From 7af4ba4c047b4891c7482b4ab2d6ad79c45a2c0433a140883513be8390804721 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Wed, 19 Oct 2022 09:25:59 +0000 Subject: [PATCH] - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libX11?expand=0&rev=83 --- ...ak-in-XRegisterIMInstantiateCallback.patch | 53 +++++++++++++++++++ libX11.changes | 6 +++ libX11.spec | 3 +- 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch diff --git a/U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch new file mode 100644 index 0000000..5263257 --- /dev/null +++ b/U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch @@ -0,0 +1,53 @@ +From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" +Date: Tue, 4 Oct 2022 18:26:17 -0400 +Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback + +Analysis: + + _XimRegisterIMInstantiateCallback() opens an XIM and closes it using + the internal function pointers, but the internal close function does + not free the pointer to the XIM (this would be done in XCloseIM()). + +Report/patch: + + Date: Mon, 03 Oct 2022 18:47:32 +0800 + From: Po Lu + To: xorg-devel@lists.x.org + Subject: Re: Yet another leak in Xlib + + For reference, here's how I'm calling XRegisterIMInstantiateCallback: + + XSetLocaleModifiers (""); + XRegisterIMInstantiateCallback (compositor.display, + XrmGetDatabase (compositor.display), + (char *) compositor.resource_name, + (char *) compositor.app_name, + IMInstantiateCallback, NULL); + + and XMODIFIERS is: + + @im=ibus + +Signed-off-by: Thomas E. Dickey +--- + modules/im/ximcp/imInsClbk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c +index 95b379cb..c10e347f 100644 +--- a/modules/im/ximcp/imInsClbk.c ++++ b/modules/im/ximcp/imInsClbk.c +@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( + if( xim ) { + lock = True; + xim->methods->close( (XIM)xim ); ++ /* XIMs must be freed manually after being opened; close just ++ does the protocol to deinitialize the IM. */ ++ XFree( xim ); + lock = False; + icb->call = True; + callback( display, client_data, NULL ); +-- +2.35.3 + diff --git a/libX11.changes b/libX11.changes index dac4a1d..7875c7b 100644 --- a/libX11.changes +++ b/libX11.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 19 08:45:08 UTC 2022 - Stefan Dirsch + +- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch + * security update for CVE-2022-3554 (bsc#1204422) + ------------------------------------------------------------------- Thu Jun 9 02:09:02 UTC 2022 - Stefan Dirsch diff --git a/libX11.spec b/libX11.spec index f2dc137..54c406d 100644 --- a/libX11.spec +++ b/libX11.spec @@ -32,7 +32,7 @@ Patch1: p_xlib_skip_ext_env.diff # PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data for more en locales Patch2: en-locales.diff Patch3: u_no-longer-crash-in-XVisualIDFromVisual.patch - +Patch1204422: U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig @@ -136,6 +136,7 @@ test -f nls/ja.S90/XLC_LOCALE.pre && exit 1 %patch1 %patch2 %patch3 -p1 +%patch1204422 -p1 %build %configure \