(file) Return to RELNOTES.TXT CVS log (file) (dir) Up to [XFree86 CVS] / xc

File: [XFree86 CVS] / xc / Attic / RELNOTES.TXT (download)
Revision: (vendor branch), Tue Dec 24 09:20:26 1996 UTC (18 years, 8 months ago) by dawes
Branch: X11R6
CVS Tags: xf-3_9z, xf-3_9y, xf-3_9x, xf-3_9w, xf-3_9v, xf-3_9u, xf-3_9t, xf-3_9s, xf-3_9r, xf-3_9q, xf-3_9p, xf-3_9o, xf-3_9n, xf-3_9m, xf-3_9l, xf-3_9k, xf-3_9jw, xf-3_9jv, xf-3_9ju, xf-3_9jt, xf-3_9js, xf-3_9jr, xf-3_9jq, xf-3_9jp, xf-3_9jo, xf-3_9jn, xf-3_9jm, xf-3_9jl, xf-3_9jk, xf-3_9jj, xf-3_9ji, xf-3_9jh, xf-3_9jg, xf-3_9jf, xf-3_9je, xf-3_9jd, xf-3_9jc, xf-3_9jb, xf-3_9ja, xf-3_9j-branch, xf-3_9j, xf-3_9i, xf-3_9h, xf-3_9g, xf-3_9f, xf-3_9e, xf-3_9d, xf-3_9c, xf-3_9b, xf-3_9a, xf-3_9Ng, xf-3_9Nf, xf-3_9Ne, xf-3_9Nd, xf-3_9Nc, xf-3_9Nb, xf-3_9Na, xf-3_9N, xf-3_9Ak, xf-3_9Aj, xf-3_9Ai, xf-3_9Ah, xf-3_9Ag, xf-3_9Af, xf-3_9Ae, xf-3_9Ad, xf-3_9Ac, xf-3_9Ab, xf-3_9Aa, xf-3_3g, xf-3_3f, xf-3_3e, xf-3_3d, xf-3_3c, xf-3_3b, xf-3_3a, xf-3_3_6b, xf-3_3_6a, xf-3_3_6, xf-3_3_5c, xf-3_3_5b, xf-3_3_5a, xf-3_3_5Za, xf-3_3_5Z, xf-3_3_5, xf-3_3_4d, xf-3_3_4c, xf-3_3_4b, xf-3_3_4a, xf-3_3_4Z, xf-3_3_4, xf-3_3_3b, xf-3_3_3a, xf-3_3_3_1f, xf-3_3_3_1e, xf-3_3_3_1d, xf-3_3_3_1c, xf-3_3_3_1b, xf-3_3_3_1a, xf-3_3_3_1Z, xf-3_3_3_1, xf-3_3_3Z, xf-3_3_3, xf-3_3_2j, xf-3_3_2i, xf-3_3_2h, xf-3_3_2g, xf-3_3_2f, xf-3_3_2e, xf-3_3_2d, xf-3_3_2c, xf-3_3_2b, xf-3_3_2a, xf-3_3_2_4, xf-3_3_2_3, xf-3_3_2_2, xf-3_3_2_1, xf-3_3_2Zc, xf-3_3_2Zb, xf-3_3_2Za, xf-3_3_2Z, xf-3_3_2, xf-3_3_1z, xf-3_3_1g, xf-3_3_1f, xf-3_3_1e, xf-3_3_1d, xf-3_3_1c, xf-3_3_1b, xf-3_3_1a, xf-3_3_1, xf-3_3-branch, xf-3_3, xf-3_2y, xf-3_2x, xf-3_2w, xf-3_2v, xf-3_2u, xf-3_2t, xf-3_2s, xf-3_2r, xf-3_2q, xf-3_2p, xf-3_2o, xf-3_2n, xf-3_2m, xf-3_2l, xf-3_2k, xf-3_2j, xf-3_2Zc, xf-3_2Zb, xf-3_2Za, xf-3_2Z, xf-3_2Xn, xf-3_2Xm, xf-3_2Xl, xf-3_2Xk, xf-3_2Xj, xf-3_2Xi, xf-3_2Xh, xf-3_2Xg, xf-3_2Xf, xf-3_2Xe, xf-3_2Xd, xf-3_2Xc, xf-3_2Xb, xf-3_2Xa, xf-3_2At, xf-3_2As, xf-3_2Ar, xf-3_2Aq, xf-3_2Ap, xf-3_2Ao, xf-3_2An, xf-3_2Am, xf-3_2Al, xf-3_2Ak, xf-3_2Aj, xf-3_2Ai, xf-3_2Ah, xf-3_2Ag, xf-3_2Af, xf-3_2Ae, xf-3_2Ad, xf-3_2Ac, xf-3_2Ab, xf-3_2Aa, xf-3_2A-branch, xf-3_2A, xf-39ja, xf-3331_shark, seq-4321, seq-4316, seq-4304, X11R6-3_2, X11R6-3_1, X11R6-3_0
Changes since +825 -712 lines
X11R6.3 public patch 0

		      X	Window System, Version 11
			      Release 6.3

			     Release Notes

			   X Consortium, Inc.

			   December 23,	1996

Copyright c 1996 X Consortium

Permission is hereby granted, free of charge, to any person obtaining a
copy of	this software and associated documentation files (the
"Software"), to	deal in	the Software without restriction, including
without	limitation the rights to use, copy, modify, merge, publish, dis-
tribute, sublicense, and/or sell copies	of the Software, and to	permit
persons	to whom	the Software is	furnished to do	so, subject to the fol-
lowing conditions:

The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.


Except as contained in this notice, the	name of	the X Consortium shall
not be used in advertising or otherwise	to promote the sale, use or
other dealings in this Software	without	prior written authorization from
the X Consortium.

X Window System	is a trademark of X Consortium,	Inc.

1.  What Is Release 6.3

This is	the last X Consortium implementation of	the X Window System.  X
is a vendor-neutral, system-architecture neutral network-transparent
window system and user interface standard.  X runs on a	wide range of
computing and graphics machines.  For an overview of X,	see the	X manual

R6.3 is	an update to R6.1.  It is compatible with R6 and R6.1 at the
source and protocol levels in all respects, and	binaries are upward-

What about Release 6.2?	 Release 6.2 is	a proper subset	of Release 6.3
produced at the	request	of the OSF Common Desktop Environment program.
It was produced	by the X Consortium and	is being released by OSF simul-
taneously with CDE 2.1.	 Release 6.2 contains only the print extension
and the	Xlib implementation of vertical	writing	and user-defined charac-
ter support.

The X Consortium was an	independent, not-for-profit membership corpora-
tion formed in 1993 as the successor to	the MIT	X Consortium and dis-
solved at the end of 1996.  Refer to the Consortium man	page for addi-
tional details about the X Consortium.

See xc/INSTALL.PS (PostScript) or xc/INSTALL.TXT (plain	text) for
instructions on	how to build and install this software.

1.1.  Overview of the X	Consortium Release

The X Consortium software and documentation in Release 6.3 is in direc-
tory xc/ and contains the following:

X Consortium Standards
     The X Consortium produced standards:  documents which define net-
     work protocols, programming interfaces, and other aspects of the X
     environment.  See the XStandards manual page for a	list of	stan-

     For most of our standards,	we provide high-quality	implementations
     to	demonstrate proof of concept and to give early adopters	and ven-
     dors a base to use.  These	are not	reference implementations; the
     written specifications define the standards.

     A collection of bitmap and	outline	fonts are included in the dis-
     tribution,	contributed by various individuals and companies.

Utility	Libraries
     A number of libraries, such as Xmu	and the	Athena Widget Set, are
     included.	These are not standards, but are used in building X Con-
     sortium applications and may be useful in building	other applica-

     We	also provide a number of application programs.	A few of these
     programs, such as xdm (or its equivalent),	should be considered
     essential in almost all environments.  The	rest of	the applications
     carry no special status; they are simply programs that have been
     developed and/or maintained by X Consortium staff.	 In some cases,
     you will find better substitutes for these	programs contributed by

1.2.  Supported	Systems

We built and tested this release on the	following systems:

	AIX 4.2
	Digital	Unix 4.0A
	HP-UX 10.01
	IRIX 6.2
	Solaris	2.5
	UNIX System V/386 Release 4.2 (Novell UnixWare)	Version	2.02

We also	built this release on the following and	did some minimal test-

	FreeBSD	2.1.6
	Linux 1.2.13 (Yggdrasil) and 2.0.0 (Slackware 3.1)
	SCO Open Server	5.0
	SunOS 4.1.4
	Windows	NT 4.0

In all cases except SunOS we have used the vendor's compiler.  On SunOS
we build with gcc.

1.2.1.	Supported Display Devices

This release includes the necessary device-dependent support to	build a
native X server	for the	following platforms:

	XFree86: See the XF_* man pages	for supported video cards

	AIX: Xibm with Skyway display adapter
	HP-UX: Xhp
	Digital	Unix: Xdec on Alpha AXP	with PMAG-B frame buffer
	SunOS/Solaris: Xsun -- see the Xsun man	page for supported frame buffers
	Ultrix[1] :Xdec

In addition to the above, the Xvfb and Xnest servers can be built on
most platforms.

Native servers are not built on	IRIX or	Microsoft Windows NT.

1.3.  The XC Tree

The general layout under xc/ is	as follows:

config/		    config files, imake, makedepend, build utilities
doc/		    all	documentation other than per-program manual pages
fonts/		    BDF, Speedo, Type1 fonts
include/	    include files shared by multiple directories
lib/		    all	libraries
nls/		    national language support files
programs/	    all	programs, including the	X server and rgb
util/		    patch, compress, other utilities
bug-report	    bug	reporting template
registry	    X Registry

This file is xc/RELNOTES.*, in various formats.	 The documentation
source files RELNOTES.ms and INSTALL.ms	are in the xc/doc/misc/	direc-

1.4.  X	Registry

The X Consortium maintained a registry of certain X-related items to aid
in avoiding conflicts and to aid in sharing of such items.

The registry is	in the file xc/registry	in the distribution.  The latest
version	may also be available by sending a message to xstuff@x.org.  The
message	can have a subject line	and no body, or	a single-line body and
no subject; in either case the line should look	like this:

	send docs registry

1.5.  Extensions Supported

The core distribution includes the following extensions:  BIG-REQUESTS,
VidModeExtension, XIE, XInputExtension,	XKEYBOARD, XpExtension (print-
ing), XTEST, and XTestExtension1.

Not all	of these extensions are	standards; see the XStandards manual
page.  Some of these extensions	are not	supported on all platforms.

1.6.  Implementation Parameters

Some of	the specifications define some behavior	as implementation-
dependent.  Implementations of X Consortium standards need to document
how those parameters are implemented; this section does	so.

     This default can be set at	build time by setting the imake	vari-
     ables XFileSearchPathDefault, XAppLoadDir,	XFileSearchPathBase, and
     ProjectRoot in site.def.  See xc/config/cf/README for instructions
     and xc/config/cf/X11.tmpl[2] for details of how these configuration
     variables are used.

     By	default	ProjectRoot is /usr/X11R6.3 and	XFILESEARCHPATH	has
     these components:


     If	the environment	variable XAPPLRESDIR is	defined, the default
     value of XUSERFILESEARCHPATH has the following components:


     Otherwise it has these components:


     Defaults to /usr/X11R6.3/lib/X11/XKeysymDB, assuming ProjectRoot is
     set to /usr/X11R6.3.

XCMSDB default
     Defaults to /usr/X11R6.3/lib/X11/Xcms.txt,	assuming ProjectRoot is
     set to /usr/X11R6.3.

     Defaults to the directory /usr/X11R6.3/lib/X11/locale, assuming
     ProjectRoot is set	to /usr/X11R6.3.  The XLOCALEDIR variable can
     contain multiple colon-separated pathnames.

XErrorDB location
     The Xlib error database file is /usr/X11R6.3/lib/X11/XErrorDB,
     assuming ProjectRoot is set to /usr/X11R6.3.

XtErrorDB location
     The Xt error database file	is /usr/X11R6.3/lib/X11/XtErrorDB,
     assuming ProjectRoot is set to /usr/X11R6.3.

Supported Locales
     X locales supported are in	locale.dir; the	mapping	between	various
     system locale names and X locale names is in locale.alias.	 Both
     files are shipped in the xc/nls/X11/locale/ directory and installed
     in	the XLocaleDir directory (e.g. /usr/X11R6.3/lib/X11/locale/).

Input Methods supported
     The core distribution does	not include any	input method servers.
     However, Xlib supplies a default built-in input method that sup-
     ports compose processing in 8-bit locales.	 Compose files are pro-
     vided for Latin-1 and Latin-2.  The built-in input	method can sup-
     port other	locales, given suitable	compose	files.	See
     xc/nls/X11/locale/Compose/iso8859-* for the supported compositions.

There are input	method servers available on the	net.

2.  What is Unchanged in Release 6.3

As this	is an update release, there is a great deal of stability in the
standards, libraries, and clients.  No existing	standards other	than the
ICE library specification have changed in a material way, though several
documents have been updated with editorial improvements.  There	is one
new interface added to the ICE library libICE; see below.  The extension
library, libXext, is updated to	include	the LBX, security, and applica-
tion group extension interfaces.  All previous interfaces in these and
all other libraries are	unchanged.

3.  What Is New	in Release 6.3

This section describes changes in the X	Consortium distribution	since
Release	6.1.

All libraries, protocols, and servers are compatible with Release 6 and
Release	6.1.  That is, R6 and R6.1 clients and applications will work
with R6.3 libraries and	servers.  Most R6.3 clients will work with R6.1
and R6 libraries except	those that use the new interfaces in libICE,
libXext, and libXp.

The major new functionality in R6.3 is support for World Wide Web
integration, protection	of data	from ``untrusted'' client connections, a
bandwidth- and latency-optimized protocol for using X across the Inter-
net, a print protocol following	the Xlib API, and support for vertical
text writing and user-defined characters in the	Xlib implementation.

3.1.  OS Support

The following platforms	have a newer operating system version supported:

System	       R6.1	      R6.3

AIX	       4.1.4	      4.2
Digital	Unix   3.2C	      4.0A
HP-UX	       10.01
IRIX	       5.3	      6.2
Solaris	       2.4	      2.5
UnixWare       2.02

We also	built on the following platforms, however full support is not

System	       R6.1	      R6.3

FreeBSD	       2.1.0	      2.1.6
Linux	       1.2.13	      2.0
SCO Open Server		      5.0
SunOS	       4.1.3	      4.1.4
Windows	NT     3.5	      4.0

3.2.  New Standards

The following are new X	Consortium standards in	Release	6.3.  Each is
described in its own section below.

	Low Bandwidth X	Extension
	RX: X Remote Execution MIME type
	Security Extension
	Application Group Extension
	Print Extension
	Proxy Management Protocol

3.3.  Low Bandwidth X Extension

The Low	Bandwidth X extension (LBX) defines several compression	and
local caching techniques to improve performance	on wide	area networks
and also on slower-speed connections.  These reduce the	amount of proto-
col data transported over the network and reduce the number of client-
to-server roundtrips required for common application startup operations.

LBX was	referred to as X.fast in some materials	but we elected to not go
through	the implementation and change all the names.  To avoid any con-
fusion with an external	name different from the	internal name in the
implementation,	we elected to drop the ``X.fast'' moniker.

LBX is implemented in two pieces; an X server extension	and a proxy
application.  The X server extension provides the new optimized	proto-
col.  The proxy	application, lbxproxy, translates a normal client X pro-
tocol stream into an LBX stream.  This permits any existing application
to gain	the benefit of the optimized protocol with no changes.	The
proxy is especially useful when	multiple applications are running on the
same local area	network	separated from the X server by a slower	network.
In this	case the full benefit of the local cache is shared by each
application using the same proxy process.

The specification for LBX is in	xc/doc/specs/Xext/lbx.mif (FrameMaker
interchange source) and	xc/doc/hardcopy/Xext/lbx.PS.Z (compressed

3.4.  RX: X Remote eXecution

The remote execution (RX) service specifies a MIME format for invoking
applications remotely, for example via a World Wide Web	browser.  This
RX format specifies a syntax for listing network services required by
the application, for example an	X display server.  The requesting Web
browser	must identify specific instances of the	services in the	request
to invoke the application.

The distribution contains a helper program (xrx) and a Netscape	Naviga-
tor plug-in (libxrx) that demonstrate this protocol.  The plug-in
requires Navigator 3.0.

We have	only been able to test the plug-in on HP-UX, IRIX, Digital Unix,
and Solaris2.  Netscape	Navigator binaries for other platforms are
either not available at	all or were not	available in time to be	included
in the testing for this	release.

The specification for the RX mime type is in xc/doc/specs/RX/RX.mif
(FrameMaker interchange	source)	and xc/doc/hardcopy/RX/RX.PS.Z
(compressed PostScript).

The following section describes	the procedure to set up	your environment
and try	the examples provided in this distribution.

3.4.1.	Preparing Your Web Server

In order to demonstrate	the RX helper program and the RX Netscape plug-
in you need to have access to an HTTP server to	install	``common gateway
interface'' (CGI) scripts.  While CGI programs can be written in any
compiled or interpreted	language, the sample CGI programs in the distri-
bution are written in perl.

If you don't currently have a web server the NCSA server is a good one
to try.	 Binaries for various systems are available at:


If you don't have perl you can get the source code from:

You need to install the	HTML, RX, and CGI sample files into your
server's HTML and CGI directories.  The	process	can be partially
automated by adding the	following definitions to your site.def or
host.def file:

WebServer      defines the hostname and	port of	your web server, for

	       #define WebServer www.myorg.org:8001

HtmlDir	       defines the path	at which HTML and RX documents are
	       installed, for example

	       #define HtmlDir /usr/local/etc/httpd/htdocs

CgiBinDir      defines the path	at which CGI programs are installed, for

	       #define CgiBinDir /usr/local/etc/httpd/cgi-bin

ProxyManager   defines the transport scheme, hostname, and port	for CGI
	       programs	to contact the Proxy Manager.  See the proxymngr
	       man pages for further details.  Typically the proxy
	       manager host will be the	same as	your web server, for

	       #define ProxyManager tcp/www.myorg.org:6500

Then make the Makefiles	and build the directories with the following
command	sequence:

cd xc/programs/xrx/htdocs
xmkmf ../../.. programs/xrx/htdocs
make install
cd ../cgi-bin
xmkmf ../../.. programs/xrx/cgi-bin
make install

These directories are not automatically	built or installed by the top
level Makefile because they install outside the	ProjectRoot.

You also need to configure your	web server so that files with the exten-
sion name ``rx'' are of	the MIME type ``application/x-rx''.  See your
HTTP server's configuration documentation for the right	procedure to do

3.4.2.	The RX Helper Program

The helper program, xrx, may be	used with any Web browser to interpret
the new	RX document type.

The RX helper program is installed in <ProjectRoot>/bin	(e.g.
/usr/X11R6.3/bin/).  You will need to configure	your web browser to use
it for RX documents by adding a	line to	your $HOME/.mailcap:

     application/x-rx; /X11/bin/xrx %s

You may	need to	refer to your web browser's documentation for exact
instructions on	configuring helper applications.

The helper program is activated	by your	browser	as soon	as you retrieve
any document of	the MIME type application/x-rx.	All you	need to	do is to
point your browser at the URL:

The application	(i.e. xload) should appear on your DISPLAY as a	new
top-level client.  The client will be running on your web server host
and connected to your X	server.	 If your X server supports the SECURITY
extension the client will be running as	an untrusted client.

3.4.3.	The RX Netscape	Navigator Plug-in

The Navigator plug-in supports all the functions of xrx	and in addition
uses the new XC-APPGROUP extension, if your X server provides it, to
cause the remotely launched application	to be embedded within the
browser	page from which	it was launched.

The HTML page links to an RX document via the EMBED tag, a Netscape
extension to HTML.  The	RX document provides the plug-in with the list
of services the	application wants to use.  Based on this information,
the plug-in sets the various requested services, including creating
authorization keys, and	passes the relevant data to the	application
through	an HTTP	GET request of the associated CGI script.  The Web
server then executes the CGI script to start the application.

To be able to use the RX plug-in you need Netscape Navigator 3.0.
Binaries for various systems can be found at:


To complete the	installation of	the Netscape plug-in, find the file
named libxrx.so.6.3 or libxrx.sl.6.3 (or similar, depending on your
platform) in <ProjectRoot>/lib (e.g. /usr/X11R6.3/lib) and copy	it to
either /usr/local/lib/netscape/plugins or $HOME/.netscape/plugins. Do
not install the	symlinks libxrx.so or libxrx.sl; they may confuse

You should remove or comment out the line you may have previously added
in your	mailcap	file to	use the	RX helper program, otherwise the plug-in
will not be enabled.  (The usual comment character for mailcap is

If you are already running Netscape Navigator, you need	to exit	and res-
tart it	after copying the plug-in library so the new plug-in will be
found.	Once this is done you can check	that Navigator has successfully
loaded the plug-in by checking the ``About Plug-ins'' page from	the Help
menu. This should show something like:

				   RX Plug-in

    File name: /usr/guest/netscape/plugins/libxrx.sl.6.3

    X Remote Activation	Plug-in

    Mime Type Description	   Suffixes  Enabled
    application/x-rx		   X Remote Activation Plug-inxrxYes

The plug-in will be activated by Netscape Navigator as soon as you
retrieve any document of the MIME type application/x-rx.  Several sam-
ples are included in the distribution. The most	basic one is xload. All
you need to do is point	your browser at	the page:

If something goes wrong	check on the all the previous steps listed above
and try	again.	Once xload is working you can try some of the other
examples in the	distribution such as bitmap.html or dtcm.html.

3.4.4.	Trying Embedding With an Old X Server

The Netscape Navigator plug-in,	libxrx,	will work with an X server that
does not contain the application group or security extensions.	The
application will be started as a separate top-level client.

If you wish to try out the embedding facilities	without	replacing your
desktop	X server, you may use the Xnest	server.

A typical Xnest	session	would look like	the following:

% Xnest	:11
% xterm	-display :11

These two commands start a ``nested'' server and a terminal emulator
within that server.  Your favorite window manager and Netscape Navigator
can now	be executed from the nested xterm window.  You may wish	to first
disable	access control in the nested server by running ``xhost +'' in
the nested xterm.

3.4.5.	Setting	Up Your	Own Applications To Run	Over The Web

Based on the examples provided in the distribution it should be	easy to
set up your web	server to run your own applications.  Every application
requires 3 additional files to identify	it to Web browsers:

myapp.htmlAn HTML page to present the application embedded
myapp.rx  The RX document describing the application
myapp.pl  The CGI script to start the application

Note that the separate ``.rx'' file could be omitted by	implementing the
CGI script such	that if	it is invoked without a	QUERY_STRING it	will
return the RX content.	We decided not to do so	in the distributed exam-
ples for purpose of clarity.

The xload demo provides	a good starting	point. Simply make a copy of
each of	the files xload.rx, xload.html,	and xload.pl. Then look	inside
them for every instance	of ``xload'' and change	it to whatever is
appropriate for	your application.

You will not be	able to	run the	dtcm demo unless you have dtcm (a CDE
component) installed on	your web server	host.  This example shows how a
CGI script would look when an X	Print server is	requested. The script
dtcm.pl	is, for	that reason, slightly more complicated than other exam-

3.5.  Security Extension

The SECURITY extension contains	new protocol needed to provide enhanced
X server security.  This extension adds	to the X protocol the concepts
of ``trusted'' and ``untrusted'' clients.  The trust status of a client
is determined by the authorization used	at connection setup.  All
clients	using host-based authorization are considered ``trusted''.
Clients	using other authorization protocols may	be either trusted or
untrusted depending on the data	included in the	connection authorization

The requests in	the security extension permit a	trusted	client to create
multiple authorization entries for a single authorization protocol.
Each entry is tagged with the trust status to be associated with any
client presenting that authorization.

When a connection identifying an ``untrusted'' client is accepted, the
client is restricted from performing certain operations	that would steal
or modify data that is held by the server for trusted clients.	An
untrusted client performing a disallowed operation will	receive	protocol
errors.	 Such a	client may be written to catch these errors and	continue

When a client is untrusted, the	server will also limit the extensions
that are available to the client.  Each	X protocol extension is	respon-
sible for defining what	operations are permitted to untrusted clients;
by default, the	entire extension is hidden.

The specification for the SECURITY extension is	in
xc/doc/specs/Xext/security.tex (LaTeX source) and
xc/doc/hardcopy/Xext/security.PS.Z (compressed PostScript).

3.5.1.	Untrusted Application Behavior

Most applications work normally	when run as untrusted clients, but since
the security extension changes the semantics of	certain	parts of the X
protocol, it is	no surprise that some clients behave differently when
untrusted.  We note the	following significant behavior changes,
separated into two categories: changes that we expect could disappear or
mutate if the implementation were improved in a	future release,	and
changes	we expect are permanent, legitimate defenses against data loss
or leakage.  Behaviors That Are Implementation-Dependent

The following behaviors	when running the respective applications as
untrusted are not mandated by the security design but are side effects
of limitations in the current implementation.

oclock is square because the SHAPE extension hasn't been marked	secure
yet.  Similarly, Xaw applications that use oval	buttons	will have rec-
tangular buttons instead.

Any application	that depends on	an extension other than	XC-MISC, LBX, or
BIG-REQUESTS will have different behavior, as no other extensions are
currently marked secure.  The core clients affected are	xieperf	and all
the xkb	utilities.

emacs exits with a Window error	when trying to use the QueryPointer
request	on the root window when	you click in a buffer.

FrameMaker, and	xwd -root both exit with a Window error	when trying to
use the	GetWindowAttributes request on a window	manager	frame window.

All the	remaining changes are involved in some way with	window proper-
ties.  Some of these behaviors can be modified with changes to the Secu-
rityPolicy file; see the Xserver man page.

Several	clients	exit with a Window error when trying to	use the
DeleteProperty request on various properties on	the root window.  These
include	xcmsdb -remove,	xprop -root -remove, and xstdcmap -delete.

xprop exits with an Atom error when attempting to access protected pro-

The following two changes require, in addition,	a ``trusted selection
intermediary'' to provide selection transfer from untrusted to trusted
clients	(and vice-versa).  R6.3	does not include such a	trusted

xterm exits with an Atom error when it tries to	store the property value
during a selection transfer (paste) to a trusted selection requester.

The ``copy 0 to	PRIMARY'' button of xcutsel does not work.

Selection transfer from	untrusted clients to trusted clients fails when
the untrusted client attempts to use SendEvent to generate the Selec-
tionNotify event for the requester.  Most requesters will treat	this as
a transfer timeout and continue.  Xt-based applications	will create an
additional Atom	each time such a transfer is attempted.  Behaviors That Are Not Likely	To Change

The following behaviors	represent actions performed by the applications
that are disallowed by design.

editres	will fail when pointed at a trusted client when	it tries to read
window properties on a window owned by that client.

Xnest exits on startup with an Access error as it tries	to use the
ChangeKeyboardControl request.

The new	generate option	to xauth fails because untrusted applications
are not	allowed	to create additional authorizations.

xhost cannot be	used to	modify the host	access list.

xmag gets an unending stream of	Drawable errors	as it tries to use the
PolyRectangle request on the root window.  If you click	to select a
location to magnify, xmag gets a Drawable error	as it tries to use the
GetImage request on the	root window.  xmag could be modified to	exit
gracefully under these conditions.

netscape exits on startup with a Drawable error	when trying to use the
GetImage request on the	root window.

xmodmap	exits with an Access error when	trying to use the ChangeKey-
boardMapping request.

xset with the b, c, led, or r options exits with an Access error when
trying to use the ChangeKeyboardControl	request.  With the bc option, it
can't find the MIT-SUNDRY-NONSTANDARD extension	and exits gracefully.

xsetroot exits with a Window error when	trying to use the ChangeWin-
dowAttributes request on the root window.

3.6.  Application Group	Extension

The application	group extension	(XC-APPGROUP) provides new protocol to
implement Application Groups (``AppGroups'').  The AppGroup facility
allows other clients to	share the SubstructureRedirect mechanism with
the window manager.  This allows another client	called the ``application
group leader'',	such as	a web browser, to intercept a MapRequest made by
a third	application and	reparent its window into the web browser before
the window manager takes control.  The AppGroup	leader may also	limit
the screens and	visuals	available to the applications in the group.

Users who have an XC-APPGROUP enhanced X server	and an RX plug-in for
their Netscape Navigator web browser can run programs remotely over the
web and	have the output	appear as part of the presentation in their web

The only way for an application	to become a member of an AppGroup is by
using an authorization generated using the new security	extension.
Whenever an application	connects to the	server,	the authorization that
it used	to connect is tested to	see if it belongs to an	AppGroup. This
means that the Authorization data must be transmitted to the remote host
where the application will be run. In the case of RX, HTTP is used to
send the Authorization.	 Sites who have	concerns about sending unen-
crypted	authorization data such	as MIT-MAGIC-COOKIE-1 via HTTP should
configure their	web servers and	web browsers to	use SHTTP or SSL.

The specification for the XC-APPGROUP extension	is in
xc/doc/specs/Xext/AppGroup.mif (FrameMaker interchange source) and
xc/doc/hardcopy/Xext/AppGroup.PS.Z (compressed PostScript).

3.7.  Print Extension

The print extension supports output to hardcopy	devices	using the core X
drawing	requests.  The print extension adds requests for job and page
control	and defines how	specific printer attributes are	communicated
between	the server and printing	clients.  Printer attribute specifica-
tions are modeled after	the ISO	10175 specification.

An X client that wants to produce hardcopy output will typically open a
second connection to an	X print	server,	produce	a print	job, and then
close the print	server connection.  The	print server may be the	same
process	as the display server (the term	``video	server'' is sometimes
used) although the implementation provided in R6.3 does	not completely
support	video and print	servers	in the same binary.

The specification for the print	extension is in
xc/doc/specs/XPRINT/xp_proto.mif (FrameMaker interchange source) and
xc/doc/hardcopy/XPRINT/xp_proto.PS.Z (compressed PostScript).  The
library	API specification is in	xc/doc/specs/XPRINT/xp_library.mif
(FrameMaker interchange	source)	and
xc/doc/hardcopy/XPRINT/xp_library.PS.Z (compressed PostScript).

3.7.1.	Running	an X Print Server

The print server is simply an X	server with the	print extension	and spe-
cial DDX implementations.  The X Print Server is started like any other
X server.

Here is	a sample command line for use with a typical configuration:

% Xprt :1 -ac

The options used in the	example	are:

:1	  On a host that is running a video display server you will need
	  to specify a different display from the default.

-ac	  Disable access control, since	no simple mechanism for	sharing
	  keys is provided.

The X print server supports the	following additional options:

-XpFile	  Points to the	directory containing the print server configura-
	  tion files.

XPCONFIGDIREnvironment variable	specifying alternative location	of the
	  print	server configuration files.

The print server, Xprt,	is built only if the config option XprtServer is
YES.  Four printer DDXen are provided, each with a separate config
option to control whether or not it will be included: XpRasterDDX,
XpColorPclDDX, XpMonoPclDDX, XpPostScriptDDX; see xc/config/cf/README.
XprtServer defaults to the value of BuildServer	(i.e. Xprt will	be built
by default on all platforms that build a full X	server).  XpRasterDDX
and XpMonoPclDDX default to NO.	 XpColorPclDDX and XpPostScriptDDX
default	to YES.

The print server is configured through a directory of configuration
files that define printer model	types and instances of printer models.
An example configuration tree is provided in
xc/programs/Xserver/XpConfig/.	See also xc/doc/specs/Xserver/Xprt.mif
(FrameMaker interchange	source)	and xc/doc/hardcopy/Xserver/Xprt.PS.Z
(compressed PostScript)	for further instructions on configuring	Xprt.

3.7.2.	Specifying The Print Server To A Client

By convention, clients locate the print	server using the environment
variable XPRINTER.  The	syntax of XPRINTER is an augmented DISPLAY; i.e.


where ``printerName'' is one of	the printer instances listed in	the
print server configuration files.  The use of XPRINTER and its syntax is
an application convention only;	there is nothing in the	supplied
libraries that uses (or	parses)	this environment variable.

3.8.  Proxy Management Protocol

The Proxy Management Protocol is an ICE	based protocol that provides a
way for	application servers to easily locate proxy services such as the
LBX proxy and the X firewall proxy.

Typically, a service called a ``proxy manager''	is responsible for
resolving requests for proxy services, starting	new proxies when
appropriate, and keeping track of all of the available proxy services.
The proxy manager strives to reuse existing proxy processes whenever

The Proxy Management Protocol is described in xc/doc/specs/PM/PM_spec.

3.9.  Configuration

As in R6.1, the	top-level Makefile is no longer	over-ridden by the first
build.	Instead	a new file xmakefile is	created.  Thus is it not neces-
sary to	take any additional steps to reset the builds.

The file xc/config/cf/README provides more guidance on how to write an
Imakefile, including a list of variables that may be set in an
Imakefile.  This file is strongly recommended reading for Imakefile

The LaTeX text processor is supported as of R6.1.  If you have LaTeX on
your system, turn on HasLatex to have the MakeLatexDoc rule use	it.

Also since R6.1, with System V Release 4 (SVR4)	compilers we now use the
-Xa (ANSI C with native	extensions) compiler flag rather than -Xc (limit
environment to that specified in the standard).	 This provides access to
the full richness of the platform.  Unfortunately, it also defines the
preprocessor symbol __STDC__ to	0, instead of 1	as specified by	the
standard.  Therefore we	use "#ifdef __STDC__" in our sources rather than
"#if __STDC__".	 On HP-UX systems we use the -Ae compiler option instead
of -Aa,	also to	access the full	environment offered by the platform.

As in R6.1, the	imake variables	InstallXdmConfig, InstallXinitConfig,
and InstallAppDefFiles suppress	overwriting existing files; if the files
didn't previously exist, the files are always installed.  This interpre-
tation makes bootstrapping a new system	easier than in R6 and earlier

A new configuration build option, GzipFontCompression, has been	added to
use gzip rather	than compress for font compression.  It	defaults to NO.

The build creates a new	directory xc/exports into which	the header
files, libraries, and certain build utility binaries are symlinked.
This greatly simplifies	Imakefile construction and supports multiple
development projects (such as X, Motif,	and CDE) on a single system.

Imake rules and	template files for building Motif and CDE were contri-
buted by the OSF CDE/Motif project and are included in R6.3.

3.10.  Documentation

Additional X server internals documentation is provided	in the
/xc/doc/specs/Xserver/ directory for the XC-APPGROUP and SECURITY exten-
sions.	An analysis and	rationale for the SECURITY extension will also
be found in that directory.  Specifications for	the other new standards
are in /xc/doc/specs/RX/, /xc/doc/specs/XPRINT/, and

3.11.  Header Files

xc/include/Xos_r.h is a	new header file	to promote portable source code
using thread-safe implementations of getpwnam, getpwuid, gethostbyname,
gethostbyaddr, and getservbyname.  It is not required by any X Consor-
tium standard.

3.12.  X Server

The security, LBX, printing, and AppGroup extensions are all new.  In
R6.3 only MIT-MAGIC-COOKIE-1 is	supported in the security extension.
Parts of the security policy are configured at run-time	from the file
/usr/X11R6.3/lib/X11/xserver/SecurityPolicy.  Site-defined policy
strings	used by	xfwp and rules for property access by untrusted	clients
are defined there.  See	the Xserver man	page for full details.

3.12.1.	 New Device Support

Support	has been added for the Sun TCX frame buffer as a dumb 8-bit
frame buffer on	Solaris	2.5.

New XFree86 servers based on XFree86 3.2 are included.

3.12.2.	 Internal Changes

The security extension provides	new internal resource ID lookup	inter-
faces that incorporate the access control lookup.  In order to be
declared secure	and therefore be made available	to untrusted clients,
other extensions should, at a minimum, be changed to use these inter-
faces.	Depending on what the extension	does, more may need to be done
in its implementation before it	can appropriately be labeled ``secure''.

Refer to the documents xc/doc/specs/Xserver/appgroup.ms	and
xc/doc/specs/Xserver/secint.tex	for implementation details of the appli-
cation group and security extensions, respectively.

3.13.  ICE Library Addition

To support proxy managers and firewall proxies using ICE on well-known
TCP ports, an additional interface has been added to the ICE library.
This new interface, IceListenForWellKnownConnections, has equivalent
calling	parameters to IceListenForConnections plus an ICE network id

3.14.  Xlib Vertical Writing and User-Defined Characters

The Xlib output	method implementation has been enhanced	to support the
XOM value drawing direction XOMOrientation_TTB_RTL.  Vertical writing
information and	other locale specific information is read from the file
<XLocaleDir>/%L/XLC_LOCALE where the XLocaleDir	configuration option
defaults to /usr/X11R6.3/lib/X11/locale.

The X[mb|wc]TextEscapement functions now return	the text escapement in
pixels for the vertical	or horizontal direction	depending on the
XNOrientation XOCValue.

The X[mb|wc]DrawString functions will now render a character string in
the vertical or	horizontal direction depending on the XNOrientation

The Xlib NLS database implementation has been enhanced to support
extended segments used for interchanging non-standard code sets.  Sup-
port has been added for	control	sequences and encoding names used in
extended segments and conversion of glyph indexes when interchanging
data in	extended segments.

3.15.  Xt Geometry Management Debugger

Daniel Dardailler's ``GeoTattler'' code	has been merged	into the Xt
Intrinsics library implementation.  This is not	a standard.  If	libXt is
compiled with the XT_GEO_TATTLER symbol	defined	(currently there is no
build configuration support to do this)	then a ``geoTattler'' resource
may be specified for any widget	in an application.  If the geoTattler
resource for a widget instance is True then libXt will generate	debug-
ging information to stdout when	the widget makes geometry change

For example, if	the resources specify:

myapp*draw.XmScale.geoTattler: ON

then geometry management debugging information will be generated for all
the XmScale children of	the widget named draw, all the XmScrollBars, and
the widget named exit_button in	any XmRowColumn.

3.16.  New Programs

There are new core programs lbxproxy, proxymngr, xfindproxy, xfwp, Xprt,
and xrx.

lbxproxy    The	lbxproxy program is used to ``translate'' X protocol to
	    LBX	protocol.  It should be	executed on the	same host as the
	    client application or on a host connected to the client host
	    by a fast network.	lbxproxy appears to the	clients	using it
	    as another X server; that is, the clients connect through it
	    using the conventional DISPLAY syntax, specifying the proxy
	    host in place of the server.  lbxproxy can be used stand-
	    alone or in	conjunction with proxymngr and xfindproxy.  See
	    the	lbxproxy man page for further details.

proxymngr   proxymngr is a process that	runs continuously to control
	    other proxy	applications, such as lbxproxy and xfwp.  It
	    maintains a	list of	active proxy processes and responds to
	    queries from xfindproxy.  See the proxymngr	man pages for
	    further details.

xfindproxy  xfindproxy is used to locate a running proxy process for a
	    given network service, such	as lbxproxy or xfwp, or	to
	    request that a proxy be started if one is not already run-
	    ning.  xfindproxy communicates with	proxymngr to perform the
	    actual work.

xfwp	    xfwp is the	X firewall application proxy.  It is designed to
	    run	on a network firewall host and relay X protocol	between
	    applications (typically outside the	firewall) and the X
	    server (inside the firewall).  xfwp	appears	to the clients
	    using it as	another	X server; that is, clients connect
	    through it using the conventional DISPLAY syntax.  xfwp will
	    not	do anything useful without proxymngr and xfindproxy or
	    xrx.  See the xfwp man page	for further details.

Xprt	    Xprt is the	print server, built as part of the Xserver build
	    if the XprtServer config option is YES.  The print server
	    supports printing to PostScript and	PCL devices, as	well as
	    raster output to an	xwd format file	(and thence to any
	    printer that xpr supports).	 The print extension was
	    designed to	be integrated with the ``video'' server	in a
	    single process but the R6.3	implementation does not	support
	    a combined video and print server.	Details	of configuration
	    for	Xprt are in xc/doc/specs/Xserver/Xprt.mif (FrameMaker
	    interchange	source)	and xc/doc/hardcopy/Xserver/Xprt.PS.Z
	    (compressed	PostScript).

xrx, libxrx xrx	is the Web browser helper application that interprets
	    documents in the RX	MIME type to remotely launch applica-
	    tions via the Web.	Its companion libxrx is	a plug-in for
	    Netscape Navigator 3.0 that	supports in addition the capa-
	    bility to visually embed the remote	applications in	the
	    associated browser Web page	window.	 See the xrx man page
	    for	further	details.

3.16.1.	 Using The LBX Proxy

The implementation of lbxproxy provided	here will support an arbitrary
number of clients connecting to	the same X server.  A separate lbxproxy
process	is required for	each separate X	server process.	 A typical com-
mand line to invoke lbxproxy is
lbxproxy :22 -display myhost:0

This command runs a proxy with the X server ``myhost:0'' as the	target.
Clients	must connect to	the proxy using	``proxyhost:22'' as the	DISPLAY.
The .Xauthority	file for these clients must contain an entry for server
``proxyhost:22'' with the same MIT-MAGIC-COOKIE	as ``myhost:0'', or the
X server must be configured to permit connections from any host	on the

Here is	an example showing how to setup	the appropriate	.Xauthority

% lbxproxy :22 -display	myws:0
% xauth	list
myws:0	MIT-MAGIC-COOKIE-1  7fd231ccdce2
myws/unix:0  MIT-MAGIC-COOKIE-1	 7fd231ccdce2
% xauth	-f $HOME/proxyauth add proxyhost:22 .  7fd231ccdce2
xauth:	creating new authority file /usr/myself/proxyauth
% xauth	-f $HOME/proxyauth  add	proxyhost/unix:22 .  7fd231ccdce2
% setenv XAUTHORITY $HOME/proxyauth

In this	example, the authorization token for display 0 is copied into a
new file ``proxyauth'' and associated with the LBX proxy server	display
number (22).  The new authority	file may then be copied	to another host
and used as the	value of the XAUTHORITY	environment variable.

The proxymngr daemon is	usually	configured to invoke lbxproxy automati-
cally when a user or a CGI script runs xfindproxy -name	LBX.

See the	lbxproxy man page for further details.

3.17.  Major Additions to Existing Programs

The generate option of xauth is	used to	obtain additional authorization
tokens for client connections.	These authorization tokens may specify
that the client	using them is to be restricted in the operations that
may be performed in the	X server.  The authorization tokens may	be
independently revoked.	Refer to the SECURITY extension	for further
details	on authorizations.

The xauth man page gives full details on the new generate command.  Here
is an example use:

xauth -f untrusted-auth-file g :0 . timeout 0
setenv XAUTHORITY untrusted-auth-file

This will cause	xauth to contact server	``:0'' to get a	long-lasting
untrusted cookie which it then stores in untrusted-auth-file.  By set-
ting XAUTHORITY	to point to untrusted-auth-file, subsequent applications
run from this shell to server :0 will be untrusted.  The ``g'' is short
for ``generate'', and the ``.''	is short for ``MIT-MAGIC-COOKIE-1''.  If
you omit the -f	argument, xauth	will use $XAUTHORITY (or ~/.Xauthority),
which may not be what you want,	especially if you are creating an
untrusted auth.	 This is because xauth will replace the	trusted	auth in
~/.Xauthority (put there by xdm) with the untrusted one, preventing you
from making any	further	trusted	connections to the server.

The xterm terminal emulator now	supports the active icon mode that was
in X version 10	Release	4.  See	the xterm man page for further details.
There is support in the	xterm source to	build xterm without the	active
icon mode for those who	may care for some reason to not	provide	it.

3.18.  ANSIfication

As noted previously under "Configuration Files", for pragmatic reasons
we changed the way we use __STDC__ to test for standard	C compilers.
R6.1 was officially the	last release that supported traditional	K&R C.
R6.3 assumes a standard	C compiler and environment.  We	have not inten-
tionally removed any K&R C support from	old code; most of the release
will continue to build on older	platforms.

4.  Known Bugs

There are no examples in this release showing how to use the print
extension.  CDE	2.1 has	several	such applications.

lbxproxy fails to start	on SCO Open Server.

x11perf	running	through	lbxproxy will tickle a drawing bug in cfb-based
X servers that causes some lines and curves to be drawn	to the wrong
coordinates and	outside	the window boundaries.	Use the	-nogfx option to
lbxproxy as a workaround on affected servers.

If proxymngr exits abnormally all managed proxies die.

Documentation is missing on how	to use the vertical writing and	user-
defined	character support.

Documentation is sparse	on how to configure Xprt.

There are no example fonts in the release with vertical	text escapement
(``vertical writing fonts'').

5.  Filing Bug Reports

If you find a reproducible bug in software in the xc/ directory, or find
bugs in	the xc documentation, please send a bug	report to The Open Group
using the form in the file xc/bug-report and this destination address:


Please try to provide all of the information requested on the form if it
is applicable; the little extra	time you spend on the report will make
it much	easier for someone to reproduce, find, and fix the bug.

Bugs in	the contributed	software that is available on the net are not
handled	on any official	basis.	Consult	the documentation for the indi-
vidual software	to see where (if anywhere) to report the bug.  Many
authors	of contributed software	subscribe to the mailing list "contrib-
bugs" hosted at	x.org, so this might be	a useful place to report bugs.
(To subscribe to contrib-bugs yourself,	send email to contrib-bugs-

6.  Acknowledgements

Release	6.3 of X Version 11 was	brought	to you by the X	staff at the X
Consortium, Inc.:  Donna Converse (emeritus), Jim Fournier, Stephen Gil-
dea (emeritus),	Kaleb Keithley,	Matt Landau (emeritus),	Arnaud Le Hors,
Ralph Mor (emeritus), Bob Scheifler, Ralph Swick, Ray Tice, Mark Welch
(emeritus), and	Dave Wiggins (emeritus).  Kevin	Samborn	and George Tsang
(emeritus) of the CDE staff at X Consortium, Inc. worked hard on the
print extension, including the PostScript driver; David	Kaelbling of the
CDE staff converged the	X, Motif, and CDE imake/config support and
helped with Xos_r.h; and Daniel	Dardailler (emeritus) of the CDE staff
contributed the	libXt geometry tracing code.  Also, contractors	Reed
Augliere, Roger	Helmendach (Liberty Systems), and Ann Pichey each worked
on critical components.

Several	companies and individuals have cooperated and worked extremely
hard to	make this release a reality, and our thanks go out to them.  You
will find many of them listed in the acknowledgements in the individual

Ken Raeburn of XFree86 and Cygnus Support contributed the gzip font
compression support.

The Common Desktop Environment sponsors	Digital	Equipment Corp,	Fujitsu,
Hewlett-Packard, Hitachi, IBM, Novell, and SunSoft jointly contributed
the print extension and	the Xlib vertical writing and user-defined char-
acter support.	Axel Deininger,	Harry Phinney, Tom Gilg, Charles Prince,
and Jim	Miller all from	Hewlett-Packard	did the	print extension	and PCL
and raster drivers.  Fujitsu did the Xlib vertical writing and user-
defined	character support.

Powered by
ViewCVS 0.9.2