xcb_send_event always copies 32 bytes, so we have to pad all xcb_*_event_t
to 32 bytes to avoid leaking uninitialized stack memory. I found this
problem while running kwin_x11 on a CHERI-RISC-V system (which has bounded
pointers). The xcb_send_event() implementation has a memcpy() that was
copying 32 bytes but the event passed was a bounded to 28 bytes, so this
resulted in a run-time exception in X11Client::sendClientMessage().
The same problem exists in Selection::sendSelectionNotify(), but this time
we could end up copying up to 8 bytes since xcb_selection_notify_event_t
is only 24 bytes.
This disclosure of uninitialized data could in theory have a security
impact if it leaks a pointer value (e.g. a return address) as part of an
exploit chain that needs to bypass ASLR. However, the selection notify
events go directly to the XServer and you most likely already have a
serious problem if an attacker has full control over the XServer. It is
possible that the configure notify events go directly to an untrusted
client, but even if they do this leak is not directly exploitable.
See also https://gitlab.freedesktop.org/xorg/lib/libxcb/-/issues/18
An AbstractDragTarget is introduced. This contains either the DataDevice we are
dragging to or an Xwl bridge.
We set this on Seat along with the active surface.
In future this also allows getting rid of the move filter.
According to the spec, enter has to be send before position.
Sending position first seems to confuse clients, before this
change X windows only seemed to get data when the pointer left and
entered them for a second time. Now it works straight away.
BUG:437406
In the recent refactor we made it so environment variables got synced to
the Application::processStartupEnvironment.
It then seemed safe and cleaner to remove the qputenv calls, but this
was not the case. It regressed the unit tests on CI and kglobalaccel
which is another path where kwin spawns clients.
Syncs the primary selection from wayland to X and from X to wayland.
Instead of doing it through the internal connection like the clipboard,
this sets/reacts to changes in SeatInterface::prrimarySelection directly.
BUG:422426
FIXED-IN:5.23
This way if kwin_wayland crashes we don't need to ensure that new
environment variables need to get synced across the new env.
This fixes an issue where spawning an xwayland application from a
wayland window that survives a crash would fail.
By moving the logic here we no longer need to wait for kwin_wayland to
start before starting plasmashell or even ksmserver as all environment
variables are set. As long as the wrapper is ready we can continue
starting and clients will just block on connect.
That should still allow for both a lot of optimisations both for speed
and cleaning up the startplasma-wayland scripts.
This will be addressed in follow up patches.
Use of kwin_wayland directly with xwayland is still supported for
testing.
Offers shoul be set on a source before data_device.set_selection. Doing
so afterwards appears to be against the spec and as such we may not pass
the update to wayland clients / klipper.
kwayland-server was updated to follow the result of whether the data
offer was accepted before calling drop.
Our bridge was not updated.
We don't have enough data to know which mimeType the XWayland client
actually has accepted, as that doesn't exist at an X11 level, but it
doesn't have a big actual impact. Despite which mime type gets accepted
any mimetype can be retrieved in the drop event.
Tested against "dropsite" from QtBase widget examples forced into xcb
mode using dolphin as a source.
BUG: 437406
-listen <fd> option is deprecated in favor of the -listenfd option. This
change makes kwin query whether Xwayland supports the -listenfd option
at build time. If the pkg-config file is missing, we'll use the old listen
option.
There seems to be an interval between when you copy something from a Wayland
client and when you attempt to paste it into an X client where m_chunks.first().first
is empty, and trying to access its .data() will cause an assertion. While we can't
really gracefully handle this situation, we can at least terminate the function early
and turn the paste operation into a noop instead of a crash.
At the moment, the display name might change between Xwayland restarts.
It is a problem because the session process (plasma) may have an
outdated value of the DISPLAY environment variable after a restart.
With this change, it is guaranteed that the DISPLAY and the Xauthority
file stay the same until the server is stopped explicitly.
Since kwin runs as a normal user, it cannot create the X11 connection
socket directory because any user process can easily compromise the
security of the system by unsetting the sticky bit.
In order to guarantee the security of the system, the socket directory
must be created by root and have the sticky bit on.
Xwayland starts listening to -listenfd file descriptors after the WM_S0
selection is claimed. At the moment, it is claimed asynchronously by
kwin. First, we create a dummy window and change one of its properties
to get the timestamp. After the timestamp has been received, we actually
call xcb_set_selection_owner().
This provides kwin greater control over how X11 sockets are created for
Xwayland. For example, it can be used to ensure that the DISPLAY remains
the same across Xwayland server restarts or launching Xwayland on
demand.
Even though -listen <fd> option is deprecated, we still pass it because
older versions of Xwayland may not have the -listenfd option.
This renames updateXauthorityFile to writeXauthorityEntries as it doesn't
actually update (i.e. change) anything, it just writes new ones.
Error handling is introduced, to avoid that it continues silently without
entries, which would cause all connections to fail.
Once in a while, we receive complaints from other fellow KDE developers
about the file organization of kwin. This change addresses some of those
complaints by moving all of source code in a separate directory, src/,
thus making the project structure more traditional. Things such as tests
are kept in their own toplevel directories.
This change may wreak havoc on merge requests that add new files to kwin,
but if a patch modifies an already existing file, git should be smart
enough to figure out that the file has been relocated.
We may potentially split the src/ directory further to make navigating
the source code easier, but hopefully this is good enough already.