diff --git a/U_xserver-composite-Fix-use-after-free-of-the-COW.patch b/U_xserver-composite-Fix-use-after-free-of-the-COW.patch deleted file mode 100644 index 3473094..0000000 --- a/U_xserver-composite-Fix-use-after-free-of-the-COW.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001 -From: Olivier Fourdan -Date: Mon, 13 Mar 2023 11:08:47 +0100 -Subject: [PATCH xserver] composite: Fix use-after-free of the COW - -ZDI-CAN-19866/CVE-2023-1393 - -If a client explicitly destroys the compositor overlay window (aka COW), -we would leave a dangling pointer to that window in the CompScreen -structure, which will trigger a use-after-free later. - -Make sure to clear the CompScreen pointer to the COW when the latter gets -destroyed explicitly by the client. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Olivier Fourdan -Reviewed-by: Adam Jackson ---- - composite/compwindow.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/composite/compwindow.c b/composite/compwindow.c -index 4e2494b86..b30da589e 100644 ---- a/composite/compwindow.c -+++ b/composite/compwindow.c -@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) - ret = (*pScreen->DestroyWindow) (pWin); - cs->DestroyWindow = pScreen->DestroyWindow; - pScreen->DestroyWindow = compDestroyWindow; -+ -+ /* Did we just destroy the overlay window? */ -+ if (pWin == cs->pOverlayWin) -+ cs->pOverlayWin = NULL; -+ - /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ - return ret; - } --- -2.40.0 - diff --git a/_service b/_service deleted file mode 100644 index a0597dd..0000000 --- a/_service +++ /dev/null @@ -1,15 +0,0 @@ - - - https://gitlab.freedesktop.org/xorg/xserver.git - git - xorg-server-21.1.6 - @PARENT_TAG@ - xorgserver(.*) - enable - - - *.tar - xz - - - diff --git a/_servicedata b/_servicedata deleted file mode 100644 index bd0d02a..0000000 --- a/_servicedata +++ /dev/null @@ -1,4 +0,0 @@ - - - https://gitlab.freedesktop.org/xorg/xserver.git - 59b6fc88ed9f4b22397a568c2483e4c558856ffa \ No newline at end of file diff --git a/xorg-server-21.1.7.tar.xz b/xorg-server-21.1.7.tar.xz deleted file mode 100644 index b15421e..0000000 --- a/xorg-server-21.1.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb -size 4933292 diff --git a/xorg-server-21.1.8.tar.xz b/xorg-server-21.1.8.tar.xz new file mode 100644 index 0000000..48d79b4 --- /dev/null +++ b/xorg-server-21.1.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152 +size 4980208 diff --git a/xorg-server-21.1.8.tar.xz.sig b/xorg-server-21.1.8.tar.xz.sig new file mode 100644 index 0000000..6161a16 Binary files /dev/null and b/xorg-server-21.1.8.tar.xz.sig differ diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 257c1b1..41f0733 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Sat Apr 1 13:42:37 UTC 2023 - Bjørn Lie + +- Update to version 21.1.8 (CVE-2023-1393): + * This release contains the fix for CVE-2023-1393 + * composite: Fix use-after-free of the COW + * xkbUtils: use existing symbol names instead of deleted + deprecated ones +- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch: + Fixed upstream +- Switch back to tarball release, drop source service, add keyring + and sig files. + ------------------------------------------------------------------- Wed Mar 22 13:48:21 UTC 2023 - Stefan Dirsch diff --git a/xorg-x11-server.keyring b/xorg-x11-server.keyring new file mode 100644 index 0000000..779646a Binary files /dev/null and b/xorg-x11-server.keyring differ diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 6ae6e7a..6bbf9b9 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -36,14 +36,15 @@ %endif Name: xorg-x11-server -Version: 21.1.7 +Version: 21.1.8 Release: 0 URL: http://xorg.freedesktop.org/ Summary: X -# Source URL: http://xorg.freedesktop.org/archive/individual/xserver/ License: MIT Group: System/X11/Servers/XF86_4 -Source0: xorg-server-%{version}.tar.xz +Source0: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-%{version}.tar.xz +Source10: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-%{version}.tar.xz.sig +Source11: xorg-x11-server.keyring Source1: sysconfig.displaymanager.template Source2: README.updates Source3: xorgcfg.tar.bz2 @@ -242,8 +243,6 @@ Patch1940: U_xephyr-Don-t-check-for-SeatId-anymore.patch Patch1960: u_sync-pci-ids-with-Mesa.patch -Patch1209543: U_xserver-composite-Fix-use-after-free-of-the-COW.patch - %description This package contains the X.Org Server. @@ -402,8 +401,6 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch1940 -p1 %patch1960 -p1 -%patch1209543 -p1 - %build # We have some -z now related errors during X default startup (boo#1197994): # - when loading modesetting: gbm_bo_get_plane_count