From 2830bd4be1d34b044fcb3e7fa205199bafc49029 Mon Sep 17 00:00:00 2001
From: zhanzhimin <zhanzhimin@huawei.com>
Date: Sat, 5 Jun 2021 14:48:25 +0800
Subject: [PATCH] fix CVE-2021-3472

---
 backport-CVE-2021-3472.patch | 36 ++++++++++++++++++++++++++++++++++++
 xorg-x11-server.spec         |  9 ++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-3472.patch

diff --git a/backport-CVE-2021-3472.patch b/backport-CVE-2021-3472.patch
new file mode 100644
index 0000000..fd5bee9
--- /dev/null
+++ b/backport-CVE-2021-3472.patch
@@ -0,0 +1,36 @@
+From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sun, 21 Mar 2021 18:38:57 +0100
+Subject: [PATCH] Fix XChangeFeedbackControl() request underflow
+
+CVE-2021-3472 / ZDI-CAN-1259
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+---
+ Xi/chgfctl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
+index 1de4da9..7a597e4 100644
+--- a/Xi/chgfctl.c
++++ b/Xi/chgfctl.c
+@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
+         break;
+     case StringFeedbackClass:
+     {
+-        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
++        xStringFeedbackCtl *f;
+ 
++        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
++                                    sizeof(xStringFeedbackCtl));
++        f = ((xStringFeedbackCtl *) &stuff[1]);
+         if (client->swapped) {
+             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
+                 return BadLength;
+-- 
+2.23.0
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 14a4c8c..1de44fd 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.10
-Release:        1
+Release:        2
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -78,6 +78,7 @@ Patch0026: 0022-xwayland-Call-xwl_window_check_resolution_change_emu.patch
 Patch0027: 0023-xwayland-Fix-setting-of-_XWAYLAND_RANDR_EMU_MONITOR_.patch
 Patch0028: 0024-xwayland-Remove-unnecessary-xwl_window_is_toplevel-c.patch
 Patch0029: xorg-s11-server-CVE-2018-20839.patch
+Patch0030: backport-CVE-2021-3472.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -320,6 +321,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_libdir}/xorg/protocol.txt
 
 %changelog
+* Sat Jun 05 2021 zhanzhimin<zhanzhimin@huawei.com> - 1.20.10-2
+- Type:CVE
+- Id:CVE-2021-3472
+- SUG:NA
+- DESC:fix CVE-2021-3472
+
 * Sat Jan 30 2021 jinzhimin<jinzhmin2@huawei.com> - 1.20.10-1
 - Upgrade to 1.20.10
 
-- 
Gitee