From 648f5c3fe3a96403e5dd3dce852c9e4adec121072cc06f849c73ac56a55fc69e Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Sat, 1 Apr 2023 17:59:31 +0000 Subject: [PATCH 1/2] Accepting request 1076650 from home:iznogood:branches:X11:XOrg - Update to version 21.1.8: * composite: Fix use-after-free of the COW * xkbUtils: use existing symbol names instead of deleted deprecated ones - Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch: Fixed upstream - Switch back to tarball release, drop source service, add keyring and sig files. OBS-URL: https://build.opensuse.org/request/show/1076650 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=856 --- ...posite-Fix-use-after-free-of-the-COW.patch | 42 ------------------ _service | 15 ------- _servicedata | 4 -- xorg-server-21.1.7.tar.xz | 3 -- xorg-server-21.1.8.tar.xz | 3 ++ xorg-server-21.1.8.tar.xz.sig | Bin 0 -> 95 bytes xorg-x11-server.changes | 12 +++++ xorg-x11-server.keyring | Bin 0 -> 2290 bytes xorg-x11-server.spec | 11 ++--- 9 files changed, 19 insertions(+), 71 deletions(-) delete mode 100644 U_xserver-composite-Fix-use-after-free-of-the-COW.patch delete mode 100644 _service delete mode 100644 _servicedata delete mode 100644 xorg-server-21.1.7.tar.xz create mode 100644 xorg-server-21.1.8.tar.xz create mode 100644 xorg-server-21.1.8.tar.xz.sig create mode 100644 xorg-x11-server.keyring diff --git a/U_xserver-composite-Fix-use-after-free-of-the-COW.patch b/U_xserver-composite-Fix-use-after-free-of-the-COW.patch deleted file mode 100644 index 3473094..0000000 --- a/U_xserver-composite-Fix-use-after-free-of-the-COW.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 947bd1b3f4a23565bf10879ec41ba06ebe1e1c76 Mon Sep 17 00:00:00 2001 -From: Olivier Fourdan -Date: Mon, 13 Mar 2023 11:08:47 +0100 -Subject: [PATCH xserver] composite: Fix use-after-free of the COW - -ZDI-CAN-19866/CVE-2023-1393 - -If a client explicitly destroys the compositor overlay window (aka COW), -we would leave a dangling pointer to that window in the CompScreen -structure, which will trigger a use-after-free later. - -Make sure to clear the CompScreen pointer to the COW when the latter gets -destroyed explicitly by the client. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Olivier Fourdan -Reviewed-by: Adam Jackson ---- - composite/compwindow.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/composite/compwindow.c b/composite/compwindow.c -index 4e2494b86..b30da589e 100644 ---- a/composite/compwindow.c -+++ b/composite/compwindow.c -@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) - ret = (*pScreen->DestroyWindow) (pWin); - cs->DestroyWindow = pScreen->DestroyWindow; - pScreen->DestroyWindow = compDestroyWindow; -+ -+ /* Did we just destroy the overlay window? */ -+ if (pWin == cs->pOverlayWin) -+ cs->pOverlayWin = NULL; -+ - /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ - return ret; - } --- -2.40.0 - diff --git a/_service b/_service deleted file mode 100644 index a0597dd..0000000 --- a/_service +++ /dev/null @@ -1,15 +0,0 @@ - - - https://gitlab.freedesktop.org/xorg/xserver.git - git - xorg-server-21.1.6 - @PARENT_TAG@ - xorgserver(.*) - enable - - - *.tar - xz - - - diff --git a/_servicedata b/_servicedata deleted file mode 100644 index bd0d02a..0000000 --- a/_servicedata +++ /dev/null @@ -1,4 +0,0 @@ - - - https://gitlab.freedesktop.org/xorg/xserver.git - 59b6fc88ed9f4b22397a568c2483e4c558856ffa \ No newline at end of file diff --git a/xorg-server-21.1.7.tar.xz b/xorg-server-21.1.7.tar.xz deleted file mode 100644 index b15421e..0000000 --- a/xorg-server-21.1.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb -size 4933292 diff --git a/xorg-server-21.1.8.tar.xz b/xorg-server-21.1.8.tar.xz new file mode 100644 index 0000000..48d79b4 --- /dev/null +++ b/xorg-server-21.1.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152 +size 4980208 diff --git a/xorg-server-21.1.8.tar.xz.sig b/xorg-server-21.1.8.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..6161a165aae3419e73bfe185ee763b7ea0ad2a2958fc9a97691b460ac1c8a464 GIT binary patch literal 95 zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4NQdG?DFmQ1Sz(lGe80J@M v$R9L2|9Sfjp_RP9zvo1|T#n9XSn%Ryj+cu>*1PpzEroxCa98}bo&660H7_PP literal 0 HcmV?d00001 diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 257c1b1..29e337b 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sat Apr 1 13:42:37 UTC 2023 - Bjørn Lie + +- Update to version 21.1.8: + * composite: Fix use-after-free of the COW + * xkbUtils: use existing symbol names instead of deleted + deprecated ones +- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch: + Fixed upstream +- Switch back to tarball release, drop source service, add keyring + and sig files. + ------------------------------------------------------------------- Wed Mar 22 13:48:21 UTC 2023 - Stefan Dirsch diff --git a/xorg-x11-server.keyring b/xorg-x11-server.keyring new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..779646aeaa220dcaa9c0d20c9f1fe36b28f19e0e1810e2d79c584922fb1e1f83 GIT binary patch literal 2290 zcmb`IXHe7W7RLW+kdOdDAkq;+T@zqMM1`d+1i?_2CPbts6zQR(AShrKmy4h%p(I)K z29Yl4(gZ1@G(i^7NEcR+;)cE`$VGOT%gl~DcW3Umcis=@d7j@n?|bN=e5kQ=pNtR` zU}lDD7NTa!&bwI#-rNPr^^SIA=~!ub4!dDw)ETSAI2&c6FuiJAtYOqoPa~QXm@GS?4}`& zncV0$Vu7U^7+#Wy`+p*RllD=Ezoswxz6>N_>3 z6RDgaIm0I&KtNYqYbB)`hmhbMem#XBg{Cy*QDbzzI zLE%)gd*C5muRjk4QC^-DwIHgu9xVncECdElf+ev$NCcc00)~o$;SeYW3;}^>)Ko$K>xQ60rkzs zmpTO5?O(TC1O-q03t+l*-C-A$JVU9pzqn?{8w3{jOmqcu;e5wCF5&{O2vl3=pO4DW zSuu@d(L8rqV0ZlNj5Z8`@B+nu17}q zn6T?2@WP?BThpA?pB%i<>onh85!J5)han{Fr2AlClRKSZJMi~Q9lZ)LFF6JyCe(t% z?et%D90j6V5xe=yubBkTX<#^YK92vT1HViP&_zM^hEKV#1tZMZ? zIEXKC8PkZRdF=`-eTn+~#E$&`j2tNru(H=ktY$j0`?SME+bu8kPVU_lF2K+`jMe-@ zeceDbasgCk_;^``DA>2B^YwtcupR#dzduibCcqjkitSx9fvRwkQw{{s>W0*`)3*St zIM3mTXf*m!gCUJz9(N<_)mZFI74|Q@_i%d$xcmD5ziBf}04CKV2j!iO!8Vr-{>u zA6TY00T$iQ%`AZPBB5L{q$(pss1VzN(yamWe_26hXgH86mDy>3Qk!V=Qj3B)uyC;S zb5ft)1>K0LYIw!FjF89-#AfyAwf7$bo}8N)Q>lbEm0666LDITY{O65C-<@xCowl8?kjmJyfE9W(Vk-DuP{#4aw{=%ao{ zH6(OPAcaS~#N^tRQ%agiSL&xK^KuPmG%X`*OSO*PS-){X;qFLp7fj_&>;nHuao}0qQa2vedE9`ySRePKmrgL@3x!6ItDMAb|O|jZN7Mg z&jBoxQy%rBl11epzkawhg30N3>Ppi^ICHv-5gO^w)NKR(%9FKXNgGXOJ&D3M4hcAi zQv4$_2_X>&=v>i1p8jT}FPOFNp(y8)%UtJ_b zE_1FSIXVI`R;c5rm(F;fDsHyQ)Cc}DcaFYF4mq)*s6BNA8-`bTYihQvBUWYcJ6Uw7 zechEBM}Fv?_na7$*=mlplx$dNNMprt{qc61ep^CsQ0s9vCLGg?@+Lo-q>G{-4XUfj zc9-_eES9Dk*vCgLqn5&t>DPP&wYrWmrVHzp4LvSd9i}-$#dfxd^xu6}!}}k1ZUewj vt*#$DQmn13rEN3ngOPaUa7HT+VBN8in$o^-+4qXsse56bPVOF)tqT7EY5IJt literal 0 HcmV?d00001 diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 6ae6e7a..6bbf9b9 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -36,14 +36,15 @@ %endif Name: xorg-x11-server -Version: 21.1.7 +Version: 21.1.8 Release: 0 URL: http://xorg.freedesktop.org/ Summary: X -# Source URL: http://xorg.freedesktop.org/archive/individual/xserver/ License: MIT Group: System/X11/Servers/XF86_4 -Source0: xorg-server-%{version}.tar.xz +Source0: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-%{version}.tar.xz +Source10: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-%{version}.tar.xz.sig +Source11: xorg-x11-server.keyring Source1: sysconfig.displaymanager.template Source2: README.updates Source3: xorgcfg.tar.bz2 @@ -242,8 +243,6 @@ Patch1940: U_xephyr-Don-t-check-for-SeatId-anymore.patch Patch1960: u_sync-pci-ids-with-Mesa.patch -Patch1209543: U_xserver-composite-Fix-use-after-free-of-the-COW.patch - %description This package contains the X.Org Server. @@ -402,8 +401,6 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch1940 -p1 %patch1960 -p1 -%patch1209543 -p1 - %build # We have some -z now related errors during X default startup (boo#1197994): # - when loading modesetting: gbm_bo_get_plane_count From 2444a577fa9229c04c3f57dfd71cbbd32f443fa7268df5b2f2e328485f2fc8d0 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Sat, 1 Apr 2023 18:44:04 +0000 Subject: [PATCH 2/2] Accepting request 1076665 from home:iznogood:branches:X11:XOrg Tweak .changes entry from my previous sub - add CVE... OBS-URL: https://build.opensuse.org/request/show/1076665 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=857 --- xorg-x11-server.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 29e337b..41f0733 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,7 +1,8 @@ ------------------------------------------------------------------- Sat Apr 1 13:42:37 UTC 2023 - Bjørn Lie -- Update to version 21.1.8: +- Update to version 21.1.8 (CVE-2023-1393): + * This release contains the fix for CVE-2023-1393 * composite: Fix use-after-free of the COW * xkbUtils: use existing symbol names instead of deleted deprecated ones