-
8e627350
by Michal Srb
at 2017-07-07T07:22:37+02:00
Xi: Zero target buffer in SProcXSendExtensionEvent.
Make sure that the xEvent eventT is initialized with zeros, the same way as
in SProcSendEvent.
Some event swapping functions do not overwrite all 32 bytes of xEvent
structure, for example XSecurityAuthorizationRevoked. Two cooperating
clients, one swapped and the other not, can send
XSecurityAuthorizationRevoked event to each other to retrieve old stack data
from X server. This can be potentialy misused to go around ASLR or
stack-protector.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 05442de962d3dc624f79fc1a00eca3ffc5489ced)
-
339d961d
by Michal Srb
at 2017-07-07T07:22:37+02:00
dix: Disallow GenericEvent in SendEvent request.
The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
no less. Both ProcSendEvent and SProcSendEvent verify that the received data
exactly match the request size. However nothing stops the client from passing
in event with xEvent::type = GenericEvent and any value of
xGenericEvent::length.
In the case of ProcSendEvent, the event will be eventually passed to
WriteEventsToClient which will see that it is Generic event and copy the
arbitrary length from the receive buffer (and possibly past it) and send it to
the other client. This allows clients to copy unitialized heap memory out of X
server or to crash it.
In case of SProcSendEvent, it will attempt to swap the incoming event by
calling a swapping function from the EventSwapVector array. The swapped event
is written to target buffer, which in this case is local xEvent variable. The
xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
expect that the target buffer has size matching the size of the source
GenericEvent. This allows clients to cause stack buffer overflows.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 215f894965df5fb0bb45b107d84524e700d2073c)
-
877d9470
by Michal Srb
at 2017-07-07T07:22:37+02:00
Xi: Verify all events in ProcXSendExtensionEvent.
The requirement is that events have type in range
EXTENSION_EVENT_BASE..lastEvent, but it was tested
only for first event of all.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 8caed4df36b1f802b4992edcfd282cbeeec35d9d)
-
e3f9ab63
by Michal Srb
at 2017-07-07T07:22:37+02:00
Xi: Do not try to swap GenericEvent.
The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
it is assuming that the event has fixed size and gives the swapping function
xEvent-sized buffer.
A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ba336b24052122b136486961c82deac76bbde455)
-
d7bc00f5
by Julien Cristau
at 2017-07-07T07:39:21+02:00
Changelog update
-
b0943284
by Sven Joachim
at 2017-07-22T17:01:32+02:00
xvfb-run: Don't mix stderr and stdout when running the program
There does not seem to be a good reason for this, and it prevents the
user from redirecting the program's output without having it
intermixed with diagnostics.
-
cae1c933
by Timo Aaltonen
at 2017-08-15T10:25:02+03:00
rules: Drop obsolete dh_strip line for -dbg package.
-
c2d062e2
by Timo Aaltonen
at 2017-08-15T21:53:38+03:00
restore dh_strip, drop -dbg from it
-
4882c259
by Timo Aaltonen
at 2017-08-16T09:49:26+03:00
rules: Drop dh_strip override, dbgsym transition is done.
-
ccb13640
by Timo Aaltonen
at 2017-08-28T18:40:59+03:00
add-cfl-cnl-ids.diff: Add Coffee Lake and Cannonlake pci-ids.
-
6028ff2d
by Timo Aaltonen
at 2017-08-28T18:44:17+03:00
release to artful
-
cb00105f
by Timo Aaltonen
at 2017-08-30T14:49:57+03:00
xwayland-add-grab-protocol-support.diff: Dropped, causes issues with kvm. (LP: #1713981)
-
2a47e328
by Olivier Fourdan
at 2017-09-21T15:00:08+02:00
glamor: Check for NULL pixmap in glamor_get_pixmap_texture()
glamor_create_pixmap() would return a NullPixmap if the given size is
larger than the maximum size of a pixmap.
But glamor_get_pixmap_texture() won't check if the given pixmap is
non-null, leading to a segfault if glamor_create_pixmap() failed.
This can be reproduced by passing Xephyr a very large screen width,
e.g.:
$ Xephyr -glamor -screen 32768x1024 :10
(EE)
(EE) Backtrace:
(EE) 0: Xephyr (OsSigHandler+0x29)
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0)
(EE) 2: Xephyr (glamor_get_pixmap_texture+0x30)
(EE) 3: Xephyr (ephyr_glamor_create_screen_resources+0xc6)
(EE) 4: Xephyr (ephyrCreateResources+0x98)
(EE) 5: Xephyr (dix_main+0x275)
(EE) 6: /lib64/libc.so.6 (__libc_start_main+0xf1)
(EE) 7: Xephyr (_start+0x2a)
(EE) 8: ? (?+0x2a) [0x2a]
(EE)
(EE) Segmentation fault at address 0x0
(EE)
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)
Aborted (core dumped)
Bugzilla: https://bugzilla.redhat.com/1431633
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit f40ff18c96e02ff18a367bf53feeb4bd8ee952a0)
-
52ab10aa
by Olivier Fourdan
at 2017-09-21T15:00:14+02:00
Xephyr: Check screen resources creation success
If the screen pixmap or the corresponding texture creation with glamor
fails, exit cleanly with an error message instead of segfaulting.
Fixes: https://bugzilla.redhat.com/1431633
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b0ce1d088a863492f5de11e4dbde10af4261d892)
-
703ba42c
by Olivier Fourdan
at 2017-09-21T15:00:18+02:00
glamor: glamor_set_destination_drawable() can fail
The fbo_array of a given glamor pixmap can be NULL in some cases, as
glamor_create_fbo_array() can fail to allocate the FBO array.
If this is the case, glamor_pixmap_fbo_at() will return NULL even though
the box index is valid, and glamor_set_destination_drawable() simply
assumes glamor_pixmap_fbo_at() will return an FBO prior to pass the
value to glamor_set_destination_pixmap_fbo(), which will segfault.
We need a way for glamor_set_destination_drawable() to fail safely and
let the caller know about the failure.
Add a boolean return value to glamor_set_destination_drawable() for that
purpose.
Bugzilla: https://bugzilla.redhat.com/1417575
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 04b4bad7c048fd077fe839f10634c99ef1e488af)
-
9db3361b
by Olivier Fourdan
at 2017-09-21T15:00:21+02:00
glamor: Check glamor_set_destination_drawable() return value
Check the value returned by glamor_set_destination_drawable() and use
the fallback code path where possible.
Bugzilla: https://bugzilla.redhat.com/1417575
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 455051a0f1d2bc84f605c325f647bd64d414c47d)
-
8c609764
by Adam Jackson
at 2017-09-21T15:00:25+02:00
parser: Fix crash when xf86nameCompare(s1 = x, s2 = NULL)
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit f1f865e909090406841a9b9416ea6259a75c2086)
-
2f36c6fa
by Adam Jackson
at 2017-09-22T18:45:58+02:00
xinerama: Implement graphics exposures for window->pixmap copies (v4)
This code is using GetImage to accumulate a logical view of the window
image (since the windows will be clipped to their containing screen),
and then PutImage to load that back into the pixmap. What it wasn't
doing was constructing a region for the obscured areas of the window and
emitting graphics exposures for same.
v2: Fix coordinate translation when the source is the root window
v3: Create sourceBox with the right coordinates initially instead of
translating (Keith Packard)
v4: Clamp the region to 15 bits to avoid overflow (Keith Packard)
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit e337de2d488a124e5fee0fdcb882567b68f1767d)
-
c58bff7e
by Eric Anholt
at 2017-09-22T18:45:58+02:00
glamor: Fix dashed line rendering.
We were binding the screen pixmap as the dash and sampling its alpha,
which is usually just 1.0 (no dashing at all).
Please cherry-pick this to active stable branches.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit fe0b297420fc1de8a7fab28457d0864b3182e967)
-
0f3196bf
by Adam Jackson
at 2017-09-22T18:45:58+02:00
ephyr: Don't clobber bitsPerPixel when using glamor
This ends up passing 0 as the bpp argument to fb screen setup, which is
not really the best plan.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 83c4297d2c4fd501a9d36bc0cb7d357a8d22394c)
-
2191f9b4
by Olivier Fourdan
at 2017-09-22T18:45:59+02:00
glamor: avoid a crash if texture allocation failed
Texture creation in _glamor_create_tex() can fail if a GL_OUT_OF_MEMORY
is raised, in which case the texture returned is zero.
But the texture value is not checked in glamor_create_fbo() and glamor
will abort in glamor_pixmap_ensure_fb() because the fbo->tex is 0:
Truncated backtrace:
Thread no. 1 (10 frames)
#4 glamor_pixmap_ensure_fb at glamor_fbo.c:57
#5 glamor_create_fbo_from_tex at glamor_fbo.c:112
#6 glamor_create_fbo at glamor_fbo.c:159
#7 glamor_create_fbo_array at glamor_fbo.c:210
#8 glamor_create_pixmap at glamor.c:226
#9 compNewPixmap at compalloc.c:536
#10 compAllocPixmap at compalloc.c:605
#11 compCheckRedirect at compwindow.c:167
#12 compRealizeWindow at compwindow.c:267
#13 RealizeTree at window.c:2617
Check the value returned by _glamor_create_tex() in glamor_create_fbo()
and return NULL in the texture is zero.
All callers of glamor_create_fbo() actually check the returned value and
will use a fallback code path if it's NULL.
Please cherry-pick this to active stable branches.
Bugzilla: https://bugzilla.redhat.com/1433305
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 8805a48ed35afb2ca66315656c1575ae5a01c639)
-
3166138e
by Kenneth Graunke
at 2017-09-22T18:45:59+02:00
dri2: Sync i965_pci_ids.h from Mesa.
Copied from Mesa with no modifications. Gives us Geminilake PCI IDs.
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Acked-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 368f60d461421fe5e2bbd90652d6ac858dbff8fe)
-
e23000d8
by Tobias Stoeckmann
at 2017-09-22T18:45:59+02:00
record: Fix OOB access in ProcRecordUnregisterClients
If a client sends a RecordUnregisterClients request with an nClients
field larger than INT_MAX / 4, an integer overflow leads to an
out of boundary access in RecordSanityCheckClientSpecifiers.
An example line with libXtst would be:
XRecordUnregisterClients(dpy, rc, clients, 0x40000001);
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 40c12a76c2ae57adefd3b1d412387ebbfe2fb784)
-
df4d01e6
by Tobias Stoeckmann
at 2017-09-22T18:45:59+02:00
dmx: Fix null pointer dereference
A null pointer dereference can occur in dmxSync, because TimerForce
does not handle a null pointer.
dmxSyncTimer is set to NULL a few lines above on a certain condition,
which happened on my machine. The explicit NULL check allowed me to
start Xdmx again without a segmentation fault.
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 21eda7464d0e13ac6558edaf6531c3d3251e05df)
-
60ae865a
by Daniel Stone
at 2017-09-22T18:45:59+02:00
modesetting: Set correct DRM event context version
DRM_EVENT_CONTEXT_VERSION is the latest context version supported by
whatever version of libdrm is present. modesetting was blindly asserting
it supported whatever version that may be, even if it actually didn't.
With libdrm 2.4.78, setting a higher context version than 2 will attempt
to call the page_flip_handler2 vfunc if it was non-NULL, which being a
random chunk of stack memory, it might well have been.
Set the version as 2, which should be bumped only with the appropriate
version checks.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Daniel Stone <daniels@collabora.com>
(cherry picked from commit 0c8e6ed85810e96d84173a52d628863802a78d82)
-
74126530
by Adam Jackson
at 2017-09-22T18:45:59+02:00
xephyr: Check for host XVideo support before trying to use it
Otherwise xcb will treat our attempt to send xv requests as a connection
error (quite reasonably: we're asking it to emit a request for which
there is no defined major opcode), and we'll die quietly the first time
we hit KdBlockhandler.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 14d2fe74f4e51c5b37eab4b7475c804a0340b530)
-
1e8e68b7
by Sven Joachim
at 2017-09-25T18:16:49+02:00
Add bug closure for #876690
-
6a6bf1ae
by Michel Dänzer
at 2017-09-25T15:34:10-04:00
xfree86/modes: Make colormap/gamma glue code work with RandR disabled
E.g. because Xinerama is enabled.
Fixes crash on startup and wrong colours in that case.
Bugzilla: https://bugs.freedesktop.org/100293
Bugzilla: https://bugs.freedesktop.org/100294
Fixes: 62f44052573b ("xfree86/modes: Move gamma initialization to
xf86RandR12Init12 v2")
Tested-by: Mariusz Bialonczyk <manio@skyboo.net>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 41dafcc2a2942fc4c94ce3cbafc4a1b413c460c3)
-
e59a32c8
by Olivier Fourdan
at 2017-09-25T15:34:10-04:00
glamor: an FBO is not needed for Xv pixmaps
It appears that on some hardware/diver combo such as nv30/nouveau, using
GL_ALPHA as format for 8-bit depth will cause an incomplete attachment
error (GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT) when trying to bind the
texture.
As a result, the FBO is NULL and glamor segfaults when trying to access
the FBO width/height in pixmap_priv_get_scale() in glamor_xv_render().
This happens with glamor-xv which uses 8-bit pixmaps, meaning that on
such hardware/driver, trying to play a video using Xv will lead to a
crash of the Xserver. This affects Xwayland, Xephyr, modesetting driver
with glamor accel.
But the use of an FBO is not actually needed for glamox-xv, so by
disabling FBO at pixmap creation, we can avoid the issue entirely.
Fix suggested by Eric Anholt <eric@anholt.net>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=100710
Fixes: https://bugzilla.redhat.com/1412814
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 7bfb87a2137853295ecc9e544a15626cfd773a02)
-
b3de3ebc
by Michel Dänzer
at 2017-09-25T15:34:10-04:00
os: Handle SIGABRT
Without this, assertion failures can make life hard for users and those
trying to help them.
v2:
* Change commit log wording slightly to "can make life hard", since
apparently e.g. logind can alleviate that somewhat.
* Set default handler for SIGABRT in
hw/xfree86/common/xf86Init.c:InstallSignalHandlers() and
hw/xquartz/quartz.c:QuartzInitOutput() (Eric Anholt)
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 27a6b9f7c84c914d0f5909ec1069d72f5035bc04)
-
7a2525fb
by Keith Packard
at 2017-09-25T15:34:10-04:00
os: un-duplicate code to close client on write failure
There are three copies of the same short sequence of operations to
close down a client when a write error occurs. Create a new function,
AbortClient, which performs these operations and then call it from the
three places.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit a82971b07035ee9a4e3ed01326e7c1eab34b5a19)
-
d808b573
by Keith Packard
at 2017-09-25T15:34:10-04:00
os: Mark client as ready to read when closing due to write failure [100863]
This makes sure the server will go look at the client again, notice
that the FD is no longer valid and close the client down.
Bugzilla: https://bugs.freedesktop.org/100863
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit e2f68296ffb8e40035c0ebd949b67d1e2e424e11)
-
444929b4
by Keith Packard
at 2017-09-25T15:34:10-04:00
dix: Remove clients from input and output ready queues after closing
Delay removing the client from these two queues until all potential
I/O has completed in case we mark the client as ready for reading or
with pending output during the close operation.
Bugzilla: https://bugs.freedesktop.org/100957
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Nick Sarnie <commendsarnex@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit d9e23ea4228575344e3b4c0443cecc5eb75356e4)
-
d8f63717
by Jason Gerecke
at 2017-09-25T15:34:10-04:00
xfree86: Fix interpretation of xf86WaitForInput timeout
Commit aa6717ce2 switched xf86WaitForInput from using select(2) to using
poll(2). Before this change, the timeout was interpreted as being in
microseconds; afterwards it is fed directly to xorg_poll which interprets
it as being in milliseconds. This results in the function potentially
blocking 1000x longer than intended. This commit scales down the timeout
argument before passing it to xorg_poll, being careful to ensure the result
is not rounded down due to integer division.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 2fbf62b2fb3dcb29551251d09aa695715bb754f4)
-
7c4f7b3a
by Lyude
at 2017-09-25T15:34:10-04:00
xwayland: Don't load extension list more than once
When running an Xwayland server from the command line, we end up
resetting the server every time all of the clients connected to the
server leave. This would be fine, except that xwayland makes the mistake
of unconditionally calling LoadExtensionList(). This causes us to setup
the glxExtension twice in a row which means that when we lose our last
client on the second server generation, we end up trying to call the glx
destructors twice in a row resulting in a segfault:
(EE)
(EE) Backtrace:
(EE) 0: Xwayland (OsSigHandler+0x3b) [0x4982f9]
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x70845bf]
(EE) 2: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x32897d) [0x1196e5bd]
(EE) 3: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x328a45) [0x1196e745]
(EE) 4: /usr/lib64/dri/swrast_dri.so (__driDriverGetExtensions_virtio_gpu+0x32665f) [0x11969f7f]
(EE) 5: Xwayland (__glXDRIscreenDestroy+0x30) [0x54686e]
(EE) 6: Xwayland (glxCloseScreen+0x3f) [0x5473db]
(EE) 7: Xwayland (glxCloseScreen+0x53) [0x5473ef]
(EE) 8: Xwayland (dix_main+0x7b6) [0x44c8c9]
(EE) 9: Xwayland (main+0x28) [0x61c503]
(EE) 10: /lib64/libc.so.6 (__libc_start_main+0xf1) [0x72b1401]
(EE) 11: Xwayland (_start+0x2a) [0x4208fa]
(EE) 12: ? (?+0x2a) [0x2a]
(EE)
(EE) Segmentation fault at address 0x18
(EE)
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)
Easy reproduction recipe:
- Start an Xwayland session with the default settings
- Open a window
- Close that window
- Open another window
- Close that window
- Total annihilation occurs
Signed-off-by: Lyude <lyude@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 4f29366f1e5678505fb882143c9b4a892d5b8273)
-
40edd409
by Michel Dänzer
at 2017-09-25T15:34:10-04:00
glamor: Store the actual EGL/GLX context pointer in lastGLContext
Fixes subtle breakage which could sometimes trigger after a server reset
with multiple screens using glamor:
Screen A enters glamor_close_screen last and calls various cleanup
functions, which at some point call glamor_make_current to make sure
screen A's GL context is current. This sets lastGLContext to screen A's
&glamor_priv->ctx. Finally, glamor_close_screen calls
glamor_release_screen_priv, which calls free(glamor_priv).
Later, screen B enters glamor_init, which allocates a new glamor_priv.
With bad luck, this can return the same pointer which was previously
used for screen A's glamor_priv. So when screen B's glamor_init calls
glamor_make_current, lastGLContext == &glamor_priv->ctx, so MakeCurrent
isn't called for screen B's GL context, and the following OpenGL API
calls triggered by glamor_init mess up screen A's GL context.
The observed end result of this was a crash in glamor_get_vbo_space
because glamor_priv->vbo didn't match the GL context, though there might
be other possible outcomes.
Assigning the actual GL context pointer to lastGLContext prevents this
by preventing the false negative test in glamor_make_current.
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 7c88977d338a01aca866e52c9e736f8857fb9ae4)
-
420f77a1
by Carlos Garnacho
at 2017-09-25T15:34:10-04:00
xwayland: Allow pointer warp on root/None window
Of sorts, as we can't honor pointer warping across the whole root window
coordinates, peek the pointer focus in these cases.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit c217fcb4c4640ffd2fefee63c6fcd7ea5e64b942)
-
0e5b08f2
by Carlos Garnacho
at 2017-09-25T15:34:10-04:00
xwayland: "Accept" confineTo on InputOnly windows
Of sorts, actually make it confine to the pointer focus, as the
InputOnly window is entirely invisible to xwayland accounting,
we don't have a xwl_window for it.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit fafdb0cc9697eb53635ed1e78bec1d4cd87ab3a2)
-
2ccea152
by Carlos Garnacho
at 2017-09-25T15:34:10-04:00
xwayland: Update root window size when desktop size changes
This fixes grabs on InputOnly windows whose parent is the root window
failing with GrabNotViewable. This is due to window->borderSize/windowSize
being computed as clipped by its parent, resulting in a null region.
Setting up the right size on the root window makes the InputOnly size
correct too, so the GrabNotViewable paths aren't hit anymore.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 513e3bd3870fdb8a8e0e2e52c0fa93872300bc8b)
-
c6df0d03
by Carlos Garnacho
at 2017-09-25T15:34:10-04:00
xwayland: Lock the pointer if it is confined and has no cursor
In the typical pattern in games of "hide cursor, grab with a confineTo,
warp constantly the pointer to the middle of the window" the last warping
step is actually rather optional. Some games may choose to just set up a
grab with confineTo argument, and trust that they'll get correct relative
X/Y axis values despite the hidden cursor hitting the confinement window
edge.
To cater for these cases, lock the pointer whenever there is a pointer
confinement and the cursor is hidden. This ensures the pointer position
is in sync with the compositor's when it's next shown again, and more
importantly resorts to the relative pointer for event delivery.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ca17f3e9fd3b59fdc5ffd0e5d78e4db6ddc87aa1)
-
faeee764
by Carlos Garnacho
at 2017-09-25T15:34:10-04:00
Xi: Use WarpPointerProc hook on XI pointer warping implementation
Just like we do with XWarpPointer's.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 95febc42cadf392a888104ad6d5cf4f34fdde7d5)
-
87a73937
by Adam Jackson
at 2017-09-25T15:34:10-04:00
modesetting: Validate the atom for enum properties
The client could have said anything here, and if what they said doesn't
actually name an atom NameForAtom() will return NULL, and strcmp() will
be unhappy about that.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit d4995a3936ae283b9080fdaa0905daa669ebacfc)
-
3a53e440
by Michel Dänzer
at 2017-09-25T15:34:10-04:00
glamor: Fix temporary pixmap coordinate offsets
The previous values happened to work in basic cases, but not in general
if the destination is a subwindow or has a border.
Fixes crash with xli, which moves a large subwindow inside a smaller
parent window for scrolling.
No regressions with xterm, x11perf -copyplane or the xscreensaver
phosphor hack.
Bug: https://bugs.debian.org/857983
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit ffda82ed04d28feae2e001dbd0c32d6c795d90b1)
-
cdf15ab8
by Michal Srb
at 2017-09-25T15:34:10-04:00
Xi: Zero target buffer in SProcXSendExtensionEvent.
Make sure that the xEvent eventT is initialized with zeros, the same way as
in SProcSendEvent.
Some event swapping functions do not overwrite all 32 bytes of xEvent
structure, for example XSecurityAuthorizationRevoked. Two cooperating
clients, one swapped and the other not, can send
XSecurityAuthorizationRevoked event to each other to retrieve old stack data
from X server. This can be potentialy misused to go around ASLR or
stack-protector.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 05442de962d3dc624f79fc1a00eca3ffc5489ced)
-
21f55903
by Michal Srb
at 2017-09-25T15:34:10-04:00
dix: Disallow GenericEvent in SendEvent request.
The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
no less. Both ProcSendEvent and SProcSendEvent verify that the received data
exactly match the request size. However nothing stops the client from passing
in event with xEvent::type = GenericEvent and any value of
xGenericEvent::length.
In the case of ProcSendEvent, the event will be eventually passed to
WriteEventsToClient which will see that it is Generic event and copy the
arbitrary length from the receive buffer (and possibly past it) and send it to
the other client. This allows clients to copy unitialized heap memory out of X
server or to crash it.
In case of SProcSendEvent, it will attempt to swap the incoming event by
calling a swapping function from the EventSwapVector array. The swapped event
is written to target buffer, which in this case is local xEvent variable. The
xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
expect that the target buffer has size matching the size of the source
GenericEvent. This allows clients to cause stack buffer overflows.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 215f894965df5fb0bb45b107d84524e700d2073c)
-
e8f6a1bb
by Michal Srb
at 2017-09-25T15:34:10-04:00
Xi: Verify all events in ProcXSendExtensionEvent.
The requirement is that events have type in range
EXTENSION_EVENT_BASE..lastEvent, but it was tested
only for first event of all.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 8caed4df36b1f802b4992edcfd282cbeeec35d9d)
-
ed8fbaba
by Michal Srb
at 2017-09-25T15:34:10-04:00
Xi: Do not try to swap GenericEvent.
The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
it is assuming that the event has fixed size and gives the swapping function
xEvent-sized buffer.
A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ba336b24052122b136486961c82deac76bbde455)
-
358f0bcd
by Aaron Plattner
at 2017-09-25T15:34:10-04:00
randr: Use RRTransformEqual in RRCrtcPendingTransform
Currently, RRCrtcPendingTransform returns false unless the
transformation matrix itself is changing. This makes RRCrtcSet skip
doing anything if the only thing that is changing is the transform
filter.
There's already a function for comparing RRTransformPtrs, so use that
instead.
Tested by running
xrandr --output DP-1 --mode 1920x1080 --rate 144 --scale 0.5x0.5 --filter nearest
follwed by
xrandr --output DP-1 --mode 1920x1080 --rate 144 --scale 0.5x0.5 --filter bilinear
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-and-Tested-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 091af80be48c37f16c679d35fc12ad33e6b0cd74)
-
0934d56d
by Michel Dänzer
at 2017-09-25T15:34:10-04:00
xfree86/modes: Use RRTransformEqual in xf86RandR12CrtcSet
The memcmp didn't catch when e.g. only the filter changed. Tested by
alternately running
xrandr --output DVI-I-0 --scale-from 3840x2160 --filter bilinear
xrandr --output DVI-I-0 --scale-from 3840x2160 --filter nearest
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
(cherry picked from commit 4212c884c423e5ce2cd3b4d67c0d656475fddc79)
-
37815323
by Adam Jackson
at 2017-09-25T15:34:10-04:00
wayland: Sync drm.xml with Mesa
... where it is named src/egl/wayland/wayland-drm/wayland-drm.xml and
has its requests sorted by protocol version number, avoiding a warning
from wayland-scanner.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
(cherry picked from commit 04511a0476b5c860e7d157b01080dff94d935f74)
-
c8eb79c1
by Rodrigo Vivi
at 2017-09-25T15:34:10-04:00
dri2: Sync i965_pci_ids.h from Mesa.
Copied from Mesa with no modifications.
Gives us Coffee Lake and Cannon Lake PCI IDs.
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: Kenneth Graunke <kenneth@whitecape.org>
(cherry picked from commit abb031e731f5c159add1b3351de9c4bb121bf00a)
-
6f29c837
by Michal Srb
at 2017-09-25T15:34:10-04:00
Xi: Test exact size of XIBarrierReleasePointer
Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 211e05ac85a294ef361b9f80d689047fa52b9076)
-
baa25315
by Olivier Fourdan
at 2017-09-25T15:34:10-04:00
xwayland: Fix a segfault with pointer locking
Xwayland would crash in some circumstances while trying to issue a
pointer locking when the cursor is hidden when there is no seat focus
window set.
The crash signature looks like:
#0 zwp_pointer_constraints_v1_lock_pointer ()
#1 xwl_pointer_warp_emulator_lock () at xwayland-input.c:2584
#2 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2756
#3 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2765
#4 xwl_seat_cursor_visibility_changed () at xwayland-input.c:2768
#5 xwl_set_cursor () at xwayland-cursor.c:245
#6 miPointerUpdateSprite () at mipointer.c:468
#7 miPointerDisplayCursor () at mipointer.c:206
#8 CursorDisplayCursor () at cursor.c:150
#9 AnimCurDisplayCursor () at animcur.c:220
#10 ChangeToCursor () at events.c:936
#11 ActivatePointerGrab () at events.c:1542
#12 GrabDevice () at events.c:5120
#13 ProcGrabPointer () at events.c:4908
#14 Dispatch () at dispatch.c:478
#15 dix_main () at main.c:276
xwl_pointer_warp_emulator_lock() tries to use the surface from the
xwl_seat->focus_window leading to a NULL pointer dereference when that
value is NULL.
Check that xwl_seat->focus_window is not NULL earlier in the stack in
xwl_seat_maybe_lock_on_hidden_cursor() and return early if not the case
to avoid the crash.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=102474
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit cdd0352ba05d4d8482aaca41797e05d40e58da36)
-
421814bc
by Olivier Fourdan
at 2017-09-25T15:34:10-04:00
glamor: handle NULL source picture
COMPOSITE_REGION() can pass NULL as a source picture, make sure we
handle that nicely in both glamor_composite_clipped_region() and
glamor_composite_choose_shader().
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit bd353e9b84e013fc34ed730319d5b63d20977903)
-
69ab094a
by Olivier Fourdan
at 2017-09-25T15:34:10-04:00
glamor: Avoid overflow between box32 and box16 box
glamor_compute_transform_clipped_regions() uses a temporary box32
internally which is copied back to a box16 to init the regions16,
thus causing a potential overflow.
If an overflow occurs, the given region is invalid and the pixmap
init region will fail.
Simply check that the coordinates won't overflow when copying back to
the box16, avoiding a crash later down the line in glamor.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Tested-by: Fabrice Bellet <fabrice@bellet.info>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 9869dcb349b49f6d4cc2fab5d927cd8b1d1f463c)
-
0e79797e
by Adam Jackson
at 2017-09-25T15:52:25-04:00
os: Fix warning in LockServer
The meson build gives me:
../os/utils.c: In function ‘LockServer’:
../os/utils.c:310:40: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
snprintf(pid_str, sizeof(pid_str), "%10ld\n", (long) getpid());
^~~~~~~~~
../os/utils.c:310:5: note: ‘snprintf’ output between 12 and 13 bytes into a destination of size 12
snprintf(pid_str, sizeof(pid_str), "%10ld\n", (long) getpid());
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Which seems to be due to the %d part meaning that a negative number's -
sign would be one wider than we're expecting. Fine, just coerce it to
unsigned.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit aabf65d2a0206bd1a9c6e9a9f3153ded873dfd43)
-
c5320244
by Adam Jackson
at 2017-09-25T15:54:20-04:00
xfree86: Silence a new glibc warning
glibc would like to stop declaring major()/minor() macros in
<sys/types.h> because that header gets included absolutely everywhere
and unix device major/minor is perhaps usually not what's expected. Fair
enough. If one includes <sys/sysmacros.h> as well then glibc knows we
meant it and doesn't warn, so do that if it exists.
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit d732c36597fab2e9bc4f2aa72cf1110997697557)
-
d230e12d
by Nick Sarnie
at 2017-09-25T15:54:34-04:00
suid: Include sysmacros.h to fix build after glibc-2.25
[Added HAVE_SYS_SYSMACROS_H guard - ajax]
Signed-off-by: Nick Sarnie <commendsarnex@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 84e3b96b531363e47f6789aacfcae4aa60135e2e)
-
a114286c
by Peter Hutterer
at 2017-09-25T15:55:01-04:00
test: fix compiler warning
signal-logging.c:182:12: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ea82ececbf85a7ac3d0931687f44c57534fde17c)
-
126144c2
by Peter Hutterer
at 2017-09-25T15:56:22-04:00
xfree86: up the path name size to 512 in xf86MatchDriverFromFiles
./hw/xfree86/common/xf86pciBus.c: In function ‘xf86MatchDriverFromFiles’:
../hw/xfree86/common/xf86pciBus.c:1330:52: warning: ‘snprintf’ output may be
truncated before the last format character [-Wformat-truncation=]
snprintf(path_name, sizeof(path_name), "%s/%s", ^~~~~~~
../hw/xfree86/common/xf86pciBus.c:1330:13: note: ‘snprintf’ output between 2
dirent->d_name is 256, so sprintf("%s/%s") into a 256 buffer gives us:
and 257 bytes into a destination of size 256
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 96af794dc648eadcd596893412d7530e92cb5421)
-
545c96c3
by Timo Aaltonen
at 2017-09-26T08:27:44+03:00
Merge remote-tracking branch 'upstream/server-1.19-branch' into ubuntu-artful
-
2e77321a
by Timo Aaltonen
at 2017-09-26T10:50:09+03:00
Update changelog, drop upstreamed patches.
-
6abd8d24
by Timo Aaltonen
at 2017-10-03T00:25:30+03:00
release to artful
-
1135bbf8
by Julien Cristau
at 2017-10-04T14:02:24+02:00
Restore definition of DEB_HOST_ARCH_OS in debian/rules
This was lost in dh conversion (2:1.19.1-1). Thanks, Helmut Grohne!
-
787655d5
by Martin Peres
at 2017-10-04T14:37:45-04:00
modesetting: re-set the crtc's mode when link-status goes BAD
Despite all the careful planning of the kernel, a link may become
insufficient to handle the currently-set mode. At this point, the
kernel should mark this particular configuration as being broken
and potentially prune the mode before setting the offending connector's
link-status to BAD and send the userspace a hotplug event. This may
happen right after a modeset or later on.
Upon receiving a hot-plug event, we iterate through the connectors to
re-apply the currently-set mode on all the connectors that have a
link-status property set to BAD. The kernel may be able to get the
link to work by dropping to using a lower link bpp (with the same
display bpp). However, the modeset may fail if the kernel has pruned
the mode, so to make users aware of this problem a warning is outputed
in the logs to warn about having a potentially-black display.
This patch does not modify the current behaviour of always propagating
the events to the randr clients. This allows desktop environments to
re-probe the connectors and select a new resolution based on the new
(currated) mode list if a mode disapeared. This behaviour is expected in
order to pass the Display Port compliance tests.
Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit bcee1b76aa0db8525b491485e90b8740763d7de6)
-
5571318f
by Keith Packard
at 2017-10-04T14:38:07-04:00
modesetting: Skip no-longer-present connectors when resetting BAD links
Outputs may have NULL mode_output (connector) pointers if the
connector disappears while the server is running. Skip these when
resetting outputs with BAD link status.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 37f4e7651a2fd51efa613a08a1e705553be33e76)
-
359186b1
by Dawid Kurek
at 2017-10-04T14:38:21-04:00
modesetting: Blacklist EVDI devices from PRIME sync
UDL (usb) devices are blacklisted because of they weird behaviour when
it comes to vblank events. As EVDI uses very similar model of handling
vblanks it should be treated similarly.
When doing a page flip, EVDI does not wait for real vblank, but
simulates it by adding constant delay. It also does not support
DRM_IOCTL_WAIT_VBLANK.
In contrast to UDL, EVDI uses platform devices, thus instead of 'usb' in
path they all have 'platform'.
It is possible to blacklist by 'platform', so without explicitly saying
'evdi', but it might be misleading when it comes to real reason for it.
Signed-off-by: Dawid Kurek <dawid.kurek@displaylink.com>
(cherry picked from commit fbd80b2c8ebe9fd41229dc5438524d107c071ff1)
-
c5d409a2
by Jon TURNEY
at 2017-10-04T15:04:25-04:00
Move statically linked xorgxkb files from dixmods to a separate directory
[ajax: Fixed test/Makefile.am as well]
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit fbdd73fac68383c93f6f5c6a7615860503039999)
-
320e48c9
by Adam Jackson
at 2017-10-04T15:04:40-04:00
dmx: Silence an unused-result warning
Modern glibc is very insistent that you care about whether write()
succeeds:
../hw/dmx/input/usb-keyboard.c: In function ‘kbdUSBCtrl’:
../hw/dmx/input/usb-keyboard.c:292:9: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
write(priv->fd, &event, sizeof(event));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 17ad6e5d5616039021455bc821d6ee2497f7ebde)
-
3cea13cc
by Adam Jackson
at 2017-10-04T15:04:48-04:00
dmx: Remove some not-very-interesting debug prints
gcc/glibc think the snprintf in dmxExecOS() might truncate. Yes, it
might, and we also don't care. Just delete all this.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit d6db66811643d3762716f6b144a7358572216a4f)
-
a510fb81
by Michal Srb
at 2017-10-04T15:09:13-04:00
Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit b95f25af141d33a65f6f821ea9c003f66a01e1f1)
-
3094c4c6
by Michal Srb
at 2017-10-04T15:09:13-04:00
xkb: Escape non-printable characters correctly.
XkbStringText escapes non-printable characters using octal numbers. Such escape
sequence would be at most 5 characters long ("\0123"), so it reserves 5 bytes
in the buffer. Due to char->unsigned int conversion, it would print much longer
string for negative numbers.
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit eaf1f72ed8994b708d94ec2de7b1a99f5c4a39b8)
-
8bd33a2d
by Keith Packard
at 2017-10-04T15:09:13-04:00
xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
Reviewed-by: Michal Srb <msrb@suse.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 94f11ca5cf011ef123bd222cabeaef6f424d76ac)
-
388dc1ae
by Keith Packard
at 2017-10-04T15:25:51-04:00
xf86-video-modesetting: Add ms_queue_vblank helper [v3]
This provides an API wrapper around the kernel interface for queueing
a vblank event, simplifying all of the callers.
v2: Fix missing '|' in computing vbl.request.type
v3: Remove spurious bit of next patch (thanks, Michel Dänzer)
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 677c32bcda98a96585bb1f66b57e0755a157b772)
-
12fe3d3e
by Louis-Francis Ratté-Boulianne
at 2017-10-04T15:25:56-04:00
present: Check the whole exec queue on event
Later events are sometimes added in front of the queue (e.g.
if page flipping fails) so we need to check the whole queue
on event.
Signed-off-by: Louis-Francis Ratté-Boulianne <lfrb@collabora.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit c2f2b25ab55c67f9f3ad07c02fa746eae7c61196)
-
ec37e559
by Adam Jackson
at 2017-10-04T15:29:18-04:00
xserver 1.19.4
Signed-off-by: Adam Jackson <ajax@redhat.com>
-
3a3bce94
by Timo Aaltonen
at 2017-10-05T09:54:11+03:00
Merge branch 'upstream-unstable' into debian-unstable
-
891a2d03
by Timo Aaltonen
at 2017-10-05T10:03:56+03:00
bump the version
-
2f7fb099
by Timo Aaltonen
at 2017-10-05T10:14:29+03:00
signing-key.asc: Update Adam Jackson's key.
-
72d2aeda
by Timo Aaltonen
at 2017-10-05T10:23:27+03:00
fixes two CVE's
-
c4dec70a
by Timo Aaltonen
at 2017-10-05T10:36:23+03:00
close some bugs
-
290ffbf0
by Timo Aaltonen
at 2017-10-10T00:33:34+03:00
release to sid
-
f17420f3
by Timo Aaltonen
at 2017-10-10T11:13:42+03:00
Merge branch 'debian-unstable' into ubuntu-artful
-
e23cb995
by Timo Aaltonen
at 2017-10-10T11:21:31+03:00
release to artful
-
d4d9be87
by Emilio Pozuelo Monfort
at 2017-10-10T18:55:57+02:00
Simplify flags handling
-
b68c3b6a
by Emilio Pozuelo Monfort
at 2017-10-10T18:56:36+02:00
Drop useless spaces
-
80ab8f53
by Emilio Pozuelo Monfort
at 2017-10-10T18:57:11+02:00
Let dh pass --disable-silent-rules
-
65d4d5a4
by Emilio Pozuelo Monfort
at 2017-10-10T19:06:32+02:00
Merge dri3 flags with other (non-)linux ones
-
b8b99a32
by Emilio Pozuelo Monfort
at 2017-10-10T19:37:24+02:00
Move --lib(exec)dir to common flags
-
b688ff31
by Emilio Pozuelo Monfort
at 2017-10-10T19:43:04+02:00
Move rules to rules.flags
-
7edde320
by Timo Aaltonen
at 2017-10-11T11:13:05+03:00
xvfb-run: Keep redirecting stderr to stdout, autopkgtests need it.
-
784d205f
by Adam Jackson
at 2017-10-12T12:17:53-04:00
Revert "xf86-video-modesetting: Add ms_queue_vblank helper [v3]"
Apparently introduces a regression:
https://bugs.freedesktop.org/103243
This reverts commit 388dc1aeac9acf2d51ad5103570beffd81d78b96.
-
e751722a
by Michal Srb
at 2017-10-12T12:24:49-04:00
os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF. Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 9c23685009aa96f4b861dcc5d2e01dbee00c4dd9)
-
c206f36a
by Nathan Kidd
at 2017-10-12T12:25:02-04:00
Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)
This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit cad5a1050b7184d828aef9c1dd151c3ab649d37e)
-
61502107
by Nathan Kidd
at 2017-10-12T12:25:10-04:00
xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 55caa8b08c84af2b50fbc936cf334a5a93dd7db5)
-
d264da92
by Nathan Kidd
at 2017-10-12T12:25:19-04:00
hw/xfree86: unvalidated lengths
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 1b1d4c04695dced2463404174b50b3581dbd857b)
-
c77cd08e
by Nathan Kidd
at 2017-10-12T12:25:24-04:00
Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer
[jcristau: originally this patch fixed the same issue as commit
211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the
addition of these checks]
This addresses CVE-2017-12179
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit d088e3c1286b548a58e62afdc70bb40981cdb9e8)
-
6c151221
by Nathan Kidd
at 2017-10-12T12:25:31-04:00
Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 859b08d523307eebde7724fd1a0789c44813e821)
-
cc41e5b5
by Nathan Kidd
at 2017-10-12T12:25:36-04:00
dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
v2: Protect against integer overflow (Alan Coopersmith)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 4ca68b878e851e2136c234f40a25008297d8d831)
-
95f605b4
by Nathan Kidd
at 2017-10-12T12:25:41-04:00
Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit b747da5e25be944337a9cd1415506fc06b70aa81)
-
b96e982e
by Adam Jackson
at 2017-10-12T12:32:31-04:00
xserver 1.19.5
Signed-off-by: Adam Jackson <ajax@redhat.com>
-
6ba3544b
by Andreas Boll
at 2017-10-12T22:12:48+02:00
Merge tag 'xorg-server-1.19.5' into debian-unstable
xorg-server-1.19.5
-
d97dac4a
by Andreas Boll
at 2017-10-12T22:18:52+02:00
Bump changelog
-
0f184231
by Andreas Boll
at 2017-10-12T22:25:20+02:00
Fixes twelve CVE's
-
a91b0c6e
by Timo Aaltonen
at 2017-10-13T08:41:32+03:00
Merge tag 'xorg-server-1.19.5' into ubuntu-artful
xorg-server-1.19.5
-
f3201678
by Timo Aaltonen
at 2017-10-13T08:46:22+03:00
update the changelog
-
d6f9ebcf
by Timo Aaltonen
at 2017-10-13T08:46:32+03:00
release to artful
-
1347a57f
by Julien Cristau
at 2017-10-13T11:28:17+02:00
Upload to unstable
-
dab761d5
by Emilio Pozuelo Monfort
at 2017-11-21T19:50:04+01:00
Use --sourcedir for dh_install
-
aefc7f30
by Emilio Pozuelo Monfort
at 2017-11-21T20:37:04+01:00
Install xorg-server.pc to a multiarch location
-
4f84f345
by Emilio Pozuelo Monfort
at 2017-11-21T20:50:16+01:00
Move xserver-xorg-legacy to priority optional
-
18540225
by Emilio Pozuelo Monfort
at 2017-11-23T00:33:52+01:00
Fail the build if calculating video/xinput abi fails
-
e540fb20
by Emilio Pozuelo Monfort
at 2017-11-23T00:36:37+01:00
Unbreak the pkg-config file
-
a6776111
by Adam Jackson
at 2017-12-11T15:21:51-05:00
xfixes: Remove the CursorCurrent array
We're not wrapping all the ways a cursor can be destroyed, so this array
ends up with stale data. Rather than try harder to wrap more code paths,
just look up the cursor when we need it.
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit aa6651f83c698e8cc40de61aad36c73ca7a6adcf)
-
cd5076a5
by Nikolay Martynov
at 2017-12-13T10:04:11-05:00
XShmGetImage: fix censoring
It looks like offsets calculated during image censoring are wrong.
This results in black (empty) images returns.
This fix is very similar to 6c6f09aac7f1d1367a042087b7681c7fdf1d1e0f
that was applied to XGetImage
Visually this fixes chromium/firefox window sharing in multiscreen
configurations - without this patch most of the windows on 'secodnary'
screens are black.
This also should fix https://bugs.freedesktop.org/show_bug.cgi?id=101730.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 885636b7d42b3c7b151fc386d358184db004ce45)
-
4ef1aef0
by Alex Goins
at 2017-12-13T10:04:47-05:00
ramdac: Check ScreenPriv != NULL in xf86ScreenSetCursor()
Similar to change cba5a10f, xf86ScreenSetCursor() would dereference ScreenPriv
without NULL checking it. If Option "SWCursor" is specified, ScreenPriv == NULL.
Without this fix, it is observed that setting Option "SWCursor" "on" on the
modesetting driver in a PRIME configuration will segfault the server.
It is important to return success rather than failure in the instance that
ScreenPriv == NULL and pCurs == NullCursor, because otherwise xf86SetCursor()
can fall into infinite recursion: xf86SetCursor(pCurs) calls
xf86ScreenSetCursor(pCurs), and if FALSE, calls xf86SetCursor(NullCursor). If
xf86ScreenSetCursor(NullCursor) returns FALSE, it calls
xf86SetCursor(NullCursor) again and this repeats forever.
Signed-off-by: Alex Goins <agoins@nvidia.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit 68d95e759f8b6ebca6bd52e69e6bc34cc174f8ca)
-
e8530b87
by Daniel Martin
at 2017-12-13T10:05:36-05:00
modesetting: Fix potential buffer overflow
If one misconfigures a ZaphodHeads value (more than 20 characters
without a delimiter), we get an overflow of our buffer. Use
xstrtokenize() instead of writing/fixing our own tokenizer.
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
(cherry picked from commit 04a305121fbc08ecc2ef345ee7155d6087a43fd1)
-
e663998f
by Daniel Martin
at 2017-12-13T10:05:46-05:00
test: input: Fix used uninitialized warning in dix_event_to_core
input.c: In function ‘dix_event_to_core’:
../include/inputstr.h:61:55: warning: ‘*((void *)&ev+80)’ is used uninitialized in this function [-Wuninitialized]
#define SetBit(ptr, bit) (((BYTE *) (ptr))[(bit)>>3] |= (1 << ((bit) & 7)))
^~
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
(cherry picked from commit 0bcc65f2bf479c6a74ac70bb5b5181d6834dded6)
-
8817747c
by Daniel Martin
at 2017-12-13T10:05:53-05:00
test: signal-logging: Fix looping signed number tests
unsigned_tests[] was used to compute the amount of signed numbers to
test.
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
(cherry picked from commit 15a32ee5d1fffa171bb05af9a0e5b472e4af1488)
-
5a5b6d6c
by Peter Hutterer
at 2017-12-13T10:06:02-05:00
config/udev: consider ID_INPUT_FOO=0 as 'unset'
Historically we didn't need to care about this case but more devices are
having invalid types set and they cannot be unset with a hwdb entry (which
doesn't handle the empty string). Allow for "0" to mean "unset" because
anything else would be crazy anyway.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 5aad81445c8c3d6b7b30d503cfe26027fa482870)
-
c39de5f7
by Eric Anholt
at 2017-12-13T10:06:07-05:00
xkb: Print the xkbcomp path being executed when we fail to compile.
I don't know how many times I've had a broken server due to a bad
directory to xkbcomp, and only finding the whole path has shown me
where I went wrong.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 30f4d440ebc3517fdcc1d3c6a422a8fbf3af1f23)
-
c3285706
by Giuseppe Bilotta
at 2017-12-13T10:06:44-05:00
xkb: initialize tsyms
This fixes some “Conditional jump depends on uninitialized value(s)”
errors spotted by valgrind.
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
(cherry picked from commit b2167015043a458e9cf93b827b43eb5b7c552ce9)
-
c010bcb8
by Giuseppe Bilotta
at 2017-12-13T10:06:49-05:00
randr: ProcRRGetOutputInfo: initialize memory
Running Xephyr under valgrind reveals that we're sending some
uninitialized memory over the wire (particularly, the leftover padding
that comes from rounding extraLen to the next 32-bit multiple).
Solve by calloc()ing the memory instead of malloc()ing (the alternative
would be to memset just the padding, but I'm not sure it's more
convenient.)
Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit bb766ef11227bd8c71ac65845d1930edd0eda40d)
-
b3fa60ed
by Adam Jackson
at 2017-12-13T10:07:07-05:00
glx: Fix typos that break GLX_ARB_context_flush_control
The trailing \n are just wrong here, __glXEnableExtension wants a string
without them.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
(cherry picked from commit fd0eafb18426da14601d5c0d0a50092c49a7aff8)
-
d1a2a275
by Hector Martin
at 2017-12-13T10:07:17-05:00
edid: fix off-by-one error in CEA mode numbering
The CEA extension short video descriptors contain the VIC, which starts
at 1, not 0.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Hector Martin <marcan@marcan.st>
(cherry picked from commit 68556d74b49e99d3490166c446079f7d5de26ca4)
-
ece2e82e
by Adam Jackson
at 2017-12-13T10:07:24-05:00
glx: Only flush indirect contexts in MakeCurrent (v2)
If the context is direct none of the GL commands were issued by this
process, the server couldn't flush them even if it wanted to.
v2: Fix embarassingly obvious boolean inversion (Michel Dänzer)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 307c124d6bcfe26057767b2c0990dc9ac66b9c93)
-
a4bd27bd
by Giuseppe Bilotta
at 2017-12-13T10:07:32-05:00
randr: rrGetScreenResources: initialize memory
Similarly to bb766ef11227bd8c71ac65845d1930edd0eda40d, ensure that the
extra padding is set to 0.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
(cherry picked from commit fb5ee77b91a93e27801006be8ee34d27984e7fa6)
-
5c00e693
by Michel Dänzer
at 2017-12-13T10:08:00-05:00
present: Only send PresentCompleteNotify events to the presenting client
We were sending the events to all clients listening for them on the
window. But clients can get confused by events from another client, and
I can't imagine any case where receiving events from other clients would
be required.
v2:
* Also restrict events sent to additional windows to the presenting
client
* Don't shorten line lengths
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 559954aaa8d811a22cf918cc16a7d618e12201a0)
-
ee64427c
by Daniel Martin
at 2017-12-13T10:08:06-05:00
os/xdmcp: Honour -once when session is dead
Terminate a dead session when -once was passed. Don't restart it.
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Walter Harms <wharms@bfs.de>
(cherry picked from commit 918afeecbc63d70413e222efdb2ac4cfb16eae9e)
-
b832dac7
by Adam Jackson
at 2017-12-13T10:08:40-05:00
glx: Fix glXQueryContext for GLX_FBCONFIG_ID and GLX_RENDER_TYPE (v2)
Just never filled in, oops. Seems to have gone unnoticed because
normally glXQueryContext simply returns the values filled in by the
client library when the context was created. The only path by which you
normally get to a GLXQueryContext request is glXImportContext, and then
only if the context is already indirect.
However, that's a statement about Mesa's libGL (and anything else that
inherited that bit of the SGI SI more or less intact). Nothing prevents
a mischeivous client from issuing that request of a direct context, and
if they did we'd be in trouble because we never bothered to preserve the
associated fbconfig in the context state, so we'd crash looking up
GLX_VISUAL_ID_EXT. So let's fix that too.
v2: Fixed missing preservation of the config in DRI2 (Eric Anholt)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 5d667df6ea1634191a26f9a7c26bc883701d62b0)
-
f9a55653
by Olivier Fourdan
at 2017-12-13T10:08:45-05:00
xwayland: Fix non-argb cursor conversion
>From the bug: "What happens if bits->width is less than 8? :)"
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=103012
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
(cherry picked from commit 97ac59b1ed3624f7c04e54dd3e3dadfa46a8f170)
-
072dff82
by Olivier Fourdan
at 2017-12-13T10:09:11-05:00
dix: avoid deferencing NULL PtrCtrl
PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.
In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.
Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values otherwise, to avoid the NULL pointer
dereference.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 9f7a9be13d6449c00c86d3035374f4f543654b3f)
-
dbf97534
by Tomasz Śniatowski
at 2017-12-13T10:09:20-05:00
os: Fix strtok/free crash in ComputeLocalClient
Don't reuse cmd for strtok output to ensure the proper pointer is
freed afterwards.
The code incorrectly assumed the pointer returned by strtok(cmd, ":")
would always point to cmd. However, strtok(str, sep) != str if str
begins with sep. This caused an invalid-free crash when running
a program under X with a name beginning with a colon.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=104123
Signed-off-by: Tomasz Śniatowski <kailoran@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 6883ae43eb72fe4e2651c1dca209563323fad2db)
-
c70d8e55
by Adam Jackson
at 2017-12-20T15:20:43-05:00
composite: Remove a misleading comment
This comment is above compIsAlternateVisual, which used to be the only
thing determining whether implicit redirect was needed. It's not anymore
due to the redirection exception list. That job is now performed by
compImplicitRedirect, whose code is self-explanitory.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit bccbaf7c113b1300071601879002682ebbe8b1c1)
-
06d1c83d
by Adam Jackson
at 2017-12-20T15:20:43-05:00
composite: Export compIsAlternateVisual
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit ef2345aaa28461a76f77c65240ce5facc180f98e)
-
0a73e7bf
by Adam Jackson
at 2017-12-20T15:20:43-05:00
composite: Make compIsAlternateVisual safe even if Composite is off
As of ea483af9 we're calling this unconditionally from the GLX code so
the synthetic visual is in a lower select group. If Composite has been
disabled then GetCompScreen() will return NULL, and this would crash.
Rather than force the caller to check first, just always return FALSE if
Composite is disabled (which is correct, since none of the visuals will
be synthetic in that case).
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
(cherry picked from commit f80119120c487581ac050ce741808f7c8f438f35)
-
4c64b20a
by Adam Jackson
at 2017-12-20T15:20:43-05:00
glx: Send GLX_VISUAL_SELECT_GROUP_SGIX attribute for visuals
We already send this for fbconfigs. Mesa happens to implement
glXChooseVisual relative to the fbconfig data, but that might not be
true of NVIDIA's libGL.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 43efaa6e4fd903229dc9c508da4177ad4bbdd4d8)
-
c64bd21d
by Adam Jackson
at 2017-12-20T15:20:43-05:00
glx: Move Composite's synthetic visuals to a different select group
Should you find yourself using a 16bpp display while also using a
compositor, you poor soul, you may find that your GLX applications
behave strangely; in particular, glxgears will be transparent. This is
because it clears to (0,0,0,0) which is transparent if you honor alpha,
and it will choose the synthetic visual because it has the most
available r/g/b bits.
To avoid this, bump synthetic visuals to a higher (less-preferred)
select group. Unless the client explicitly asks for non-zero alpha bits,
this will prefer any rgb565 visual ahead of the argb8888 visual.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit ea483af99a6351323afe00a0b630cd63310efdb1)
-
1726badd
by Thomas Hellstrom
at 2017-12-20T15:20:43-05:00
glx: Work around a GLX_OML swap method in older dri drivers
The swapMethod config member would typically contain an arbitrary value
on older dri drivers. Fix this so that if we detect an illegal value,
return GLX_SWAP_UNDEFINED_OML.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 0fc26310d5b09213c65f50bde444a1758172b016)
-
22b0880d
by Thomas Hellstrom
at 2017-12-20T15:20:43-05:00
glx: Fix visual fbconfig matching with respect to swap method
For the built in visuals, we'd typically select the "best" fbconfig
without considering the swap method. If the client then requests a
specific swap method, say GLX_SWAP_COPY_OML, it may well happen that the
first fbconfig matching requirements would have been paired with the 32-bit
compositing visual, and the client would render a potentially transparent
window.
Fix this so that we try to match fbconfigs with the same swap method to all
built-in visuals. That would guarantee that selecting a specific swap-
method would not influence the chance of getting a compositing visual.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 4486d199bd3bcb5b2b8ad9bc54eb11604d9bd653)
-
91c42093
by Thomas Hellstrom
at 2017-12-20T15:20:43-05:00
glx: Duplicate relevant fbconfigs for compositing visuals
Previously, before GLX_OML_swap_method was fixed, both the X server and
client ignored the swapMethod fbconfig value, which meant that, if the dri
driver thought it exposed more than one swapMethod, it actually just
exported a duplicated set of fbconfigs. When fixing GLX_OML_swap_method
and restricting the choice for built-in visuals to a single swap method
that meant we didn't have that many fbconfigs to choose from when pairing
the compositing visual with an fbconfig, resulting in the fbconfig paired
with the compositing visual becoming too restrictive for some applications,
(at least for kwin). This problem would also happen if the dri driver
only exposed a single swap method to begin with.
So, to make sure the compositing visual gets a good enough fbconfig,
duplicate fbconfigs that are suitable for compositing visuals and make
sure these duplicated fbconfigs can be used only by compositing visuals.
For duplicated fbconfigs not paired with a compositing visual, construct
new compositing visuals, making compositing clients able to choose visuals
/ fbconfig more adapted to their needs.
This is in some sense equivalent to adding a new "TRUECOLOR_COMPOSITING"
GLX visualtype.
Fixes: 4486d199bd3b ("glx: Fix visual fbconfig matching with respect to
swap method")
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102806
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Tested-By: Nick Sarnie <commendsarnex@gmail.com>
Tested-by: Fredrik Höglund <fredrik@kde.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit f84e59a4f474d22860bac8aec2947798a86db69b)
-
ebfb06b1
by Adam Jackson
at 2017-12-20T15:20:43-05:00
xserver 1.19.6
Signed-off-by: Adam Jackson <ajax@redhat.com>
-
4405392d
by Timo Aaltonen
at 2018-01-18T12:54:52+02:00
Merge branch 'upstream-unstable' into debian-unstable
-
9eb362a8
by Timo Aaltonen
at 2018-01-18T13:09:54+02:00
update changelog
-
e01fd54d
by Timo Aaltonen
at 2018-01-18T14:06:20+02:00
07-glx-do-not-pick-srgb-config-for-32bit-rgba-visual.diff: Add a patch from upstream to fix potential issues with mesa git.
-
79d48c61
by Timo Aaltonen
at 2018-01-26T16:30:15+02:00
release to unstable
-
2672d213
by Timo Aaltonen
at 2018-01-26T16:42:37+02:00
sync with the archive
-
46029759
by Timo Aaltonen
at 2018-01-26T17:06:23+02:00
Merge branch 'debian-unstable' into ubuntu
-
b4af6384
by Timo Aaltonen
at 2018-01-26T17:18:38+02:00
update changelog
-
9da8b4de
by Timo Aaltonen
at 2018-01-26T17:19:22+02:00
XShmGetImage_fix_censoring.patch: Dropped, upstream.
-
6dc09988
by Timo Aaltonen
at 2018-01-26T17:20:03+02:00
control: Merge fix: add dh-autoreconf back.
-
51c65e1e
by Timo Aaltonen
at 2018-01-26T17:28:06+02:00
release to bionic
-
d4cfc843
by Timo Aaltonen
at 2018-02-15T15:09:08+02:00
improve-outputclass.diff: Backport commits from upstream to improve OutputClass to support options and overriding primary GPU.
-
35be6ad6
by Timo Aaltonen
at 2018-02-15T15:18:16+02:00
191-Xorg-add-an-extra-module-path.patch, rules.flags: Drop adding extra-modules dir, not necessary anymore with outputclass additions.
-
5d933228
by Timo Aaltonen
at 2018-02-15T15:19:55+02:00
105_nvidia_autodetect.patch: Dropped, obsolete now.
-
60f59c5b
by Timo Aaltonen
at 2018-02-15T15:29:30+02:00
188_default_primary_to_first_busid.patch: Dropped, obsolete now.