Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress

To: 977238@bugs.debian.org
Subject: Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
From: Philip Chung <philipchung1995@yahoo.com>
Date: Sat, 12 Dec 2020 15:39:47 -0800
Message-id: <[🔎] 35abd5d7-e622-68de-2908-e1bf64ce5cc9@yahoo.com>
Reply-to: Philip Chung <philipchung1995@yahoo.com>, 977238@bugs.debian.org
In-reply-to: <[🔎] X9VQD4c5JpOkpEVZ@zira.vinc17.org>
References: <[🔎] X9VQD4c5JpOkpEVZ@zira.vinc17.org> <[🔎] X9VQD4c5JpOkpEVZ@zira.vinc17.org>

Control: forwarded -1 https://github.com/easymodo/qimgv/issues/154

On 2020/12/13 12:19 AM (UTC+0100), Vincent Lefevre wrote:
> Package: qimgv
> Version: 0.9.1-2
> Severity: important
> Tags: security
> 
> When I click with the middle button (button 2), this quits qimgv and
> triggers a ButtonRelease event in the underneath window, thus
> affecting an unrelated application. A major consequence is that some
> applications (such as xterm and rxvt) see this ButtonRelease event as
> a click, and since this is a middle-click, if the window is accepting
> input at this mouse position, this unexpectedly pastes data. For a
> terminal like xterm or rxvt, this can be harmful, depending on what
> is running and on what is pasted (this could be private data).
> 
> In no way an application should affect other applications like that.
> 
> The cause is that qimgv quits at the ButtonPress event instead of the
> ButtonRelease event.
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages qimgv depends on:
> ii  libc6                 2.31-5
> ii  libexiv2-27           0.27.3-3
> ii  libgcc-s1             10.2.1-1
> ii  libmpv1               0.32.0-2+b1
> ii  libopencv-core4.2     4.2.0+dfsg-6+b6
> ii  libopencv-imgproc4.2  4.2.0+dfsg-6+b6
> ii  libqt5core5a          5.15.2+dfsg-2
> ii  libqt5gui5            5.15.2+dfsg-2
> ii  libqt5widgets5        5.15.2+dfsg-2
> ii  libstdc++6            10.2.1-1
> 
> qimgv recommends no packages.
> 
> qimgv suggests no packages.
> 
> -- no debconf information
> 

This appears to have been reported upstream at:
https://github.com/easymodo/qimgv/issues/154

Philip Chung

Reply to:

References:
- Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Next by Date: Processed: Re: Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Previous by thread: Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Next by thread: Processed: Re: Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Index(es):
- Date
- Thread