fix CVE-2023-0494

backport-CVE-2023-0494.patch

@@ -0,0 +1,28 @@
+From 4005f77c03f67f1527519969b047c599cba32e36 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 17 Feb 2023 16:34:39 +0800
+Subject: [PATCH] fix CVE-2023-0494
+
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 659816a..0cb8d78 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -575,8 +575,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+                    sizeof(XkbAction));
+         }
+-        else
++        else {
+             free(to->button->xkb_acts);
++            to->button->xkb_acts = NULL;
++        }
+ 
+         memcpy(to->button->labels, from->button->labels,
+                from->button->numButtons * sizeof(Atom));
+-- 
+2.20.1
+

xorg-x11-server.spec

@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.11
-Release:        15
+Release:        16
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -102,6 +102,7 @@ Patch6015: backport-CVE-2022-46343.patch
 Patch6016: backport-Xi-return-an-error-from-XI-property-changes-if-verification-failed.patch
 Patch6017: backport-CVE-2022-46344.patch
 Patch6018: backport-CVE-2022-4283.patch
+Patch6019: backport-CVE-2023-0494.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex git gcc 
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -445,6 +446,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_mandir}/man*/*
 
 %changelog
+* Fri Feb 17 2023 liweiganga <liweiganga@uniontech.com> -1.20.11-16
+- fix CVE-2023-0494
+
 * Tue Jan 10 2023 zhouwenpei <zhouwenpei1@h-partners.com> -1.20.11-15
 - add missing patches