From cd5cddf487ef8b493494e1b143531d92c296a7ae5dba2a628b1499b44db596d6 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Tue, 7 Feb 2023 02:57:30 +0000 Subject: [PATCH] - improved summary and description - added requires to xkeyboard-config - added recommends to xorg-x11-fonts-core - removed unused 'package' section - U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch * DeepCopyPointerClasses use-after-free (CVE-2023-0494, ZDI-CAN-19596, bsc#1207783) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=43 --- ...-use-after-free-in-DeepCopyPointerCl.patch | 20 +++++++++++++++++++ xwayland.changes | 15 ++++++++++++++ xwayland.spec | 18 +++++------------ 3 files changed, 40 insertions(+), 13 deletions(-) create mode 100644 U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch diff --git a/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch b/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch new file mode 100644 index 0000000..a19074e --- /dev/null +++ b/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch @@ -0,0 +1,20 @@ +@@ -, +, @@ + DeepCopyPointerClasses +--- + Xi/exevents.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) +--- a/Xi/exevents.c ++++ a/Xi/exevents.c +@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + memcpy(to->button->xkb_acts, from->button->xkb_acts, + sizeof(XkbAction)); + } +- else ++ else { + free(to->button->xkb_acts); ++ to->button->xkb_acts = NULL; ++ } + + memcpy(to->button->labels, from->button->labels, + from->button->numButtons * sizeof(Atom)); +-- diff --git a/xwayland.changes b/xwayland.changes index f133929..4486cf6 100644 --- a/xwayland.changes +++ b/xwayland.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Feb 2 15:39:06 UTC 2023 - Stefan Dirsch + +- improved summary and description +- added requires to xkeyboard-config +- added recommends to xorg-x11-fonts-core +- removed unused 'package' section + +------------------------------------------------------------------- +Wed Feb 1 10:06:15 UTC 2023 - Stefan Dirsch + +- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch + * DeepCopyPointerClasses use-after-free (CVE-2023-0494, + ZDI-CAN-19596, bsc#1207783) + ------------------------------------------------------------------- Sat Dec 31 15:51:38 UTC 2022 - Stefan Dirsch diff --git a/xwayland.spec b/xwayland.spec index bb54dd8..0432cd6 100644 --- a/xwayland.spec +++ b/xwayland.spec @@ -1,7 +1,7 @@ # # spec file for package xwayland # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,12 +27,13 @@ Name: xwayland Version: 22.1.7 Release: 0 URL: http://xorg.freedesktop.org -Summary: X +Summary: Xwayland Xserver License: MIT Group: System/X11/Servers/XF86_4 Source0: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz Source1: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig Source2: xwayland.keyring +Patch1207783: U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch BuildRequires: meson BuildRequires: ninja @@ -93,7 +94,8 @@ Requires(pre): %fillup_prereq %endif Requires: pkgconfig Requires: xkbcomp -#Recommends: xorg-x11-fonts-core +Requires: xkeyboard-config +Recommends: xorg-x11-fonts-core %ifnarch s390 s390x Requires: libpixman-1-0 %endif @@ -101,16 +103,6 @@ Obsoletes: xorg-x11-server-wayland < %{version} Provides: xorg-x11-server-wayland = %{version} %description -This package contains the Xwayland Server. - -%package %{name} -Summary: Xwayland Xserver -Group: System/X11/Servers/XF86_4 -Requires: xkbcomp -Requires: xkeyboard-config -Recommends: xorg-x11-fonts-core - -%description %{name} This package contains the Xserver running on the Wayland Display Server. %package devel