From cd5cddf487ef8b493494e1b143531d92c296a7ae5dba2a628b1499b44db596d6 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Tue, 7 Feb 2023 02:57:30 +0000
Subject: [PATCH 1/3] - improved summary and description - added requires to
 xkeyboard-config - added recommends to xorg-x11-fonts-core - removed unused
 'package' section

- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
  * DeepCopyPointerClasses use-after-free (CVE-2023-0494,
    ZDI-CAN-19596, bsc#1207783)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=43
---
 ...-use-after-free-in-DeepCopyPointerCl.patch | 20 +++++++++++++++++++
 xwayland.changes                              | 15 ++++++++++++++
 xwayland.spec                                 | 18 +++++------------
 3 files changed, 40 insertions(+), 13 deletions(-)
 create mode 100644 U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

diff --git a/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch b/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
new file mode 100644
index 0000000..a19074e
--- /dev/null
+++ b/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
@@ -0,0 +1,20 @@
+@@ -, +, @@ 
+ DeepCopyPointerClasses
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+--- a/Xi/exevents.c	
++++ a/Xi/exevents.c	
+@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+                    sizeof(XkbAction));
+         }
+-        else
++        else {
+             free(to->button->xkb_acts);
++            to->button->xkb_acts = NULL;
++        }
+ 
+         memcpy(to->button->labels, from->button->labels,
+                from->button->numButtons * sizeof(Atom));
+-- 
diff --git a/xwayland.changes b/xwayland.changes
index f133929..4486cf6 100644
--- a/xwayland.changes
+++ b/xwayland.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Feb  2 15:39:06 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
+
+- improved summary and description 
+- added requires to xkeyboard-config
+- added recommends to xorg-x11-fonts-core
+- removed unused 'package' section
+
+-------------------------------------------------------------------
+Wed Feb  1 10:06:15 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
+  * DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
+    ZDI-CAN-19596, bsc#1207783)
+
 -------------------------------------------------------------------
 Sat Dec 31 15:51:38 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
 
diff --git a/xwayland.spec b/xwayland.spec
index bb54dd8..0432cd6 100644
--- a/xwayland.spec
+++ b/xwayland.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package xwayland
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,12 +27,13 @@ Name:           xwayland
 Version:        22.1.7
 Release:        0
 URL:            http://xorg.freedesktop.org
-Summary:        X
+Summary:        Xwayland Xserver
 License:        MIT
 Group:          System/X11/Servers/XF86_4
 Source0:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz
 Source1:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig
 Source2:        xwayland.keyring
+Patch1207783:   U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
 
 BuildRequires:  meson
 BuildRequires:  ninja
@@ -93,7 +94,8 @@ Requires(pre):  %fillup_prereq
 %endif
 Requires:       pkgconfig
 Requires:       xkbcomp
-#Recommends:     xorg-x11-fonts-core
+Requires:       xkeyboard-config
+Recommends:     xorg-x11-fonts-core
 %ifnarch s390 s390x
 Requires:       libpixman-1-0
 %endif
@@ -101,16 +103,6 @@ Obsoletes:      xorg-x11-server-wayland < %{version}
 Provides:       xorg-x11-server-wayland = %{version}
 
 %description
-This package contains the Xwayland Server.
-
-%package %{name}
-Summary:        Xwayland Xserver
-Group:          System/X11/Servers/XF86_4
-Requires:       xkbcomp
-Requires:       xkeyboard-config
-Recommends:     xorg-x11-fonts-core
-
-%description %{name}
 This package contains the Xserver running on the Wayland Display Server.
 
 %package devel

From 179bde64cb630b3a20df656bb7f9de54afda2e329d9c0e9e8a068fd7ba957d80 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Tue, 7 Feb 2023 14:32:28 +0000
Subject: [PATCH 2/3] - Update to version 22.1.8   * This release contains the
 fix for CVE-2023-0494 in today's     security advisory:    
 https://lists.x.org/archives/xorg-announce/2023-February/003320.html   * It
 also fixes a second possible OOB access during EnqueueEvent. - supersedes
 U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=44
---
 ...-use-after-free-in-DeepCopyPointerCl.patch |  20 ------------------
 xwayland-22.1.8.tar.xz                        |   3 +++
 xwayland-22.1.8.tar.xz.sig                    | Bin 0 -> 95 bytes
 xwayland.changes                              |  10 +++++++++
 xwayland.spec                                 |   1 -
 5 files changed, 13 insertions(+), 21 deletions(-)
 delete mode 100644 U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
 create mode 100644 xwayland-22.1.8.tar.xz
 create mode 100644 xwayland-22.1.8.tar.xz.sig

diff --git a/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch b/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
deleted file mode 100644
index a19074e..0000000
--- a/U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-@@ -, +, @@ 
- DeepCopyPointerClasses
----
- Xi/exevents.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
---- a/Xi/exevents.c	
-+++ a/Xi/exevents.c	
-@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
-             memcpy(to->button->xkb_acts, from->button->xkb_acts,
-                    sizeof(XkbAction));
-         }
--        else
-+        else {
-             free(to->button->xkb_acts);
-+            to->button->xkb_acts = NULL;
-+        }
- 
-         memcpy(to->button->labels, from->button->labels,
-                from->button->numButtons * sizeof(Atom));
--- 
diff --git a/xwayland-22.1.8.tar.xz b/xwayland-22.1.8.tar.xz
new file mode 100644
index 0000000..dc1c560
--- /dev/null
+++ b/xwayland-22.1.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73
+size 1273668
diff --git a/xwayland-22.1.8.tar.xz.sig b/xwayland-22.1.8.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..c3e67d27804073bafd0b6f7c99b0f282f974ef90c25c1ce1539dac7a3b83b7da
GIT binary patch
literal 95
zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4Nk{{W1GH`JUz(msLGR!Y?
vNxycXwnA-nkl{;<3mQ+Z^-pYOSa2pxAn!%*_re>s52_yrwR0SvYn}!GVV)-$

literal 0
HcmV?d00001

diff --git a/xwayland.changes b/xwayland.changes
index 4486cf6..5585808 100644
--- a/xwayland.changes
+++ b/xwayland.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Feb  7 14:29:21 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
+
+- Update to version 22.1.8
+  * This release contains the fix for CVE-2023-0494 in today's
+    security advisory: 
+    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
+  * It also fixes a second possible OOB access during EnqueueEvent.
+- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
+
 -------------------------------------------------------------------
 Thu Feb  2 15:39:06 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
 
diff --git a/xwayland.spec b/xwayland.spec
index 0432cd6..7e3c614 100644
--- a/xwayland.spec
+++ b/xwayland.spec
@@ -33,7 +33,6 @@ Group:          System/X11/Servers/XF86_4
 Source0:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz
 Source1:        %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig
 Source2:        xwayland.keyring
-Patch1207783:   U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
 
 BuildRequires:  meson
 BuildRequires:  ninja

From 20e8312e259cbb8527b27cebce6dba44f689de42e407832880e802c9673d578b Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Tue, 7 Feb 2023 14:42:36 +0000
Subject: [PATCH 3/3] fixed build

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xwayland?expand=0&rev=45
---
 xwayland-22.1.7.tar.xz     |   3 ---
 xwayland-22.1.7.tar.xz.sig | Bin 95 -> 0 bytes
 xwayland.spec              |   2 +-
 3 files changed, 1 insertion(+), 4 deletions(-)
 delete mode 100644 xwayland-22.1.7.tar.xz
 delete mode 100644 xwayland-22.1.7.tar.xz.sig

diff --git a/xwayland-22.1.7.tar.xz b/xwayland-22.1.7.tar.xz
deleted file mode 100644
index a714651..0000000
--- a/xwayland-22.1.7.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d53afac6c71953f5cf66d03d289dacd8961da5bd309c1dff125d5955d9db5f76
-size 1273476
diff --git a/xwayland-22.1.7.tar.xz.sig b/xwayland-22.1.7.tar.xz.sig
deleted file mode 100644
index 788de474213844ca4c4534dc6f5636ba8a79fc91ca3ea9aae9b924457aff19a5..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 95
zcmeB(WnmCxVvrS6WJ$l%_9@B!=wI)xO0gmZx%=e2T^(4Nk{9T2XW-%#fQj5Zz_4JI
v_pHxTcb$IdxB0}3@BFGF6_bO0Gc0)a-qSFit=L23P9yXA>_Dqk?ve2Tgk&Z1

diff --git a/xwayland.spec b/xwayland.spec
index 7e3c614..8f2c47c 100644
--- a/xwayland.spec
+++ b/xwayland.spec
@@ -24,7 +24,7 @@
 %endif
 
 Name:           xwayland
-Version:        22.1.7
+Version:        22.1.8
 Release:        0
 URL:            http://xorg.freedesktop.org
 Summary:        Xwayland Xserver