Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xwayland for openSUSE:Factory checked in at 2024-04-04 22:24:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xwayland (Old) and /work/SRC/openSUSE:Factory/.xwayland.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xwayland" Thu Apr 4 22:24:45 2024 rev:30 rq:1164509 version:23.2.5 Changes: -------- --- /work/SRC/openSUSE:Factory/xwayland/xwayland.changes 2024-02-23 16:41:35.943223622 +0100 +++ /work/SRC/openSUSE:Factory/.xwayland.new.1905/xwayland.changes 2024-04-04 22:25:25.265460854 +0200 @@ -1,0 +2,13 @@ +Thu Apr 4 08:07:32 UTC 2024 - Stefan Dirsch <sndir...@suse.com> + +- Security update 23.2.5 + This release contains the 3 security fixes that actually apply to + Xwayland reported in the security advisory of April 3rd 2024 + * CVE-2024-31080 + * CVE-2024-31081 + * CVE-2024-31083 + Additionally, it also contains a couple of other fixes, a copy/paste + error in the DeviceStateNotify event and a fix to enable buttons with + pointer gestures for backward compatibility with legacy X11 clients. + +------------------------------------------------------------------- Old: ---- xwayland-23.2.4.tar.xz xwayland-23.2.4.tar.xz.sig New: ---- xwayland-23.2.5.tar.xz xwayland-23.2.5.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xwayland.spec ++++++ --- /var/tmp/diff_new_pack.by7T5L/_old 2024-04-04 22:25:25.717477495 +0200 +++ /var/tmp/diff_new_pack.by7T5L/_new 2024-04-04 22:25:25.721477643 +0200 @@ -24,7 +24,7 @@ %endif Name: xwayland -Version: 23.2.4 +Version: 23.2.5 Release: 0 URL: http://xorg.freedesktop.org Summary: Xwayland Xserver ++++++ xwayland-23.2.4.tar.xz -> xwayland-23.2.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/Xi/xipassivegrab.c new/xwayland-23.2.5/Xi/xipassivegrab.c --- old/xwayland-23.2.4/Xi/xipassivegrab.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/Xi/xipassivegrab.c 2024-04-03 17:57:56.000000000 +0200 @@ -93,6 +93,7 @@ GrabParameters param; void *tmp; int mask_len; + uint32_t length; REQUEST(xXIPassiveGrabDeviceReq); REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq, @@ -247,9 +248,11 @@ } } + /* save the value before SRepXIPassiveGrabDevice swaps it */ + length = rep.length; WriteReplyToClient(client, sizeof(rep), &rep); if (rep.num_modifiers) - WriteToClient(client, rep.length * 4, modifiers_failed); + WriteToClient(client, length * 4, modifiers_failed); out: free(modifiers_failed); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/Xi/xiselectev.c new/xwayland-23.2.5/Xi/xiselectev.c --- old/xwayland-23.2.4/Xi/xiselectev.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/Xi/xiselectev.c 2024-04-03 17:57:56.000000000 +0200 @@ -349,6 +349,7 @@ InputClientsPtr others = NULL; xXIEventMask *evmask = NULL; DeviceIntPtr dev; + uint32_t length; REQUEST(xXIGetSelectedEventsReq); REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq); @@ -418,10 +419,12 @@ } } + /* save the value before SRepXIGetSelectedEvents swaps it */ + length = reply.length; WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply); if (reply.num_masks) - WriteToClient(client, reply.length * 4, buffer); + WriteToClient(client, length * 4, buffer); free(buffer); return Success; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/dix/enterleave.c new/xwayland-23.2.5/dix/enterleave.c --- old/xwayland-23.2.4/dix/enterleave.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/dix/enterleave.c 2024-04-03 17:57:56.000000000 +0200 @@ -619,11 +619,11 @@ ev->first_valuator = first; switch (ev->num_valuators) { case 6: - ev->valuator2 = v->axisVal[first + 5]; + ev->valuator5 = v->axisVal[first + 5]; case 5: - ev->valuator2 = v->axisVal[first + 4]; + ev->valuator4 = v->axisVal[first + 4]; case 4: - ev->valuator2 = v->axisVal[first + 3]; + ev->valuator3 = v->axisVal[first + 3]; case 3: ev->valuator2 = v->axisVal[first + 2]; case 2: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/hw/xwayland/xwayland-input.c new/xwayland-23.2.5/hw/xwayland/xwayland-input.c --- old/xwayland-23.2.4/hw/xwayland/xwayland-input.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/hw/xwayland/xwayland-input.c 2024-04-03 17:57:56.000000000 +0200 @@ -313,6 +313,13 @@ axes_labels[0] = XIGetKnownProperty(AXIS_LABEL_PROP_REL_X); axes_labels[1] = XIGetKnownProperty(AXIS_LABEL_PROP_REL_Y); + /* + * We'll never send buttons, but XGetPointerMapping might in certain + * situations make the client think we have no buttons. + */ + if (!init_pointer_buttons(device)) + return BadValue; + if (!InitValuatorClassDeviceStruct(device, NAXES, axes_labels, GetMotionHistorySize(), Relative)) return BadValue; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/meson.build new/xwayland-23.2.5/meson.build --- old/xwayland-23.2.4/meson.build 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/meson.build 2024-04-03 17:57:56.000000000 +0200 @@ -3,10 +3,10 @@ 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '23.2.4', + version: '23.2.5', meson_version: '>= 0.52.0', ) -release_date = '2024-01-16' +release_date = '2024-04-03' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/render/glyph.c new/xwayland-23.2.5/render/glyph.c --- old/xwayland-23.2.4/render/glyph.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/render/glyph.c 2024-04-03 17:57:56.000000000 +0200 @@ -245,10 +245,11 @@ } } -static void +void FreeGlyph(GlyphPtr glyph, int format) { CheckDuplicates(&globalGlyphs[format], "FreeGlyph"); + BUG_RETURN(glyph->refcnt == 0); if (--glyph->refcnt == 0) { GlyphRefPtr gr; int i; @@ -354,7 +355,7 @@ glyph = (GlyphPtr) malloc(size); if (!glyph) return 0; - glyph->refcnt = 0; + glyph->refcnt = 1; glyph->size = size + sizeof(xGlyphInfo); glyph->info = *gi; dixInitPrivates(glyph, (char *) glyph + head_size, PRIVATE_GLYPH); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/render/glyphstr.h new/xwayland-23.2.5/render/glyphstr.h --- old/xwayland-23.2.4/render/glyphstr.h 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/render/glyphstr.h 2024-04-03 17:57:56.000000000 +0200 @@ -102,6 +102,9 @@ extern void AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id); +extern void +FreeGlyph(GlyphPtr glyph, int format); + extern Bool DeleteGlyph(GlyphSetPtr glyphSet, Glyph id); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-23.2.4/render/render.c new/xwayland-23.2.5/render/render.c --- old/xwayland-23.2.4/render/render.c 2024-01-16 10:38:49.000000000 +0100 +++ new/xwayland-23.2.5/render/render.c 2024-04-03 17:57:56.000000000 +0200 @@ -1076,6 +1076,7 @@ if (glyph_new->glyph && glyph_new->glyph != DeletedGlyph) { glyph_new->found = TRUE; + ++glyph_new->glyph->refcnt; } else { GlyphPtr glyph; @@ -1168,8 +1169,10 @@ err = BadAlloc; goto bail; } - for (i = 0; i < nglyphs; i++) + for (i = 0; i < nglyphs; i++) { AddGlyph(glyphSet, glyphs[i].glyph, glyphs[i].id); + FreeGlyph(glyphs[i].glyph, glyphSet->fdepth); + } if (glyphsBase != glyphsLocal) free(glyphsBase); @@ -1179,9 +1182,13 @@ FreePicture((void *) pSrc, 0); if (pSrcPix) FreeScratchPixmapHeader(pSrcPix); - for (i = 0; i < nglyphs; i++) - if (glyphs[i].glyph && !glyphs[i].found) - free(glyphs[i].glyph); + for (i = 0; i < nglyphs; i++) { + if (glyphs[i].glyph) { + --glyphs[i].glyph->refcnt; + if (!glyphs[i].found) + free(glyphs[i].glyph); + } + } if (glyphsBase != glyphsLocal) free(glyphsBase); return err;
