From 7dad0f4ee8aee3d517d3a05171842073eadcb32b48a5c706e81e13e69530f2e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Tue, 12 Nov 2024 12:21:10 +0100
Subject: [PATCH] Sync from SUSE:SLFO:Main xorg-x11-server revision
 dd06437cd4a91e3f334a9fde7b52e297

---
 ...-buffer-overflow-in-_XkbSetCompatMap.patch | 25 +++++++++++++++++++
 xorg-x11-server.changes                       |  7 ++++++
 xorg-x11-server.spec                          |  3 ++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch

diff --git a/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
new file mode 100644
index 0000000..dd93aec
--- /dev/null
+++ b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
@@ -0,0 +1,25 @@
+@@ -, +, @@ 
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+--- a/xkb/xkb.c	
++++ a/xkb/xkb.c	
+@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
++        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
++            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
++                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
++                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }
+-- 
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 64dfb62..9f7764b 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Oct 19 22:17:53 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+  * Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
+    (CVE-2024-9632, bsc#1231565)
+
 -------------------------------------------------------------------
 Wed Apr 10 14:09:31 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 045ec4b..3cb82f7 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -57,7 +57,7 @@ Source90:       xorg-x11-server.macros.in
 # Source91 and Source99 are used to ensure proper ABI provides.
 Source91:       xorg-server-provides
 Source92:       pre_checkin.sh
-
+Patch1231565:   U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
 BuildRequires:  bison
 BuildRequires:  flex
 BuildRequires:  libtool
@@ -409,6 +409,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 %patch1222311 -p1
 %patch1222312 -p1
 %patch1222442 -p1
+%patch1231565 -p1
 
 %build
 # We have some -z now related errors during X default startup (boo#1197994):