From c2484d7746db98ef84896c7bf7bee589ad549d8e82dbd787077b456129e44bfe Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Thu, 20 Oct 2022 12:00:58 +0000
Subject: [PATCH] - Update to version 22.1.4   * xwayland: Aggregate scroll
 axis events to fix kinetic scrolling   * Forbid server grabs by non-WM on
 *rootless* XWayland   * xkb: Avoid length-check failure on empty strings.   *
 ci: remove redundant slash in libxcvt repository url   * dix: Skip more code
 in SetRootClip for ROOT_CLIP_INPUT_ONLY   * dix: Fix overzealous caching of
 ResourceClientBits()   * xwayland: Prevent Xserver grabs with rootless   *
 xwayland: Delay wl_surface destruction   * build: Bump wayland requirement to
 1.18   * xwayland: set tag on our surfaces   * xwayland: Clear the
 "xwl-window" tag on unrealize   * xwayland: correct the type for the discrete
 scroll events   * xkb: fix some possible memleaks in XkbGetKbdByName   * xkb:
 length-check XkbGetKbdByName before accessing the fields   * xkb:
 length-check XkbListComponents before accessing the fields   * xkb: proof
 GetCountedString against request length attacks - supersedes security
 patches:   * U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch   *
 U_xkb-proof-GetCountedString-against-request-length-at.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=33
---
 ...possible-memleaks-in-XkbGetKbdByName.patch |  56 ------------------
 ...ntedString-against-request-length-at.patch |  31 ----------
 xwayland-22.1.3.tar.xz                        |   3 -
 xwayland-22.1.3.tar.xz.sig                    | Bin 95 -> 0 bytes
 xwayland-22.1.4.tar.xz                        |   3 +
 xwayland-22.1.4.tar.xz.sig                    | Bin 0 -> 95 bytes
 xwayland.changes                              |  24 ++++++++
 xwayland.spec                                 |   4 +-
 8 files changed, 28 insertions(+), 93 deletions(-)
 delete mode 100644 U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
 delete mode 100644 U_xkb-proof-GetCountedString-against-request-length-at.patch
 delete mode 100644 xwayland-22.1.3.tar.xz
 delete mode 100644 xwayland-22.1.3.tar.xz.sig
 create mode 100644 xwayland-22.1.4.tar.xz
 create mode 100644 xwayland-22.1.4.tar.xz.sig

diff --git a/U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
deleted file mode 100644
index ff7628f..0000000
--- a/U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Wed, 13 Jul 2022 11:23:09 +1000
-Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
-
-GetComponentByName returns an allocated string, so let's free that if we
-fail somewhere.
-
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
----
- xkb/xkb.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 6 deletions(-)
-
-Index: xwayland-22.1.3/xkb/xkb.c
-===================================================================
---- xwayland-22.1.3.orig/xkb/xkb.c
-+++ xwayland-22.1.3/xkb/xkb.c
-@@ -5941,18 +5941,32 @@ ProcXkbGetKbdByName(ClientPtr client)
-     xkb = dev->key->xkbInfo->desc;
-     status = Success;
-     str = (unsigned char *) &stuff[1];
--    if (GetComponentSpec(&str, TRUE, &status))  /* keymap, unsupported */
--        return BadMatch;
-+    {
-+        char *keymap = GetComponentSpec(&str, TRUE, &status);  /* keymap, unsupported */
-+        if (keymap) {
-+            free(keymap);
-+            return BadMatch;
-+        }
-+    }
-     names.keycodes = GetComponentSpec(&str, TRUE, &status);
-     names.types = GetComponentSpec(&str, TRUE, &status);
-     names.compat = GetComponentSpec(&str, TRUE, &status);
-     names.symbols = GetComponentSpec(&str, TRUE, &status);
-     names.geometry = GetComponentSpec(&str, TRUE, &status);
--    if (status != Success)
-+    if (status == Success) {
-+        len = str - ((unsigned char *) stuff);
-+        if ((XkbPaddedSize(len) / 4) != stuff->length)
-+            status = BadLength;
-+    }
-+
-+    if (status != Success) {
-+        free(names.keycodes);
-+        free(names.types);
-+        free(names.compat);
-+        free(names.symbols);
-+        free(names.geometry);
-         return status;
--    len = str - ((unsigned char *) stuff);
--    if ((XkbPaddedSize(len) / 4) != stuff->length)
--        return BadLength;
-+    }
- 
-     CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
-     CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
diff --git a/U_xkb-proof-GetCountedString-against-request-length-at.patch b/U_xkb-proof-GetCountedString-against-request-length-at.patch
deleted file mode 100644
index 5132891..0000000
--- a/U_xkb-proof-GetCountedString-against-request-length-at.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Tue, 5 Jul 2022 12:06:20 +1000
-Subject: [PATCH] xkb: proof GetCountedString against request length attacks
-
-GetCountedString did a check for the whole string to be within the
-request buffer but not for the initial 2 bytes that contain the length
-field. A swapped client could send a malformed request to trigger a
-swaps() on those bytes, writing into random memory.
-
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
----
- xkb/xkb.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-Index: xwayland-22.1.3/xkb/xkb.c
-===================================================================
---- xwayland-22.1.3.orig/xkb/xkb.c
-+++ xwayland-22.1.3/xkb/xkb.c
-@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, Cli
-     CARD16 len;
- 
-     wire = *wire_inout;
-+
-+    if (client->req_len <
-+        bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
-+        return BadValue;
-+
-     len = *(CARD16 *) wire;
-     if (client->swapped) {
-         swaps(&len);
diff --git a/xwayland-22.1.3.tar.xz b/xwayland-22.1.3.tar.xz
deleted file mode 100644
index 2db537b..0000000
--- a/xwayland-22.1.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5
-size 1272440
diff --git a/xwayland-22.1.3.tar.xz.sig b/xwayland-22.1.3.tar.xz.sig
deleted file mode 100644
index 5791647c7a294beedc16cf53f3e6e2b65e676660cabb6ddce3ed6e4746268ec8..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 95
zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4NlFrsgGH`JUz(h2w8Ro}K
vShh#@*o=!VAJp#c5Y0`rPO)ZUn5TE!&cx*D5$SB6DURuHIDDiu9G(II6viS{

diff --git a/xwayland-22.1.4.tar.xz b/xwayland-22.1.4.tar.xz
new file mode 100644
index 0000000..0248e85
--- /dev/null
+++ b/xwayland-22.1.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c39bdd77444c3fa7a0e2ef317ae69ddde89a901dc8914dbc8eac39a9313512a
+size 1273552
diff --git a/xwayland-22.1.4.tar.xz.sig b/xwayland-22.1.4.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..f286af555d69e077d033f0525a49dde29ae05b554af1afa6a212eddcedff7f96
GIT binary patch
literal 95
zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4Nk^_w-7`QkEU?K$_4D&Ru
vA3e5R;rYDo*-Y+SxBL!GsQA>(u;AOBH0hf+Sf59=o{Cc!=QUN$s`LT?BlIL0

literal 0
HcmV?d00001

diff --git a/xwayland.changes b/xwayland.changes
index 10ccae7..cf13145 100644
--- a/xwayland.changes
+++ b/xwayland.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Oct 20 11:50:17 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
+
+- Update to version 22.1.4
+  * xwayland: Aggregate scroll axis events to fix kinetic scrolling
+  * Forbid server grabs by non-WM on *rootless* XWayland
+  * xkb: Avoid length-check failure on empty strings.
+  * ci: remove redundant slash in libxcvt repository url
+  * dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY
+  * dix: Fix overzealous caching of ResourceClientBits()
+  * xwayland: Prevent Xserver grabs with rootless
+  * xwayland: Delay wl_surface destruction
+  * build: Bump wayland requirement to 1.18
+  * xwayland: set tag on our surfaces
+  * xwayland: Clear the "xwl-window" tag on unrealize
+  * xwayland: correct the type for the discrete scroll events
+  * xkb: fix some possible memleaks in XkbGetKbdByName
+  * xkb: length-check XkbGetKbdByName before accessing the fields
+  * xkb: length-check XkbListComponents before accessing the fields
+  * xkb: proof GetCountedString against request length attacks
+- supersedes security patches:
+  * U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
+  * U_xkb-proof-GetCountedString-against-request-length-at.patch
+
 -------------------------------------------------------------------
 Wed Oct 19 11:19:40 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
 
diff --git a/xwayland.spec b/xwayland.spec
index 97d776e..fef0e92 100644
--- a/xwayland.spec
+++ b/xwayland.spec
@@ -24,7 +24,7 @@
 %endif
 
 Name:           xwayland
-Version:        22.1.3
+Version:        22.1.4
 Release:        0
 URL:            http://xorg.freedesktop.org/
 Summary:        X
@@ -33,8 +33,6 @@ Group:          System/X11/Servers/XF86_4
 Source0:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz
 Source1:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig
 Source2:        xwayland.keyring
-Patch1204412:   U_xkb-proof-GetCountedString-against-request-length-at.patch
-Patch1204416:   U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
 BuildRequires:  meson
 BuildRequires:  ninja
 BuildRequires:  pkgconfig