diff options
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-lib')
-rw-r--r-- | poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch | 57 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb | 1 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-lib/libxft_2.3.6.bb (renamed from poky/meta/recipes-graphics/xorg-lib/libxft_2.3.4.bb) | 3 | ||||
-rw-r--r-- | poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.37.bb (renamed from poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.36.bb) | 2 |
4 files changed, 61 insertions, 2 deletions
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch new file mode 100644 index 0000000000..722116c07e --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch @@ -0,0 +1,57 @@ +CVE: CVE-2022-3554 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Tue, 4 Oct 2022 18:26:17 -0400 +Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback + +Analysis: + + _XimRegisterIMInstantiateCallback() opens an XIM and closes it using + the internal function pointers, but the internal close function does + not free the pointer to the XIM (this would be done in XCloseIM()). + +Report/patch: + + Date: Mon, 03 Oct 2022 18:47:32 +0800 + From: Po Lu <luangruo@yahoo.com> + To: xorg-devel@lists.x.org + Subject: Re: Yet another leak in Xlib + + For reference, here's how I'm calling XRegisterIMInstantiateCallback: + + XSetLocaleModifiers (""); + XRegisterIMInstantiateCallback (compositor.display, + XrmGetDatabase (compositor.display), + (char *) compositor.resource_name, + (char *) compositor.app_name, + IMInstantiateCallback, NULL); + + and XMODIFIERS is: + + @im=ibus + +Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net> +--- + modules/im/ximcp/imInsClbk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c +index 95b379cb..c10e347f 100644 +--- a/modules/im/ximcp/imInsClbk.c ++++ b/modules/im/ximcp/imInsClbk.c +@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( + if( xim ) { + lock = True; + xim->methods->close( (XIM)xim ); ++ /* XIMs must be freed manually after being opened; close just ++ does the protocol to deinitialize the IM. */ ++ XFree( xim ); + lock = False; + icb->call = True; + callback( display, client_data, NULL ); +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb index 1dcc3abee9..9ff196c897 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb @@ -15,6 +15,7 @@ PE = "1" SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz" SRC_URI += "file://disable_tests.patch \ + file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \ " SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7" diff --git a/poky/meta/recipes-graphics/xorg-lib/libxft_2.3.4.bb b/poky/meta/recipes-graphics/xorg-lib/libxft_2.3.6.bb index 12636914dd..23c7ece3ab 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxft_2.3.4.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxft_2.3.6.bb @@ -20,7 +20,8 @@ PROVIDES = "xft" PE = "1" -SRC_URI[sha256sum] = "57dedaab20914002146bdae0cb0c769ba3f75214c4c91bd2613d6ef79fc9abdd" +XORG_EXT = "tar.xz" +SRC_URI[sha256sum] = "60a6e7319fc938bbb8d098c9bcc86031cc2327b5d086d3335fc5c76323c03022" XORG_PN = "libXft" diff --git a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.36.bb b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.37.bb index 9e6d17c780..f3d9ac9221 100644 --- a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.36.bb +++ b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.37.bb @@ -13,7 +13,7 @@ LICENSE = "MIT & MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=0e7f21ca7db975c63467d2e7624a12f9" SRC_URI = "${XORG_MIRROR}/individual/data/xkeyboard-config/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "1f1bb1292a161d520a3485d378609277d108cd07cde0327c16811ff54c3e1595" +SRC_URI[sha256sum] = "eb1383a5ac4b6210d7c7302b9d6fab052abdf51c5d2c9b55f1f779997ba68c6c" SECTION = "x11/libs" DEPENDS = "util-macros libxslt-native" |