similar to: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free

This release contains the fix for CVE-2023-1393 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-March/003374.html Benno Schulenberg (1): xkbUtils: use existing symbol names instead of deleted deprecated ones Olivier Fourdan (2): composite: Fix use-after-free of the COW xserver 21.1.8 git tag: xorg-server-21.1.8

Multiple input validation failures in X server extensions ========================================================= All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access The handler for the XkbSetNames request does not validate the request length before accessing its

This release contains the fix for CVE-2023-1393 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-March/003374.html Benno Schulenberg (1): xkbUtils: use existing symbol names instead of deleted deprecated ones Joshua Ashton (1): glamor: Don't glFlush/ctx switch unless any work has been performed Michel D?nzer (2): xwayland: Refactor

This was in bugtraq, and hasn't shown up in portaudit yet so I thought I would send it and the fix to you. I submitted a pr for a patch as well. (but for some reason, ir bounced) Problem #1: Clamav 87 has been found to have a security vulnerability that could lead to remote code execution Problem #2 patch patch-clamav-milter_clamav-milter.c won't

--- include/cube.h | 18 +++------ plugins/cube.c | 120 +++++++++++++++++-------------------------------------- 2 files changed, 43 insertions(+), 95 deletions(-) diff --git a/include/cube.h b/include/cube.h index 0a87626..293bad1 100644 --- a/include/cube.h +++ b/include/cube.h @@ -87,16 +87,11 @@ typedef void (*CubePaintInsideProc) (CompScreen *s, CompOutput *output,

From: Kristian Lyngstol <kristian@beryl-project.org> Avoids focus jumping from one screen to another. --- include/compiz.h | 4 ++-- plugins/rotate.c | 2 +- src/display.c | 38 +++++++++++++++++--------------------- src/event.c | 6 +++--- 4 files changed, 23 insertions(+), 27 deletions(-) diff --git a/include/compiz.h b/include/compiz.h index 4c72dd3..f882b84 100644

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Multiple Heap Overflows Allow Remote == Code Execution == CVE ID#: CVE-2007-2446 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Various bugs in Samba's NDR parsing == can allow a user to send specially ==

--- include/cube.h | 6 ++++++ plugins/cube.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletions(-) diff --git a/include/cube.h b/include/cube.h index a8baf1f..c360a73 100644 --- a/include/cube.h +++ b/include/cube.h @@ -75,6 +75,11 @@ typedef void (*CubePaintTopBottomProc) (CompScreen *s, CompOutput *output, int size); +typedef Bool (*CubeCheckFTBProc) (CompScreen

Here are my patches to add extra shapes to the annotate plugin. I have also added dbus support and made a few things configurable. The new tools available are Line, Rectangle and Circle, the original is called Brush. There is no selection line at the moment because I do not understand OpenGL yet. Hopefully these patches can be added and something added later. There is an extra action called

The blur plugin has GL_ARB_fragment_program extension as a prerequisite. At least that's what I'm getting by looking at screen.c. I think there should be a check for the "CompScreen::fragmentProgram" flag somewhere in blur.c to prevent it from loading or at least executing a <null> pointer. I get a crash in line blur.c:1858, because CompScreen::programEnvParameter4f

This makes scenarios like laptops with external monitors on Xrandr 1.2 work. Those e.g. have a 1280x800 output and a 1280x1024 output, completely overlapping each other. With this patch, outputDeviceForGeometry will return the smaller head for a rectangle that's completely inside the smaller head and the larger head otherwise. --- src/screen.c | 88

Hi David, When maximizing windows on a different resolution only 70% of the window is maximized. Ie: on my 1280x1024 screen a window maximized is correct (and does not clobber the desktop panel in KDE, kicker) On my 1600x1200 screen, with no kicker panel, the window is maximized about 70% of the screen only Is this known? Thanks, Shawn. ----- Original Message ---- From: David Reveman

--- src/paint.c | 14 ++++++++++++-- 1 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/paint.c b/src/paint.c index 00cbf73..4ddd332 100644 --- a/src/paint.c +++ b/src/paint.c @@ -193,7 +193,12 @@ paintOutputRegion (CompScreen *screen, if (w->destroyed) continue; - if (!w->shaded) + if (w->shaded) + { + if (w->id < 2) + continue; + } + else

Hello. System info: OS: FC6 x86_64 video: Nvidia GF 7900 GT, driver version 97.55 compiz version: git config backend used: ccp I can reproduce this crash every time on my system. When blur plugin is active and I try to access any right-click menu, regular application menu or drop-down list, compiz crashes. Backtrace produced by crashhandler plugin shows crash in blur.c in function

Here are my patches to add edge + button functionality. I still feel that there is a problem with gconf, but I have just made it so that the edge button functionality works. I have included a patch for gconf to display AnyButton if it is set to 0. There is also a patch to make the edge size configurable because 1 pixel was too small and the mouse keeps slipping off when using it for the

Fixes icon colours on my PowerBook. Given that the preprocessor test was reversed when the code was reorganized and nobody on !MSBFirst platforms complained, one code path should suffice. --- src/texture.c | 5 ----- 1 files changed, 0 insertions(+), 5 deletions(-) diff --git a/src/texture.c b/src/texture.c index 4170c70..7021643 100644 --- a/src/texture.c +++ b/src/texture.c @@ -164,13

Hello, I'm doing a C++ wrapper and I need the counterpart of WindowAddNotifyProc Every plugin must be rebuild since CompScreen is modified, hence ABIVERSION should be changed as well. Would it be possible to implement it ? Patch attached Pafy. -------------- next part -------------- A non-text attachment was scrubbed... Name: compiz-WindowRemoveNotifyProc.patch Type: text/x-diff Size: 1734

Aaron Ma (1): xfree86: add drm modes on non-GTF panels Adam Jackson (2): linux: Make platform device probe less fragile linux: Fix platform device PCI detection for complex bus topologies Alan Coopersmith (2): Update URL's in man pages doc: Update URLs in Xserver-DTrace.xml Alex Goins (1): randr: Check rrPrivKey in RRHasScanoutPixmap() Hans de Goede (1):

0001-Do-not-use-shareList-for-multiple-screens.txt This is essential to get compiz to control multiple screens. I assume there's a better way though. We can either remove the shareList support entirely or we should check if it's supported or not. Improvements on this patch might be a good idea. In Beryl we chose to leave this as an option, but that doesn't strike me as the best

I am pleased to announce the second release candidate of the standalone Xwayland 23.1.0 release (Xwayland 23.1.0 rc2). Xwayland 23.1.0 rc1 has not been plain sailing and a number of issues have been addressed in rc2, most notably: * A regression with keymaps which were not applied anymore * Various regressions with DRM format modifiers Also, the libdrm requirement has been bumped to version