From 88d2c260c142eb930e8f7dbf3d59c030f203f5a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
Date: Tue, 19 May 2026 16:28:47 +0200
Subject: [PATCH] dri2: Protect against dri2ClientPrivate assertion failures

Resolves: https://redhat.atlassian.net/browse/RHEL-169728
---
 ...inst-dri2ClientPrivate-assertion-fai.patch | 68 +++++++++++++++++++
 xorg-x11-server.spec                          |  8 ++-
 2 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 0001-dri2-Protect-against-dri2ClientPrivate-assertion-fai.patch

diff --git a/0001-dri2-Protect-against-dri2ClientPrivate-assertion-fai.patch b/0001-dri2-Protect-against-dri2ClientPrivate-assertion-fai.patch
new file mode 100644
index 0000000..1434031
--- /dev/null
+++ b/0001-dri2-Protect-against-dri2ClientPrivate-assertion-fai.patch
@@ -0,0 +1,68 @@
+From 0c6a7750f2ac9158ace8161f94f7e3bd4c9f5263 Mon Sep 17 00:00:00 2001
+From: Doug Brown <doug@schmorgal.com>
+Date: Mon, 15 Jul 2024 19:44:23 -0700
+Subject: [PATCH xserver] dri2: Protect against dri2ClientPrivate assertion
+ failures
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If DRI2ScreenInit hasn't been called yet, DRI2Authenticate and
+DRI2CreateDrawable2 cause the X server to crash. This has been observed
+to happen on multiple modern Linux distros in various conditions,
+including QEMU and VMware VMs. Make these functions more robust in order
+to prevent the crash.
+
+This patch was originally provided by Bernhard Übelacker and expanded
+upon by Mark Wagner.
+
+Signed-off-by: Doug Brown <doug@schmorgal.com>
+Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1053
+Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1534
+(cherry picked from commit a0834009cfb10b8982a1f2b47b8ed00de254c2c3)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1824>
+---
+ hw/xfree86/dri2/dri2.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c
+index 3397bb50c..3975d40ca 100644
+--- a/hw/xfree86/dri2/dri2.c
++++ b/hw/xfree86/dri2/dri2.c
+@@ -356,10 +356,15 @@ DRI2CreateDrawable2(ClientPtr client, DrawablePtr pDraw, XID id,
+                     XID *dri2_id_out)
+ {
+     DRI2DrawablePtr pPriv;
+-    DRI2ClientPtr dri2_client = dri2ClientPrivate(client);
++    DRI2ClientPtr dri2_client;
+     XID dri2_id;
+     int rc;
+ 
++    if (!dixPrivateKeyRegistered(dri2ScreenPrivateKey))
++        return BadValue;
++
++    dri2_client = dri2ClientPrivate(client);
++
+     pPriv = DRI2GetDrawable(pDraw);
+     if (pPriv == NULL)
+         pPriv = DRI2AllocateDrawable(pDraw);
+@@ -1362,9 +1367,14 @@ Bool
+ DRI2Authenticate(ClientPtr client, ScreenPtr pScreen, uint32_t magic)
+ {
+     DRI2ScreenPtr ds;
+-    DRI2ClientPtr dri2_client = dri2ClientPrivate(client);
++    DRI2ClientPtr dri2_client;
+     ScreenPtr primescreen;
+ 
++    if (!dixPrivateKeyRegistered(dri2ScreenPrivateKey))
++        return FALSE;
++
++    dri2_client = dri2ClientPrivate(client);
++
+     ds = DRI2GetScreenPrime(pScreen, dri2_client->prime_id);
+     if (ds == NULL)
+         return FALSE;
+-- 
+2.54.0
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 2e8f310..019d1ed 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -42,7 +42,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.20.11
-Release:   34%{?gitdate:.%{gitdate}}%{?dist}
+Release:   35%{?gitdate:.%{gitdate}}%{?dist}
 URL:       http://www.x.org
 License:   MIT
 
@@ -126,6 +126,8 @@ Patch115: 0001-xquartz-Remove-invalid-Unicode-sequence.patch
 Patch116: 0001-dix-Force-update-LEDs-after-device-state-update-in-E.patch
 # https://issues.redhat.com/browse/RHEL-84253
 Patch117: 0001-xfree86-Fix-potentially-NULL-reference-to-platform-d.patch
+# https://redhat.atlassian.net/browse/RHEL-169728
+Patch118: 0001-dri2-Protect-against-dri2ClientPrivate-assertion-fai.patch
 
 # CVE-2021-4011
 Patch10009: 0001-record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
@@ -666,6 +668,10 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 
 
 %changelog
+* Tue May 19 2026 Michel Dänzer  <mdaenzer@redhat.com> - 1.20.11-35
+- dri2: Protect against dri2ClientPrivate assertion failures
+  Resolves: https://redhat.atlassian.net/browse/RHEL-169728
+
 * Tue Apr 14 2026 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-34
 - CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
                CVE-2026-34002, CVE-2026-34003