xserver: Branch 'server-21.1-branch' - 2 commits

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Wed Mar 29 12:29:23 UTC 2023 

 composite/compwindow.c |    5 +++++
 configure.ac           |    4 ++--
 meson.build            |    4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

New commits:
commit 7c791b15504cc86a929acaa88161f012cdbba59f
Author: Olivier Fourdan <ofourdan at redhat.com>
Date:   Wed Mar 29 13:58:30 2023 +0200

    xserver 21.1.8
    
    Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>

diff --git a/configure.ac b/configure.ac
index 0c899ea94..60ea2c316 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,8 +26,8 @@ dnl
 dnl Process this file with autoconf to create configure.
 
 AC_PREREQ(2.60)
-AC_INIT([xorg-server], 21.1.7, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server)
-RELEASE_DATE="2023-02-07"
+AC_INIT([xorg-server], 21.1.8, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server)
+RELEASE_DATE="2023-03-29"
 RELEASE_NAME="Caramel Ice Cream"
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/meson.build b/meson.build
index bc51d10b7..637938a1b 100644
--- a/meson.build
+++ b/meson.build
@@ -3,10 +3,10 @@ project('xserver', 'c',
             'buildtype=debugoptimized',
             'c_std=gnu99',
         ],
-        version: '21.1.7',
+        version: '21.1.8',
         meson_version: '>= 0.47.0',
 )
-release_date = '2023-02-07'
+release_date = '2023-03-29'
 
 add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc'])
 cc = meson.get_compiler('c')
commit fb51d5dd53b02422ea3b6f36bd017488d41f472d
Author: Olivier Fourdan <ofourdan at redhat.com>
Date:   Mon Mar 13 11:08:47 2023 +0100

    composite: Fix use-after-free of the COW
    
    ZDI-CAN-19866/CVE-2023-1393
    
    If a client explicitly destroys the compositor overlay window (aka COW),
    we would leave a dangling pointer to that window in the CompScreen
    structure, which will trigger a use-after-free later.
    
    Make sure to clear the CompScreen pointer to the COW when the latter gets
    destroyed explicitly by the client.
    
    This vulnerability was discovered by:
    Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
    
    Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
    Reviewed-by: Adam Jackson <ajax at redhat.com>
    (cherry picked from commit 26ef545b3502f61ca722a7a3373507e88ef64110)

diff --git a/composite/compwindow.c b/composite/compwindow.c
index 73a1871a0..9a651636e 100644
--- a/composite/compwindow.c
+++ b/composite/compwindow.c
@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
     ret = (*pScreen->DestroyWindow) (pWin);
     cs->DestroyWindow = pScreen->DestroyWindow;
     pScreen->DestroyWindow = compDestroyWindow;
+
+    /* Did we just destroy the overlay window? */
+    if (pWin == cs->pOverlayWin)
+        cs->pOverlayWin = NULL;
+
 /*    compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
     return ret;
 }

More information about the xorg-commit mailing list