Accepting request 1321970 from X11:XOrg

- This releases contains the fixes for the issues reported in
  today's security advisory:
  https://lists.x.org/archives/xorg-announce/2025-December/003644.html
  * CVE-2018-15863 (bsc#1105832)
  * CVE-2018-15861 (bsc#1105832)
  * CVE-2018-15859 (bsc#1105832)
  * CVE-2018-15853 (bsc#1105832)
  Note that the year is not a typo, these CVEs have been reported
  previously for libxkbcommon but the same code exists in xkbcomp
  and required the same fixes.
  As a new feature in this version: xkbcomp now supports the meson
  build system in addition to autotools. autotools support may be
  removed in a future version.
- switch to meson build

OBS-URL: https://build.opensuse.org/request/show/1321970
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xkbcomp?expand=0&rev=20

0001-xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch

@@ -1,44 +0,0 @@
-From fa10dbc2ca8bcb45bcecb433520de755e628ca91 Mon Sep 17 00:00:00 2001
-From: Daniel Stone <daniels@collabora.com>
-Date: Mon, 26 Jun 2017 17:12:29 +0100
-Subject: [PATCH 1/5] xkbcomp: Don't crash on no-op modmask expressions
-
-If we have an expression of the form 'l1' in an interp section, we
-unconditionally try to dereference its args, even if it has none.
-
-CVE-2018-15863
-
-Identical to libxkbcommon commit 96df3106d49438e442510c59acad306e94f3db4d
-https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
-
-Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
----
- compat.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/compat.c b/compat.c
-index 84dc061..3ab8bd5 100644
---- a/compat.c
-+++ b/compat.c
-@@ -307,6 +307,8 @@ ResolveStateAndPredicate(const ExprDef *expr,
-     {
-         char *pred_txt =
-             XkbAtomText(NULL, expr->value.action.name, XkbMessage);
-+        if (!pred_txt || !expr->value.action.args)
-+            goto leave;
-         if (uStrCaseCmp(pred_txt, "noneof") == 0)
-             *pred_rtrn = XkbSI_NoneOf;
-         else if (uStrCaseCmp(pred_txt, "anyofornone") == 0)
-@@ -319,7 +321,8 @@ ResolveStateAndPredicate(const ExprDef *expr,
-             *pred_rtrn = XkbSI_Exactly;
-         else
-         {
--            ERROR("Illegal modifier predicate \"%s\"\n", pred_txt);
-+leave:      ERROR("Illegal modifier predicate \"%s\"\n",
-+                  (pred_txt ? pred_txt : "(none)"));
-             ACTION("Ignored\n");
-             return False;
-         }
--- 
-2.51.0
-

0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch

@@ -1,37 +0,0 @@
-From c342635409cd687da0eda323ef4f165b11565052 Mon Sep 17 00:00:00 2001
-From: Daniel Stone <daniels@collabora.com>
-Date: Mon, 26 Jun 2017 17:21:45 +0100
-Subject: [PATCH 2/5] xkbcomp: Don't falsely promise from ExprResolveLhs
-
-Every user of ExprReturnLhs goes on to unconditionally dereference the
-field return, which can be NULL if xkb_intern_atom fails. Return false
-if this is the case, so we fail safely.
-
-Testcase: splice geometry data into interp
-
-CVE-2018-15861
-
-Identical to libxkbcommon commit 38e1766bc6e20108948aec8a0b222a4bad0254e9
-https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
-
-Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
----
- expr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expr.c b/expr.c
-index f31f412..3df9d8f 100644
---- a/expr.c
-+++ b/expr.c
-@@ -136,7 +136,7 @@ ExprResolveLhs(const ExprDef *expr, ExprResult *elem_rtrn,
-         elem_rtrn->str = NULL;
-         field_rtrn->str = XkbAtomGetString(NULL, expr->value.str);
-         *index_rtrn = NULL;
--        return True;
-+        return (field_rtrn->str != NULL);
-     case ExprFieldRef:
-         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
-         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);
--- 
-2.51.0
-

0003-Fail-expression-lookup-on-invalid-atoms.patch

@@ -1,42 +0,0 @@
-From 895e080b237e346a43a31edf9dee6143c2abf230 Mon Sep 17 00:00:00 2001
-From: Daniel Stone <daniels@collabora.com>
-Date: Mon, 30 Oct 2017 11:21:55 +0000
-Subject: [PATCH 3/5] Fail expression lookup on invalid atoms
-
-If we fail atom lookup, then we should not claim that we successfully
-looked up the expression.
-
-CVE-2018-15859
-
-Identical to libxkbcommon commit bb4909d2d8fa6b08155e449986a478101e2b2634
-https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
-
-Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
----
- expr.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/expr.c b/expr.c
-index 3df9d8f..27a71ee 100644
---- a/expr.c
-+++ b/expr.c
-@@ -141,11 +141,15 @@ ExprResolveLhs(const ExprDef *expr, ExprResult *elem_rtrn,
-         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
-         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);
-         *index_rtrn = NULL;
--        return True;
-+        return (elem_rtrn->str != NULL && field_rtrn->str != NULL);
-     case ExprArrayRef:
-         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.array.element);
-         field_rtrn->str = XkbAtomGetString(NULL, expr->value.array.field);
-         *index_rtrn = expr->value.array.entry;
-+        if (expr->value.array.element != None && elem_rtrn->str == NULL)
-+            return False;
-+        if (field_rtrn->str == NULL)
-+            return False;
-         return True;
-     }
-     WSGO("Unexpected operator %d in ResolveLhs\n", expr->op);
--- 
-2.51.0
-

0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch

@@ -1,41 +0,0 @@
-From da836764573298c53c625c6c237ab5211b2d3adf Mon Sep 17 00:00:00 2001
-From: Ran Benita <ran234@gmail.com>
-Date: Sat, 10 Mar 2018 23:10:47 +0200
-Subject: [PATCH 4/5] xkbcomp: fix stack overflow when evaluating boolean
- negation
-
-The expression evaluator would go into an infinite recursion when
-evaluating something like this as a boolean: `!True`. Instead of
-recursing to just `True` and negating, it recursed to `!True` itself
-again.
-
-Bug inherited from xkbcomp.
-
-Caught with the afl fuzzer.
-
-CVE-2018-15853
-
-Identical to libxkbcommon commit 1f9d1248c07cda8aaff762429c0dce146de8632a
-https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
-
-Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
----
- expr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expr.c b/expr.c
-index 27a71ee..f58cc7f 100644
---- a/expr.c
-+++ b/expr.c
-@@ -443,7 +443,7 @@ ExprResolveBoolean(const ExprDef *expr, ExprResult *val_rtrn,
-         return ok;
-     case OpInvert:
-     case OpNot:
--        ok = ExprResolveBoolean(expr, val_rtrn, lookup, lookupPriv);
-+        ok = ExprResolveBoolean(expr->value.child, val_rtrn, lookup, lookupPriv);
-         if (ok)
-             val_rtrn->uval = !val_rtrn->uval;
-         return ok;
--- 
-2.51.0
-

xkbcomp-1.5.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2ac31f26600776db6d9cd79b3fcd272263faebac7eb85fb2f33c7141b8486060
+size 247996

xkbcomp.changes

@@ -1,14 +1,20 @@
 -------------------------------------------------------------------
-Wed Dec 10 14:30:10 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
+Wed Dec 10 13:18:04 UTC 2025 - Stefan Dirsch <sndirsch@suse.com>
 
-- 0001-xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch
-  (CVE-2018-15863, bsc#1105832)
-- 0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch
-  (CVE-2018-15861, bsc#1105832)
-- 0003-Fail-expression-lookup-on-invalid-atoms.patch
-  (CVE-2018-15859, bsc#1105832)
-- 0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch
-  (CVE-2018-15853, bsc#1105832)
+- This releases contains the fixes for the issues reported in
+  today's security advisory:
+  https://lists.x.org/archives/xorg-announce/2025-December/003644.html
+  * CVE-2018-15863 (bsc#1105832)
+  * CVE-2018-15861 (bsc#1105832)
+  * CVE-2018-15859 (bsc#1105832)
+  * CVE-2018-15853 (bsc#1105832)
+  Note that the year is not a typo, these CVEs have been reported
+  previously for libxkbcommon but the same code exists in xkbcomp
+  and required the same fixes.
+  As a new feature in this version: xkbcomp now supports the meson
+  build system in addition to autotools. autotools support may be
+  removed in a future version.
+- switch to meson build
 
 -------------------------------------------------------------------
 Sun Feb  4 21:06:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>

xkbcomp.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package xkbcomp
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,18 +17,15 @@
 
 
 Name:           xkbcomp
-Version:        1.4.7
+Version:        1.5.0
 Release:        0
 Summary:        Utility to compile XKB keyboard description
 License:        MIT
 Group:          System/X11/Utilities
 URL:            https://xorg.freedesktop.org/
 Source0:        https://xorg.freedesktop.org/releases/individual/app/%{name}-%{version}.tar.xz
-Patch1:         0001-xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch
-Patch2:         0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch
-Patch3:         0003-Fail-expression-lookup-on-invalid-atoms.patch
-Patch4:         0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch
 BuildRequires:  bison
+BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(x11)
 BuildRequires:  pkgconfig(xkbfile)
@@ -54,11 +51,11 @@ into one of several output formats.
 %autosetup -p1
 
 %build
-%configure
-%make_build
+%meson
+%meson_build
 
 %install
-%make_install
+%meson_install
 
 %files
 %license COPYING