rpms / mutter

Clone
Source Code
GIT

#29 Backport upstream MR2785 to add byte-swapped support
Merged a year ago by jadahl. Opened a year ago by ofourdan.
rpms/ ofourdan/mutter byte-swapped-xwayland  into  rawhide

file added
+122 
@@ -0,0 +1,122 @@ 
 

+ From 865edafa80f474942e04c18ece9dfafd48b777d1 Mon Sep 17 00:00:00 2001
 

+ From: Olivier Fourdan <ofourdan@redhat.com>
 

+ Date: Mon, 9 Jan 2023 15:35:52 +0100
 

+ Subject: [PATCH 1/2] settings: Add Xwayland byte-swapped clients
 

+ 

+ Recent versions of Xwayland can allow or disallow X11 clients from
 

+ different endianess to connect.
 

+ 

+ Add a setting to configure this feature from mutter, who spawns
 

+ Xwayland.
 

+ ---
 

+  data/org.gnome.mutter.wayland.gschema.xml.in | 24 ++++++++++++++++++++
 

+  src/backends/meta-settings-private.h         |  2 ++
 

+  src/backends/meta-settings.c                 | 23 +++++++++++++++++++
 

+  3 files changed, 49 insertions(+)
 

+ 

+ diff --git a/data/org.gnome.mutter.wayland.gschema.xml.in b/data/org.gnome.mutter.wayland.gschema.xml.in
 

+ index 8a1878e10..3c3e54498 100644
 

+ --- a/data/org.gnome.mutter.wayland.gschema.xml.in
 

+ +++ b/data/org.gnome.mutter.wayland.gschema.xml.in
 

+ @@ -125,6 +125,30 @@
 

+        </description>
 

+      </key>
 

+  

+ +    <key name="xwayland-allow-byte-swapped-clients" type="b">
 

+ +      <default>false</default>
 

+ +      <summary>Allow X11 clients with a different endianess to connect to Xwayland</summary>
 

+ +      <description>
 

+ +        Allow connections from clients with an endianess different to that
 

+ +	of Xwayland.
 

+ +
 

+ +	The X server byte-swapping code is a huge attack surface, much of
 

+ +	that code in Xwayland is prone to security issues.
 

+ +
 

+ +	The use-case of byte-swapped clients is very niche, and disabled by
 

+ +	default in Xwayland.
 

+ +
 

+ +	Enable this option to instruct Xwayland to accept connections from
 

+ +	X11 clients with a different endianess.
 

+ +
 

+ +        This option has no effect if Xwayland does not support the command
 

+ +	line option +byteswappedclients/-byteswappedclients to control that
 

+ +	setting.
 

+ +
 

+ +        Xwayland needs to be restarted for this setting to take effect.
 

+ +      </description>
 

+ +    </key>
 

+ +
 

+    </schema>
 

+  

+  </schemalist>
 

+ diff --git a/src/backends/meta-settings-private.h b/src/backends/meta-settings-private.h
 

+ index 47d2d6074..87af21515 100644
 

+ --- a/src/backends/meta-settings-private.h
 

+ +++ b/src/backends/meta-settings-private.h
 

+ @@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings);
 

+  

+  int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings);
 

+  

+ +gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings);
 

+ +
 

+  gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings);
 

+  

+  void meta_settings_set_privacy_screen_enabled (MetaSettings *settings,
 

+ diff --git a/src/backends/meta-settings.c b/src/backends/meta-settings.c
 

+ index 2826ff98f..8d3d624cc 100644
 

+ --- a/src/backends/meta-settings.c
 

+ +++ b/src/backends/meta-settings.c
 

+ @@ -75,6 +75,9 @@ struct _MetaSettings
 

+  

+    /* A bitmask of MetaXwaylandExtension enum */
 

+    int xwayland_disable_extensions;
 

+ +
 

+ +  /* Whether Xwayland should allow X11 clients from different endianess */
 

+ +  gboolean xwayland_allow_byte_swapped_clients;
 

+  };
 

+  

+  G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT)
 

+ @@ -429,6 +432,15 @@ update_privacy_settings (MetaSettings *settings)
 

+                              settings);
 

+  }
 

+  

+ +static void
 

+ +update_xwayland_allow_byte_swapped_clients (MetaSettings *settings)
 

+ +{
 

+ +
 

+ +  settings->xwayland_allow_byte_swapped_clients =
 

+ +    g_settings_get_flags (settings->wayland_settings,
 

+ +                          "xwayland-allow-byte-swapped-clients");
 

+ +}
 

+ +
 

+  static void
 

+  wayland_settings_changed (GSettings    *wayland_settings,
 

+                            gchar        *key,
 

+ @@ -447,6 +459,10 @@ wayland_settings_changed (GSettings    *wayland_settings,
 

+      {
 

+        update_xwayland_disable_extensions (settings);
 

+      }
 

+ +  else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients"))
 

+ +    {
 

+ +      update_xwayland_allow_byte_swapped_clients (settings);
 

+ +    }
 

+  }
 

+  

+  void
 

+ @@ -470,6 +486,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings)
 

+    return (settings->xwayland_disable_extensions);
 

+  }
 

+  

+ +gboolean
 

+ +meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings)
 

+ +{
 

+ +
 

+ +  return settings->xwayland_allow_byte_swapped_clients;
 

+ +}
 

+ +
 

+  gboolean
 

+  meta_settings_is_privacy_screen_enabled (MetaSettings *settings)
 

+  {
 

+ -- 

+ 2.39.0
 

+

file added
+88 
@@ -0,0 +1,88 @@ 
 

+ From 30ab9247f57b270d46b1c2c5c194f834bf8aafff Mon Sep 17 00:00:00 2001
 

+ From: Olivier Fourdan <ofourdan@redhat.com>
 

+ Date: Mon, 9 Jan 2023 15:40:03 +0100
 

+ Subject: [PATCH 2/2] xwayland: Add support for byte-swapped clients
 

+ 

+ Instructs Xwayland to allow/disallow connections from X11 clients with a
 

+ different endianess based on the "xwayland-allow-byte-swapped-clients"
 

+ setting.
 

+ 

+ This option has no effect if Xwayland does not support the command
 

+ option +byteswappedclients/-byteswappedclients.
 

+ 

+ Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/2576
 

+ ---
 

+  config.h.meson              |  3 +++
 

+  meson.build                 | 12 ++++++++++++
 

+  src/wayland/meta-xwayland.c |  7 +++++++
 

+  3 files changed, 22 insertions(+)
 

+ 

+ diff --git a/config.h.meson b/config.h.meson
 

+ index c7724b24f..5f9ea696e 100644
 

+ --- a/config.h.meson
 

+ +++ b/config.h.meson
 

+ @@ -109,3 +109,6 @@
 

+  

+  /* Whether the Xwayland -terminate supports a delay */
 

+  #mesondefine HAVE_XWAYLAND_TERMINATE_DELAY
 

+ +
 

+ +/* Whether the Xwayland supports +/-byteswappedclients */
 

+ +#mesondefine HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS
 

+ diff --git a/meson.build b/meson.build
 

+ index 07460c0f1..a9608a9fd 100644
 

+ --- a/meson.build
 

+ +++ b/meson.build
 

+ @@ -526,6 +526,7 @@ endif
 

+  have_xwayland_initfd = false
 

+  have_xwayland_listenfd = false
 

+  have_xwayland_terminate_delay = false
 

+ +have_xwayland_byte_swapped_clients = false
 

+  if have_xwayland
 

+    xwayland_dep = dependency('xwayland', required: false)
 

+  

+ @@ -587,6 +588,16 @@ if have_xwayland
 

+    if (have_xwayland_terminate_delay)
 

+      cdata.set('HAVE_XWAYLAND_TERMINATE_DELAY', 1)
 

+    endif
 

+ +
 

+ +  # For Xwayland +/-byteswappedclients usage
 

+ +  if xwayland_dep.found()
 

+ +    have_xwayland_byte_swapped_clients = xwayland_dep.get_variable('have_byteswappedclients',
 

+ +                                                                   default_value: 'false') == 'true'
 

+ +  endif
 

+ +
 

+ +  if (have_xwayland_byte_swapped_clients)
 

+ +    cdata.set('HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS', 1)
 

+ +  endif
 

+  endif
 

+  

+  have_xsetioerrorexithandler = false
 

+ @@ -675,6 +686,7 @@ summary('Xwayland initfd', have_xwayland_initfd, section: 'Options')
 

+  summary('Xwayland listenfd', have_xwayland_listenfd, section: 'Options')
 

+  summary('Safe X11 I/O errors', have_xsetioerrorexithandler, section: 'Options')
 

+  summary('Xwayland terminate delay', have_xwayland_terminate_delay, section: 'Options')
 

+ +summary('Xwayland byte-swapped clients', have_xwayland_byte_swapped_clients, section: 'Options')
 

+  

+  summary('Enabled', have_tests, section: 'Tests')
 

+  summary('Core tests', have_core_tests, section: 'Tests')
 

+ diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
 

+ index c9d94b2e3..8e8de1441 100644
 

+ --- a/src/wayland/meta-xwayland.c
 

+ +++ b/src/wayland/meta-xwayland.c
 

+ @@ -880,6 +880,13 @@ meta_xwayland_start_xserver (MetaXWaylandManager *manager,
 

+    args[i++] = "7";
 

+  #endif
 

+  

+ +#ifdef HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS
 

+ +  if (meta_settings_are_xwayland_byte_swapped_clients_allowed (settings))
 

+ +    args[i++] = "+byteswappedclients";
 

+ +  else
 

+ +    args[i++] = "-byteswappedclients";
 

+ +#endif
 

+ +
 

+    if (meta_settings_is_experimental_feature_enabled (settings,
 

+                                                       META_EXPERIMENTAL_FEATURE_AUTOCLOSE_XWAYLAND))
 

+  #ifdef HAVE_XWAYLAND_TERMINATE_DELAY
 

+ -- 

+ 2.39.0
 

+

file modified
+12 -1 
@@ -12,7 +12,7 @@ 
 

  

  Name:          mutter
 

  Version:       43.1
 

- Release:       2%{?dist}
 

+ Release:       3%{?dist}
 

  Summary:       Window and compositing manager based on Clutter
 

  

  License:       GPLv2+
 
@@ -35,6 +35,14 @@ 
 

  # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2687
 

  Patch3:        post-43.1-fixes.patch
 

  

+ # Only on F38 and later
 

+ %if 0%{fedora} >= 38
 

+ # Add Xwayland byte-swapped clients support
 

+ # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2785
 

+ Patch4: 0001-settings-Add-Xwayland-byte-swapped-clients.patch
 

+ Patch5: 0002-xwayland-Add-support-for-byte-swapped-clients.patch
 

+ %endif
 

+ 

  BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.41.0
 

  BuildRequires: pkgconfig(sm)
 

  BuildRequires: pkgconfig(libwacom)
 
@@ -180,6 +188,9 @@ 
 

  %{_datadir}/mutter-%{mutter_api_version}/tests
 

  

  %changelog
 

+ * Tue Jan 17 2023 Olivier Fourdan <ofourdan@redhat.com> - 43.1-3
 

+ - Add Xwayland byte-swapped clients support on Fedora 38 and above (#2159489)
 

+ 

  * Thu Nov 17 2022 Jonas Ådahl <jadahl@redhat.com> - 43.1-2
 

  - Backport regression fixes

Xwayland now disallows byte-swapped clients by default on Fedora 38 and
above.

This adds the ability to re-enable support for byte-swapped client
support in Xwayland if needed.

Related: #2159489

/cc: @whot @jadahl

rebased onto d55d552
a year ago
  • %if 0%{fedora} >= 38

Not sure this is very needed. We're very very close to diverging, with the release date for 44.alpha already having passed.
  • %if 0%{fedora} >= 38

Not sure this is very needed. We're very very close to diverging, with the release date for 44.alpha already having passed.

Yes, but so is that version in rawhide actually :)

I mean, now that the code is merged upstream, all this will go away with the rebase eventually.

I mean, now that the code is merged upstream, all this will go away with the rebase eventually.

True, and we f37 and rawhide have no chance to point to the same commit anyway.

I mean, now that the code is merged upstream, all this will go away with the rebase eventually.

True, and we f37 and rawhide have no chance to point to the same commit anyway.

On the other hand, updates in rawhide are cheap, so this would ensure people running X11 clients from remote hosts of different endianness can continue to do so until mutter 44.alpha becomes available, now that the change has landed in Xwayland (https://bodhi.fedoraproject.org/updates/FEDORA-2023-e8a7abfe57).

But it's your call entirely, I'm fine if you eventually decide to close this PR and wait for 44.alpha to show up instead.

Pull-Request has been merged by jadahl
a year ago
Metadata
None
No Tags
Changes Summary 3
+122
file added
0001-settings-Add-Xwayland-byte-swapped-clients.patch
+88
file added
0002-xwayland-Add-support-for-byte-swapped-clients.patch
+12 -1
file changed
mutter.spec
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.