From 70b382ebf317334469c017093603335bbd1bfecd Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Wed, 19 Oct 2022 02:55:53 +0000
Subject: [PATCH] fix CVE-2022-3551

---
 backport-CVE-2022-3551.patch | 58 ++++++++++++++++++++++++++++++++++++
 xorg-x11-server.spec         |  6 +++-
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-3551.patch

diff --git a/backport-CVE-2022-3551.patch b/backport-CVE-2022-3551.patch
new file mode 100644
index 0000000..493737d
--- /dev/null
+++ b/backport-CVE-2022-3551.patch
@@ -0,0 +1,58 @@
+From 5fe417d7bf967399a8a71e5656eb201ea84b9af3 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 19 Oct 2022 02:42:10 +0000
+Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
+GetComponentByName returns an allocated string, so let's free that if we
+fail somewhere.
+
+Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 4dccc62..aa98578 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5936,18 +5936,32 @@ ProcXkbGetKbdByName(ClientPtr client)
+     xkb = dev->key->xkbInfo->desc;
+     status = Success;
+     str = (unsigned char *) &stuff[1];
+-    if (GetComponentSpec(&str, TRUE, &status))  /* keymap, unsupported */
+-        return BadMatch;
++    {
++        char *keymap = GetComponentSpec(&str, TRUE, &status);  /* keymap, unsupported */
++        if (keymap) {
++            free(keymap);
++            return BadMatch;
++        }
++    }
+     names.keycodes = GetComponentSpec(&str, TRUE, &status);
+     names.types = GetComponentSpec(&str, TRUE, &status);
+     names.compat = GetComponentSpec(&str, TRUE, &status);
+     names.symbols = GetComponentSpec(&str, TRUE, &status);
+     names.geometry = GetComponentSpec(&str, TRUE, &status);
+-    if (status != Success)
++    if (status == Success) {
++        len = str - ((unsigned char *) stuff);
++        if ((XkbPaddedSize(len) / 4) != stuff->length)
++            status = BadLength;
++    }
++
++    if (status != Success) {
++        free(names.keycodes);
++        free(names.types);
++        free(names.compat);
++        free(names.symbols);
++        free(names.geometry);
+         return status;
+-    len = str - ((unsigned char *) stuff);
+-    if ((XkbPaddedSize(len) / 4) != stuff->length)
+-        return BadLength;
++    }
+ 
+     CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
+     CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
+-- 
+2.33.0
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index bd7662b..22b5324 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -16,7 +16,7 @@
 
 Name:           xorg-x11-server
 Version:        1.20.11
-Release:        9
+Release:        10
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@@ -89,6 +89,7 @@ Patch6004: backport-rename-bool-to-boolean.patch
 Patch6005: backport-0001-CVE-2022-2319.patch
 Patch6006: backport-0002-CVE-2022-2319.patch
 Patch6007: backport-CVE-2022-2320.patch
+Patch6008: backport-CVE-2022-3551.patch
 
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex git gcc 
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@@ -432,6 +433,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_mandir}/man*/*
 
 %changelog
+* Wed Oct 19 2022 cenhuilin<cenhuilin@kylinos.cn> - 1.20.11-10
+- fix CVE-2022-3551
+
 * Wed Aug 03 2022 wangkerong<wangkerong@h-partners.com> - 1.20.11-9
 - fix CVE-2022-2319,CVE-2022-2320
 
-- 
Gitee