diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2022-11-02 18:57:06 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-09 17:42:03 +0000 |
commit | 32c25a02023aabb9add718ff1c398ec45b0105d6 (patch) | |
tree | 81d3a0398229a18564e673906251a17deddf3e9e /meta/recipes-graphics | |
parent | 3903d753f9ba8d990010dd563bfd39206823515b (diff) | |
download | poky-32c25a02023aabb9add718ff1c398ec45b0105d6.tar.gz |
libX11: CVE-2022-3554 Fix memory leak
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef
(From OE-Core rev: 1d36df9c9ec0ea13c4e0c3794b0d97305e2c6ac1)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r-- | meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch | 58 | ||||
-rw-r--r-- | meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 |
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch new file mode 100644 index 0000000000..fb61195225 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From 8b51d1375a4dd6a7cf3a919da83d8e87e57e7333 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Wed, 2 Nov 2022 17:04:15 +0530 | ||
4 | Subject: [PATCH] CVE-2022-3554 | ||
5 | |||
6 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef] | ||
7 | CVE: CVE-2022-3554 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | |||
10 | fix a memory leak in XRegisterIMInstantiateCallback | ||
11 | |||
12 | Analysis: | ||
13 | |||
14 | _XimRegisterIMInstantiateCallback() opens an XIM and closes it using | ||
15 | the internal function pointers, but the internal close function does | ||
16 | not free the pointer to the XIM (this would be done in XCloseIM()). | ||
17 | |||
18 | Report/patch: | ||
19 | |||
20 | Date: Mon, 03 Oct 2022 18:47:32 +0800 | ||
21 | From: Po Lu <luangruo@yahoo.com> | ||
22 | To: xorg-devel@lists.x.org | ||
23 | Subject: Re: Yet another leak in Xlib | ||
24 | |||
25 | For reference, here's how I'm calling XRegisterIMInstantiateCallback: | ||
26 | |||
27 | XSetLocaleModifiers (""); | ||
28 | XRegisterIMInstantiateCallback (compositor.display, | ||
29 | XrmGetDatabase (compositor.display), | ||
30 | (char *) compositor.resource_name, | ||
31 | (char *) compositor.app_name, | ||
32 | IMInstantiateCallback, NULL); | ||
33 | and XMODIFIERS is: | ||
34 | |||
35 | @im=ibus | ||
36 | |||
37 | Signed-off-by: Thomas E. Dickey's avatarThomas E. Dickey <dickey@invisible-island.net> | ||
38 | --- | ||
39 | modules/im/ximcp/imInsClbk.c | 3 +++ | ||
40 | 1 file changed, 3 insertions(+) | ||
41 | |||
42 | diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c | ||
43 | index 961aaba..0a8a874 100644 | ||
44 | --- a/modules/im/ximcp/imInsClbk.c | ||
45 | +++ b/modules/im/ximcp/imInsClbk.c | ||
46 | @@ -204,6 +204,9 @@ _XimRegisterIMInstantiateCallback( | ||
47 | if( xim ) { | ||
48 | lock = True; | ||
49 | xim->methods->close( (XIM)xim ); | ||
50 | + /* XIMs must be freed manually after being opened; close just | ||
51 | + does the protocol to deinitialize the IM. */ | ||
52 | + XFree( xim ); | ||
53 | lock = False; | ||
54 | icb->call = True; | ||
55 | callback( display, client_data, NULL ); | ||
56 | -- | ||
57 | 2.25.1 | ||
58 | |||
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb index ff2a6f7265..72ab1d4150 100644 --- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb +++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb | |||
@@ -16,6 +16,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \ | |||
16 | file://CVE-2020-14344.patch \ | 16 | file://CVE-2020-14344.patch \ |
17 | file://CVE-2020-14363.patch \ | 17 | file://CVE-2020-14363.patch \ |
18 | file://CVE-2021-31535.patch \ | 18 | file://CVE-2021-31535.patch \ |
19 | file://CVE-2022-3554.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2" | 22 | SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2" |