[Git][xorg-team/xserver/xorg-server][upstream-unstable] 44 commits: xkb: Fix heap overflow caused by optimized away min.

[Timo Aaltonen]

Timo Aaltonen pushed to branch upstream-unstable at X Strike Force / xserver / 
xorg-server


Commits:
c17872d5 by Michal Srb at 2020-12-16T10:14:12+01:00
xkb: Fix heap overflow caused by optimized away min.

Calling strlen on char[4] that does not need to contain '\0' is wrong 
and X
server may end up running into uninitialized memory.

In addition GCC 8 is clever enough that it knows that strlen on char[4] can
return 0, 1, 2, 3 or cause undefined behavior. With this knowledge it can
optimize away the min(..., 4). In reality it can cause the memcpy to be called
with bigger size than 4 and overflow the destination buffer.

Fixes: 83913de25d35 (xkb: Silence some compiler warnings)
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/288
Signed-off-by: Matt Turner <matts...@gmail.com>
(cherry picked from commit 74627d13c75cab7aa73c0e713feae0934e780ba0)

- - - - -
b09f5f42 by Mariusz Ceier at 2020-12-16T10:14:12+01:00
xwayland: Replace LogMessage with LogMessageVerb

LogMessage logs only when the XLOG_VERBOSITY is >= 1, but by default
XLOG_VERBOSITY is 0.

Signed-off-by: Mariusz Ceier <mceier+freedesk...@gmail.com>
(cherry picked from commit 95539ab37baa1292d1f2daaa552f9741b0364cad)

- - - - -
f5df31c7 by Fabrice Fontaine at 2020-12-16T10:14:12+01:00
meson.build: KMS support also depends on dri2

Kernel modesettings support also depends on dri2, see
./hw/xfree86/drivers/modesetting/meson.build

So update meson.build to reflect the changes made in configure.ac by
commit 9c81b8f5b5d7bc987f73e8ef01a81e61205e58ee

Signed-off-by: Fabrice Fontaine <fontaine.fabr...@gmail.com>
(cherry picked from commit 5d73a8b59e0d01d1ee4cb484e4b43563cec2eee9)

- - - - -
ecc4ebf5 by Jon Turney at 2021-01-27T14:43:48-08:00
xquartz: Add stub ddxInputThread()

Omitted from 4ad21c32

(cherry picked from commit f013979507da96377fad0e58b0699d9de051bb39)

- - - - -
1f2b7317 by Christopher Chavez at 2021-02-01T23:06:42-08:00
XQuartz: recognize F16-F20 and Menu keys

Signed-off-by: Christopher Chavez <chrischa...@gmx.us>
(cherry picked from commit 462beb5338a44390e2fff03096942b035b509830)

- - - - -
d39eb584 by Jim DeLaHunt at 2021-02-01T23:07:11-08:00
Fix typo "XQaurtz" in Xquartz.man

(cherry picked from commit 0e272ac458fbd530787273073473e566b0ac306e)

- - - - -
be9d2fd8 by Jeremy Huddleston Sequoia at 2021-02-01T23:07:26-08:00
xquartz: Remove support for Panther and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 74aef85bd88a1fdb22d445ad14975232a7bebdd7)

- - - - -
080f9eb7 by Jeremy Huddleston Sequoia at 2021-02-01T23:07:26-08:00
os: Remove support for Tiger and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 20b86c4060c1d4fbc099675d5100fe17e4ac0147)

- - - - -
2d7eb824 by Jeremy Huddleston Sequoia at 2021-02-01T23:09:52-08:00
xquartz: Remove support for Tiger and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 6e6db055f8b517ae9d63351d4c00fd480cb6b54a)

- - - - -
739c5bd3 by Jeremy Huddleston Sequoia at 2021-02-01T23:09:54-08:00
xquartz: Remove support for Leopard and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 5ad49102722274f53b9b011082d9e0f202fcd9a4)

- - - - -
d3f81eca by Jeremy Huddleston Sequoia at 2021-02-01T23:09:54-08:00
xquartz: Remove check for libdispatch now that we don't support 
pre-SnowLeopard

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit f699aac2ea2cf6a3e2d3bdcb2d8179e103de1d4e)

- - - - -
34784415 by Jeremy Huddleston Sequoia at 2021-02-01T23:09:54-08:00
xquartz: Remove support for SnowLeopard and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit cc9cf6f085be6e8264f925a11d67a12ad47a042b)

- - - - -
fb492686 by Jeremy Huddleston Sequoia at 2021-02-01T23:09:54-08:00
xquartz: Remove support for Lion and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit c0b2d3e099a60f55b18ca9c30373000f12d40fe2)

- - - - -
43aaa109 by Jeremy Huddleston Sequoia at 2021-02-01T23:09:54-08:00
xquartz: Remove support for Mountain Lion and earlier versions of macOS

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit aea15a76593f98205e44f20632178dc384c02d57)

- - - - -
393da8b4 by Jeremy Huddleston Sequoia at 2021-02-01T23:10:32-08:00
xquartz: Remove support for building for i386

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 59f22341a8b4cd468d6f37fb17dd7fde347e430b)

- - - - -
bc1a2a0d by Jeremy Huddleston Sequoia at 2021-02-01T23:10:35-08:00
xquartz: Remove unused include of AvailabilityMacros.h from various sources

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 5e7c0762e6fdaefc9b8257c0f875432b1877c49e)

- - - - -
2fe5bf4b by Jeremy Huddleston Sequoia at 2021-02-01T23:10:35-08:00
xquartz: Remove support for older versions of libXplugin

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 7d0bb7ed061458698ff27856976939b261e73b23)

- - - - -
2087b778 by Jeremy Huddleston Sequoia at 2021-02-01T23:10:35-08:00
xquartz: Ensure that NSRunAlertPanel() is run on the main thread

Fixes: https://github.com/XQuartz/XQuartz/issues/30
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 520e7a1310ddc25b30bcaa0ea3eeaa6c4d137c8c)

- - - - -
a16df602 by Jeremy Huddleston Sequoia at 2021-02-17T09:56:15-08:00
xquartz: Ensure we call into TIS on the main thread

There is a place where this code was called on the main thread.

We're using a rather nasty anti-pattern to just call a block inline rather
than synchonously calling it on the main thread if we're already on the main
thread.  This code could use a good overhaul, but I don't have time to rip
it apart right now.  This will address the immediate issue.

Fixes: https://github.com/XQuartz/XQuartz/issues/40
Fixes: https://github.com/XQuartz/XQuartz/issues/48
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit c9a3b14c1472632afaff340f73a77a2b961f195a)

- - - - -
ff1c8e2f by Jeremy Huddleston Sequoia at 2021-02-17T13:38:49-08:00
xquartz: Update the about box copyright to 2021

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 4e892aa6e132447e43d7bae7e3aca4f1fb172f93)

- - - - -
4028c2ad by Jeremy Huddleston Sequoia at 2021-02-17T16:27:00-08:00
xquartz: Apply Xcode 12.4 automatic updates to nibs

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 85beee9885a8e65960fbbde2de9aa28598b4d6ae)

- - - - -
67f25cc1 by Jeremy Huddleston Sequoia at 2021-02-17T16:27:03-08:00
xquartz: Fix applications menu table background color for dark mode

Fixes: https://github.com/XQuartz/XQuartz/issues/32
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 7e2875035800887f3f41f75cba4299088daf939a)

- - - - -
1edc9b98 by Jeremy Huddleston Sequoia at 2021-02-18T22:26:08-08:00
xquartz: Apply spell check fixes from master for easier cherry-picking of 
changes in xquartz

See also: 23e83724df4809fd7857cc609c33ce7e8d3021a4
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>

- - - - -
2853f389 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Remove a workaround for AppKit versions older than Lion

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 72a39dccf99191fbfbb4b399c446fd017d55f24e)

- - - - -
26e0c59a by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Remove some dead code for compatibility with older nibs

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 318f8a4a8a47a0ce4bbbf4290469e933602c9b30)

- - - - -
08cf6c90 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Minor code modernization -- @autoreleasepool adoption

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit fba421f700498fa382089df47942df36a2d75ce6)

- - - - -
e531d3a4 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in 
QuartzBlockHandler

It violates @autoreleasepool best practices, and this helps collapse 
quartzCocoa.m into quartz.c

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 94e4e173486c2a94ddcfd2d0515e1ee6731f6656)

- - - - -
937b63ff by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xqaurtz: Remove message_kit_thread() and use dispatch instead

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 87f8fe1f74f10faf0ffc84f03539799ad4c2465e)

- - - - -
7d22031a by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Fold away array_with_strings_and_numbers and simplify with more modern 
Objective-C

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 39c0e1c0ab6a0a89a71f26446973c779ca7fd927)

- - - - -
bdaff44f by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Fold away some unnecessary hops to X11Controller through X11Application

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 4b4500c48f06e7ef41cd94f417e49b3f4f1412ae)

- - - - -
3017fec6 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Fold quartzCommon.h into quartz.h

Everything declared in it comes from quartz.c, so match reality.

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit f51b97b0de2e562e341f2d72c5f00a74c71a159f)

- - - - -
625c7e4d by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Convert X11Application ivars into @properties

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit c2750e1fab774c8e6675ecf284124ff55b5be9cf)

- - - - -
b27c6602 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Convert X11Controller ivars into @properties

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 41aed8f69634ec61ea0e40fff1cfdaf868be843e)

- - - - -
fcbd5736 by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Rewrite Window menu handling to not depend on 
X11App.windowsMenu.numberOfItems being correct in -awakeFromNib

Fixes: https://github.com/XQuartz/XQuartz/issues/56
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit fe89c70e472a9da0541b798eea60c5362b49a99d)

- - - - -
03c2e12a by Jeremy Huddleston Sequoia at 2021-02-18T22:35:03-08:00
xquartz: Silence a compiler warning about missing internal methods on 
NSApplication

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 279bcbd9cf9e557a6789d6e4cede8e8799c3788e)

- - - - -
d751c46b by Jeremy Huddleston Sequoia at 2021-02-19T16:33:04-08:00
xquartz: Fix build with sparkle enabled

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit a3ddcdd56c246e2226c7cdf372c2a1294eb6d888)

- - - - -
7aa51bb5 by Jeremy Huddleston Sequoia at 2021-02-20T15:21:37-08:00
xquartz: Fix a compiler warning about const incompatible pointer assignment

driWrap.c:541:30: error: assigning to 'GCOps *' (aka 'struct _GCOps 
*') from 'const GCOps *' (aka 'const struct _GCOps *') 
discards
      qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
        pGCPriv->originalOps = pGC->ops;
                             ^ ~~~~~~~~

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 6a83fb51b7a8b2e167e7d6380229b69e5452f91f)

- - - - -
aa6f8402 by Jeremy Huddleston Sequoia at 2021-02-20T17:30:45-08:00
xquartz: Allocate each fbconfig separately

A change during the 1.20 development cycle resulted in fbconfigs being walked
and deallocated individually during __glXScreenDestroy.  This change
now avoids a use-after-free caused by that change.

==50859==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010d3819c8 
at pc 0x0001009d4230 bp 0x00016feca7a0 sp 0x00016feca798
READ of size 8 at 0x00010d3819c8 thread T5
    #0 0x1009d422c in __glXScreenDestroy glxscreens.c:448
    #1 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
    #2 0x1009d2734 in glxCloseScreen glxscreens.c:169
    #3 0x100740a24 in dix_main main.c:325
    #4 0x10023ed50 in server_thread quartzStartup.c:65
    #5 0x199ae7fd0 in _pthread_start+0x13c 
(libsystem_pthread.dylib:arm64e+0x6fd0)
    #6 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

0x00010d3819c8 is located 200 bytes inside of 12800-byte region 
[0x00010d381900,0x00010d384b00)
freed by thread T5 here:
    #0 0x101477ba8 in wrap_free+0x98 
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fba8)
    #1 0x1009d4240 in __glXScreenDestroy glxscreens.c:449
    #2 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
    #3 0x1009d2734 in glxCloseScreen glxscreens.c:169
    #4 0x100740a24 in dix_main main.c:325
    #5 0x10023ed50 in server_thread quartzStartup.c:65
    #6 0x199ae7fd0 in _pthread_start+0x13c 
(libsystem_pthread.dylib:arm64e+0x6fd0)
    #7 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

previously allocated by thread T5 here:
    #0 0x101477e38 in wrap_calloc+0x9c 
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fe38)
    #1 0x100925a40 in __glXAquaCreateVisualConfigs visualConfigs.c:116
    #2 0x10091cb24 in __glXAquaScreenProbe+0x224 (X11.bin:arm64+0x100730b24)
    #3 0x1009cd840 in xorgGlxServerInit glxext.c:528
    #4 0x10074539c in _CallCallbacks dixutils.c:743
    #5 0x100932a70 in CallCallbacks callback.h:83
    #6 0x100932478 in GlxExtensionInit vndext.c:244
    #7 0x10020a364 in InitExtensions miinitext.c:267
    #8 0x10073fe7c in dix_main main.c:197
    #9 0x10023ed50 in server_thread quartzStartup.c:65
    #10 0x199ae7fd0 in _pthread_start+0x13c 
(libsystem_pthread.dylib:arm64e+0x6fd0)
    #11 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

Regressed-in: 4b0a3cbab131eb453e2b3fc0337121969258a7be
CC: Giuseppe Bilotta <giuseppe.bilo...@gmail.com>
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 487286d47260782d331229af10df17711cbca1ea)

- - - - -
8f8e9c53 by Jeremy Huddleston Sequoia at 2021-02-20T21:06:15-08:00
xquartz: Don't process AppKit events if we haven't finished initializing

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 25035229b73742f9e6a96ac3e535b30b5c6196a8)

- - - - -
e1fdc856 by Jeremy Huddleston Sequoia at 2021-02-22T09:22:32-08:00
xquartz: Add a launch trampoline to better integrate with modern versions of 
macOS

Fixes: https://github.com/XQuartz/XQuartz/issues/6
Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 694724e42c4a3eadb32891220084b03504f9586b)

- - - - -
3c3680c3 by Jeremy Huddleston Sequoia at 2021-02-22T09:22:32-08:00
xquartz: Don't include strndup.c any more since we no longer support 10.8 
and older

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit b960675257d301605def6008bddcccb0980a3c4c)

- - - - -
8890c44a by Jeremy Huddleston Sequoia at 2021-02-22T09:22:32-08:00
xquartz: Remove a check for NSAppKitVersionNumber >= 
NSAppKitVersionNumber10_7

This check is always true on our supported systems.

Signed-off-by: Jeremy Huddleston Sequoia <jerem...@apple.com>
(cherry picked from commit 5ae47a9d579e8cb0fbe938455faea53ed75d7098)

- - - - -
a1a1aa2c by Matthieu Herrb at 2021-04-13T15:55:03+02:00
Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matth...@herrb.eu>

- - - - -
6b767cdf by Matt Turner at 2021-04-13T14:03:35+00:00
xserver 1.20.11

Signed-off-by: Matt Turner <matts...@gmail.com>

- - - - -


30 changed files:

- Xi/chgfctl.c
- configure.ac
- hw/xquartz/GL/capabilities.c
- hw/xquartz/GL/glcontextmodes.c
- hw/xquartz/GL/indirect.c
- hw/xquartz/GL/visualConfigs.c
- hw/xquartz/Makefile.am
- hw/xquartz/X11Application.h
- hw/xquartz/X11Application.m
- hw/xquartz/X11Controller.h
- hw/xquartz/X11Controller.m
- hw/xquartz/applewm.c
- hw/xquartz/applewmExt.h
- hw/xquartz/bundle/Info.plist.cpp
- hw/xquartz/bundle/Makefile.am
- hw/xquartz/bundle/Resources/Dutch.lproj/main.nib/designable.nib
- + hw/xquartz/bundle/Resources/Dutch.lproj/main.nib/keyedobjects-110000.nib
- hw/xquartz/bundle/Resources/Dutch.lproj/main.nib/keyedobjects.nib
- hw/xquartz/bundle/Resources/English.lproj/main.nib/designable.nib
- + hw/xquartz/bundle/Resources/English.lproj/main.nib/keyedobjects-110000.nib
- hw/xquartz/bundle/Resources/English.lproj/main.nib/keyedobjects.nib
- hw/xquartz/bundle/Resources/French.lproj/main.nib/designable.nib
- + hw/xquartz/bundle/Resources/French.lproj/main.nib/keyedobjects-110000.nib
- hw/xquartz/bundle/Resources/French.lproj/main.nib/keyedobjects.nib
- hw/xquartz/bundle/Resources/German.lproj/main.nib/designable.nib
- + hw/xquartz/bundle/Resources/German.lproj/main.nib/keyedobjects-110000.nib
- hw/xquartz/bundle/Resources/German.lproj/main.nib/keyedobjects.nib
- hw/xquartz/bundle/Resources/Italian.lproj/main.nib/designable.nib
- + hw/xquartz/bundle/Resources/Italian.lproj/main.nib/keyedobjects-110000.nib
- hw/xquartz/bundle/Resources/Italian.lproj/main.nib/keyedobjects.nib


The diff was not included because it is too large.


View it on GitLab: 
https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/bc111a2e67e16d4e6d4f3196ab86c22c1e278c45...6b767cdf6574081164aa6c6a7b617cda579b84c6

-- 
View it on GitLab: 
https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/bc111a2e67e16d4e6d4f3196ab86c22c1e278c45...6b767cdf6574081164aa6c6a7b617cda579b84c6
You're receiving this email because of your account on salsa.debian.org.