summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* present: Send a PresentConfigureNotify event for destroyed windowsserver-21.1-branchAdam Jackson2023-04-243-4/+19
| | | | | | | | | | | | | This enables fixing a deadlock case on the client side, where the client ends up blocked waiting for a Present event that will never come because the window was destroyed. The new PresentWindowDestroyed flag allows the client to avoid blocking indefinitely. Signed-off-by: Adam Jackson <ajax@redhat.com> See-also: https://gitlab.freedesktop.org/mesa/mesa/-/issues/116 See-also: https://gitlab.freedesktop.org/mesa/mesa/-/issues/6685 Reviewed-by: Michel Dänzer <mdaenzer@redhat.com> (cherry picked from commit 462b06033e66a32308d940eb5fc47f5e4c914dc0)
* xserver 21.1.8xorg-server-21.1.8Olivier Fourdan2023-03-292-4/+4
| | | | Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
* composite: Fix use-after-free of the COWOlivier Fourdan2023-03-291-0/+5
| | | | | | | | | | | | | | | | | | ZDI-CAN-19866/CVE-2023-1393 If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Adam Jackson <ajax@redhat.com> (cherry picked from commit 26ef545b3502f61ca722a7a3373507e88ef64110)
* xkbUtils: use existing symbol names instead of deleted deprecated onesBenno Schulenberg2023-03-291-2/+2
| | | | | | Symbols `XK_Cyrillic_DZHE` and `XK_Serbian_DZE` were pure synonyms. (cherry picked from commit 6153c71cfb4698f1a416266564ecc748e4a25f2c)
* xserver 21.1.7xorg-server-21.1.7Peter Hutterer2023-02-072-4/+4
| | | | Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* Xi: fix potential use-after-free in DeepCopyPointerClassesPeter Hutterer2023-02-071-1/+3
| | | | | | | | | | CVE-2023-0494, ZDI-CAN-19596 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 0ba6d8c37071131a49790243cdac55392ecf71ec)
* dix: Use CopyPartialInternalEvent in EnqueueEventMike Gorse2023-02-071-1/+1
| | | | | | | | The event might be a DeviceEvent allocated on the stack, in AccessXKeyboardEvent for instance. Fixes out-of-bounds read. Signed-off-by: Mike Gorse <mgorse@suse.com> (cherry picked from commit 2ef5ef57bd37a8bec2ac454053b283c6f87c3b40)
* darwin: Implement DetermineClientCmd for macOSJeremy Huddleston Sequoia2023-01-261-1/+109
| | | | | | | | | | Withoug a proper implementation of DetermineClientCmd, clients that connect via an ssh tunnel are miscategorized as local. This results in failures when we try to use SCM_RIGHTS (eg: in MIT-SHM). Fixes: https://github.com/XQuartz/XQuartz/issues/314 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 0ea9b595891f2f31915538192961f3404d9ca699)
* os: Use LOCAL_PEERPID from sys/un.h if it is available to detemine the pid ↵Jeremy Huddleston Sequoia2023-01-262-0/+19
| | | | | | | | | | | when falling back on getpeereids() This provides a way to determine the pid of a peer connection on systems like darwin that do not support getpeerucred() nor SO_PEERCRED. Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 8a4ab2287398773a4868c220662d93bf84ec6241)
* os: Update GetLocalClientCreds to prefer getpeerucred() or SO_PEERCRED over ↵Jeremy Huddleston Sequoia2023-01-261-14/+14
| | | | | | | | | | | | | | | | | getpeereid() GetLocalClientCreds() was preferring getpeereid() above other implementations. getpeereid(), however, only returns the effective uid and gid of the peer, leaving the pid unset. When this happens, we are unable to use the pid to determine the peer's command line arguments and incorrectly treat ssh-tunneled traffic as local. To address this, we now prioritize getpeerucred() or SO_PEERCRED as those two implementations will return the pid in addition to uid and gid. Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 165d5c1260edcb998c5cf31d3969723c7452aa7f)
* os: Update AllocNewConnection() debug logging to include whether or not the ↵Jeremy Huddleston Sequoia2023-01-261-2/+2
| | | | | | | client is local Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 2577291f010e07173d0fc8b310ac355928f8ed7d)
* Revert "meson: Don't build COMPOSITE for XQuartz"Jeremy Huddleston Sequoia2023-01-173-14/+4
| | | | | | | | | This will allow us to remove build-time conditionalization on COMPOSITE while still allowing XQuartz to disable it and use ROOTLESS. This reverts commit 5f2d652377995c0c0c3cf07463b5018450661d13 (cherry picked from commit 66e7b7349dffda6fef51ed029fdc91b787ca4c08)
* xquartz: Disable COMPOSITE at runtimeJeremy Huddleston Sequoia2023-01-171-0/+9
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 2567388a2957cef526df1b7efb2684aa74feb641)
* xquartz: Update the about box copyright to 2023Jeremy Huddleston Sequoia2023-01-171-2/+2
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 15077090d371a2679d274c5d129a3102762d18ec)
* xquartz: Fix building with autoconfJeremy Huddleston Sequoia2023-01-141-1/+1
| | | | | Regressed-in: 5d302c378d9d21b34db2434425b766ac4f05de89 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
* dix: Fix overzealous caching of ResourceClientBits()Olivier Fourdan2023-01-111-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Commit c7311654 cached the value of ResourceClientBits(), but that value depends on the `MaxClients` value set either from the command line or from the configuration file. For the latter, a call to ResourceClientBits() is issued before the configuration file is read, meaning that the cached value is from the default, not from the maximum number of clients set in the configuration file. That obviously causes all sort of issues, including memory corruption and crashes of the Xserver when reaching the default limit value. To avoid that issue, also keep the LimitClient value, and recompute the ilog2() value if that changes, as on startup when the value is set from the the xorg.conf ServerFlags section. v2: Drop the `cache == 0` test Rename cache vars Fixes: c7311654 - dix: cache ResourceClientBits() value Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1310 Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Adam Jackson <ajax@redhat.com> (cherry picked from commit 2efa6d659508346358a1ef27b2393e18843f66a3)
* rootless: Add additional debug logging to help triage XQuartz ↵Jeremy Huddleston Sequoia2022-12-211-3/+41
| | | | | | | fb/rootless/damage crashes Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 07ed1a623a4b36cdb741a322008ba53d913dc765)
* xquartz: Use xorg_backtrace() instead of rolling our own for debuggingJeremy Huddleston Sequoia2022-12-211-20/+6
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit d1a9a50792110683ae3f993eeeffeee79cf9cbce)
* xquartz: Ignore SIGPIPE at process launchJeremy Huddleston Sequoia2022-12-211-0/+3
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 9a66690eaf67c19b90e07f39b16436d34b59e27a)
* xserver 21.1.6xorg-server-21.1.6Olivier Fourdan2022-12-192-4/+4
| | | | Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
* Xext: fix invalid event type mask in XTestSwapFakeInputPeter Hutterer2022-12-191-1/+1
| | | | | | | | | | | | | In commit b320ca0 the mask was inadvertently changed from octal 0177 to hexadecimal 0x177. Fixes commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 Xtest: disallow GenericEvents in XTestSwapFakeInput Found by Stuart Cassoff Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit bb1711b7fba42f2a0c7d1c09beee241a1b2bcc30)
* xkb: fix some possible memleaks in XkbGetKbdByNamePeter Hutterer2022-12-141-6/+20
| | | | | | | | GetComponentByName returns an allocated string, so let's free that if we fail somewhere. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 18f91b950e22c2a342a4fbc55e9ddf7534a707d2)
* xkb: proof GetCountedString against request length attacksPeter Hutterer2022-12-141-0/+5
| | | | | | | | | | GetCountedString did a check for the whole string to be within the request buffer but not for the initial 2 bytes that contain the length field. A swapped client could send a malformed request to trigger a swaps() on those bytes, writing into random memory. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 11beef0b7f1ed290348e45618e5fa0d2bffcb72e)
* xquartz: Fix some formattingJeremy Huddleston Sequoia2022-12-141-39/+23
| | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
* XQuartz: stub: Call LSOpenApplication instead of fork()/exec()John D Pell2022-12-141-33/+20
| | | | Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
* xserver 21.1.5xorg-server-21.1.5Peter Hutterer2022-12-142-4/+4
| | | | Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* xkb: reset the radio_groups pointer to NULL after freeing itPeter Hutterer2022-12-141-0/+1
| | | | | | | | | | | | | | | Unlike other elements of the keymap, this pointer was freed but not reset. On a subsequent XkbGetKbdByName request, the server may access already freed memory. CVE-2022-4283, ZDI-CAN-19530 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit ccdd431cd8f1cabae9d744f0514b6533c438908c)
* Xi: avoid integer truncation in length check of ProcXIChangePropertyPeter Hutterer2022-12-142-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes an OOB read and the resulting information disclosure. Length calculation for the request was clipped to a 32-bit integer. With the correct stuff->num_items value the expected request size was truncated, passing the REQUEST_FIXED_SIZE check. The server then proceeded with reading at least stuff->num_items bytes (depending on stuff->format) from the request and stuffing whatever it finds into the property. In the process it would also allocate at least stuff->num_items bytes, i.e. 4GB. The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty, so let's fix that too. CVE-2022-46344, ZDI-CAN 19405 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit 8f454b793e1f13c99872c15f0eed1d7f3b823fe8)
* Xi: return an error from XI property changes if verification failedPeter Hutterer2022-12-141-0/+5
| | | | | | | | | Both ProcXChangeDeviceProperty and ProcXIChangeProperty checked the property for validity but didn't actually return the potential error. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit b8a84cb0f2807b07ab70ca9915fcdee21301b8ca)
* Xext: free the screen saver resource when replacing itPeter Hutterer2022-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a use-after-free bug: When a client first calls ScreenSaverSetAttributes(), a struct ScreenSaverAttrRec is allocated and added to the client's resources. When the same client calls ScreenSaverSetAttributes() again, a new struct ScreenSaverAttrRec is allocated, replacing the old struct. The old struct was freed but not removed from the clients resources. Later, when the client is destroyed the resource system invokes ScreenSaverFreeAttr and attempts to clean up the already freed struct. Fix this by letting the resource system free the old attrs instead. CVE-2022-46343, ZDI-CAN 19404 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit 842ca3ccef100ce010d1d8f5f6d6cc1915055900)
* Xext: free the XvRTVideoNotify when turning off from the same clientPeter Hutterer2022-12-141-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a use-after-free bug: When a client first calls XvdiSelectVideoNotify() on a drawable with a TRUE onoff argument, a struct XvVideoNotifyRec is allocated. This struct is added twice to the resources: - as the drawable's XvRTVideoNotifyList. This happens only once per drawable, subsequent calls append to this list. - as the client's XvRTVideoNotify. This happens for every client. The struct keeps the ClientPtr around once it has been added for a client. The idea, presumably, is that if the client disconnects we can remove all structs from the drawable's list that match the client (by resetting the ClientPtr to NULL), but if the drawable is destroyed we can remove and free the whole list. However, if the same client then calls XvdiSelectVideoNotify() on the same drawable with a FALSE onoff argument, only the ClientPtr on the existing struct was set to NULL. The struct itself remained in the client's resources. If the drawable is now destroyed, the resource system invokes XvdiDestroyVideoNotifyList which frees the whole list for this drawable - including our struct. This function however does not free the resource for the client since our ClientPtr is NULL. Later, when the client is destroyed and the resource system invokes XvdiDestroyVideoNotify, we unconditionally set the ClientPtr to NULL. On a struct that has been freed previously. This is generally frowned upon. Fix this by calling FreeResource() on the second call instead of merely setting the ClientPtr to NULL. This removes the struct from the client resources (but not from the list), ensuring that it won't be accessed again when the client quits. Note that the assignment tpn->client = NULL; is superfluous since the XvdiDestroyVideoNotify function will do this anyway. But it's left for clarity and to match a similar invocation in XvdiSelectPortNotify. CVE-2022-46342, ZDI-CAN 19400 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit b79f32b57cc0c1186b2899bce7cf89f7b325161b)
* Xi: disallow passive grabs with a detail > 255Peter Hutterer2022-12-141-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | The XKB protocol effectively prevents us from ever using keycodes above 255. For buttons it's theoretically possible but realistically too niche to worry about. For all other passive grabs, the detail must be zero anyway. This fixes an OOB write: ProcXIPassiveUngrabDevice() calls DeletePassiveGrabFromList with a temporary grab struct which contains tempGrab->detail.exact = stuff->detail. For matching existing grabs, DeleteDetailFromMask is called with the stuff->detail value. This function creates a new mask with the one bit representing stuff->detail cleared. However, the array size for the new mask is 8 * sizeof(CARD32) bits, thus any detail above 255 results in an OOB array write. CVE-2022-46341, ZDI-CAN 19381 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit 51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b)
* Xtest: disallow GenericEvents in XTestSwapFakeInputPeter Hutterer2022-12-141-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | XTestSwapFakeInput assumes all events in this request are sizeof(xEvent) and iterates through these in 32-byte increments. However, a GenericEvent may be of arbitrary length longer than 32 bytes, so any GenericEvent in this list would result in subsequent events to be misparsed. Additional, the swapped event is written into a stack-allocated struct xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes, swapping the event may thus smash the stack like an avocado on toast. Catch this case early and return BadValue for any GenericEvent. Which is what would happen in unswapped setups anyway since XTest doesn't support GenericEvent. CVE-2022-46340, ZDI-CAN 19265 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63)
* meson: Don't build COMPOSITE for XQuartzJeremy Huddleston Sequoia2022-11-272-3/+12
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 9c0373366988cc0b909ba31e61c43cc46e054b40)
* xquartz: Move default applications list outside of the main executableJeremy Huddleston Sequoia2022-11-246-7/+34
| | | | | | | | This will allow side-wide customization. Fixes: https://github.com/XQuartz/XQuartz/issues/274 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit e654de80ed560c480efc072d876808b1d78da052)
* xquartz: Remove unused macro (X11LIBDIR)Jeremy Huddleston Sequoia2022-11-242-4/+1
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 3dbd809c0e2d8da4191dd4a3fd4abdd14be0d838)
* xserver 21.1.4xorg-server-21.1.4Povilas Kanapickas2022-07-122-4/+4
|
* xkb: add request length validation for XkbSetGeometryPeter Hutterer2022-07-121-5/+38
| | | | | | | | | | | | | | | | | No validation of the various fields on that report were done, so a malicious client could send a short request that claims it had N sections, or rows, or keys, and the server would process the request for N sections, running out of bounds of the actual request data. Fix this by adding size checks to ensure our data is valid. ZDI-CAN 16062, CVE-2022-2319. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 6907b6ea2b4ce949cb07271f5b678d5966d9df42)
* xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheckPeter Hutterer2022-07-121-21/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | XKB often uses a FooCheck and Foo function pair, the former is supposed to check all values in the request and error out on BadLength, BadValue, etc. The latter is then called once we're confident the values are good (they may still fail on an individual device, but that's a different topic). In the case of XkbSetDeviceInfo, those functions were incorrectly named, with XkbSetDeviceInfo ending up as the checker function and XkbSetDeviceInfoCheck as the setter function. As a result, the setter function was called before the checker function, accessing request data and modifying device state before we ensured that the data is valid. In particular, the setter function relied on values being already byte-swapped. This in turn could lead to potential OOB memory access. Fix this by correctly naming the functions and moving the length checks over to the checker function. These were added in 87c64fc5b0 to the wrong function, probably due to the incorrect naming. Fixes ZDI-CAN 16070, CVE-2022-2320. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Introduced in c06e27b2f6fd9f7b9f827623a48876a225264132 Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit dd8caf39e9e15d8f302e54045dd08d8ebf1025dc)
* xkb: switch to array index loops to moving pointersPeter Hutterer2022-07-121-10/+10
| | | | | | | | | | | Most similar loops here use a pointer that advances with each loop iteration, let's do the same here for consistency. No functional changes. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Olivier Fourdan <ofourdan@redhat.com> (cherry picked from commit f1070c01d616c5f21f939d5ebc533738779451ac)
* xquartz: Add missing files to distribution tarballJeremy Huddleston Sequoia2022-07-041-1/+2
| | | | | Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1346 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
* XQuartz: Improve type safety for X11Controller's application menu editorJeremy Huddleston Sequoia2022-07-021-20/+20
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 4cfdc5af31ae8282903d0f65cff858330b9f9d1a)
* xquartz: Fix a possible crash when editing the Application menu due to ↵Jeremy Huddleston Sequoia2022-07-021-2/+5
| | | | | | | | | | | | | | | | | | mutaing immutable arrays Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object Application Specific Backtrace 0: 0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48 2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194 3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0 4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119 5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169 Fixes: https://github.com/XQuartz/XQuartz/issues/267 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit dfd057996b26420309c324ec844a5ba6dd07eda3)
* xquartz: Use correct defines when building to support Sparkle updatesJeremy Huddleston Sequoia2022-07-012-5/+10
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit aa636b97c66343b25e508b9c73d8505e8c11b1d9)
* xfree86: Fix event data alignment in inputtest driverPovilas Kanapickas2022-07-011-12/+21
| | | | | | | | | This fixes address sanitizer errors when running unit tests. The additional copying may reduce performance by a small amount, but we don't care about that because this driver is used for testing only. Signed-off-by: Povilas Kanapickas <povilas@radix.lt> (cherry picked from commit 7d2014e7d523e10623203582b9f573303750f087)
* dix: Don't send touch end to clients that do async grab without touchesPovilas Kanapickas2022-07-011-9/+6
| | | | | | | | | | | | | | | | | | GTK3 menu widget creates a selection for touch and other events and after receiving touch events creates an async grab that excludes touch events. Unfortunately it relies on X server not sending the touch end event in order to function properly. Sending touch end event will cause it to think that the initiating touch ended and when it actually ends, the ButtonRelease event will make it think that the menu should be closed. As a result, the menu will be open only for the duration of the touch making it useless. This commit reverts f682e0563f736ed2c2c612ed575e05b6e3db945e. Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1255 Signed-off-by: Povilas Kanapickas <povilas@radix.lt> (cherry picked from commit 43e934a19f644cddedae73602e86429c9dc5074a)
* dix: Correctly save replayed event into GrabInfoRecPovilas Kanapickas2022-07-013-3/+18
| | | | | | | | | | | | | | | | | | | | When processing events we operate on InternalEvent pointers. They may actually refer to a an instance of DeviceEvent, GestureEvent or any other event that comprises the InternalEvent union. This works well in practice because we always look into event type before doing anything, except in the case of copying the event. *dst_event = *src_event would copy whole InternalEvent event and would cause out of bounds read in case the pointed to event was not InternalEvent but e.g. DeviceEvent. This regression has been introduced in 23a8b62d34344575f9df9d057fb74bfefa94a77b. Fixes https://gitlab.freedesktop.org/xorg/xserver/-/issues/1261 Signed-off-by: Povilas Kanapickas <povilas@radix.lt> (cherry picked from commit 6ef5c05728f8b18170fbc8415d7502495a08670b)
* xkb: fix XkbSetMap when changing a keysym without changing a keytypeSamuel Thibault2022-07-011-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the comment says: "symsPerKey/mapWidths must be filled regardless of client-side flags" so we always have to call CheckKeyTypes which will notably fill mapWidths and nTypes. That is needed for CheckKeySyms to work since it checks the width. Without it, any request with XkbKeySymsMask but not XkbKeyTypesMask will fail because of the missing width information, for instance this: XkbDescPtr xkb; if (!(xkb = XkbGetMap (dpy, XkbKeyTypesMask|XkbKeySymsMask, XkbUseCoreKbd))) { fprintf (stderr, "ERROR getting map\n"); exit(1); } XFlush (dpy); XSync (dpy, False); XkbMapChangesRec changes = { .changed = 0 }; int oneGroupType[XkbNumKbdGroups] = { XkbOneLevelIndex }; if (XkbChangeTypesOfKey(xkb, keycode, 1, XkbGroup1Mask, oneGroupType, &changes)) { fprintf(stderr, "ERROR changing type of key\n"); exit(1); } XkbKeySymEntry(xkb,keycode,0,0) = keysym; if (!XkbChangeMap(dpy,xkb,&changes)) { fprintf(stderr, "ERROR changing map\n"); exit(1); } XkbFreeKeyboard (xkb, 0, TRUE); XFlush (dpy); XSync (dpy, False); This had being going under the radar since about ever until commit de940e06f8733d87bbb857aef85d830053442cfe ("xkb: fix key type index check in _XkbSetMapChecks") fixed checking the values of kt_index, which was previously erroneously ignoring errors and ignoring all other checks, just because nTypes was not set, precisely because CheckKeyTypes was not called. Note: yes, CheckKeyTypes is meant to be callable without XkbKeyTypesMask, it does properly check for that and just fills nTypes and mapWidths in that case. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> (cherry picked from commit 0217cc6e0cf5013366105a90f5f91ccc4bab5425)
* Revert "os: Try to discover the current seat with the XDG_SEAT var first"Povilas Kanapickas2022-07-011-1/+0
| | | | This reverts commit b27eaa72837eebe80adfe6c257a71a6b9eaf66ee.
* XQuartz: Add TCC reason keys to Info.plistJeremy Huddleston Sequoia2022-06-261-0/+25
| | | | | Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 9ce7264889e36fddbdf6bac332225ad6f628ad5d)
View Lorry Controller Status