From 8dd4b1444270eb8747afb73ebcc4830a2dadbfdd4a568d1d7f7ff016b0f498e2 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Wed, 25 Jan 2023 15:59:41 +0000
Subject: [PATCH 1/3] Accepting request 1060712 from
 home:mgorse:branches:X11:XOrg

- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
  out-of-bounds read in EnqueueEvent.

OBS-URL: https://build.opensuse.org/request/show/1060712
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=847
---
 u_xorg-server-oob-read-enqueue-event.patch | 29 ++++++++++++++++++++++
 xorg-x11-server.changes                    |  6 +++++
 xorg-x11-server.spec                       |  6 ++---
 3 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 u_xorg-server-oob-read-enqueue-event.patch

diff --git a/u_xorg-server-oob-read-enqueue-event.patch b/u_xorg-server-oob-read-enqueue-event.patch
new file mode 100644
index 0000000..d56d0d8
--- /dev/null
+++ b/u_xorg-server-oob-read-enqueue-event.patch
@@ -0,0 +1,29 @@
+From 2ef5ef57bd37a8bec2ac454053b283c6f87c3b40 Mon Sep 17 00:00:00 2001
+From: Mike Gorse <mgorse@suse.com>
+Date: Wed, 25 Jan 2023 02:02:48 +0000
+Subject: [PATCH] dix: Use CopyPartialInternalEvent in EnqueueEvent
+
+The event might be a DeviceEvent allocated on the stack, in
+AccessXKeyboardEvent for instance. Fixes out-of-bounds read.
+
+Signed-off-by: Mike Gorse <mgorse@suse.com>
+---
+ dix/events.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dix/events.c b/dix/events.c
+index 782ed35dc..86f5357e8 100644
+--- a/dix/events.c
++++ b/dix/events.c
+@@ -1215,7 +1215,7 @@ EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
+     qe->pScreen = pSprite->hotPhys.pScreen;
+     qe->months = currentTime.months;
+     qe->event = (InternalEvent *) (qe + 1);
+-    memcpy(qe->event, event, eventlen);
++    CopyPartialInternalEvent(qe->event, (InternalEvent *)event);
+     xorg_list_append(&qe->next, &syncEvents.pending);
+ }
+ 
+-- 
+2.39.0
+
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 56be4e0..9147bbc 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan 25 03:15:56 UTC 2023 - Michael Gorse <mgorse@suse.com>
+
+- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
+  out-of-bounds read in EnqueueEvent.
+
 -------------------------------------------------------------------
 Mon Dec 19 19:54:11 UTC 2022 - dmueller@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index c904f6f..01c28bc 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package xorg-x11-server
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -207,9 +207,8 @@ Patch11:        n_xorg-wrapper-rename-Xorg.patch
 Patch12:        n_xorg-wrapper-anybody.patch
 Patch100:       u_01-Improved-ConfineToShape.patch
 Patch101:       u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
-# PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions
-
 Patch104:       u_xorg-server-xdmcp.patch
+Patch105:       u_xorg-server-oob-read-enqueue-event.patch
 
 Patch117:       xorg-x11-server-byte-order.patch
 
@@ -371,6 +370,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 %patch100 -p1
 #%patch101 -p1
 %patch104 -p1
+%patch105 -p1
 %patch117 -p1
 %patch160 -p1
 %patch208 -p1

From 07094f5b10a887753f348c064f2221499d6c9cd2a602d3ddca09910223660f5a Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Wed, 25 Jan 2023 16:03:15 +0000
Subject: [PATCH 2/3] - rename u_xorg-server-oob-read-enqueue-event.patch to  
 U_xorg-server-oob-read-enqueue-event.patch since it's already   upstream

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=848
---
 ...ent.patch => U_xorg-server-oob-read-enqueue-event.patch | 0
 xorg-x11-server.changes                                    | 7 +++++++
 2 files changed, 7 insertions(+)
 rename u_xorg-server-oob-read-enqueue-event.patch => U_xorg-server-oob-read-enqueue-event.patch (100%)

diff --git a/u_xorg-server-oob-read-enqueue-event.patch b/U_xorg-server-oob-read-enqueue-event.patch
similarity index 100%
rename from u_xorg-server-oob-read-enqueue-event.patch
rename to U_xorg-server-oob-read-enqueue-event.patch
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 9147bbc..19c7aa5 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jan 25 16:02:23 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
+
+- rename u_xorg-server-oob-read-enqueue-event.patch to 
+  U_xorg-server-oob-read-enqueue-event.patch since it's already
+  upstream
+
 -------------------------------------------------------------------
 Wed Jan 25 03:15:56 UTC 2023 - Michael Gorse <mgorse@suse.com>
 

From 130596bd3a2d45bc06374b21338e9e7f7454bfe4aea566149d663023ca7986d6 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Wed, 25 Jan 2023 16:04:47 +0000
Subject: [PATCH 3/3] fixed patch name in specfile

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=849
---
 xorg-x11-server.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 01c28bc..6e54b45 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -208,7 +208,7 @@ Patch12:        n_xorg-wrapper-anybody.patch
 Patch100:       u_01-Improved-ConfineToShape.patch
 Patch101:       u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
 Patch104:       u_xorg-server-xdmcp.patch
-Patch105:       u_xorg-server-oob-read-enqueue-event.patch
+Patch105:       U_xorg-server-oob-read-enqueue-event.patch
 
 Patch117:       xorg-x11-server-byte-order.patch