diff --git a/CVE-2022-3551.patch b/CVE-2022-3551.patch new file mode 100644 index 0000000..6d7116f --- /dev/null +++ b/CVE-2022-3551.patch @@ -0,0 +1,60 @@ +From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 24 Oct 2022 17:06:15 +0800 +Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName + +GetComponentByName returns an allocated string, so let's free that if we +fail somewhere. + +Signed-off-by: Peter Hutterer's avatarPeter Hutterer +--- + xkb/xkb.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 4dccc62..123671a 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client) + xkb = dev->key->xkbInfo->desc; + status = Success; + str = (unsigned char *) &stuff[1]; +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ +- return BadMatch; ++ { ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ ++ if (keymap) { ++ free(keymap); ++ return BadMatch; ++ } ++ } + names.keycodes = GetComponentSpec(&str, TRUE, &status); + names.types = GetComponentSpec(&str, TRUE, &status); + names.compat = GetComponentSpec(&str, TRUE, &status); + names.symbols = GetComponentSpec(&str, TRUE, &status); + names.geometry = GetComponentSpec(&str, TRUE, &status); +- if (status != Success) ++ if (status == Success) { ++ len = str - ((unsigned char *) stuff); ++ if ((XkbPaddedSize(len) / 4) != stuff->length) ++ status = BadLength; ++ } ++ ++ if (status != Success) { ++ free(names.keycodes); ++ free(names.types); ++ free(names.compat); ++ free(names.symbols); ++ free(names.geometry); + return status; + len = str - ((unsigned char *) stuff); + if ((XkbPaddedSize(len) / 4) != stuff->length) + return BadLength; +- ++ } + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); + +-- +2.33.0 + diff --git a/gitignore b/gitignore index 524cfc6..cd3b1d2 100644 --- a/gitignore +++ b/gitignore @@ -283,6 +283,7 @@ include/xkb-config.h include/xorg-config.h include/xorg-server.h include/xwin-config.h +include/dix-config.h mfb/mfbbltC.c mfb/mfbbltCI.c mfb/mfbbltG.c diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index bd7662b..d350091 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.11 -Release: 9 +Release: 10 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -89,6 +89,7 @@ Patch6004: backport-rename-bool-to-boolean.patch Patch6005: backport-0001-CVE-2022-2319.patch Patch6006: backport-0002-CVE-2022-2319.patch Patch6007: backport-CVE-2022-2320.patch +Patch6008: CVE-2022-3551.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -432,6 +433,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man*/* %changelog +* Mon Oct 24 2022 qz_cx - 1.20.11-10 +- Type:CVE +- ID:NA +- SUG:NA +- DESC: fix CVE-2022-3551 + * Wed Aug 03 2022 wangkerong - 1.20.11-9 - fix CVE-2022-2319,CVE-2022-2320