pool/libX11
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-1.2
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

2 Commits
factory ... slfo-1.2

Author SHA256 Message Date
ZhaoQiang
2c679b8034 Update changelog: To record already fixed bugID for SLE. (bsc#1252250) 2025-11-30 23:42:13 +08:00
Adrian Schröter
970471e8bb Sync changes to SLFO-1.2 branch 2025-08-20 09:34:44 +02:00
6 changed files with 46 additions and 115 deletions
Expand all files Collapse all files

38
U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch Normal file
View File

@@ -0,0 +1,38 @@
From c5114475db18f29d639537d60e135bdfc11a5d3a Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 28 Nov 2024 14:09:04 +0100
Subject: [PATCH xserver] xkb: Fix buffer overflow in XkbChangeTypesOfKey()
If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
key syms to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value for nGroups,
this will cause a buffer overflow because the key actions are of the wrong
size.
To avoid the issue, make sure to resize both the key syms and key actions
when nGroups is 0.
CVE-2025-26597, ZDI-CAN-25683
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
src/xkb/XKBMisc.c | 1 +
1 file changed, 1 insertion(+)
Index: libX11-1.8.10/src/xkb/XKBMisc.c
===================================================================
--- libX11-1.8.10.orig/src/xkb/XKBMisc.c
+++ libX11-1.8.10/src/xkb/XKBMisc.c
@@ -694,6 +694,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
i = XkbSetNumGroups(i, 0);
xkb->map->key_sym_map[key].group_info = i;
XkbResizeKeySyms(xkb, key, 0);
+ XkbResizeKeyActions(xkb, key, 0);
return Success;
}

BIN
libX11-1.8.10.tar.xz LFS Normal file
View File

Binary file not shown.

BIN
libX11-1.8.12.tar.xz LFS
View File

Binary file not shown.

68
libX11-ignore-incompatible-XkbMapNotify.patch
View File

@@ -1,68 +0,0 @@
From 7f31a215ad23adf71d1ce604487ee1e0f5121cc9 Mon Sep 17 00:00:00 2001
From: Julian Orth <ju.orth@gmail.com>
Date: Fri, 24 Oct 2025 20:15:37 +0200
Subject: [PATCH] Ignore XkbMapNotify events that don't belong to the core
keyboard
Such events can contain values that are incompatible with the core
keyboard map.
Fixes a potentially fatal error when such values are later used in a
XkbGetMap request.
Signed-off-by: Julian Orth <ju.orth@gmail.com>
---
src/xkb/XKBBind.c | 2 ++
src/xkb/XKBUse.c | 16 ++++++++++------
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/xkb/XKBBind.c b/src/xkb/XKBBind.c
index 467e4198..5459e42d 100644
--- a/src/xkb/XKBBind.c
+++ b/src/xkb/XKBBind.c
@@ -369,6 +369,8 @@ XkbRefreshKeyboardMapping(register XkbMapNotifyEvent * event)
XkbMapChangesRec changes;
Status rtrn;
+ if (!xkbi->desc || xkbi->desc->device_spec != event->device)
+ return Success;
if (xkbi->flags & XkbMapPending)
changes = xkbi->changes;
else
diff --git a/src/xkb/XKBUse.c b/src/xkb/XKBUse.c
index ab5027b0..9a01a8fb 100644
--- a/src/xkb/XKBUse.c
+++ b/src/xkb/XKBUse.c
@@ -290,9 +290,11 @@ wire_to_event(Display *dpy, XEvent *re, xEvent *event)
mev->num_modmap_keys = mn->nModMapKeys;
mev->first_vmodmap_key = mn->firstVModMapKey;
mev->num_vmodmap_keys = mn->nVModMapKeys;
- XkbNoteMapChanges(&xkbi->changes, mev, XKB_XLIB_MAP_MASK);
- if (xkbi->changes.changed)
- xkbi->flags |= XkbMapPending;
+ if (xkbi->desc && xkbi->desc->device_spec == mn->deviceID) {
+ XkbNoteMapChanges(&xkbi->changes, mev, XKB_XLIB_MAP_MASK);
+ if (xkbi->changes.changed)
+ xkbi->flags |= XkbMapPending;
+ }
return True;
}
else if (mn->nKeySyms > 0) {
@@ -306,9 +308,11 @@ wire_to_event(Display *dpy, XEvent *re, xEvent *event)
ev->first_keycode = mn->firstKeySym;
ev->request = MappingKeyboard;
ev->count = mn->nKeySyms;
- _XkbNoteCoreMapChanges(&xkbi->changes, ev, XKB_XLIB_MAP_MASK);
- if (xkbi->changes.changed)
- xkbi->flags |= XkbMapPending;
+ if (xkbi->desc && xkbi->desc->device_spec == mn->deviceID) {
+ _XkbNoteCoreMapChanges(&xkbi->changes, ev, XKB_XLIB_MAP_MASK);
+ if (xkbi->changes.changed)
+ xkbi->flags |= XkbMapPending;
+ }
return True;
}
}
--
GitLab

40
libX11.changes
View File

@@ -1,48 +1,10 @@
-------------------------------------------------------------------
Fri Nov 28 08:52:07 UTC 2025 - Alynx Zhou <alynx.zhou@suse.com>
- Add libX11-ignore-incompatible-XkbMapNotify.patch: Fix
mutter-x11-frames crash caused by keyboard layout change
triggered by orca screen reader. (bsc#1253076)
-------------------------------------------------------------------
Sun Mar 9 03:23:20 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- Update to 1.8.12; this release includes:
* x11.pc: Add URL field (!280)
* xkb: Bring over fixes from Xserver to shared XKB source files (!279)
- supersedes U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
-------------------------------------------------------------------
Tue Feb 25 17:49:10 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
Sat Feb 22 13:11:58 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
-------------------------------------------------------------------
Mon Feb 3 09:09:16 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
- Update to 1.8.11; this release includes:
* Close xcb connection after freeing display structure to avoid XIO error
when running synchronized (!264)
* Don't allocate memory for a zero-sized list of directories when
`SetFontPath()` is called with `ndirs == 0` (!266)
* Fix `-Werror=array-bounds` build failures with gcc 14.2 when
`MALLOC_0_RETURNS_NULL` is defined (!267)
* Set `data` field to 0 when initializing new requests (!268)
* ximcp: don't leak window if `XGetAtomName()` fails (!269)
* ximcp: allow XNArea with OnTheSpot (!270)
* ximcp: hide internal functions added in 1.8.10 (!271)
* Handle `-Wextra-semi-stmt` warnings from clang (!272)
* xkb: avoid undefined behavior due to left shift overflow (#225, !273)
* Fix misuse of `UCSConvertCase()` in `XConvertCase()` (!274)
* drop `pthread-stubs` dependency on Dragonfly, FreeBSD, & NetBSD (!277)
Note that a bug in libXrender versions prior to December's 0.9.12 release
will cause them to fail to build with the XlibInt.h header from this release,
so packagers should be sure to update to libXrender 0.9.12 as well.
-------------------------------------------------------------------
Tue Jul 30 13:14:34 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>

9
libX11.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package libX11
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: libX11
Version: 1.8.12
Version: 1.8.10
Release: 0
Summary: Core X11 protocol client library
License: MIT
@@ -32,8 +32,7 @@ Patch1: p_xlib_skip_ext_env.diff
# PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data for more en locales
Patch2: en-locales.diff
Patch3: u_no-longer-crash-in-XVisualIDFromVisual.patch
# PATCH-FIX-UPSTREAM libX11-ignore-incompatible-XkbMapNotify.patch bsc#1253076 alynx.zhou@suse.com -- Fix mutter-x11-frames crash due to orca screen reader
Patch4: libX11-ignore-incompatible-XkbMapNotify.patch
Patch1237431: U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
BuildRequires: fdupes
BuildRequires: libtool
BuildRequires: pkgconfig
@@ -123,7 +122,7 @@ test -f nls/ja.S90/XLC_LOCALE.pre && exit 1
%patch -P 1
%patch -P 2
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 1237431 -p1
%build
%configure \