Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xwayland for openSUSE:Factory checked in at 2023-04-02 19:16:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xwayland (Old) and /work/SRC/openSUSE:Factory/.xwayland.new.9019 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xwayland" Sun Apr 2 19:16:55 2023 rev:21 rq:1076662 version:23.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/xwayland/xwayland.changes 2023-03-25 18:54:44.278469976 +0100 +++ /work/SRC/openSUSE:Factory/.xwayland.new.9019/xwayland.changes 2023-04-02 19:16:59.944409956 +0200 @@ -1,0 +2,23 @@ +Sat Apr 1 11:35:04 UTC 2023 - Bjørn Lie <[email protected]> + +- Update to version 23.1.1 (CVE-2023-1393): + + This release contains the fix for CVE-2023-1393. + + xkbUtils: use existing symbol names instead of deleted + deprecated ones + + glamor: Don't glFlush/ctx switch unless any work has been + performed + + xwayland: + - Refactor xwl_present_for_each_frame_callback helper + - Prevent nested xwl_present_for_each_frame_callback calls + + composite: Fix use-after-free of the COW +- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch: + Fixed upstream. + +------------------------------------------------------------------- +Thu Mar 23 12:32:18 UTC 2023 - Stefan Dirsch <[email protected]> + +- U_xserver-composite-Fix-use-after-free-of-the-COW.patch + * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866, + bsc#1209543) + +------------------------------------------------------------------- Old: ---- xwayland-23.1.0.tar.xz xwayland-23.1.0.tar.xz.sig New: ---- xwayland-23.1.1.tar.xz xwayland-23.1.1.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xwayland.spec ++++++ --- /var/tmp/diff_new_pack.mW7ouO/_old 2023-04-02 19:17:00.344411965 +0200 +++ /var/tmp/diff_new_pack.mW7ouO/_new 2023-04-02 19:17:00.348411985 +0200 @@ -24,7 +24,7 @@ %endif Name: xwayland -Version: 23.1.0 +Version: 23.1.1 Release: 0 URL: http://xorg.freedesktop.org Summary: Xwayland Xserver @@ -65,7 +65,7 @@ BuildRequires: pkgconfig(resourceproto) BuildRequires: pkgconfig(scrnsaverproto) BuildRequires: pkgconfig(videoproto) -BuildRequires: pkgconfig(wayland-client) +BuildRequires: pkgconfig(wayland-client) >= 1.21.0 BuildRequires: pkgconfig(wayland-protocols) %if 0%{?have_wayland_eglstream} == 1 BuildRequires: pkgconfig(wayland-eglstream-protocols) ++++++ xwayland-23.1.0.tar.xz -> xwayland-23.1.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/composite/compwindow.c new/xwayland-23.1.1/composite/compwindow.c --- old/xwayland-23.1.0/composite/compwindow.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/composite/compwindow.c 2023-03-29 14:26:36.000000000 +0200 @@ -620,6 +620,11 @@ ret = (*pScreen->DestroyWindow) (pWin); cs->DestroyWindow = pScreen->DestroyWindow; pScreen->DestroyWindow = compDestroyWindow; + + /* Did we just destroy the overlay window? */ + if (pWin == cs->pOverlayWin) + cs->pOverlayWin = NULL; + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/glamor/glamor.c new/xwayland-23.1.1/glamor/glamor.c --- old/xwayland-23.1.0/glamor/glamor.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/glamor/glamor.c 2023-03-29 14:26:36.000000000 +0200 @@ -271,9 +271,7 @@ glamor_block_handler(ScreenPtr screen) { glamor_screen_private *glamor_priv = glamor_get_screen_private(screen); - - glamor_make_current(glamor_priv); - glFlush(); + glamor_flush(glamor_priv); } static void @@ -281,8 +279,7 @@ { glamor_screen_private *glamor_priv = glamor_get_screen_private(screen); - glamor_make_current(glamor_priv); - glFlush(); + glamor_flush(glamor_priv); screen->BlockHandler = glamor_priv->saved_procs.block_handler; screen->BlockHandler(screen, timeout); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/glamor/glamor_priv.h new/xwayland-23.1.1/glamor/glamor_priv.h --- old/xwayland-23.1.0/glamor/glamor_priv.h 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/glamor/glamor_priv.h 2023-03-29 14:26:36.000000000 +0200 @@ -314,6 +314,7 @@ Bool suppress_gl_out_of_memory_logging; Bool logged_any_fbo_allocation_failure; Bool logged_any_pbo_allocation_failure; + Bool dirty; /* xv */ glamor_program xv_prog; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/glamor/glamor_sync.c new/xwayland-23.1.1/glamor/glamor_sync.c --- old/xwayland-23.1.0/glamor/glamor_sync.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/glamor/glamor_sync.c 2023-03-29 14:26:36.000000000 +0200 @@ -52,8 +52,7 @@ struct glamor_sync_fence *glamor_fence = glamor_get_sync_fence(fence); /* Flush pending rendering operations */ - glamor_make_current(glamor); - glFlush(); + glamor_flush(glamor); fence->funcs.SetTriggered = glamor_fence->set_triggered; fence->funcs.SetTriggered(fence); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/glamor/glamor_utils.h new/xwayland-23.1.1/glamor/glamor_utils.h --- old/xwayland-23.1.0/glamor/glamor_utils.h 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/glamor/glamor_utils.h 2023-03-29 14:26:36.000000000 +0200 @@ -672,6 +672,17 @@ lastGLContext = glamor_priv->ctx.ctx; glamor_priv->ctx.make_current(&glamor_priv->ctx); } + glamor_priv->dirty = TRUE; +} + +static inline void +glamor_flush(glamor_screen_private *glamor_priv) +{ + if (glamor_priv->dirty) { + glamor_make_current(glamor_priv); + glFlush(); + glamor_priv->dirty = FALSE; + } } static inline BoxRec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/hw/xwayland/xwayland-present.c new/xwayland-23.1.1/hw/xwayland/xwayland-present.c --- old/xwayland-23.1.0/hw/xwayland/xwayland-present.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/hw/xwayland/xwayland-present.c 2023-03-29 14:26:36.000000000 +0200 @@ -89,6 +89,33 @@ return (struct xwl_present_event*)(uintptr_t)event_id; } +static Bool entered_for_each_frame_callback; + +Bool +xwl_present_entered_for_each_frame_callback(void) +{ + return entered_for_each_frame_callback; +} + +void +xwl_present_for_each_frame_callback(struct xwl_window *xwl_window, + void iter_func(struct xwl_present_window *)) +{ + struct xwl_present_window *xwl_present_window, *tmp; + + if (entered_for_each_frame_callback) + FatalError("Nested xwl_present_for_each_frame_callback call"); + + entered_for_each_frame_callback = TRUE; + + xorg_list_for_each_entry_safe(xwl_present_window, tmp, + &xwl_window->frame_callback_list, + frame_callback_list) + iter_func(xwl_present_window); + + entered_for_each_frame_callback = FALSE; +} + static void xwl_present_free_timer(struct xwl_present_window *xwl_present_window) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/hw/xwayland/xwayland-present.h new/xwayland-23.1.1/hw/xwayland/xwayland-present.h --- old/xwayland-23.1.0/hw/xwayland/xwayland-present.h 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/hw/xwayland/xwayland-present.h 2023-03-29 14:26:36.000000000 +0200 @@ -61,6 +61,9 @@ PixmapPtr pixmap; }; +Bool xwl_present_entered_for_each_frame_callback(void); +void xwl_present_for_each_frame_callback(struct xwl_window *xwl_window, + void iter_func(struct xwl_present_window *)); void xwl_present_reset_timer(struct xwl_present_window *xwl_present_window); void xwl_present_frame_callback(struct xwl_present_window *xwl_present_window); Bool xwl_present_init(ScreenPtr screen); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/hw/xwayland/xwayland-window.c new/xwayland-23.1.1/hw/xwayland/xwayland-window.c --- old/xwayland-23.1.0/hw/xwayland/xwayland-window.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/hw/xwayland/xwayland-window.c 2023-03-29 14:26:36.000000000 +0200 @@ -1090,15 +1090,8 @@ xwl_dmabuf_feedback_destroy(&xwl_window->feedback); #ifdef GLAMOR_HAS_GBM - if (xwl_screen->present) { - struct xwl_present_window *xwl_present_window, *tmp; - - xorg_list_for_each_entry_safe(xwl_present_window, tmp, - &xwl_window->frame_callback_list, - frame_callback_list) { - xwl_present_unrealize_window(xwl_present_window); - } - } + if (xwl_window->xwl_screen->present) + xwl_present_for_each_frame_callback(xwl_window, xwl_present_unrealize_window); #endif release_wl_surface_for_window(xwl_window); @@ -1234,13 +1227,14 @@ #ifdef GLAMOR_HAS_GBM if (xwl_window->xwl_screen->present) { - struct xwl_present_window *xwl_present_window, *tmp; + xwl_present_for_each_frame_callback(xwl_window, xwl_present_frame_callback); - xorg_list_for_each_entry_safe(xwl_present_window, tmp, - &xwl_window->frame_callback_list, - frame_callback_list) { - xwl_present_frame_callback(xwl_present_window); - } + /* If xwl_window_create_frame_callback was called from + * xwl_present_frame_callback, need to make sure all fallback timers + * are adjusted correspondingly. + */ + if (xwl_window->frame_callback) + xwl_present_for_each_frame_callback(xwl_window, xwl_present_reset_timer); } #endif } @@ -1257,15 +1251,12 @@ xwl_window); #ifdef GLAMOR_HAS_GBM - if (xwl_window->xwl_screen->present) { - struct xwl_present_window *xwl_present_window, *tmp; - - xorg_list_for_each_entry_safe(xwl_present_window, tmp, - &xwl_window->frame_callback_list, - frame_callback_list) { - xwl_present_reset_timer(xwl_present_window); - } - } + /* If we get called from frame_callback, it will take care of calling + * xwl_present_reset_timer. + */ + if (xwl_window->xwl_screen->present && + !xwl_present_entered_for_each_frame_callback()) + xwl_present_for_each_frame_callback(xwl_window, xwl_present_reset_timer); #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/meson.build new/xwayland-23.1.1/meson.build --- old/xwayland-23.1.0/meson.build 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/meson.build 2023-03-29 14:26:36.000000000 +0200 @@ -3,10 +3,10 @@ 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '23.1.0', + version: '23.1.1', meson_version: '>= 0.52.0', ) -release_date = '2023-03-22' +release_date = '2023-03-29' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.1.0/xkb/xkbUtils.c new/xwayland-23.1.1/xkb/xkbUtils.c --- old/xwayland-23.1.0/xkb/xkbUtils.c 2023-03-22 14:53:57.000000000 +0100 +++ new/xwayland-23.1.1/xkb/xkbUtils.c 2023-03-29 14:26:36.000000000 +0200 @@ -901,9 +901,9 @@ break; case 6: /* Cyrillic */ /* Assume the KeySym is a legal value (ignore discontinuities) */ - if (sym >= XK_Serbian_DJE && sym <= XK_Serbian_DZE) + if (sym >= XK_Serbian_DJE && sym <= XK_Cyrillic_DZHE) *lower -= (XK_Serbian_DJE - XK_Serbian_dje); - else if (sym >= XK_Serbian_dje && sym <= XK_Serbian_dze) + else if (sym >= XK_Serbian_dje && sym <= XK_Cyrillic_dzhe) *upper += (XK_Serbian_DJE - XK_Serbian_dje); else if (sym >= XK_Cyrillic_YU && sym <= XK_Cyrillic_HARDSIGN) *lower -= (XK_Cyrillic_YU - XK_Cyrillic_yu);
