review.tizen.org Git - platform/upstream/wayland.git/log

Add Meson build

Meson is a next generation build system, simpler than Autotools and also faster
and more portable. Most importantly, it will make integrating ASan easier in
CI.

The goal is to maintain feature parity of the Meson build with the
Autotools build, until such time when we can drop the latter.

Add a script which generates the desired Doxygen configuration for our various
output formats and executes it using that configuration. This is not something
Meson can or should do.

Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/80

[daniels: Changed to bump version, use GitLab issues URL, remove header
          checks not used in any code, remove pre-pkg-config Expat
  support, added missing include paths to wayland-egl and
  cpp-compile-test, added GitLab CI.
  Bumped version, removed unnecessary pkg-config paths.]

[daniels: Properly install into mandir/man3 via some gross
          paramaterisation, generate real stamp files.]

Pekka:
- squashed patches
- removed MAKEFLAGS from meson CI
- remove unused PACKAGE* defines
- fix up scanner dependency handling
- instead of host_scanner option, build wayland-scanner twice when cross-compiling
- changed .pc files to match more closely the autotools versions
- reorder doxygen man sources to reduce diff to autotools
- fix pkgconfig.generate syntax warnings (new in Meson)
- bump meson version to 0.47 for configure_file(copy) and run_command(check)
- move doc tool checks into doc/meson.build, needed in more places
- make all doc tools mandatory if building docs
- check dot and doxygen versions
- add build files under doc/publican
- reindent to match Weston Meson style

Simon:
- Remove install arg from configure_file
- Don't build wayland-scanner twice during cross-build
- Fix naming of the threads dependency
- Store tests in dict
- Add missing HAVE_* decls for functions
- Remove unused cc_native variable
- Make doxygen targets a dict
- Make dot_gv a dict
- Use dicts in man_pages
- Make decls use dicts
- Make generated_headers use dicts
- Align Meson version number with autotool's

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Simon Ser <contact@emersion.fr>

scanner: include config.h from command line

Meson will need to build wayland-scanner twice with different config.h files,
once for build and another for host machine. It will be easier to include the
right config.h from compiler command line than playing with files.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>

Support running tests from different build directories

The tests that run exec-fd-leak-checker expect the binary to be located
in the current directory. This is not always the case; for instance, the
binaries could be built under `tests`, but be invoked under the
top-level build directory.

We can use an environment variable to control what's the location of the
test binaries, and fall back to the current directory if the variable is
unset.

Reviewed-by: Daniel Stone <daniels@collabora.com>

build/doc: Ensure destination dir exists despite VPATH

Make considers a variable called VPATH when trying to satisfy
dependencies, e.g. for a target 'foo', it will consider the target
extant if VPATH is '../../bar' and '../../bar/foo' exists.

Part of the doc build, the '$(alldirs)' target, exists to create the
target directories if they do not exist. For example, before generating
xml/wayland-architecture.png, it will ensure the 'xml' target is
considered up-to-date thanks to the target dependency.

Creating $(srcdir)/doc/doxygen/xml thus means that the 'xml' dependency
will be satisfied, so we'll never create the output directory, and the
doc build will fail.

Change the alldirs target list to be absolute paths, so VPATH will not
be consulted and defeat the entire point of what we're trying to do.
This fixes the Meson build, where we later create
doc/doxygen/xml/meson.build.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

doc: Expand the abbreviation "hw" to "hardware".

Out of the context it is reasonably clear that "hw" is indeed an abbreviation
for "hardware".

The use of "hw" in this place doesn't seem to be a stylistic choice, but rather
an oversight.

Signed-off-by: Paul Scharnofske <asynts@gmail.com>

protocol: fix typo in wl_data_offer.set_actions description

Signed-off-by: Michael Forney <mforney@mforney.org>

Move wl_priv_signal to wayland-server-private.h

Including wayland-server-core.h in wayland-private.h is problematic
because wayland-private.h is included by wayland-scanner which should be
able to build against non-POSIX platforms (e.g. MinGW). The only reason
that wayland-server-core.h was included in wayland-private.h was for the
wl_private_signal definitions, so move those to a
wayland-server-private.h file that can be included by both
wayland-server.c and the tests.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>

scanner: Add configure check for strndup

Some platforms may not have strndup() (e.g. MinGW), so provide a
equivalent implementation if it's not found.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>

adding O_RDWR flag in the open()

According to the manual of open:
"The argument flags must include one of the following access modes:
O_RDONLY, O_WRONLY, or O_RDWR."

tests: add a test for wl_global_remove

This test makes sure that after wl_global_remove:

* The global_remove event is sent to existing clients
* Binding to the removed global still works
* A new client will not see the removed global advertised

Signed-off-by: Simon Ser <contact@emersion.fr>

server: add wl_global_remove

This commit adds a new wl_global_remove function that just sends a global
remove event without destroying it. See [1] for details.

Removing a global is racy, because clients have no way to acknowledge they
received the removal event.

It's possible to mitigate the issue by sending the removal event, waiting a
little and then destructing the global for real. The "wait a little" part is
compositor policy.

[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10

Signed-off-by: Simon Ser <contact@emersion.fr>

wayland-shm: Don’t set SIGBUS handlers on unshrinkable fd

If a client set the F_SEAL_SHRINK seal on the fd before passing it to
the compositor, the kernel will ensure this fd won’t be able to shrink,
ever. This allows us to avoid setting up the SIGBUS handlers on such
file descriptors.

Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>

server: add wl_global_set_user_data

When implementing a workaround for [1], one needs to accept a global to be
bound even though it has become stale.

Often, a global's user data is free'd when the global needs to be destroyed.
Being able to set the global's user data (e.g. to NULL) can help preventing a
use-after-free.

(The alternative is to make the compositor responsible for keeping track of
stale user data objects via e.g. refcounting.)

[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10

Signed-off-by: Simon Ser <contact@emersion.fr>

Add $(RT_LIBS) to fixed-benchmark LD dependencies

`tests/fixed-benchmark.c` calls `clock_gettime`.

scanner: prepend protocol name to types symbol

When doing unity builds via meson (example project:
https://github.com/swaywm/sway) multiple source files are glued together
via #include directives. Having every wayland-scanner generated source
file have an identifier named '*types[]' will lead to errors in these
unity builds if two or more of these are joined.

Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>

tests: Test that send overflow doesn't abort

The new display test runs a client that makes a very large number of
trivial requests. After responding to initial setup requests, the server
is paused, letting the trivial requests fill up the Unix socket buffer,
making further writes to the socket fail. The test then checks that the
client sets an appropriate error code, and does not abort or crash.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

client: Don't abort when sending a request fails

Instead, set a fatal display error which will let an application
using libwayland-client shutdown cleanly.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

client: Ignore new requests if display has a fatal error

Once there has been a fatal display error, any new object requests
potentially rely on invalid state. (For example, a failure to read
from the compositor could hide a important event.) The safest way to
handle the new requests is not to make them.

Proxies produced by the request are still created, to ensure that
any code using the library does not crash from an unexpected NULL
pointer.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

protocol: invalid_method is sent on malformed request

Currently libwayland sends a wl_display.invalid_method when arguments provided
with a request are invalid (e.g. too short, see wl_client_connection_data).

Clarify the protocol by adding that invalid_method can be sent on malformed
request.

Signed-off-by: Simon Ser <contact@emersion.fr>

tests: test that binding to a global with an interface mismatch fails

This test creates a wl_seat global, then tries to bind to it with the wl_output
interface.

Signed-off-by: Simon Ser <simon.ser@intel.com>

server: check global interface on bind

The interface name provided by the client isn't used at all.

Check it matches the global's interface name to prevent object interface
mismatches between the client and the server. These are especially easy to get
when mixing up global names and other IDs in the client.

Signed-off-by: Simon Ser <simon.ser@intel.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/issues/113

protocol: sync wl_shm.format with libdrm 2.4.99

This adds 42 new formats.

Signed-off-by: Simon Ser <contact@emersion.fr>

protocol: add a comment about the wl_shm.format script

Add a comment to wl_shm.format to advise contributors to use the automated
script (generate-shm-formats.py) instead of updating the list manually.

Signed-off-by: Simon Ser <contact@emersion.fr>

Add an automated script to update wl_shm.format

This prevents mismatches and missing formats between wl_shm.formats and
drm_fourcc.h.

The script collects DRM_FORMAT_* constants from drm_fourcc.h, compares the list
with the current wayland.xml entries (checking for any mismatch) and then
appends missing entries to wayland.xml.

Enum values are obtained by executing a generated C file which prints the
constants. There is no other reliable way to get these values as they are
defined via various macros.

There is no widespread Python library able to parse an XML file and format it
with all whitespace preserved. For this reason, we don't use an XML library to
create the new XML elements. Instead, we keep track of the line number of the
last wl_shm.format enum entry and add new entries right after. To be able to
read the line number of an element, we use lxml (the standard library doesn't
retain line number information).

Signed-off-by: Simon Ser <contact@emersion.fr>

Update .editorconfig for Python

This uses the idiomatic Python indentation rules.

Signed-off-by: Simon Ser <contact@emersion.fr>

client: check event opcode in queue_event

If the client binds to a global with an interface mismatch, it may receive an
event from the server with an unknown opcode. See [1].

Instead of crashing, print a more useful debug message and close the connection.

[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/113

Signed-off-by: Simon Ser <simon.ser@intel.com>

server: Fix fake "Address already in use" error

In the current workflow, socket file will be deleted if it already exists.
However, if the socket file is a symbolic link and the file that it refers
to doesn't exist, we will got "Address already in use" because bind()
thinks the socket file exists and won't create it.

Now, use lstat() to determine whether the socket file exists.

Signed-off-by: Liu Wenlong <liuwl.fnst@cn.fujitsu.com>

Improve description of wl_surface

The original text makes some assumptions about surfaces which may not be
true and fails to capture some details which are important to the
essential traits of a wl_surface.

Add .editorconfig

This is copied from Weston

Document unusual wl_registry.bind new_id behavior

When wayland-scanner encounters a new_id field with no corresponding
interface name defined, instead of emitting a function whose signature
lines up with the usual case (a uint32_t ID), it adds the interface name
as a string and the version number so that the interface can be
identified from the protcol message.

Without docs, this was previously left for the interprid wire protocol
implementor (e.g. me an hour ago) to discover when Wayland clients send
them apparently bogus messages.

I would have preferred if a different primitive type were used here
(e.g. typed_new_id) to reflect the fact that the wire protocol is
different, but I felt it unwise to add a new primitive to wayland.xml in
$current_year.

proxy: Add API to tag proxy objects

When an application and a toolkit share the same Wayland connection,
it will receive events with each others objects. For example if the
toolkit manages a set of surfaces, and the application another set, if
both the toolkit and application listen to pointer focus events,
they'll receive focus events for each others surfaces.

In order for the toolkit and application layers to identify whether a
surface is managed by itself or not, it cannot only rely on retrieving
the proxy user data, without going through all it's own proxy objects
finding whether it's one of them.

By adding the ability to "tag" a proxy object, the toolkit and
application can use the tag to identify what the user data pointer
points to something known.

To create a tag, the recommended way is to define a statically allocated
constant char array containing some descriptive string. The tag will be
the pointer to the non-const pointer to the beginning of the array.

For example, to identify whether a focus event is for a surface managed
by the code in question:

static const char *my_tag = "my tag";

static void
pointer_enter(void *data,
      struct wl_pointer *wl_pointer,
      uint32_t serial,
      struct wl_surface *surface,
      wl_fixed_t surface_x,
      wl_fixed_t surface_y)
{
struct window *window;
const char * const *tag;

tag = wl_proxy_get_tag((struct wl_proxy *) surface);

if (tag != &my_tag)
return;

window = wl_surface_get_user_data(surface);

...
}

...

static void
init_window_surface(struct window *window)
{
struct wl_surface *surface;

surface = wl_compositor_create_surface(compositor);
wl_surface_set_user_data(surface, window);
wl_proxy_set_tag((struct wl_proxy *) surface,
&my_tag);
}

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>

cursor: Use memfd_create() when available

This (so-far) Linux-only API lets users create file descriptors purely
in memory, without any backing file on the filesystem and the race
condition which could ensue when unlink()ing it.

It also allows seals to be placed on the file, ensuring to every other
process that we won’t be allowed to shrink the contents, potentially
causing a SIGBUS when they try reading it.

This patch is best viewed with the -w option of git log -p.

Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Simon Ser <contact@emersion.fr>

connection: do not abort when dup(fd) fails

Instead, cleanly exit wl_closure_marshal and let the caller handler
the error. For wayland-client, the sole calling function will call
wl_abort() anyway. For wayland-server, the calling function will
cleanly shutdown the client.

This change ensures that compositors run with low file descriptor
limits or internal leaks need not crash suddenly (and sometimes
far from the problem) when space runs out.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

wayland.xml: Make releases for multiple 'wl_surface.attach' undefined

Fixes #46

The way wl_buffer is specified makes this situation inherently racy,
meaning there is no way this can be done unambiguously. Current real
compositor implementations already have differing behaviour for this, so
any client relying on it was already broken, if any such client exists.

This specifically only singles out wl_buffer.release as being undefined;
every other aspect of it should still be valid. This is so existing and
correct uses of multiple attaches are still valid, where a
"static"/immutable wl_buffer is being used (i.e. they don't care about
the release event).

Signed-off-by: Scott Anderson <scott.anderson@collabora.com>

protocol: clarify wl_display.delete_id description

libwayland-server only sends wl_display.delete_id events when
it responds to a client's destruction of a client-allocated
object. server-allocated objects are silently removed, as per
`wl_resource_destroy`.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

Avoid pointer arithmetic on `void *`

The pointer operand to the binary `+` operator must be to a complete
object type. Since we are working with byte sizes, use `char *` for
arithmetic instead.

Signed-off-by: Michael Forney <mforney@mforney.org>

Use wl_container_of internally

Rather than have two versions of the macro with slightly different
interfaces, just use wl_container_of internally.

This also removes use of statement expressions, a GNU C extension.

Signed-off-by: Michael Forney <mforney@mforney.org>

Add a missing -pthread to fix compile with slibtool.

When compiling wayland with slibtool instead of GNU libtool
it will fail building libtest_runner with an undefined
reference to pthread_join@@GLIBC_2.2.5. This is because
-pthread (Or -lpthread) is missing from display_test. If its
added the build succeeds as expected with slibtool and
continues to work with libtool. Its likely that libtool is
hiding this failure by silently adding the missing flag which
is not uncommon...

Exposed in commit aa51a833eb9b3d8fb58a64ff685b249d65ec35b5.

Fixes https://gitlab.freedesktop.org/wayland/wayland/issues/91

Signed-off-by: orbea <orbea@riseup.net>

log: remove "%m" from format strings by using strerror(errno)

The printf() format specifier "%m" is a glibc extension to print
the string returned by strerror(errno). While supported by other
libraries (e.g. uClibc and musl), it is not widely portable.

In Wayland code the format string is often passed to a logging
function that calls other syscalls before the conversion of "%m"
takes place. If one of such syscall modifies the value in errno,
the conversion of "%m" will incorrectly report the error string
corresponding to the new value of errno.

Remove all the occurrences of the specifier "%m" in Wayland code
by using directly the string returned by strerror(errno).

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

tests: Verify that wayland_scanner can catch bad identifiers

The test runs wayland_scanner on a set of XML protocol files which
have malformed element names, and confirms that an error is produced
and indicates the correct line.

Copyright notifications are not included in the test files, as
they are not code; of course, the project license still applies.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

scanner: error when element names will not compile

This change checks that the "name" fields of the various structures in
a Wayland protocol XML file will be converted into C identifiers that
can be successfully compiled.

For names which will be inserted as the prefix of an identifier
enforce a match with [_a-zA-Z][_0-9a-zA-Z]* . For types only inserted
as the suffix of an identifier (enum, entry), enforce a format of
[_0-9a-zA-Z]+ .

Unicode characters (and escape sequences like \u0394) are not allowed,
because most older and some newer C compilers do not support them by
default.

For sake of simplicity, this patch does not check for collisions
with reserved words or standard library names.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>

protocol: allow to send a zero output refresh rate

Fixed refresh rate doesn't always make sense for all outputs. In case
it's not available or not relevant, allow compositors to send zero.

For instance the can be the case for virtual outputs.

Signed-off-by: Simon Ser <contact@emersion.fr>

wayland.xml: document invalid_finish error in wl_data_offer.finish

Explicitly state that the invalid_finish protocol error would be raised
when wl_data_offer.finish request is sent for non drag-and-drop
operations.

Signed-off-by: Harish Krupo <harishkrupo@gmail.com>

docs: Abort configure if docbook-xsl package is missing

The docbook-xsl package includes all the stylesheets required to build
the docs without internet access.

Test:
One way to emulate missing style sheets is to move /etc/xml/catalog file
to a different location. Doing so should cause configure to fail with
"checking for docbook stylesheets... no"

v2: add AC_MSG_RESULT (Pekka)

Signed-off-by: Harish Krupo <harishkrupo@gmail.com>

releasing: fixup section numbers

Signed-off-by: Simon Ser <contact@emersion.fr>

releasing: adapt for Wayland

Remove Weston-specific bits, strip off outdated instructions.

Signed-off-by: Simon Ser <contact@emersion.fr>

Add releasing.txt

This file is imported from Weston (commit 53d7c243).

Signed-off-by: Simon Ser <contact@emersion.fr>

configure.ac: reopen master for regular development

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>

configure: detect libdl and librt

Signed-off-by: Leonid Bobrov <mazocomp@disroot.org>

configure.ac: bump to version 1.17.0 for the official release

configure.ac: bump version to 1.16.93 for the RC1 release

Merge branch 'mr/request-bad-size' into 'master'

Fix demarshal of invalid size in message header

Closes #52

See merge request wayland/wayland!2

connection: fix demarshal of invalid header

The size argument to wl_connection_demarshal() is taken from the message by the
caller wl_client_connection_data(), therefore 'size' is untrusted data
controllable by a Wayland client. The size should always be at least the header
size, otherwise the header is invalid.

If the size is smaller than header size, it leads to reading past the end of
allocated memory. Furthermore if size is zero, wl_closure_init() changes
behaviour and leaves num_arrays uninitialized, leading to access of arbitrary
memory.

Check that 'size' fits at least the header. The space for arguments is already
properly checked.

This makes the request_bogus_size test free of errors under Valgrind.

Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/52

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>

tests: add request_bogus_size

This attempts to reproduce the error conditions from
https://gitlab.freedesktop.org/wayland/wayland/issues/52 and make it crash.
While the crash was repeatable in my tests, it depends on garbage on stack
leading to access of invalid memory, which is not guaranteed.

This is a FAIL_TEST, so that the following fix commit can be verified.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>

contributing: use Gitlab merge request workflow

The experience from Weston shows that the Gitlab merge request based workflow
works really well. Recently there have also been issues with the mailing list
that have made the email based workflow more painful than it used to be. Those
issues might have been temporary or occasional, but they probably are only
going to increase.

The MR workflow is different, it has its issues
(https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/74) and we
likely lose the explicit Reviewed-by etc. tags from commit messages, but it is
also much easier to work with: no more whitespace damaged patches, lost email,
setting up git-send-email; we gain automated CI before any human reviewer even
looks at anything, and people can jump in to an ongoing discussion even if they
weren't subscribed before.

If you still want email, you can subscribe to that selectively(!) in Gitlab
yourself.

This text has been copied from Weston's CONTRIBUTING.md of the 5.0.91 release
and slightly altered for Wayland.

Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/49

v2: fixed two left-over mentions of Weston

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
v1 Reviewed-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Scott Anderson <scott.anderson@collabora.com>
Acked-by: Ian Ray <ian.ray@ge.com>
Acked-by: Derek Foreman <derek.foreman.wayland@gmail.com>

wayland-util.h: add forward declaration for wl_object

The definition of wl_argument in wayland-util.h references wl_object,
so wl_object ought to be defined in wayland-util.h. This resolves
gitlab issue #78.

Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/78

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>

configure.ac: bump to version 1.16.92 for the beta release

tests: fix main symbol duplication

So far I got these errors before patching:

libtool: link: cc -o .libs/headers-test -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/headers-test.o tests/headers-protocol-test.o tests/headers-protocol-core-test.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib
ld: error: duplicate symbol: main
>>> defined at headers-test.c:53 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/headers-test.c:53)
>>>            tests/headers-test.o:(main)
>>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377)
>>>            test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a

libtool: link: cc -o .libs/exec-fd-leak-checker -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/exec-fd-leak-checker.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib
ld: error: duplicate symbol: main
>>> defined at exec-fd-leak-checker.c:57 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/exec-fd-leak-checker.c:57)
>>>            tests/exec-fd-leak-checker.o:(main)
>>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377)
>>>            test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a

Makefile.am: error: object 'tests/test-helpers.$(OBJEXT)' created both with libtool and without

libtool: link: cc -o .libs/fixed-benchmark -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/fixed-benchmark.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib
ld: error: duplicate symbol: main
>>> defined at fixed-benchmark.c:100 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/fixed-benchmark.c:100)
>>>            tests/fixed-benchmark.o:(main)
>>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377)
>>>            test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a

This commit fixes all of that.

Signed-off-by: Leonid Bobrov <mazocomp@disroot.org>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

protocol: warn clients about some wl_output properties

All wl_output properties don't always make sense for all
compositors.

Some compositors might not implement a "global compositor space",
(e.g. 3D compositors) in which case properties like x and y don't
make sense.

Some compositors might expose virtual outputs, in which case modes,
make and model are not relevant.

In a lot of these situations, information from xdg_output is better
suited.

Compositors also expose output refresh rate, which shouldn't be used
for synchronization purposes.

Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Derek Foreman <derek.foreman.wayland@gmail.com>

configure.ac: bump version to 1.16.91 for the alpha release

TODO: remove "SDL port", it's been done by now

Upstream SDL supports Wayland since v2.0.4 (June 2015):
https://forums.libsdl.org/viewtopic.php?t=11294

Just set SDL_VIDEODRIVER=wayland and SDL will do the right thing :)

Signed-off-by: Eric Engestrom <eric.engestrom@intel.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

Print NULL strings as "nil" in wl_closure_print

Calling printf("%s", NULL) is undefined behaviour.

Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

proto, server: Add internal server error message. (v2)

Many languages such as C++ or Rust have an unwinding error-reporting
mechanism. Code in these languages can (and must!) wrap request handling
callbacks in unwind guards to avoid undefined behaviour.

As a consequence such code will detect internal server errors, but have
no way to communicate such failures to the client.

This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that
such code can notify (and disconnect) clients which hit internal bugs.
While servers can currently abuse other wl_display errors for the same
effect, adding an explicit error code allows clients to tell the
difference between errors which are their fault and errors which are the
server's fault. This is particularly interesting for automated bug
reporting.

v2: Rename error from "internal" to "implementation", in sympathy with
X11's BadImplementation error.
Add more justification in the commit message.

Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

server: Split out varargs version of wl_resource_post_error.

This will allow other wrappers around wl_resource_post_error to accept
variable argument lists.

Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>

protocol: prefer wl_surface.damage_buffer

This commit makes wl_surface.damage_buffer preferred over wl_surface.damage.
wl_surface.damage can be implemented in a non-optimal way by the compositor
(e.g. by always damaging the whole buffer).

Having two requests makes it complicated for the compositor to handle damage,
making it necessary to transform one into the other's coordinates.

Moreover, integration with wp_viewporter is tricky.

Signed-off-by: Simon Ser <contact@emersion.fr>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

protocol: Bump seat to version 7 and require keymaps be private

Weston commit 76829fc4eaea329d2a525c3978271e13bd76c078 (and similar
commits for other compositors) protects the compositor's keyboard
mapping from client damage by duplicating the keymap for every
client.

On some systems there are other potential fixes for this - such as
using sealed memfds on linux - but we can't use them since
essentially all client code anywhere has mapped the keyboard map
with a MAP_SHARED mmap() call.

While we can't break years worth of code, we can require any future
clients to use MAP_PRIVATE if they use a seat version above 6.

If a compositor can't use sealing or a similar facility, it should
still protect itself with copied keymaps, but clients must always
assume shared mapping of a keymap will fail.

Signed-off-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Philipp Kerling <pkerling@casix.org>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

tests: Remove memory leak checking infrastructure

There are far better ways to detect memory leaks, such as either
valgrind or ASan. Having Meson makes it really easy to use these tools
in our tests, and we can do that in CI as well.

Having these local wrappers actually completely broke ASan usage, so
remove them in favour of using the more powerful options.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

tests: Overly elaborate compiler warning workaround

Clang will rightly point out that example_sockaddr_un in socket-test
will get discarded from the compilation unit as it is completely unused.
Put in a couple of lines which of no value other than stopping Clang
from complaining.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

tests: Use volatile pointer for NULL dereference

Clang warns that it can silently discard a non-volatile write to a NULL
pointer (perhaps it constitutes undefined behaviour?), and recommends
changing it to volatile.

This patch slavishly complies with the demand of the unfeeling machine.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

scanner: Reverse expat/libxml include order

libxml2 unconditonally defines XMLCALL to nothing. Expat does not
redefine XMLCALL if it is already defined, but if it is not, and we are
building with gcc on i386 (not x86-64), it will define it as 'cdecl'.

Including Expat before libxml thus results in a warning about XMLCALL
being redefined. Luckily we can get around this by just reversing the
include order: cdecl is a no-op on Unix-like systems, so by having
libxml first define XMLCALL to nothing and including Expat afterwards,
we avoid the warning and lose nothing.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

scanner: Mark fail() as noreturn

Help static analysers by letting them know that once we fail(),
execution will terminally complete.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

scanner: Plug two memory leaks

Found with both ASan leak sanitizer and Valgrind. We were trivially
leaking the enum name for every arg parsed by the scanner which had one.
If libxml-based DTD validation was enabled, we would also leak the DTD
itself, despite diligently freeing the document, context, etc.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

configure.ac: Reopen master for regular development

configure.ac: bump to version 1.16.0 for the official release

tests: Demarshalling of very long array/string lengths.

Attempting to demarshal message with array or string longer than its
body should return failure. Handling the length correctly is tricky when
it gets to near-UINT32_MAX values. Unexpected overflows can cause
crashes and other security issues.

These tests verify that demarshalling such message gives failure instead
of crash.

v2: Added consts, serialized opcode and size properly, updated style.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>

configure.ac: bump to version 1.15.94 for the RC2 release

connection: Prevent pointer overflow from large lengths.

If the remote side sends sufficiently large `length` field, it will
overflow the `p` pointer. Technically it is undefined behavior, in
practice it makes `p < end`, so the length check passes. Attempts to
access the data later causes crashes.

This issue manifests only on 32bit systems, but the behavior is
undefined everywhere.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

connection: Prevent integer overflow in DIV_ROUNDUP.

The DIV_ROUNDUP macro would overflow when trying to round values higher
than MAX_UINT32 - (a - 1). The result is 0 after the division. This is
potential security issue when demarshalling an array because the length
check is performed with the overflowed value, but then the original huge
value is stored for later use.

The issue was present only on 32bit platforms. The use of size_t in the
DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit
systems.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Style changes by Derek Foreman

configure.ac: bump to version 1.15.93 for the RC1 release

contributing: Weston now uses GitLab MRs

Note that Weston uses GitLab MRs for review, not mail.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

configure.ac: bump to version 1.15.92 for the beta release

spec: Delete old unused directory

The protocol spec used to live here, but it's now part of the regular
doc build. The PNG files are created as part of the doc build. Delete
the pre-generated versions.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

build: Remove support for non-pkg-config Expat

The Expat XML library has shipped a pkg-config file for long enough to
be in Debian's oldstable (Jessie, April 2015) and Ubuntu's oldest
supported LTS (Trusty, 14.04). The pkg-config file was added in Expat
upstream's commit 352cfc8f59a7, in September 2007.

Drop build support for versions of Expat which do not ship a
pkg-config file.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>

build: Remove execinfo.h check

The check for the execinfo.h header is only advisory; the build will not
fail if it is not present, and set HAVE_EXECINFO_H if it is. The check
was added in commit bc3e020475e ("build: Add declaration checks to check for
required syscall flags") with no obvious use or reasoning.

Remove the no-op check.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>

wayland-server: Finally remove deprecated struct wl_buffer definition

commit d94a8722cb29d8b897672be66ff3c9ff79eab6fe
warned this was coming, back in 2013.

I've seen libraries that have wayland client and server using functions
in the same file. Since struct wl_buffer still exists as an opaque
entity in client code, the vestigial deprecated wl_buffer from the
server include will generate warnings when not building with
WL_HIDE_DEPRECATED.

Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Acked-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>

protocol: allow to send a zero physical output size

Physical size doesn't always make sense for all outputs. In case
it's not available or not relevant, allow compositors to send zero.

Acked-by: Daniel Stone <daniels@collabora.com>
Acked-by: Jonas Ådahl <jadahl@gmail.com>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>

configure.ac: bump to version 1.15.91 for the alpha release

contributing: document the release cycle freezes

These should be the conventions we have been using since 1.0, written
down more accurately.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

contributing: about re-sending patches

This is what is generally expected from people who re-send patches,
whether the patches are their own or not.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

contributing: review rules for bugs

Half of the ideas came from Daniel but most of them are reworded, the
rest are my thoughts.

Mention compiler warnings specifically, and be more explicit on what
kind of code or bugs or bug fixes are acceptable or not. Clarify commit
scope.

v2: move the "In a patch series" rule to the bottom, reworded.

Cc: Daniel Stone <daniels@collabora.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

contributing: how to read the review rules

This is to avoid fighting around the letter of the guidelines. This is
not a protocol spec.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

client: remove definition of wl_global

Nothing on the client side uses it since
9fe75537ad207c1496e6d9be41a8f5af4b876506 which was just before the 0.99
release.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-By: Markus Ongyerth <wl@ongy.net>

doc: update IANA MIME types registry URL

Use a more official one, served over HTTP rather than FTP.

Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

contributing: commit rights

This has been copied from
https://cgit.freedesktop.org/xorg/app/intel-gpu-tools/tree/CONTRIBUTING?id=eccae1360d6d01e73c6af2bd97122cef708207ef
and slightly edited to better with Wayland and Weston.

The intention is to make it easier to give out commit access to new
people, let them know what is expected of them, and help the community
to grow. Hopefully this will in time improve the patch review throughput
and timeliness.

The original text was introduced in
https://cgit.freedesktop.org/xorg/app/intel-gpu-tools/commit/CONTRIBUTING?id=0350f0e7f6a0e07281445fc3082aa70419f4aac7

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

contributing: add review guidelines

This sets up the standards for patch review, and defines when a patch
can be merged. I believe these are the practises we have been using
already for a long time, now they are just written down explicitly.

It's not an exhaustive list of criteria and likely cannot ever be, but
it should give a good idea of what level of review we want to have.

It has been written in general terms, so that we can easily apply the
same text not just to Wayland, but also Weston and other projects as
necessary.

This addition is not redundant with
https://wayland.freedesktop.org/reviewing.html .

The web page is a friendly introduction and encouragement for people to
get involved. The guidelines here are more specific and aimed for people
who seek commit rights or maintainership.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

.gitlab-ci.yml: collect the distcheck error logs

Currently we issue both check and distcheck, as reportedly there has
been cases in the past one works, while the other doesn't.

Yet we only collect the check artefacts (test logs).

Correct that, by picking the distcheck ones as well.
Note: the build-*/wayland*/ directory is purged by distcheck if it runs
successfully.

Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

contributing: format as markdown

Format for nice viewing through Gitlab.

Conduct and Licensing were raised to first level headings as they are
not technical guidelines for contributing patches. It's nice to use the
first level headings more.

Reformat patchwork link and add Xorg patchwork link for Xwayland.

v2: Unfortunately Gitlab harcodes a tab character to mean 4 spaces, so we
cannot reasonably spell the coding style examples correctly. Hence, tab
characters have been replaced with eight spaces so that they at least
look right in both the file and through gitlab web UI.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>

doc: move Contributing

Gitlab expects a CONTRIBUTING.md in the root directory, so move our
guide there.

Conversion to proper markup is a follow-up patch.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>

doc: Update URLs for GitLab transition

Update bug and Git URLs for GitLab; the site has also been served over
HTTPS for quite some time.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

scanner: allow referencing foreign enums

It's already possible to reference foreign interfaces, so it
should also be possible to reference foreign enums.

Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Silvan Jegen <s.jegen@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>