Stop trying to maintain a per-file _POSIX_C_SOURCE. Instead,
require POSIX.1-2008 globally. A lot of core source files depend
on that already.
Some care must be taken on a few select files where we need a bit
more than POSIX. Some files need XSI extensions (_XOPEN_SOURCE) and
some files need BSD extensions (_DEFAULT_SOURCE). In both cases,
these feature test macros imply _POSIX_C_SOURCE. Make sure to not
define both these macros and _POSIX_C_SOURCE explicitly to avoid
POSIX requirement conflicts (e.g. _POSIX_C_SOURCE says POSIX.1-2001
but _XOPEN_SOURCE says POSIX.1-2008).
Additionally, there is one special case in render/vulkan/vulkan.c.
That file needs major()/minor(), and these are system-specific.
On FreeBSD, _POSIX_C_SOURCE hides system-specific symbols so we need
to make sure it's not defined for this file. On Linux, we can
explicitly include <sys/sysmacros.h> and ensure that apart from
symbols defined there the file only uses POSIX toys.
- Add POSIX 1993.09 compliance macro in source files that use
"struct timespec";
- Add POSIX 2001.12 compliance macro in source files that use
"struct sigaction" and the SA_SIGINFO macro, or the fchmod()
function;
- Add POSIX 2008.09 compliance macro in source files that use the
getline() function.
These compliance macros are enough for wlroots to compile with the
git-master version of uClibc-ng.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
The spec reads:
> All paths set in these environment variables must be absolute. If an
> implementation encounters a relative path in any of these variables it should
> consider the path invalid and ignore it.
and
> If $XDG_DATA_HOME is either not set or empty, a default equal to
> $HOME/.local/share should be used.
Testing that the path is absolute also entails that is is non-empty.
The libXcursor fix for CVE-2013-2003 has never been imported into
wlroots, leaving it vulnerable to it.
Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.
Proof of Concept (compile with address sanitizer):
$ mkdir -p ~/.local/share/icons/poc/cursors
$ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \
~/.local/share/icons/poc/cursors/poc
$ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config
$ sway -c ~/poc-config
Stop listing all available cursors each time a cursor theme is
loaded. They can be obtained from the CLI instead, e.g.
ls /usr/share/icons/Adwaita/cursors
This reverts commit 7dffe9339b, which introduced
another linter error with -O3:
error: ‘strncat’ specified bound 7 equals source length [-Werror=stringop-overflow=]
This makes sense because strncat(dest, "cursors", strlen("cursors")) is moot
in security point of view.
The next commit will replace strncpy() with memcpy(), so let's restore the
original implementation.
Fix false positive stringop-truncation warning/error with GCC 10 on s390x by indicating GCC to explicitly ignore this case, as it is clearly a false positive (NUL is set in the following line).
This allow the compilation to succeed with -Werror on.
Fixes: https://github.com/swaywm/wlroots/issues/2018
Without the casts the bytes accesses get converted to int. but int is
not guaranteed to be 4 bytes large. Even when it is 4 bytes large
`bytes[3] << 24` does not fit because int is signed.
Bumps minimum version to 0.51.0
- Remove all intermediate static libraries.
They serve no purpose and are just add a bunch of boilerplate for
managing dependencies and options. It's now managed as a list of
files which are compiled into libwlroots directly.
- Use install_subdir instead of installing headers individually.
I've changed my mind since I did that. Listing them out is annoying as
hell, and it's easy to forget to do it.
- Add not_found_message for all of our optional dependencies that have a
meson option. It gives some hints about what option to pass and what
the optional dependency is for.
- Move all backend subdirectories into their own meson.build. This
keeps some of the backend-specific build logic (especially rdp and
session) more neatly separated off.
- Don't overlink example clients with code they're not using.
This was done by merging the protocol dictionaries and setting some
variables containing the code and client header file.
Example clients now explicitly mention what extension protocols they
want to link to.
- Split compositor example logic from client example logic.
- Minor formatting changes
Nowadays ~/.icons is not used anymore as the preferred location for custom
user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons) is what
toolkits like GTK prefer. Prepend that location to the default xcursor path, so
that cursor themes installed there can be used by apps and toolkits that use
libXcursor.
Port of https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/src?id=2263c196cb0dcb8547b378df7b35f83b8b99c01e
It is possible to trigger heap overflows due to an integer overflow
while parsing images.
The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes
4 bytes. Properly chosen values allow an overflow which in turn will
lead to less allocated memory than needed for subsequent reads.
See also:
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b85d201df72f
