From fda2b9685e8cbed08e4968e1b304245bd188b2b9 Mon Sep 17 00:00:00 2001
From: chengguipeng <chengguipeng1@huawei.com>
Date: Wed, 30 Sep 2020 15:20:06 +0800
Subject: [PATCH] libX11: fix CVE-2020-14363

Signed-off-by: chengguipeng <chengguipeng1@huawei.com>
---
 CVE-2020-14363.patch | 28 ++++++++++++++++++++++++++++
 libX11.spec          | 10 +++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-14363.patch

diff --git a/CVE-2020-14363.patch b/CVE-2020-14363.patch
new file mode 100644
index 0000000..af5d996
--- /dev/null
+++ b/CVE-2020-14363.patch
@@ -0,0 +1,28 @@
+From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 13 Aug 2020 18:02:58 +0200
+Subject: [PATCH] Fix an integer overflow in init_om()
+CVE-2020-14363
+This can lead to a double free later, as reported by Jayden Rivers.
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ modules/om/generic/omGeneric.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
+index c44acb88..406cec93 100644
+--- a/modules/om/generic/omGeneric.c
++++ b/modules/om/generic/omGeneric.c
+@@ -1908,7 +1908,8 @@ init_om(
+     char **required_list;
+     XOrientation *orientation;
+     char **value, buf[BUFSIZ], *bufptr;
+-    int count = 0, num = 0, length = 0;
++    int count = 0, num = 0;
++    unsigned int length = 0;
+ 
+     _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
+     if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
+-- 
+GitLab
+
diff --git a/libX11.spec b/libX11.spec
index 04d9e23..d127ad2 100644
--- a/libX11.spec
+++ b/libX11.spec
@@ -1,6 +1,6 @@
 Name:		libX11
 Version:	1.6.9
-Release:	3
+Release:	4
 Summary:	Core X11 protocol client library
 License:	MIT
 URL:		http://www.x.org
@@ -8,6 +8,8 @@ Source0:	https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.
 
 Patch1:         dont-forward-keycode-0.patch
 Patch2:         CVE-2020-14344.patch
+Patch3:         CVE-2020-14363.patch
+
 BuildRequires:	xorg-x11-util-macros >= 1.11 xorg-x11-proto-devel perl-Pod-Usage libXau-devel
 BuildRequires:  libxcb-devel >= 1.2 libXdmcp-devel xorg-x11-xtrans-devel >= 1.0.3-4
 
@@ -73,6 +75,12 @@ make %{?_smp_mflags} check
 %{_mandir}/*/*
 
 %changelog
+* Fri Sep 30 2020 chengguipeng<chenguipeng1@huawei.com> - 1.6.9-4
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2020-14363
+
 * Tue Sep 8 2020 zhanghua <zhanghua40@huawei.com> - 1.6.9-3
 - Type:bugfix
 - Id:NA
-- 
Gitee