Timo Aaltonen pushed to branch upstream-unstable at X Strike Force / xserver / xorg-server
Commits: 6bed5cfd by Benno Schulenberg at 2023-03-29T10:14:00+02:00 xkbUtils: use existing symbol names instead of deleted deprecated ones Symbols `XK_Cyrillic_DZHE` and `XK_Serbian_DZE` were pure synonyms. (cherry picked from commit 6153c71cfb4698f1a416266564ecc748e4a25f2c) - - - - - fb51d5dd by Olivier Fourdan at 2023-03-29T14:20:26+02:00 composite: Fix use-after-free of the COW ZDI-CAN-19866/CVE-2023-1393 If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <[email protected]> Reviewed-by: Adam Jackson <[email protected]> (cherry picked from commit 26ef545b3502f61ca722a7a3373507e88ef64110) - - - - - 7c791b15 by Olivier Fourdan at 2023-03-29T14:20:26+02:00 xserver 21.1.8 Signed-off-by: Olivier Fourdan <[email protected]> - - - - - 4 changed files: - composite/compwindow.c - configure.ac - meson.build - xkb/xkbUtils.c Changes: ===================================== composite/compwindow.c ===================================== @@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) ret = (*pScreen->DestroyWindow) (pWin); cs->DestroyWindow = pScreen->DestroyWindow; pScreen->DestroyWindow = compDestroyWindow; + + /* Did we just destroy the overlay window? */ + if (pWin == cs->pOverlayWin) + cs->pOverlayWin = NULL; + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ return ret; } ===================================== configure.ac ===================================== @@ -26,8 +26,8 @@ dnl dnl Process this file with autoconf to create configure. AC_PREREQ(2.60) -AC_INIT([xorg-server], 21.1.7, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server) -RELEASE_DATE="2023-02-07" +AC_INIT([xorg-server], 21.1.8, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server) +RELEASE_DATE="2023-03-29" RELEASE_NAME="Caramel Ice Cream" AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_MACRO_DIR([m4]) ===================================== meson.build ===================================== @@ -3,10 +3,10 @@ project('xserver', 'c', 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '21.1.7', + version: '21.1.8', meson_version: '>= 0.47.0', ) -release_date = '2023-02-07' +release_date = '2023-03-29' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c') ===================================== xkb/xkbUtils.c ===================================== @@ -902,9 +902,9 @@ XkbConvertCase(register KeySym sym, KeySym * lower, KeySym * upper) break; case 6: /* Cyrillic */ /* Assume the KeySym is a legal value (ignore discontinuities) */ - if (sym >= XK_Serbian_DJE && sym <= XK_Serbian_DZE) + if (sym >= XK_Serbian_DJE && sym <= XK_Cyrillic_DZHE) *lower -= (XK_Serbian_DJE - XK_Serbian_dje); - else if (sym >= XK_Serbian_dje && sym <= XK_Serbian_dze) + else if (sym >= XK_Serbian_dje && sym <= XK_Cyrillic_dzhe) *upper += (XK_Serbian_DJE - XK_Serbian_dje); else if (sym >= XK_Cyrillic_YU && sym <= XK_Cyrillic_HARDSIGN) *lower -= (XK_Cyrillic_YU - XK_Cyrillic_yu); View it on GitLab: https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/af9111ac7fa399a5a33fbfa145060e1850f41e0e...7c791b15504cc86a929acaa88161f012cdbba59f -- View it on GitLab: https://salsa.debian.org/xorg-team/xserver/xorg-server/-/compare/af9111ac7fa399a5a33fbfa145060e1850f41e0e...7c791b15504cc86a929acaa88161f012cdbba59f You're receiving this email because of your account on salsa.debian.org.
