fix CVE-2022-3550

backport-CVE-2022-3550.patch

@@ -0,0 +1,28 @@
+From f908421d43959a44ff940fd89fd0e35150cfe3f9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 26 May 2023 15:10:01 +0800
+Subject: [PATCH] xkb: proof GetCountedString against request length attacks
+
+---
+ xkb/xkb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index aa98578..87b73df 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
+     CARD16 len;
+ 
+     wire = *wire_inout;
++
++    if (client->req_len < 
++        bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
++        return BadValue;
++
+     len = *(CARD16 *) wire;
+     if (client->swapped) {
+         swaps(&len);
+-- 
+2.20.1
+

xorg-x11-server.spec

@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.8
-Release:        18
+Release:        19
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -105,6 +105,7 @@ Patch6015: backport-CVE-2022-46344.patch
 Patch6016: backport-CVE-2022-4283.patch
 Patch6017: backport-CVE-2023-0494.patch
 Patch6018: backport-CVE-2023-1393.patch
+Patch6019: backport-CVE-2022-3550.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git gcc
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -347,6 +348,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_libdir}/xorg/protocol.txt
 
 %changelog
+* Fri May 26 2023 leeffo <liweiganga@uniontech.com> -1.20.8-19
+- fix CVE-2022-3550
+
 * Thu Apr 13 2023 liweiganga <liweiganga@uniontech.com> -1.20.8-18
 - fix CVE-2023-1393
 
@@ -403,7 +407,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 - SUG:NA
 - DESC:fix CVE-2021-3472
 
-* Mon Feb 01 2020 yeah_wang<wangye70@huawei.com> - 1.20.8-4
+* Mon Feb 01 2021 yeah_wang<wangye70@huawei.com> - 1.20.8-4
 - Type:CVE
 - Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712
 - SUG:NA