commit xwayland for openSUSE:Factory

Source-Sync Sun, 01 Jan 2023 00:38:43 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xwayland for openSUSE:Factory 
checked in at 2023-01-01 09:38:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xwayland (Old)
 and      /work/SRC/openSUSE:Factory/.xwayland.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "xwayland"

Sun Jan  1 09:38:28 2023 rev:18 rq:1045936 version:22.1.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/xwayland/xwayland.changes        2022-12-15 
19:24:19.683756875 +0100
+++ /work/SRC/openSUSE:Factory/.xwayland.new.1563/xwayland.changes      
2023-01-01 09:38:34.586685932 +0100
@@ -1,0 +2,33 @@
+Sat Dec 31 15:51:38 UTC 2022 - Stefan Dirsch <sndir...@suse.com>
+
+- Update to version 22.1.7
+  * This release fixes an invalid event type mask in 
+    XTestSwapFakeInput which was inadvertently changed from octal
+    0177 to hexadecimal 0x177 in the fix for CVE-2022-46340.
+
+-------------------------------------------------------------------
+Thu Dec 15 15:15:47 UTC 2022 - BjÃ¸rn Lie <bjorn....@gmail.com>
+
+- Update to version 22.1.6:
+  * Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,
+    CVE-2022-46343, CVE-2022-46344, CVE-2022-4283.
+  * Xtest: disallow GenericEvents in XTestSwapFakeInput
+  * Xi: disallow passive grabs with a detail > 255
+  * Xext: free the XvRTVideoNotify when turning off from the same
+    client
+  * Xext: free the screen saver resource when replacing it
+  * Xi: return an error from XI property changes if verification
+    failed
+  * Xi: avoid integer truncation in length check of
+    ProcXIChangeProperty
+  * xkb: reset the radio_groups pointer to NULL after freeing it
+- Drop patches fixed upstream:
+  * U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
+  * U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
+  * U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
+  * U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
+  * U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
+  * U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
+  * U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
+
+-------------------------------------------------------------------

Old:
----
  U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
  U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
  U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
  U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
  U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
  U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
  U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
  xwayland-22.1.5.tar.xz
  xwayland-22.1.5.tar.xz.sig

New:
----
  xwayland-22.1.7.tar.xz
  xwayland-22.1.7.tar.xz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xwayland.spec ++++++
--- /var/tmp/diff_new_pack.VCDhm3/_old  2023-01-01 09:38:35.222689410 +0100
+++ /var/tmp/diff_new_pack.VCDhm3/_new  2023-01-01 09:38:35.226689432 +0100
@@ -24,22 +24,16 @@
 %endif
 
 Name:           xwayland
-Version:        22.1.5
+Version:        22.1.7
 Release:        0
-URL:            http://xorg.freedesktop.org/
+URL:            http://xorg.freedesktop.org
 Summary:        X
 License:        MIT
 Group:          System/X11/Servers/XF86_4
 Source0:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz
 Source1:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig
 Source2:        xwayland.keyring
-Patch1205874:   U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
-Patch1205875:   
U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
-Patch1205876:   
U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
-Patch1205877:   U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
-Patch1205878:   
U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
-Patch1205879:   
U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
-Patch1206017:   
U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
+
 BuildRequires:  meson
 BuildRequires:  ninja
 BuildRequires:  pkgconfig

++++++ xwayland-22.1.5.tar.xz -> xwayland-22.1.7.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/Xext/saver.c 
new/xwayland-22.1.7/Xext/saver.c
--- old/xwayland-22.1.5/Xext/saver.c    2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/Xext/saver.c    2022-12-19 10:17:57.000000000 +0100
@@ -1051,7 +1051,7 @@
         pVlist++;
     }
     if (pPriv->attr)
-        FreeScreenAttr(pPriv->attr);
+        FreeResource(pPriv->attr->resource, AttrType);
     pPriv->attr = pAttr;
     pAttr->resource = FakeClientID(client->index);
     if (!AddResource(pAttr->resource, AttrType, (void *) pAttr))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/Xext/xtest.c 
new/xwayland-22.1.7/Xext/xtest.c
--- old/xwayland-22.1.5/Xext/xtest.c    2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/Xext/xtest.c    2022-12-19 10:17:57.000000000 +0100
@@ -502,10 +502,11 @@
 
     nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent);
     for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) {
+        int evtype = ev->u.u.type & 0177;
         /* Swap event */
-        proc = EventSwapVector[ev->u.u.type & 0177];
+        proc = EventSwapVector[evtype];
         /* no swapping proc; invalid event type? */
-        if (!proc || proc == NotImplemented) {
+        if (!proc || proc == NotImplemented || evtype == GenericEvent) {
             client->errorValue = ev->u.u.type;
             return BadValue;
         }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/Xext/xvmain.c 
new/xwayland-22.1.7/Xext/xvmain.c
--- old/xwayland-22.1.5/Xext/xvmain.c   2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/Xext/xvmain.c   2022-12-19 10:17:57.000000000 +0100
@@ -811,8 +811,10 @@
         tpn = pn;
         while (tpn) {
             if (tpn->client == client) {
-                if (!onoff)
+                if (!onoff) {
                     tpn->client = NULL;
+                    FreeResource(tpn->id, XvRTVideoNotify);
+                }
                 return Success;
             }
             if (!tpn->client)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/Xi/xipassivegrab.c 
new/xwayland-22.1.7/Xi/xipassivegrab.c
--- old/xwayland-22.1.5/Xi/xipassivegrab.c      2022-11-02 10:01:42.000000000 
+0100
+++ new/xwayland-22.1.7/Xi/xipassivegrab.c      2022-12-19 10:17:57.000000000 
+0100
@@ -137,6 +137,12 @@
         return BadValue;
     }
 
+    /* XI2 allows 32-bit keycodes but thanks to XKB we can never
+     * implement this. Just return an error for all keycodes that
+     * cannot work anyway, same for buttons > 255. */
+    if (stuff->detail > 255)
+        return XIAlreadyGrabbed;
+
     if (XICheckInvalidMaskBits(client, (unsigned char *) &stuff[1],
                                stuff->mask_len * 4) != Success)
         return BadValue;
@@ -207,14 +213,8 @@
                                 &param, XI2, &mask);
             break;
         case XIGrabtypeKeycode:
-            /* XI2 allows 32-bit keycodes but thanks to XKB we can never
-             * implement this. Just return an error for all keycodes that
-             * cannot work anyway */
-            if (stuff->detail > 255)
-                status = XIAlreadyGrabbed;
-            else
-                status = GrabKey(client, dev, mod_dev, stuff->detail,
-                                 &param, XI2, &mask);
+            status = GrabKey(client, dev, mod_dev, stuff->detail,
+                             &param, XI2, &mask);
             break;
         case XIGrabtypeEnter:
         case XIGrabtypeFocusIn:
@@ -333,6 +333,12 @@
         client->errorValue = stuff->detail;
         return BadValue;
     }
+
+    /* We don't allow passive grabs for details > 255 anyway */
+    if (stuff->detail > 255) {
+        client->errorValue = stuff->detail;
+        return BadValue;
+    }
 
     rc = dixLookupWindow(&win, stuff->grab_window, client, DixSetAttrAccess);
     if (rc != Success)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/Xi/xiproperty.c 
new/xwayland-22.1.7/Xi/xiproperty.c
--- old/xwayland-22.1.5/Xi/xiproperty.c 2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/Xi/xiproperty.c 2022-12-19 10:17:57.000000000 +0100
@@ -890,7 +890,7 @@
     REQUEST(xChangeDevicePropertyReq);
     DeviceIntPtr dev;
     unsigned long len;
-    int totalSize;
+    uint64_t totalSize;
     int rc;
 
     REQUEST_AT_LEAST_SIZE(xChangeDevicePropertyReq);
@@ -902,6 +902,8 @@
 
     rc = check_change_property(client, stuff->property, stuff->type,
                                stuff->format, stuff->mode, stuff->nUnits);
+    if (rc != Success)
+        return rc;
 
     len = stuff->nUnits;
     if (len > (bytes_to_int32(0xffffffff - sizeof(xChangeDevicePropertyReq))))
@@ -1128,7 +1130,7 @@
 {
     int rc;
     DeviceIntPtr dev;
-    int totalSize;
+    uint64_t totalSize;
     unsigned long len;
 
     REQUEST(xXIChangePropertyReq);
@@ -1141,6 +1143,9 @@
 
     rc = check_change_property(client, stuff->property, stuff->type,
                                stuff->format, stuff->mode, stuff->num_items);
+    if (rc != Success)
+        return rc;
+
     len = stuff->num_items;
     if (len > bytes_to_int32(0xffffffff - sizeof(xXIChangePropertyReq)))
         return BadLength;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/dix/property.c 
new/xwayland-22.1.7/dix/property.c
--- old/xwayland-22.1.5/dix/property.c  2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/dix/property.c  2022-12-19 10:17:57.000000000 +0100
@@ -205,7 +205,8 @@
     WindowPtr pWin;
     char format, mode;
     unsigned long len;
-    int sizeInBytes, totalSize, err;
+    int sizeInBytes, err;
+    uint64_t totalSize;
 
     REQUEST(xChangePropertyReq);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/meson.build 
new/xwayland-22.1.7/meson.build
--- old/xwayland-22.1.5/meson.build     2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/meson.build     2022-12-19 10:17:57.000000000 +0100
@@ -3,10 +3,10 @@
             'buildtype=debugoptimized',
             'c_std=gnu99',
         ],
-        version: '22.1.5',
+        version: '22.1.7',
         meson_version: '>= 0.47.0',
 )
-release_date = '2021-07-05'
+release_date = '2022-12-19'
 
 add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc'])
 cc = meson.get_compiler('c')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/xwayland-22.1.5/xkb/xkbUtils.c 
new/xwayland-22.1.7/xkb/xkbUtils.c
--- old/xwayland-22.1.5/xkb/xkbUtils.c  2022-11-02 10:01:42.000000000 +0100
+++ new/xwayland-22.1.7/xkb/xkbUtils.c  2022-12-19 10:17:57.000000000 +0100
@@ -1327,6 +1327,7 @@
         }
         else {
             free(dst->names->radio_groups);
+            dst->names->radio_groups = NULL;
         }
         dst->names->num_rg = src->names->num_rg;

commit xwayland for openSUSE:Factory

Reply via email to