rpms
/
libX11
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:cs10
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9c
rpms:c9

No commits in common. 'cs10' and 'c9' have entirely different histories.
cs10 ... c9

7 changed files with 183 additions and 196 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/libX11-1.8.10.tar.xz
SOURCES/libX11-1.7.0.tar.bz2

2
.libX11.metadata
Unescape View File

@ -1 +1 @@
eb8261d11dd0113ee1699c51bad44da27689350a SOURCES/libX11-1.8.10.tar.xz
48fd27a11572a7d3c1014368e1dc9f40a7b23e7d SOURCES/libX11-1.7.0.tar.bz2

82
SOURCES/0001-Close-xcb-connection-after-freeing-display-structure.patch
Unescape View File

@ -1,82 +0,0 @@
From f3d6ebac35301d4ad068e307f0fbe6aa12ccbccb Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Fri, 9 Aug 2024 09:21:31 +0200
Subject: [PATCH libX11] Close xcb connection after freeing display structure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 1472048b7 to fix a colormap threading issue added a display
lock/unlock and a call to SyncHandle() to _XcmsFreeClientCmaps().
When running synchronized, that means calling XSync().
_XcmsFreeClientCmaps() is called from _XFreeDisplayStructure() via
XCloseDisplay() after the xcb connection is closed.
So when running synchronized, we may end up calling XSync() after the
xcb connection to the display is closed, which will generate a spurious
XIO error:
| #0 in _XDefaultIOError () at /lib64/libX11.so.6
| #1 in _XIOError () at /lib64/libX11.so.6
| #2 in _XReply () at /lib64/libX11.so.6
| #3 in XSync () at /lib64/libX11.so.6
| #4 in _XSyncFunction () at /lib64/libX11.so.6
| 8#5 in _XFreeDisplayStructure () at /lib64/libX11.so.6
| 8#6 in XCloseDisplay () at /lib64/libX11.so.6
To avoid that issue, closed the xcb connection to the display last.
v2: And same in OutOfMemory() as well (José Expósito)
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/264>
---
src/ClDisplay.c | 4 +++-
src/OpenDis.c | 7 +++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/ClDisplay.c b/src/ClDisplay.c
index aa904e51..31d3a841 100644
--- a/src/ClDisplay.c
+++ b/src/ClDisplay.c
@@ -47,6 +47,7 @@ XCloseDisplay (
{
register _XExtension *ext;
register int i;
+ xcb_connection_t *connection;
if (!(dpy->flags & XlibDisplayClosing))
{
@@ -68,7 +69,8 @@ XCloseDisplay (
if (X_DPY_GET_REQUEST(dpy) != X_DPY_GET_LAST_REQUEST_READ(dpy))
XSync(dpy, 1);
}
- xcb_disconnect(dpy->xcb->connection);
+ connection = dpy->xcb->connection;
_XFreeDisplayStructure (dpy);
+ xcb_disconnect(connection);
return 0;
}
diff --git a/src/OpenDis.c b/src/OpenDis.c
index 89a0ebdf..6cc43ba3 100644
--- a/src/OpenDis.c
+++ b/src/OpenDis.c
@@ -709,7 +709,10 @@ void _XFreeDisplayStructure(Display *dpy)
static void OutOfMemory(Display *dpy)
{
- if(dpy->xcb->connection)
- xcb_disconnect(dpy->xcb->connection);
+ xcb_connection_t *connection = dpy->xcb->connection;
+
_XFreeDisplayStructure (dpy);
+
+ if(connection)
+ xcb_disconnect(connection);
}
--
2.47.1

108
SOURCES/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
Unescape View File

@ -0,0 +1,108 @@
From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 10 Jun 2023 16:30:07 -0700
Subject: [PATCH libX11] InitExt.c: Add bounds checks for extension request,
event, & error codes
Fixes CVE-2023-3138: X servers could return values from XQueryExtension
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.
Reported-by: Gregory James DUCK <gjduck@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/InitExt.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/src/InitExt.c b/src/InitExt.c
index 4de46f15..afc00a6b 100644
--- a/src/InitExt.c
+++ b/src/InitExt.c
@@ -33,6 +33,18 @@ from The Open Group.
#include <X11/Xos.h>
#include <stdio.h>
+/* The X11 protocol spec reserves events 64 through 127 for extensions */
+#ifndef LastExtensionEvent
+#define LastExtensionEvent 127
+#endif
+
+/* The X11 protocol spec reserves requests 128 through 255 for extensions */
+#ifndef LastExtensionRequest
+#define FirstExtensionRequest 128
+#define LastExtensionRequest 255
+#endif
+
+
/*
* This routine is used to link a extension in so it will be called
* at appropriate times.
@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
WireToEventType proc) /* routine to call when converting event */
{
register WireToEventType oldproc;
+ if (event_number < 0 ||
+ event_number > LastExtensionEvent) {
+ fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
+ event_number);
+ return (WireToEventType)_XUnknownWireEvent;
+ }
if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
LockDisplay (dpy);
oldproc = dpy->event_vec[event_number];
@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie(
)
{
WireToEventCookieType oldproc;
+ if (extension < FirstExtensionRequest ||
+ extension > LastExtensionRequest) {
+ fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
+ extension);
+ return (WireToEventCookieType)_XUnknownWireEventCookie;
+ }
if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie;
LockDisplay (dpy);
oldproc = dpy->generic_event_vec[extension & 0x7F];
@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie(
)
{
CopyEventCookieType oldproc;
+ if (extension < FirstExtensionRequest ||
+ extension > LastExtensionRequest) {
+ fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
+ extension);
+ return (CopyEventCookieType)_XUnknownCopyEventCookie;
+ }
if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
LockDisplay (dpy);
oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
EventToWireType proc) /* routine to call when converting event */
{
register EventToWireType oldproc;
+ if (event_number < 0 ||
+ event_number > LastExtensionEvent) {
+ fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
+ event_number);
+ return (EventToWireType)_XUnknownNativeEvent;
+ }
if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
LockDisplay (dpy);
oldproc = dpy->wire_vec[event_number];
@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
WireToErrorType proc) /* routine to call when converting error */
{
register WireToErrorType oldproc = NULL;
+ if (error_number < 0 ||
+ error_number > LastExtensionError) {
+ fprintf(stderr, "Xlib: ignoring invalid extension error %d\n",
+ error_number);
+ return (WireToErrorType)_XDefaultWireError;
+ }
if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError;
LockDisplay (dpy);
if (!dpy->error_vec) {
--
2.41.0

43
SOURCES/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch
Unescape View File

@ -0,0 +1,43 @@
From e92efc63acd7b377faa9e534f4bf52aaa86be2a9 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 27 Jul 2021 11:46:19 +1000
Subject: [PATCH libX11] makekeys: handle the new _EVDEVK xorgproto symbols
These keys are all defined through a macro in the form:
#define XF86XK_BrightnessAuto _EVDEVK(0x0F4)
The _EVDEVK macro is simply an offset of 0x10081000.
Let's parse these lines correctly so those keysyms end up in our
hashtables.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
src/util/makekeys.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/util/makekeys.c b/src/util/makekeys.c
index e847ef4c..4896cc53 100644
--- a/src/util/makekeys.c
+++ b/src/util/makekeys.c
@@ -78,6 +78,18 @@ parse_line(const char *buf, char *key, KeySym *val, char *prefix)
return 1;
}
+ /* See if we can parse one of the _EVDEVK symbols */
+ i = sscanf(buf, "#define %127s _EVDEVK(0x%lx)", key, val);
+ if (i == 2 && (tmp = strstr(key, "XK_"))) {
+ memcpy(prefix, key, (size_t)(tmp - key));
+ prefix[tmp - key] = '\0';
+ tmp += 3;
+ memmove(key, tmp, strlen(tmp) + 1);
+
+ *val += 0x10081000;
+ return 1;
+ }
+
/* Now try to catch alias (XK_foo XK_bar) definitions, and resolve them
* immediately: if the target is in the form XF86XK_foo, we need to
* canonicalise this to XF86foo before we do the lookup. */
--
2.31.1

14
SOURCES/dont-forward-keycode-0.patch
Unescape View File

@ -1,19 +1,19 @@
diff -up libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx libX11-1.6.3/modules/im/ximcp/imDefFlt.c
--- libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx 2015-03-09 18:28:45.000000000 -0400
+++ libX11-1.6.3/modules/im/ximcp/imDefFlt.c 2015-03-10 12:32:31.912149644 -0400
@@ -143,7 +143,7 @@ _XimProtoKeypressFilter(
@@ -142,7 +142,7 @@ _XimProtoKeypressFilter(
{
Xim im = (Xim)ic->core.im;
- if (_XimIsFabricatedSerial(im, ev)) {
+ if ((ev->keycode == 0) || _XimIsFabricatedSerial(im, ev)) {
- if (IS_FABRICATED(im)) {
+ if ((ev->keycode == 0) || IS_FABRICATED(im)) {
_XimPendingFilter(ic);
_XimUnfabricateSerial(im, ic, ev);
UNMARK_FABRICATED(im);
return NOTFILTERD;
diff -up libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx libX11-1.6.3/modules/im/ximcp/imDefLkup.c
--- libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx 2015-03-09 18:28:45.000000000 -0400
+++ libX11-1.6.3/modules/im/ximcp/imDefLkup.c 2015-03-10 12:32:31.911149637 -0400
@@ -333,6 +333,17 @@ _XimForwardEvent(
@@ -332,6 +332,17 @@ _XimForwardEvent(
XEvent *ev,
Bool sync)
{
@ -31,8 +31,8 @@ diff -up libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx libX11-1.6.3/modules/im/xi
#ifdef EXT_FORWARD
if (((ev->type == KeyPress) || (ev->type == KeyRelease)))
if (_XimExtForwardKeyEvent(ic, (XKeyEvent *)ev, sync))
@@ -703,6 +714,19 @@ _XimUnregRealCommitInfo(
else
@@ -604,6 +615,19 @@ _XimUnregCommitInfo(
Xfree(info->keysym);
ic->private.proto.commit_info = info->next;
Xfree(info);
+

126
SPECS/libX11.spec
Unescape View File

@ -1,12 +1,12 @@
%global tarball libX11
#global gitdate 20130524
#global gitversion a3bdd2b09
%global gitversion a3bdd2b09
Summary: Core X11 protocol client library
Name: libX11
Version: 1.8.10
Release: 1%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
License: MIT AND X11
Version: 1.7.0
Release: 8%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
License: MIT
URL: http://www.x.org
%if 0%{?gitdate}
@ -14,15 +14,14 @@ Source0: %{tarball}-%{gitdate}.tar.bz2
Source1: make-git-snapshot.sh
Source2: commitid
%else
Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz
Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2
%endif
Patch2: dont-forward-keycode-0.patch
Patch3: 0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch
# CVE-2023-3138
Patch4: 0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
Patch02: dont-forward-keycode-0.patch
# https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/264
Patch03: 0001-Close-xcb-connection-after-freeing-display-structure.patch
BuildRequires: libtool
BuildRequires: make
BuildRequires: xorg-x11-util-macros >= 1.11
BuildRequires: pkgconfig(xproto) >= 7.0.15
@ -97,7 +96,7 @@ make %{?_smp_mflags} check
%{_libdir}/libX11-xcb.so.1.0.0
%files common
%doc AUTHORS COPYING README.md
%doc AUTHORS COPYING README.md NEWS
%{_datadir}/X11/locale/
%{_datadir}/X11/XErrorDB
%dir /var/cache/libX11
@ -125,103 +124,22 @@ make %{?_smp_mflags} check
%{_mandir}/man5/*.5*
%changelog
* Thu Dec 05 2024 Olivier Fourdan <ofourdan@redhat.com> - 1.8.10-1
- Rebase to 1.8.10
Resolves: https://issues.redhat.com/browse/RHEL-70185
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.8.7-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Jul 05 2024 José Expósito <jexposit@redhat.com> - 1.8.7-7
- Fix deadlock in XRebindKeysym()
Resolves: https://issues.redhat.com/browse/RHEL-45855
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.8.7-6
- Bump release for June 2024 mass rebuild
* Thu Jun 20 2024 José Expósito <jexposit@redhat.com> - 1.8.7-5
- Add gating.yaml
* Thu Jun 20 2024 José Expósito <jexposit@redhat.com> - 1.8.7-4
- Fix XTS test XCopyColormapAndFree/5 hangs
Resolves: https://issues.redhat.com/browse/RHEL-40132
- Fix RHEL SAST Automation errors
Resolves: https://issues.redhat.com/browse/RHEL-34918
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Oct 04 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.7-1
- libX11 1.8.7
- CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms()
- CVE-2023-43786 libX11: stack exhaustion from infinite recursion in
PutSubImage()
- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
a heap overflow
- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap
* Thu Sep 07 2023 José Expósito <jexposit@redhat.com> - 1.8.6-3
- SPDX Migration
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jun 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.6-1
- libX11 1.8.6 (CVE-2023-3138)
* Mon Jun 05 2023 Peter Hutterer <peter.hutterer@redhat.com> 1.8.5-1
- libX11 1.8.5
* Wed Feb 08 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.4-1
- libX11 1.8.4
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.3-2
- Fix XPutBackEvent() issues (#2161020)
* Fri Jan 06 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.3-1
- libX11 1.8.3
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 16 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.8.1-1
- libX11 1.8.1
* Mon Apr 04 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.5-1
- libX11 1.7.5
* Thu Mar 31 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.4-1
- libX11 1.7.4
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 10 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.3.1-1
- libX11 1.7.3.1
* Tue Dec 07 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.3-1
- libX11 1.7.3
- manually add ax_gcc_builtin, it's missing from the tarball
* Wed Jul 05 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.7.0-8
- CVE fix for: CVE-2023-3138
Resolve: rhbz#2213763
* Tue Jul 27 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.2-3
- Parse the new _EVDEVK symbols
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Aug 03 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.0-6
- Parse the EVDEVK keysyms (#1988944)
* Wed Jun 09 2021 Peter Hutterer <peter.hutterer@redhat.com> 1.7.2-1
- libX11 1.7.2
* Tue May 04 2021 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-5
- Rebuild to pick up the new xorgproto keysyms (#1954345)
* Tue May 18 2021 Adam Jackson <ajax@redhat.com> - 1.7.1-1
- libX11 1.7.1 (CVE-2021-31535)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save