Use an explicit runtime check to apply the newer corner styling on macOS 26 while leaving behavior unchanged on older macOS versions for compatibility.
Also add the required QuartzCore framework for linking the corner curve API.
Timing-safe comparisons:
- crypto.c: Replace memcmp with CRYPTO_memcmp for Secret equality,
require equal lengths before comparing
- remote_control.py: Constant-time password lookup to avoid leaking
valid passwords via dict hash timing
- file_transmission.py: Use hmac.compare_digest for bypass token
comparison instead of ==
Memory safety:
- child-monitor.c: Fix inverted condition in write_to_peer that
prevented memmove from ever executing on partial writes
- ibus_glfw.c: Null-terminate IBUS_ADDRESS copy to prevent string
overread when strlen >= PATH_MAX
- x11_window.c: Add NULL checks after realloc in clipboard/DnD
data handling (two sites)
- dnd.c: Cap accepted_mimes at 1MB to prevent unbounded growth,
fix realloc to not lose the original pointer on failure
- png-reader.c: Cast to size_t before multiplication to prevent
integer overflow on 32-bit platforms
Secrets hygiene:
- disk-cache.c: Zero encryption_key with explicit_bzero before free
Tar extraction hardening:
- tar.go: Validate hardlink targets against destination prefix to
prevent writing outside extraction directory
- tar.go: Strip setuid/setgid/sticky bits from extracted files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a USB HID device (keyboard/mouse) is disconnected, X11 fires an
XI_HierarchyChanged event, which triggers read_xi_scroll_devices().
That function calls XIGetProperty() on devices from XIQueryDevice().
There is a race condition: if a device is removed between these calls,
X11 generates an XI_BadDevice error. Without a custom error handler, the
default X11 handler calls exit(), killing kitty.
Fix: wrap the device query loop in read_xi_scroll_devices() with
_glfwGrabErrorHandlerX11() / _glfwReleaseErrorHandlerX11() so that any
XI_BadDevice error is captured by kitty's own handler rather than the
default fatal one.
Fixes#9723Fixes#9724
This ensures that Ctrl+H behaves like Backspace and correctly clears
the pre-edit state, preventing uncommitted characters from remaining
on the screen when using IMEs like the Japanese one on macOS.
When kitty loses focus and the user scrolls in another
application, X11 XI scroll valuators accumulate position values. When the
user returns to kitty and scrolls, delta (value - v->value) uses the stale
pre-focus-loss value, causing a massive unexpected scroll jump.
Fix: reset scroll valuators (mark them uninitialized) on FocusOut so the
first scroll event after focus is regained sets the baseline without firing
a scroll event.
Fixes#9703Fixes#9707
