xserver: Branch 'xwayland-21.1' - 2 commits
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Apr 13 14:39:28 UTC 2021
Xi/chgfctl.c | 5 ++++-
meson.build | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
New commits:
commit d4cc2e2db99a1b07c6f14a16abb209bfa6d85678
Author: Michel Dänzer <mdaenzer at redhat.com>
Date: Tue Apr 13 16:29:16 2021 +0200
Bump version for Xwayland 21.1.1 release
diff --git a/meson.build b/meson.build
index 2971764c7..4af03efe3 100644
--- a/meson.build
+++ b/meson.build
@@ -3,7 +3,7 @@ project('xwayland', 'c',
'buildtype=debugoptimized',
'c_std=gnu99',
],
- version: '21.1.0',
+ version: '21.1.1',
meson_version: '>= 0.46.0',
)
add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc'])
commit 1e4bf85df1be285e70a9c9fd52e6cf887600d4e4
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Tue Apr 13 15:55:41 2021 +0200
Fix XChangeFeedbackControl() request underflow
CVE-2021-3472 / ZDI-CAN-1259
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
(cherry picked from commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd)
diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
index 1de4da9ef..7a597e43d 100644
--- a/Xi/chgfctl.c
+++ b/Xi/chgfctl.c
@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
break;
case StringFeedbackClass:
{
- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
+ xStringFeedbackCtl *f;
+ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+ sizeof(xStringFeedbackCtl));
+ f = ((xStringFeedbackCtl *) &stuff[1]);
if (client->swapped) {
if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
return BadLength;
More information about the xorg-commit
mailing list