Backport upstream MR2785 to add byte-swapped support
Xwayland now disallows byte-swapped clients by default on Fedora 38 and above. This adds the ability to re-enable support for byte-swapped client support in Xwayland if needed. Related: #2159489
This commit is contained in:
parent
89161ff785
commit
d55d552a7b
122
0001-settings-Add-Xwayland-byte-swapped-clients.patch
Normal file
122
0001-settings-Add-Xwayland-byte-swapped-clients.patch
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
From 865edafa80f474942e04c18ece9dfafd48b777d1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||||
|
Date: Mon, 9 Jan 2023 15:35:52 +0100
|
||||||
|
Subject: [PATCH 1/2] settings: Add Xwayland byte-swapped clients
|
||||||
|
|
||||||
|
Recent versions of Xwayland can allow or disallow X11 clients from
|
||||||
|
different endianess to connect.
|
||||||
|
|
||||||
|
Add a setting to configure this feature from mutter, who spawns
|
||||||
|
Xwayland.
|
||||||
|
---
|
||||||
|
data/org.gnome.mutter.wayland.gschema.xml.in | 24 ++++++++++++++++++++
|
||||||
|
src/backends/meta-settings-private.h | 2 ++
|
||||||
|
src/backends/meta-settings.c | 23 +++++++++++++++++++
|
||||||
|
3 files changed, 49 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/data/org.gnome.mutter.wayland.gschema.xml.in b/data/org.gnome.mutter.wayland.gschema.xml.in
|
||||||
|
index 8a1878e10..3c3e54498 100644
|
||||||
|
--- a/data/org.gnome.mutter.wayland.gschema.xml.in
|
||||||
|
+++ b/data/org.gnome.mutter.wayland.gschema.xml.in
|
||||||
|
@@ -125,6 +125,30 @@
|
||||||
|
</description>
|
||||||
|
</key>
|
||||||
|
|
||||||
|
+ <key name="xwayland-allow-byte-swapped-clients" type="b">
|
||||||
|
+ <default>false</default>
|
||||||
|
+ <summary>Allow X11 clients with a different endianess to connect to Xwayland</summary>
|
||||||
|
+ <description>
|
||||||
|
+ Allow connections from clients with an endianess different to that
|
||||||
|
+ of Xwayland.
|
||||||
|
+
|
||||||
|
+ The X server byte-swapping code is a huge attack surface, much of
|
||||||
|
+ that code in Xwayland is prone to security issues.
|
||||||
|
+
|
||||||
|
+ The use-case of byte-swapped clients is very niche, and disabled by
|
||||||
|
+ default in Xwayland.
|
||||||
|
+
|
||||||
|
+ Enable this option to instruct Xwayland to accept connections from
|
||||||
|
+ X11 clients with a different endianess.
|
||||||
|
+
|
||||||
|
+ This option has no effect if Xwayland does not support the command
|
||||||
|
+ line option +byteswappedclients/-byteswappedclients to control that
|
||||||
|
+ setting.
|
||||||
|
+
|
||||||
|
+ Xwayland needs to be restarted for this setting to take effect.
|
||||||
|
+ </description>
|
||||||
|
+ </key>
|
||||||
|
+
|
||||||
|
</schema>
|
||||||
|
|
||||||
|
</schemalist>
|
||||||
|
diff --git a/src/backends/meta-settings-private.h b/src/backends/meta-settings-private.h
|
||||||
|
index 47d2d6074..87af21515 100644
|
||||||
|
--- a/src/backends/meta-settings-private.h
|
||||||
|
+++ b/src/backends/meta-settings-private.h
|
||||||
|
@@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings);
|
||||||
|
|
||||||
|
int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings);
|
||||||
|
|
||||||
|
+gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings);
|
||||||
|
+
|
||||||
|
gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings);
|
||||||
|
|
||||||
|
void meta_settings_set_privacy_screen_enabled (MetaSettings *settings,
|
||||||
|
diff --git a/src/backends/meta-settings.c b/src/backends/meta-settings.c
|
||||||
|
index 2826ff98f..8d3d624cc 100644
|
||||||
|
--- a/src/backends/meta-settings.c
|
||||||
|
+++ b/src/backends/meta-settings.c
|
||||||
|
@@ -75,6 +75,9 @@ struct _MetaSettings
|
||||||
|
|
||||||
|
/* A bitmask of MetaXwaylandExtension enum */
|
||||||
|
int xwayland_disable_extensions;
|
||||||
|
+
|
||||||
|
+ /* Whether Xwayland should allow X11 clients from different endianess */
|
||||||
|
+ gboolean xwayland_allow_byte_swapped_clients;
|
||||||
|
};
|
||||||
|
|
||||||
|
G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT)
|
||||||
|
@@ -429,6 +432,15 @@ update_privacy_settings (MetaSettings *settings)
|
||||||
|
settings);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+update_xwayland_allow_byte_swapped_clients (MetaSettings *settings)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ settings->xwayland_allow_byte_swapped_clients =
|
||||||
|
+ g_settings_get_flags (settings->wayland_settings,
|
||||||
|
+ "xwayland-allow-byte-swapped-clients");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
wayland_settings_changed (GSettings *wayland_settings,
|
||||||
|
gchar *key,
|
||||||
|
@@ -447,6 +459,10 @@ wayland_settings_changed (GSettings *wayland_settings,
|
||||||
|
{
|
||||||
|
update_xwayland_disable_extensions (settings);
|
||||||
|
}
|
||||||
|
+ else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients"))
|
||||||
|
+ {
|
||||||
|
+ update_xwayland_allow_byte_swapped_clients (settings);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
@@ -470,6 +486,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings)
|
||||||
|
return (settings->xwayland_disable_extensions);
|
||||||
|
}
|
||||||
|
|
||||||
|
+gboolean
|
||||||
|
+meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ return settings->xwayland_allow_byte_swapped_clients;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
gboolean
|
||||||
|
meta_settings_is_privacy_screen_enabled (MetaSettings *settings)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
88
0002-xwayland-Add-support-for-byte-swapped-clients.patch
Normal file
88
0002-xwayland-Add-support-for-byte-swapped-clients.patch
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
From 30ab9247f57b270d46b1c2c5c194f834bf8aafff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||||
|
Date: Mon, 9 Jan 2023 15:40:03 +0100
|
||||||
|
Subject: [PATCH 2/2] xwayland: Add support for byte-swapped clients
|
||||||
|
|
||||||
|
Instructs Xwayland to allow/disallow connections from X11 clients with a
|
||||||
|
different endianess based on the "xwayland-allow-byte-swapped-clients"
|
||||||
|
setting.
|
||||||
|
|
||||||
|
This option has no effect if Xwayland does not support the command
|
||||||
|
option +byteswappedclients/-byteswappedclients.
|
||||||
|
|
||||||
|
Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/2576
|
||||||
|
---
|
||||||
|
config.h.meson | 3 +++
|
||||||
|
meson.build | 12 ++++++++++++
|
||||||
|
src/wayland/meta-xwayland.c | 7 +++++++
|
||||||
|
3 files changed, 22 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/config.h.meson b/config.h.meson
|
||||||
|
index c7724b24f..5f9ea696e 100644
|
||||||
|
--- a/config.h.meson
|
||||||
|
+++ b/config.h.meson
|
||||||
|
@@ -109,3 +109,6 @@
|
||||||
|
|
||||||
|
/* Whether the Xwayland -terminate supports a delay */
|
||||||
|
#mesondefine HAVE_XWAYLAND_TERMINATE_DELAY
|
||||||
|
+
|
||||||
|
+/* Whether the Xwayland supports +/-byteswappedclients */
|
||||||
|
+#mesondefine HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS
|
||||||
|
diff --git a/meson.build b/meson.build
|
||||||
|
index 07460c0f1..a9608a9fd 100644
|
||||||
|
--- a/meson.build
|
||||||
|
+++ b/meson.build
|
||||||
|
@@ -526,6 +526,7 @@ endif
|
||||||
|
have_xwayland_initfd = false
|
||||||
|
have_xwayland_listenfd = false
|
||||||
|
have_xwayland_terminate_delay = false
|
||||||
|
+have_xwayland_byte_swapped_clients = false
|
||||||
|
if have_xwayland
|
||||||
|
xwayland_dep = dependency('xwayland', required: false)
|
||||||
|
|
||||||
|
@@ -587,6 +588,16 @@ if have_xwayland
|
||||||
|
if (have_xwayland_terminate_delay)
|
||||||
|
cdata.set('HAVE_XWAYLAND_TERMINATE_DELAY', 1)
|
||||||
|
endif
|
||||||
|
+
|
||||||
|
+ # For Xwayland +/-byteswappedclients usage
|
||||||
|
+ if xwayland_dep.found()
|
||||||
|
+ have_xwayland_byte_swapped_clients = xwayland_dep.get_variable('have_byteswappedclients',
|
||||||
|
+ default_value: 'false') == 'true'
|
||||||
|
+ endif
|
||||||
|
+
|
||||||
|
+ if (have_xwayland_byte_swapped_clients)
|
||||||
|
+ cdata.set('HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS', 1)
|
||||||
|
+ endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
have_xsetioerrorexithandler = false
|
||||||
|
@@ -675,6 +686,7 @@ summary('Xwayland initfd', have_xwayland_initfd, section: 'Options')
|
||||||
|
summary('Xwayland listenfd', have_xwayland_listenfd, section: 'Options')
|
||||||
|
summary('Safe X11 I/O errors', have_xsetioerrorexithandler, section: 'Options')
|
||||||
|
summary('Xwayland terminate delay', have_xwayland_terminate_delay, section: 'Options')
|
||||||
|
+summary('Xwayland byte-swapped clients', have_xwayland_byte_swapped_clients, section: 'Options')
|
||||||
|
|
||||||
|
summary('Enabled', have_tests, section: 'Tests')
|
||||||
|
summary('Core tests', have_core_tests, section: 'Tests')
|
||||||
|
diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
|
||||||
|
index c9d94b2e3..8e8de1441 100644
|
||||||
|
--- a/src/wayland/meta-xwayland.c
|
||||||
|
+++ b/src/wayland/meta-xwayland.c
|
||||||
|
@@ -880,6 +880,13 @@ meta_xwayland_start_xserver (MetaXWaylandManager *manager,
|
||||||
|
args[i++] = "7";
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef HAVE_XWAYLAND_BYTE_SWAPPED_CLIENTS
|
||||||
|
+ if (meta_settings_are_xwayland_byte_swapped_clients_allowed (settings))
|
||||||
|
+ args[i++] = "+byteswappedclients";
|
||||||
|
+ else
|
||||||
|
+ args[i++] = "-byteswappedclients";
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (meta_settings_is_experimental_feature_enabled (settings,
|
||||||
|
META_EXPERIMENTAL_FEATURE_AUTOCLOSE_XWAYLAND))
|
||||||
|
#ifdef HAVE_XWAYLAND_TERMINATE_DELAY
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
13
mutter.spec
13
mutter.spec
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
Name: mutter
|
Name: mutter
|
||||||
Version: 43.1
|
Version: 43.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Window and compositing manager based on Clutter
|
Summary: Window and compositing manager based on Clutter
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
@ -35,6 +35,14 @@ Patch2: mutter-42.alpha-disable-tegra.patch
|
|||||||
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2687
|
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2687
|
||||||
Patch3: post-43.1-fixes.patch
|
Patch3: post-43.1-fixes.patch
|
||||||
|
|
||||||
|
# Only on F38 and later
|
||||||
|
%if 0%{fedora} >= 38
|
||||||
|
# Add Xwayland byte-swapped clients support
|
||||||
|
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2785
|
||||||
|
Patch4: 0001-settings-Add-Xwayland-byte-swapped-clients.patch
|
||||||
|
Patch5: 0002-xwayland-Add-support-for-byte-swapped-clients.patch
|
||||||
|
%endif
|
||||||
|
|
||||||
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.41.0
|
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.41.0
|
||||||
BuildRequires: pkgconfig(sm)
|
BuildRequires: pkgconfig(sm)
|
||||||
BuildRequires: pkgconfig(libwacom)
|
BuildRequires: pkgconfig(libwacom)
|
||||||
@ -180,6 +188,9 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
|
|||||||
%{_datadir}/mutter-%{mutter_api_version}/tests
|
%{_datadir}/mutter-%{mutter_api_version}/tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 17 2023 Olivier Fourdan <ofourdan@redhat.com> - 43.1-3
|
||||||
|
- Add Xwayland byte-swapped clients support on Fedora 38 and above (#2159489)
|
||||||
|
|
||||||
* Thu Nov 17 2022 Jonas Ådahl <jadahl@redhat.com> - 43.1-2
|
* Thu Nov 17 2022 Jonas Ådahl <jadahl@redhat.com> - 43.1-2
|
||||||
- Backport regression fixes
|
- Backport regression fixes
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user