The XEvIE extension doesn't clear the rep.length field for any reply but
the version check. Hence, if there is junk data in it and that is sent
to the client, it hangs.
X.Org bug#17394 (http://bugs.freedesktop.org/show_bug.cgi?id=17394)
There's no reason to not just dispatch this straight into the GC. As a
bonus, if you do so, damage wraps correctly, and thus swcursor works.
The side effect is it's no longer possible to override ShmPutImage with
ShmRegisterFuncs().
Also remove the (broken) damage tracking for same from EXA, since it didn't
work right, and is now superfluous.
This fixes a severe issue - when the client died the event mask didn't get
unregistered and a future event would dereference dangling pointers. By
storing the event masks in the resource system we can free them when the
client dies.
An integer overflow in the validation of the parameters of the
ShmPutImage() request makes it possible to trigger the copy of
arbitrary server memory to a pixmap that can subsequently be read by
the client, to read arbitrary parts of the X server memory space.
Lack of validation of the parameters of the
SProcSecurityGenerateAuthorization SProcRecordCreateContext
functions makes it possible for a specially crafted request to trigger
the swapping of bytes outside the parameter of these requests, causing
memory corruption.
This commit fixes two problems:
1) XTFI used to assemble the event itself, then passed it to the device. It's
much easier to just pass the variables into GPE/GKE and let the DIX do the
rest.
2) XTFI would pass the VCP/VCK as default device to event processing. As a
result, updating LEDs would be updated on the VCK, not on the actual keyboard.
Instead, we now pass the events through the last-used SD, thus toggling the
LEDs on the last keyboard that sent through this MD.
Also some cleanup in XTFI to merge validity checks a bit closer together
rather than having several different sections.
This breaks XTestFakeMotion with Xinerama though.
X.Org Bug 16145 <http://bugs.freedesktop.org/show_bug.cgi?id=16145>
During GetPointerEvents (and others), we need to access the last coordinates
posted for this device from the driver (not as posted to the client!). Lastx/y
is ok if we only have two axes, but with more complex devices we also need to
transition between all other axes.
ABI break, recompile your input drivers.
Conflicts:
Xext/xprint.c (removed in master)
config/hal.c
dix/main.c
hw/kdrive/ati/ati_cursor.c (removed in master)
hw/kdrive/i810/i810_cursor.c (removed in master)
hw/xprint/ddxInit.c (removed in master)
xkb/ddxLoad.c
Create a new exported global variable, XineramaVisualsEqualPtr. Use this
pointer to decide whether two visuals are equal during visual consolidation.
This pointer can be wrapped, which allows drivers and extensions to control
which visuals are consolidated. A wrapper can reject the visuals without
calling down, but must call down and return that result if it deems the visuals
equal. This ensures that all layers agree that the visuals are equal.
Pass the screen of the other visual into the VisualsEqual callchain.
Don't free PanoramiXVisuals since we need it for PanoramiXTranslateVisualID.
Don't skip the first visual on the other screen in PanoramiXMaybeAddVisual.
Skip the loop in PanoramiXTranslateVisualID if screen is 0.
Basically the same approach RandR takes. Remember which one the client
requested, send back the one the server supports. Also divide XGE server
version (now defined in geext.c) and the client's version (still in the
protocol definition).
This extension provided bug-compatibility with pre-X11R6, but has been
stubbed out in our server since 2006 to return BadRequest when you actually
asked for it.
Since XI devices can have their own sprite now, we need to update the sprite
coordinates too when processing an XI event.
Note: This doesn't deal with the device hierarchy correctly yet.
Formerly the code claimed it could only handle up to 256 visuals, which
was true. Also true, but not explicitly stated, was that it could only
handle visuals with VID < 256. If you have enough screens, and subsystems
that add lots of visuals, you can easily run off the end. (Made worse
because we allocate visual IDs from the same pool as XIDs.) If your app
then chooses a visual > 256, then the Xinerama code would throw BadMatch
on CreateColormap and your app wouldn't start.
With this change, PanoramiXVisualTable is gone. Other subsystems that
were using it as a translation table between each screen's visuals now
use a PanoramiXTranslateVisual() helper.
To recap: the original XC-SECURITY extension disallowed background "None" if
the window was untrusted. XACE 1.0 preserved this check as a hook function.
XACE pre-2.0 removed the hook and first abolished background "None entirely,
then restored it as a global on/off switch in response to Bug #13683.
Now it's back to being per-window, via a flag instead of a hook function.
