1
0

- Update to version 21.1

* This release fixes 2 recently reported security vulnerabilities
    in xkb, several regressions since 1.20.x and a number of
    miscellaneous bugs.
- supersedes the following security patches
  * U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
  * U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch
  * U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch
- supersedes U_Fix-build-with-gcc-12.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=829
This commit is contained in:
Stefan Dirsch 2022-07-13 13:01:53 +00:00 committed by Git OBS Bridge
parent 70daf87975
commit 51271c424a
8 changed files with 17 additions and 558 deletions

View File

@ -1,89 +0,0 @@
From c6b0dcb82d4db07a2f32c09a8c09c85a5f57248e Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 20 Jan 2022 10:20:38 +0100
Subject: [PATCH] render: Fix build with gcc 12
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The xserver fails to compile with the latest gcc 12:
render/picture.c: In function CreateSolidPicture:
render/picture.c:874:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[16] [-Werror=array-bounds]
874 | pPicture->pSourcePict->type = SourcePictTypeSolidFill;
| ^~
render/picture.c:868:45: note: object of size 16 allocated by malloc
868 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictSolidFill));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function CreateLinearGradientPicture:
render/picture.c:906:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[32] [-Werror=array-bounds]
906 | pPicture->pSourcePict->linear.type = SourcePictTypeLinear;
| ^~
render/picture.c:899:45: note: object of size 32 allocated by malloc
899 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictLinearGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function CreateConicalGradientPicture:
render/picture.c:989:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[32] [-Werror=array-bounds]
989 | pPicture->pSourcePict->conical.type = SourcePictTypeConical;
| ^~
render/picture.c:982:45: note: object of size 32 allocated by malloc
982 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictConicalGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
ninja: build stopped: subcommand failed.
This is because gcc 12 has become stricter and raises a warning now.
Fix the warning/error by allocating enough memory to store the union
struct.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Michel Dänzer <mdaenzer@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1256
---
render/picture.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/render/picture.c b/render/picture.c
index afa0d258f..2be4b1954 100644
--- a/render/picture.c
+++ b/render/picture.c
@@ -865,7 +865,7 @@ CreateSolidPicture(Picture pid, xRenderColor * color, int *error)
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictSolidFill));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -896,7 +896,7 @@ CreateLinearGradientPicture(Picture pid, xPointFixed * p1, xPointFixed * p2,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictLinearGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -936,7 +936,7 @@ CreateRadialGradientPicture(Picture pid, xPointFixed * inner,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictRadialGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -979,7 +979,7 @@ CreateConicalGradientPicture(Picture pid, xPointFixed * center, xFixed angle,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictConicalGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
--
GitLab

View File

@ -1,155 +0,0 @@
From 04a2689e96b42330718517b2a3950aa2bb1ca017 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 4 Jul 2022 09:42:53 +1000
Subject: [PATCH] xkb: rename xkb.h to xkb-procs.h
This header merely defines the various protocol request handlers, so
let's rename it to something less generic and remove its include from
all the files that don't actually need it (which is almost all of them).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
---
test/test_xkb.c | 1 -
xkb/ddxLoad.c | 1 -
xkb/{xkb.h => xkb-procs.h} | 0
xkb/xkb.c | 2 +-
xkb/xkbActions.c | 1 -
xkb/xkbEvents.c | 1 -
xkb/xkbInit.c | 1 -
xkb/xkbLEDs.c | 1 -
xkb/xkbSwap.c | 2 +-
xkb/xkbUtils.c | 1 -
xkb/xkbfmisc.c | 1 -
11 files changed, 2 insertions(+), 10 deletions(-)
rename xkb/{xkb.h => xkb-procs.h} (100%)
diff --git a/test/test_xkb.c b/test/test_xkb.c
index f81a7ed65..a13107390 100644
--- a/test/test_xkb.c
+++ b/test/test_xkb.c
@@ -48,7 +48,6 @@
#include "../xkb/xkbgeom.h"
#include <X11/extensions/XKMformat.h>
#include "xkbfile.h"
-#include "../xkb/xkb.h"
#include <assert.h>
#include "tests-common.h"
diff --git a/xkb/ddxLoad.c b/xkb/ddxLoad.c
index f9b7b06d9..2d203ce11 100644
--- a/xkb/ddxLoad.c
+++ b/xkb/ddxLoad.c
@@ -43,7 +43,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#define XKBSRV_NEED_FILE_FUNCS
#include <xkbsrv.h>
#include <X11/extensions/XI.h>
-#include "xkb.h"
#define PRE_ERROR_MSG "\"The XKEYBOARD keymap compiler (xkbcomp) reports:\""
#define ERROR_PREFIX "\"> \""
diff --git a/xkb/xkb.h b/xkb/xkb-procs.h
similarity index 100%
rename from xkb/xkb.h
rename to xkb/xkb-procs.h
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 820cd7166..21c046913 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -38,7 +38,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include "extnsionst.h"
#include "extinit.h"
#include "xace.h"
-#include "xkb.h"
+#include "xkb-procs.h"
#include "protocol-versions.h"
#include <X11/extensions/XI.h>
diff --git a/xkb/xkbActions.c b/xkb/xkbActions.c
index db29091e7..5e9a6b6d6 100644
--- a/xkb/xkbActions.c
+++ b/xkb/xkbActions.c
@@ -38,7 +38,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include "exevents.h"
#include "eventstr.h"
#include <xkbsrv.h>
-#include "xkb.h"
#include <ctype.h>
#include "mi.h"
#include "mipointer.h"
diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
index 0bbd66186..f8f65d4a7 100644
--- a/xkb/xkbEvents.c
+++ b/xkb/xkbEvents.c
@@ -39,7 +39,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include "exglobals.h"
#include "windowstr.h"
#include <xkbsrv.h>
-#include "xkb.h"
/***====================================================================***/
diff --git a/xkb/xkbInit.c b/xkb/xkbInit.c
index 4108e1b26..de1dd3fe3 100644
--- a/xkb/xkbInit.c
+++ b/xkb/xkbInit.c
@@ -49,7 +49,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include "xkbgeom.h"
#include <X11/extensions/XKMformat.h>
#include "xkbfile.h"
-#include "xkb.h"
#define CREATE_ATOM(s) MakeAtom(s,sizeof(s)-1,1)
diff --git a/xkb/xkbLEDs.c b/xkb/xkbLEDs.c
index 5792d9fb7..d4690dad9 100644
--- a/xkb/xkbLEDs.c
+++ b/xkb/xkbLEDs.c
@@ -38,7 +38,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/XI.h>
#include <xkbsrv.h>
-#include "xkb.h"
/***====================================================================***/
diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
index 50cabb90e..efbdb81c1 100644
--- a/xkb/xkbSwap.c
+++ b/xkb/xkbSwap.c
@@ -36,7 +36,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <xkbsrv.h>
#include "xkbstr.h"
#include "extnsionst.h"
-#include "xkb.h"
+#include "xkb-procs.h"
/*
* REQUEST SWAPPING
diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
index 8975ade8d..dd089c204 100644
--- a/xkb/xkbUtils.c
+++ b/xkb/xkbUtils.c
@@ -67,7 +67,6 @@ DEALINGS IN THE SOFTWARE.
#define XKBSRV_NEED_FILE_FUNCS
#include <xkbsrv.h>
#include "xkbgeom.h"
-#include "xkb.h"
/***====================================================================***/
diff --git a/xkb/xkbfmisc.c b/xkb/xkbfmisc.c
index 2ecdcd555..fc9197f2d 100644
--- a/xkb/xkbfmisc.c
+++ b/xkb/xkbfmisc.c
@@ -46,7 +46,6 @@
#define XKBSRV_NEED_FILE_FUNCS 1
#include <xkbsrv.h>
#include "xkbgeom.h"
-#include "xkb.h"
unsigned
_XkbKSCheckCase(KeySym ks)
--
GitLab

View File

@ -1,160 +0,0 @@
@@ -, +, @@
---
xkb/xkb.c | 43 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 38 insertions(+), 5 deletions(-)
Index: xorg-server-21.1.3/xkb/xkb.c
===================================================================
--- xorg-server-21.1.3.orig/xkb/xkb.c
+++ xorg-server-21.1.3/xkb/xkb.c
@@ -5157,7 +5157,7 @@ _GetCountedString(char **wire_inout, Cli
}
static Status
-_CheckSetDoodad(char **wire_inout,
+_CheckSetDoodad(char **wire_inout, xkbSetGeometryReq *req,
XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
{
char *wire;
@@ -5168,6 +5168,9 @@ _CheckSetDoodad(char **wire_inout,
Status status;
dWire = (xkbDoodadWireDesc *) (*wire_inout);
+ if (!_XkbCheckRequestBounds(client, req, dWire, dWire + 1))
+ return BadLength;
+
any = dWire->any;
wire = (char *) &dWire[1];
if (client->swapped) {
@@ -5270,7 +5273,7 @@ _CheckSetDoodad(char **wire_inout,
}
static Status
-_CheckSetOverlay(char **wire_inout,
+_CheckSetOverlay(char **wire_inout, xkbSetGeometryReq *req,
XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
{
register int r;
@@ -5281,6 +5284,9 @@ _CheckSetOverlay(char **wire_inout,
wire = *wire_inout;
olWire = (xkbOverlayWireDesc *) wire;
+ if (!_XkbCheckRequestBounds(client, req, olWire, olWire + 1))
+ return BadLength;
+
if (client->swapped) {
swapl(&olWire->name);
}
@@ -5292,6 +5298,9 @@ _CheckSetOverlay(char **wire_inout,
xkbOverlayKeyWireDesc *kWire;
XkbOverlayRowPtr row;
+ if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1))
+ return BadLength;
+
if (rWire->rowUnder > section->num_rows) {
client->errorValue = _XkbErrCode4(0x20, r, section->num_rows,
rWire->rowUnder);
@@ -5300,6 +5309,9 @@ _CheckSetOverlay(char **wire_inout,
row = XkbAddGeomOverlayRow(ol, rWire->rowUnder, rWire->nKeys);
kWire = (xkbOverlayKeyWireDesc *) &rWire[1];
for (k = 0; k < rWire->nKeys; k++, kWire++) {
+ if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1))
+ return BadLength;
+
if (XkbAddGeomOverlayKey(ol, row,
(char *) kWire->over,
(char *) kWire->under) == NULL) {
@@ -5333,6 +5345,9 @@ _CheckSetSections(XkbGeometryPtr geom,
register int r;
xkbRowWireDesc *rWire;
+ if (!_XkbCheckRequestBounds(client, req, sWire, sWire + 1))
+ return BadLength;
+
if (client->swapped) {
swapl(&sWire->name);
swaps(&sWire->top);
@@ -5358,6 +5373,9 @@ _CheckSetSections(XkbGeometryPtr geom,
XkbRowPtr row;
xkbKeyWireDesc *kWire;
+ if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1))
+ return BadLength;
+
if (client->swapped) {
swaps(&rWire->top);
swaps(&rWire->left);
@@ -5372,6 +5390,9 @@ _CheckSetSections(XkbGeometryPtr geom,
for (k = 0; k < rWire->nKeys; k++) {
XkbKeyPtr key;
+ if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1))
+ return BadLength;
+
key = XkbAddGeomKey(row);
if (!key)
return BadAlloc;
@@ -5397,7 +5418,7 @@ _CheckSetSections(XkbGeometryPtr geom,
register int d;
for (d = 0; d < sWire->nDoodads; d++) {
- status = _CheckSetDoodad(&wire, geom, section, client);
+ status = _CheckSetDoodad(&wire, req, geom, section, client);
if (status != Success)
return status;
}
@@ -5406,7 +5427,7 @@ _CheckSetSections(XkbGeometryPtr geom,
register int o;
for (o = 0; o < sWire->nOverlays; o++) {
- status = _CheckSetOverlay(&wire, geom, section, client);
+ status = _CheckSetOverlay(&wire, req, geom, section, client);
if (status != Success)
return status;
}
@@ -5440,6 +5461,9 @@ _CheckSetShapes(XkbGeometryPtr geom,
xkbOutlineWireDesc *olWire;
XkbOutlinePtr ol;
+ if (!_XkbCheckRequestBounds(client, req, shapeWire, shapeWire + 1))
+ return BadLength;
+
shape =
XkbAddGeomShape(geom, shapeWire->name, shapeWire->nOutlines);
if (!shape)
@@ -5450,12 +5474,18 @@ _CheckSetShapes(XkbGeometryPtr geom,
XkbPointPtr pt;
xkbPointWireDesc *ptWire;
+ if (!_XkbCheckRequestBounds(client, req, olWire, olWire + 1))
+ return BadLength;
+
ol = XkbAddGeomOutline(shape, olWire->nPoints);
if (!ol)
return BadAlloc;
ol->corner_radius = olWire->cornerRadius;
ptWire = (xkbPointWireDesc *) &olWire[1];
for (p = 0, pt = ol->points; p < olWire->nPoints; p++, pt++) {
+ if (!_XkbCheckRequestBounds(client, req, ptWire, ptWire + 1))
+ return BadLength;
+
pt->x = ptWire[p].x;
pt->y = ptWire[p].y;
if (client->swapped) {
@@ -5561,12 +5591,15 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSe
return status;
for (i = 0; i < req->nDoodads; i++) {
- status = _CheckSetDoodad(&wire, geom, NULL, client);
+ status = _CheckSetDoodad(&wire, req, geom, NULL, client);
if (status != Success)
return status;
}
for (i = 0; i < req->nKeyAliases; i++) {
+ if (!_XkbCheckRequestBounds(client, req, wire, wire + XkbKeyNameLength))
+ return BadLength;
+
if (XkbAddGeomKeyAlias(geom, &wire[XkbKeyNameLength], wire) == NULL)
return BadAlloc;
wire += 2 * XkbKeyNameLength;

View File

@ -1,138 +0,0 @@
Index: xorg-server-21.1.3/xkb/xkb.c
===================================================================
--- xorg-server-21.1.3.orig/xkb/xkb.c
+++ xorg-server-21.1.3/xkb/xkb.c
@@ -6551,7 +6551,8 @@ ProcXkbGetDeviceInfo(ClientPtr client)
static char *
CheckSetDeviceIndicators(char *wire,
DeviceIntPtr dev,
- int num, int *status_rtrn, ClientPtr client)
+ int num, int *status_rtrn, ClientPtr client,
+ xkbSetDeviceInfoReq * stuff)
{
xkbDeviceLedsWireDesc *ledWire;
int i;
@@ -6559,6 +6560,11 @@ CheckSetDeviceIndicators(char *wire,
ledWire = (xkbDeviceLedsWireDesc *) wire;
for (i = 0; i < num; i++) {
+ if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) {
+ *status_rtrn = BadLength;
+ return (char *) ledWire;
+ }
+
if (client->swapped) {
swaps(&ledWire->ledClass);
swaps(&ledWire->ledID);
@@ -6586,6 +6592,11 @@ CheckSetDeviceIndicators(char *wire,
atomWire = (CARD32 *) &ledWire[1];
if (nNames > 0) {
for (n = 0; n < nNames; n++) {
+ if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) {
+ *status_rtrn = BadLength;
+ return (char *) atomWire;
+ }
+
if (client->swapped) {
swapl(atomWire);
}
@@ -6597,6 +6608,10 @@ CheckSetDeviceIndicators(char *wire,
mapWire = (xkbIndicatorMapWireDesc *) atomWire;
if (nMaps > 0) {
for (n = 0; n < nMaps; n++) {
+ if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) {
+ *status_rtrn = BadLength;
+ return (char *) mapWire;
+ }
if (client->swapped) {
swaps(&mapWire->virtualMods);
swapl(&mapWire->ctrls);
@@ -6648,11 +6663,6 @@ SetDeviceIndicators(char *wire,
xkbIndicatorMapWireDesc *mapWire;
XkbSrvLedInfoPtr sli;
- if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) {
- *status_rtrn = BadLength;
- return (char *) ledWire;
- }
-
namec = mapc = statec = 0;
sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID,
XkbXI_IndicatorMapsMask);
@@ -6671,10 +6681,6 @@ SetDeviceIndicators(char *wire,
memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom));
for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
if (ledWire->namesPresent & bit) {
- if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) {
- *status_rtrn = BadLength;
- return (char *) atomWire;
- }
sli->names[n] = (Atom) *atomWire;
if (sli->names[n] == None)
ledWire->namesPresent &= ~bit;
@@ -6692,10 +6698,6 @@ SetDeviceIndicators(char *wire,
if (ledWire->mapsPresent) {
for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
if (ledWire->mapsPresent & bit) {
- if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) {
- *status_rtrn = BadLength;
- return (char *) mapWire;
- }
sli->maps[n].flags = mapWire->flags;
sli->maps[n].which_groups = mapWire->whichGroups;
sli->maps[n].groups = mapWire->groups;
@@ -6731,13 +6733,17 @@ SetDeviceIndicators(char *wire,
}
static int
-_XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
+_XkbSetDeviceInfoCheck(ClientPtr client, DeviceIntPtr dev,
xkbSetDeviceInfoReq * stuff)
{
char *wire;
wire = (char *) &stuff[1];
if (stuff->change & XkbXI_ButtonActionsMask) {
+ int sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);
+ if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz))
+ return BadLength;
+
if (!dev->button) {
client->errorValue = _XkbErrCode2(XkbErr_BadClass, ButtonClass);
return XkbKeyboardErrorCode;
@@ -6748,13 +6754,13 @@ _XkbSetDeviceInfo(ClientPtr client, Devi
dev->button->numButtons);
return BadMatch;
}
- wire += (stuff->nBtns * SIZEOF(xkbActionWireDesc));
+ wire += sz;
}
if (stuff->change & XkbXI_IndicatorsMask) {
int status = Success;
wire = CheckSetDeviceIndicators(wire, dev, stuff->nDeviceLedFBs,
- &status, client);
+ &status, client, stuff);
if (status != Success)
return status;
}
@@ -6765,8 +6771,8 @@ _XkbSetDeviceInfo(ClientPtr client, Devi
}
static int
-_XkbSetDeviceInfoCheck(ClientPtr client, DeviceIntPtr dev,
- xkbSetDeviceInfoReq * stuff)
+_XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
+ xkbSetDeviceInfoReq * stuff)
{
char *wire;
xkbExtensionDeviceNotify ed;
@@ -6790,8 +6796,6 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
if (stuff->firstBtn + stuff->nBtns > nBtns)
return BadValue;
sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);
- if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz))
- return BadLength;
memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz);
wire += sz;
ed.reason |= XkbXI_ButtonActionsMask;

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:61d6aad5b6b47a116b960bd7f0cba4ee7e6da95d6bb0b127bde75d7d1acdebe5
size 4955948

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587
size 4940176

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Jul 13 12:38:05 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
- Update to version 21.1
* This release fixes 2 recently reported security vulnerabilities
in xkb, several regressions since 1.20.x and a number of
miscellaneous bugs.
- supersedes the following security patches
* U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
* U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch
* U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch
- supersedes U_Fix-build-with-gcc-12.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 6 12:21:11 UTC 2022 - Stefan Dirsch <sndirsch@suse.com> Wed Jul 6 12:21:11 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>

View File

@ -36,7 +36,7 @@
%endif %endif
Name: xorg-x11-server Name: xorg-x11-server
Version: 21.1.3 Version: 21.1.4
Release: 0 Release: 0
URL: http://xorg.freedesktop.org/ URL: http://xorg.freedesktop.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -245,16 +245,8 @@ Patch1930: u_xfree86-activate-GPU-screens-on-autobind.patch
Patch1940: U_xephyr-Don-t-check-for-SeatId-anymore.patch Patch1940: U_xephyr-Don-t-check-for-SeatId-anymore.patch
Patch1950: U_Fix-build-with-gcc-12.patch
Patch1960: u_sync-pci-ids-with-Mesa-22.0.0.patch Patch1960: u_sync-pci-ids-with-Mesa-22.0.0.patch
#CVE-2022-2320, ZDI-CAN-16070, bsc#1194181
Patch2001: U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
#CVE-2022-2319, ZDI-CAN-16062, bsc#1194179
Patch2101: U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch
Patch2102: U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch
%description %description
This package contains the X.Org Server. This package contains the X.Org Server.
@ -411,11 +403,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch1920 -p1 %patch1920 -p1
%patch1930 -p1 %patch1930 -p1
%patch1940 -p1 %patch1940 -p1
%patch1950 -p1
%patch1960 -p1 %patch1960 -p1
%patch2001 -p1
%patch2101 -p1
%patch2102 -p1
%build %build
# We have some -z now related errors during X default startup (boo#1197994): # We have some -z now related errors during X default startup (boo#1197994):