- Jul 12, 2022
-
-
No validation of the various fields on that report were done, so a malicious client could send a short request that claims it had N sections, or rows, or keys, and the server would process the request for N sections, running out of bounds of the actual request data. Fix this by adding size checks to ensure our data is valid. ZDI-CAN 16062, CVE-2022-2319. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by:Peter Hutterer <peter.hutterer@who-t.net>
-
XKB often uses a FooCheck and Foo function pair, the former is supposed to check all values in the request and error out on BadLength, BadValue, etc. The latter is then called once we're confident the values are good (they may still fail on an individual device, but that's a different topic). In the case of XkbSetDeviceInfo, those functions were incorrectly named, with XkbSetDeviceInfo ending up as the checker function and XkbSetDeviceInfoCheck as the setter function. As a result, the setter function was called before the checker function, accessing request data and modifying device state before we ensured that the data is valid. In particular, the setter function relied on values being already byte-swapped. This in turn could lead to potential OOB memory access. Fix this by correctly naming the functions and moving the length checks over to the checker function. These were added in 87c64fc5 to the wrong function, probably due to the incorrect naming. Fixes ZDI-CAN 16070, CVE-2022-2320. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Introduced in c06e27b2 Signed-off-by:
-
- Jul 08, 2022
-
-
Most similar loops here use a pointer that advances with each loop iteration, let's do the same here for consistency. No functional changes. Signed-off-by:
Olivier Fourdan <ofourdan@redhat.com>
-
Sick of fighting vim and git from trying to add this fix with every commit iteration... Signed-off-by:
-
This header merely defines the various protocol request handlers, so let's rename it to something less generic and remove its include from all the files that don't actually need it (which is almost all of them). Signed-off-by:
-
Let's move this to where all the other protocol handlers are. Signed-off-by:
-
- Jul 04, 2022
-
-
Pointer scroll events are collected in xwl_seat->pending_pointer_event as they are received in the pointer_handle_axis and pointer_handle_axis_discrete callbacks. They are dispatched together as a single event when pointer_handle_frame is called which "Indicates the end of a set of events that logically belong together" [1]. This patch also sends an event with dx=0, dy=0 when pointer_handle_axis_stop is called, which is what allows XWayland clients to recognise the end of a touchpad scroll. [1] https://wayland.app/protocols/wayland#wl_pointer:event:frame Signed-off-by:
David Jacewicz <david.jacewicz27@protonmail.com> Fixes: xorg/xserver#926 Reviewed-by:
-
- Jul 02, 2022
-
-
Jeremy Huddleston Sequoia authored
Signed-off-by:Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-
Jeremy Huddleston Sequoia authored
Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object Application Specific Backtrace 0: 0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48 2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194 3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0 4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119 5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169 Fixes: https://github.com/XQuartz/XQuartz/issues/267 Signed-off-by:
-
- Jul 01, 2022
-
-
Jeremy Huddleston Sequoia authored
Bumped in response to warning from meson: WARNING: Project specifies a minimum meson_version '>= 0.47.0' but uses features which were added in newer versions: * 0.50.0: {'install arg in configure_file'} Even though there is no warning, we need 0.52.0 for include_type (added in 8264b51e) per: https://mesonbuild.com/Reference-manual_functions.html#arguments17 -
Jeremy Huddleston Sequoia authored
Also install xkbcomp, libwayland-dev, and weston from debian since it is new enough now Signed-off-by: -
Jeremy Huddleston Sequoia authored
Signed-off-by: -
Jeremy Huddleston Sequoia authored
See discussions at xorg/lib/libx11!140 and xorg/xserver!913 Signed-off-by:
-
Jeremy Huddleston Sequoia authored
Signed-off-by: -
Jeremy Huddleston Sequoia authored
This avoids warnings from system headers when building with debian bullseye: In file included from ../dist-unpack/xserver-21.1.99.1/os/rpcauth.c:47: /usr/include/tirpc/rpc/rpc.h:83:12: error: redundant redeclaration of ‘bindresvport’ [-Werror=redundant-decls] 83 | extern int bindresvport(int, struct sockaddr_in *); | ^~~~~~~~~~~~ In file included from /usr/include/tirpc/rpc/rpc.h:40, from ../dist-unpack/xserver-21.1.99.1/os/rpcauth.c:47: /usr/include/netinet/in.h:503:12: note: previous declaration of ‘bindresvport’ was here 503 | extern int bindresvport (int __sockfd, struct sockaddr_in *__sock_in) __THROW; | ^~~~~~~~~~~~ Signed-off-by: -
Jeremy Huddleston Sequoia authored
Signed-off-by:
-
- Jun 30, 2022
-
-
Olivier Fourdan authored
Add libdecor 0.1.0 to CI. v2: Build with and without libdecor Signed-off-by:
Adam Jackson <ajax@redhat.com>
-
Olivier Fourdan authored
When running rootful, the Xwayland window is not decorated (as all Wayland surfaces), which makes it quite inconvenient to move on screen. libdecor is "a client-side decorations library for Wayland clients" which can be used precisely for adding decorations to Wayland surfaces. Add optional support for libdecor in Xwayland to gain decorations when running rootful and a new command line option "-decorate". Signed-off-by:
-
Olivier Fourdan authored
That allows to differentiate Xwayland's own surfaces from others. This is preparation work for optional libdecor support. v2: Check for surface not being NULL (Jonas Ådahl <jadahl@gmail.com>) Signed-off-by:
-
Olivier Fourdan authored
The app_id is used to identify applications (and group windows), some desktops (such as GNOME Shell) use it in their top bar. Set the XDG toplevel "app_id" to "org.freedesktop.Xwayland" and install a desktop file for Xwayland rootful. Signed-off-by:
-
Olivier Fourdan authored
So that when running rootful, the compositor can close the Xwayland window using the xdg-toplevel protocol. Signed-off-by:
-
Olivier Fourdan authored
Set a meaningful title for the xdg_surface, it's nicer when running rootful. Signed-off-by:
-
Olivier Fourdan authored
Currently, when running rootful, the toplevel root surface is created in the same function as the rest of the Wayland surfaces. Move it to its own function to improve readability - No function change. Signed-off-by:
-
Olivier Fourdan authored
Add a new command line option "-host-grab" to disable the keyboard shortcuts and confine the pointer on the host so that Xwayland can receive all keyboard events. This is useful when running a complete desktop environment within Xwayland rootful. Use [CTRL]+[SHIFT] to release the keyboard and pointer. This option is not compatible with rootless mode. Signed-off-by:
-
Olivier Fourdan authored
Xwayland tries to be smart and guess the intention of the X11 clients sometimes, like issuing a pointer lock when a client hides the pointer when confined. While this is a good thing when running rootless, this is problematic when running rootful as the pointer will be automatically locked unless the "retro" mode is used (which doesn't hide the cursor, unlike the default). Make sure we don't trigger the automatic pointer lock when the cursor is hidden when running rootful. Signed-off-by:
-
Olivier Fourdan authored
Add a new command line option "-fullscreen" to make the rootful Xwayland window appear fullscreen. This requires viewport support in the compositor and when used with "-geometry" can emulate the full range of XRandR resolutions. Signed-off-by:
-
Olivier Fourdan authored
When updating the overall screen size, Xwayland would first walk the window tree then update both the xwl_screen and screen size. As a result, if any ResizeWindow() handler tries to use the xwl_screen size, it would get the old (wrong) size instead of the new one. Make sure to update the xwl_screen size first, prior to traverse the window tree. This is preparation work for Xwayland fullscreen mode. Signed-off-by:
-
Olivier Fourdan authored
When using xrandr emulation, the emulated mode is passed as a pointer to the XRandR mode from the xwl_output associated with the X11 client. In preparation for fullscreen mode, we want to be able to reuse that code but use a separate emulated mode. Simply change the internal API to pass a reference to the emulated mode. This introduces no functional change. Signed-off-by:
-
Olivier Fourdan authored
The xdg_toplevel object was used solely when creating the window surface, and the value of the object discarded. To be able to make the surface fullscreen using the xdg_toplevel protocol, we need to have access that object, so keep it around along with the xwl_window. Signed-off-by:
-
Olivier Fourdan authored
Keep track of the output the surface enters/leaves. This is fairly basic tracking though, we do not keep a full list of outputs a surface may be covering partially, we just keep the output the surface entered last. This is sufficient as a preparation work for fullscreen though. Signed-off-by:
-
Olivier Fourdan authored
Add a convenient function to get the xwl_output from a given wl_output. Signed-off-by:
-
Olivier Fourdan authored
When running rootless as well as rootful, Xwayland gets its outputs configuration from the Wayland compositor. When running rootful, it means that we end up with a large black surface the size of all monitors combined, that's not very convenient and there is no way for set the desired size of the Xwayland window. Add a new command line option "-geometry" to force a specific mode when running rootful for the user to specify the root window size to use for Xwayland. That option has no effect when Xwayland is running rootless. v2: Not using libxcvt as the mode may not be a valid CVT mode. v3: Add a set of XRandR modes and the RR hooks to make that work. Update the man page for Xwayland. v4: Add RandR 1.0 support for older clients v5: Fix XVidMode failing with a BadMatch v6: Add a separate xwl_output specifically for fixed mode, instead of using the existing output list - that will allow for further improvements like a fullscreen mode eventually. v7: Sort the RR modes v8: Fix RandR 1.0 v9: Add physical size v10: Cleanup Signed-off-by: -
Olivier Fourdan authored
update_screen_size() takes an xwl_output argument, mostly for historical reasons, whereas it actually applies to a screen (as its name implies). Reshuffle the code to take an xwl_screen instead, in preparation for the geometry mode in Xwayland - No functional change. Signed-off-by:
-
Olivier Fourdan authored
Xwayland uses an output serial number it increments each time a new Wayland output is added. On server regeneration, that static value is not cleared, and therfore the output numbers keep increasing each time the Xserver restarts. To avoid that issue, make the output serial part of the xwl_screen, which gets recreated on server regeneration, so that index is reset to 0 automatically on server regeneration. Signed-off-by:
-
Olivier Fourdan authored
Xwayland's own SetWindowPixmap() handler would be ignored when running rootful. This is fine as long as we do not plan to resize the root window, however this is becoming problematic if we plan to resize the root window dynamically when running rootful. Just add the xwl_window_set_window_pixmap() handler regardless of rootful/rootless mode. Signed-off-by:
-
zhoulei authored
The function xwl_output_remove() is called when removing a monitor, but the actual status of the RandR output does not change. So, when RRTellChanged() is called from update_screen_size(), it won't have the output connection status up to date in the RandR event RROutputChangeNotifyEvent and X11 applications relying on that event like Qt will fail to emit their signal QGuiApplication::screenRemoved. To avoid that issue, make sure to mark the RandR output as disconnected prior to call xwl_output_remove(). Fix commit 204f10c2 ("xwayland: Call RRTellChanged if the RandR configuration may have changed") Signed-off-by:
zhoulei <zhoulei@kylinos.cn> Signed-off-by:
Morose <chenlinxiang@kylinos.cn> Acked-by:
Michel Dänzer <mdaenzer@redhat.com> Reviewed-by:
-
- Jun 27, 2022
-
-
Adam Jackson authored
If we have multiple damage rects we would sync (if we would sync) after every hostx_paint_rect. For shm images you'd rather push all the ShmPutImage requests and wait after the last one. before after Operation ------------ -------------------- ------------------------- 232000000.0 240000000.0 (1.034) Dot 41500000.0 41400000.0 (0.998) 1x1 rectangle 11400000.0 11400000.0 (1.000) 10x10 rectangle 553000.0 553000.0 (1.000) 100x100 rectangle 37300.0 38500.0 (1.032) 500x500 rectangle 831000.0 1140000.0 (1.372) PutImage 10x10 square 65200.0 134000.0 (2.055) PutImage 100x100 square 3410.0 3500.0 (1.026) PutImage 500x500 square 810000.0 1150000.0 (1.420) ShmPutImage 10x10 square 346000.0 364000.0 (1.052) ShmPutImage 100x100 square 22400.0 22800.0 (1.018) ShmPutImage 500x500 square Reviewed-by:Emma Anholt <emma@anholt.net>
-
Adam Jackson authored
Move the xcb_aux_sync into the shm path, where we do still need it to synchronize access with the host. In the non-shm path the image is copied to the host anyway so the sync just adds latency and keeps you from using all your network bandwidth. Only the non-shm-putimage path benefits from this, but the benefit is significant even on the local machine (here a 3.2GHz Core i7-8700, using XEPHYR_NO_SHM=1): before after Operation ------------ -------------------- ------------------------- 228000000.0 225000000.0 (0.987) Dot 40900000.0 41600000.0 (1.017) 1x1 rectangle 10400000.0 10700000.0 (1.029) 10x10 rectangle 477000.0 471000.0 (0.987) 100x100 rectangle 30900.0 31800.0 (1.029) 500x500 rectangle 760000.0 981000.0 (1.291) PutImage 10x10 square 14700.0 19200.0 (1.306) PutImage 100x100 square 320.0 382.0 (1.194) PutImage 500x500 square 749000.0 984000.0 (1.314) ShmPutImage 10x10 square 268000.0 304000.0 (1.134) ShmPutImage 100x100 square 16600.0 18500.0 (1.114) ShmPutImage 500x500 square Reviewed-by: -
When the pointer leaves an X11 window, and enters a Wayland native window, Xwayland has no idea about Wayland native windows and may generate the wrong crossing events to another X11 window instead. To avoid that issue, Xwayland implements its own XYToWindow() handler to compare the Wayland focused surface with the X11 window found in the window tree. Commit 59ad0e6a ("xwayland: Fix use after free of cursors") changed the logic in sprite_check_lost_focus() to use IsParent() to compare the windows, which works when the X11 window is reparented by the window manager, but fails in the case of an override redirect window. To fix the issue, also check whether last_xwindow is the window itself. Signed-off-by:
-
- Jun 26, 2022
-
-
Jeremy Huddleston Sequoia authored
Signed-off-by:
-
