North Carolina
Freelance engineer working to make portable GUIs easy and pleasant.
I'm one of Gio's two maintainers, and I focus on making the text and widget APIs great.
Some other fun projects:
If you get value out of my work, please consider sponsoring me on Liberapay or GitHub.
I am also available for hire.
From Chris Waldon to ~eliasnaur/gio-patches
Thank you, all applied! I considered making the outlay.If helpers return the minimum constraints instead of zero size on their base case branches, but I think that breaks some of them, so I've left it alone for now. To git.sr.ht:~whereswaldon/gio-x 9e809b8..c005f2a main -> main Cheers, Chris
From Chris Waldon to ~eliasnaur/gio
Hi all, The latest newsletter detailing Gio v0.8.0 is available here: https://gioui.org/news/2025-01 Cheers, Chris
From Chris Waldon to ~eliasnaur/gio-patches
In order to avoid DLL preloading attacks, we should be careful about where we
load DLLs from. These packages load graphics DLLs, which may be provided by the
OS, by a graphics vendor, or even by individual applications. As such, we can't
restrict loading them to just system32-provided paths. Instead, we invoke
LoadLibraryEx [0] with the LOAD_LIBRARY_SEARCH_DEFAULT_DIRS path, which will search
system32, application-defined paths, and the path of the primary application
executable. This mode ignores the system %PATH% variable, which dramatically
reduces the attack surface of malicious or unintended DLLs.
Applications may add custom paths to the search list by calling the standard
windows AddDllDirectory function [1] prior to attempting to initialize GL.
Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to
our attention.
[message trimmed]
From Chris Waldon to ~eliasnaur/gio-patches
In order to avoid DLL preloading attacks, we should be careful about where we
load DLLs from. These packages load graphics DLLs, which may be provided by the
OS, by a graphics vendor, or even by individual applications. As such, we can't
restrict loading them to just system32-provided paths. Instead, we invoke
LoadLibraryEx [0] with the LOAD_LIBRARY_SEARCH_DEFAULT_DIRS path, which will search
system32, application-defined paths, and the path of the primary application
executable. This mode ignores the system %PATH% variable, which dramatically
reduces the attack surface of malicious or unintended DLLs.
Applications may add custom paths to the search list by calling the standard
windows AddDllDirectory function [1] prior to attempting to initialize GL.
Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to
our attention.
[message trimmed]
From Chris Waldon to ~eliasnaur/gio
> >From what I can tell, to get rid of decorations on X11, we just need to set `_MOTIF_WM_HINTS` and it will work in most cases. > > https://github.com/glfw/glfw/blob/21fea01161e0d6b70c0c5c1f52dc8e7a7df14a50/src/x11_window.c#L2624-L2644 > > GLFW used to have special cases for Gnome, KDE and others, but in their latest code, they only deal with that single property. We'd happily accept a patch for this if you'd like to make one.
From Chris Waldon to ~eliasnaur/gio-patches
On Thu, Jan 9, 2025 at 3:58 AM Elias Naur <mail@eliasnaur.com> wrote: > > On Thu Jan 9, 2025 at 2:15 AM CET, Chris Waldon wrote: > > In order to avoid DLL preloading attacks, we should always load our system > > dependencies using the helper that only searches the system library path. > > > > Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to > > our attention. > > > > Thanks. I applied the change to package app (kernel32.dll is a system dll). Are > you sure you want EGL and GLES loaded from the system DLL directory only? What > if a program supplies its own EGL/GLES libraries along with its executable? > I *think* I remember Plato doing this.
From Chris Waldon to ~eliasnaur/gio-patches
In order to avoid DLL preloading attacks, we should always load our system dependencies using the helper that only searches the system library path. Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to our attention. Signed-off-by: Chris Waldon <christopher.waldon.dev@gmail.com> --- app/log_windows.go | 5 +++-- internal/egl/egl_windows.go | 4 ++-- internal/gl/gl_windows.go | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app/log_windows.go b/app/log_windows.go [message trimmed]
From Chris Waldon to ~eliasnaur/gio
> I found the gogio sources and a variable called AndroidPermissions. > One of these would be WRITE_EXTERNAL_STORAGE. > > I do not understand how to set all of these permissions, > let's say for the "kitchen" apk, as a first try. Have the application import https://pkg.go.dev/gioui.org@v0.7.1/app/permission/storage. The gogio tool looks for this package and will modify the android manifest to request the proper permissions. Cheers, Chris
From Chris Waldon to ~eliasnaur/gio-patches
Elias, I think this one fell through the cracks. I'd prefer you to review it, as I'm less familiar with this section of code, but I'll do my best if you don't get to it in a week or so. Cheers, Chris On Tue, May 14, 2024 at 4:12 PM Walter Werner SCHNEIDER <contact@schnwalter.eu> wrote: > > The normal vector size and direction depend on the input point and the sign of the unit value provided, this patch fixes all edge cases. > > Fixes: https://todo.sr.ht/~eliasnaur/gio/576 > Signed-off-by: Walter Werner SCHNEIDER <contact@schnwalter.eu>
From Chris Waldon to ~eliasnaur/gio
On Tue, Dec 10, 2024 at 12:10 AM asin1 <asin1@aliyun.com> wrote: > > How can I center the window after it starts? Have you tried app.Window.Perform(system.ActionCenter)? https://pkg.go.dev/gioui.org/io/system#ActionCenter Cheers, Chris