Hello community, here is the log from the commit of package kwin5 for openSUSE:Factory checked in at 2020-10-28 09:58:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kwin5 (Old) and /work/SRC/openSUSE:Factory/.kwin5.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kwin5" Wed Oct 28 09:58:42 2020 rev:130 rq:844160 version:5.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/kwin5/kwin5.changes 2020-10-22 14:24:50.314887952 +0200 +++ /work/SRC/openSUSE:Factory/.kwin5.new.3463/kwin5.changes 2020-10-28 09:58:51.171164510 +0100 @@ -1,0 +2,21 @@ +Mon Oct 26 09:40:33 UTC 2020 - Fabian Vogt <fab...@ritter-vogt.de> + +- Add patch to fix crash if pipewire fails to initialize (boo#1178101, kde#427949): + * 0001-screencast-Handle-the-case-where-pipewire-is-not-ins.patch + +------------------------------------------------------------------- +Sat Oct 24 09:43:30 UTC 2020 - Fabian Vogt <fab...@ritter-vogt.de> + +- Add XAUTHLOCALHOSTNAME back to 0001-Use-Xauthority-for-Xwayland.patch + (boo#1177835) + +------------------------------------------------------------------- +Fri Oct 23 19:28:43 UTC 2020 - Fabian Vogt <fab...@ritter-vogt.de> + +- Fix Xauthority generation (boo#1177875) by modifying + 0001-Use-Xauthority-for-Xwayland-authorization.patch: + * DISPLAY is not in the environment at that point, use m_displayName + * Drop XAUTHLOCALHOSTNAME, FamilyWild takes care of that + * FamilyWild doesn't need an address + +------------------------------------------------------------------- New: ---- 0001-screencast-Handle-the-case-where-pipewire-is-not-ins.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kwin5.spec ++++++ --- /var/tmp/diff_new_pack.LyPVgz/_old 2020-10-28 09:58:52.075165144 +0100 +++ /var/tmp/diff_new_pack.LyPVgz/_new 2020-10-28 09:58:52.075165144 +0100 @@ -36,6 +36,8 @@ Source1: kwin-%{version}.tar.xz.sig Source2: plasma.keyring %endif +# PATCH_FIX-UPSTREAM +Patch1: 0001-screencast-Handle-the-case-where-pipewire-is-not-ins.patch # PATCH-FIX-OPENSUSE Patch100: 0001-Revert-Make-WindowSwitching-Alt-Tab-the-default-left.patch # PATCH-FEATURE-OPENSUSE ++++++ 0001-Use-Xauthority-for-Xwayland.patch ++++++ --- /var/tmp/diff_new_pack.LyPVgz/_old 2020-10-28 09:58:52.103165163 +0100 +++ /var/tmp/diff_new_pack.LyPVgz/_new 2020-10-28 09:58:52.103165163 +0100 @@ -1,27 +1,29 @@ -From 8026c9649990d70ebe53c5c7d0c68e74fce28014 Mon Sep 17 00:00:00 2001 +From 04366a23329b4afd73a9c3f5a979d41bf7485ce5 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <fab...@ritter-vogt.de> Date: Sat, 17 Mar 2018 23:25:56 +0100 Subject: [PATCH] Use Xauthority for Xwayland authorization Currently Xwayland only looks at the uid of the application connecting to it. Using Xauthority gives more flexibility here, by having a token which can be -passed around. +passed around. This is what kdesu and ssh's X-forwarding expect. -Not only does this allow to grant only certain applications the right to -connect to the display (e.g. su user xterm) while keeping other applications -outside, this allows also -starting applications as other users again +According to the Xsecurity man page, this is more secure than +"xhost +si:localuser:root" as non-root processes can actually appear as root +to the X server in certain circumstances. + +To deal with hostname changes, FamilyWild is used for Xauthority, but for Xsm +XAUTHLOCALHOSTNAME is also set (boo#1177835, downstream patch in xtrans). --- CMakeLists.txt | 1 + - xwl/xwayland.cpp | 103 ++++++++++++++++++++++++++++++++++++++++++++++- - xwl/xwayland.h | 3 ++ + xwl/xwayland.cpp | 104 ++++++++++++++++++++++++++++++++++++++++++++++- + xwl/xwayland.h | 2 + 3 files changed, 105 insertions(+), 2 deletions(-) -Index: kwin-5.15.80git.20200912T061110~f5900a5fd/CMakeLists.txt -=================================================================== ---- kwin-5.15.80git.20200912T061110~f5900a5fd.orig/CMakeLists.txt 2020-09-12 06:11:10.000000000 +0200 -+++ kwin-5.15.80git.20200912T061110~f5900a5fd/CMakeLists.txt 2020-09-12 11:27:06.232054780 +0200 -@@ -668,6 +668,7 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 87c7ed7f2..3a0565034 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -667,6 +667,7 @@ set(kwin_XLIB_LIBS ${X11_ICE_LIB} ${X11_SM_LIB} ${X11_X11_LIB} @@ -29,10 +31,10 @@ ) set(kwin_XCB_LIBS -Index: kwin-5.15.80git.20200912T061110~f5900a5fd/xwl/xwayland.cpp -=================================================================== ---- kwin-5.15.80git.20200912T061110~f5900a5fd.orig/xwl/xwayland.cpp 2020-09-12 06:11:10.000000000 +0200 -+++ kwin-5.15.80git.20200912T061110~f5900a5fd/xwl/xwayland.cpp 2020-09-12 11:27:25.688155051 +0200 +diff --git a/xwl/xwayland.cpp b/xwl/xwayland.cpp +index 5bb08b162..18efe67d8 100644 +--- a/xwl/xwayland.cpp ++++ b/xwl/xwayland.cpp @@ -39,6 +39,8 @@ #include <sys/socket.h> #include <cerrno> @@ -42,7 +44,7 @@ static QByteArray readDisplay(int pipe) { -@@ -77,6 +79,72 @@ +@@ -77,6 +79,73 @@ Xwayland::~Xwayland() stop(); } @@ -65,12 +67,12 @@ + return data; +} + -+static bool addCookieToFile(QString filename, QString &hostname) ++static bool addCookieToFile(QString filename, QString display, QString &hostname) +{ + QByteArray cookie = getRandomData(16); -+ char *displayNumber = getenv("DISPLAY"); ++ QByteArray displayUtf8 = display.toUtf8(); + -+ if(displayNumber == nullptr || displayNumber[0] == '\0' || cookie.count() != 16) { ++ if(displayUtf8.size() < 2 || displayUtf8[0] != ':' || cookie.count() != 16) { + return false; + } + @@ -92,7 +94,7 @@ + auth.family = FamilyLocal; + auth.address = localhost; + auth.address_length = strlen(auth.address); -+ auth.number = displayNumber + 1; ++ auth.number = displayUtf8.data() + 1; + auth.number_length = strlen(auth.number); + auth.name = cookieName; + auth.name_length = sizeof(cookieName) - 1; @@ -105,6 +107,7 @@ + } + + auth.family = FamilyWild; ++ auth.address_length = 0; + bool success = XauWriteAuth(authFp, &auth) != 0 && fflush(authFp) != EOF; + + fclose(authFp); @@ -115,7 +118,7 @@ QProcess *Xwayland::process() const { return m_xwaylandProcess; -@@ -88,6 +156,16 @@ +@@ -88,6 +157,16 @@ void Xwayland::start() return; } @@ -132,7 +135,7 @@ int pipeFds[2]; if (pipe(pipeFds) != 0) { qCWarning(KWIN_XWL, "Failed to create pipe to start Xwayland: %s", strerror(errno)); -@@ -130,11 +208,15 @@ +@@ -130,11 +209,15 @@ void Xwayland::start() env.insert("WAYLAND_SOCKET", QByteArray::number(wlfd)); env.insert("EGL_PLATFORM", QByteArrayLiteral("DRM")); m_xwaylandProcess->setProcessEnvironment(env); @@ -150,13 +153,13 @@ connect(m_xwaylandProcess, &QProcess::errorOccurred, this, &Xwayland::handleXwaylandError); connect(m_xwaylandProcess, &QProcess::started, this, &Xwayland::handleXwaylandStarted); connect(m_xwaylandProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), -@@ -328,6 +410,23 @@ +@@ -332,6 +415,23 @@ void Xwayland::handleXwaylandReady() bool Xwayland::createX11Connection() { + if (!m_xwaylandAuthority.fileName().isEmpty()) { + QString hostname; -+ if (addCookieToFile(m_xwaylandAuthority.fileName(), hostname)) { ++ if (addCookieToFile(m_xwaylandAuthority.fileName(), m_displayName, hostname)) { + setenv("XAUTHORITY", qPrintable(m_xwaylandAuthority.fileName()), 1); + setenv("XAUTHLOCALHOSTNAME", qPrintable(hostname), 1); + auto env = m_app->processStartupEnvironment(); @@ -165,7 +168,7 @@ + m_app->setProcessStartupEnvironment(env); + } + else { -+ std::cerr << "Could not generate Xauthority entry" << std::endl; ++ qCWarning(KWIN_XWL) << "Could not generate Xauthority entry"; + // We can't authenticate using it so the server must not see any entries either + m_xwaylandAuthority.resize(0); + } @@ -174,10 +177,10 @@ xcb_connection_t *connection = xcb_connect_to_fd(m_xcbConnectionFd, nullptr); const int errorCode = xcb_connection_has_error(connection); -Index: kwin-5.15.80git.20200912T061110~f5900a5fd/xwl/xwayland.h -=================================================================== ---- kwin-5.15.80git.20200912T061110~f5900a5fd.orig/xwl/xwayland.h 2020-09-12 06:11:10.000000000 +0200 -+++ kwin-5.15.80git.20200912T061110~f5900a5fd/xwl/xwayland.h 2020-09-12 11:27:06.232054780 +0200 +diff --git a/xwl/xwayland.h b/xwl/xwayland.h +index 0254188e5..bd67d02af 100644 +--- a/xwl/xwayland.h ++++ b/xwl/xwayland.h @@ -15,6 +15,7 @@ #include <QFutureWatcher> #include <QProcess> @@ -186,7 +189,7 @@ namespace KWin { -@@ -102,6 +103,7 @@ +@@ -102,6 +103,7 @@ private: QProcess *m_xwaylandProcess = nullptr; QSocketNotifier *m_socketNotifier = nullptr; QTimer *m_resetCrashCountTimer = nullptr; @@ -194,3 +197,6 @@ QByteArray m_displayName; QFutureWatcher<QByteArray> *m_watcher = nullptr; ApplicationWaylandAbstract *m_app; +-- +2.25.1 + ++++++ 0001-screencast-Handle-the-case-where-pipewire-is-not-ins.patch ++++++ >From bb2e40cfa0dd769088475c21e8e17f36d3d1cd84 Mon Sep 17 00:00:00 2001 From: Vlad Zahorodnii <vlad.zahorod...@kde.org> Date: Mon, 26 Oct 2020 11:31:17 +0200 Subject: [PATCH] screencast: Handle the case where pipewire is not installed If pipewire is not installed, pw_loop_new() may return a nullptr. BUG: 427949 --- screencast/pipewirecore.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/screencast/pipewirecore.cpp b/screencast/pipewirecore.cpp index 32b480e54..8742c814d 100644 --- a/screencast/pipewirecore.cpp +++ b/screencast/pipewirecore.cpp @@ -56,6 +56,11 @@ void PipeWireCore::onCoreError(void* data, uint32_t id, int seq, int res, const bool PipeWireCore::init() { pwMainLoop = pw_loop_new(nullptr); + if (!pwMainLoop) { + qCWarning(KWIN_SCREENCAST, "Failed to create PipeWire loop: %s", strerror(errno)); + m_error = i18n("Failed to start main PipeWire loop"); + return false; + } pw_loop_enter(pwMainLoop); QSocketNotifier *notifier = new QSocketNotifier(pw_loop_get_fd(pwMainLoop), QSocketNotifier::Read, this); -- 2.25.1