Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xwayland for openSUSE:Factory checked in at 2023-02-08 17:19:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xwayland (Old) and /work/SRC/openSUSE:Factory/.xwayland.new.4462 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xwayland" Wed Feb 8 17:19:51 2023 rev:19 rq:1063637 version:22.1.8 Changes: -------- --- /work/SRC/openSUSE:Factory/xwayland/xwayland.changes 2023-01-01 09:38:34.586685932 +0100 +++ /work/SRC/openSUSE:Factory/.xwayland.new.4462/xwayland.changes 2023-02-08 17:19:55.469834577 +0100 @@ -1,0 +2,25 @@ +Tue Feb 7 14:29:21 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- Update to version 22.1.8 + * This release contains the fix for CVE-2023-0494 in today's + security advisory: + https://lists.x.org/archives/xorg-announce/2023-February/003320.html + * It also fixes a second possible OOB access during EnqueueEvent. +- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch + +------------------------------------------------------------------- +Thu Feb 2 15:39:06 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- improved summary and description +- added requires to xkeyboard-config +- added recommends to xorg-x11-fonts-core +- removed unused 'package' section + +------------------------------------------------------------------- +Wed Feb 1 10:06:15 UTC 2023 - Stefan Dirsch <sndir...@suse.com> + +- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch + * DeepCopyPointerClasses use-after-free (CVE-2023-0494, + ZDI-CAN-19596, bsc#1207783) + +------------------------------------------------------------------- Old: ---- xwayland-22.1.7.tar.xz xwayland-22.1.7.tar.xz.sig New: ---- xwayland-22.1.8.tar.xz xwayland-22.1.8.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xwayland.spec ++++++ --- /var/tmp/diff_new_pack.LE0V3g/_old 2023-02-08 17:19:55.977837071 +0100 +++ /var/tmp/diff_new_pack.LE0V3g/_new 2023-02-08 17:19:55.981837091 +0100 @@ -1,7 +1,7 @@ # # spec file for package xwayland # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,10 +24,10 @@ %endif Name: xwayland -Version: 22.1.7 +Version: 22.1.8 Release: 0 URL: http://xorg.freedesktop.org -Summary: X +Summary: Xwayland Xserver License: MIT Group: System/X11/Servers/XF86_4 Source0: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz @@ -93,7 +93,8 @@ %endif Requires: pkgconfig Requires: xkbcomp -#Recommends: xorg-x11-fonts-core +Requires: xkeyboard-config +Recommends: xorg-x11-fonts-core %ifnarch s390 s390x Requires: libpixman-1-0 %endif @@ -101,16 +102,6 @@ Provides: xorg-x11-server-wayland = %{version} %description -This package contains the Xwayland Server. - -%package %{name} -Summary: Xwayland Xserver -Group: System/X11/Servers/XF86_4 -Requires: xkbcomp -Requires: xkeyboard-config -Recommends: xorg-x11-fonts-core - -%description %{name} This package contains the Xserver running on the Wayland Display Server. %package devel ++++++ xwayland-22.1.7.tar.xz -> xwayland-22.1.8.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-22.1.7/Xi/exevents.c new/xwayland-22.1.8/Xi/exevents.c --- old/xwayland-22.1.7/Xi/exevents.c 2022-12-19 10:17:57.000000000 +0100 +++ new/xwayland-22.1.8/Xi/exevents.c 2023-02-07 08:30:43.000000000 +0100 @@ -619,8 +619,10 @@ memcpy(to->button->xkb_acts, from->button->xkb_acts, sizeof(XkbAction)); } - else + else { free(to->button->xkb_acts); + to->button->xkb_acts = NULL; + } memcpy(to->button->labels, from->button->labels, from->button->numButtons * sizeof(Atom)); @@ -1524,7 +1526,7 @@ g = AllocGrab(devgrab); BUG_WARN(!g); - *dev->deviceGrab.sync.event = *ev; + CopyPartialInternalEvent(dev->deviceGrab.sync.event, ev); /* The listener array has a sequence of grabs and then one event * selection. Implicit grab activation occurs through delivering an diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-22.1.7/dix/events.c new/xwayland-22.1.8/dix/events.c --- old/xwayland-22.1.7/dix/events.c 2022-12-19 10:17:57.000000000 +0100 +++ new/xwayland-22.1.8/dix/events.c 2023-02-07 08:30:43.000000000 +0100 @@ -467,6 +467,20 @@ return xi2mask_isset(inputMasks->xi2mask, dev, evtype); } +/** + * When processing events we operate on InternalEvent pointers. They may actually refer to a + * an instance of DeviceEvent, GestureEvent or any other event that comprises the InternalEvent + * union. This works well in practice because we always look into event type before doing anything, + * except in the case of copying the event. Any copying of InternalEvent should use this function + * instead of doing *dst_event = *src_event whenever it's not clear whether source event actually + * points to full InternalEvent instance. + */ +void +CopyPartialInternalEvent(InternalEvent* dst_event, const InternalEvent* src_event) +{ + memcpy(dst_event, src_event, src_event->any.length); +} + Mask GetEventMask(DeviceIntPtr dev, xEvent *event, InputClients * other) { @@ -1201,7 +1215,7 @@ qe->pScreen = pSprite->hotPhys.pScreen; qe->months = currentTime.months; qe->event = (InternalEvent *) (qe + 1); - memcpy(qe->event, event, eventlen); + CopyPartialInternalEvent(qe->event, (InternalEvent *)event); xorg_list_append(&qe->next, &syncEvents.pending); } @@ -3873,7 +3887,7 @@ if (grabinfo->sync.state == FROZEN_NO_EVENT) grabinfo->sync.state = FROZEN_WITH_EVENT; - *grabinfo->sync.event = *real_event; + CopyPartialInternalEvent(grabinfo->sync.event, real_event); } static BOOL @@ -4455,7 +4469,7 @@ case FREEZE_NEXT_EVENT: grabinfo->sync.state = FROZEN_WITH_EVENT; FreezeThaw(thisDev, TRUE); - *grabinfo->sync.event = *event; + CopyPartialInternalEvent(grabinfo->sync.event, event); break; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-22.1.7/include/input.h new/xwayland-22.1.8/include/input.h --- old/xwayland-22.1.7/include/input.h 2022-12-19 10:17:57.000000000 +0100 +++ new/xwayland-22.1.8/include/input.h 2023-02-07 08:30:43.000000000 +0100 @@ -676,6 +676,7 @@ extern void ProcessGestureEvent(InternalEvent *ev, DeviceIntPtr dev); /* misc event helpers */ +extern void CopyPartialInternalEvent(InternalEvent* dst_event, const InternalEvent* src_event); extern Mask GetEventMask(DeviceIntPtr dev, xEvent *ev, InputClientsPtr clients); extern Mask GetEventFilter(DeviceIntPtr dev, xEvent *event); extern Bool WindowXI2MaskIsset(DeviceIntPtr dev, WindowPtr win, xEvent *ev); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-22.1.7/meson.build new/xwayland-22.1.8/meson.build --- old/xwayland-22.1.7/meson.build 2022-12-19 10:17:57.000000000 +0100 +++ new/xwayland-22.1.8/meson.build 2023-02-07 08:30:43.000000000 +0100 @@ -3,10 +3,10 @@ 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '22.1.7', + version: '22.1.8', meson_version: '>= 0.47.0', ) -release_date = '2022-12-19' +release_date = '2023-02-07' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c')