diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | 0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch | 58 | ||||
| -rw-r--r-- | 0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch | 37 | ||||
| -rw-r--r-- | 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch | 59 | ||||
| -rw-r--r-- | 0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch | 108 | ||||
| -rw-r--r-- | 0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch | 43 | ||||
| -rw-r--r-- | 0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch | 41 | ||||
| -rw-r--r-- | 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch | 47 | ||||
| -rw-r--r-- | dont-forward-keycode-0.patch | 53 | ||||
| -rw-r--r-- | libX11.spec | 292 | ||||
| -rw-r--r-- | sources | 1 |
11 files changed, 740 insertions, 0 deletions
@@ -0,0 +1 @@ +/libX11-1.7.0.tar.bz2 diff --git a/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch b/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch new file mode 100644 index 0000000..6427fc2 --- /dev/null +++ b/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch @@ -0,0 +1,58 @@ +From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sun, 17 Sep 2023 14:19:40 -0700 +Subject: [PATCH] CVE-2023-43785: out-of-bounds memory access in + _XkbReadKeySyms() + +Make sure we allocate enough memory in the first place, and +also handle error returns from _XkbReadBufferCopyKeySyms() when +it detects out-of-bounds issues. + +Reported-by: Gregory James DUCK <gjduck@gmail.com> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/xkb/XKBGetMap.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c +index 2891d21e..31199e4a 100644 +--- a/src/xkb/XKBGetMap.c ++++ b/src/xkb/XKBGetMap.c +@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + if (offset + newMap->nSyms >= map->size_syms) { + register int sz; + +- sz = map->size_syms + 128; ++ sz = offset + newMap->nSyms; ++ sz = ((sz + (unsigned) 128) / 128) * 128; + _XkbResizeArray(map->syms, map->size_syms, sz, KeySym); + if (map->syms == NULL) { + map->size_syms = 0; +@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + map->size_syms = sz; + } + if (newMap->nSyms > 0) { +- _XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset], +- newMap->nSyms); ++ if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset], ++ newMap->nSyms) == 0) ++ return BadLength; + offset += newMap->nSyms; + } + else { +@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp); + if (newSyms == NULL) + return BadAlloc; +- if (newMap->nSyms > 0) +- _XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms); ++ if (newMap->nSyms > 0) { ++ if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 0) ++ return BadLength; ++ } + else + newSyms[0] = NoSymbol; + oldMap->kt_index[0] = newMap->ktIndex[0]; +-- +2.41.0 + diff --git a/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch b/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch new file mode 100644 index 0000000..8f6a446 --- /dev/null +++ b/0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch @@ -0,0 +1,37 @@ +From 204c3393c4c90a29ed6bef64e43849536e863a86 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Thu, 7 Sep 2023 15:54:30 -0700 +Subject: [PATCH 1/3] CVE-2023-43786: stack exhaustion from infinite recursion + in PutSubImage() + +When splitting a single line of pixels into chunks to send to the +X server, be sure to take into account the number of bits per pixel, +so we don't just loop forever trying to send more pixels than fit in +the given request size and not breaking them down into a small enough +chunk to fix. + +Fixes: "almost complete rewrite" (Dec. 12, 1987) from X11R2 +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/PutImage.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/PutImage.c b/src/PutImage.c +index 857ee916..a6db7b42 100644 +--- a/src/PutImage.c ++++ b/src/PutImage.c +@@ -914,8 +914,9 @@ PutSubImage ( + req_width, req_height - SubImageHeight, + dest_bits_per_pixel, dest_scanline_pad); + } else { +- int SubImageWidth = (((Available << 3) / dest_scanline_pad) +- * dest_scanline_pad) - left_pad; ++ int SubImageWidth = ((((Available << 3) / dest_scanline_pad) ++ * dest_scanline_pad) - left_pad) ++ / dest_bits_per_pixel; + + PutSubImage(dpy, d, gc, image, req_xoffset, req_yoffset, x, y, + (unsigned int) SubImageWidth, 1, +-- +2.41.0 + diff --git a/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch b/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch new file mode 100644 index 0000000..3468d6e --- /dev/null +++ b/0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch @@ -0,0 +1,59 @@ +From 7916869d16bdd115ac5be30a67c3749907aea6a0 Mon Sep 17 00:00:00 2001 +From: Yair Mizrahi <yairm@jfrog.com> +Date: Thu, 7 Sep 2023 16:15:32 -0700 +Subject: [PATCH] CVE-2023-43787: Integer overflow in XCreateImage() leading to + a heap overflow + +When the format is `Pixmap` it calculates the size of the image data as: + ROUNDUP((bits_per_pixel * width), image->bitmap_pad); +There is no validation on the `width` of the image, and so this +calculation exceeds the capacity of a 4-byte integer, causing an overflow. + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/ImUtil.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/ImUtil.c b/src/ImUtil.c +index 36f08a03..fbfad33e 100644 +--- a/src/ImUtil.c ++++ b/src/ImUtil.c +@@ -30,6 +30,7 @@ in this Software without prior written authorization from The Open Group. + #include <X11/Xlibint.h> + #include <X11/Xutil.h> + #include <stdio.h> ++#include <limits.h> + #include "ImUtil.h" + + static int _XDestroyImage(XImage *); +@@ -361,13 +362,22 @@ XImage *XCreateImage ( + /* + * compute per line accelerator. + */ +- { +- if (format == ZPixmap) ++ if (format == ZPixmap) { ++ if ((INT_MAX / bits_per_pixel) < width) { ++ Xfree(image); ++ return NULL; ++ } ++ + min_bytes_per_line = +- ROUNDUP((bits_per_pixel * width), image->bitmap_pad); +- else ++ ROUNDUP((bits_per_pixel * width), image->bitmap_pad); ++ } else { ++ if ((INT_MAX - offset) < width) { ++ Xfree(image); ++ return NULL; ++ } ++ + min_bytes_per_line = +- ROUNDUP((width + offset), image->bitmap_pad); ++ ROUNDUP((width + offset), image->bitmap_pad); + } + if (image_bytes_per_line == 0) { + image->bytes_per_line = min_bytes_per_line; +-- +2.41.0 + diff --git a/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch b/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch new file mode 100644 index 0000000..014bdc0 --- /dev/null +++ b/0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch @@ -0,0 +1,108 @@ +From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat, 10 Jun 2023 16:30:07 -0700 +Subject: [PATCH libX11] InitExt.c: Add bounds checks for extension request, + event, & error codes + +Fixes CVE-2023-3138: X servers could return values from XQueryExtension +that would cause Xlib to write entries out-of-bounds of the arrays to +store them, though this would only overwrite other parts of the Display +struct, not outside the bounds allocated for that structure. + +Reported-by: Gregory James DUCK <gjduck@gmail.com> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/InitExt.c | 42 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 42 insertions(+) + +diff --git a/src/InitExt.c b/src/InitExt.c +index 4de46f15..afc00a6b 100644 +--- a/src/InitExt.c ++++ b/src/InitExt.c +@@ -33,6 +33,18 @@ from The Open Group. + #include <X11/Xos.h> + #include <stdio.h> + ++/* The X11 protocol spec reserves events 64 through 127 for extensions */ ++#ifndef LastExtensionEvent ++#define LastExtensionEvent 127 ++#endif ++ ++/* The X11 protocol spec reserves requests 128 through 255 for extensions */ ++#ifndef LastExtensionRequest ++#define FirstExtensionRequest 128 ++#define LastExtensionRequest 255 ++#endif ++ ++ + /* + * This routine is used to link a extension in so it will be called + * at appropriate times. +@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent( + WireToEventType proc) /* routine to call when converting event */ + { + register WireToEventType oldproc; ++ if (event_number < 0 || ++ event_number > LastExtensionEvent) { ++ fprintf(stderr, "Xlib: ignoring invalid extension event %d\n", ++ event_number); ++ return (WireToEventType)_XUnknownWireEvent; ++ } + if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent; + LockDisplay (dpy); + oldproc = dpy->event_vec[event_number]; +@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie( + ) + { + WireToEventCookieType oldproc; ++ if (extension < FirstExtensionRequest || ++ extension > LastExtensionRequest) { ++ fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n", ++ extension); ++ return (WireToEventCookieType)_XUnknownWireEventCookie; ++ } + if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie; + LockDisplay (dpy); + oldproc = dpy->generic_event_vec[extension & 0x7F]; +@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie( + ) + { + CopyEventCookieType oldproc; ++ if (extension < FirstExtensionRequest || ++ extension > LastExtensionRequest) { ++ fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n", ++ extension); ++ return (CopyEventCookieType)_XUnknownCopyEventCookie; ++ } + if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie; + LockDisplay (dpy); + oldproc = dpy->generic_event_copy_vec[extension & 0x7F]; +@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire( + EventToWireType proc) /* routine to call when converting event */ + { + register EventToWireType oldproc; ++ if (event_number < 0 || ++ event_number > LastExtensionEvent) { ++ fprintf(stderr, "Xlib: ignoring invalid extension event %d\n", ++ event_number); ++ return (EventToWireType)_XUnknownNativeEvent; ++ } + if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent; + LockDisplay (dpy); + oldproc = dpy->wire_vec[event_number]; +@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError( + WireToErrorType proc) /* routine to call when converting error */ + { + register WireToErrorType oldproc = NULL; ++ if (error_number < 0 || ++ error_number > LastExtensionError) { ++ fprintf(stderr, "Xlib: ignoring invalid extension error %d\n", ++ error_number); ++ return (WireToErrorType)_XDefaultWireError; ++ } + if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError; + LockDisplay (dpy); + if (!dpy->error_vec) { +-- +2.41.0 + diff --git a/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch b/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch new file mode 100644 index 0000000..55adaae --- /dev/null +++ b/0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch @@ -0,0 +1,43 @@ +From e92efc63acd7b377faa9e534f4bf52aaa86be2a9 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 27 Jul 2021 11:46:19 +1000 +Subject: [PATCH libX11] makekeys: handle the new _EVDEVK xorgproto symbols + +These keys are all defined through a macro in the form: + #define XF86XK_BrightnessAuto _EVDEVK(0x0F4) + +The _EVDEVK macro is simply an offset of 0x10081000. +Let's parse these lines correctly so those keysyms end up in our +hashtables. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + src/util/makekeys.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/util/makekeys.c b/src/util/makekeys.c +index e847ef4c..4896cc53 100644 +--- a/src/util/makekeys.c ++++ b/src/util/makekeys.c +@@ -78,6 +78,18 @@ parse_line(const char *buf, char *key, KeySym *val, char *prefix) + return 1; + } + ++ /* See if we can parse one of the _EVDEVK symbols */ ++ i = sscanf(buf, "#define %127s _EVDEVK(0x%lx)", key, val); ++ if (i == 2 && (tmp = strstr(key, "XK_"))) { ++ memcpy(prefix, key, (size_t)(tmp - key)); ++ prefix[tmp - key] = '\0'; ++ tmp += 3; ++ memmove(key, tmp, strlen(tmp) + 1); ++ ++ *val += 0x10081000; ++ return 1; ++ } ++ + /* Now try to catch alias (XK_foo XK_bar) definitions, and resolve them + * immediately: if the target is in the form XF86XK_foo, we need to + * canonicalise this to XF86foo before we do the lookup. */ +-- +2.31.1 + diff --git a/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch b/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch new file mode 100644 index 0000000..27b5912 --- /dev/null +++ b/0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch @@ -0,0 +1,41 @@ +From 73a37d5f2fcadd6540159b432a70d80f442ddf4a Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Thu, 7 Sep 2023 15:55:04 -0700 +Subject: [PATCH 2/3] XPutImage: clip images to maximum height & width allowed + by protocol + +The PutImage request specifies height & width of the image as CARD16 +(unsigned 16-bit integer), same as the maximum dimensions of an X11 +Drawable, which the image is being copied to. + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/PutImage.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/PutImage.c b/src/PutImage.c +index a6db7b42..ba411e36 100644 +--- a/src/PutImage.c ++++ b/src/PutImage.c +@@ -30,6 +30,7 @@ in this Software without prior written authorization from The Open Group. + #include "Xlibint.h" + #include "Xutil.h" + #include <stdio.h> ++#include <limits.h> + #include "Cr.h" + #include "ImUtil.h" + #include "reallocarray.h" +@@ -962,6 +963,10 @@ XPutImage ( + height = image->height - req_yoffset; + if ((width <= 0) || (height <= 0)) + return 0; ++ if (width > USHRT_MAX) ++ width = USHRT_MAX; ++ if (height > USHRT_MAX) ++ height = USHRT_MAX; + + if ((image->bits_per_pixel == 1) || (image->format != ZPixmap)) { + dest_bits_per_pixel = 1; +-- +2.41.0 + diff --git a/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch b/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch new file mode 100644 index 0000000..0900498 --- /dev/null +++ b/0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch @@ -0,0 +1,47 @@ +From b4031fc023816aca07fbd592ed97010b9b48784b Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Thu, 7 Sep 2023 16:12:27 -0700 +Subject: [PATCH 3/3] XCreatePixmap: trigger BadValue error for out-of-range + dimensions + +The CreatePixmap request specifies height & width of the image as CARD16 +(unsigned 16-bit integer), so if either is larger than that, set it to 0 +so the X server returns a BadValue error as the protocol requires. + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + src/CrPixmap.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/CrPixmap.c b/src/CrPixmap.c +index cdf31207..3cb2ca6d 100644 +--- a/src/CrPixmap.c ++++ b/src/CrPixmap.c +@@ -28,6 +28,7 @@ in this Software without prior written authorization from The Open Group. + #include <config.h> + #endif + #include "Xlibint.h" ++#include <limits.h> + + #ifdef USE_DYNAMIC_XCURSOR + void +@@ -47,6 +48,16 @@ Pixmap XCreatePixmap ( + Pixmap pid; + register xCreatePixmapReq *req; + ++ /* ++ * Force a BadValue X Error if the requested dimensions are larger ++ * than the X11 protocol has room for, since that's how callers expect ++ * to get notified of errors. ++ */ ++ if (width > USHRT_MAX) ++ width = 0; ++ if (height > USHRT_MAX) ++ height = 0; ++ + LockDisplay(dpy); + GetReq(CreatePixmap, req); + req->drawable = d; +-- +2.41.0 + diff --git a/dont-forward-keycode-0.patch b/dont-forward-keycode-0.patch new file mode 100644 index 0000000..c16d874 --- /dev/null +++ b/dont-forward-keycode-0.patch @@ -0,0 +1,53 @@ +diff -up libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx libX11-1.6.3/modules/im/ximcp/imDefFlt.c +--- libX11-1.6.3/modules/im/ximcp/imDefFlt.c.jx 2015-03-09 18:28:45.000000000 -0400 ++++ libX11-1.6.3/modules/im/ximcp/imDefFlt.c 2015-03-10 12:32:31.912149644 -0400 +@@ -142,7 +142,7 @@ _XimProtoKeypressFilter( + { + Xim im = (Xim)ic->core.im; + +- if (IS_FABRICATED(im)) { ++ if ((ev->keycode == 0) || IS_FABRICATED(im)) { + _XimPendingFilter(ic); + UNMARK_FABRICATED(im); + return NOTFILTERD; +diff -up libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx libX11-1.6.3/modules/im/ximcp/imDefLkup.c +--- libX11-1.6.3/modules/im/ximcp/imDefLkup.c.jx 2015-03-09 18:28:45.000000000 -0400 ++++ libX11-1.6.3/modules/im/ximcp/imDefLkup.c 2015-03-10 12:32:31.911149637 -0400 +@@ -332,6 +332,17 @@ _XimForwardEvent( + XEvent *ev, + Bool sync) + { ++ /* ++ * Don't forward a key event which has keycode=0. ++ * keycode=0 is reserved for special purpose to let Xmb/wcLookupString() ++ * functions know that there is a commited string available from IM. ++ */ ++ if (((ev->type == KeyPress) || (ev->type == KeyRelease))) { ++ if (((XKeyEvent *)ev)->keycode == 0) { ++ return True; ++ } ++ } ++ + #ifdef EXT_FORWARD + if (((ev->type == KeyPress) || (ev->type == KeyRelease))) + if (_XimExtForwardKeyEvent(ic, (XKeyEvent *)ev, sync)) +@@ -604,6 +615,19 @@ _XimUnregCommitInfo( + Xfree(info->keysym); + ic->private.proto.commit_info = info->next; + Xfree(info); ++ ++ /* ++ * "Commit" uses fabricated flag to process a commited string ++ * from IM engine. ++ * Turn off the fabricated flag here (unregister the commited ++ * information function). Otherwise, next regular key press ++ * event will be ignored at _XimProtoKeypressFilter() and it ++ * will not be passed to IM engine. ++ */ ++ if (IS_FABRICATED(ic)) { ++ UNMARK_FABRICATED(ic); ++ } ++ + return; + } + diff --git a/libX11.spec b/libX11.spec new file mode 100644 index 0000000..19058f6 --- /dev/null +++ b/libX11.spec @@ -0,0 +1,292 @@ +%global tarball libX11 +#global gitdate 20130524 +%global gitversion a3bdd2b09 + +Summary: Core X11 protocol client library +Name: libX11 +Version: 1.7.0 +Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} +License: MIT +URL: http://www.x.org + +%if 0%{?gitdate} +Source0: %{tarball}-%{gitdate}.tar.bz2 +Source1: make-git-snapshot.sh +Source2: commitid +%else +Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2 +%endif + +Patch2: dont-forward-keycode-0.patch +Patch3: 0001-makekeys-handle-the-new-_EVDEVK-xorgproto-symbols.patch +# CVE-2023-3138 +Patch4: 0001-InitExt.c-Add-bounds-checks-for-extension-request-ev.patch + +# CVE-2023-43785 +Patch5: 0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch + +# CVE-2023-43786 +Patch6: 0001-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch +Patch7: 0002-XPutImage-clip-images-to-maximum-height-width-allowe.patch +Patch8: 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch + +# CVE-2023-43787 +Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch + +BuildRequires: make +BuildRequires: xorg-x11-util-macros >= 1.11 +BuildRequires: pkgconfig(xproto) >= 7.0.15 +BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4 +BuildRequires: libxcb-devel >= 1.2 +BuildRequires: pkgconfig(xau) pkgconfig(xdmcp) +BuildRequires: perl(Pod::Usage) + +Requires: %{name}-common >= %{version}-%{release} + +%description +Core X11 protocol client library. + +%package common +Summary: Common data for libX11 +BuildArch: noarch + +%description common +libX11 common data + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-xcb = %{version}-%{release} + +%description devel +X.Org X11 libX11 development package + +%package xcb +Summary: XCB interop for libX11 +Conflicts: %{name} < %{version}-%{release} + +%description xcb +libX11/libxcb interoperability library + +%prep +%autosetup -p1 -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}} + +%build +autoreconf -v --install --force +%configure --disable-silent-rules --disable-static + +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" + +# create/own compose cache dir +mkdir -p $RPM_BUILD_ROOT/var/cache/libX11/compose + +# We intentionally don't ship *.la files +find $RPM_BUILD_ROOT -type f -name '*.la' -delete + +# FIXME: Don't install Xcms.txt - find out why upstream still ships this. +find $RPM_BUILD_ROOT -name 'Xcms.txt' -delete + +# FIXME package these properly +rm -rf $RPM_BUILD_ROOT%{_docdir} + +%check +make %{?_smp_mflags} check + +%ldconfig_post +%ldconfig_postun + +%files +%{_libdir}/libX11.so.6 +%{_libdir}/libX11.so.6.4.0 + +%files xcb +%{_libdir}/libX11-xcb.so.1 +%{_libdir}/libX11-xcb.so.1.0.0 + +%files common +%doc AUTHORS COPYING README.md NEWS +%{_datadir}/X11/locale/ +%{_datadir}/X11/XErrorDB +%dir /var/cache/libX11 +%dir /var/cache/libX11/compose + +%files devel +%{_includedir}/X11/ImUtil.h +%{_includedir}/X11/XKBlib.h +%{_includedir}/X11/Xcms.h +%{_includedir}/X11/Xlib.h +%{_includedir}/X11/XlibConf.h +%{_includedir}/X11/Xlibint.h +%{_includedir}/X11/Xlib-xcb.h +%{_includedir}/X11/Xlocale.h +%{_includedir}/X11/Xregion.h +%{_includedir}/X11/Xresource.h +%{_includedir}/X11/Xutil.h +%{_includedir}/X11/cursorfont.h +%{_includedir}/X11/extensions/XKBgeom.h +%{_libdir}/libX11.so +%{_libdir}/libX11-xcb.so +%{_libdir}/pkgconfig/x11.pc +%{_libdir}/pkgconfig/x11-xcb.pc +%{_mandir}/man3/*.3* +%{_mandir}/man5/*.5* + +%changelog +* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 1.7.0-9 +- Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() +- Fix CVE-2023-43786: stack exhaustion from infinite recursion in + PutSubImage() +- Fix CVE-2023-43787: integer overflow in XCreateImage() leading to + a heap overflow + +* Wed Jul 05 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.7.0-8 +- CVE fix for: CVE-2023-3138 + Resolve: rhbz#2213763 + +* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Aug 03 2021 Peter Hutterer <peter.hutterer@redhat.com> - 1.7.0-6 +- Parse the EVDEVK keysyms (#1988944) + +* Tue May 04 2021 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-5 +- Rebuild to pick up the new xorgproto keysyms (#1954345) + +* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.0-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-2 +- libX11 1.7.0 (with the tarball this time) + +* Tue Dec 01 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.7.0-1 +- libX11 1.7.0 +- switch to using the autosetup rpm macro + +* Mon Nov 09 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.6.12-3 +- Fix a race-condition in poll_for_response (#1758384) + +* Thu Nov 5 11:12:56 AEST 2020 Peter Hutterer <peter.hutterer@redhat.com> - 1.6.12-2 +- Add BuildRequires for make + +* Wed Aug 26 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.6.12-1 +- libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344) + +* Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.6.9-5 +- Fix server reply validation issue in XIM (CVE 2020-14344) + +* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Dec 11 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.9-2 +- handle ssharp in XConvertCase + +* Wed Oct 09 2019 Adam Jackson <ajax@redhat.com> - 1.6.9-1 +- libX11 1.6.9 + +* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 20 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.8-2 +- rebuild to pick up the new xorgproto keysyms + +* Thu Jun 20 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.6.8-1 +- libX11 1.6.8 + +* Thu Mar 21 2019 Adam Jackson <ajax@redhat.com> - 1.6.7-3 +- Rebuild for xtrans 1.4.0 + +* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Oct 09 2018 Adam Jackson <ajax@redhat.com> - 1.6.7-1 +- libX11 1.6.7 + +* Tue Aug 21 2018 Adam Jackson <ajax@redhat.com> - 1.6.6-1 +- libX11 1.6.6 + +* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 29 2018 Adam Jackson <ajax@redhat.com> - 1.6.5-8 +- Use ldconfig scriptlet macros + +* Fri Mar 23 2018 Peter Hutterer <peter.hutterer@redhat.com> 1.6.5-7 +- Fix FTBS caused by fake size in the XimCacheStruct (#1556616) + +* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Oct 17 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.5-5 +- run make check as part of the build (#1502658) + +* Tue Aug 01 2017 Adam Jackson <ajax@redhat.com> - 1.6.5-4 +- Split libX11-xcb to its own subpackage. This doesn't have much effect at + the moment because x11-xcb.pc still lists both libX11 and libxcb in + Requires, but once that's fixed eg. libEGL should be able to be installed + without libX11. + +* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri May 12 2017 Hans de Goede <hdegoede@redhat.com> - 1.6.5-2 +- Rebuild against new xproto to pick up support for new keysyms + +* Wed Apr 26 2017 Adam Jackson <ajax@redhat.com> - 1.6.5-1 +- libX11 1.6.5 + +* Thu Feb 16 2017 Rex Dieter <rdieter@fedoraproject.org> - 1.6.4-6 +- create/own /var/cache/libx11/compose (#962764) +- %%build: --disable-silent-rules + +* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 20 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-4 +- Actually apply the patch from 1.6.4-3 + +* Mon Jan 09 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-3 +- Fix a bug in the memory leak fix from 1.6.4-2 + +* Thu Jan 05 2017 Peter Hutterer <peter.hutterer@redhat.com> 1.6.4-2 +- Plug a memory leak in XListFonts() + +* Wed Oct 05 2016 Adam Jackson <ajax@redhat.com> - 1.6.4-1 +- libX11 1.6.4 + +* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jan 28 2016 Peter Hutterer <peter.hutterer@redhat.com> +- Remove unnecessary defattr + +* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Mar 10 2015 Adam Jackson <ajax@redhat.com> 1.6.3-1 +- libX11 1.6.3 + +* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jun 30 2014 Adam Jackson <ajax@redhat.com> 1.6.2-1 +- libX11 1.6.2 plus a fix for interleaved xcb/xlib usage +- Use >= for the -common Requires + +* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jul 30 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.6.1-1 +- libX11 1.6.1 + +* Tue Jun 04 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.6.0-1 +- libX11 1.6.0 @@ -0,0 +1 @@ +f46572566e2cec801609d25f735285b7 libX11-1.7.0.tar.bz2 |