so memset_s still doesn't get detected (add a check anyway), but there
are other alternatives, so detect and use them if found
(explicit_bzero, explicit_memset) in addition to the generally
"practically works" memset ptr method we had and.. just to be extra
safe add an asm memory barrier to this fallback. also.. mlock the
passwd memory in lokker (if it doesn't work - don't worry - there is
nothing we can do, so we did our best) to avoid this memory gettign
swapped etc.
x11 modifier handling in events is broken: the modifier state is the state from
before the event, meaning that pressing caps lock will never result in an event where
the modifier is not set in the corresponding event
wayland handles this more sensibly, though it should be detected on key up rather
than key down
fix T5737
key presses during desklock should only be received by the lock implementation
and not by any other handler. this ensures that nothing unexpected can happen
with focus and simplifies overall key handling
previously characters such as tab would be injected into the entry when pressed.
this is the same check which is used in various other places in efl for string
validation
Optimising compilers (like gcc/clang with -O1 or above) were optimising
out the memset(). Until link time optimisations are good enough, this
will prevent them from doing so. The best solution would be to use
memset_s() (c11), though it's not readily available yet. This is the
first step towards using memset_s() with a fallback for systems who
don't have it. A better solution, is to put it in Eina, to prevent LTO
completely. This will have to be done after the EFL release.
Even this is not entirely safe though, but at least it protects us from
some memory disclosure issues.
This doesn't solve the fact that we may store a copy of the password in
other places, like the input system. We need to address that too.
Thanks to Matthew Garrett for pointing this out or Twitter.
Summary:
This fixes the inconsistency in the "Caps Lock is On" hint, if you press
Caps-Lock when lokker is busy with checking the password
(LOKKER_STATE_CHECKING).
Test Plan:
1. Lock the screen
2. Enter invalid password (and press Enter)
3. During password check, press Caps-Lock
The "Caps-Lock is On" should be consistent with the actual Caps-Lock
state.
@fix
Reviewers: zmike
Subscribers: cedric
Differential Revision: https://phab.enlightenment.org/D2171
first place anyway. shoudl replace the entire dialgo one at a time by
an elm version not try and stuff elm widgets into where e widgets used
to be. this doesnt improve e's config dialogs, just makes them buggy
as all hell in the name of a move to elm.
Revert "e_widget_button -> elm_button conversion"
This reverts commit b1c976d80d.
Revert "update widget size hints when setting a resize object"
This reverts commit fdab0218b2.
Revert "remove no-longer-necessary size hinting in list widgets"
This reverts commit 21479f5019.
Revert "e_widget_textblock -> elm_entry conversion"
This reverts commit 8fe2f00f75.
Revert "e frame -> elm_frame conversion"
This reverts commit e9da6a02fc.
Revert "remove unnecessary size hinting"
This reverts commit b596623efd.
Revert "e_label -> elm_label conversion"
This reverts commit 049b318679.
Revert "set evas size hint min in widget min size"
This reverts commit 2f09aa2fda.
Revert "e_table -> elm_table conversion"
This reverts commit 6434012982.
Revert "remove unused vars"
This reverts commit b19e706b23.
there is only one E_Comp which can now be accessed by the e_comp global.
if you're editing a file with some uses of these deprecated functions, replace their usages with appropriate references to this variable
pass -Wno-deprecated-declarations to ignore these warnings during build
users should keep in mind that this is not the fort knox of password storage, and someone who copies your config file could rainbow table a short password stored with this hash very easily. at some point in the future, if someone has the interest and time, perhaps this can be improved
fix T1627
after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen
desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen