From a5199409383cf3ad166a68e503a5de8d1c5b34c7 Mon Sep 17 00:00:00 2001
From: leeffo <liweiganga@uniontech.com>
Date: Fri, 26 May 2023 15:15:22 +0800
Subject: [PATCH] fix CVE-2022-3550

---
 backport-CVE-2022-3550.patch | 28 ++++++++++++++++++++++++++++
 xorg-x11-server.spec         |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-3550.patch

diff --git a/backport-CVE-2022-3550.patch b/backport-CVE-2022-3550.patch
new file mode 100644
index 0000000..edb244c
--- /dev/null
+++ b/backport-CVE-2022-3550.patch
@@ -0,0 +1,28 @@
+From f908421d43959a44ff940fd89fd0e35150cfe3f9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 26 May 2023 15:10:01 +0800
+Subject: [PATCH] xkb: proof GetCountedString against request length attacks
+
+---
+ xkb/xkb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index aa98578..87b73df 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
+     CARD16 len;
+ 
+     wire = *wire_inout;
++
++    if (client->req_len < 
++        bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
++        return BadValue;
++
+     len = *(CARD16 *) wire;
+     if (client->swapped) {
+         swaps(&len);
+-- 
+2.20.1
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index b4dd754..0495f5a 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.11
-Release:        18
+Release:        19
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -104,6 +104,7 @@ Patch6017: backport-CVE-2022-46344.patch
 Patch6018: backport-CVE-2022-4283.patch
 Patch6019: backport-CVE-2023-0494.patch
 Patch6020: backport-CVE-2023-1393.patch
+Patch6021: backport-CVE-2022-3550.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex git gcc 
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -444,6 +445,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_mandir}/man*/*
 
 %changelog
+* Fri May 26 2023 leeffo <liweiganga@uniontech.com> -1.20.11-19
+- fix CVE-2022-3550
+
 * Wed Apr 12 2023 liweiganga <liweiganga@uniontech.com> -1.20.11-18
 - fix CVE-2023-1393