window.
3.6. Application Group Extension
The application group extension (XC-APPGROUP) provides new protocol to
implement Application Groups (``AppGroups''). The AppGroup facility
allows other clients to share the SubstructureRedirect mechanism with
the window manager. This allows another client called the ``application
group leader'', such as a web browser, to intercept a MapRequest made by
a third application and reparent its window into the web browser before
the window manager takes control. The AppGroup leader may also limit
the screens and visuals available to the applications in the group.
Users who have an XC-APPGROUP enhanced X server and an RX plug-in for
their Netscape Navigator web browser can run programs remotely over the
web and have the output appear as part of the presentation in their web
browser.
The only way for an application to become a member of an AppGroup is by
using an authorization generated using the new security extension.
Whenever an application connects to the server, the authorization that
it used to connect is tested to see if it belongs to an AppGroup. This
means that the Authorization data must be transmitted to the remote host
where the application will be run. In the case of RX, HTTP is used to
send the Authorization. Sites who have concerns about sending unen-
crypted authorization data such as MIT-MAGIC-COOKIE-1 via HTTP should
configure their web servers and web browsers to use SHTTP or SSL.
The specification for the XC-APPGROUP extension is in
xc/doc/specs/Xext/AppGroup.mif (FrameMaker interchange source) and
xc/doc/hardcopy/Xext/AppGroup.PS.Z (compressed PostScript).
3.7. Print Extension
The print extension supports output to hardcopy devices using the core X
drawing requests. The print extension adds requests for job and page
control and defines how specific printer attributes are communicated
between the server and printing clients. Printer attribute specifica-
tions are modeled after the ISO 10175 specification.
An X client that wants to produce hardcopy output will typically open a
second connection to an X print server, produce a print job, and then
close the print server connection. The print server may be the same
process as the display server (the term ``video server'' is sometimes
used) although the implementation provided in R6.3 does not completely
support video and print servers in the same binary.
The specification for the print extension is in
xc/doc/specs/XPRINT/xp_proto.mif (FrameMaker interchange source) and
xc/doc/hardcopy/XPRINT/xp_proto.PS.Z (compressed PostScript). The
library API specification is in xc/doc/specs/XPRINT/xp_library.mif
(FrameMaker interchange source) and
xc/doc/hardcopy/XPRINT/xp_library.PS.Z (compressed PostScript).
3.7.1. Running an X Print Server
The print server is simply an X server with the print extension and spe-
cial DDX implementations. The X Print Server is started like any other
X server.
Here is a sample command line for use with a typical configuration:
% Xprt :1 -ac
The options used in the example are:
:1 On a host that is running a video display server you will need
to specify a different display from the default.
-ac Disable access control, since no simple mechanism for sharing
keys is provided.
The X print server supports the following additional options:
-XpFile Points to the directory containing the print server configura-
tion files.
XPCONFIGDIREnvironment variable specifying alternative location of the
print server configuration files.
The print server, Xprt, is built only if the config option XprtServer is
YES. Four printer DDXen are provided, each with a separate config
option to control whether or not it will be included: XpRasterDDX,
XpColorPclDDX, XpMonoPclDDX, XpPostScriptDDX; see xc/config/cf/README.
XprtServer defaults to the value of BuildServer (i.e. Xprt will be built
by default on all platforms that build a full X server). XpRasterDDX
and XpMonoPclDDX default to NO. XpColorPclDDX and XpPostScriptDDX
default to YES.
The print server is configured through a directory of configuration
files that define printer model types and instances of printer models.
An example configuration tree is provided in
xc/programs/Xserver/XpConfig/. See also xc/doc/specs/Xserver/Xprt.mif
(FrameMaker interchange source) and xc/doc/hardcopy/Xserver/Xprt.PS.Z
(compressed PostScript) for further instructions on configuring Xprt.
3.7.2. Specifying The Print Server To A Client
By convention, clients locate the print server using the environment
variable XPRINTER. The syntax of XPRINTER is an augmented DISPLAY; i.e.
printerName@host:display
where ``printerName'' is one of the printer instances listed in the
print server configuration files. The use of XPRINTER and its syntax is
an application convention only; there is nothing in the supplied
libraries that uses (or parses) this environment variable.
3.8. Proxy Management Protocol
The Proxy Management Protocol is an ICE based protocol that provides a
way for application servers to easily locate proxy services such as the
LBX proxy and the X firewall proxy.
Typically, a service called a ``proxy manager'' is responsible for
resolving requests for proxy services, starting new proxies when
appropriate, and keeping track of all of the available proxy services.
The proxy manager strives to reuse existing proxy processes whenever
possible.
The Proxy Management Protocol is described in xc/doc/specs/PM/PM_spec.
3.9. Configuration
As in R6.1, the top-level Makefile is no longer over-ridden by the first
build. Instead a new file xmakefile is created. Thus is it not neces-
sary to take any additional steps to reset the builds.
The file xc/config/cf/README provides more guidance on how to write an
Imakefile, including a list of variables that may be set in an
Imakefile. This file is strongly recommended reading for Imakefile
authors.
The LaTeX text processor is supported as of R6.1. If you have LaTeX on
your system, turn on HasLatex to have the MakeLatexDoc rule use it.
Also since R6.1, with System V Release 4 (SVR4) compilers we now use the
-Xa (ANSI C with native extensions) compiler flag rather than -Xc (limit
environment to that specified in the standard). This provides access to
the full richness of the platform. Unfortunately, it also defines the
preprocessor symbol __STDC__ to 0, instead of 1 as specified by the
standard. Therefore we use "#ifdef __STDC__" in our sources rather than
"#if __STDC__". On HP-UX systems we use the -Ae compiler option instead
of -Aa, also to access the full environment offered by the platform.
As in R6.1, the imake variables InstallXdmConfig, InstallXinitConfig,
and InstallAppDefFiles suppress overwriting existing files; if the files
didn't previously exist, the files are always installed. This interpre-
tation makes bootstrapping a new system easier than in R6 and earlier
releases.
A new configuration build option, GzipFontCompression, has been added to
use gzip rather than compress for font compression. It defaults to NO.
The build creates a new directory xc/exports into which the header
files, libraries, and certain build utility binaries are symlinked.
This greatly simplifies Imakefile construction and supports multiple
development projects (such as X, Motif, and CDE) on a single system.
Imake rules and template files for building Motif and CDE were contri-
buted by the OSF CDE/Motif project and are included in R6.3.
3.10. Documentation
Additional X server internals documentation is provided in the
/xc/doc/specs/Xserver/ directory for the XC-APPGROUP and SECURITY exten-
sions. An analysis and rationale for the SECURITY extension will also
be found in that directory. Specifications for the other new standards
are in /xc/doc/specs/RX/, /xc/doc/specs/XPRINT/, and
/xc/doc/specs/Xext/.
3.11. Header Files
xc/include/Xos_r.h is a new header file to promote portable source code
using thread-safe implementations of getpwnam, getpwuid, gethostbyname,
gethostbyaddr, and getservbyname. It is not required by any X Consor-
tium standard.
3.12. X Server
The security, LBX, printing, and AppGroup extensions are all new. In
R6.3 only MIT-MAGIC-COOKIE-1 is supported in the security extension.
Parts of the security policy are configured at run-time from the file
/usr/X11R6.3/lib/X11/xserver/SecurityPolicy. Site-defined policy
strings used by xfwp and rules for property access by untrusted clients
are defined there. See the Xserver man page for full details.
3.12.1. New Device Support
Support has been added for the Sun TCX frame buffer as a dumb 8-bit
frame buffer on Solaris 2.5.