- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch

* security update for CVE-2022-3554 (bsc#1204422) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=83
2022-10-19 09:25:59 +00:00 · 2022-10-19 09:25:59 +00:00 · 7af4ba4c04
commit 7af4ba4c04
parent af2d1d365e
3 changed files with 61 additions and 1 deletions
--- a/U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
+++ b/U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
@ -0,0 +1,53 @@
+From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 4 Oct 2022 18:26:17 -0400
+Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+    _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+    the internal function pointers, but the internal close function does
+    not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+    Date: Mon, 03 Oct 2022 18:47:32 +0800
+    From: Po Lu <luangruo@yahoo.com>
+    To: xorg-devel@lists.x.org
+    Subject: Re: Yet another leak in Xlib
+
+    For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+    XSetLocaleModifiers ("");
+    XRegisterIMInstantiateCallback (compositor.display,
+                                    XrmGetDatabase (compositor.display),
+                                    (char *) compositor.resource_name,
+                                    (char *) compositor.app_name,
+                                    IMInstantiateCallback, NULL);
+
+    and XMODIFIERS is:
+
+        @im=ibus
+
+Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 95b379cb..c10e347f 100644
+--- a/modules/im/ximcp/imInsClbk.c
+++ b/modules/im/ximcp/imInsClbk.c
+@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
+     if( xim ) {
+ 	lock = True;
+ 	xim->methods->close( (XIM)xim );
+	/* XIMs must be freed manually after being opened; close just
+	   does the protocol to deinitialize the IM.  */
+	XFree( xim );
+ 	lock = False;
+ 	icb->call = True;
+ 	callback( display, client_data, NULL );
+-- 
+2.35.3
+
--- a/libX11.changes
+++ b/libX11.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 19 08:45:08 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
+  * security update for CVE-2022-3554 (bsc#1204422)
+
 -------------------------------------------------------------------
 Thu Jun  9 02:09:02 UTC 2022 - Stefan Dirsch <sndirsch@suse.com>

--- a/libX11.spec
+++ b/libX11.spec
@ -32,7 +32,7 @@ Patch1:         p_xlib_skip_ext_env.diff
 # PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data for more en locales
 Patch2:         en-locales.diff
 Patch3:         u_no-longer-crash-in-XVisualIDFromVisual.patch
-
+Patch1204422:   U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
 BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -136,6 +136,7 @@ test -f nls/ja.S90/XLC_LOCALE.pre && exit 1
 %patch1
 %patch2
 %patch3 -p1
+%patch1204422 -p1

 %build
 %configure \