Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libX11 for openSUSE:Factory checked in at 2022-10-20 11:09:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libX11 (Old) and /work/SRC/openSUSE:Factory/.libX11.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libX11" Thu Oct 20 11:09:44 2022 rev:40 rq:1029940 version:1.8.1 Changes: -------- --- /work/SRC/openSUSE:Factory/libX11/libX11.changes 2022-07-07 12:56:24.059237226 +0200 +++ /work/SRC/openSUSE:Factory/.libX11.new.2275/libX11.changes 2022-10-20 11:09:46.367784005 +0200 @@ -1,0 +2,6 @@ +Wed Oct 19 08:45:08 UTC 2022 - Stefan Dirsch <sndir...@suse.com> + +- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch + * security update for CVE-2022-3554 (bsc#1204422) + +------------------------------------------------------------------- New: ---- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libX11.spec ++++++ --- /var/tmp/diff_new_pack.uSBcZc/_old 2022-10-20 11:09:46.851784985 +0200 +++ /var/tmp/diff_new_pack.uSBcZc/_new 2022-10-20 11:09:46.855784993 +0200 @@ -32,7 +32,7 @@ # PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data for more en locales Patch2: en-locales.diff Patch3: u_no-longer-crash-in-XVisualIDFromVisual.patch - +Patch1204422: U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig @@ -136,6 +136,7 @@ %patch1 %patch2 %patch3 -p1 +%patch1204422 -p1 %build %configure \ ++++++ U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch ++++++ >From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 From: "Thomas E. Dickey" <dic...@invisible-island.net> Date: Tue, 4 Oct 2022 18:26:17 -0400 Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback Analysis: _XimRegisterIMInstantiateCallback() opens an XIM and closes it using the internal function pointers, but the internal close function does not free the pointer to the XIM (this would be done in XCloseIM()). Report/patch: Date: Mon, 03 Oct 2022 18:47:32 +0800 From: Po Lu <luang...@yahoo.com> To: xorg-de...@lists.x.org Subject: Re: Yet another leak in Xlib For reference, here's how I'm calling XRegisterIMInstantiateCallback: XSetLocaleModifiers (""); XRegisterIMInstantiateCallback (compositor.display, XrmGetDatabase (compositor.display), (char *) compositor.resource_name, (char *) compositor.app_name, IMInstantiateCallback, NULL); and XMODIFIERS is: @im=ibus Signed-off-by: Thomas E. Dickey <dic...@invisible-island.net> --- modules/im/ximcp/imInsClbk.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c index 95b379cb..c10e347f 100644 --- a/modules/im/ximcp/imInsClbk.c +++ b/modules/im/ximcp/imInsClbk.c @@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( if( xim ) { lock = True; xim->methods->close( (XIM)xim ); + /* XIMs must be freed manually after being opened; close just + does the protocol to deinitialize the IM. */ + XFree( xim ); lock = False; icb->call = True; callback( display, client_data, NULL ); -- 2.35.3