From 47423fcb03bbbebda80a16011d2a719d285c3844 Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@openbsd.org>
Date: Thu, 3 Nov 2016 10:30:05 +0000
Subject: [PATCH] Update to libXfixes 5.0.3

---
 lib/libXfixes/ChangeLog    | 24 ++++++++++++++++++++++++
 lib/libXfixes/compile      |  2 +-
 lib/libXfixes/configure    | 20 ++++++++++----------
 lib/libXfixes/configure.ac |  2 +-
 4 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/lib/libXfixes/ChangeLog b/lib/libXfixes/ChangeLog
index cdffbb10b..474ead333 100644
--- a/lib/libXfixes/ChangeLog
+++ b/lib/libXfixes/ChangeLog
@@ -1,3 +1,27 @@
+commit 84df9cb81cc31bbed27ba241a23ae04f61da57db
+Author: Matthieu Herrb <matthieu.herrb@laas.fr>
+Date:   Tue Oct 4 21:11:55 2016 +0200
+
+    libXfixes 5.0.3
+    
+    Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+
+commit 61c1039ee23a2d1de712843bed3480654d7ef42e
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date:   Sun Sep 25 22:38:44 2016 +0200
+
+    Integer overflow on illegal server response
+    
+    The 32 bit field "rep.length" is not checked for validity, which allows
+    an integer overflow on 32 bit systems.
+    
+    A malicious server could send INT_MAX as length, which gets multiplied
+    by the size of XRectangle. In that case the client won't read the whole
+    data from server, getting out of sync.
+    
+    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
 commit b2406ed9031991b7ddc5b76b308623afc8a590c5
 Author: Matt Turner <mattst88@gmail.com>
 Date:   Wed May 25 18:53:28 2016 -0700
diff --git a/lib/libXfixes/compile b/lib/libXfixes/compile
index a85b723c7..531136b06 100644
--- a/lib/libXfixes/compile
+++ b/lib/libXfixes/compile
@@ -3,7 +3,7 @@
 
 scriptversion=2012-10-14.11; # UTC
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 # Written by Tom Tromey <tromey@cygnus.com>.
 #
 # This program is free software; you can redistribute it and/or modify
diff --git a/lib/libXfixes/configure b/lib/libXfixes/configure
index 75522fe93..a87d56957 100644
--- a/lib/libXfixes/configure
+++ b/lib/libXfixes/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libXfixes 5.0.2.
+# Generated by GNU Autoconf 2.69 for libXfixes 5.0.3.
 #
 # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>.
 #
@@ -591,8 +591,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libXfixes'
 PACKAGE_TARNAME='libXfixes'
-PACKAGE_VERSION='5.0.2'
-PACKAGE_STRING='libXfixes 5.0.2'
+PACKAGE_VERSION='5.0.3'
+PACKAGE_STRING='libXfixes 5.0.3'
 PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg'
 PACKAGE_URL=''
 
@@ -1347,7 +1347,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libXfixes 5.0.2 to adapt to many kinds of systems.
+\`configure' configures libXfixes 5.0.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1417,7 +1417,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libXfixes 5.0.2:";;
+     short | recursive ) echo "Configuration of libXfixes 5.0.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1540,7 +1540,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libXfixes configure 5.0.2
+libXfixes configure 5.0.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1864,7 +1864,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libXfixes $as_me 5.0.2, which was
+It was created by libXfixes $as_me 5.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2693,7 +2693,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libXfixes'
- VERSION='5.0.2'
+ VERSION='5.0.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -18160,7 +18160,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libXfixes $as_me 5.0.2, which was
+This file was extended by libXfixes $as_me 5.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -18226,7 +18226,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libXfixes config.status 5.0.2
+libXfixes config.status 5.0.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/lib/libXfixes/configure.ac b/lib/libXfixes/configure.ac
index a9052cf90..0ec7b8628 100644
--- a/lib/libXfixes/configure.ac
+++ b/lib/libXfixes/configure.ac
@@ -32,7 +32,7 @@ AC_PREREQ([2.60])
 # that 'revision' number appears in Xfixes.h and has to be manually
 # synchronized.
 #
-AC_INIT(libXfixes, [5.0.2],
+AC_INIT(libXfixes, [5.0.3],
 	[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfixes])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])