diff options
| author | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2023-01-22 09:44:43 +0000 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2023-01-22 09:44:43 +0000 |
| commit | cfbafbf69f29d92d0e3435367964d7e256a4deff (patch) | |
| tree | cb7a8af818bbbce338d40630472ded4f2bf95580 | |
| parent | 5137be12226ec726cde8f1b16f38c9d0f63c8281 (diff) | |
Merge xserver 21.1.6.
Includes a few fixes to the security patches already committed.
| -rw-r--r-- | xserver/ChangeLog | 309 | ||||
| -rw-r--r-- | xserver/Xext/saver.c | 2 | ||||
| -rw-r--r-- | xserver/Xext/xtest.c | 2 | ||||
| -rw-r--r-- | xserver/configure | 28 | ||||
| -rw-r--r-- | xserver/configure.ac | 4 | ||||
| -rw-r--r-- | xserver/hw/xquartz/Makefile.am | 5 | ||||
| -rw-r--r-- | xserver/hw/xquartz/Makefile.in | 5 | ||||
| -rw-r--r-- | xserver/hw/xquartz/NSUserDefaults+XQuartzDefaults.m | 9 | ||||
| -rw-r--r-- | xserver/hw/xquartz/defaults.plist | 17 | ||||
| -rw-r--r-- | xserver/hw/xquartz/mach-startup/stub.c | 111 | ||||
| -rw-r--r-- | xserver/hw/xquartz/meson.build | 8 | ||||
| -rw-r--r-- | xserver/hw/xquartz/pbproxy/Makefile.am | 2 | ||||
| -rw-r--r-- | xserver/hw/xquartz/pbproxy/Makefile.in | 3 | ||||
| -rw-r--r-- | xserver/hw/xquartz/pbproxy/meson.build | 5 | ||||
| -rw-r--r-- | xserver/include/meson.build | 4 | ||||
| -rw-r--r-- | xserver/meson.build | 15 | ||||
| -rw-r--r-- | xserver/xkb/xkb.c | 31 |
17 files changed, 447 insertions, 113 deletions
diff --git a/xserver/ChangeLog b/xserver/ChangeLog index 117300174..f265ace9f 100644 --- a/xserver/ChangeLog +++ b/xserver/ChangeLog @@ -1,3 +1,312 @@ +commit 59b6fc88ed9f4b22397a568c2483e4c558856ffa +Author: Olivier Fourdan <ofourdan@redhat.com> +Date: Mon Dec 19 10:46:20 2022 +0100 + + xserver 21.1.6 + + Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> + +commit b7760d41c177983c2f2fca2ebdb8105628291720 +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon Dec 19 10:06:45 2022 +1000 + + Xext: fix invalid event type mask in XTestSwapFakeInput + + In commit b320ca0 the mask was inadvertently changed from octal 0177 to + hexadecimal 0x177. + + Fixes commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 + Xtest: disallow GenericEvents in XTestSwapFakeInput + + Found by Stuart Cassoff + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + (cherry picked from commit bb1711b7fba42f2a0c7d1c09beee241a1b2bcc30) + +commit 69ab3bcaa0f6a5adef6ec19161eb856a4744b32c +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed Jul 13 11:23:09 2022 +1000 + + xkb: fix some possible memleaks in XkbGetKbdByName + + GetComponentByName returns an allocated string, so let's free that if we + fail somewhere. + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + (cherry picked from commit 18f91b950e22c2a342a4fbc55e9ddf7534a707d2) + +commit 5dbb2b52cfeab212b5c9b7e344692a6384efdc4c +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Jul 5 12:06:20 2022 +1000 + + xkb: proof GetCountedString against request length attacks + + GetCountedString did a check for the whole string to be within the + request buffer but not for the initial 2 bytes that contain the length + field. A swapped client could send a malformed request to trigger a + swaps() on those bytes, writing into random memory. + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + (cherry picked from commit 11beef0b7f1ed290348e45618e5fa0d2bffcb72e) + +commit becf9d51c33a21e7700b18bb2324f466bb966de5 +Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Date: Wed Dec 14 00:13:34 2022 -0800 + + xquartz: Fix some formatting + + Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> + +commit 61d18bed664769b1d94ea1320e27f71560a01af2 +Author: John D Pell <John+git@gaelicWizard.net> +Date: Tue Jul 13 23:46:28 2021 -0700 + + XQuartz: stub: Call LSOpenApplication instead of fork()/exec() + + Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> + +commit f292fbfaac0c653ee49bbb24deb3add2b5da602f +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed Dec 14 11:34:41 2022 +1000 + + xserver 21.1.5 + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +commit e860bbce4fdb169e84033529331ae2666e679de7 +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon Dec 5 15:55:54 2022 +1000 + + xkb: reset the radio_groups pointer to NULL after freeing it + + Unlike other elements of the keymap, this pointer was freed but not + reset. On a subsequent XkbGetKbdByName request, the server may access + already freed memory. + + CVE-2022-4283, ZDI-CAN-19530 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit ccdd431cd8f1cabae9d744f0514b6533c438908c) + +commit 8a1fa008b2f90abce6cabb27d9bc2ed76d07b678 +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Nov 29 13:26:57 2022 +1000 + + Xi: avoid integer truncation in length check of ProcXIChangeProperty + + This fixes an OOB read and the resulting information disclosure. + + Length calculation for the request was clipped to a 32-bit integer. With + the correct stuff->num_items value the expected request size was + truncated, passing the REQUEST_FIXED_SIZE check. + + The server then proceeded with reading at least stuff->num_items bytes + (depending on stuff->format) from the request and stuffing whatever it + finds into the property. In the process it would also allocate at least + stuff->num_items bytes, i.e. 4GB. + + The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty, + so let's fix that too. + + CVE-2022-46344, ZDI-CAN 19405 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit 8f454b793e1f13c99872c15f0eed1d7f3b823fe8) + +commit 40f431de8a76f737c68ae659fee8472583f15e49 +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Nov 29 13:24:00 2022 +1000 + + Xi: return an error from XI property changes if verification failed + + Both ProcXChangeDeviceProperty and ProcXIChangeProperty checked the + property for validity but didn't actually return the potential error. + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit b8a84cb0f2807b07ab70ca9915fcdee21301b8ca) + +commit d6c7de9eadca980c8ce3b3b7752b67bfa95e6f31 +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Nov 29 14:53:07 2022 +1000 + + Xext: free the screen saver resource when replacing it + + This fixes a use-after-free bug: + + When a client first calls ScreenSaverSetAttributes(), a struct + ScreenSaverAttrRec is allocated and added to the client's + resources. + + When the same client calls ScreenSaverSetAttributes() again, a new + struct ScreenSaverAttrRec is allocated, replacing the old struct. The + old struct was freed but not removed from the clients resources. + + Later, when the client is destroyed the resource system invokes + ScreenSaverFreeAttr and attempts to clean up the already freed struct. + + Fix this by letting the resource system free the old attrs instead. + + CVE-2022-46343, ZDI-CAN 19404 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit 842ca3ccef100ce010d1d8f5f6d6cc1915055900) + +commit 67927cc41f452228188bbe2aa34a9ee4a9ce0c6b +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed Nov 30 11:20:40 2022 +1000 + + Xext: free the XvRTVideoNotify when turning off from the same client + + This fixes a use-after-free bug: + + When a client first calls XvdiSelectVideoNotify() on a drawable with a + TRUE onoff argument, a struct XvVideoNotifyRec is allocated. This struct + is added twice to the resources: + - as the drawable's XvRTVideoNotifyList. This happens only once per + drawable, subsequent calls append to this list. + - as the client's XvRTVideoNotify. This happens for every client. + + The struct keeps the ClientPtr around once it has been added for a + client. The idea, presumably, is that if the client disconnects we can remove + all structs from the drawable's list that match the client (by resetting + the ClientPtr to NULL), but if the drawable is destroyed we can remove + and free the whole list. + + However, if the same client then calls XvdiSelectVideoNotify() on the + same drawable with a FALSE onoff argument, only the ClientPtr on the + existing struct was set to NULL. The struct itself remained in the + client's resources. + + If the drawable is now destroyed, the resource system invokes + XvdiDestroyVideoNotifyList which frees the whole list for this drawable + - including our struct. This function however does not free the resource + for the client since our ClientPtr is NULL. + + Later, when the client is destroyed and the resource system invokes + XvdiDestroyVideoNotify, we unconditionally set the ClientPtr to NULL. On + a struct that has been freed previously. This is generally frowned upon. + + Fix this by calling FreeResource() on the second call instead of merely + setting the ClientPtr to NULL. This removes the struct from the client + resources (but not from the list), ensuring that it won't be accessed + again when the client quits. + + Note that the assignment tpn->client = NULL; is superfluous since the + XvdiDestroyVideoNotify function will do this anyway. But it's left for + clarity and to match a similar invocation in XvdiSelectPortNotify. + + CVE-2022-46342, ZDI-CAN 19400 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit b79f32b57cc0c1186b2899bce7cf89f7b325161b) + +commit a6c0d7b142e762a6b9934a23e060ea91ff5afcea +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Nov 29 13:55:32 2022 +1000 + + Xi: disallow passive grabs with a detail > 255 + + The XKB protocol effectively prevents us from ever using keycodes above + 255. For buttons it's theoretically possible but realistically too niche + to worry about. For all other passive grabs, the detail must be zero + anyway. + + This fixes an OOB write: + + ProcXIPassiveUngrabDevice() calls DeletePassiveGrabFromList with a + temporary grab struct which contains tempGrab->detail.exact = stuff->detail. + For matching existing grabs, DeleteDetailFromMask is called with the + stuff->detail value. This function creates a new mask with the one bit + representing stuff->detail cleared. + + However, the array size for the new mask is 8 * sizeof(CARD32) bits, + thus any detail above 255 results in an OOB array write. + + CVE-2022-46341, ZDI-CAN 19381 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit 51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b) + +commit 936d34bdff4c479ccd0405fc221ff8e4c6c7014d +Author: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue Nov 29 12:55:45 2022 +1000 + + Xtest: disallow GenericEvents in XTestSwapFakeInput + + XTestSwapFakeInput assumes all events in this request are + sizeof(xEvent) and iterates through these in 32-byte increments. + However, a GenericEvent may be of arbitrary length longer than 32 bytes, + so any GenericEvent in this list would result in subsequent events to be + misparsed. + + Additional, the swapped event is written into a stack-allocated struct + xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes, + swapping the event may thus smash the stack like an avocado on toast. + + Catch this case early and return BadValue for any GenericEvent. + Which is what would happen in unswapped setups anyway since XTest + doesn't support GenericEvent. + + CVE-2022-46340, ZDI-CAN 19265 + + This vulnerability was discovered by: + Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + + Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + Acked-by: Olivier Fourdan <ofourdan@redhat.com> + (cherry picked from commit b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63) + +commit 5f2d652377995c0c0c3cf07463b5018450661d13 +Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Date: Sun Nov 27 15:04:13 2022 -0800 + + meson: Don't build COMPOSITE for XQuartz + + Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> + (cherry picked from commit 9c0373366988cc0b909ba31e61c43cc46e054b40) + +commit 3dee0aac2c0ed4538880b65ee528e4633d103592 +Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Date: Thu Nov 24 10:58:26 2022 -0800 + + xquartz: Move default applications list outside of the main executable + + This will allow side-wide customization. + + Fixes: https://github.com/XQuartz/XQuartz/issues/274 + Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> + (cherry picked from commit e654de80ed560c480efc072d876808b1d78da052) + +commit 5d302c378d9d21b34db2434425b766ac4f05de89 +Author: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Date: Thu Nov 24 11:04:08 2022 -0800 + + xquartz: Remove unused macro (X11LIBDIR) + + Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> + (cherry picked from commit 3dbd809c0e2d8da4191dd4a3fd4abdd14be0d838) + commit 6bf62381d0a1fb54226a10f9d0e6b03aff12f3aa Author: Povilas Kanapickas <povilas@radix.lt> Date: Tue Jul 12 16:09:23 2022 +0300 diff --git a/xserver/Xext/saver.c b/xserver/Xext/saver.c index f73fd01c5..fd6153c31 100644 --- a/xserver/Xext/saver.c +++ b/xserver/Xext/saver.c @@ -1350,8 +1350,8 @@ SProcScreenSaverSuspend(ClientPtr client) { REQUEST(xScreenSaverSuspendReq); - REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); swaps(&stuff->length); + REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); swapl(&stuff->suspend); return ProcScreenSaverSuspend(client); } diff --git a/xserver/Xext/xtest.c b/xserver/Xext/xtest.c index e5d38aa61..9b55b20b3 100644 --- a/xserver/Xext/xtest.c +++ b/xserver/Xext/xtest.c @@ -502,7 +502,7 @@ XTestSwapFakeInput(ClientPtr client, xReq * req) nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent); for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) { - int evtype = ev->u.u.type & 0x177; + int evtype = ev->u.u.type & 0177; /* Swap event */ proc = EventSwapVector[evtype]; /* no swapping proc; invalid event type? */ diff --git a/xserver/configure b/xserver/configure index c50d8c55e..6a026d092 100644 --- a/xserver/configure +++ b/xserver/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xorg-server 21.1.4. +# Generated by GNU Autoconf 2.69 for xorg-server 21.1.6. # # Report bugs to <https://gitlab.freedesktop.org/xorg/xserver/issues>. # @@ -651,8 +651,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='xorg-server' PACKAGE_TARNAME='xorg-server' -PACKAGE_VERSION='21.1.4' -PACKAGE_STRING='xorg-server 21.1.4' +PACKAGE_VERSION='21.1.6' +PACKAGE_STRING='xorg-server 21.1.6' PACKAGE_BUGREPORT='https://gitlab.freedesktop.org/xorg/xserver/issues' PACKAGE_URL='' @@ -1986,7 +1986,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xorg-server 21.1.4 to adapt to many kinds of systems. +\`configure' configures xorg-server 21.1.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2057,7 +2057,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xorg-server 21.1.4:";; + short | recursive ) echo "Configuration of xorg-server 21.1.6:";; esac cat <<\_ACEOF @@ -2246,10 +2246,10 @@ Optional Packages: org.x) --with-bundle-version=VERSION Version to use for X11.app's CFBundleVersion - (default: 21.1.4) + (default: 21.1.6) --with-bundle-version-string=VERSION Version to use for X11.app's - CFBundleShortVersionString (default: 21.1.4) + CFBundleShortVersionString (default: 21.1.6) --with-sparkle-feed-url=URL URL for the Sparkle feed (default: https://www.xquartz.org/releases/sparkle/release.xml) @@ -2460,7 +2460,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xorg-server configure 21.1.4 +xorg-server configure 21.1.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3169,7 +3169,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xorg-server $as_me 21.1.4, which was +It was created by xorg-server $as_me 21.1.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3517,7 +3517,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -RELEASE_DATE="2022-07-12" +RELEASE_DATE="2022-12-19" RELEASE_NAME="Caramel Ice Cream" @@ -3997,7 +3997,7 @@ fi # Define the identity of the package. PACKAGE='xorg-server' - VERSION='21.1.4' + VERSION='21.1.6' cat >>confdefs.h <<_ACEOF @@ -22895,7 +22895,7 @@ _ACEOF if test "${with_bundle_version+set}" = set; then : withval=$with_bundle_version; BUNDLE_VERSION="${withval}" else - BUNDLE_VERSION="21.1.4" + BUNDLE_VERSION="21.1.6" fi @@ -31541,7 +31541,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xorg-server $as_me 21.1.4, which was +This file was extended by xorg-server $as_me 21.1.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31607,7 +31607,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xorg-server config.status 21.1.4 +xorg-server config.status 21.1.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/xserver/configure.ac b/xserver/configure.ac index e3694d5af..8fe62cee5 100644 --- a/xserver/configure.ac +++ b/xserver/configure.ac @@ -26,8 +26,8 @@ dnl dnl Process this file with autoconf to create configure. AC_PREREQ(2.60) -AC_INIT([xorg-server], 21.1.4, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server) -RELEASE_DATE="2022-07-12" +AC_INIT([xorg-server], 21.1.6, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server) +RELEASE_DATE="2022-12-19" RELEASE_NAME="Caramel Ice Cream" AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/xserver/hw/xquartz/Makefile.am b/xserver/hw/xquartz/Makefile.am index 222f3b1d4..9db38c403 100644 --- a/xserver/hw/xquartz/Makefile.am +++ b/xserver/hw/xquartz/Makefile.am @@ -2,14 +2,14 @@ noinst_LTLIBRARIES = libXquartz.la AM_CFLAGS = $(DIX_CFLAGS) AM_OBJCFLAGS = $(DIX_CFLAGS) AM_CPPFLAGS = \ + -DXQUARTZ_DATA_DIR=\"$(datadir)/X11/XQuartz\" \ -DXSERVER_VERSION=\"$(VERSION)\" \ -DBUNDLE_ID_PREFIX=\"$(BUNDLE_ID_PREFIX)\" \ -DUSE_NEW_CLUT \ -DXFree86Server \ -I$(top_srcdir)/miext/rootless \ -I$(top_builddir)/pseudoramiX \ - -I$(top_builddir) \ - -DX11LIBDIR=\"$(libdir)\" + -I$(top_builddir)" if GLX GL_DIR = GL @@ -45,6 +45,7 @@ EXTRA_DIST = \ darwin.h \ darwinfb.h \ darwinEvents.h \ + defaults.plist \ keysym2ucs.h \ quartz.h \ quartzKeyboard.h \ diff --git a/xserver/hw/xquartz/Makefile.in b/xserver/hw/xquartz/Makefile.in index 922bbacae..46b403fdf 100644 --- a/xserver/hw/xquartz/Makefile.in +++ b/xserver/hw/xquartz/Makefile.in @@ -510,14 +510,14 @@ noinst_LTLIBRARIES = libXquartz.la AM_CFLAGS = $(DIX_CFLAGS) AM_OBJCFLAGS = $(DIX_CFLAGS) AM_CPPFLAGS = \ + -DXQUARTZ_DATA_DIR=\"$(datadir)/X11/XQuartz\" \ -DXSERVER_VERSION=\"$(VERSION)\" \ -DBUNDLE_ID_PREFIX=\"$(BUNDLE_ID_PREFIX)\" \ -DUSE_NEW_CLUT \ -DXFree86Server \ -I$(top_srcdir)/miext/rootless \ -I$(top_builddir)/pseudoramiX \ - -I$(top_builddir) \ - -DX11LIBDIR=\"$(libdir)\" + -I$(top_builddir)" @GLX_TRUE@GL_DIR = GL SUBDIRS = bundle . $(GL_DIR) xpr pbproxy mach-startup man @@ -547,6 +547,7 @@ EXTRA_DIST = \ darwin.h \ darwinfb.h \ darwinEvents.h \ + defaults.plist \ keysym2ucs.h \ quartz.h \ quartzKeyboard.h \ diff --git a/xserver/hw/xquartz/NSUserDefaults+XQuartzDefaults.m b/xserver/hw/xquartz/NSUserDefaults+XQuartzDefaults.m index bd5dd2305..ecc192197 100644 --- a/xserver/hw/xquartz/NSUserDefaults+XQuartzDefaults.m +++ b/xserver/hw/xquartz/NSUserDefaults+XQuartzDefaults.m @@ -96,10 +96,6 @@ NSString * const XQuartzPrefKeySyncPrimaryOnSelect = @"sync_primary_on_select"; defaults = [[[NSUserDefaults alloc] initWithSuiteName:defaultsDomain] retain]; } - NSArray * const defaultAppsMenu = @[ - @[NSLocalizedString(@"Terminal", @"Terminal"), @"xterm", @"n"], - ]; - NSString *defaultWindowItemModifiers = @"command"; NSString * const defaultWindowItemModifiersLocalized = NSLocalizedString(@"window item modifiers", @"window item modifiers"); if (![defaultWindowItemModifiersLocalized isEqualToString:@"window item modifiers"]) { @@ -107,7 +103,6 @@ NSString * const XQuartzPrefKeySyncPrimaryOnSelect = @"sync_primary_on_select"; } NSDictionary<NSString *, id> * const defaultDefaultsDict = @{ - XQuartzPrefKeyAppsMenu : defaultAppsMenu, XQuartzPrefKeyFakeButtons : @(NO), // XQuartzPrefKeyFakeButton2 nil default // XQuartzPrefKeyFakeButton3 nil default @@ -141,6 +136,10 @@ NSString * const XQuartzPrefKeySyncPrimaryOnSelect = @"sync_primary_on_select"; }; [defaults registerDefaults:defaultDefaultsDict]; + + NSString * const systemDefaultsPlistPath = [@(XQUARTZ_DATA_DIR) stringByAppendingPathComponent:@"defaults.plist"]; + NSDictionary <NSString *, id> * const systemDefaultsDict = [NSDictionary dictionaryWithContentsOfFile:systemDefaultsPlistPath]; + [defaults registerDefaults:systemDefaultsDict]; }); return defaults; diff --git a/xserver/hw/xquartz/defaults.plist b/xserver/hw/xquartz/defaults.plist new file mode 100644 index 000000000..957b1e0c7 --- /dev/null +++ b/xserver/hw/xquartz/defaults.plist @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> + +<!-- This file contains system-wide defaults for XQuartz --> + +<plist version="1.0"> +<dict> + <key>apps_menu</key> + <array> + <array> + <string>Terminal</string> + <string>xterm</string> + <string>n</string> + </array> + </array> +</dict> +</plist> diff --git a/xserver/hw/xquartz/mach-startup/stub.c b/xserver/hw/xquartz/mach-startup/stub.c index f5fef90fb..83252e805 100644 --- a/xserver/hw/xquartz/mach-startup/stub.c +++ b/xserver/hw/xquartz/mach-startup/stub.c @@ -52,39 +52,25 @@ #include "launchd_fd.h" -static char x11_path[PATH_MAX + 1]; +static CFURLRef x11appURL; +static FSRef x11_appRef; static pid_t x11app_pid = 0; aslclient aslc; static void set_x11_path(void) { - CFURLRef appURL = NULL; - OSStatus osstatus = - LSFindApplicationForInfo(kLSUnknownCreator, CFSTR( - kX11AppBundleId), nil, nil, &appURL); + OSStatus osstatus = LSFindApplicationForInfo(kLSUnknownCreator, CFSTR(kX11AppBundleId), + nil, &x11_appRef, &x11appURL); switch (osstatus) { case noErr: - if (appURL == NULL) { - asl_log( - aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: Invalid response from LSFindApplicationForInfo(%s)", - kX11AppBundleId); - exit(1); - } - - if (!CFURLGetFileSystemRepresentation(appURL, true, - (unsigned char *)x11_path, - sizeof(x11_path))) { + if (x11appURL == NULL) { asl_log(aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: Error resolving URL for %s", + "Xquartz: Invalid response from LSFindApplicationForInfo(%s)", kX11AppBundleId); - exit(3); + exit(1); } - - strlcat(x11_path, kX11AppBundlePath, sizeof(x11_path)); - asl_log(aslc, NULL, ASL_LEVEL_INFO, "Xquartz: X11.app = %s", x11_path); break; case kLSApplicationNotFoundErr: @@ -96,8 +82,7 @@ set_x11_path(void) default: asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Unable to find application for %s, error code = %d", - kX11AppBundleId, - (int)osstatus); + kX11AppBundleId, (int)osstatus); exit(11); } } @@ -122,18 +107,15 @@ connect_to_socket(const char *filename) ret_fd = socket(PF_UNIX, SOCK_STREAM, 0); if (ret_fd == -1) { asl_log(aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: Failed to create socket: %s - %s", filename, - strerror( - errno)); + "Xquartz: Failed to create socket: %s - %d - %s", + filename, errno, strerror(errno)); return -1; } if (connect(ret_fd, servaddr, servaddr_len) < 0) { asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Failed to connect to socket: %s - %d - %s", - filename, errno, - strerror( - errno)); + filename, errno, strerror(errno)); close(ret_fd); return -1; } @@ -176,10 +158,9 @@ send_fd_handoff(int connected_fd, int launchd_fd) *((int *)CMSG_DATA(cmsg)) = launchd_fd; if (sendmsg(connected_fd, &msg, 0) < 0) { - asl_log( - aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: Error sending $DISPLAY file descriptor over fd %d: %d -- %s", - connected_fd, errno, strerror(errno)); + asl_log(aslc, NULL, ASL_LEVEL_ERR, + "Xquartz: Error sending $DISPLAY file descriptor over fd %d: %d -- %s", + connected_fd, errno, strerror(errno)); return; } @@ -253,26 +234,25 @@ main(int argc, char **argv, char **envp) server_bootstrap_name); set_x11_path(); - /* This forking is ugly and will be cleaned up later */ - child = fork(); - if (child == -1) { - asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Could not fork: %s", - strerror( - errno)); + char *listenOnlyArg = "--listenonly"; + CFStringRef silentLaunchArg = CFStringCreateWithCString(NULL, listenOnlyArg, kCFStringEncodingUTF8); + CFStringRef args[] = { silentLaunchArg }; + CFArrayRef passArgv = CFArrayCreate(NULL, (const void**) args, 1, NULL); + LSApplicationParameters params = { 0, /* CFIndex version == 0 */ + kLSLaunchDefaults, /* LSLaunchFlags flags */ + &x11_appRef, /* FSRef application */ + NULL, /* void* asyncLaunchRefCon*/ + NULL, /* CFDictionaryRef environment */ + passArgv, /* CFArrayRef arguments */ + NULL /* AppleEvent* initialEvent */ + }; + + OSStatus status = LSOpenApplication(¶ms, NULL); + if (status != noErr) { + asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Unable to launch: %d", (int)status); return EXIT_FAILURE; } - if (child == 0) { - char *_argv[3]; - _argv[0] = x11_path; - _argv[1] = "--listenonly"; - _argv[2] = NULL; - asl_log(aslc, NULL, ASL_LEVEL_NOTICE, - "Xquartz: Starting X server: %s --listenonly", - x11_path); - return execvp(x11_path, _argv); - } - /* Try connecting for 10 seconds */ for (i = 0; i < 80; i++) { usleep(250000); @@ -283,8 +263,7 @@ main(int argc, char **argv, char **envp) if (kr != KERN_SUCCESS) { asl_log(aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: bootstrap_look_up(): %s", bootstrap_strerror( - kr)); + "Xquartz: bootstrap_look_up(): %s", bootstrap_strerror(kr)); return EXIT_FAILURE; } } @@ -298,13 +277,10 @@ main(int argc, char **argv, char **envp) int handoff_fd = -1; for (try = 0, try_max = 5; try < try_max; try++) { - if (request_fd_handoff_socket(mp, - handoff_socket_filename) != - KERN_SUCCESS) { - asl_log( - aslc, NULL, ASL_LEVEL_INFO, - "Xquartz: Failed to request a socket from the server to send the $DISPLAY fd over (try %d of %d)", - (int)try + 1, (int)try_max); + if (request_fd_handoff_socket(mp, handoff_socket_filename) != KERN_SUCCESS) { + asl_log(aslc, NULL, ASL_LEVEL_INFO, + "Xquartz: Failed to request a socket from the server to send the $DISPLAY fd over (try %d of %d)", + (int)try + 1, (int)try_max); continue; } @@ -312,16 +288,13 @@ main(int argc, char **argv, char **envp) if (handoff_fd == -1) { asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Failed to connect to socket (try %d of %d)", - (int)try + 1, - (int)try_max); + (int)try + 1, (int)try_max); continue; } - asl_log( - aslc, NULL, ASL_LEVEL_INFO, - "Xquartz: Handoff connection established (try %d of %d) on fd %d, \"%s\". Sending message.", - (int)try + 1, (int)try_max, handoff_fd, - handoff_socket_filename); + asl_log(aslc, NULL, ASL_LEVEL_INFO, + "Xquartz: Handoff connection established (try %d of %d) on fd %d, \"%s\". Sending message.", + (int)try + 1, (int)try_max, handoff_fd, handoff_socket_filename); send_fd_handoff(handoff_fd, launchd_fd); close(handoff_fd); break; @@ -342,8 +315,7 @@ main(int argc, char **argv, char **envp) free(newargv); free(newenvp); - asl_log(aslc, NULL, ASL_LEVEL_ERR, - "Xquartz: Memory allocation failure"); + asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: Memory allocation failure"); return EXIT_FAILURE; } @@ -361,8 +333,7 @@ main(int argc, char **argv, char **envp) if (kr != KERN_SUCCESS) { asl_log(aslc, NULL, ASL_LEVEL_ERR, "Xquartz: start_x11_server: %s", - mach_error_string( - kr)); + mach_error_string(kr)); return EXIT_FAILURE; } return EXIT_SUCCESS; diff --git a/xserver/hw/xquartz/meson.build b/xserver/hw/xquartz/meson.build index 05600fdd9..83e79eae8 100644 --- a/xserver/hw/xquartz/meson.build +++ b/xserver/hw/xquartz/meson.build @@ -23,6 +23,7 @@ endif bundle_id_def = '-DBUNDLE_ID_PREFIX="@0@"'.format(bundle_id_prefix) bundle_root = join_paths(apple_applications_dir, apple_application_name + '.app') +xquartz_data_dir = join_paths(get_option('prefix'), get_option('datadir'),'X11', 'XQuartz') # using sparkle update framework? build_sparkle = xquartz_sparkle_feed_url != '' and xquartz_sparkle_public_edkey != '' @@ -58,10 +59,9 @@ srcs_libxquartz = [ libxquartz_defs = [ '-DUSE_NEW_CLUT', - '-DX11LIBDIR="@0@"'.format(join_paths(get_option('prefix'), - get_option('libdir'))), '-DXFree86Server', '-DXQUARTZ', + '-DXQUARTZ_DATA_DIR="@0@"'.format(xquartz_data_dir), '-DXSERVER_VERSION="@0@"'.format(meson.project_version()), bundle_id_def, sparkle_defs, @@ -95,3 +95,7 @@ xquartz_man = configure_file( configuration: manpage_config, ) install_man(xquartz_man) + +install_data('defaults.plist', + install_dir: xquartz_data_dir, + install_mode: 'rw-r--r--') diff --git a/xserver/hw/xquartz/pbproxy/Makefile.am b/xserver/hw/xquartz/pbproxy/Makefile.am index 3314855d7..b26b8e273 100644 --- a/xserver/hw/xquartz/pbproxy/Makefile.am +++ b/xserver/hw/xquartz/pbproxy/Makefile.am @@ -1,4 +1,4 @@ -AM_CPPFLAGS=-I.. +AM_CPPFLAGS=-I.. -DXQUARTZ_DATA_DIR=\"$(datadir)/X11/XQuartz\" AM_CFLAGS=$(XPBPROXY_CFLAGS) AM_OBJCFLAGS=$(XPBPROXY_CFLAGS) diff --git a/xserver/hw/xquartz/pbproxy/Makefile.in b/xserver/hw/xquartz/pbproxy/Makefile.in index 160070964..9236b8c39 100644 --- a/xserver/hw/xquartz/pbproxy/Makefile.in +++ b/xserver/hw/xquartz/pbproxy/Makefile.in @@ -482,7 +482,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -AM_CPPFLAGS = -I.. $(am__append_1) +AM_CPPFLAGS = -I.. -DXQUARTZ_DATA_DIR=\"$(datadir)/X11/XQuartz\" \ + $(am__append_1) AM_CFLAGS = $(XPBPROXY_CFLAGS) AM_OBJCFLAGS = $(XPBPROXY_CFLAGS) noinst_LTLIBRARIES = libxpbproxy.la diff --git a/xserver/hw/xquartz/pbproxy/meson.build b/xserver/hw/xquartz/pbproxy/meson.build index eebb9fd70..206cbdca3 100644 --- a/xserver/hw/xquartz/pbproxy/meson.build +++ b/xserver/hw/xquartz/pbproxy/meson.build @@ -1,6 +1,9 @@ build_standalone_pbproxy = get_option('xpbproxy') -pbproxy_defs = [bundle_id_def] +pbproxy_defs = [ + '-DXQUARTZ_DATA_DIR="@0@"'.format(xquartz_data_dir), + bundle_id_def +] if build_standalone_pbproxy pbproxy_defs += ['-DSTANDALONE_XPBPROXY'] endif diff --git a/xserver/include/meson.build b/xserver/include/meson.build index 3521fa3ef..6b4a69dd4 100644 --- a/xserver/include/meson.build +++ b/xserver/include/meson.build @@ -201,7 +201,9 @@ conf_data.set('UNIXCONN', host_machine.system() != 'windows' ? '1' : false) conf_data.set('IPv6', build_ipv6 ? '1' : false) conf_data.set('BIGREQS', '1') -conf_data.set('COMPOSITE', '1') +if build_composite + conf_data.set('COMPOSITE', '1') +endif conf_data.set('DAMAGE', '1') conf_data.set('DBE', '1') conf_data.set('DGA', build_dga ? '1' : false) diff --git a/xserver/meson.build b/xserver/meson.build index a6afd5575..e6b6fc6e7 100644 --- a/xserver/meson.build +++ b/xserver/meson.build @@ -3,10 +3,10 @@ project('xserver', 'c', 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '21.1.4', + version: '21.1.6', meson_version: '>= 0.47.0', ) -release_date = '2022-07-12' +release_date = '2022-12-19' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c') @@ -235,8 +235,10 @@ else build_xquartz = get_option('xquartz') == 'true' endif +build_composite = true build_rootless = false if build_xquartz + build_composite = false build_rootless = true endif @@ -697,7 +699,9 @@ subdir('fb') subdir('mi') subdir('os') # X extensions -subdir('composite') +if build_composite + subdir('composite') +endif subdir('damageext') subdir('dbe') subdir('miext/damage') @@ -731,7 +735,6 @@ libxserver = [ libxserver_mi, libxserver_dix, - libxserver_composite, libxserver_damageext, libxserver_dbe, libxserver_randr, @@ -748,6 +751,10 @@ libxserver = [ libxserver_os, ] +if build_composite + libxserver += libxserver_composite +endif + libxserver += libxserver_dri3 subdir('hw') diff --git a/xserver/xkb/xkb.c b/xserver/xkb/xkb.c index f0398d2fb..276dc1938 100644 --- a/xserver/xkb/xkb.c +++ b/xserver/xkb/xkb.c @@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) CARD16 len; wire = *wire_inout; + + if (client->req_len < + bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) + return BadValue; + len = *(CARD16 *) wire; if (client->swapped) { swaps(&len); @@ -5935,18 +5940,32 @@ ProcXkbGetKbdByName(ClientPtr client) xkb = dev->key->xkbInfo->desc; status = Success; str = (unsigned char *) &stuff[1]; - if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ - return BadMatch; + { + char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ + if (keymap) { + free(keymap); + return BadMatch; + } + } names.keycodes = GetComponentSpec(&str, TRUE, &status); names.types = GetComponentSpec(&str, TRUE, &status); names.compat = GetComponentSpec(&str, TRUE, &status); names.symbols = GetComponentSpec(&str, TRUE, &status); names.geometry = GetComponentSpec(&str, TRUE, &status); - if (status != Success) + if (status == Success) { + len = str - ((unsigned char *) stuff); + if ((XkbPaddedSize(len) / 4) != stuff->length) + status = BadLength; + } + + if (status != Success) { + free(names.keycodes); + free(names.types); + free(names.compat); + free(names.symbols); + free(names.geometry); return status; - len = str - ((unsigned char *) stuff); - if ((XkbPaddedSize(len) / 4) != stuff->length) - return BadLength; + } CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); |