update to 1.22.1, and update upstream URL

0001-evdev-strip-the-device-name-of-format-directives.patch

@@ -1,355 +0,0 @@
-From 0fd73ca67649b359abc68ee7f6c6778c97681f76 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Wed, 30 Mar 2022 09:25:22 +1000
-Subject: [PATCH] evdev: strip the device name of format directives
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
- 
-This fixes a format string vulnerabilty.
- 
-evdev_log_message() composes a format string consisting of a fixed
-prefix (including the rendered device name) and the passed-in format
-buffer. This format string is then passed with the arguments to the
-actual log handler, which usually and eventually ends up being printf.
- 
-If the device name contains a printf-style format directive, these ended
-up in the format string and thus get interpreted correctly, e.g. for a
-device "Foo%sBar" the log message vs printf invocation ends up being:
-  evdev_log_message(device, "some message %s", "some argument");
-  printf("event9 - Foo%sBar: some message %s", "some argument");
- 
-This can enable an attacker to execute malicious code with the
-privileges of the process using libinput.
- 
-To exploit this, an attacker needs to be able to create a kernel device
-with a malicious name, e.g. through /dev/uinput or a Bluetooth device.
- 
-To fix this, convert any potential format directives in the device name
-by duplicating percentages.
- 
-Pre-rendering the device to avoid the issue altogether would be nicer
-but the current log level hooks do not easily allow for this. The device
-name is the only user-controlled part of the format string.
- 
-A second potential issue is the sysname of the device which is also
-sanitized.
- 
-This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from
-Assured AB.
- 
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
----
- meson.build                        |  1 +
- src/evdev.c                        | 31 +++++++++++------
- src/evdev.h                        |  6 ++--
- src/util-strings.h                 | 30 ++++++++++++++++
- test/litest-device-format-string.c | 56 ++++++++++++++++++++++++++++++
- test/litest.h                      |  1 +
- test/test-utils.c                  | 26 ++++++++++++++
- 7 files changed, 139 insertions(+), 12 deletions(-)
- create mode 100644 test/litest-device-format-string.c
- 
-diff --git meson.build meson.build
-index 97649e57..1407aac5 100644
---- meson.build
-+++ meson.build
-@@ -734,6 +734,7 @@ if get_option('tests')
- 		'test/litest-device-dell-canvas-totem-touch.c',
- 		'test/litest-device-elantech-touchpad.c',
- 		'test/litest-device-elan-tablet.c',
-+		'test/litest-device-format-string.c',
- 		'test/litest-device-generic-pressurepad.c',
- 		'test/litest-device-generic-singletouch.c',
- 		'test/litest-device-gpio-keys.c',
-diff --git src/evdev.c src/evdev.c
-index d0090c86..3c31b59a 100644
---- src/evdev.c
-+++ src/evdev.c
-@@ -2384,19 +2384,19 @@ evdev_device_create(struct libinput_seat *seat,
- 	struct libinput *libinput = seat->libinput;
- 	struct evdev_device *device = NULL;
- 	int rc;
--	int fd;
-+	int fd = -1;
- 	int unhandled_device = 0;
- 	const char *devnode = udev_device_get_devnode(udev_device);
--	const char *sysname = udev_device_get_sysname(udev_device);
-+	char *sysname = str_sanitize(udev_device_get_sysname(udev_device));
- 
- 	if (!devnode) {
- 		log_info(libinput, "%s: no device node associated\n", sysname);
--		return NULL;
-+		goto err;
- 	}
- 
- 	if (udev_device_should_be_ignored(udev_device)) {
- 		log_debug(libinput, "%s: device is ignored\n", sysname);
--		return NULL;
-+		goto err;
- 	}
- 
- 	/* Use non-blocking mode so that we can loop on read on
-@@ -2410,13 +2410,15 @@ evdev_device_create(struct libinput_seat *seat,
- 			 sysname,
- 			 devnode,
- 			 strerror(-fd));
--		return NULL;
-+		goto err;
- 	}
- 
- 	if (!evdev_device_have_same_syspath(udev_device, fd))
- 		goto err;
- 
- 	device = zalloc(sizeof *device);
-+	device->sysname = sysname;
-+	sysname = NULL;
- 
- 	libinput_device_init(&device->base, seat);
- 	libinput_seat_ref(seat);
-@@ -2439,6 +2441,9 @@ evdev_device_create(struct libinput_seat *seat,
- 	device->dispatch = NULL;
- 	device->fd = fd;
- 	device->devname = libevdev_get_name(device->evdev);
-+	/* the log_prefix_name is used as part of a printf format string and
-+	 * must not contain % directives, see evdev_log_msg */
-+	device->log_prefix_name = str_sanitize(device->devname);
- 	device->scroll.threshold = 5.0; /* Default may be overridden */
- 	device->scroll.direction_lock_threshold = 5.0; /* Default may be overridden */
- 	device->scroll.direction = 0;
-@@ -2479,12 +2484,16 @@ evdev_device_create(struct libinput_seat *seat,
- 	return device;
- 
- err:
--	close_restricted(libinput, fd);
--	if (device) {
--		unhandled_device = device->seat_caps == 0;
--		evdev_device_destroy(device);
-+	if (fd >= 0) {
-+		close_restricted(libinput, fd);
-+		if (device) {
-+			unhandled_device = device->seat_caps == 0;
-+			evdev_device_destroy(device);
-+		}
- 	}
- 
-+	free(sysname);
-+
- 	return unhandled_device ? EVDEV_UNHANDLED_DEVICE :  NULL;
- }
- 
-@@ -2497,7 +2506,7 @@ evdev_device_get_output(struct evdev_device *device)
- const char *
- evdev_device_get_sysname(struct evdev_device *device)
- {
--	return udev_device_get_sysname(device->udev_device);
-+	return device->sysname;
- }
- 
- const char *
-@@ -3094,6 +3103,8 @@ evdev_device_destroy(struct evdev_device *device)
- 	if (device->base.group)
- 		libinput_device_group_unref(device->base.group);
- 
-+	free(device->log_prefix_name);
-+	free(device->sysname);
- 	free(device->output_name);
- 	filter_destroy(device->pointer.filter);
- 	libinput_timer_destroy(&device->scroll.timer);
-diff --git src/evdev.h src/evdev.h
-index c7d130f8..980c5943 100644
---- src/evdev.h
-+++ src/evdev.h
-@@ -169,6 +169,8 @@ struct evdev_device {
- 	struct udev_device *udev_device;
- 	char *output_name;
- 	const char *devname;
-+	char *log_prefix_name;
-+	char *sysname;
- 	bool was_removed;
- 	int fd;
- 	enum evdev_device_seat_capability seat_caps;
-@@ -786,7 +788,7 @@ evdev_log_msg(struct evdev_device *device,
- 		 sizeof(buf),
- 		 "%-7s - %s%s%s",
- 		 evdev_device_get_sysname(device),
--		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->devname : "",
-+		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->log_prefix_name : "",
- 		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  ": " : "",
- 		 format);
- 
-@@ -824,7 +826,7 @@ evdev_log_msg_ratelimit(struct evdev_device *device,
- 		 sizeof(buf),
- 		 "%-7s - %s%s%s",
- 		 evdev_device_get_sysname(device),
--		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->devname : "",
-+		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->log_prefix_name : "",
- 		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  ": " : "",
- 		 format);
- 
-diff --git src/util-strings.h src/util-strings.h
-index 2a15fab3..d5a84146 100644
---- src/util-strings.h
-+++ src/util-strings.h
-@@ -43,6 +43,8 @@
- #include <xlocale.h>
- #endif
- 
-+#include "util-macros.h"
-+
- static inline bool
- streq(const char *str1, const char *str2)
- {
-@@ -398,3 +400,31 @@ safe_basename(const char *filename);
- 
- char *
- trunkname(const char *filename);
-+
-+/**
-+ * Return a copy of str with all % converted to %% to make the string
-+ * acceptable as printf format.
-+ */
-+static inline char *
-+str_sanitize(const char *str)
-+{
-+	if (!str)
-+		return NULL;
-+
-+	if (!strchr(str, '%'))
-+		return strdup(str);
-+
-+	size_t slen = min(strlen(str), 512);
-+	char *sanitized = zalloc(2 * slen + 1);
-+	const char *src = str;
-+	char *dst = sanitized;
-+
-+	for (size_t i = 0; i < slen; i++) {
-+		if (*src == '%')
-+			*dst++ = '%';
-+		*dst++ = *src++;
-+	}
-+	*dst = '\0';
-+
-+	return sanitized;
-+}
-diff --git test/litest-device-format-string.c test/litest-device-format-string.c
-new file mode 100644
-index 00000000..aed15db4
---- /dev/null
-+++ test/litest-device-format-string.c
-@@ -0,0 +1,56 @@
-+
-+/*
-+ * Copyright © 2013 Red Hat, Inc.
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the "Software"),
-+ * to deal in the Software without restriction, including without limitation
-+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
-+ * and/or sell copies of the Software, and to permit persons to whom the
-+ * Software is furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice (including the next
-+ * paragraph) shall be included in all copies or substantial portions of the
-+ * Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
-+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-+ * DEALINGS IN THE SOFTWARE.
-+ */
-+
-+#include "config.h"
-+
-+#include "litest.h"
-+#include "litest-int.h"
-+
-+static struct input_id input_id = {
-+	.bustype = 0x3,
-+	.vendor = 0x0123,
-+	.product = 0x0456,
-+};
-+
-+static int events[] = {
-+	EV_KEY, BTN_LEFT,
-+	EV_KEY, BTN_RIGHT,
-+	EV_KEY, BTN_MIDDLE,
-+	EV_REL, REL_X,
-+	EV_REL, REL_Y,
-+	EV_REL, REL_WHEEL,
-+	EV_REL, REL_WHEEL_HI_RES,
-+	-1 , -1,
-+};
-+
-+TEST_DEVICE("mouse-format-string",
-+	.type = LITEST_MOUSE_FORMAT_STRING,
-+	.features = LITEST_RELATIVE | LITEST_BUTTON | LITEST_WHEEL,
-+	.interface = NULL,
-+
-+	.name = "Evil %s %d %x Mouse %p %",
-+	.id = &input_id,
-+	.absinfo = NULL,
-+	.events = events,
-+)
-diff --git test/litest.h test/litest.h
-index 4982e516..1b1daa90 100644
---- test/litest.h
-+++ test/litest.h
-@@ -321,6 +321,7 @@ enum litest_device_type {
- 	LITEST_KEYBOARD_QUIRKED,
- 	LITEST_SYNAPTICS_PRESSUREPAD,
- 	LITEST_GENERIC_PRESSUREPAD,
-+	LITEST_MOUSE_FORMAT_STRING,
- };
- 
- #define LITEST_DEVICELESS	-2
-diff --git test/test-utils.c test/test-utils.c
-index ca804a94..46444d8a 100644
---- test/test-utils.c
-+++ test/test-utils.c
-@@ -1316,6 +1316,31 @@ START_TEST(strstartswith_test)
- }
- END_TEST
- 
-+START_TEST(strsanitize_test)
-+{
-+	struct strsanitize_test {
-+		const char *string;
-+		const char *expected;
-+	} tests[] = {
-+		{ "foobar", "foobar" },
-+		{ "", "" },
-+		{ "%", "%%" },
-+		{ "%%%%", "%%%%%%%%" },
-+		{ "x %s", "x %%s" },
-+		{ "x %", "x %%" },
-+		{ "%sx", "%%sx" },
-+		{ "%s%s", "%%s%%s" },
-+		{ NULL, NULL },
-+	};
-+
-+	for (struct strsanitize_test *t = tests; t->string; t++) {
-+		char *sanitized = str_sanitize(t->string);
-+		ck_assert_str_eq(sanitized, t->expected);
-+		free(sanitized);
-+	}
-+}
-+END_TEST
-+
- START_TEST(list_test_insert)
- {
- 	struct list_test {
-@@ -1538,6 +1563,7 @@ litest_utils_suite(void)
- 	tcase_add_test(tc, strstrip_test);
- 	tcase_add_test(tc, strendswith_test);
- 	tcase_add_test(tc, strstartswith_test);
-+	tcase_add_test(tc, strsanitize_test);
- 	tcase_add_test(tc, time_conversion);
- 	tcase_add_test(tc, human_time);
- 
--- 
-2.35.1
-

libinput-1.14.1-vs-1.15.6.yaml

@@ -1,45 +0,0 @@
-name: libinput
-old_version: 1.14.1
-new_version: 1.15.6
-interface_differences:
-- type: 'feature'
-  item: 添加HP Elite x2 1013 G3
-  diff: 将HP Elite x2 1013 G3键盘标记为外部键盘
-  influence: 功能增强
-- type: 'feature'
-  item: markdown
-  diff: 删除markdown源码解析器，废弃此功能
-  influence: 功能优化
-- type: 'feature'
-  item: 增加Lenovo ThinkPad X200 Tablet
-  diff: 为quirk模式添加Lenovo ThinkPad X200 Tablet
-  influence: 功能增强
-- type: 'feature'
-  item: 使用qemu
-  diff: 添加使用qemu运行完整的测试套件的支持，允许失败，至少可以利用它
-  influence: 功能增强
-- type: 'feature'
-  item: 添加滚动按钮
-  diff: 添加滚动按钮锁定功能
-  influence: 功能增强
-- type: 'feature'
-  item: 在quirks模式添加RollerMouse Free 3
-  diff: 添加RollerMouse Free 3进行双击修复
-  influence: 功能增强
-- type: 'feature'
-  item: 从libinput
-  diff: 删除特定的libinput度量工具
-  influence: 功能优化
-- type: 'feature'
-  item: tools
-  diff: 只要笔尖在逻辑上向下，就会显示一个额外的正方形。
-  influence: 功能增强
-- type: 'ABI'
-  item: tablet
-  diff: 添加一个tablet_get_current_tool，用于获取当前工具
-  influence: 功能增强
-- type: 'ABI'
-  item: touchpad
-  diff: 添加一个tp_tap_move_to_dead，用于控制移动后不允许多手指点击
-  influence: 功能增强
-remark: '新增函数和特性，对老特性无影响，libinput为触摸屏基础库，被图形桌面引入，无相关产品使用，影响小;'

libinput.spec

@@ -1,11 +1,10 @@
 Name:        libinput
-Version:     1.19.2
-Release:     2
+Version:     1.22.1
+Release:     1
 Summary:     Input device management and event handling library
 License:     MIT
-URL:         https://www.freedesktop.org/wiki/Software/libinput/
-Source0:     https://www.freedesktop.org/software/libinput/libinput-%{version}.tar.xz
-patch0001:	0001-evdev-strip-the-device-name-of-format-directives.patch	
+URL:         https://gitlab.freedesktop.org/libinput/libinput/-/releases
+Source0:     https://gitlab.freedesktop.org/libinput/libinput/-/archive/%{version}/libinput-%{version}.tar.gz
 
 BuildRequires: gcc gcc-c++  python3-devel meson  pkgconfig(libudev) pkgconfig(mtdev) pkgconfig(libevdev)  pkgconfig(libwacom)
 
@@ -84,6 +83,9 @@ The %{name}-doc package contains document files.
 %{_mandir}/man1/*
 
 %changelog
+* Fri Feb 10 2023 Liu Yuntao <liuyuntao10@huawei.com> - 1.22.1-1
+- update to 1.22.1, and update upstream URL
+
 * Tue Jun 7 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.19.2-2
 - fix CVE-2022-1215