Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit b67581cf82)
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 6ba44b91e3)
mesa used to send too long requests for GLXDestroyPixmap,
GLXDestroyWindow, GLXChangeDrawableAttributes, GLXGetDrawableAttributes
and GLXGetFBConfigsSGIX.
Fixes a regression introduced in ec9c97c6bf
X.Org bug#33324 <https://bugs.freedesktop.org/show_bug.cgi?id=33324>
Reported-by: xunx.fang@intel.com
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 402b329c3a)
The request is followed by a list of attributes.
X.Org bug#33449
Reported-and-tested-by: meng <mengmeng.meng@intel.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 1137c11be0)
The request is followed by an attribute list.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit a883cf1545)
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit d9225b9602)
Various glx requests include a list of pairs of attributes. We were
only swapping the first half.
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 62319e8381)
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 6c69235a9d)
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry-picked from commit ec9c97c6bf)
Conflicts:
glx/glxcmds.c
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 3f0d3f4d97)
The subtype in the DGA event is the core type and all ET_ event types (where
applicable) are identical to the core types. Thus the switch statement below
will work as required and assign the right master device.
Fixes a crasher bug on keyboard devices with valuators. If a device sends a
motion event while grabbed and a DGA client is active (but has not selected
input through DGA), the valuator event is posted through the VCK and
eventually results in a NULL-pointer dereference on dev->valuator.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 31ab9f8860)
Assume that a mode can be used in either landscape or portrait
orientation. I suppose the correct thing to do would be to
collect all the supported rotations from the CRTCs that can be used
with a specific output, but that information doesn't seem to be
readily available when these checks are done. So just assume that
either orientation is fine.
Signed-off-by: Ville Syrjälä <ville.syrjala@nokia.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 2e781457d4)
(cherry picked from commit aec278eb65)
Return a error if the screen is configured to an invalid size.
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit d1107918d4)
Fixes http://bugs.freedesktop.org/show_bug.cgi?id=24703 .
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit e06fa80400)
Like some other LPL panels, this one reports the vertical size in cm rather
than mm.
Patch taken from Launchpad bug #380009 <https://launchpad.net/bugs/380009>
X.Org Bug 28414 <https://bugs.freedesktop.org/show_bug.cgi?id=28414>
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 4b88c7be8d)
cc2c73ddcb4370a7c3ad439cda4da825156c26c9's three-cent titanium tax
doesn't go too far enough. Fix the rest of the call and jmp
instructions to handle the data prefix correctly.
Reference: Intel 64 and IA-32 Architectures Software Developer's Manual
Volume 2A: Instruction Set Reference, A-M
http://www.intel.com/Assets/PDF/manual/253666.pdf
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit bb18f27715)
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=24348
Before (data flag ignored -> broken):
66 DATA:
e944f1 JMP 1ff6
After (fixed):
66 DATA:
e944f1ffff JMP 00001ff8
This subtle difference in the length of decoded instruction meant
that the VBE call jumped to the routine setting AX=0x14F (VBE Failed)
instead of the routine that set AX=0x4F (VBE success).
The ability to run the same code in vm86 significantly aided the
debugging of this issue. Those X.org developers who would like to drop
vm86 better take special care towards _all_ vesa bugs, as those will
expose further issues.
Patch applies easily to even xserver 1.4.2.
Signed-off-by: Luc Verhaegen <libv@skynet.be>
Tested-by: Luc Verhaegen <libv@skynet.be>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit cc2c73ddcb)
Most extensions have a version defined
in the protocol headers, and also in the
server's protocol-versions.h. The latter
defines which version the server advertises
support for. Sync wasn't included in
protocol-versions.h, and was advertising
support for whatever was in the protocol
headers the server was built against.
Signed-off-by: James Jones <jajones@nvidia.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 27593eea7e)
Fixes https://bugs.freedesktop.org/show_bug.cgi?id=32803 .
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 6358a60065)
The function swapStops repeatedly swaps the color components as
CARD16, but incorrectly steps over them as if they were CARD32.
This causes half of the stops not to be swapped at all and some
unrelated data be swapped instead.
Signed-off-by: Andrea Canciani <ranma42@gmail.com>
Reviewed-by: Soren Sandmann <sandmann@daimi.au.dk>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit dab064fa5e)
screenInfo.numScreens is not a valid screen number, they go from 0 to
numScreens - 1.
Signed-off-by: Cyril Brulebois <kibi@debian.org>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 279ef1ffd7)
screenInfo.numScreens is not a valid screen number, they go from 0 to
numScreens - 1.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 8684543021)
This fixes a gamma issue on vt switch observed with KDM. VT switching away
and back would result in a black screen. Avoid this by storing the current
gamma information on init.
https://bugzilla.redhat.com/show_bug.cgi?id=533217
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 566d09a5cd)
When entering the VT, re-apply the saved gamma settings for each screen.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit c050aa2f5f)
If any part of the stack calls XIGetKnownProperty during device shutdown
the property is re-initialized before the server generation resets, leaving
the value invalid again.
Move the reset to the extension init which happens before input devices are
initialized before the first property is requested.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 5cd11d2356)
For whatever reason, some (broken) monitors will crash if you do this.
We're not actually using this information for anything, so let's just
not do it.
Originally reported as http://bugzilla.redhat.com/620333
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit d2064fbb68)
crtc->{x,y} is always 0 when xf86DefaultScreenLimits() is called, so we
calculate too small an area for the initial framebuffer and force a resize
to happen.
This commit fixes the code to use desired{X,Y} instead, which contains the
initial output positions.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit f7af00e9f0)
Commit 77c7a64e88 was introduced to fix
a cursor off by one on Intel hw, however it also move the whole crtc
into an off by one position and you could see gnom-eshell overlapping.
This commit reverts that and instead fixes the cursor hotspot
translation to work like pixman does. We add 0.5 to the cursor vector
before translating, and floor the value afterwards.
Thanks to Soeren (ssp) for pointing out where the real problem was
after explaning how pixman translates points.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 80d1a548d6)
Behaviour of earlier X servers was to deliver the ButtonPress event
unconditionally, regardless of the actual event mask being set. This is
documented in the protocol:
"This request establishes a passive grab. In the future, the pointer is
actively grabbed as described in GrabPointer, the last-pointer-grab time is
set to the time at which the button was pressed (as transmitted in the
ButtonPress event), and the ButtonPress event is reported if all of the
following conditions are true:
<list of conditions, event mask is not one of them>"
Thus, a GrabButton event will always deliver the button press event, a
GrabKey always the key press event, etc. Same goes for XI and XI2.
Reproducible with a simple client requesting a button grab in the form of:
XGrabButton(dpy, AnyButton, AnyModifier, win, True, ButtonReleaseMask,
GrabModeAsync, GrabModeAsync, None, None);
On servers before MPX/XI2, the client will receive a button press and
release event. On current servers, the client receives only the release.
Clients that expect the press event to be delivered unconditionally.
XTS Xlib13 XGrabButton 5/39 now passes.
This reverts commit 48585bd1e3.
Effectively reverts commit 1c612acca8 as well,
the code introduced with 1c612 is not needed anymore.
Conflicts:
dix/events.c
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 1884db430a)
Without this patch, any negative valuator value is wrong when returned
from XQueryDeviceState(). This is a regression from at least xserver
1.4.
Valuator data is set in dix/getevents.c:set_valuators() by copying
signed int values into an unsigned int field
DeviceEvent.valuators.data.
That data is converted into a double with an implicit cast by
assignment to axisVal[i] in Xi/exevents.c:UpdateDeviceState().
That double is converted back to a signed int in
queryst.c:ProcXQueryDeviceState(). If the original value in
set_valuators() is negative, the double value will be > 2^31 and the
conversion back to a signed int is undefined. (Although I
consistently see the value -2^31.)
Fix this by changing the definition of DeviceEvent.valuators.data from
uint32_t to int32_t.
Signed-off-by: Joe Shaw <joeshaw@litl.com>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit e354ccac36)
These have the same default, but if you specify something different with
-s on the command line, only the screensaver time is changed. As DPMS
is usually what's desired, change it to match.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 2a763c9023)
If a client sends a big request that's too big (i.e. bigger than
maxBigRequestSize << 2 bytes), the server just disconnects it. This makes the
client receive SIGPIPE the next time it tries to send something.
The X Test Suite sends requests that are too big when the test specifies the
TOO_LONG test type. When the client receives SIGPIPE, XTS marks it as
UNRESOLVED, which counts as a failure.
Instead, remember how long the request is supposed to be and then return that
size. Dispatch() checks the length and sends BadLength to the client. Then,
whenever oci->ignoreBytes is nonzero, ignore the data read instead of trying to
process it as a request.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit cf88363db0)
Because some EnterVT code needs to remove it self from the
call chain, we need to fix all of the wrappers to correctly
unwrap/rewrap during the call chain. This is a follow-on to the fix
for bug 27114 in commit 68a9ee8370.
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Jesse Barnes <jesse.barnes@intel.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
(cherry picked from commit d75e8146c4, and
conflict from b618705 fixed up)
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 3336e1f7f3)
When resetting the server, pScrn->EnterVT must be unwrapped or the
next server generation will end up wrapping the wrapper and causing an
infinite recursion on EnterVT.
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Michael Stapelberg <michael+freedesktop@stapelberg.de>
(cherry picked from commit 68a9ee8370)
ProcDRI2Dispatch uses LocalClient to determine if it's safe to respond
to a client that has made DRI2 requests which aren't sensible for
remote clients (anything but version). When the client has disappeared
mid-request stream (e.g. as a result of a kill -9, or a client-side
bug), LocalClient causes the X server to follow suit, as
((OsCommPtr)client->osPrivate)->trans_conn is NULL at this point.
The simple and obvious fix is to just return "not local" when
trans_conn is NULL, which fixes the crash I was seeing; however Keith
Packard pointed out that just checking trans_conn isn't enough;
quoting Keith:
"This looks almost right to me -- I reviewed the os code to see when
_XSERVTransClose is called (which is what frees the trans_conn data) and
found that every place which called that immediately set trans_conn to
NULL, except for the call in CloseDownFileDescriptor which is only
called from CloseDownConnection and which is immediately followed by
freeing the OsCommRec and setting client->osPrivate to NULL. So, I'd
suggest checking client->osPrivate in addition to the above check."
Signed-off-by: Simon Farnsworth <simon.farnsworth@onelan.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 660f6ab549)
When the parser sees the "keyboard" driver, it automatically (and
silently) replaces it with the constant string "kbd".
Everybody else uses malloc'd memory for the driver name, so input
device closure assumes it can use free.
Free val.str, so this crash doesn't turn into a memory leak. Whew.
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit bce12f2956)
A window with either dimension > 32767 can be positioned such that
coordinates > 32767 are visible on the screen. Attempts to draw to
those pixels will generate coordinates wrapped around to negative
values.
The optimized clipping macro, 'isClipped', in fbbits.h, computes
clipping in window space rather than screen space using int16 values,
and so it too has coordinates wrapped around to negative values and
hence ends up accepting the wrapped drawing coordinates.
Two possible fixes for this problem
1) Detect wrapped region coordinates and clip those to 32767.
2) Detect negative incoming coordinates and reject those
This patch takes the second approach as it is much shorter, simply
detecting when either X or Y incoming coordinate is negative, which
can never be 'within' any drawable.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 3e56efcfb6)
A simple hack to accommodate various EDID who have detailed modes that
exceed the EDID's max pixel clock. The pixel clock is only defined in
units of 10MHz and often appears as the maximum pixel code of the
detailed modes, rounded to the nearest 10MHz. Adjusting the max_clock to
include an extra 5MHz prevents the parser from rejecting the detailed
modes.
The kernel uses the same fuzz and by including it in X we can use the
same modes in X as for the console.
Fixes:
Bug 23833 - X uses different refresh rate to that set by kernel module
https://bugs.freedesktop.org/show_bug.cgi?id=23833
In the future, we will want to try harder to keep the KMS modes but at
the same time we need to apply the restrictions as specified by the
user's configuration, and need to fill in modes for fullscreen games on
fixed-mode panels.
Reported-and-tested-by: Fabio Pedretti <fabio.ped@libero.it>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 951605b466)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 5725849a1b)
The callback data passed by reference to the hook was allocated on stack
within the scope of the case statement. The compiler is free to reuse
any of that stack space whilst making the function call so we may end up
passing garbage into the callback.
References:
Bug 18451 - Xorg server 1.5.2 SEGV during XFixesGetCursorImage()
https://bugs.freedesktop.org/show_bug.cgi?id=18451
v2: Drop the unrelated hunk that snuck in when ammending the commit
message.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 6dae7f3792)
We were incorrectly NULLing out pDraw in __GLXDrawable instead of ours in
__GLXAquaDrawable. (we should refactor to eliminate this redundancy later)
This was causing http://xquartz.macosforge.org/trac/ticket/426
This was benign until commit f0006aa58f
The root cause of this change was fed7ccc481ad1caaa518cafe944c2327a5d0b6c65
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
(cherry picked from commit 98f90145d7)
Fixes regression introduced in 9de0e31746
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit ba1f1f9d9e)
If the native root window isn't resized as well, we will likely crash the
next time we draw to the root. On OS X, this can be seen by:
1) Put the display preferences in the menu bar and set X11's preferences so you
can access the menu bar in fullscreen mode
2) Set the resolution of your screen lower than normal.
3) Start X11 in fullscreen mode. The root window will cover the screen as
expected.
4) Use the menu bar to increase the resolution of the display. The root
window will now cover the old area and not the full screen, but
'xwininfo -root' will report the full width.
5) Run 'xsetroot -solid red', and we have the crash you mention above.
Leaving/entering fullscreen after #4 will fix the problem. This is because the
WINREC is erased when we leave fullscreen mode and it is recreated upon
re-entry:
RootlessUpdateRooted(FALSE)
RootlessDisableRoot(screenInfo.screens[0])
RootlessDestroyFrame (pRoot, winRec);
RootlessUpdateRooted(TRUE)
RootlessEnableRoot(screenInfo.screens[0])
RootlessEnsureFrame(screenInfo.screens[0]->pRoot)
creates a new WINREC...
Signed-off-by: Jan Hauffa <hauffa@in.tum.de>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Acked-By: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Jeremy Huddleston <jeremyhu@apple.com>
(cherry picked from commit 95756f410c)
