Newer
Older
commit af9111ac7fa399a5a33fbfa145060e1850f41e0e
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Feb 7 10:30:37 2023 +1000
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
commit 9ca7d3f61a88ae6cf47fdf139b6215d745db976b
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed Jan 25 11:41:40 2023 +1000
Xi: fix potential use-after-free in DeepCopyPointerClasses
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 0ba6d8c37071131a49790243cdac55392ecf71ec)
commit 4b925d388f76764dcb02dfd1cd7276262dcd7d74
Author: Mike Gorse <mgorse@suse.com>
Date: Wed Jan 25 02:02:48 2023 +0000
dix: Use CopyPartialInternalEvent in EnqueueEvent
The event might be a DeviceEvent allocated on the stack, in
AccessXKeyboardEvent for instance. Fixes out-of-bounds read.
Signed-off-by: Mike Gorse <mgorse@suse.com>
(cherry picked from commit 2ef5ef57bd37a8bec2ac454053b283c6f87c3b40)
commit 44d6c82ac82a78d904a6d47387ac363d9699b891
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
darwin: Implement DetermineClientCmd for macOS
Withoug a proper implementation of DetermineClientCmd, clients that
connect via an ssh tunnel are miscategorized as local. This results
in failures when we try to use SCM_RIGHTS (eg: in MIT-SHM).
Fixes: https://github.com/XQuartz/XQuartz/issues/314
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 0ea9b595891f2f31915538192961f3404d9ca699)
commit 1317083fbc407dc9dbb04ba5b98187b75222a16f
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
os: Use LOCAL_PEERPID from sys/un.h if it is available to detemine the pid when falling back on getpeereids()
This provides a way to determine the pid of a peer connection on
systems like darwin that do not support getpeerucred() nor
SO_PEERCRED.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 8a4ab2287398773a4868c220662d93bf84ec6241)
commit a6c49106cef36e84eb11d64e325465250b7678be
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
os: Update GetLocalClientCreds to prefer getpeerucred() or SO_PEERCRED over getpeereid()
GetLocalClientCreds() was preferring getpeereid() above other implementations.
getpeereid(), however, only returns the effective uid and gid of the peer,
leaving the pid unset. When this happens, we are unable to use the pid to
determine the peer's command line arguments and incorrectly treat ssh-tunneled
traffic as local.
To address this, we now prioritize getpeerucred() or SO_PEERCRED as those two
implementations will return the pid in addition to uid and gid.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 165d5c1260edcb998c5cf31d3969723c7452aa7f)
commit a220f53cb81248d06fb6f044c102c6ab8bffe2d5
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
os: Update AllocNewConnection() debug logging to include whether or not the client is local
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 2577291f010e07173d0fc8b310ac355928f8ed7d)
commit 07f9689507eee11bdbc2828ac1319fbde91ad27c
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Revert "meson: Don't build COMPOSITE for XQuartz"
This will allow us to remove build-time conditionalization on COMPOSITE
while still allowing XQuartz to disable it and use ROOTLESS.
This reverts commit 5f2d652377995c0c0c3cf07463b5018450661d13
(cherry picked from commit 66e7b7349dffda6fef51ed029fdc91b787ca4c08)
commit 8ea43dd8bf8f8f2cb82a2a1f2c004ee873e7810d
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Date: Sun Nov 27 22:23:43 2022 -0800
xquartz: Disable COMPOSITE at runtime
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 2567388a2957cef526df1b7efb2684aa74feb641)
commit aa0d8d440c39beb276cd26723d822728ce394e01
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Update the about box copyright to 2023
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 15077090d371a2679d274c5d129a3102762d18ec)
commit 8feba178f8b73b983033c197c384c580a6397a41
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Date: Sat Jan 14 23:33:59 2023 -0800
xquartz: Fix building with autoconf
Regressed-in: 5d302c378d9d21b34db2434425b766ac4f05de89
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
commit c8ef9e38187e00dbaf956893f987e15e8f42f61c
Author: Olivier Fourdan <ofourdan@redhat.com>
Date: Tue Jul 12 14:44:48 2022 +0200
dix: Fix overzealous caching of ResourceClientBits()
Commit c7311654 cached the value of ResourceClientBits(), but that value
depends on the `MaxClients` value set either from the command line or
from the configuration file.
For the latter, a call to ResourceClientBits() is issued before the
configuration file is read, meaning that the cached value is from the
default, not from the maximum number of clients set in the configuration
file.
That obviously causes all sort of issues, including memory corruption
and crashes of the Xserver when reaching the default limit value.
To avoid that issue, also keep the LimitClient value, and recompute the
ilog2() value if that changes, as on startup when the value is set from
the the xorg.conf ServerFlags section.
v2: Drop the `cache == 0` test
Rename cache vars
Fixes: c7311654 - dix: cache ResourceClientBits() value
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1310
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 2efa6d659508346358a1ef27b2393e18843f66a3)
commit a0216de2367429788be4ef430026ada215106ff5
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
rootless: Add additional debug logging to help triage XQuartz fb/rootless/damage crashes
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 07ed1a623a4b36cdb741a322008ba53d913dc765)
commit 264272f3d76e4f1e50d984640c57de77aca9ba37
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Use xorg_backtrace() instead of rolling our own for debugging
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit d1a9a50792110683ae3f993eeeffeee79cf9cbce)
commit 20f380c6d93be3ef561251584163d1fe1ae2d966
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
(cherry picked from commit 9a66690eaf67c19b90e07f39b16436d34b59e27a)
commit 59b6fc88ed9f4b22397a568c2483e4c558856ffa
Author: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon Dec 19 10:46:20 2022 +0100
xserver 21.1.6
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
commit b7760d41c177983c2f2fca2ebdb8105628291720
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon Dec 19 10:06:45 2022 +1000
Xext: fix invalid event type mask in XTestSwapFakeInput
In commit b320ca0 the mask was inadvertently changed from octal 0177 to
hexadecimal 0x177.
Fixes commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63
Xtest: disallow GenericEvents in XTestSwapFakeInput
Found by Stuart Cassoff
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit bb1711b7fba42f2a0c7d1c09beee241a1b2bcc30)
commit 69ab3bcaa0f6a5adef6ec19161eb856a4744b32c
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed Jul 13 11:23:09 2022 +1000
xkb: fix some possible memleaks in XkbGetKbdByName
GetComponentByName returns an allocated string, so let's free that if we
fail somewhere.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 18f91b950e22c2a342a4fbc55e9ddf7534a707d2)
commit 5dbb2b52cfeab212b5c9b7e344692a6384efdc4c
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Jul 5 12:06:20 2022 +1000
xkb: proof GetCountedString against request length attacks
GetCountedString did a check for the whole string to be within the
request buffer but not for the initial 2 bytes that contain the length
field. A swapped client could send a malformed request to trigger a
swaps() on those bytes, writing into random memory.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 11beef0b7f1ed290348e45618e5fa0d2bffcb72e)
commit becf9d51c33a21e7700b18bb2324f466bb966de5
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
commit 61d18bed664769b1d94ea1320e27f71560a01af2
Author: John D Pell <John+git@gaelicWizard.net>
Date: Tue Jul 13 23:46:28 2021 -0700
XQuartz: stub: Call LSOpenApplication instead of fork()/exec()
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
commit f292fbfaac0c653ee49bbb24deb3add2b5da602f
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed Dec 14 11:34:41 2022 +1000
xserver 21.1.5
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
commit e860bbce4fdb169e84033529331ae2666e679de7
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon Dec 5 15:55:54 2022 +1000
xkb: reset the radio_groups pointer to NULL after freeing it
Unlike other elements of the keymap, this pointer was freed but not
reset. On a subsequent XkbGetKbdByName request, the server may access
already freed memory.
CVE-2022-4283, ZDI-CAN-19530
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit ccdd431cd8f1cabae9d744f0514b6533c438908c)
commit 8a1fa008b2f90abce6cabb27d9bc2ed76d07b678
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Nov 29 13:26:57 2022 +1000
Xi: avoid integer truncation in length check of ProcXIChangeProperty
This fixes an OOB read and the resulting information disclosure.
Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->num_items value the expected request size was
truncated, passing the REQUEST_FIXED_SIZE check.
The server then proceeded with reading at least stuff->num_items bytes
(depending on stuff->format) from the request and stuffing whatever it
finds into the property. In the process it would also allocate at least
stuff->num_items bytes, i.e. 4GB.
The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty,
so let's fix that too.
CVE-2022-46344, ZDI-CAN 19405
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 8f454b793e1f13c99872c15f0eed1d7f3b823fe8)
commit 40f431de8a76f737c68ae659fee8472583f15e49
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Nov 29 13:24:00 2022 +1000
Xi: return an error from XI property changes if verification failed
Both ProcXChangeDeviceProperty and ProcXIChangeProperty checked the
property for validity but didn't actually return the potential error.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b8a84cb0f2807b07ab70ca9915fcdee21301b8ca)
commit d6c7de9eadca980c8ce3b3b7752b67bfa95e6f31
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Nov 29 14:53:07 2022 +1000
Xext: free the screen saver resource when replacing it
This fixes a use-after-free bug:
When a client first calls ScreenSaverSetAttributes(), a struct
ScreenSaverAttrRec is allocated and added to the client's
resources.
When the same client calls ScreenSaverSetAttributes() again, a new
struct ScreenSaverAttrRec is allocated, replacing the old struct. The
old struct was freed but not removed from the clients resources.
Later, when the client is destroyed the resource system invokes
ScreenSaverFreeAttr and attempts to clean up the already freed struct.
Fix this by letting the resource system free the old attrs instead.
CVE-2022-46343, ZDI-CAN 19404
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 842ca3ccef100ce010d1d8f5f6d6cc1915055900)
commit 67927cc41f452228188bbe2aa34a9ee4a9ce0c6b
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed Nov 30 11:20:40 2022 +1000
Xext: free the XvRTVideoNotify when turning off from the same client
This fixes a use-after-free bug:
When a client first calls XvdiSelectVideoNotify() on a drawable with a
TRUE onoff argument, a struct XvVideoNotifyRec is allocated. This struct
is added twice to the resources:
- as the drawable's XvRTVideoNotifyList. This happens only once per
drawable, subsequent calls append to this list.
- as the client's XvRTVideoNotify. This happens for every client.
The struct keeps the ClientPtr around once it has been added for a
client. The idea, presumably, is that if the client disconnects we can remove
all structs from the drawable's list that match the client (by resetting
the ClientPtr to NULL), but if the drawable is destroyed we can remove
and free the whole list.
However, if the same client then calls XvdiSelectVideoNotify() on the
same drawable with a FALSE onoff argument, only the ClientPtr on the
existing struct was set to NULL. The struct itself remained in the
client's resources.
If the drawable is now destroyed, the resource system invokes
XvdiDestroyVideoNotifyList which frees the whole list for this drawable
- including our struct. This function however does not free the resource
for the client since our ClientPtr is NULL.
Later, when the client is destroyed and the resource system invokes
XvdiDestroyVideoNotify, we unconditionally set the ClientPtr to NULL. On
a struct that has been freed previously. This is generally frowned upon.
Fix this by calling FreeResource() on the second call instead of merely
setting the ClientPtr to NULL. This removes the struct from the client
resources (but not from the list), ensuring that it won't be accessed
again when the client quits.
Note that the assignment tpn->client = NULL; is superfluous since the
XvdiDestroyVideoNotify function will do this anyway. But it's left for
clarity and to match a similar invocation in XvdiSelectPortNotify.
CVE-2022-46342, ZDI-CAN 19400
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b79f32b57cc0c1186b2899bce7cf89f7b325161b)
commit a6c0d7b142e762a6b9934a23e060ea91ff5afcea
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Nov 29 13:55:32 2022 +1000
Xi: disallow passive grabs with a detail > 255
The XKB protocol effectively prevents us from ever using keycodes above
255. For buttons it's theoretically possible but realistically too niche
to worry about. For all other passive grabs, the detail must be zero
anyway.
This fixes an OOB write:
ProcXIPassiveUngrabDevice() calls DeletePassiveGrabFromList with a
temporary grab struct which contains tempGrab->detail.exact = stuff->detail.
For matching existing grabs, DeleteDetailFromMask is called with the
stuff->detail value. This function creates a new mask with the one bit
representing stuff->detail cleared.
However, the array size for the new mask is 8 * sizeof(CARD32) bits,
thus any detail above 255 results in an OOB array write.
CVE-2022-46341, ZDI-CAN 19381
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b)
commit 936d34bdff4c479ccd0405fc221ff8e4c6c7014d
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Nov 29 12:55:45 2022 +1000
Xtest: disallow GenericEvents in XTestSwapFakeInput
XTestSwapFakeInput assumes all events in this request are
sizeof(xEvent) and iterates through these in 32-byte increments.
However, a GenericEvent may be of arbitrary length longer than 32 bytes,
so any GenericEvent in this list would result in subsequent events to be
misparsed.
Additional, the swapped event is written into a stack-allocated struct
xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes,
swapping the event may thus smash the stack like an avocado on toast.
Catch this case early and return BadValue for any GenericEvent.
Which is what would happen in unswapped setups anyway since XTest
doesn't support GenericEvent.
CVE-2022-46340, ZDI-CAN 19265
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63)
commit 5f2d652377995c0c0c3cf07463b5018450661d13
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 9c0373366988cc0b909ba31e61c43cc46e054b40)
commit 3dee0aac2c0ed4538880b65ee528e4633d103592
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Move default applications list outside of the main executable
Fixes: https://github.com/XQuartz/XQuartz/issues/274
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit e654de80ed560c480efc072d876808b1d78da052)
commit 5d302c378d9d21b34db2434425b766ac4f05de89
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
(cherry picked from commit 3dbd809c0e2d8da4191dd4a3fd4abdd14be0d838)
commit 6bf62381d0a1fb54226a10f9d0e6b03aff12f3aa
Author: Povilas Kanapickas <povilas@radix.lt>
Date: Tue Jul 12 16:09:23 2022 +0300
xserver 21.1.4
commit 06b23cccb1166fcccc2f5fe7259b3ef9e1d0f32e
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Jul 5 11:11:06 2022 +1000
xkb: add request length validation for XkbSetGeometry
No validation of the various fields on that report were done, so a
malicious client could send a short request that claims it had N
sections, or rows, or keys, and the server would process the request for
N sections, running out of bounds of the actual request data.
Fix this by adding size checks to ensure our data is valid.
ZDI-CAN 16062, CVE-2022-2319.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 6907b6ea2b4ce949cb07271f5b678d5966d9df42)
commit e3a530540f2f13739b0233ec51d7a3985a7ec4be
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Jul 5 09:50:41 2022 +1000
xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck
XKB often uses a FooCheck and Foo function pair, the former is supposed
to check all values in the request and error out on BadLength,
BadValue, etc. The latter is then called once we're confident the values
are good (they may still fail on an individual device, but that's a
different topic).
In the case of XkbSetDeviceInfo, those functions were incorrectly
named, with XkbSetDeviceInfo ending up as the checker function and
XkbSetDeviceInfoCheck as the setter function. As a result, the setter
function was called before the checker function, accessing request
data and modifying device state before we ensured that the data is
valid.
In particular, the setter function relied on values being already
byte-swapped. This in turn could lead to potential OOB memory access.
Fix this by correctly naming the functions and moving the length checks
over to the checker function. These were added in 87c64fc5b0 to the
wrong function, probably due to the incorrect naming.
Fixes ZDI-CAN 16070, CVE-2022-2320.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Introduced in c06e27b2f6fd9f7b9f827623a48876a225264132
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit dd8caf39e9e15d8f302e54045dd08d8ebf1025dc)
commit e75840565775dc95b848b366aeed44066a9d8a28
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue Jul 5 12:40:47 2022 +1000
xkb: switch to array index loops to moving pointers
Most similar loops here use a pointer that advances with each loop
iteration, let's do the same here for consistency.
No functional changes.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit f1070c01d616c5f21f939d5ebc533738779451ac)
commit f3d9c6ff12b5a8a1a9f316b096d5573060747ff9
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Add missing files to distribution tarball
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1346
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
commit 147c17fc786c268ec51dc0f0655e69f6493f7ef2
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
XQuartz: Improve type safety for X11Controller's application menu editor
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 4cfdc5af31ae8282903d0f65cff858330b9f9d1a)
commit 9e2fc7e2484be7c577ee5baf3765734beef9adc2
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Fix a possible crash when editing the Application menu due to mutaing immutable arrays
Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object
Application Specific Backtrace 0:
0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242
1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48
2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194
3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0
4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119
5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169
Fixes: https://github.com/XQuartz/XQuartz/issues/267
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit dfd057996b26420309c324ec844a5ba6dd07eda3)
commit 86ace20398a6c559e89213622538134b72e448b1
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Use correct defines when building to support Sparkle updates
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit aa636b97c66343b25e508b9c73d8505e8c11b1d9)
commit 855b96a85bc0711460a2542573a9a3959d1bfefa
Author: Povilas Kanapickas <povilas@radix.lt>
Date: Sun Dec 19 16:51:39 2021 +0200
xfree86: Fix event data alignment in inputtest driver
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
This fixes address sanitizer errors when running unit tests. The
additional copying may reduce performance by a small amount, but we
don't care about that because this driver is used for testing only.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit 7d2014e7d523e10623203582b9f573303750f087)
commit 9d05ee10c231edacc69b342677ae8c3cc32f97e5
Author: Povilas Kanapickas <povilas@radix.lt>
Date: Sun Jan 16 10:42:15 2022 +0200
dix: Don't send touch end to clients that do async grab without touches
GTK3 menu widget creates a selection for touch and other events and
after receiving touch events creates an async grab that excludes touch
events. Unfortunately it relies on X server not sending the touch end
event in order to function properly. Sending touch end event will cause
it to think that the initiating touch ended and when it actually ends,
the ButtonRelease event will make it think that the menu should be
closed. As a result, the menu will be open only for the duration of the
touch making it useless.
This commit reverts f682e0563f736ed2c2c612ed575e05b6e3db945e.
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1255
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit 43e934a19f644cddedae73602e86429c9dc5074a)
commit b713e717c34d539486f661c03a0f1b35b3208d21
Author: Povilas Kanapickas <povilas@radix.lt>
Date: Sun Jan 23 22:18:52 2022 +0200
dix: Correctly save replayed event into GrabInfoRec
When processing events we operate on InternalEvent pointers. They may
actually refer to a an instance of DeviceEvent, GestureEvent or any
other event that comprises the InternalEvent union. This works well in
practice because we always look into event type before doing anything,
except in the case of copying the event.
*dst_event = *src_event would copy whole InternalEvent event and would
cause out of bounds read in case the pointed to event was not
InternalEvent but e.g. DeviceEvent.
This regression has been introduced in
23a8b62d34344575f9df9d057fb74bfefa94a77b.
Fixes https://gitlab.freedesktop.org/xorg/xserver/-/issues/1261
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit 6ef5c05728f8b18170fbc8415d7502495a08670b)
commit cd3d21d8c44a35c22b7eca61a58bb5620b116102
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Wed Jan 26 00:05:55 2022 +0100
xkb: fix XkbSetMap when changing a keysym without changing a keytype
As the comment says:
"symsPerKey/mapWidths must be filled regardless of client-side flags"
so we always have to call CheckKeyTypes which will notably fill mapWidths
and nTypes. That is needed for CheckKeySyms to work since it checks the
width. Without it, any request with XkbKeySymsMask but not
XkbKeyTypesMask will fail because of the missing width information, for
instance this:
XkbDescPtr xkb;
if (!(xkb = XkbGetMap (dpy, XkbKeyTypesMask|XkbKeySymsMask, XkbUseCoreKbd))) {
fprintf (stderr, "ERROR getting map\n");
exit(1);
}
XFlush (dpy);
XSync (dpy, False);
XkbMapChangesRec changes = { .changed = 0 };
int oneGroupType[XkbNumKbdGroups] = { XkbOneLevelIndex };
if (XkbChangeTypesOfKey(xkb, keycode, 1, XkbGroup1Mask, oneGroupType, &changes)) {
fprintf(stderr, "ERROR changing type of key\n");
exit(1);
}
XkbKeySymEntry(xkb,keycode,0,0) = keysym;
if (!XkbChangeMap(dpy,xkb,&changes)) {
fprintf(stderr, "ERROR changing map\n");
exit(1);
}
XkbFreeKeyboard (xkb, 0, TRUE);
XFlush (dpy);
XSync (dpy, False);
This had being going under the radar since about ever until commit
de940e06f8733d87bbb857aef85d830053442cfe ("xkb: fix key type index check
in _XkbSetMapChecks") fixed checking the values of kt_index, which was
previously erroneously ignoring errors and ignoring all other checks, just
because nTypes was not set, precisely because CheckKeyTypes was not called.
Note: yes, CheckKeyTypes is meant to be callable without XkbKeyTypesMask, it
does properly check for that and just fills nTypes and mapWidths in that
case.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from commit 0217cc6e0cf5013366105a90f5f91ccc4bab5425)
commit f575524314e9f20a1ff639f6bd65386cdbd083f4
Author: Povilas Kanapickas <povilas@radix.lt>
Date: Thu Feb 3 20:04:52 2022 +0200
Revert "os: Try to discover the current seat with the XDG_SEAT var first"
This reverts commit b27eaa72837eebe80adfe6c257a71a6b9eaf66ee.
commit 419fbf639d8f53d39449c157a9554bd5482ed64f
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 9ce7264889e36fddbdf6bac332225ad6f628ad5d)
commit 66ac50090dd191f1b16daf338ca3b46d9147fbbd
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
XQuartz: Build the bundle trampoline when using meson
This brings the change for e1fdc856aedfcb4788011415930a0c6861df5123 into meson based builds
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit b00cf4aef881e00533f995c141c3586749cd7ca1)
commit 033d93a021e86dd5ce9b2b3a1554a72c7031a7f2
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
meson: Support building Xnest and Xorg on darwin
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit ef8101560eefd6160df6d4b57ddb65ea2328c441)
commit 433f53a1a08390a038176b7c1207512cf1dd3f44
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
tests: Fix build failure from missing micmap.c
FAILED: test/tests
clang -o test/tests test/tests.p/.._mi_miinitext.c.o test/tests.p/fixes.c.o test/tests.p/input.c.o test/tests.p/list.c.o test/tests.p/misc.c.o test/tests.p/signal-logging.c.o test/tests.p/string.c.o test/tests.p/test_xkb.c.o test/tests.p/tests-common.c.o test/tests.p/tests.c.o test/tests.p/touch.c.o test/tests.p/xfree86.c.o test/tests.p/xtest.c.o test/tests.p/hashtabletest.c.o -Wl,-dead_strip_dylibs -Wl,-headerpad_max_install_names -Wl,-undefined,error -fvisibility=hidden -O0 -g3 -gdwarf-2 -mmacosx-version-min=10.9 -Werror=unguarded-availability-new -Werror=format -Werror=objc-method-access -Werror=incompatible-pointer-types -F/Applications/Utilities/XQuartz.app/Contents/Frameworks -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.13.sdk -arch x86_64 -O0 -g3 -gdwarf-2 -mmacosx-version-min=10.9 -Werror=unguarded-availability-new -Werror=format -Werror=objc-method-access -Werror=incompatible-pointer-types -F/Applications/Utilities/XQuartz.app/Contents/Frameworks -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.13.sdk -arch x86_64 -Wl,-rpath,/opt/X11/lib mi/liblibxserver_mi.a dix/liblibxserver_dix.a composite/liblibxserver_composite.a damageext/liblibxserver_damageext.a dbe/liblibxserver_dbe.a randr/liblibxserver_randr.a miext/damage/liblibxserver_miext_damage.a render/liblibxserver_render.a present/liblibxserver_present.a Xext/liblibxserver_xext.a miext/sync/liblibxserver_miext_sync.a xfixes/liblibxserver_xfixes.a Xi/liblibxserver_xi.a xkb/liblibxserver_xkb.a record/liblibxserver_record.a os/liblibxserver_os.a os/liblibxlibc.a glx/liblibglxvnd.a hw/xfree86/common/libxorg_common.a hw/xfree86/loader/libxorg_loader.a hw/xfree86/ddc/libxorg_ddc.a hw/xfree86/xkb/libxorg_xkb.a hw/xfree86/i2c/libxorg_i2c.a hw/xfree86/modes/libxorg_modes.a hw/xfree86/os-support/libxorg_os_support.a hw/xfree86/parser/libxorg_parser.a hw/xfree86/ramdac/libxorg_ramdac.a fb/liblibxserver_fb.a Xext/liblibxserver_xext_vidmode.a dix/liblibxserver_main.a config/liblibxserver_config.a /opt/X11/lib/libpixman-1.dylib /opt/X11/lib/libxcvt.dylib /opt/X11/lib/libxkbfile.dylib /opt/X11/lib/libXfont2.dylib /opt/X11/lib/libXdmcp.dylib -lm /opt/X11/lib/libxshmfence.dylib -ldl -lpthread /opt/X11/lib/libXau.dylib /opt/X11/lib/libGL.dylib
Undefined symbols for architecture x86_64:
"_micmapScrPrivateKeyRec", referenced from:
_DGAInstallCmap in libxorg_common.a(xf86DGA.c.o)
_xf86HandleColormaps in libxorg_common.a(xf86cmap.c.o)
_CMapInstallColormap in libxorg_common.a(xf86cmap.c.o)
_CMapEnterVT in libxorg_common.a(xf86cmap.c.o)
_CMapSwitchMode in libxorg_common.a(xf86cmap.c.o)
_CMapSetDGAMode in libxorg_common.a(xf86cmap.c.o)
_CMapChangeGamma in libxorg_common.a(xf86cmap.c.o)
...
ld: symbol(s) not found for architecture x86_64
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 6645ff59069d603806d749e8af73893cf88d2c06)
commit 3868f364728ae0cc35621bbfdd36bfa2e3f09fda
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xf86-input-inputtest: Fix build on systems without SOCK_NONBLOCK
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 707f23dab8787b4154011186206dc9964e2ebc11)
commit afcaaac96767d773422512e755e5ad3691a0627c
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
../hw/xfree86/ddc/print_edid.c:511:20: error: format specifies type 'unsigned short' but the argument has type 'int' [-Werror,-Wformat]
det_mon->type - DS_VENDOR);
^~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 199b8c0853c92ce19a589186f326621477401b74)
commit 6bb98fc62ddf8b0dd90f7b0b45978a0d0425ed5a
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Update autotools-based builds of XQuartz to account for recent changes
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
commit 4ea6f661edbbd84b3f2b308675bd2aa848b53746
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Revert "meson: Bump requirement to meson-0.50.0"
This bump is causing issues with our CI. Sorry about that.
This reverts commit a6a20a7c40f86b5586286aaa614e6b64a5987d82
(cherry picked from commit 8cd0397e5b4c1f0e0add1fea67f82b811214bf3e)
commit a6a20a7c40f86b5586286aaa614e6b64a5987d82
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Date: Sun Jun 19 23:06:40 2022 -0700
meson: Provide options to set CFBundleVersion and CFBundleVersionString in XQuartz
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 4f5999826aa478ba5f138e74cfccdf3b854c8e54)
commit 37285e6252ce3afca5bc205121f83271548dfca9
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit b12f5dc62d964d0279e1fa9403259cfd8e491285)
commit 96e7b55c5d6898a6715b62d5e01581617d218997
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Update Sparkle configuration to use SUPublicEDKey
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 1d90bef30c4dfe13dd5e70fea606a02380cbcee6)
commit 6465263be8ae98283f8e99a3e95d04e786386040
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
meson: Bump requirement to meson-0.50.0
WARNING: Project specifies a minimum meson_version '>= 0.47.0' but uses features which were added in newer versions:
* 0.50.0: {'install arg in configure_file'}
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 0a27f96d1d0e474b308be982fa7069d3ae0d9892)
commit e48acd9c40c09b7c66a7bfc6650afc216ba78cca
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
XQuartz: Ensure scroll events are delivered to a single window (not both X11 and AppKit)
Fixes: https://github.com/XQuartz/XQuartz/issues/130
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 4532b696c644cb7f21e96cf76d3e6b21ccc0e309)
commit 140d9a0f75194d4079d5cd1e4ad4683c6f47683e
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Fold spaces related preferences into NSUserDefaults+XQuartzDefaults
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit f40610e0b4f2b4ae54ef6bbff756cb4a60e17e3b)
commit 03ec5b132f0b3e07f9340faaacaa2455717fd8d1
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz pbproxy: Adopt NSUserDefaults+XQuartzDefaults for preferences
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 6134c73aebc3f928639e8f802be49ec8ecc17e66)
commit 6df6178bb917f596ec2f61a3aabf99eea620b6ec
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
xquartz: Create a separate category for organizing user preferences
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 963ba6d9adf578ec8d7ed12ae22dece76b895172)
commit c6c1cba397ffa203123a8a6690dee728089e7325
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
os/connection: Improve abstraction for launchd secure sockets
This changes away from hard-coding the /tmp/launch-* path to now
supporting a generic <absolute path to unix socket>[.<screen>]
format for $DISPLAY.
cf-libxcb: d978a4f69b30b630f28d07f1003cf290284d24d8
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
CC: Adam Jackson <ajax@kemper.freedesktop.org>
(cherry picked from commit 83d0d911069d502232d719882cd1c5cd090defa1)
commit 663af2f17eec2cc064f3d1e25e00fb840c441964
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
X11Application: Ensure TIS operations are done on the main thread
Fixes: https://github.com/XQuartz/XQuartz/issues/205
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit b1afcecc61d841f95e786e4f4f84184f91d149f1)
commit bd3564cf377deace41b359740331d84e3086e916
Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
rootless: Dead code removal (ROOTLESS_REDISPLAY_DELAY is already defined)
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit c11b55f3c0c64645bca964aece825de0bdd92b1f)
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
commit 53173fdab492f0f638f6616fcf01af0b9ea6338d
Author: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu Jan 20 10:20:38 2022 +0100
render: Fix build with gcc 12
The xserver fails to compile with the latest gcc 12:
render/picture.c: In function ‘CreateSolidPicture’:
render/picture.c:874:26: error: array subscript ‘union _SourcePict[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Werror=array-bounds]
874 | pPicture->pSourcePict->type = SourcePictTypeSolidFill;
| ^~
render/picture.c:868:45: note: object of size 16 allocated by ‘malloc’
868 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictSolidFill));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function ‘CreateLinearGradientPicture’:
render/picture.c:906:26: error: array subscript ‘union _SourcePict[0]’ is partly outside array bounds of ‘unsigned char[32]’ [-Werror=array-bounds]
906 | pPicture->pSourcePict->linear.type = SourcePictTypeLinear;
| ^~
render/picture.c:899:45: note: object of size 32 allocated by ‘malloc’
899 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictLinearGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function ‘CreateConicalGradientPicture’:
render/picture.c:989:26: error: array subscript ‘union _SourcePict[0]’ is partly outside array bounds of ‘unsigned char[32]’ [-Werror=array-bounds]
989 | pPicture->pSourcePict->conical.type = SourcePictTypeConical;
| ^~
render/picture.c:982:45: note: object of size 32 allocated by ‘malloc’
982 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictConicalGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
ninja: build stopped: subcommand failed.
This is because gcc 12 has become stricter and raises a warning now.
Fix the warning/error by allocating enough memory to store the union
struct.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Michel Dänzer <mdaenzer@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1256
(cherry picked from commit c6b0dcb82d4db07a2f32c09a8c09c85a5f57248e)
commit 69774044716039fa70655b3bc6dd6a4ff4535cfd
Author: Błażej Szczygieł <spaz16@wp.pl>
Date: Thu Jan 13 00:47:27 2022 +0100
present: Check for NULL to prevent crash
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1275
Signed-off-by: Błażej Szczygieł <spaz16@wp.pl>
Tested-by: Aaron Plattner <aplattner@nvidia.com>
(cherry picked from commit 22d5818851967408bb7c903cb345b7ca8766094c)