!17 fix CVE-2025-26595

From: @ultra_planet 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2025-26595.patch

@@ -0,0 +1,58 @@
+From 65977c33a6735b0ffc7d2c691243452f75c1f68c Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 27 Nov 2024 14:41:45 +0100
+Subject: [PATCH] xkb: Fix buffer overflow in XkbVModMaskText()
+
+The code in XkbVModMaskText() allocates a fixed sized buffer on the
+stack and copies the virtual mod name.
+
+There's actually two issues in the code that can lead to a buffer
+overflow.
+
+First, the bound check mixes pointers and integers using misplaced
+parenthesis, defeating the bound check.
+
+But even though, if the check fails, the data is still copied, so the
+stack overflow will occur regardless.
+
+Change the logic to skip the copy entirely if the bound check fails.
+
+(cherry picked from xorg/xserver@11fcda8753e994e15eb915d28cf487660ec8e722)
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/xkbtext.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/xkbtext.c b/src/xkbtext.c
+index 4459ca7..59429b2 100644
+--- a/src/xkbtext.c
++++ b/src/xkbtext.c
+@@ -190,14 +190,14 @@ XkbVModMaskText(Display *       dpy,
+                 len = strlen(tmp) + 1 + (str == buf ? 0 : 1);
+                 if (format == XkbCFile)
+                     len += 4;
+-                if ((str - (buf + len)) <= BUFFER_SIZE) {
+-                    if (str != buf) {
+-                        if (format == XkbCFile)
+-                            *str++ = '|';
+-                        else
+-                            *str++ = '+';
+-                        len--;
+-                    }
++                if ((str - buf) + len > BUFFER_SIZE)
++                    continue; /* Skip */
++                if (str != buf) {
++                    if (format == XkbCFile)
++                        *str++ = '|';
++                    else
++                        *str++ = '+';
++                    len--;
+                 }
+                 if (format == XkbCFile)
+                     sprintf(str, "%sMask", tmp);
+-- 
+GitLab
+

libxkbfile.spec

@@ -1,11 +1,13 @@
 Name:		libxkbfile
 Version:	1.1.0
-Release:        1
+Release:	6
 Summary:	X11 keyboard file manipulation library
 License:	MIT
 URL:		https://www.x.org
 Source0:	https://www.x.org/releases/individual/lib/%{name}-%{version}.tar.bz2
 
+Patch6000:      backport-CVE-2025-26595.patch
+
 BuildRequires:	gcc xorg-x11-proto-devel libX11-devel
 
 %description
@@ -27,6 +29,9 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
 %configure
 %make_build
 
+%check
+make check
+
 %install
 %make_install
 %delete_la_and_a
@@ -35,7 +40,8 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
 
 %files
 %defattr(-,root,root)
-%doc ChangeLog COPYING
+%license COPYING
+%doc ChangeLog
 %{_libdir}/%{name}.so.*
 
 %files devel
@@ -45,6 +51,24 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
 %{_libdir}/%{name}.so
 
 %changelog
+* Thu Feb 27 2025 lingsheng <lingsheng1@h-partners.com> - 1.1.0-6
+- fix CVE-2025-26595
+
+* Wed Oct 26 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.1.0-5
+- Rebuild for next release
+
+* Thu Feb 18 2021 jinzhimin <jinzhimin2@huawei.com> - 1.1.0-4
+- rebuild libxkbfile
+
+* Thu Feb 18 2021 jinzhimin <jinzhimin2@huawei.com> - 1.1.0-3
+- add check in spec
+
+* Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.0-2
+- Type:enhancement
+- Id:NA
+- SUG:NA
+- DESC:modify the location of COPYING
+
 * Fri Sep 6 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.0-1
 - Type:enhancement
 - ID:NA

libxkbfile.yaml

@@ -0,0 +1,5 @@
+version_control: git
+src_repo: https://gitlab.freedesktop.org/xorg/lib/libxmu.git
+tag_prefix: libxkbfile-
+seperator: "."
+