3 files changed, 256 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch
new file mode 100644
index 0000000000..b0e2bcad43
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch
@@ -0,0 +1,145 @@
+From 20079c36cf7d377938ca5478447d8b9045cb7d43 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Fri, 16 Jan 2015 08:44:45 +0100
+Subject: [PATCH] xkb: Check strings length against request size
+Ensure that the given strings length in an XkbSetGeometry request remain
+within the limits of the size of the request.
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Upstream-Status: backport
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ xkb/xkb.c |   65 +++++++++++++++++++++++++++++++++++++------------------------
+ 1 file changed, 40 insertions(+), 25 deletions(-)
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index b9a3ac4..f3988f9 100644
+--- a/xkb/xkb.c
+++ b/xkb/xkb.c
+@@ -4957,25 +4957,29 @@ ProcXkbGetGeometry(ClientPtr client)
+ 
+ /***====================================================================***/
+ 
+-static char *
+-_GetCountedString(char **wire_inout, Bool swap)
+static Status
+_GetCountedString(char **wire_inout, ClientPtr client, char **str)
+ {
+-    char *wire, *str;
+    char *wire, *next;
+     CARD16 len;
+ 
+     wire = *wire_inout;
+     len = *(CARD16 *) wire;
+-    if (swap) {
+    if (client->swapped) {
+         swaps(&len);
+     }
+-    str = malloc(len + 1);
+-    if (str) {
+-        memcpy(str, &wire[2], len);
+-        str[len] = '\0';
+-    }
+-    wire += XkbPaddedSize(len + 2);
+-    *wire_inout = wire;
+-    return str;
+    next = wire + XkbPaddedSize(len + 2);
+    /* Check we're still within the size of the request */
+    if (client->req_len <
+        bytes_to_int32(next - (char *) client->requestBuffer))
+        return BadValue;
+    *str = malloc(len + 1);
+    if (!*str)
+        return BadAlloc;
+    memcpy(*str, &wire[2], len);
+    *(*str + len) = '\0';
+    *wire_inout = next;
+    return Success;
+ }
+ 
+ static Status
+@@ -4987,6 +4991,7 @@ _CheckSetDoodad(char **wire_inout,
+     xkbAnyDoodadWireDesc any;
+     xkbTextDoodadWireDesc text;
+     XkbDoodadPtr doodad;
+    Status status;
+ 
+     dWire = (xkbDoodadWireDesc *) (*wire_inout);
+     any = dWire->any;
+@@ -5036,8 +5041,14 @@ _CheckSetDoodad(char **wire_inout,
+         doodad->text.width = text.width;
+         doodad->text.height = text.height;
+         doodad->text.color_ndx = dWire->text.colorNdx;
+-        doodad->text.text = _GetCountedString(&wire, client->swapped);
+-        doodad->text.font = _GetCountedString(&wire, client->swapped);
+        status = _GetCountedString(&wire, client, &doodad->text.text);
+        if (status != Success)
+            return status;
+        status = _GetCountedString(&wire, client, &doodad->text.font);
+        if (status != Success) {
+            free (doodad->text.text);
+            return status;
+        }
+         break;
+     case XkbIndicatorDoodad:
+         if (dWire->indicator.onColorNdx >= geom->num_colors) {
+@@ -5072,7 +5083,9 @@ _CheckSetDoodad(char **wire_inout,
+         }
+         doodad->logo.color_ndx = dWire->logo.colorNdx;
+         doodad->logo.shape_ndx = dWire->logo.shapeNdx;
+-        doodad->logo.logo_name = _GetCountedString(&wire, client->swapped);
+        status = _GetCountedString(&wire, client, &doodad->logo.logo_name);
+        if (status != Success)
+            return status;
+         break;
+     default:
+         client->errorValue = _XkbErrCode2(0x4F, dWire->any.type);
+@@ -5304,18 +5317,20 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
+     char *wire;
+ 
+     wire = (char *) &req[1];
+-    geom->label_font = _GetCountedString(&wire, client->swapped);
+    status = _GetCountedString(&wire, client, &geom->label_font);
+    if (status != Success)
+        return status;
+ 
+     for (i = 0; i < req->nProperties; i++) {
+         char *name, *val;
+ 
+-        name = _GetCountedString(&wire, client->swapped);
+-        if (!name)
+-            return BadAlloc;
+-        val = _GetCountedString(&wire, client->swapped);
+-        if (!val) {
+        status = _GetCountedString(&wire, client, &name);
+        if (status != Success)
+            return status;
+        status = _GetCountedString(&wire, client, &val);
+        if (status != Success) {
+             free(name);
+-            return BadAlloc;
+            return status;
+         }
+         if (XkbAddGeomProperty(geom, name, val) == NULL) {
+             free(name);
+@@ -5349,9 +5364,9 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
+     for (i = 0; i < req->nColors; i++) {
+         char *name;
+ 
+-        name = _GetCountedString(&wire, client->swapped);
+-        if (!name)
+-            return BadAlloc;
+        status = _GetCountedString(&wire, client, &name);
+        if (status != Success)
+            return status;
+         if (!XkbAddGeomColor(geom, name, geom->num_colors)) {
+             free(name);
+             return BadAlloc;
+-- 
+1.7.9.5
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch
new file mode 100644
index 0000000000..c841dbe87e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch
@@ -0,0 +1,109 @@
+From 81c90dc8f0aae3b65730409b1b615b5fa7280ebd Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Fri, 16 Jan 2015 20:08:59 +0100
+Subject: [PATCH] xkb: Don't swap XkbSetGeometry data in the input buffer
+The XkbSetGeometry request embeds data which needs to be swapped when the
+server and the client have different endianess.
+_XkbSetGeometry() invokes functions that swap these data directly in the
+input buffer.
+However, ProcXkbSetGeometry() may call _XkbSetGeometry() more than once
+(if there is more than one keyboard), thus causing on swapped clients the
+same data to be swapped twice in memory, further causing a server crash
+because the strings lengths on the second time are way off bounds.
+To allow _XkbSetGeometry() to run reliably more than once with swapped
+clients, do not swap the data in the buffer, use variables instead.
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Upstream-Status: backport
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ xkb/xkb.c |   35 +++++++++++++++++++----------------
+ 1 file changed, 19 insertions(+), 16 deletions(-)
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 15c7f34..b9a3ac4 100644
+--- a/xkb/xkb.c
+++ b/xkb/xkb.c
+@@ -4961,14 +4961,13 @@ static char *
+ _GetCountedString(char **wire_inout, Bool swap)
+ {
+     char *wire, *str;
+-    CARD16 len, *plen;
+    CARD16 len;
+ 
+     wire = *wire_inout;
+-    plen = (CARD16 *) wire;
+    len = *(CARD16 *) wire;
+     if (swap) {
+-        swaps(plen);
+        swaps(&len);
+     }
+-    len = *plen;
+     str = malloc(len + 1);
+     if (str) {
+         memcpy(str, &wire[2], len);
+@@ -4985,25 +4984,28 @@ _CheckSetDoodad(char **wire_inout,
+ {
+     char *wire;
+     xkbDoodadWireDesc *dWire;
+    xkbAnyDoodadWireDesc any;
+    xkbTextDoodadWireDesc text;
+     XkbDoodadPtr doodad;
+ 
+     dWire = (xkbDoodadWireDesc *) (*wire_inout);
+    any = dWire->any;
+     wire = (char *) &dWire[1];
+     if (client->swapped) {
+-        swapl(&dWire->any.name);
+-        swaps(&dWire->any.top);
+-        swaps(&dWire->any.left);
+-        swaps(&dWire->any.angle);
+        swapl(&any.name);
+        swaps(&any.top);
+        swaps(&any.left);
+        swaps(&any.angle);
+     }
+     CHK_ATOM_ONLY(dWire->any.name);
+-    doodad = XkbAddGeomDoodad(geom, section, dWire->any.name);
+    doodad = XkbAddGeomDoodad(geom, section, any.name);
+     if (!doodad)
+         return BadAlloc;
+     doodad->any.type = dWire->any.type;
+     doodad->any.priority = dWire->any.priority;
+-    doodad->any.top = dWire->any.top;
+-    doodad->any.left = dWire->any.left;
+-    doodad->any.angle = dWire->any.angle;
+    doodad->any.top = any.top;
+    doodad->any.left = any.left;
+    doodad->any.angle = any.angle;
+     switch (doodad->any.type) {
+     case XkbOutlineDoodad:
+     case XkbSolidDoodad:
+@@ -5026,12 +5028,13 @@ _CheckSetDoodad(char **wire_inout,
+                                               dWire->text.colorNdx);
+             return BadMatch;
+         }
+        text = dWire->text;
+         if (client->swapped) {
+-            swaps(&dWire->text.width);
+-            swaps(&dWire->text.height);
+            swaps(&text.width);
+            swaps(&text.height);
+         }
+-        doodad->text.width = dWire->text.width;
+-        doodad->text.height = dWire->text.height;
+        doodad->text.width = text.width;
+        doodad->text.height = text.height;
+         doodad->text.color_ndx = dWire->text.colorNdx;
+         doodad->text.text = _GetCountedString(&wire, client->swapped);
+         doodad->text.font = _GetCountedString(&wire, client->swapped);
+-- 
+1.7.9.5
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb
index 9d9ede2afc..cfbc491fcc 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb
@@ -6,6 +6,8 @@ SRC_URI += "file://fix_open_max_preprocessor_error.patch \
            file://xshmfence-option.patch \
            file://Fix-subwindow-in-Xi-emulated-events.patch \
            file://xtrans.patch \
+            file://0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch \
+            file://0001-xkb-Check-strings-length-against-request-size.patch \
           "
 SRC_URI[md5sum] = "afd93977235584a9caa7528a737c1b52"

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch new file mode 100644 index 0000000000..b0e2bcad43 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch
@@ -0,0 +1,145 @@
		1	From 20079c36cf7d377938ca5478447d8b9045cb7d43 Mon Sep 17 00:00:00 2001
		2	From: Olivier Fourdan <ofourdan@redhat.com>
		3	Date: Fri, 16 Jan 2015 08:44:45 +0100
		4	Subject: [PATCH] xkb: Check strings length against request size
		5
		6	Ensure that the given strings length in an XkbSetGeometry request remain
		7	within the limits of the size of the request.
		8
		9	Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
		10	Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
		11	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
		12
		13	Upstream-Status: backport
		14
		15	Signed-off-by: Li Zhou <li.zhou@windriver.com>
		16	---
		17	xkb/xkb.c \| 65 +++++++++++++++++++++++++++++++++++++------------------------
		18	1 file changed, 40 insertions(+), 25 deletions(-)
		19
		20	diff --git a/xkb/xkb.c b/xkb/xkb.c
		21	index b9a3ac4..f3988f9 100644
		22	--- a/xkb/xkb.c
		23	+++ b/xkb/xkb.c
		24	@@ -4957,25 +4957,29 @@ ProcXkbGetGeometry(ClientPtr client)
		25
		26	/*====================================================================*/
		27
		28	-static char *
		29	-_GetCountedString(char **wire_inout, Bool swap)
		30	+static Status
		31	+_GetCountedString(char wire_inout, ClientPtr client, char str)
		32	{
		33	- char wire, str;
		34	+ char wire, next;
		35	CARD16 len;
		36
		37	wire = *wire_inout;
		38	len = (CARD16 ) wire;
		39	- if (swap) {
		40	+ if (client->swapped) {
		41	swaps(&len);
		42	}
		43	- str = malloc(len + 1);
		44	- if (str) {
		45	- memcpy(str, &wire[2], len);
		46	- str[len] = '\0';
		47	- }
		48	- wire += XkbPaddedSize(len + 2);
		49	- *wire_inout = wire;
		50	- return str;
		51	+ next = wire + XkbPaddedSize(len + 2);
		52	+ /* Check we're still within the size of the request */
		53	+ if (client->req_len <
		54	+ bytes_to_int32(next - (char *) client->requestBuffer))
		55	+ return BadValue;
		56	+ *str = malloc(len + 1);
		57	+ if (!*str)
		58	+ return BadAlloc;
		59	+ memcpy(*str, &wire[2], len);
		60	+ (str + len) = '\0';
		61	+ *wire_inout = next;
		62	+ return Success;
		63	}
		64
		65	static Status
		66	@@ -4987,6 +4991,7 @@ _CheckSetDoodad(char **wire_inout,
		67	xkbAnyDoodadWireDesc any;
		68	xkbTextDoodadWireDesc text;
		69	XkbDoodadPtr doodad;
		70	+ Status status;
		71
		72	dWire = (xkbDoodadWireDesc ) (wire_inout);
		73	any = dWire->any;
		74	@@ -5036,8 +5041,14 @@ _CheckSetDoodad(char **wire_inout,
		75	doodad->text.width = text.width;
		76	doodad->text.height = text.height;
		77	doodad->text.color_ndx = dWire->text.colorNdx;
		78	- doodad->text.text = _GetCountedString(&wire, client->swapped);
		79	- doodad->text.font = _GetCountedString(&wire, client->swapped);
		80	+ status = _GetCountedString(&wire, client, &doodad->text.text);
		81	+ if (status != Success)
		82	+ return status;
		83	+ status = _GetCountedString(&wire, client, &doodad->text.font);
		84	+ if (status != Success) {
		85	+ free (doodad->text.text);
		86	+ return status;
		87	+ }
		88	break;
		89	case XkbIndicatorDoodad:
		90	if (dWire->indicator.onColorNdx >= geom->num_colors) {
		91	@@ -5072,7 +5083,9 @@ _CheckSetDoodad(char **wire_inout,
		92	}
		93	doodad->logo.color_ndx = dWire->logo.colorNdx;
		94	doodad->logo.shape_ndx = dWire->logo.shapeNdx;
		95	- doodad->logo.logo_name = _GetCountedString(&wire, client->swapped);
		96	+ status = _GetCountedString(&wire, client, &doodad->logo.logo_name);
		97	+ if (status != Success)
		98	+ return status;
		99	break;
		100	default:
		101	client->errorValue = _XkbErrCode2(0x4F, dWire->any.type);
		102	@@ -5304,18 +5317,20 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
		103	char *wire;
		104
		105	wire = (char *) &req[1];
		106	- geom->label_font = _GetCountedString(&wire, client->swapped);
		107	+ status = _GetCountedString(&wire, client, &geom->label_font);
		108	+ if (status != Success)
		109	+ return status;
		110
		111	for (i = 0; i < req->nProperties; i++) {
		112	char name, val;
		113
		114	- name = _GetCountedString(&wire, client->swapped);
		115	- if (!name)
		116	- return BadAlloc;
		117	- val = _GetCountedString(&wire, client->swapped);
		118	- if (!val) {
		119	+ status = _GetCountedString(&wire, client, &name);
		120	+ if (status != Success)
		121	+ return status;
		122	+ status = _GetCountedString(&wire, client, &val);
		123	+ if (status != Success) {
		124	free(name);
		125	- return BadAlloc;
		126	+ return status;
		127	}
		128	if (XkbAddGeomProperty(geom, name, val) == NULL) {
		129	free(name);
		130	@@ -5349,9 +5364,9 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
		131	for (i = 0; i < req->nColors; i++) {
		132	char *name;
		133
		134	- name = _GetCountedString(&wire, client->swapped);
		135	- if (!name)
		136	- return BadAlloc;
		137	+ status = _GetCountedString(&wire, client, &name);
		138	+ if (status != Success)
		139	+ return status;
		140	if (!XkbAddGeomColor(geom, name, geom->num_colors)) {
		141	free(name);
		142	return BadAlloc;
		143	--
		144	1.7.9.5
		145


diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch new file mode 100644 index 0000000000..c841dbe87e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch
@@ -0,0 +1,109 @@
		1	From 81c90dc8f0aae3b65730409b1b615b5fa7280ebd Mon Sep 17 00:00:00 2001
		2	From: Olivier Fourdan <ofourdan@redhat.com>
		3	Date: Fri, 16 Jan 2015 20:08:59 +0100
		4	Subject: [PATCH] xkb: Don't swap XkbSetGeometry data in the input buffer
		5
		6	The XkbSetGeometry request embeds data which needs to be swapped when the
		7	server and the client have different endianess.
		8
		9	_XkbSetGeometry() invokes functions that swap these data directly in the
		10	input buffer.
		11
		12	However, ProcXkbSetGeometry() may call _XkbSetGeometry() more than once
		13	(if there is more than one keyboard), thus causing on swapped clients the
		14	same data to be swapped twice in memory, further causing a server crash
		15	because the strings lengths on the second time are way off bounds.
		16
		17	To allow _XkbSetGeometry() to run reliably more than once with swapped
		18	clients, do not swap the data in the buffer, use variables instead.
		19
		20	Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
		21	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
		22
		23	Upstream-Status: backport
		24
		25	Signed-off-by: Li Zhou <li.zhou@windriver.com>
		26	---
		27	xkb/xkb.c \| 35 +++++++++++++++++++----------------
		28	1 file changed, 19 insertions(+), 16 deletions(-)
		29
		30	diff --git a/xkb/xkb.c b/xkb/xkb.c
		31	index 15c7f34..b9a3ac4 100644
		32	--- a/xkb/xkb.c
		33	+++ b/xkb/xkb.c
		34	@@ -4961,14 +4961,13 @@ static char *
		35	_GetCountedString(char **wire_inout, Bool swap)
		36	{
		37	char wire, str;
		38	- CARD16 len, *plen;
		39	+ CARD16 len;
		40
		41	wire = *wire_inout;
		42	- plen = (CARD16 *) wire;
		43	+ len = (CARD16 ) wire;
		44	if (swap) {
		45	- swaps(plen);
		46	+ swaps(&len);
		47	}
		48	- len = *plen;
		49	str = malloc(len + 1);
		50	if (str) {
		51	memcpy(str, &wire[2], len);
		52	@@ -4985,25 +4984,28 @@ _CheckSetDoodad(char **wire_inout,
		53	{
		54	char *wire;
		55	xkbDoodadWireDesc *dWire;
		56	+ xkbAnyDoodadWireDesc any;
		57	+ xkbTextDoodadWireDesc text;
		58	XkbDoodadPtr doodad;
		59
		60	dWire = (xkbDoodadWireDesc ) (wire_inout);
		61	+ any = dWire->any;
		62	wire = (char *) &dWire[1];
		63	if (client->swapped) {
		64	- swapl(&dWire->any.name);
		65	- swaps(&dWire->any.top);
		66	- swaps(&dWire->any.left);
		67	- swaps(&dWire->any.angle);
		68	+ swapl(&any.name);
		69	+ swaps(&any.top);
		70	+ swaps(&any.left);
		71	+ swaps(&any.angle);
		72	}
		73	CHK_ATOM_ONLY(dWire->any.name);
		74	- doodad = XkbAddGeomDoodad(geom, section, dWire->any.name);
		75	+ doodad = XkbAddGeomDoodad(geom, section, any.name);
		76	if (!doodad)
		77	return BadAlloc;
		78	doodad->any.type = dWire->any.type;
		79	doodad->any.priority = dWire->any.priority;
		80	- doodad->any.top = dWire->any.top;
		81	- doodad->any.left = dWire->any.left;
		82	- doodad->any.angle = dWire->any.angle;
		83	+ doodad->any.top = any.top;
		84	+ doodad->any.left = any.left;
		85	+ doodad->any.angle = any.angle;
		86	switch (doodad->any.type) {
		87	case XkbOutlineDoodad:
		88	case XkbSolidDoodad:
		89	@@ -5026,12 +5028,13 @@ _CheckSetDoodad(char **wire_inout,
		90	dWire->text.colorNdx);
		91	return BadMatch;
		92	}
		93	+ text = dWire->text;
		94	if (client->swapped) {
		95	- swaps(&dWire->text.width);
		96	- swaps(&dWire->text.height);
		97	+ swaps(&text.width);
		98	+ swaps(&text.height);
		99	}
		100	- doodad->text.width = dWire->text.width;
		101	- doodad->text.height = dWire->text.height;
		102	+ doodad->text.width = text.width;
		103	+ doodad->text.height = text.height;
		104	doodad->text.color_ndx = dWire->text.colorNdx;
		105	doodad->text.text = _GetCountedString(&wire, client->swapped);
		106	doodad->text.font = _GetCountedString(&wire, client->swapped);
		107	--
		108	1.7.9.5
		109


diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb index 9d9ede2afc..cfbc491fcc 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.16.3.bb
@@ -6,6 +6,8 @@ SRC_URI += "file://fix_open_max_preprocessor_error.patch \
6	file://xshmfence-option.patch \	6	file://xshmfence-option.patch \
7	file://Fix-subwindow-in-Xi-emulated-events.patch \	7	file://Fix-subwindow-in-Xi-emulated-events.patch \
8	file://xtrans.patch \	8	file://xtrans.patch \
		9	file://0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch \
		10	file://0001-xkb-Check-strings-length-against-request-size.patch \
9	"	11	"
10		12
11	SRC_URI[md5sum] = "afd93977235584a9caa7528a737c1b52"	13	SRC_URI[md5sum] = "afd93977235584a9caa7528a737c1b52"