Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Fixes accidentally taking the WL_POINTER_AXIS_HORIZONTAL_SCROLL case as
well after the WL_POINTER_AXIS_VERTICAL_SCROLL case, which resulted in
vertical wheel events triggering both vertical and horizontal scrolling.

Fixes: e37eeb7a ("xwayland: Aggregate scroll axis events to fix kinetic scrolling")
Closes: xorg/xserver#1367

This extension exists to serve one purpose: reliably identifying
Xwayland. Previous attempts at doing so included querying root window
properties, output names or input device names. All these attempts are
somewhat unreliable. Instead, let's use an extension - where that
extension is present we have an Xwayland server.

Clients should never need to do anything but check whether the extension
exists through XQueryExtension or search through XListExtensions.

This extension provides a single QueryVersion request only, and
that is only to provide future compatibility if we ever need anything
other than "this extension exists" functionality.

xorg/proto/xorgproto!54



Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Not that it actually matters since the typedef is int32_t anyway, but
this theoretically avoids an erroneous call to wl_fixed_to_double() on
that value.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Commit c7311654 cached the value of ResourceClientBits(), but that value
depends on the `MaxClients` value set either from the command line or
from the configuration file.

For the latter, a call to ResourceClientBits() is issued before the
configuration file is read, meaning that the cached value is from the
default, not from the maximum number of clients set in the configuration
file.

That obviously causes all sort of issues, including memory corruption
and crashes of the Xserver when reaching the default limit value.

To avoid that issue, also keep the LimitClient value, and recompute the
ilog2() value if that changes, as on startup when the value is set from
the the xorg.conf ServerFlags section.

v2: Drop the `cache == 0` test
    Rename cache vars

Fixes: c7311654 - dix: cache ResourceClientBits() value
Closes: xorg/xserver#1310


Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Commit 7cdcdfea introduced a new command line option
"-force-xrandr-emulation", however it is missing from the
ddxProcessArgument().

As a result, trying to use that command option would result in a error:

(EE) Unrecognized option: -force-xrandr-emulation

Make sure "-force-xrandr-emulation" is accounted for in Xwayland's
ddxProcessArgument().

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Fixes: 7cdcdfea - xwayland: Add -force-xrandr-emulation switch

GetCountedString did a check for the whole string to be within the
request buffer but not for the initial 2 bytes that contain the length
field. A swapped client could send a malformed request to trigger a
swaps() on those bytes, writing into random memory.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Each string length field was accessed before checking whether that byte
was actually part of the client request. No real harm here since it
would immediately fail with BadLength anyway, but let's be correct here.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

This request accessed &stuff[1] before length-checking everything. The
check was performed afterwards so invalid requests would return
BadLength anyway, but let's do this before we actually access the
memory.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

GetComponentByName returns an allocated string, so let's free that if we
fail somewhere.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Peter Hutterer authored 2 years ago and Povilas Kanapickas committed 2 years ago

No validation of the various fields on that report were done, so a
malicious client could send a short request that claims it had N
sections, or rows, or keys, and the server would process the request for
N sections, running out of bounds of the actual request data.

Fix this by adding size checks to ensure our data is valid.

ZDI-CAN 16062, CVE-2022-2319.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Peter Hutterer authored 2 years ago and Povilas Kanapickas committed 2 years ago

XKB often uses a FooCheck and Foo function pair, the former is supposed
to check all values in the request and error out on BadLength,
BadValue, etc. The latter is then called once we're confident the values
are good (they may still fail on an individual device, but that's a
different topic).

In the case of XkbSetDeviceInfo, those functions were incorrectly
named, with XkbSetDeviceInfo ending up as the checker function and
XkbSetDeviceInfoCheck as the setter function. As a result, the setter
function was called before the checker function, accessing request
data and modifying device state before we ensured that the data is
valid.

In particular, the setter function relied on values being already
byte-swapped. This in turn could lead to potential OOB memory access.

Fix this by correctly naming the functions and moving the length checks
over to the checker function. These were added in 87c64fc5 to the
wrong function, probably due to the incorrect naming.

Fixes ZDI-CAN 16070, CVE-2022-2320.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Introduced in c06e27b2

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Peter Hutterer authored 2 years ago and Olivier Fourdan committed 2 years ago

Most similar loops here use a pointer that advances with each loop
iteration, let's do the same here for consistency.

No functional changes.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Peter Hutterer authored 2 years ago and Olivier Fourdan committed 2 years ago

Sick of fighting vim and git from trying to add this fix with every
commit iteration...

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Peter Hutterer authored 2 years ago and Olivier Fourdan committed 2 years ago

This header merely defines the various protocol request handlers, so
let's rename it to something less generic and remove its include from
all the files that don't actually need it (which is almost all of them).

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Peter Hutterer authored 2 years ago and Olivier Fourdan committed 2 years ago

Let's move this to where all the other protocol handlers are.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

David Jacewicz authored 2 years ago and Olivier Fourdan committed 2 years ago

Pointer scroll events are collected in xwl_seat->pending_pointer_event
as they are received in the pointer_handle_axis and
pointer_handle_axis_discrete callbacks. They are dispatched together as a
single event when pointer_handle_frame is called which "Indicates the end of a
set of events that logically belong together" [1]. This patch also sends an
event with dx=0, dy=0 when pointer_handle_axis_stop is called, which is what
allows XWayland clients to recognise the end of a touchpad scroll.

[1] https://wayland.app/protocols/wayland#wl_pointer:event:frame



Signed-off-by: David Jacewicz <david.jacewicz27@protonmail.com>
Fixes: xorg/xserver#926


Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object

Application Specific Backtrace 0:
0   CoreFoundation                      0x00007ff80d2c5e9b __exceptionPreprocess + 242
1   libobjc.A.dylib                     0x00007ff80d027e48 objc_exception_throw + 48
2   CoreFoundation                      0x00007ff80d38167b _CFThrowFormattedException + 194
3   CoreFoundation                      0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0
4   CoreFoundation                      0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119
5   X11.bin                             0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169

Fixes: https://github.com/XQuartz/XQuartz/issues/267


Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Bumped in response to warning from meson:

    WARNING: Project specifies a minimum meson_version '>= 0.47.0' but uses features which were added in newer versions:
        * 0.50.0: {'install arg in configure_file'}

Even though there is no warning, we need 0.52.0 for include_type (added in 8264b51e) per:
    https://mesonbuild.com/Reference-manual_functions.html#arguments17

Also install xkbcomp, libwayland-dev, and weston from debian since it is new enough now

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

See discussions at xorg/lib/libx11!140
               and xorg/xserver!913



Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

This avoids warnings from system headers when building with debian bullseye:

    In file included from ../dist-unpack/xserver-21.1.99.1/os/rpcauth.c:47:
    /usr/include/tirpc/rpc/rpc.h:83:12: error: redundant redeclaration of ‘bindresvport’ [-Werror=redundant-decls]
       83 | extern int bindresvport(int, struct sockaddr_in *);
          |            ^~~~~~~~~~~~
    In file included from /usr/include/tirpc/rpc/rpc.h:40,
                     from ../dist-unpack/xserver-21.1.99.1/os/rpcauth.c:47:
    /usr/include/netinet/in.h:503:12: note: previous declaration of ‘bindresvport’ was here
      503 | extern int bindresvport (int __sockfd, struct sockaddr_in *__sock_in) __THROW;
          |            ^~~~~~~~~~~~

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Add libdecor 0.1.0 to CI.

v2: Build with and without libdecor

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

When running rootful, the Xwayland window is not decorated (as all
Wayland surfaces), which makes it quite inconvenient to move on screen.

libdecor is "a client-side decorations library for Wayland clients"
which can be used precisely for adding decorations to Wayland surfaces.

Add optional support for libdecor in Xwayland to gain decorations when
running rootful and a new command line option "-decorate".

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Closes: #1332

That allows to differentiate Xwayland's own surfaces from others.

This is preparation work for optional libdecor support.

v2: Check for surface not being NULL (Jonas Ådahl <jadahl@gmail.com>)

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

The app_id is used to identify applications (and group windows), some
desktops (such as GNOME Shell) use it in their top bar.

Set the XDG toplevel "app_id" to "org.freedesktop.Xwayland" and install
a desktop file for Xwayland rootful.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

So that when running rootful, the compositor can close the Xwayland
window using the xdg-toplevel protocol.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Set a meaningful title for the xdg_surface, it's nicer when running
rootful.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Currently, when running rootful, the toplevel root surface is created in
the same function as the rest of the Wayland surfaces.

Move it to its own function to improve readability - No function change.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Add a new command line option "-host-grab" to disable the keyboard
shortcuts and confine the pointer on the host so that Xwayland can
receive all keyboard events.

This is useful when running a complete desktop environment within
Xwayland rootful.

Use [CTRL]+[SHIFT] to release the keyboard and pointer.

This option is not compatible with rootless mode.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Xwayland tries to be smart and guess the intention of the X11 clients
sometimes, like issuing a pointer lock when a client hides the pointer
when confined.

While this is a good thing when running rootless, this is problematic
when running rootful as the pointer will be automatically locked unless
the "retro" mode is used (which doesn't hide the cursor, unlike the
default).

Make sure we don't trigger the automatic pointer lock when the cursor is
hidden when running rootful.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Add a new command line option "-fullscreen" to make the rootful Xwayland
window appear fullscreen.

This requires viewport support in the compositor and when used with
"-geometry" can emulate the full range of XRandR resolutions.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

When updating the overall screen size, Xwayland would first walk the
window tree then update both the xwl_screen and screen size.

As a result, if any ResizeWindow() handler tries to use the xwl_screen
size, it would get the old (wrong) size instead of the new one.

Make sure to update the xwl_screen size first, prior to traverse the
window tree.

This is preparation work for Xwayland fullscreen mode.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

When using xrandr emulation, the emulated mode is passed as a pointer to
the XRandR mode from the xwl_output associated with the X11 client.

In preparation for fullscreen mode, we want to be able to reuse that
code but use a separate emulated mode.

Simply change the internal API to pass a reference to the emulated mode.

This introduces no functional change.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

The xdg_toplevel object was used solely when creating the window
surface, and the value of the object discarded.

To be able to make the surface fullscreen using the xdg_toplevel
protocol, we need to have access that object, so keep it around along
with the xwl_window.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>