From e1b5be487a997b9a0766bed934d3795fea754824 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 26 Nov 2024 16:54:34 +0300 Subject: [PATCH] import libX11-1.8.7-7.el10 --- .gitignore | 1 + .libX11.metadata | 1 + .../0001-Fix-deadlock-in-XRebindKeysym.patch | 52 +++ ...tialized-variable-in-_XimTriggerNoti.patch | 49 +++ ...S-regression-in-XCopyColormapAndFree.patch | 34 ++ ...nitialized-variable-in-_XimExtension.patch | 49 +++ ...olormap-add-removal-with-display-loc.patch | 92 +++++ ...tialized-variable-in-_XimEncodeICATT.patch | 47 +++ ...ormap-private-interfaces-thread-safe.patch | 92 +++++ ...that-needed-is-0-in-XkbResizeKeyActi.patch | 62 +++ ...-memory-leak-in-_XimProtoSetIMValues.patch | 64 +++ ...ix-buffer-overrun-in-parse_omit_name.patch | 57 +++ SOURCES/dont-forward-keycode-0.patch | 53 +++ SPECS/libX11.spec | 365 ++++++++++++++++++ 14 files changed, 1018 insertions(+) create mode 100644 .gitignore create mode 100644 .libX11.metadata create mode 100644 SOURCES/0001-Fix-deadlock-in-XRebindKeysym.patch create mode 100644 SOURCES/0001-Fix-use-of-uninitialized-variable-in-_XimTriggerNoti.patch create mode 100644 SOURCES/0001-Revert-Fix-XTS-regression-in-XCopyColormapAndFree.patch create mode 100644 SOURCES/0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch create mode 100644 SOURCES/0002-Revert-Protect-colormap-add-removal-with-display-loc.patch create mode 100644 SOURCES/0003-Fix-use-of-uninitialized-variable-in-_XimEncodeICATT.patch create mode 100644 SOURCES/0003-Make-colormap-private-interfaces-thread-safe.patch create mode 100644 SOURCES/0004-XKBMAlloc-Check-that-needed-is-0-in-XkbResizeKeyActi.patch create mode 100644 SOURCES/0005-Fix-memory-leak-in-_XimProtoSetIMValues.patch create mode 100644 SOURCES/0006-Fix-buffer-overrun-in-parse_omit_name.patch create mode 100644 SOURCES/dont-forward-keycode-0.patch create mode 100644 SPECS/libX11.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5f6d453 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libX11-1.8.7.tar.xz diff --git a/.libX11.metadata b/.libX11.metadata new file mode 100644 index 0000000..0d622f4 --- /dev/null +++ b/.libX11.metadata @@ -0,0 +1 @@ +034271312467ea99699fb8d926118d395e33a663 SOURCES/libX11-1.8.7.tar.xz diff --git a/SOURCES/0001-Fix-deadlock-in-XRebindKeysym.patch b/SOURCES/0001-Fix-deadlock-in-XRebindKeysym.patch new file mode 100644 index 0000000..386d746 --- /dev/null +++ b/SOURCES/0001-Fix-deadlock-in-XRebindKeysym.patch @@ -0,0 +1,52 @@ +From 751fbc59c30604980fdd19cb4b333d3cf2eccb24 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 21 Jun 2024 14:37:24 +0200 +Subject: [PATCH] Fix deadlock in XRebindKeysym() + +Xlib is now built with threading support enabled from the constructor +by default. + +XRebindKeysym() acquires the display lock, then calls: + +| XRebindKeysym() +| LockDisplay() +| ComputeMaskFromKeytrans() +| -> XkbKeysymToModifiers() +| -> _XkbLoadDpy() +| -> XkbGetMap() +| -> XkbGetUpdatedMap() +| LockDisplay() + +And the dead lock: + +| Xlib ERROR: XKBGetMap.c line 575 thread 1fc6e580: locking display already +| locked at KeyBind.c line 937 + +To avoid the issue, call ComputeMaskFromKeytrans() from outside the display +lock. + +Signed-off-by: Olivier Fourdan +Closes: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/216 +Part-of: +--- + src/KeyBind.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/KeyBind.c b/src/KeyBind.c +index a8181b91..a5e22131 100644 +--- a/src/KeyBind.c ++++ b/src/KeyBind.c +@@ -958,8 +958,9 @@ XRebindKeysym ( + memcpy ((char *) p->modifiers, (char *) mlist, (size_t) nb); + p->key = keysym; + p->mlen = nm; +- ComputeMaskFromKeytrans(dpy, p); + UnlockDisplay(dpy); ++ ComputeMaskFromKeytrans(dpy, p); ++ + return 0; + } + +-- +2.45.2 + diff --git a/SOURCES/0001-Fix-use-of-uninitialized-variable-in-_XimTriggerNoti.patch b/SOURCES/0001-Fix-use-of-uninitialized-variable-in-_XimTriggerNoti.patch new file mode 100644 index 0000000..97656e6 --- /dev/null +++ b/SOURCES/0001-Fix-use-of-uninitialized-variable-in-_XimTriggerNoti.patch @@ -0,0 +1,49 @@ +From 4f5541193dd5a004ed5ea44c12fc25e227113c9b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 16:37:21 +0200 +Subject: [PATCH 1/6] Fix use of uninitialized variable in _XimTriggerNotify +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`_XimRead()` is being called with `reply` as target buffer instead of +using `preply`, accessing uninitialized memory a few lines later. + +This error has been found by a static analysis tool. This is the report: + + Error: UNINIT (CWE-457): + libX11-1.8.7/modules/im/ximcp/imDefLkup.c:561: alloc_fn: + Calling "malloc" which returns uninitialized memory. + libX11-1.8.7/modules/im/ximcp/imDefLkup.c:561: assign: + Assigning: "preply" = "malloc((size_t)((len == 0) ? 1 : len))", + which points to uninitialized data. + libX11-1.8.7/modules/im/ximcp/imDefLkup.c:573: uninit_use: + Using uninitialized value "*((CARD8 *)preply)". + # 571| } + # 572| buf_s = (CARD16 *)((char *)preply + XIM_HEADER_SIZE); + # 573|-> if (*((CARD8 *)preply) == XIM_ERROR) { + # 574| _XimProcError(im, 0, (XPointer)&buf_s[3]); + # 575| if(reply != preply) + +Signed-off-by: José Expósito +Part-of: +--- + modules/im/ximcp/imDefLkup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c +index 2e53ab23..8ccaee26 100644 +--- a/modules/im/ximcp/imDefLkup.c ++++ b/modules/im/ximcp/imDefLkup.c +@@ -635,7 +635,7 @@ _XimTriggerNotify( + } else { + buf_size = len; + preply = Xmalloc(len); +- ret_code = _XimRead(im, &len, (XPointer)reply, buf_size, ++ ret_code = _XimRead(im, &len, preply, buf_size, + _XimTriggerNotifyCheck, (XPointer)ic); + if(ret_code != XIM_TRUE) { + Xfree(preply); +-- +2.45.2 + diff --git a/SOURCES/0001-Revert-Fix-XTS-regression-in-XCopyColormapAndFree.patch b/SOURCES/0001-Revert-Fix-XTS-regression-in-XCopyColormapAndFree.patch new file mode 100644 index 0000000..8e07803 --- /dev/null +++ b/SOURCES/0001-Revert-Fix-XTS-regression-in-XCopyColormapAndFree.patch @@ -0,0 +1,34 @@ +From 5dfedaf4aa1a032ea6cb4e871abd2e065f798129 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Thu, 6 Jun 2024 16:25:26 +0200 +Subject: [PATCH 1/3] Revert "Fix XTS regression in XCopyColormapAndFree" + +This change was to fix the next change that we are to revert as well. + +This reverts commit 68c72a7341b114277ab232f2499ee3bd035af8a0. + +Reviewed-by: Adam Jackson +Part-of: +--- + src/CopyCmap.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/CopyCmap.c b/src/CopyCmap.c +index b37aba73..b4954b01 100644 +--- a/src/CopyCmap.c ++++ b/src/CopyCmap.c +@@ -53,11 +53,6 @@ Colormap XCopyColormapAndFree( + mid = req->mid = XAllocID(dpy); + req->srcCmap = src_cmap; + +- /* re-lock the display to keep XID handling in sync */ +- UnlockDisplay(dpy); +- SyncHandle(); +- LockDisplay(dpy); +- + #if XCMS + _XcmsCopyCmapRecAndFree(dpy, src_cmap, mid); + #endif +-- +2.45.2 + diff --git a/SOURCES/0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch b/SOURCES/0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch new file mode 100644 index 0000000..bbb797e --- /dev/null +++ b/SOURCES/0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch @@ -0,0 +1,49 @@ +From eaad761e24722b1743d3edee3383294bfb4947d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 16:41:40 +0200 +Subject: [PATCH 2/6] Fix use of uninitialized variable in _XimExtension +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`_XimRead()` is being called with `reply` as target buffer instead of +using `preply`, accessing uninitialized memory a few lines later. + +This error has been found by a static analysis tool. This is the report: + + Error: UNINIT (CWE-457): + libX11-1.8.7/modules/im/ximcp/imExten.c:468: alloc_fn: + Calling "malloc" which returns uninitialized memory. + libX11-1.8.7/modules/im/ximcp/imExten.c:468: assign: + Assigning: "preply" = "malloc((size_t)((buf_size == 0) ? 1 : buf_size))", + which points to uninitialized data. + libX11-1.8.7/modules/im/ximcp/imExten.c:479: uninit_use: + Using uninitialized value "*((CARD8 *)preply)". + # 477| return False; + # 478| buf_s = (CARD16 *)((char *)preply + XIM_HEADER_SIZE); + # 479|-> if (*((CARD8 *)preply) == XIM_ERROR) { + # 480| _XimProcError(im, 0, (XPointer)&buf_s[3]); + # 481| if(reply != preply) + +Signed-off-by: José Expósito +Part-of: +--- + modules/im/ximcp/imExten.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/im/ximcp/imExten.c b/modules/im/ximcp/imExten.c +index c2e48a89..a25f00d0 100644 +--- a/modules/im/ximcp/imExten.c ++++ b/modules/im/ximcp/imExten.c +@@ -466,7 +466,7 @@ _XimExtension( + } else { + buf_size = len; + preply = Xmalloc(buf_size); +- ret_code = _XimRead(im, &len, reply, buf_size, ++ ret_code = _XimRead(im, &len, preply, buf_size, + _XimQueryExtensionCheck, 0); + if(ret_code != XIM_TRUE) { + Xfree(preply); +-- +2.45.2 + diff --git a/SOURCES/0002-Revert-Protect-colormap-add-removal-with-display-loc.patch b/SOURCES/0002-Revert-Protect-colormap-add-removal-with-display-loc.patch new file mode 100644 index 0000000..539b98f --- /dev/null +++ b/SOURCES/0002-Revert-Protect-colormap-add-removal-with-display-loc.patch @@ -0,0 +1,92 @@ +From 739fce4c12c7aa39112353d80c8a3bf25bdd5274 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 7 Jun 2024 09:07:39 +0200 +Subject: [PATCH 2/3] Revert "Protect colormap add/removal with display lock" + +That commit 99a2cf1aa was moving the calls to the _Xcms*CmapRec*() +family of functions within a display lock to make the XCMS colormap +functions thread safe. + +Unfortunately, that causes a deadlock in XCopyColormapAndFree(), because +_XcmsCopyCmapRecAndFree() calls CmapRecForColormap() which calls +XGetVisualInfo() which also tries to acquire the display lock. + +So, instead of moving the entire functions within the display lock, +let's try to make the functions themselves thread safe in the following +commit, and revert this change which causes a deadlock. + +This reverts commit 99a2cf1aa0b58391078d5d3edf0a7dab18c7745d. + +Fixes: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/215 +See-also: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/94 +Reviewed-by: Adam Jackson +Part-of: +--- + src/CopyCmap.c | 6 +++--- + src/CrCmap.c | 6 +++--- + src/FreeCmap.c | 6 +++--- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/CopyCmap.c b/src/CopyCmap.c +index b4954b01..5444550c 100644 +--- a/src/CopyCmap.c ++++ b/src/CopyCmap.c +@@ -53,12 +53,12 @@ Colormap XCopyColormapAndFree( + mid = req->mid = XAllocID(dpy); + req->srcCmap = src_cmap; + ++ UnlockDisplay(dpy); ++ SyncHandle(); ++ + #if XCMS + _XcmsCopyCmapRecAndFree(dpy, src_cmap, mid); + #endif + +- UnlockDisplay(dpy); +- SyncHandle(); +- + return(mid); + } +diff --git a/src/CrCmap.c b/src/CrCmap.c +index 1b18a15b..9904c7dd 100644 +--- a/src/CrCmap.c ++++ b/src/CrCmap.c +@@ -48,12 +48,12 @@ Colormap XCreateColormap( + if (visual == CopyFromParent) req->visual = CopyFromParent; + else req->visual = visual->visualid; + ++ UnlockDisplay(dpy); ++ SyncHandle(); ++ + #ifdef XCMS + _XcmsAddCmapRec(dpy, mid, w, visual); + #endif + +- UnlockDisplay(dpy); +- SyncHandle(); +- + return(mid); + } +diff --git a/src/FreeCmap.c b/src/FreeCmap.c +index 68496dd8..e2b76fa6 100644 +--- a/src/FreeCmap.c ++++ b/src/FreeCmap.c +@@ -41,12 +41,12 @@ XFreeColormap( + LockDisplay(dpy); + GetResReq(FreeColormap, cmap, req); + ++ UnlockDisplay(dpy); ++ SyncHandle(); ++ + #ifdef XCMS + _XcmsDeleteCmapRec(dpy, cmap); + #endif + +- UnlockDisplay(dpy); +- SyncHandle(); +- + return 1; + } +-- +2.45.2 + diff --git a/SOURCES/0003-Fix-use-of-uninitialized-variable-in-_XimEncodeICATT.patch b/SOURCES/0003-Fix-use-of-uninitialized-variable-in-_XimEncodeICATT.patch new file mode 100644 index 0000000..0b5d749 --- /dev/null +++ b/SOURCES/0003-Fix-use-of-uninitialized-variable-in-_XimEncodeICATT.patch @@ -0,0 +1,47 @@ +From 836a8f2cf5e930c8a56b512273fdf9890282ba04 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 16:49:26 +0200 +Subject: [PATCH 3/6] Fix use of uninitialized variable in + _XimEncodeICATTRIBUTE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the `res->resource_size == XimType_NEST` code path, if +`res->xrm_name != pre_quark` and `res->xrm_name != sts_quark`, `len` can +be used uninitialized. + +This error has been found by a static analysis tool. This is the report: + + Error: UNINIT (CWE-457): + libX11-1.8.7/modules/im/ximcp/imRmAttr.c:1106: var_decl: + Declaring variable "len" without initializer. + libX11-1.8.7/modules/im/ximcp/imRmAttr.c:1179: uninit_use: + Using uninitialized value "len". + # 1177| } + # 1178| + # 1179|-> if (len == 0) { + # 1180| continue; + # 1181| } else if (len < 0) { + +Signed-off-by: José Expósito +Part-of: +--- + modules/im/ximcp/imRmAttr.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c +index 709e64ab..c56bd62e 100644 +--- a/modules/im/ximcp/imRmAttr.c ++++ b/modules/im/ximcp/imRmAttr.c +@@ -1115,6 +1115,7 @@ _XimEncodeICATTRIBUTE( + + *ret_len = 0; + for (p = arg; p && p->name; p++) { ++ len = 0; + buf_s = (CARD16 *)buf; + if (!(res = _XimGetResourceListRec(res_list, res_num, p->name))) { + if (_XimSetInnerICAttributes(ic, top, p, mode)) +-- +2.45.2 + diff --git a/SOURCES/0003-Make-colormap-private-interfaces-thread-safe.patch b/SOURCES/0003-Make-colormap-private-interfaces-thread-safe.patch new file mode 100644 index 0000000..9166a74 --- /dev/null +++ b/SOURCES/0003-Make-colormap-private-interfaces-thread-safe.patch @@ -0,0 +1,92 @@ +From 1472048b7a02d1b7fc25cfeda761db23fba21eac Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 7 Jun 2024 09:05:55 +0200 +Subject: [PATCH 3/3] Make colormap private interfaces thread safe. + +Protect access to the dpy structure by a display lock, so that these can +be called outside of a global display lock. + +That allows the XCMS colormap functions to be thread safe without having +the whole functions within a display lock, to avoid deadlocks. + +Signed-off-by: Olivier Fourdan +See-also: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/215 +See-also: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/94 +Reviewed-by: Adam Jackson +Part-of: +--- + src/xcms/cmsCmap.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/xcms/cmsCmap.c b/src/xcms/cmsCmap.c +index c7087ecb..4b229477 100644 +--- a/src/xcms/cmsCmap.c ++++ b/src/xcms/cmsCmap.c +@@ -87,12 +87,17 @@ CmapRecForColormap( + _XAsyncHandler async; + _XAsyncErrorState async_state; + ++ LockDisplay(dpy); + for (pRec = (XcmsCmapRec *)dpy->cms.clientCmaps; pRec != NULL; + pRec = pRec->pNext) { + if (pRec->cmapID == cmap) { ++ UnlockDisplay(dpy); ++ SyncHandle(); + return(pRec); + } + } ++ UnlockDisplay(dpy); ++ SyncHandle(); + + /* + * Can't find an XcmsCmapRec associated with cmap in our records. +@@ -258,9 +263,12 @@ _XcmsAddCmapRec( + pNew->dpy = dpy; + pNew->windowID = windowID; + pNew->visual = visual; ++ LockDisplay(dpy); + pNew->pNext = (XcmsCmapRec *)dpy->cms.clientCmaps; + dpy->cms.clientCmaps = (XPointer)pNew; + dpy->free_funcs->clientCmaps = _XcmsFreeClientCmaps; ++ UnlockDisplay(dpy); ++ SyncHandle(); + + /* + * Note, we don't create the XcmsCCC for pNew->ccc here because +@@ -342,6 +350,7 @@ _XcmsDeleteCmapRec( + } + + /* search for it in the list */ ++ LockDisplay(dpy); + pPrevPtr = (XcmsCmapRec **)&dpy->cms.clientCmaps; + while ((pRec = *pPrevPtr) && (pRec->cmapID != cmap)) { + pPrevPtr = &pRec->pNext; +@@ -354,6 +363,8 @@ _XcmsDeleteCmapRec( + *pPrevPtr = pRec->pNext; + Xfree(pRec); + } ++ UnlockDisplay(dpy); ++ SyncHandle(); + } + + +@@ -378,6 +389,7 @@ _XcmsFreeClientCmaps( + { + XcmsCmapRec *pRecNext, *pRecFree; + ++ LockDisplay(dpy); + pRecNext = (XcmsCmapRec *)dpy->cms.clientCmaps; + while (pRecNext != NULL) { + pRecFree = pRecNext; +@@ -390,6 +402,8 @@ _XcmsFreeClientCmaps( + Xfree(pRecFree); + } + dpy->cms.clientCmaps = (XPointer)NULL; ++ UnlockDisplay(dpy); ++ SyncHandle(); + } + + +-- +2.45.2 + diff --git a/SOURCES/0004-XKBMAlloc-Check-that-needed-is-0-in-XkbResizeKeyActi.patch b/SOURCES/0004-XKBMAlloc-Check-that-needed-is-0-in-XkbResizeKeyActi.patch new file mode 100644 index 0000000..0a3d9fe --- /dev/null +++ b/SOURCES/0004-XKBMAlloc-Check-that-needed-is-0-in-XkbResizeKeyActi.patch @@ -0,0 +1,62 @@ +From af1312d2873d2ce49b18708a5029895aed477392 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 17:37:39 +0200 +Subject: [PATCH 4/6] XKBMAlloc: Check that needed is >= 0 in + XkbResizeKeyActions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Passing a negative value in `needed` to the `XkbResizeKeyActions()` +function can create a `newActs` array of an unespected size. +Check the value and return if it is invalid. + +This error has been found by a static analysis tool. This is the report: + + Error: OVERRUN (CWE-119): + libX11-1.8.7/src/xkb/XKBMAlloc.c:811: cond_const: + Checking "xkb->server->size_acts == 0" implies that + "xkb->server->size_acts" is 0 on the true branch. + libX11-1.8.7/src/xkb/XKBMAlloc.c:811: buffer_alloc: + "calloc" allocates 8 bytes dictated by parameters + "(size_t)((xkb->server->size_acts == 0) ? 1 : xkb->server->size_acts)" + and "8UL". + libX11-1.8.7/src/xkb/XKBMAlloc.c:811: var_assign: + Assigning: "newActs" = "calloc((size_t)((xkb->server->size_acts == 0) ? 1 : xkb->server->size_acts), 8UL)". + libX11-1.8.7/src/xkb/XKBMAlloc.c:815: assignment: + Assigning: "nActs" = "1". + libX11-1.8.7/src/xkb/XKBMAlloc.c:829: cond_at_least: + Checking "nCopy > 0" implies that "nCopy" is at least 1 on the + true branch. + libX11-1.8.7/src/xkb/XKBMAlloc.c:830: overrun-buffer-arg: + Overrunning buffer pointed to by "&newActs[nActs]" of 8 bytes by + passing it to a function which accesses it at byte offset 15 + using argument "nCopy * 8UL" (which evaluates to 8). + # 828| + # 829| if (nCopy > 0) + # 830|-> memcpy(&newActs[nActs], XkbKeyActionsPtr(xkb, i), + # 831| nCopy * sizeof(XkbAction)); + # 832| if (nCopy < nKeyActs) + +Signed-off-by: José Expósito +Part-of: +--- + src/xkb/XKBMAlloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/xkb/XKBMAlloc.c b/src/xkb/XKBMAlloc.c +index 8b3be303..0563a688 100644 +--- a/src/xkb/XKBMAlloc.c ++++ b/src/xkb/XKBMAlloc.c +@@ -795,7 +795,7 @@ XkbResizeKeyActions(XkbDescPtr xkb, int key, int needed) + register int i, nActs; + XkbAction *newActs; + +- if (needed == 0) { ++ if (needed <= 0) { + xkb->server->key_acts[key] = 0; + return NULL; + } +-- +2.45.2 + diff --git a/SOURCES/0005-Fix-memory-leak-in-_XimProtoSetIMValues.patch b/SOURCES/0005-Fix-memory-leak-in-_XimProtoSetIMValues.patch new file mode 100644 index 0000000..06cc018 --- /dev/null +++ b/SOURCES/0005-Fix-memory-leak-in-_XimProtoSetIMValues.patch @@ -0,0 +1,64 @@ +From f67a87dad40141f50f4da35b28a92a974bfdf7e1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 18:04:35 +0200 +Subject: [PATCH 5/6] Fix memory leak in _XimProtoSetIMValues +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This error has been found by a static analysis tool. This is the report: + + Error: RESOURCE_LEAK (CWE-772): + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1316: alloc_fn: + Storage is returned from allocation function "calloc". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1316: var_assign: + Assigning: "tmp" = storage returned from + "calloc((size_t)((buf_size + data_len == 0) ? 1 : (buf_size + data_len)), 1UL)". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1319: noescape: + Resource "tmp" is not freed or pointed-to in "memcpy". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1320: var_assign: + Assigning: "buf" = "tmp". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1302: var_assign: + Assigning: "data" = "buf". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1303: noescape: + Resource "data" is not freed or pointed-to in + "_XimEncodeIMATTRIBUTE". + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage: + Variable "data" going out of scope leaks the storage it points to. + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage: + Variable "buf" going out of scope leaks the storage it points to. + libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage: + Variable "tmp" going out of scope leaks the storage it points to. + # 1331| + # 1332| if (!total) + # 1333|-> return (char *)NULL; + # 1334| + # 1335| buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE]; + +Signed-off-by: José Expósito +Part-of: +--- + modules/im/ximcp/imDefIm.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/modules/im/ximcp/imDefIm.c b/modules/im/ximcp/imDefIm.c +index a12d2970..e3075398 100644 +--- a/modules/im/ximcp/imDefIm.c ++++ b/modules/im/ximcp/imDefIm.c +@@ -1327,8 +1327,11 @@ _XimProtoSetIMValues( + } + _XimSetCurrentIMValues(im, &im_values); + +- if (!total) +- return (char *)NULL; ++ if (!total) { ++ if (buf != tmp_buf) ++ Xfree(buf); ++ return (char *)NULL; ++ } + + buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE]; + buf_s[0] = im->private.proto.imid; +-- +2.45.2 + diff --git a/SOURCES/0006-Fix-buffer-overrun-in-parse_omit_name.patch b/SOURCES/0006-Fix-buffer-overrun-in-parse_omit_name.patch new file mode 100644 index 0000000..caeaccc --- /dev/null +++ b/SOURCES/0006-Fix-buffer-overrun-in-parse_omit_name.patch @@ -0,0 +1,57 @@ +From 97fb5bda3d0777380cd4b964f48771a82ef3f2a7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= +Date: Tue, 30 Apr 2024 18:21:08 +0200 +Subject: [PATCH 6/6] Fix buffer overrun in parse_omit_name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When `num_fields == 12`, if the last character of the pattern is '-', +the `buf` array is overrun. + +This error has been found by a static analysis tool. This is the report: + + Error: OVERRUN (CWE-119): + libX11-1.8.7/modules/om/generic/omGeneric.c:691: cond_at_most: + Checking "length > 255" implies that "length" may be up to 255 on + the false branch. + libX11-1.8.7/modules/om/generic/omGeneric.c:695: alias: + Assigning: "last" = "buf + length - 1". "last" may now point to as + high as byte 254 of "buf" (which consists of 256 bytes). + libX11-1.8.7/modules/om/generic/omGeneric.c:718: ptr_incr: + Incrementing "last". "last" may now point to as high as byte 255 + of "buf" (which consists of 256 bytes). + libX11-1.8.7/modules/om/generic/omGeneric.c:720: ptr_incr: + Incrementing "last". "last" may now point to as high as byte 256 + of "buf" (which consists of 256 bytes). + libX11-1.8.7/modules/om/generic/omGeneric.c:720: overrun-local: + Overrunning array of 256 bytes at byte offset 256 by + dereferencing pointer "++last". + # 718| *++last = '*'; + # 719| + # 720|-> *++last = '-'; + # 721| break; + # 722| case 13: + +Signed-off-by: José Expósito +Part-of: +--- + modules/om/generic/omGeneric.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c +index 406cec93..370072f3 100644 +--- a/modules/om/generic/omGeneric.c ++++ b/modules/om/generic/omGeneric.c +@@ -688,7 +688,7 @@ parse_omit_name( + + length = strlen (pattern); + +- if (length > XLFD_MAX_LEN) ++ if (length > XLFD_MAX_LEN - 1) + return -1; + + strcpy(buf, pattern); +-- +2.45.2 + diff --git a/SOURCES/dont-forward-keycode-0.patch b/SOURCES/dont-forward-keycode-0.patch new file mode 100644 index 0000000..c16d874 --- /dev/null +++ b/SOURCES/dont-forward-keycode-0.patch @@ -0,0 +1,53 @@ +diff -up libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx libX11-1.6.3/modules/im/ximcp/imDefFlt.c +--- libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx 2015-03-09 18:28:45.000000000 -0400 ++++ libX11-1.6.3/modules/im/ximcp/imDefFlt.c 2015-03-10 12:32:31.912149644 -0400 +@@ -142,7 +142,7 @@ _XimProtoKeypressFilter( + { + Xim im = (Xim)ic->core.im; + +- if (IS_FABRICATED(im)) { ++ if ((ev->keycode == 0) || IS_FABRICATED(im)) { + _XimPendingFilter(ic); + UNMARK_FABRICATED(im); + return NOTFILTERD; +diff -up libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx libX11-1.6.3/modules/im/ximcp/imDefLkup.c +--- libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx 2015-03-09 18:28:45.000000000 -0400 ++++ libX11-1.6.3/modules/im/ximcp/imDefLkup.c 2015-03-10 12:32:31.911149637 -0400 +@@ -332,6 +332,17 @@ _XimForwardEvent( + XEvent *ev, + Bool sync) + { ++ /* ++ * Don't forward a key event which has keycode=0. ++ * keycode=0 is reserved for special purpose to let Xmb/wcLookupString() ++ * functions know that there is a commited string available from IM. ++ */ ++ if (((ev->type == KeyPress) || (ev->type == KeyRelease))) { ++ if (((XKeyEvent *)ev)->keycode == 0) { ++ return True; ++ } ++ } ++ + #ifdef EXT_FORWARD + if (((ev->type == KeyPress) || (ev->type == KeyRelease))) + if (_XimExtForwardKeyEvent(ic, (XKeyEvent *)ev, sync)) +@@ -604,6 +615,19 @@ _XimUnregCommitInfo( + Xfree(info->keysym); + ic->private.proto.commit_info = info->next; + Xfree(info); ++ ++ /* ++ * "Commit" uses fabricated flag to process a commited string ++ * from IM engine. ++ * Turn off the fabricated flag here (unregister the commited ++ * information function). Otherwise, next regular key press ++ * event will be ignored at _XimProtoKeypressFilter() and it ++ * will not be passed to IM engine. ++ */ ++ if (IS_FABRICATED(ic)) { ++ UNMARK_FABRICATED(ic); ++ } ++ + return; + } + diff --git a/SPECS/libX11.spec b/SPECS/libX11.spec new file mode 100644 index 0000000..b6af654 --- /dev/null +++ b/SPECS/libX11.spec @@ -0,0 +1,365 @@ +%global tarball libX11 +#global gitdate 20130524 +#global gitversion a3bdd2b09 + +Summary: Core X11 protocol client library +Name: libX11 +Version: 1.8.7 +Release: 7%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} +License: MIT AND X11 +URL: http://www.x.org + +%if 0%{?gitdate} +Source0: %{tarball}-%{gitdate}.tar.bz2 +Source1: make-git-snapshot.sh +Source2: commitid +%else +Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz +%endif + + +Patch02: dont-forward-keycode-0.patch + +# https://issues.redhat.com/browse/RHEL-40132 +Patch03: 0001-Revert-Fix-XTS-regression-in-XCopyColormapAndFree.patch +Patch04: 0002-Revert-Protect-colormap-add-removal-with-display-loc.patch +Patch05: 0003-Make-colormap-private-interfaces-thread-safe.patch + +# https://issues.redhat.com/browse/RHEL-34918 +Patch06: 0001-Fix-use-of-uninitialized-variable-in-_XimTriggerNoti.patch +Patch07: 0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch +Patch08: 0003-Fix-use-of-uninitialized-variable-in-_XimEncodeICATT.patch +Patch09: 0004-XKBMAlloc-Check-that-needed-is-0-in-XkbResizeKeyActi.patch +Patch10: 0005-Fix-memory-leak-in-_XimProtoSetIMValues.patch +Patch11: 0006-Fix-buffer-overrun-in-parse_omit_name.patch + +# https://issues.redhat.com/browse/RHEL-45855 +Patch12: 0001-Fix-deadlock-in-XRebindKeysym.patch + +BuildRequires: libtool +BuildRequires: make +BuildRequires: xorg-x11-util-macros >= 1.11 +BuildRequires: pkgconfig(xproto) >= 7.0.15 +BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4 +BuildRequires: libxcb-devel >= 1.2 +BuildRequires: pkgconfig(xau) pkgconfig(xdmcp) +BuildRequires: perl(Pod::Usage) + +Requires: %{name}-common >= %{version}-%{release} + +%description +Core X11 protocol client library. + +%package common +Summary: Common data for libX11 +BuildArch: noarch + +%description common +libX11 common data + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-xcb = %{version}-%{release} + +%description devel +X.Org X11 libX11 development package + +%package xcb +Summary: XCB interop for libX11 +Conflicts: %{name} < %{version}-%{release} + +%description xcb +libX11/libxcb interoperability library + +%prep +%autosetup -p1 -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}} + +%build +autoreconf -v --install --force +%configure --disable-silent-rules --disable-static + +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" + +# create/own compose cache dir +mkdir -p $RPM_BUILD_ROOT/var/cache/libX11/compose + +# We intentionally don't ship *.la files +find $RPM_BUILD_ROOT -type f -name '*.la' -delete + +# FIXME: Don't install Xcms.txt - find out why upstream still ships this. +find $RPM_BUILD_ROOT -name 'Xcms.txt' -delete + +# FIXME package these properly +rm -rf $RPM_BUILD_ROOT%{_docdir} + +%check +make %{?_smp_mflags} check + +%ldconfig_post +%ldconfig_postun + +%files +%{_libdir}/libX11.so.6 +%{_libdir}/libX11.so.6.4.0 + +%files xcb +%{_libdir}/libX11-xcb.so.1 +%{_libdir}/libX11-xcb.so.1.0.0 + +%files common +%doc AUTHORS COPYING README.md +%{_datadir}/X11/locale/ +%{_datadir}/X11/XErrorDB +%dir /var/cache/libX11 +%dir /var/cache/libX11/compose + +%files devel +%{_includedir}/X11/ImUtil.h +%{_includedir}/X11/XKBlib.h +%{_includedir}/X11/Xcms.h +%{_includedir}/X11/Xlib.h +%{_includedir}/X11/XlibConf.h +%{_includedir}/X11/Xlibint.h +%{_includedir}/X11/Xlib-xcb.h +%{_includedir}/X11/Xlocale.h +%{_includedir}/X11/Xregion.h +%{_includedir}/X11/Xresource.h +%{_includedir}/X11/Xutil.h +%{_includedir}/X11/cursorfont.h +%{_includedir}/X11/extensions/XKBgeom.h +%{_libdir}/libX11.so +%{_libdir}/libX11-xcb.so +%{_libdir}/pkgconfig/x11.pc +%{_libdir}/pkgconfig/x11-xcb.pc +%{_mandir}/man3/*.3* +%{_mandir}/man5/*.5* + +%changelog +* Tue Nov 26 2024 MSVSphere Packaging Team - 1.8.7-7 +- Rebuilt for MSVSphere 10 + +* Fri Jul 05 2024 José Expósito - 1.8.7-7 +- Fix deadlock in XRebindKeysym() + Resolves: https://issues.redhat.com/browse/RHEL-45855 + +* Mon Jun 24 2024 Troy Dawson - 1.8.7-6 +- Bump release for June 2024 mass rebuild + +* Thu Jun 20 2024 José Expósito - 1.8.7-5 +- Add gating.yaml + +* Thu Jun 20 2024 José Expósito - 1.8.7-4 +- Fix XTS test XCopyColormapAndFree/5 hangs + Resolves: https://issues.redhat.com/browse/RHEL-40132 +- Fix RHEL SAST Automation errors + Resolves: https://issues.redhat.com/browse/RHEL-34918 + +* Thu Jan 25 2024 Fedora Release Engineering - 1.8.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 1.8.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Oct 04 2023 Peter Hutterer - 1.8.7-1 +- libX11 1.8.7 + - CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() + - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in + PutSubImage() + - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to + a heap overflow + - CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() + - CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap + +* Thu Sep 07 2023 José Expósito - 1.8.6-3 +- SPDX Migration + +* Thu Jul 20 2023 Fedora Release Engineering - 1.8.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jun 16 2023 Peter Hutterer - 1.8.6-1 +- libX11 1.8.6 (CVE-2023-3138) + +* Mon Jun 05 2023 Peter Hutterer 1.8.5-1 +- libX11 1.8.5 + +* Wed Feb 08 2023 Peter Hutterer - 1.8.4-1 +- libX11 1.8.4 + +* Thu Jan 19 2023 Fedora Release Engineering - 1.8.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 16 2023 Peter Hutterer - 1.8.3-2 +- Fix XPutBackEvent() issues (#2161020) + +* Fri Jan 06 2023 Peter Hutterer - 1.8.3-1 +- libX11 1.8.3 + +* Thu Jul 21 2022 Fedora Release Engineering - 1.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jun 16 2022 Peter Hutterer - 1.8.1-1 +- libX11 1.8.1 + +* Mon Apr 04 2022 Peter Hutterer - 1.7.5-1 +- libX11 1.7.5 + +* Thu Mar 31 2022 Peter Hutterer - 1.7.4-1 +- libX11 1.7.4 + +* Thu Jan 20 2022 Fedora Release Engineering - 1.7.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Dec 10 2021 Peter Hutterer - 1.7.3.1-1 +- libX11 1.7.3.1 + +* Tue Dec 07 2021 Peter Hutterer - 1.7.3-1 +- libX11 1.7.3 +- manually add ax_gcc_builtin, it's missing from the tarball + +* Tue Jul 27 2021 Peter Hutterer - 1.7.2-3 +- Parse the new _EVDEVK symbols + +* Thu Jul 22 2021 Fedora Release Engineering - 1.7.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jun 09 2021 Peter Hutterer 1.7.2-1 +- libX11 1.7.2 + +* Tue May 18 2021 Adam Jackson - 1.7.1-1 +- libX11 1.7.1 (CVE-2021-31535) + +* Tue Jan 26 2021 Fedora Release Engineering - 1.7.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 01 2020 Peter Hutterer 1.7.0-2 +- libX11 1.7.0 (with the tarball this time) + +* Tue Dec 01 2020 Peter Hutterer 1.7.0-1 +- libX11 1.7.0 +- switch to using the autosetup rpm macro + +* Mon Nov 09 2020 Peter Hutterer 1.6.12-3 +- Fix a race-condition in poll_for_response (#1758384) + +* Thu Nov 5 11:12:56 AEST 2020 Peter Hutterer - 1.6.12-2 +- Add BuildRequires for make + +* Wed Aug 26 2020 Peter Hutterer 1.6.12-1 +- libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344) + +* Fri Jul 31 2020 Adam Jackson - 1.6.9-5 +- Fix server reply validation issue in XIM (CVE 2020-14344) + +* Tue Jul 28 2020 Fedora Release Engineering - 1.6.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 1.6.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Dec 11 2019 Peter Hutterer 1.6.9-2 +- handle ssharp in XConvertCase + +* Wed Oct 09 2019 Adam Jackson - 1.6.9-1 +- libX11 1.6.9 + +* Thu Jul 25 2019 Fedora Release Engineering - 1.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 20 2019 Peter Hutterer 1.6.8-2 +- rebuild to pick up the new xorgproto keysyms + +* Thu Jun 20 2019 Peter Hutterer 1.6.8-1 +- libX11 1.6.8 + +* Thu Mar 21 2019 Adam Jackson - 1.6.7-3 +- Rebuild for xtrans 1.4.0 + +* Fri Feb 01 2019 Fedora Release Engineering - 1.6.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Oct 09 2018 Adam Jackson - 1.6.7-1 +- libX11 1.6.7 + +* Tue Aug 21 2018 Adam Jackson - 1.6.6-1 +- libX11 1.6.6 + +* Fri Jul 13 2018 Fedora Release Engineering - 1.6.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 29 2018 Adam Jackson - 1.6.5-8 +- Use ldconfig scriptlet macros + +* Fri Mar 23 2018 Peter Hutterer 1.6.5-7 +- Fix FTBS caused by fake size in the XimCacheStruct (#1556616) + +* Wed Feb 07 2018 Fedora Release Engineering - 1.6.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Oct 17 2017 Peter Hutterer 1.6.5-5 +- run make check as part of the build (#1502658) + +* Tue Aug 01 2017 Adam Jackson - 1.6.5-4 +- Split libX11-xcb to its own subpackage. This doesn't have much effect at + the moment because x11-xcb.pc still lists both libX11 and libxcb in + Requires, but once that's fixed eg. libEGL should be able to be installed + without libX11. + +* Wed Jul 26 2017 Fedora Release Engineering - 1.6.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri May 12 2017 Hans de Goede - 1.6.5-2 +- Rebuild against new xproto to pick up support for new keysyms + +* Wed Apr 26 2017 Adam Jackson - 1.6.5-1 +- libX11 1.6.5 + +* Thu Feb 16 2017 Rex Dieter - 1.6.4-6 +- create/own /var/cache/libx11/compose (#962764) +- %%build: --disable-silent-rules + +* Fri Feb 10 2017 Fedora Release Engineering - 1.6.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 20 2017 Peter Hutterer 1.6.4-4 +- Actually apply the patch from 1.6.4-3 + +* Mon Jan 09 2017 Peter Hutterer 1.6.4-3 +- Fix a bug in the memory leak fix from 1.6.4-2 + +* Thu Jan 05 2017 Peter Hutterer 1.6.4-2 +- Plug a memory leak in XListFonts() + +* Wed Oct 05 2016 Adam Jackson - 1.6.4-1 +- libX11 1.6.4 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.6.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jan 28 2016 Peter Hutterer +- Remove unnecessary defattr + +* Wed Jun 17 2015 Fedora Release Engineering - 1.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Mar 10 2015 Adam Jackson 1.6.3-1 +- libX11 1.6.3 + +* Sun Aug 17 2014 Fedora Release Engineering - 1.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jun 30 2014 Adam Jackson 1.6.2-1 +- libX11 1.6.2 plus a fix for interleaved xcb/xlib usage +- Use >= for the -common Requires + +* Sat Jun 07 2014 Fedora Release Engineering - 1.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jul 30 2013 Peter Hutterer 1.6.1-1 +- libX11 1.6.1 + +* Tue Jun 04 2013 Peter Hutterer 1.6.0-1 +- libX11 1.6.0