-
271934db
by Samuel Thibault
at 2020-04-15T13:29:19+02:00
dix: do not send focus event when grab actually does not change
c67f2eac5651 ("dix: always send focus event on grab change") made dix
always sent events when it's a NotifyGrab or NotifyUngrab, even if
from == to, because 'from' can just come from a previous XSetInputFocus
call.
However, when an application calls XGrabKeyboard several times on
the same window, we are now sending spurious FocusOut+FocusIn with
NotifyGrab, even if the grab does not actually change. This makes screen
readers for blind people spuriously emit activity events which disturb
screen reading workflow when e.g. switching between menus.
This commit avoids calling DoFocusEvents in that precise case, i.e. when
oldWin is a previous grab and the new grab is the same window.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 364d64981549544213e2bca8de6ff8a5b2b5a69e)
-
b8b10e29
by Hans de Goede
at 2020-05-22T08:07:56+02:00
modesetting: Disable pageflipping when using a swcursor
The miPointerSpriteFunc swcursor code expects there to only be a single
framebuffer and when the cursor moves it will undo the damage of the
previous draw, potentially overwriting what ever is there in a new
framebuffer installed after a flip.
This leads to all kind of artifacts, so we need to disable pageflipping
when a swcursor is used.
The code for this has shamelessly been copied from the xf86-video-amdgpu
code.
Fixes: https://gitlab.freedesktop.org/xorg/xserver/issues/828
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
(cherry picked from commit 0aaac8d783e78c040a70a55ba8d67809abd7e625)
Signed-off-by: Łukasz Spintzyk <lukasz.spintzyk@displaylink.com>
-
0430d13c
by Olivier Fourdan
at 2020-05-29T09:24:11+00:00
xwayland: Fix infinite loop at startup
Mutter recently added headless tests, and when running those tests the
Wayland compositor runs for a very short time.
Xwayland is spawned by the Wayland compositor and upon startup will
query the various Wayland protocol supported by the compositor.
To do so, it will do a roundtrip to the Wayland server waiting for
events it expects.
If the Wayland compositor terminates before Xwayland has got the replies
it expects, it will loop indefinitely calling `wl_display_roundtrip()`
continuously.
To avoid that issue, add a new `xwl_screen_roundtrip()` that checks for
the returned value from `wl_display_roundtrip()` and fails if it is
negative.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Roman Gilg <subdiff@gmail.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
(cherry picked from commit 785e59060c00129e47da6c0877604a56d7e0e32f)
-
fc297c87
by Simon Ser
at 2020-07-03T10:51:36+00:00
xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
Drop GBM_BO_USE_SCANOUT from the GBM_BO_IMPORT_FD import, add
GBM_BO_USE_RENDERING to the GBM_BO_IMPORT_FD_MODIFIER import.
If the DMA-BUF cannot be scanned out, gbm_bo_import with
GBM_BO_USE_SCANOUT will fail. However Xwayland doesn't need to scan-out
the buffer and can work fine without scanout. Glamor only needs
GBM_BO_USE_RENDERING.
Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
(cherry picked from commit 421ce458f1d295015c108eb32f9611e527649cf8)
-
b3310ed5
by Michel Dänzer
at 2020-07-20T13:22:20+00:00
present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
The comment was incorrect: Any reference held by the window (see
present_wnmd_execute) is in addition to the one in struct present_vblank
(see present_vblank_create). So if we don't drop the latter, the pixmap
will be leaked.
Reviewed-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit bc9dd1c71c3722284ffaa7183f4119151b25a44f)
-
ba52e5eb
by Michel Dänzer
at 2020-07-20T13:22:20+00:00
present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
When present_wnmd_clear_window_flip is done, present_destroy_window
frees struct present_window_priv, and the events in the flip queue
become unreachable. So if we don't free them first, they're leaked.
Also drop the call to present_wnmd_set_abort_flip, which just sets a
flag in struct present_window_priv and thus can't have any observable
effect after present_destroy_window.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1042
Reviewed-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit 1bdedc8dbb9d035b85444c2558a137470ff52113)
-
37779d7f
by Michel Dänzer
at 2020-07-20T13:22:21+00:00
xwayland: Always use xwl_present_free_event for freeing Present events
Minor cleanup, and will make the next change simpler. No functional
change intended.
Reviewed-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit 1beffba699e2cc3f23039d2177c025bc127966de)
-
22c0808a
by Michel Dänzer
at 2020-07-20T13:22:21+00:00
xwayland: Free all remaining events in xwl_present_cleanup
At the end of xwl_present_cleanup, these events aren't reachable
anymore, so if we don't free them first, they're leaked.
(cherry picked from commit 64565ea344fef0171497952ef75f019cb420fe3b)
v2:
* Simpler backport, no need to keep a reference to the pixmap on the
1.20 branch.
-
3aa31823
by Olivier Fourdan
at 2020-07-20T15:54:39+02:00
xwayland: Clear private on device removal
Xwayland uses the device private to point to the `xwl_seat`.
Device may be removed at any time, including on suspend.
On resume, if the DIX code ends up calling a function that requires the
`xwl_seat` such as `xwl_set_cursor()` we may end up pointing at random
data.
Make sure the clear the device private data on removal so that we don't
try to use it and crash later.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
https://gitlab.freedesktop.org/xorg/xserver/issues/709
(cherry picked from commit 4195e8035645007be313ade79032b8d561ceec6c)
-
533cc6ca
by Sjoerd Simons
at 2020-07-20T15:54:39+02:00
xwayland: Fix crashes when there is no pointer
When running with a weston session without a pointer device (thus with
the wl_seat not having a pointer) xwayland pointer warping and pointer
confining should simply be ignored to avoid crashes.
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
(cherry picked from commit d35f68336b0a462dc660797d1779581f348af04e)
-
cc361355
by SimonP
at 2020-07-20T15:54:39+02:00
xwayland: Initialise values in xwlVidModeGetGamma()
ProcVidModeGetGamma() relies on GetGamma() to initialise values if it
returns TRUE. Without this, we're sending uninitialised values to
clients.
Fixes: xorg/xserver#1040
(cherry picked from commit 6748a4094158d2bde1630b915a5318f9f22c8e0a)
-
ccbcf083
by Lyude Paul
at 2020-07-20T15:54:39+02:00
xwayland: Store xwl_tablet_pad in its own private key
When a slave device causes the master virtual pointer device to change
device types, the device's private data pointer
(device->public.devicePrivate) is also changed to match the type of the
slave device. This can be a problem though, as tablet pad devices will
set the device's private data pointer to their own xwl_tablet_pad
struct. This can cause us to dereference the pointer as the wrong type,
and result in a segfault:
Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at src/wayland-client.c:792
792 va_start(ap, opcode);
(gdb) bt
0 wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at
src/wayland-client.c:792
1 0x00005610b27b6c55 in wl_pointer_set_cursor (hotspot_y=0,
hotspot_x=0, surface=0x0, serial=<optimized out>, wl_pointer=<optimized
out>) at /usr/include/wayland-client-protocol.h:4610
2 xwl_seat_set_cursor (xwl_seat=xwl_seat@entry=0x5610b46d5d10) at
xwayland-cursor.c:137
3 0x00005610b27b6ecd in xwl_set_cursor (device=<optimized out>,
screen=<optimized out>, cursor=<optimized out>, x=<optimized out>,
y=<optimized out>) at xwayland-cursor.c:249
4 0x00005610b2800b46 in miPointerUpdateSprite (pDev=0x5610b4501a30) at
mipointer.c:468
5 miPointerUpdateSprite (pDev=0x5610b4501a30) at mipointer.c:410
6 0x00005610b2800e56 in miPointerDisplayCursor (pCursor=0x5610b4b35740,
pScreen=0x5610b3d54410, pDev=0x5610b4501a30) at mipointer.c:206
7 miPointerDisplayCursor (pDev=0x5610b4501a30, pScreen=0x5610b3d54410,
pCursor=0x5610b4b35740) at mipointer.c:194
8 0x00005610b27ed62b in CursorDisplayCursor (pDev=<optimized out>,
pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at cursor.c:168
9 0x00005610b28773ee in AnimCurDisplayCursor (pDev=0x5610b4501a30,
pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at animcur.c:197
10 0x00005610b28eb4ca in ChangeToCursor (pDev=0x5610b4501a30,
cursor=0x5610b4b35740) at events.c:938
11 0x00005610b28ec99f in WindowHasNewCursor
(pWin=pWin@entry=0x5610b4b2e0c0) at events.c:3362
12 0x00005610b291102d in ChangeWindowAttributes (pWin=0x5610b4b2e0c0,
vmask=<optimized out>, vlist=vlist@entry=0x5610b4c41dcc,
client=client@entry=0x5610b4b2c900) at window.c:1561
13 0x00005610b28db8e3 in ProcChangeWindowAttributes (client=0x5610b4b2c900)
at dispatch.c:746
14 0x00005610b28e1e5b in Dispatch () at dispatch.c:497
15 0x00005610b28e5f34 in dix_main (argc=16, argv=0x7ffc7a601b68,
envp=<optimized out>) at main.c:276
16 0x00007f8828cde042 in __libc_start_main (main=0x5610b27ae930 <main>,
argc=16, argv=0x7ffc7a601b68, init=<optimized out>, fini=<optimized
out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a601b58) at
../csu/libc-start.c:308
17 0x00005610b27ae96e in _start () at cursor.c:1064
Simple reproducer in gnome-shell: open up an Xwayland window, press some
tablet buttons, lock and unlock the screen. Repeat if it doesn't crash
the first time.
So, let's fix this by registering our own device-specific private key
for storing a backpointer to xwl_tablet_pad, so that all input devices
have their private data pointers set to their respective xwl_seat.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Lyude Paul <lyude@redhat.com>
(cherry picked from commit ba0e789b912671c724a21b3a30291247718bcf7d)
-
4912f693
by Jose Maria Casanova Crespo
at 2020-07-21T15:22:48+00:00
modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
Since the introduction of "modesetting: Remove unnecessary fb addition from
drmmode_xf86crtc_resize" the fb_id isn't initialited at
drmmode_xf86crtc_resize.
Rotate operation of XRandR uses rotate_bo. So in this case the fb_id
associated to the front_bo is not initialized at drmmode_set_mode_major.
So fd_id remains 0.
As every call to drmmode_xf86crtc_resize allocates a new front_bo we should
destroy unconditionally the old_front_bo if operation success. So we free
the allocated GBM handles.
This avoids crashing xserver with a OOM in the RPI4 1Gb at 4k resolution
after 3 series xrandr rotations from normal to left and vice versa reported at
https://github.com/raspberrypi/firmware/issues/1345
Signed-off-by: Jose Maria Casanova Crespo <jmcasanova@igalia.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1024
Fixes: 8774532121 "modesetting: Remove unnecessary fb addition from
drmmode_xf86crtc_resize"
(cherry picked from commit 73480f172aeced074dd9301ae4d97f7d2f3a9a45)
-
1179938c
by Alex Goins
at 2020-07-21T16:48:37-05:00
randr: Check rrPrivKey in RRHasScanoutPixmap()
RRHasScanoutPixmap() is called from xf86CheckHWCursor(), regardless of whether
or not RandR has been initialized.
As mentioned in commit 4226c6d, it's possible that RandR has not been
initialized if the server is configured with Xinerama and there is more than one
X screen. Calling rrGetScrPriv when RandR isn't initialized causes an assertion
failure that aborts the server:
Xorg: ../include/privates.h:121: dixGetPrivateAddr: Assertion
key->initialized' failed.
Just as in commit 4226c6d, fix the problem by checking
dixPrivateKeyRegistered(rrPrivKey) before calling rrGetScrPriv.
Signed-off-by: Alex Goins <agoins@nvidia.com>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 8eeff5d7880c6885ee6f206355599f13d739afa7)
-
23c55ec3
by Michel Dänzer
at 2020-07-22T16:39:33+00:00
xwayland: Hold a pixmap reference in struct xwl_present_event
In the log of the commit below, I claimed this wasn't necessary on the
1.20 branch, but this turned out to be wrong: It meant that
event->buffer could already be destroyed in xwl_present_free_event,
resulting in use-after-free and likely a crash.
Fixes: 22c0808ac88f "xwayland: Free all remaining events in
xwl_present_cleanup"
-
3059a2e6
by Olivier Fourdan
at 2020-08-12T16:55:58+02:00
xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
Xwayland is just a Wayland client, no X11 screensaver should be
expected to work reliably on Xwayland when running rootless because
Xwayland cannot grab the input devices so it has no way to actually
lock the screen managed by the Wayland compositor.
Turn off the screensaver on Xwayland when running rootless by setting
the screensaver timeout and interval and their default values to zero
and disable the MIT-SCREEN-SAVER extension.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1051
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 5c20e4b834145f590c68dbc98e33c7d3d710001a)
-
0679d466
by Alan Coopersmith
at 2020-08-18T04:12:08+00:00
Update URL's in man pages
Mostly http->https conversions, but also replaces gitweb.fd.o
with gitlab.fd.o, and xquartz.macosforge.org with xquartz.org.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit a5151f58cf98d1696d60a3577dc50851f159da8a)
-
c726ceac
by Martin Weber
at 2020-08-18T04:12:09+00:00
hw/xfree86: Avoid cursor use after free
During a VT-Switch a raw pointer to the shared cursor object
is saved which is then freed (in case of low refcount) by a call to
xf86CursorSetCursor with argument pCurs = NullCursor.
This leads to a dangling pointer which can follow in a use after free.
This fix ensures that there is a shared handle saved for the VT-Switch cycle.
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit 7ae221ad5774756766dc78a73d71f4163ac7b1c6)
-
d4e8c462
by Simon Ser
at 2020-08-18T04:12:09+00:00
xwayland: only use linux-dmabuf if format/modifier was advertised
Previously, linux-dmabuf was used unconditionally if the buffer had a
modifier. However creating a linux-dmabuf buffer with a format/modifier
which hasn't been advertised will fail.
Change xwl_glamor_gbm_get_wl_buffer_for_pixmap to use linux-dmabuf when
the format/modifier has been advertised only.
Signed-off-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1035
Tested-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit c0e13cbf5a56e1fdd1e4ce58ebdefb6d2904e4b3)
-
6cbd6a09
by Olivier Fourdan
at 2020-08-18T04:12:09+00:00
xwayland: Use a fixed DPI value for core protocol
The way Xwayland works (like all Wayland clients), it first queries the
Wayland registry, set up all relevant protocols and then initializes its
own structures.
That means Xwayland will get the Wayland outputs from the Wayland
compositor, compute the physical size of the combined outputs and set
the corresponding Xwayland screen properties accordingly.
Then it creates the X11 screen using fbScreenInit() but does so by using
a default DPI value of 96. That value is used to set the physical size
of the X11 screen, hence overriding the value computed from the actual
physical size provided by the Wayland compositor.
As a result, the DPI computed by tools such as xdpyinfo will always be
96 regardless of the actual screen size and resolution.
However, if the Wayland outputs get reconfigured, or new outputs added,
or existing outputs removed, Xwayland will recompute and update the
physical size of the screen, leading to an unexpected change of DPI.
To avoid that discrepancy, use a fixed size DPI (defaults to 96, and can
be set using the standard command lime option "-dpi") and compute a
physical screen size to match that DPI setting.
Note that only affects legacy core protocols, X11 clients can still get
the actual physical output size as reported by the Wayland compositor
using the RandR protocol, which also allows for the size to be 0 if the
size is unknown or meaningless.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/731
(cherry picked from commit b0413b6e99c6b5fbc04229ce64ddf1f41b08e63e)
-
3b51978b
by Alan Coopersmith
at 2020-08-18T04:12:09+00:00
doc: Update URLs in Xserver-DTrace.xml
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 0006aecba097b437f96a462075494d68bdad24c1)
-
10cabe0b
by Michel Dänzer
at 2020-08-18T04:12:09+00:00
xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
This couldn't have worked correctly for non-0 x1/y1.
Noticed by inspection.
Reviewed-by: Simon Ser <contact@emersion.fr>
(cherry picked from commits 9141196d3104ab37385c3e385deaa70c002dd184)
(cherry picked fixup from commit 85a6fd11c723888ca093785a3df43066fdca9c33)
-
4a65b661
by Michel Dänzer
at 2020-08-18T04:12:09+00:00
xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
This can happen e.g. with weston's headless backend.
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit e33453f9111b21e4814d628e6ae00bc7b200f404)
-
7da8e7ba
by Roman Gilg
at 2020-08-18T04:12:09+00:00
present: Check valid region in window mode flips
For Pixmap flips to have well defined outcomes the window must be contained by
the valid region if such region was specified.
The valid region is inserted as an argument to the check in window mode.
Setting this argument is missing in screen mode as well but we ignore it for now
and only add it to window mode.
It seems there are none or only very few clients actually making use of valid
regions at the moment. For simplicity we therefore just check if a valid region
was set by the client and in this case do never flip, independently of the
window being contained by the region or not.
Signed-off-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit 591916ea9e7a77f68f436b4a541402d9deadfe64)
-
2720b871
by Aaron Ma
at 2020-08-18T04:12:09+00:00
xfree86: add drm modes on non-GTF panels
EDID1.4 replaced GTF Bit with Continuous or Non-Continuous Frequency Display.
Check the "Display Range Limits Descriptor" for GTF support.
If panel doesn't support GTF, then add gtf modes.
Otherwise X will only show the modes in "Detailed Timing Descriptor".
V2: Coding style changes.
V3: Coding style changes, remove unused variate.
V4: remove unused variate.
BugLink: https://gitlab.freedesktop.org/drm/intel/issues/313
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 6a79a737e2c0bc730ee693b4ea4a1530c108be4e)
-
4979ac8f
by Matthieu Herrb
at 2020-08-18T04:26:45+00:00
fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit a6b2cbe91793ae4967cd21a7103d889248029553)
-
74b7427c
by Adam Jackson
at 2020-08-18T17:20:09+00:00
linux: Make platform device probe less fragile
At the point where xf86BusProbe runs we haven't yet taken our own VT,
which means we can't perform drm "master" operations on the device. This
is tragic, because we need master to fish the bus id string out of the
kernel, which we can only do after drmSetInterfaceVersion, which for
some reason stores that string on the device not the file handle and
thus needs master access.
Fortunately we know the format of the busid string, and it happens to
almost be the same as the ID_PATH variable from udev. Use that instead
and stop calling drmSetInterfaceVersion.
(backported from commit 0816e8fca6194dfb4cc94c3a7fcb2c7f2a921386)
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
-
5c96eb5f
by Adam Jackson
at 2020-08-18T17:20:09+00:00
linux: Fix platform device PCI detection for complex bus topologies
Suppose you're in a Hyper-V guest and are trying to use PCI passthrough.
The ID_PATH that udev will construct for that looks something like
"acpi-VMBUS:00-pci-b8c8:00:00.0", and obviously looking for "pci-" in
the first four characters of that is going to not work.
Instead, strstr. I suppose it's possible you could have _multiple_ PCI
buses in the path, in which case you'd want strrstr, if that were a
thing.
(backported from commit 9acff309434a8029bcce1b22530043459bb71791)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
-
249a12c5
by Huacai Chen
at 2020-08-18T17:20:09+00:00
linux: Fix platform device probe for DT-based PCI
On a DT-base PCI platform, the sysfs path of vga device is like this:
/sys/devices/platform/bus@10000000/1a000000.pci/pci0000:00/0000:00:11.0/0000:04:00.0.
Then the ID_PATH from udev is platform-1a000000.pci-pci-0000:04:00.0 and
the BusID will be pci-0000:04:00.0, which causes Xorg start fail. This
is because config_udev_odev_setup_attribs() use strstr() to search the
first "pci-" in ID_PATH. To fix this, we implement a strrstr() function
and use it to search the last "pci-" in ID_PATH, which can get a correct
BusID.
(backported from commit 9fbd3e43dd9e13700df96b508c3d97f77e2b9f7e)
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Huacai Chen <chenhc@lemote.com>
-
1d3a1092
by Matthieu Herrb
at 2020-08-25T17:13:31+02:00
Correct bounds checking in XkbSetNames()
CVE-2020-14345 / ZDI 11428
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 11f22a3bf694d7061d552c99898d843bcdaf0cf1)
-
eff3f6cd
by Matthieu Herrb
at 2020-08-25T17:13:31+02:00
Fix XIChangeHierarchy() integer underflow
CVE-2020-14346 / ZDI-CAN-11429
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 1e3392b07923987c6c9d09cf75b24f397b59bd5e)
-
5b384e76
by Matthieu Herrb
at 2020-08-25T17:13:31+02:00
Fix XkbSelectEvents() integer underflow
CVE-2020-14361 ZDI-CAN 11573
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 90304b3c2018a6b8f4a79de86364d2af15cb9ad8)
-
705d7213
by Matthieu Herrb
at 2020-08-25T17:13:31+02:00
Fix XRecordRegisterClients() Integer underflow
CVE-2020-14362 ZDI-CAN-11574
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 24acad216aa0fc2ac451c67b2b86db057a032050)
-
afb77415
by Matt Turner
at 2020-08-25T08:23:42-07:00
xserver 1.20.9
Signed-off-by: Matt Turner <mattst88@gmail.com>