automatic import of libX11openeuler24.03_LTS

11 files changed, 740 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..d6dcc71 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/libX11-1.7.0.tar.bz2
diff --git a/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch b/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
new file mode 100644
index 0000000..6427fc2
--- /dev/null
+++ b/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
@@ -0,0 +1,58 @@
+From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sun, 17 Sep 2023 14:19:40 -0700
+Subject: [PATCH] CVE-2023-43785: out-of-bounds memory access in
+ _XkbReadKeySyms()
+
+Make sure we allocate enough memory in the first place, and
+also handle error returns from _XkbReadBufferCopyKeySyms() when
+it detects out-of-bounds issues.
+
+Reported-by: Gregory James DUCK <gjduck@gmail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/xkb/XKBGetMap.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c
+index 2891d21e..31199e4a 100644
+--- a/src/xkb/XKBGetMap.c
++++ b/src/xkb/XKBGetMap.c
+@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep)
+             if (offset + newMap->nSyms >= map->size_syms) {
+                 register int sz;
+ 
+-                sz = map->size_syms + 128;
++                sz = offset + newMap->nSyms;
++                sz = ((sz + (unsigned) 128) / 128) * 128;
+                 _XkbResizeArray(map->syms, map->size_syms, sz, KeySym);
+                 if (map->syms == NULL) {
+                     map->size_syms = 0;
+@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep)
+                 map->size_syms = sz;
+             }
+             if (newMap->nSyms > 0) {
+-                _XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset],
+-                                          newMap->nSyms);
++                if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset],
++                                              newMap->nSyms) == 0)
++                    return BadLength;
+                 offset += newMap->nSyms;
+             }
+             else {
+@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep)
+             newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp);
+             if (newSyms == NULL)
+                 return BadAlloc;
+-            if (newMap->nSyms > 0)
+-                _XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms);
++            if (newMap->nSyms > 0) {
++                if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 0)
++                    return BadLength;
++            }
+             else
+                 newSyms[0] = NoSymbol;
+             oldMap->kt_index[0] = newMap->ktIndex[0];
+-- 
+2.41.0
+
diff --git a/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch b/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
new file mode 100644
index 0000000..8f6a446
--- /dev/null
+++ b/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
@@ -0,0 +1,37 @@
+From 204c3393c4c90a29ed6bef64e43849536e863a86 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu, 7 Sep 2023 15:54:30 -0700
+Subject: [PATCH 1/3] CVE-2023-43786: stack exhaustion from infinite recursion
+ in PutSubImage()
+
+When splitting a single line of pixels into chunks to send to the
+X server, be sure to take into account the number of bits per pixel,
+so we don't just loop forever trying to send more pixels than fit in
+the given request size and not breaking them down into a small enough
+chunk to fix.
+
+Fixes: "almost complete rewrite" (Dec. 12, 1987) from X11R2
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/PutImage.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/PutImage.c b/src/PutImage.c
+index 857ee916..a6db7b42 100644
+--- a/src/PutImage.c
++++ b/src/PutImage.c
+@@ -914,8 +914,9 @@ PutSubImage (
+ 		    req_width, req_height - SubImageHeight,
+ 		    dest_bits_per_pixel, dest_scanline_pad);
+     } else {
+-	int SubImageWidth = (((Available << 3) / dest_scanline_pad)
+-				* dest_scanline_pad) - left_pad;
++	int SubImageWidth = ((((Available << 3) / dest_scanline_pad)
++                              * dest_scanline_pad) - left_pad)
++                              / dest_bits_per_pixel;
+ 
+ 	PutSubImage(dpy, d, gc, image, req_xoffset, req_yoffset, x, y,
+ 		    (unsigned int) SubImageWidth, 1,
+-- 
+2.41.0
+
diff --git a/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch b/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
new file mode 100644
index 0000000..3468d6e
--- /dev/null
+++ b/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
@@ -0,0 +1,59 @@
+From 7916869d16bdd115ac5be30a67c3749907aea6a0 Mon Sep 17 00:00:00 2001
+From: Yair Mizrahi <yairm@jfrog.com>
+Date: Thu, 7 Sep 2023 16:15:32 -0700
+Subject: [PATCH] CVE-2023-43787: Integer overflow in XCreateImage() leading to
+ a heap overflow
+
+When the format is `Pixmap` it calculates the size of the image data as:
+    ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
+There is no validation on the `width` of the image, and so this
+calculation exceeds the capacity of a 4-byte integer, causing an overflow.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/ImUtil.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/src/ImUtil.c b/src/ImUtil.c
+index 36f08a03..fbfad33e 100644
+--- a/src/ImUtil.c
++++ b/src/ImUtil.c
+@@ -30,6 +30,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <X11/Xlibint.h>
+ #include <X11/Xutil.h>
+ #include <stdio.h>
++#include <limits.h>
+ #include "ImUtil.h"
+ 
+ static int _XDestroyImage(XImage *);
+@@ -361,13 +362,22 @@ XImage *XCreateImage (
+ 	/*
+ 	 * compute per line accelerator.
+ 	 */
+-	{
+-	if (format == ZPixmap)
++	if (format == ZPixmap) {
++	    if ((INT_MAX / bits_per_pixel) < width) {
++		Xfree(image);
++		return NULL;
++	    }
++
+ 	    min_bytes_per_line =
+-	       ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
+-	else
++		ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
++	} else {
++	    if ((INT_MAX - offset) < width) {
++		Xfree(image);
++		return NULL;
++	    }
++
+ 	    min_bytes_per_line =
+-	        ROUNDUP((width + offset), image->bitmap_pad);
++		ROUNDUP((width + offset), image->bitmap_pad);
+ 	}
+ 	if (image_bytes_per_line == 0) {
+ 	    image->bytes_per_line = min_bytes_per_line;
+-- 
+2.41.0
+
diff --git a/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch b/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
new file mode 100644
index 0000000..014bdc0
--- /dev/null
+++ b/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
@@ -0,0 +1,108 @@
+From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 10 Jun 2023 16:30:07 -0700
+Subject: [PATCH libX11] InitExt.c: Add bounds checks for extension request,
+ event, & error codes
+
+Fixes CVE-2023-3138: X servers could return values from XQueryExtension
+that would cause Xlib to write entries out-of-bounds of the arrays to
+store them, though this would only overwrite other parts of the Display
+struct, not outside the bounds allocated for that structure.
+
+Reported-by: Gregory James DUCK <gjduck@gmail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/InitExt.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 42 insertions(+)
+
+diff --git a/src/InitExt.c b/src/InitExt.c
+index 4de46f15..afc00a6b 100644
+--- a/src/InitExt.c
++++ b/src/InitExt.c
+@@ -33,6 +33,18 @@ from The Open Group.
+ #include <X11/Xos.h>
+ #include <stdio.h>
+ 
++/* The X11 protocol spec reserves events 64 through 127 for extensions */
++#ifndef LastExtensionEvent
++#define LastExtensionEvent 127
++#endif
++
++/* The X11 protocol spec reserves requests 128 through 255 for extensions */
++#ifndef LastExtensionRequest
++#define FirstExtensionRequest 128
++#define LastExtensionRequest 255
++#endif
++
++
+ /*
+  * This routine is used to link a extension in so it will be called
+  * at appropriate times.
+@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
+ 	WireToEventType proc)	/* routine to call when converting event */
+ {
+ 	register WireToEventType oldproc;
++	if (event_number < 0 ||
++	    event_number > LastExtensionEvent) {
++	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
++		    event_number);
++	    return (WireToEventType)_XUnknownWireEvent;
++	}
+ 	if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
+ 	LockDisplay (dpy);
+ 	oldproc = dpy->event_vec[event_number];
+@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie(
+     )
+ {
+ 	WireToEventCookieType oldproc;
++	if (extension < FirstExtensionRequest ||
++	    extension > LastExtensionRequest) {
++	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
++		    extension);
++	    return (WireToEventCookieType)_XUnknownWireEventCookie;
++	}
+ 	if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie;
+ 	LockDisplay (dpy);
+ 	oldproc = dpy->generic_event_vec[extension & 0x7F];
+@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie(
+     )
+ {
+ 	CopyEventCookieType oldproc;
++	if (extension < FirstExtensionRequest ||
++	    extension > LastExtensionRequest) {
++	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
++		    extension);
++	    return (CopyEventCookieType)_XUnknownCopyEventCookie;
++	}
+ 	if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
+ 	LockDisplay (dpy);
+ 	oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
+@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
+ 	EventToWireType proc)	/* routine to call when converting event */
+ {
+ 	register EventToWireType oldproc;
++	if (event_number < 0 ||
++	    event_number > LastExtensionEvent) {
++	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
++		    event_number);
++	    return (EventToWireType)_XUnknownNativeEvent;
++	}
+ 	if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
+ 	LockDisplay (dpy);
+ 	oldproc = dpy->wire_vec[event_number];
+@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
+ 	WireToErrorType proc)	/* routine to call when converting error */
+ {
+ 	register WireToErrorType oldproc = NULL;
++	if (error_number < 0 ||
++	    error_number > LastExtensionError) {
++	   fprintf(stderr, "Xlib: ignoring invalid extension error %d\n",
++		    error_number);
++	   return (WireToErrorType)_XDefaultWireError;
++	}
+ 	if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError;
+ 	LockDisplay (dpy);
+ 	if (!dpy->error_vec) {
+-- 
+2.41.0
+
diff --git a/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch b/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch
new file mode 100644
index 0000000..55adaae
--- /dev/null
+++ b/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch
@@ -0,0 +1,43 @@
+From e92efc63acd7b377faa9e534f4bf52aaa86be2a9 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 27 Jul 2021 11:46:19 +1000
+Subject: [PATCH libX11] makekeys: handle the new _EVDEVK xorgproto symbols
+
+These keys are all defined through a macro in the form:
+   #define XF86XK_BrightnessAuto		_EVDEVK(0x0F4)
+
+The _EVDEVK macro is simply an offset of 0x10081000.
+Let's parse these lines correctly so those keysyms end up in our
+hashtables.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ src/util/makekeys.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/util/makekeys.c b/src/util/makekeys.c
+index e847ef4c..4896cc53 100644
+--- a/src/util/makekeys.c
++++ b/src/util/makekeys.c
+@@ -78,6 +78,18 @@ parse_line(const char *buf, char *key, KeySym *val, char *prefix)
+         return 1;
+     }
+ 
++    /* See if we can parse one of the _EVDEVK symbols */
++    i = sscanf(buf, "#define %127s _EVDEVK(0x%lx)", key, val);
++    if (i == 2 && (tmp = strstr(key, "XK_"))) {
++        memcpy(prefix, key, (size_t)(tmp - key));
++        prefix[tmp - key] = '\0';
++        tmp += 3;
++        memmove(key, tmp, strlen(tmp) + 1);
++
++        *val += 0x10081000;
++        return 1;
++    }
++
+     /* Now try to catch alias (XK_foo XK_bar) definitions, and resolve them
+      * immediately: if the target is in the form XF86XK_foo, we need to
+      * canonicalise this to XF86foo before we do the lookup. */
+-- 
+2.31.1
+
diff --git a/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch b/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch
new file mode 100644
index 0000000..27b5912
--- /dev/null
+++ b/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch
@@ -0,0 +1,41 @@
+From 73a37d5f2fcadd6540159b432a70d80f442ddf4a Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu, 7 Sep 2023 15:55:04 -0700
+Subject: [PATCH 2/3] XPutImage: clip images to maximum height & width allowed
+ by protocol
+
+The PutImage request specifies height & width of the image as CARD16
+(unsigned 16-bit integer), same as the maximum dimensions of an X11
+Drawable, which the image is being copied to.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/PutImage.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/PutImage.c b/src/PutImage.c
+index a6db7b42..ba411e36 100644
+--- a/src/PutImage.c
++++ b/src/PutImage.c
+@@ -30,6 +30,7 @@ in this Software without prior written authorization from The Open Group.
+ #include "Xlibint.h"
+ #include "Xutil.h"
+ #include <stdio.h>
++#include <limits.h>
+ #include "Cr.h"
+ #include "ImUtil.h"
+ #include "reallocarray.h"
+@@ -962,6 +963,10 @@ XPutImage (
+ 	height = image->height - req_yoffset;
+     if ((width <= 0) || (height <= 0))
+ 	return 0;
++    if (width > USHRT_MAX)
++        width = USHRT_MAX;
++    if (height > USHRT_MAX)
++        height = USHRT_MAX;
+ 
+     if ((image->bits_per_pixel == 1) || (image->format != ZPixmap)) {
+ 	dest_bits_per_pixel = 1;
+-- 
+2.41.0
+
diff --git a/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch b/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
new file mode 100644
index 0000000..0900498
--- /dev/null
+++ b/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
@@ -0,0 +1,47 @@
+From b4031fc023816aca07fbd592ed97010b9b48784b Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu, 7 Sep 2023 16:12:27 -0700
+Subject: [PATCH 3/3] XCreatePixmap: trigger BadValue error for out-of-range
+ dimensions
+
+The CreatePixmap request specifies height & width of the image as CARD16
+(unsigned 16-bit integer), so if either is larger than that, set it to 0
+so the X server returns a BadValue error as the protocol requires.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/CrPixmap.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/CrPixmap.c b/src/CrPixmap.c
+index cdf31207..3cb2ca6d 100644
+--- a/src/CrPixmap.c
++++ b/src/CrPixmap.c
+@@ -28,6 +28,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <config.h>
+ #endif
+ #include "Xlibint.h"
++#include <limits.h>
+ 
+ #ifdef USE_DYNAMIC_XCURSOR
+ void
+@@ -47,6 +48,16 @@ Pixmap XCreatePixmap (
+     Pixmap pid;
+     register xCreatePixmapReq *req;
+ 
++    /*
++     * Force a BadValue X Error if the requested dimensions are larger
++     * than the X11 protocol has room for, since that's how callers expect
++     * to get notified of errors.
++     */
++    if (width > USHRT_MAX)
++        width = 0;
++    if (height > USHRT_MAX)
++        height = 0;
++
+     LockDisplay(dpy);
+     GetReq(CreatePixmap, req);
+     req->drawable = d;
+-- 
+2.41.0
+
diff --git a/dont-forward-keycode-0.patch b/dont-forward-keycode-0.patch
new file mode 100644
index 0000000..c16d874
--- /dev/null
+++ b/dont-forward-keycode-0.patch
@@ -0,0 +1,53 @@
+diff -up libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx libX11-1.6.3/modules/im/ximcp/imDefFlt.c
+--- libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx	2015-03-09 18:28:45.000000000 -0400
++++ libX11-1.6.3/modules/im/ximcp/imDefFlt.c	2015-03-10 12:32:31.912149644 -0400
+@@ -142,7 +142,7 @@ _XimProtoKeypressFilter(
+ {
+     Xim		im = (Xim)ic->core.im;
+ 
+-    if (IS_FABRICATED(im)) {
++    if ((ev->keycode == 0) || IS_FABRICATED(im)) {
+ 	_XimPendingFilter(ic);
+ 	UNMARK_FABRICATED(im);
+ 	return NOTFILTERD;
+diff -up libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx libX11-1.6.3/modules/im/ximcp/imDefLkup.c
+--- libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx	2015-03-09 18:28:45.000000000 -0400
++++ libX11-1.6.3/modules/im/ximcp/imDefLkup.c	2015-03-10 12:32:31.911149637 -0400
+@@ -332,6 +332,17 @@ _XimForwardEvent(
+     XEvent	*ev,
+     Bool	 sync)
+ {
++    /*
++     * Don't forward a key event which has keycode=0.
++     * keycode=0 is reserved for special purpose to let Xmb/wcLookupString()
++     * functions know that there is a commited string available from IM.
++     */
++    if (((ev->type == KeyPress) || (ev->type == KeyRelease))) {
++        if (((XKeyEvent *)ev)->keycode == 0) {
++            return True;
++        }
++    }
++
+ #ifdef EXT_FORWARD
+     if (((ev->type == KeyPress) || (ev->type == KeyRelease)))
+ 	if (_XimExtForwardKeyEvent(ic, (XKeyEvent *)ev, sync))
+@@ -604,6 +615,19 @@ _XimUnregCommitInfo(
+     Xfree(info->keysym);
+     ic->private.proto.commit_info = info->next;
+     Xfree(info);
++
++    /*
++     * "Commit" uses fabricated flag to process a commited string
++     * from IM engine.  
++     * Turn off the fabricated flag here (unregister the commited
++     * information function). Otherwise, next regular key press
++     * event will be ignored at _XimProtoKeypressFilter() and it
++     * will not be passed to IM engine.
++     */
++    if (IS_FABRICATED(ic)) {
++        UNMARK_FABRICATED(ic);
++    }
++
+     return;
+ }
+ 
diff --git a/libX11.spec b/libX11.spec
new file mode 100644
index 0000000..19058f6
--- /dev/null
+++ b/libX11.spec
@@ -0,0 +1,292 @@
+%global tarball libX11
+#global gitdate 20130524
+%global gitversion a3bdd2b09
+
+Summary: Core X11 protocol client library
+Name: libX11
+Version: 1.7.0
+Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
+License: MIT
+URL: http://www.x.org
+
+%if 0%{?gitdate}
+Source0:    %{tarball}-%{gitdate}.tar.bz2
+Source1:    make-git-snapshot.sh
+Source2:    commitid
+%else
+Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2
+%endif
+
+Patch2: dont-forward-keycode-0.patch
+Patch3: 0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch
+# CVE-2023-3138
+Patch4: 0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
+
+# CVE-2023-43785
+Patch5: 0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
+
+# CVE-2023-43786
+Patch6: 0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
+Patch7: 0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch
+Patch8: 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
+
+# CVE-2023-43787
+Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
+
+BuildRequires: make
+BuildRequires: xorg-x11-util-macros >= 1.11
+BuildRequires: pkgconfig(xproto) >= 7.0.15
+BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4
+BuildRequires: libxcb-devel >= 1.2
+BuildRequires: pkgconfig(xau) pkgconfig(xdmcp)
+BuildRequires: perl(Pod::Usage)
+
+Requires: %{name}-common >= %{version}-%{release}
+
+%description
+Core X11 protocol client library.
+
+%package common
+Summary: Common data for libX11
+BuildArch: noarch
+
+%description common
+libX11 common data
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name} = %{version}-%{release}
+Requires: %{name}-xcb = %{version}-%{release}
+
+%description devel
+X.Org X11 libX11 development package
+
+%package xcb
+Summary: XCB interop for libX11
+Conflicts: %{name} < %{version}-%{release}
+
+%description xcb
+libX11/libxcb interoperability library
+
+%prep
+%autosetup -p1 -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}}
+
+%build
+autoreconf -v --install --force
+%configure --disable-silent-rules --disable-static
+
+make %{?_smp_mflags}
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+
+# create/own compose cache dir
+mkdir -p $RPM_BUILD_ROOT/var/cache/libX11/compose
+
+# We intentionally don't ship *.la files
+find $RPM_BUILD_ROOT -type f -name '*.la' -delete
+
+# FIXME: Don't install Xcms.txt - find out why upstream still ships this.
+find $RPM_BUILD_ROOT -name 'Xcms.txt' -delete
+
+# FIXME package these properly
+rm -rf $RPM_BUILD_ROOT%{_docdir}
+
+%check
+make %{?_smp_mflags} check
+
+%ldconfig_post
+%ldconfig_postun
+
+%files
+%{_libdir}/libX11.so.6
+%{_libdir}/libX11.so.6.4.0
+
+%files xcb
+%{_libdir}/libX11-xcb.so.1
+%{_libdir}/libX11-xcb.so.1.0.0
+
+%files common
+%doc AUTHORS COPYING README.md NEWS
+%{_datadir}/X11/locale/
+%{_datadir}/X11/XErrorDB
+%dir /var/cache/libX11
+%dir /var/cache/libX11/compose
+
+%files devel
+%{_includedir}/X11/ImUtil.h
+%{_includedir}/X11/XKBlib.h
+%{_includedir}/X11/Xcms.h
+%{_includedir}/X11/Xlib.h
+%{_includedir}/X11/XlibConf.h
+%{_includedir}/X11/Xlibint.h
+%{_includedir}/X11/Xlib-xcb.h
+%{_includedir}/X11/Xlocale.h
+%{_includedir}/X11/Xregion.h
+%{_includedir}/X11/Xresource.h
+%{_includedir}/X11/Xutil.h
+%{_includedir}/X11/cursorfont.h
+%{_includedir}/X11/extensions/XKBgeom.h
+%{_libdir}/libX11.so
+%{_libdir}/libX11-xcb.so
+%{_libdir}/pkgconfig/x11.pc
+%{_libdir}/pkgconfig/x11-xcb.pc
+%{_mandir}/man3/*.3*
+%{_mandir}/man5/*.5*
+
+%changelog
+* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 1.7.0-9
+- Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
+- Fix CVE-2023-43786: stack exhaustion from infinite recursion in
+  PutSubImage()
+- Fix CVE-2023-43787: integer overflow in XCreateImage() leading to
+  a heap overflow
+
+* Wed Jul 05 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.7.0-8
+- CVE fix for: CVE-2023-3138
+  Resolve: rhbz#2213763
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Aug 03 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.0-6
+- Parse the EVDEVK keysyms (#1988944)
+
+* Tue May 04 2021 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-5
+- Rebuild to pick up the new xorgproto keysyms (#1954345)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-2
+- libX11 1.7.0 (with the tarball this time)
+
+* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-1
+- libX11 1.7.0
+- switch to using the autosetup rpm macro
+
+* Mon Nov 09 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.6.12-3
+- Fix a race-condition in poll_for_response (#1758384)
+
+* Thu Nov  5 11:12:56 AEST 2020 Peter Hutterer <peter.hutterer@redhat.com> - 1.6.12-2
+- Add BuildRequires for make
+
+* Wed Aug 26 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.6.12-1
+- libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
+
+* Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.6.9-5
+- Fix server reply validation issue in XIM (CVE 2020-14344)
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Dec 11 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.9-2
+- handle ssharp in XConvertCase
+
+* Wed Oct 09 2019 Adam Jackson <ajax@redhat.com> - 1.6.9-1
+- libX11 1.6.9
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jun 20 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.8-2
+- rebuild to pick up the new xorgproto keysyms
+
+* Thu Jun 20 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.8-1
+- libX11 1.6.8
+
+* Thu Mar 21 2019 Adam Jackson <ajax@redhat.com> - 1.6.7-3
+- Rebuild for xtrans 1.4.0
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Oct 09 2018 Adam Jackson <ajax@redhat.com> - 1.6.7-1
+- libX11 1.6.7
+
+* Tue Aug 21 2018 Adam Jackson <ajax@redhat.com> - 1.6.6-1
+- libX11 1.6.6
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 1.6.5-8
+- Use ldconfig scriptlet macros
+
+* Fri Mar 23 2018 Peter Hutterer <peter.hutterer@redhat.com> 1.6.5-7
+- Fix FTBS caused by fake size in the XimCacheStruct (#1556616)
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Oct 17 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.5-5
+- run make check as part of the build (#1502658)
+
+* Tue Aug 01 2017 Adam Jackson <ajax@redhat.com> - 1.6.5-4
+- Split libX11-xcb to its own subpackage. This doesn't have much effect at
+  the moment because x11-xcb.pc still lists both libX11 and libxcb in
+  Requires, but once that's fixed eg. libEGL should be able to be installed
+  without libX11.
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri May 12 2017 Hans de Goede <hdegoede@redhat.com> - 1.6.5-2
+- Rebuild against new xproto to pick up support for new keysyms
+
+* Wed Apr 26 2017 Adam Jackson <ajax@redhat.com> - 1.6.5-1
+- libX11 1.6.5
+
+* Thu Feb 16 2017 Rex Dieter <rdieter@fedoraproject.org> - 1.6.4-6
+- create/own /var/cache/libx11/compose (#962764)
+- %%build: --disable-silent-rules
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jan 20 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-4
+- Actually apply the patch from 1.6.4-3
+
+* Mon Jan 09 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-3
+- Fix a bug in the memory leak fix from 1.6.4-2
+
+* Thu Jan 05 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-2
+- Plug a memory leak in XListFonts()
+
+* Wed Oct 05 2016 Adam Jackson <ajax@redhat.com> - 1.6.4-1
+- libX11 1.6.4
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jan 28 2016 Peter Hutterer <peter.hutterer@redhat.com>
+- Remove unnecessary defattr
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue Mar 10 2015 Adam Jackson <ajax@redhat.com> 1.6.3-1
+- libX11 1.6.3
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Jun 30 2014 Adam Jackson <ajax@redhat.com> 1.6.2-1
+- libX11 1.6.2 plus a fix for interleaved xcb/xlib usage
+- Use >= for the -common Requires
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Jul 30 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.6.1-1
+- libX11 1.6.1
+
+* Tue Jun 04 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.6.0-1
+- libX11 1.6.0
diff --git a/sources b/sources
new file mode 100644
index 0000000..8f1e62f
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+f46572566e2cec801609d25f735285b7  libX11-1.7.0.tar.bz2