!112 fix CVE-2022-3551,CVE-2022-3553

From: @kerongw 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2022-3551.patch

@@ -1,21 +1,24 @@
-From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001
+From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
+From: Peter Hutterer <peter.hutterer@who-t.net>
-Date: Mon, 24 Oct 2022 17:06:15 +0800
+Date: Wed, 13 Jul 2022 11:23:09 +1000
-Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
+Subject: xkb: fix some possible memleaks in XkbGetKbdByName
 
 GetComponentByName returns an allocated string, so let's free that if we
 fail somewhere.
 
-Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+Conflict:NA
+Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2
 ---
- xkb/xkb.c | 24 ++++++++++++++++++++----
+ xkb/xkb.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 4 deletions(-)
+ 1 file changed, 20 insertions(+), 6 deletions(-)
 
 diff --git a/xkb/xkb.c b/xkb/xkb.c
-index 4dccc62..123671a 100644
+index 4692895db..b79a269e3 100644
 --- a/xkb/xkb.c
 +++ b/xkb/xkb.c
-@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client)
+@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
      xkb = dev->key->xkbInfo->desc;
      status = Success;
      str = (unsigned char *) &stuff[1];
@@ -47,14 +50,13 @@ index 4dccc62..123671a 100644
 +        free(names.symbols);
 +        free(names.geometry);
          return status;
-     len = str - ((unsigned char *) stuff);
+-    len = str - ((unsigned char *) stuff);
-     if ((XkbPaddedSize(len) / 4) != stuff->length)
+-    if ((XkbPaddedSize(len) / 4) != stuff->length)
-         return BadLength;
+-        return BadLength;
--
 +    }
+ 
      CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
      CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
- 
 -- 
-2.33.0
+cgit v1.2.1
 

backport-CVE-2022-3553.patch

@@ -0,0 +1,46 @@
+From dfd057996b26420309c324ec844a5ba6dd07eda3 Mon Sep 17 00:00:00 2001
+From: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
+Date: Sat, 2 Jul 2022 14:17:18 -0700
+Subject: xquartz: Fix a possible crash when editing the Application menu due
+ to mutaing immutable arrays
+
+Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object
+
+Application Specific Backtrace 0:
+0   CoreFoundation                      0x00007ff80d2c5e9b __exceptionPreprocess + 242
+1   libobjc.A.dylib                     0x00007ff80d027e48 objc_exception_throw + 48
+2   CoreFoundation                      0x00007ff80d38167b _CFThrowFormattedException + 194
+3   CoreFoundation                      0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0
+4   CoreFoundation                      0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119
+5   X11.bin                             0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169
+
+Fixes: https://github.com/XQuartz/XQuartz/issues/267
+Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
+
+Conflict:NA
+Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
+---
+ hw/xquartz/X11Controller.m | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m
+index 3b55bb6a5..e9a939312 100644
+--- a/hw/xquartz/X11Controller.m
++++ b/hw/xquartz/X11Controller.m
+@@ -469,8 +469,11 @@ extern char *bundle_id_prefix;
+     self.table_apps = table_apps;
+ 
+     NSArray * const apps = self.apps;
+-    if (apps != nil)
+-        [table_apps addObjectsFromArray:apps];
++    if (apps != nil) {
++        for (NSArray <NSString *> * row in apps) {
++            [table_apps addObject:row.mutableCopy];
++        }
++    }
+ 
+     columns = [apps_table tableColumns];
+     [[columns objectAtIndex:0] setIdentifier:@"0"];
+-- 
+cgit v1.2.1
+

gitignore

@@ -283,7 +283,6 @@ include/xkb-config.h
 include/xorg-config.h
 include/xorg-server.h
 include/xwin-config.h
-include/dix-config.h
 mfb/mfbbltC.c
 mfb/mfbbltCI.c
 mfb/mfbbltG.c

xorg-x11-server.spec

@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.11
-Release:        11
+Release:        12
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -89,10 +89,11 @@ Patch6004: backport-rename-bool-to-boolean.patch
 Patch6005: backport-0001-CVE-2022-2319.patch
 Patch6006: backport-0002-CVE-2022-2319.patch
 Patch6007: backport-CVE-2022-2320.patch
-Patch6008: CVE-2022-3551.patch
+Patch6008: backport-CVE-2022-3551.patch
 %ifarch sw_64
 Patch6009: xorg-server-1.20.11-sw.patch
 %endif
+Patch6010: backport-CVE-2022-3553.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex git gcc 
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -436,6 +437,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_mandir}/man*/*
 
 %changelog
+* Fri Nov 18 2022 wangkerong <wangkerong@h-partners.com> -1.20.11-12
+- fix CVE-2022-3551,CVE-2022-3553
+
 * Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.20.11-11
 - Add sw64 architecture