From 7c80b8710b17272c72acc117347e1cba8c8eaf5e23a2030a35081accea23e66b Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Sun, 16 Jul 2023 07:27:32 +0000
Subject: [PATCH] Accepting request 1098803 from home:dirkmueller:Factory

- update to 1.8.6:
  * InitExt.c: Add bounds checks for extension request,
    event, & error codes
  * Fixes CVE-2023-3138: X servers could return values from
    XQueryExtension that would cause Xlib to write entries
    out-of-bounds of the arrays to store them, though this
    would only overwrite other parts of the Display
    struct, not outside the bounds allocated for that
    structure.
- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/1098803
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=104
---
 ...unds-checks-for-extension-request-ev.patch | 108 ------------------
 libX11-1.8.5.tar.xz                           |   3 -
 libX11-1.8.6.tar.xz                           |   3 +
 libX11.changes                                |  14 +++
 libX11.spec                                   |   4 +-
 5 files changed, 18 insertions(+), 114 deletions(-)
 delete mode 100644 U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
 delete mode 100644 libX11-1.8.5.tar.xz
 create mode 100644 libX11-1.8.6.tar.xz

diff --git a/U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch b/U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
deleted file mode 100644
index d5d1f4d..0000000
--- a/U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 10 Jun 2023 16:30:07 -0700
-Subject: [PATCH libX11] InitExt.c: Add bounds checks for extension request,
- event, & error codes
-
-Fixes CVE-2023-3138: X servers could return values from XQueryExtension
-that would cause Xlib to write entries out-of-bounds of the arrays to
-store them, though this would only overwrite other parts of the Display
-struct, not outside the bounds allocated for that structure.
-
-Reported-by: Gregory James DUCK <gjduck@gmail.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/InitExt.c | 42 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 42 insertions(+)
-
-diff --git a/src/InitExt.c b/src/InitExt.c
-index 4de46f15..afc00a6b 100644
---- a/src/InitExt.c
-+++ b/src/InitExt.c
-@@ -33,6 +33,18 @@ from The Open Group.
- #include <X11/Xos.h>
- #include <stdio.h>
- 
-+/* The X11 protocol spec reserves events 64 through 127 for extensions */
-+#ifndef LastExtensionEvent
-+#define LastExtensionEvent 127
-+#endif
-+
-+/* The X11 protocol spec reserves requests 128 through 255 for extensions */
-+#ifndef LastExtensionRequest
-+#define FirstExtensionRequest 128
-+#define LastExtensionRequest 255
-+#endif
-+
-+
- /*
-  * This routine is used to link a extension in so it will be called
-  * at appropriate times.
-@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
- 	WireToEventType proc)	/* routine to call when converting event */
- {
- 	register WireToEventType oldproc;
-+	if (event_number < 0 ||
-+	    event_number > LastExtensionEvent) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
-+		    event_number);
-+	    return (WireToEventType)_XUnknownWireEvent;
-+	}
- 	if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
- 	LockDisplay (dpy);
- 	oldproc = dpy->event_vec[event_number];
-@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie(
-     )
- {
- 	WireToEventCookieType oldproc;
-+	if (extension < FirstExtensionRequest ||
-+	    extension > LastExtensionRequest) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
-+		    extension);
-+	    return (WireToEventCookieType)_XUnknownWireEventCookie;
-+	}
- 	if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie;
- 	LockDisplay (dpy);
- 	oldproc = dpy->generic_event_vec[extension & 0x7F];
-@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie(
-     )
- {
- 	CopyEventCookieType oldproc;
-+	if (extension < FirstExtensionRequest ||
-+	    extension > LastExtensionRequest) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
-+		    extension);
-+	    return (CopyEventCookieType)_XUnknownCopyEventCookie;
-+	}
- 	if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
- 	LockDisplay (dpy);
- 	oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
-@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
- 	EventToWireType proc)	/* routine to call when converting event */
- {
- 	register EventToWireType oldproc;
-+	if (event_number < 0 ||
-+	    event_number > LastExtensionEvent) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
-+		    event_number);
-+	    return (EventToWireType)_XUnknownNativeEvent;
-+	}
- 	if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
- 	LockDisplay (dpy);
- 	oldproc = dpy->wire_vec[event_number];
-@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
- 	WireToErrorType proc)	/* routine to call when converting error */
- {
- 	register WireToErrorType oldproc = NULL;
-+	if (error_number < 0 ||
-+	    error_number > LastExtensionError) {
-+	   fprintf(stderr, "Xlib: ignoring invalid extension error %d\n",
-+		    error_number);
-+	   return (WireToErrorType)_XDefaultWireError;
-+	}
- 	if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError;
- 	LockDisplay (dpy);
- 	if (!dpy->error_vec) {
--- 
-2.15.2
-
diff --git a/libX11-1.8.5.tar.xz b/libX11-1.8.5.tar.xz
deleted file mode 100644
index 9b1adf3..0000000
--- a/libX11-1.8.5.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e362c6f03c793171becd1ce2078c64789504c7d7ff48ee40a76ff76b59f6b561
-size 1811288
diff --git a/libX11-1.8.6.tar.xz b/libX11-1.8.6.tar.xz
new file mode 100644
index 0000000..4e9e523
--- /dev/null
+++ b/libX11-1.8.6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9
+size 1859460
diff --git a/libX11.changes b/libX11.changes
index 8f16276..4856030 100644
--- a/libX11.changes
+++ b/libX11.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Sat Jul 15 14:44:18 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.8.6:
+  * InitExt.c: Add bounds checks for extension request,
+    event, & error codes
+  * Fixes CVE-2023-3138: X servers could return values from
+    XQueryExtension that would cause Xlib to write entries
+    out-of-bounds of the arrays to store them, though this
+    would only overwrite other parts of the Display
+    struct, not outside the bounds allocated for that
+    structure.
+- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)
+
 -------------------------------------------------------------------
 Mon Jun 12 13:14:03 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
 
diff --git a/libX11.spec b/libX11.spec
index 6cfe70e..ea714a5 100644
--- a/libX11.spec
+++ b/libX11.spec
@@ -17,7 +17,7 @@
 
 
 Name:           libX11
-Version:        1.8.5
+Version:        1.8.6
 Release:        0
 Summary:        Core X11 protocol client library
 License:        MIT
@@ -32,7 +32,6 @@ Patch1:         p_xlib_skip_ext_env.diff
 # PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data for more en locales
 Patch2:         en-locales.diff
 Patch3:         u_no-longer-crash-in-XVisualIDFromVisual.patch
-Patch1212102:   U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
 BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -136,7 +135,6 @@ test -f nls/ja.S90/XLC_LOCALE.pre && exit 1
 %patch1
 %patch2
 %patch3 -p1
-%patch1212102 -p1
 
 %build
 %configure \