subject:"CVS commit\: \[netbsd\-8\] xsrc\/external\/mit"

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist

2023-10-29 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sun Oct 29 16:48:00 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xiproperty.c
xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: enterleave.h
xsrc/external/mit/xorg-server/dist/include [netbsd-8]: eventstr.h
xsrc/external/mit/xorg-server/dist/mi [netbsd-8]: mipointer.c
xsrc/external/mit/xorg-server/dist/os [netbsd-8]: auth.c
xsrc/external/mit/xorg-server/dist/randr [netbsd-8]: rrproperty.c

Log Message:
Apply patch (requested by mrg in ticket #1918):

external/mit/xorg-server/dist/dix/enterleave.h
external/mit/xorg-server/dist/mi/mipointer.c
external/mit/xorg-server/dist/include/eventstr.h
external/mit/xorg-server/dist/randr/rrproperty.c
external/mit/xorg-server/dist/os/auth.c
external/mit/xorg-server/dist/Xi/xiproperty.c

merge security fixes from xorg-server 21.1.9 into xorg-server 1.18.4.

Fixes CVE-2023-5367 and CVE-2023-5380.


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 \
xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \
xsrc/external/mit/xorg-server/dist/dix/enterleave.h
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/xorg-server/dist/include/eventstr.h
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \
xsrc/external/mit/xorg-server/dist/mi/mipointer.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server/dist/os/auth.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/randr/rrproperty.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.1 xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.2
--- xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.1	Mon Jan 23 13:33:04 2023
+++ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c	Sun Oct 29 16:48:00 2023
@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev,
 XIDestroyDeviceProperty(prop);
 return BadAlloc;
 }
-new_value.size = len;
+new_value.size = total_len;
 new_value.type = type;
 new_value.format = format;
 
@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev,
 case PropModePrepend:
 new_data = new_value.data;
 old_data = (void *) (((char *) new_value.data) +
-  (prop_value->size * size_in_bytes));
+  (len * size_in_bytes));
 break;
 }
 if (new_data)

Index: xsrc/external/mit/xorg-server/dist/dix/enterleave.h
diff -u xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3 xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3.2.1
--- xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3	Wed Aug 10 07:44:32 2016
+++ xsrc/external/mit/xorg-server/dist/dix/enterleave.h	Sun Oct 29 16:48:00 2023
@@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPt
 
 extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode);
 
-extern void LeaveWindow(DeviceIntPtr dev);
-
 extern void CoreFocusEvent(DeviceIntPtr kbd,
int type, int mode, int detail, WindowPtr pWin);
 

Index: xsrc/external/mit/xorg-server/dist/include/eventstr.h
diff -u xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4 xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4.2.1
--- xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4	Wed Aug 10 07:44:32 2016
+++ xsrc/external/mit/xorg-server/dist/include/eventstr.h	Sun Oct 29 16:48:00 2023
@@ -286,4 +286,7 @@ union _InternalEvent {
 #endif
 };
 
+extern void
+LeaveWindow(DeviceIntPtr dev);
+
 #endif

Index: xsrc/external/mit/xorg-server/dist/mi/mipointer.c
diff -u xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6 xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6.2.1
--- xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6	Wed Aug 10 07:44:32 2016
+++ xsrc/external/mit/xorg-server/dist/mi/mipointer.c	Sun Oct 29 16:48:00 2023
@@ -385,8 +385,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, S
 #ifdef PANORAMIX
 && noPanoramiXExtension
 #endif
-)
-UpdateSpriteForScreen(pDev, pScreen);
+) {
+DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER);
+/* Hack for CVE-2023-5380: if we're moving
+ * screens PointerWindows[] keeps referring to the
+ * old window. If that gets destroyed we have a UAF
+ * bug later. Only happens when jumping from a window
+ * to the root window on the other screen.
+ * Enter/Leave events are incorrect for that case but
+ * too niche to fix.
+ */
+LeaveWindow(pDev);
+if

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist

2023-10-29 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sun Oct 29 16:48:00 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xiproperty.c
xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: enterleave.h
xsrc/external/mit/xorg-server/dist/include [netbsd-8]: eventstr.h
xsrc/external/mit/xorg-server/dist/mi [netbsd-8]: mipointer.c
xsrc/external/mit/xorg-server/dist/os [netbsd-8]: auth.c
xsrc/external/mit/xorg-server/dist/randr [netbsd-8]: rrproperty.c

Log Message:
Apply patch (requested by mrg in ticket #1918):

external/mit/xorg-server/dist/dix/enterleave.h
external/mit/xorg-server/dist/mi/mipointer.c
external/mit/xorg-server/dist/include/eventstr.h
external/mit/xorg-server/dist/randr/rrproperty.c
external/mit/xorg-server/dist/os/auth.c
external/mit/xorg-server/dist/Xi/xiproperty.c

merge security fixes from xorg-server 21.1.9 into xorg-server 1.18.4.

Fixes CVE-2023-5367 and CVE-2023-5380.


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 \
xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \
xsrc/external/mit/xorg-server/dist/dix/enterleave.h
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/xorg-server/dist/include/eventstr.h
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \
xsrc/external/mit/xorg-server/dist/mi/mipointer.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server/dist/os/auth.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/randr/rrproperty.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist

2023-10-29 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sun Oct 29 16:38:07 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: xiproperty.c
xsrc/external/mit/xorg-server.old/dist/dix [netbsd-8]: enterleave.h
xsrc/external/mit/xorg-server.old/dist/include [netbsd-8]: eventstr.h
xsrc/external/mit/xorg-server.old/dist/mi [netbsd-8]: mipointer.c
xsrc/external/mit/xorg-server.old/dist/os [netbsd-8]: auth.c
xsrc/external/mit/xorg-server.old/dist/randr [netbsd-8]: rrproperty.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1917):

external/mit/xorg-server.old/dist/dix/enterleave.h: revision 1.2
external/mit/xorg-server.old/dist/mi/mipointer.c: revision 1.2
external/mit/xorg-server.old/dist/include/eventstr.h: revision 1.2
external/mit/xorg-server.old/dist/randr/rrproperty.c: revision 1.2
external/mit/xorg-server.old/dist/os/auth.c: revision 1.4
external/mit/xorg-server.old/dist/Xi/xiproperty.c: revision 1.2

merge security fixes from xorg-server 21.1.9 into xorg-server 1.10.6.

Fixes CVE-2023-5367 and CVE-2023-5380.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/include/eventstr.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server.old/dist/os/auth.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c	Sun Oct 29 16:38:07 2023
@@ -753,7 +753,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev
 XIDestroyDeviceProperty (prop);
 return BadAlloc;
 }
-new_value.size = len;
+new_value.size = total_len;
 new_value.type = type;
 new_value.format = format;
 
@@ -770,7 +770,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev
 case PropModePrepend:
 new_data = new_value.data;
 old_data = (pointer) (((char *) new_value.data) +
-  (prop_value->size * size_in_bytes));
+  (len * size_in_bytes));
 break;
 }
 if (new_data)

Index: xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h
diff -u xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h	Sun Oct 29 16:38:07 2023
@@ -76,8 +76,6 @@ extern void EnterWindow(DeviceIntPtr dev
 WindowPtr win,
 int mode);
 
-extern void LeaveWindow(DeviceIntPtr dev);
-
 extern void CoreFocusEvent(DeviceIntPtr kbd,
int type,
int mode,

Index: xsrc/external/mit/xorg-server.old/dist/include/eventstr.h
diff -u xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1	Thu Jun  9 09:08:00 2016
+++ xsrc/external/mit/xorg-server.old/dist/include/eventstr.h	Sun Oct 29 16:38:07 2023
@@ -243,4 +243,7 @@ union _InternalEvent {
 #endif
 };
 
+extern void
+LeaveWindow(DeviceIntPtr dev);
+
 #endif

Index: xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c
diff -u xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1	Thu Jun  9 09:08:00 2016
+++ xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c	Sun Oct 29 16:38:07 2023
@@ -41,6 +41,8 @@ in this Software without prior written a
 # include   "inputstr.h"
 # include   "inpututils.h"
 
+# include   "eventstr.h"
+
 DevPrivateKeyRec miPointerScreenKeyRec;
 
 #define GetScreenPrivate(s) ((miPointerScreenPtr) \
@@ -318,8 +320,21 @@ miPointerWarpCursor (DeviceIntPtr pDev, 
 #ifdef PANORAMIX
 && noPanoramiXExtension
 #endif
-   )
-UpdateSpriteForScreen (pDev, pScreen) ;
+   ) {
+DeviceIntPtr master =

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist

2023-10-29 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sun Oct 29 16:38:07 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: xiproperty.c
xsrc/external/mit/xorg-server.old/dist/dix [netbsd-8]: enterleave.h
xsrc/external/mit/xorg-server.old/dist/include [netbsd-8]: eventstr.h
xsrc/external/mit/xorg-server.old/dist/mi [netbsd-8]: mipointer.c
xsrc/external/mit/xorg-server.old/dist/os [netbsd-8]: auth.c
xsrc/external/mit/xorg-server.old/dist/randr [netbsd-8]: rrproperty.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1917):

external/mit/xorg-server.old/dist/dix/enterleave.h: revision 1.2
external/mit/xorg-server.old/dist/mi/mipointer.c: revision 1.2
external/mit/xorg-server.old/dist/include/eventstr.h: revision 1.2
external/mit/xorg-server.old/dist/randr/rrproperty.c: revision 1.2
external/mit/xorg-server.old/dist/os/auth.c: revision 1.4
external/mit/xorg-server.old/dist/Xi/xiproperty.c: revision 1.2

merge security fixes from xorg-server 21.1.9 into xorg-server 1.10.6.

Fixes CVE-2023-5367 and CVE-2023-5380.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/include/eventstr.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server.old/dist/os/auth.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit

2023-10-04 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Wed Oct  4 15:17:13 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/src [netbsd-8]: CrPixmap.c ImUtil.c
PutImage.c
xsrc/external/mit/libX11/dist/src/xkb [netbsd-8]: XKBGetMap.c
xsrc/external/mit/libXpm/dist/src [netbsd-8]: CrPFrBuf.c CrPFrDat.c
CrPFrI.c RdFToP.c XpmI.h create.c data.c

Log Message:
Apply patch, requested by mrg in ticket #1908:

xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c(apply patch)
xsrc/external/mit/libXpm/dist/src/CrPFrDat.c(apply patch)
xsrc/external/mit/libXpm/dist/src/CrPFrI.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/RdFToP.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/XpmI.h(apply patch)
xsrc/external/mit/libXpm/dist/src/create.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/data.c(apply patch)
xsrc/external/mit/libX11/dist/src/CrPixmap.c(apply patch)
xsrc/external/mit/libX11/dist/src/ImUtil.c  (apply patch)
xsrc/external/mit/libX11/dist/src/PutImage.c(apply patch)
xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c   (apply patch)

Backport of upstream libX11 and libXpm 2023-10 security updates,
fixing: CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788,
CVE-2023-43789


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \
xsrc/external/mit/libX11/dist/src/CrPixmap.c
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \
xsrc/external/mit/libX11/dist/src/ImUtil.c
cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \
xsrc/external/mit/libX11/dist/src/PutImage.c
cvs rdiff -u -r1.1.1.6.8.1 -r1.1.1.6.8.2 \
xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \
xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c \
xsrc/external/mit/libXpm/dist/src/CrPFrDat.c \
xsrc/external/mit/libXpm/dist/src/CrPFrI.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \
xsrc/external/mit/libXpm/dist/src/RdFToP.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.10.1 \
xsrc/external/mit/libXpm/dist/src/XpmI.h
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/libXpm/dist/src/create.c
cvs rdiff -u -r1.1.1.4.10.1 -r1.1.1.4.10.2 \
xsrc/external/mit/libXpm/dist/src/data.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/libX11/dist/src/CrPixmap.c
diff -u xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2 xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2.16.1
--- xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2	Sat May 22 01:22:12 2010
+++ xsrc/external/mit/libX11/dist/src/CrPixmap.c	Wed Oct  4 15:17:12 2023
@@ -28,6 +28,7 @@ in this Software without prior written a
 #include 
 #endif
 #include "Xlibint.h"
+#include 
 
 #ifdef USE_DYNAMIC_XCURSOR
 void
@@ -47,6 +48,16 @@ Pixmap XCreatePixmap (
 Pixmap pid;
 register xCreatePixmapReq *req;
 
+/*
+ * Force a BadValue X Error if the requested dimensions are larger
+ * than the X11 protocol has room for, since that's how callers expect
+ * to get notified of errors.
+ */
+if (width > USHRT_MAX)
+width = 0;
+if (height > USHRT_MAX)
+height = 0;
+
 LockDisplay(dpy);
 GetReq(CreatePixmap, req);
 req->drawable = d;

Index: xsrc/external/mit/libX11/dist/src/ImUtil.c
diff -u xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8 xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8.2.1
--- xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8	Sun Jul 19 08:08:36 2015
+++ xsrc/external/mit/libX11/dist/src/ImUtil.c	Wed Oct  4 15:17:12 2023
@@ -30,6 +30,7 @@ in this Software without prior written a
 #include 
 #include 
 #include 
+#include 
 #include "ImUtil.h"
 
 static int _XDestroyImage(XImage *);
@@ -361,13 +362,22 @@ XImage *XCreateImage (
 	/*
 	 * compute per line accelerator.
 	 */
-	{
-	if (format == ZPixmap)
+	if (format == ZPixmap) {
+	if ((INT_MAX / bits_per_pixel) < width) {
+		Xfree(image);
+		return NULL;
+	}
+
 	min_bytes_per_line =
-	   ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
-	else
+		ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
+	} else {
+	if ((INT_MAX - offset) < width) {
+		Xfree(image);
+		return NULL;
+	}
+
 	min_bytes_per_line =
-	ROUNDUP((width + offset), image->bitmap_pad);
+		ROUNDUP((width + offset), image->bitmap_pad);
 	}
 	if (image_bytes_per_line == 0) {
 	image->bytes_per_line = min_bytes_per_line;

Index: xsrc/external/mit/libX11/dist/src/PutImage.c
diff -u xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.1 xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.2
--- xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.1	Wed Aug  5 14:10:19 2020
+++ xsrc/external/mit/libX11/dist/src/PutImage.c	Wed Oct  4

CVS commit: [netbsd-8] xsrc/external/mit

2023-10-04 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Wed Oct  4 15:17:13 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/src [netbsd-8]: CrPixmap.c ImUtil.c
PutImage.c
xsrc/external/mit/libX11/dist/src/xkb [netbsd-8]: XKBGetMap.c
xsrc/external/mit/libXpm/dist/src [netbsd-8]: CrPFrBuf.c CrPFrDat.c
CrPFrI.c RdFToP.c XpmI.h create.c data.c

Log Message:
Apply patch, requested by mrg in ticket #1908:

xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c(apply patch)
xsrc/external/mit/libXpm/dist/src/CrPFrDat.c(apply patch)
xsrc/external/mit/libXpm/dist/src/CrPFrI.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/RdFToP.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/XpmI.h(apply patch)
xsrc/external/mit/libXpm/dist/src/create.c  (apply patch)
xsrc/external/mit/libXpm/dist/src/data.c(apply patch)
xsrc/external/mit/libX11/dist/src/CrPixmap.c(apply patch)
xsrc/external/mit/libX11/dist/src/ImUtil.c  (apply patch)
xsrc/external/mit/libX11/dist/src/PutImage.c(apply patch)
xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c   (apply patch)

Backport of upstream libX11 and libXpm 2023-10 security updates,
fixing: CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788,
CVE-2023-43789


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \
xsrc/external/mit/libX11/dist/src/CrPixmap.c
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \
xsrc/external/mit/libX11/dist/src/ImUtil.c
cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \
xsrc/external/mit/libX11/dist/src/PutImage.c
cvs rdiff -u -r1.1.1.6.8.1 -r1.1.1.6.8.2 \
xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \
xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c \
xsrc/external/mit/libXpm/dist/src/CrPFrDat.c \
xsrc/external/mit/libXpm/dist/src/CrPFrI.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \
xsrc/external/mit/libXpm/dist/src/RdFToP.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.10.1 \
xsrc/external/mit/libXpm/dist/src/XpmI.h
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/libXpm/dist/src/create.c
cvs rdiff -u -r1.1.1.4.10.1 -r1.1.1.4.10.2 \
xsrc/external/mit/libXpm/dist/src/data.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src

2023-06-20 Thread Soren Jacobsen

Module Name:xsrc
Committed By:   snj
Date:   Tue Jun 20 23:00:39 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/src [netbsd-8]: InitExt.c

Log Message:
Apply patch (requested by mrg in ticket #1826):
InitExt.c: Add bounds checks for extension request, event, & error codes

Fixes CVE-2023-3138: X servers could return values from XQueryExtension
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \
xsrc/external/mit/libX11/dist/src/InitExt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src

2023-06-20 Thread Soren Jacobsen

Module Name:xsrc
Committed By:   snj
Date:   Tue Jun 20 23:00:39 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/src [netbsd-8]: InitExt.c

Log Message:
Apply patch (requested by mrg in ticket #1826):
InitExt.c: Add bounds checks for extension request, event, & error codes

Fixes CVE-2023-3138: X servers could return values from XQueryExtension
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \
xsrc/external/mit/libX11/dist/src/InitExt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/libX11/dist/src/InitExt.c
diff -u xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7 xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7.2.1
--- xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7	Sun Jul 19 08:08:36 2015
+++ xsrc/external/mit/libX11/dist/src/InitExt.c	Tue Jun 20 23:00:39 2023
@@ -33,6 +33,18 @@ from The Open Group.
 #include 
 #include 
 
+/* The X11 protocol spec reserves events 64 through 127 for extensions */
+#ifndef LastExtensionEvent
+#define LastExtensionEvent 127
+#endif
+
+/* The X11 protocol spec reserves requests 128 through 255 for extensions */
+#ifndef LastExtensionRequest
+#define FirstExtensionRequest 128
+#define LastExtensionRequest 255
+#endif
+
+
 /*
  * This routine is used to link a extension in so it will be called
  * at appropriate times.
@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
 	WireToEventType proc)	/* routine to call when converting event */
 {
 	register WireToEventType oldproc;
+	if (event_number < 0 ||
+	event_number > LastExtensionEvent) {
+	fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
+		event_number);
+	return (WireToEventType)_XUnknownWireEvent;
+	}
 	if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
 	LockDisplay (dpy);
 	oldproc = dpy->event_vec[event_number];
@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCo
 )
 {
 	WireToEventCookieType oldproc;
+	if (extension < FirstExtensionRequest ||
+	extension > LastExtensionRequest) {
+	fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
+		extension);
+	return (WireToEventCookieType)_XUnknownWireEventCookie;
+	}
 	if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie;
 	LockDisplay (dpy);
 	oldproc = dpy->generic_event_vec[extension & 0x7F];
@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie
 )
 {
 	CopyEventCookieType oldproc;
+	if (extension < FirstExtensionRequest ||
+	extension > LastExtensionRequest) {
+	fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
+		extension);
+	return (CopyEventCookieType)_XUnknownCopyEventCookie;
+	}
 	if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
 	LockDisplay (dpy);
 	oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
 	EventToWireType proc)	/* routine to call when converting event */
 {
 	register EventToWireType oldproc;
+	if (event_number < 0 ||
+	event_number > LastExtensionEvent) {
+	fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
+		event_number);
+	return (EventToWireType)_XUnknownNativeEvent;
+	}
 	if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
 	LockDisplay (dpy);
 	oldproc = dpy->wire_vec[event_number];
@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
 	WireToErrorType proc)	/* routine to call when converting error */
 {
 	register WireToErrorType oldproc = NULL;
+	if (error_number < 0 ||
+	error_number > LastExtensionError) {
+	   fprintf(stderr, "Xlib: ignoring invalid extension error %d\n",
+		error_number);
+	   return (WireToErrorType)_XDefaultWireError;
+	}
 	if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError;
 	LockDisplay (dpy);
 	if (!dpy->error_vec) {

CVS commit: [netbsd-8] xsrc/external/mit

2023-04-01 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sat Apr  1 15:36:27 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/composite [netbsd-8]:
compwindow.c
xsrc/external/mit/xorg-server/dist/composite [netbsd-8]: compwindow.c

Log Message:
Pull up the following, requested by mrg in ticket #1812:

xsrc/external/mit/xorg-server/dist/composite/compwindow.c up to 1.1.1.9 
(patch)
xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c   1.2 
(patch)

Fix ZDI-CAN-19866 and CVE-2023-1393, a use-after-free problem.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \
xsrc/external/mit/xorg-server/dist/composite/compwindow.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c
diff -u xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c	Sat Apr  1 15:36:27 2023
@@ -588,6 +588,11 @@ compDestroyWindow (WindowPtr pWin)
 ret = (*pScreen->DestroyWindow) (pWin);
 cs->DestroyWindow = pScreen->DestroyWindow;
 pScreen->DestroyWindow = compDestroyWindow;
+
+/* Did we just destroy the overlay window? */
+if (pWin == cs->pOverlayWin)
+cs->pOverlayWin = NULL;
+
 /*compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
 return ret;
 }

Index: xsrc/external/mit/xorg-server/dist/composite/compwindow.c
diff -u xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6 xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6.2.1
--- xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6	Wed Aug 10 07:44:35 2016
+++ xsrc/external/mit/xorg-server/dist/composite/compwindow.c	Sat Apr  1 15:36:27 2023
@@ -609,6 +609,11 @@ compDestroyWindow(WindowPtr pWin)
 ret = (*pScreen->DestroyWindow) (pWin);
 cs->DestroyWindow = pScreen->DestroyWindow;
 pScreen->DestroyWindow = compDestroyWindow;
+
+/* Did we just destroy the overlay window? */
+if (pWin == cs->pOverlayWin)
+cs->pOverlayWin = NULL;
+
 /*compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
 return ret;
 }

CVS commit: [netbsd-8] xsrc/external/mit

2023-04-01 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Sat Apr  1 15:36:27 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/composite [netbsd-8]:
compwindow.c
xsrc/external/mit/xorg-server/dist/composite [netbsd-8]: compwindow.c

Log Message:
Pull up the following, requested by mrg in ticket #1812:

xsrc/external/mit/xorg-server/dist/composite/compwindow.c up to 1.1.1.9 
(patch)
xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c   1.2 
(patch)

Fix ZDI-CAN-19866 and CVE-2023-1393, a use-after-free problem.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \
xsrc/external/mit/xorg-server/dist/composite/compwindow.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit

2023-02-14 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Tue Feb 14 15:54:26 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: exevents.c
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: exevents.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1797):

external/mit/xorg-server.old/dist/Xi/exevents.c: revision 1.2
external/mit/xorg-server/dist/Xi/exevents.c (apply patch)

pullover fix from xorg-server 21.1.7:
  
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

Xi: fix potential use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer's avatarPeter Hutterer 



To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \
xsrc/external/mit/xorg-server/dist/Xi/exevents.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c	Tue Feb 14 15:54:26 2023
@@ -586,8 +586,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
 }
 memcpy(to->button->xkb_acts, from->button->xkb_acts,
 sizeof(XkbAction));
-} else
+} else {
 free(to->button->xkb_acts);
+to->button->xkb_acts = NULL;
+	}
 
  memcpy(to->button->labels, from->button->labels,
 from->button->numButtons * sizeof(Atom));

Index: xsrc/external/mit/xorg-server/dist/Xi/exevents.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8 xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8.2.1
--- xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8	Wed Aug 10 07:44:31 2016
+++ xsrc/external/mit/xorg-server/dist/Xi/exevents.c	Tue Feb 14 15:54:26 2023
@@ -574,9 +574,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
 }
 memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
-}
-else
+} else {
 free(to->button->xkb_acts);
+to->button->xkb_acts = NULL;
+	}
 
 memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));

CVS commit: [netbsd-8] xsrc/external/mit

2023-02-14 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Tue Feb 14 15:54:26 UTC 2023

Modified Files:
xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: exevents.c
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: exevents.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1797):

external/mit/xorg-server.old/dist/Xi/exevents.c: revision 1.2
external/mit/xorg-server/dist/Xi/exevents.c (apply patch)

pullover fix from xorg-server 21.1.7:
  
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

Xi: fix potential use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer's avatarPeter Hutterer 



To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \
xsrc/external/mit/xorg-server/dist/Xi/exevents.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit

2023-01-23 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Mon Jan 23 13:33:05 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/modules/om/generic [netbsd-8]:
omGeneric.c
xsrc/external/mit/libXpm/dist/src [netbsd-8]: RdFToI.c WrFFrI.c
create.c data.c parse.c
xsrc/external/mit/xorg-server/dist/Xext [netbsd-8]: saver.c xtest.c
xvmain.c
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xipassivegrab.c
xiproperty.c
xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: property.c
xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkbUtils.c

Log Message:
Apply patch, requested by mrg in ticket #1794:

Apply upstream security fixes for the following CVEs:

   CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363,
   CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343,
   CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009,
   CVE-2021-4010, CVE-2021-4011


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \
xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \
xsrc/external/mit/libXpm/dist/src/RdFToI.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.8.1 \
xsrc/external/mit/libXpm/dist/src/WrFFrI.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/libXpm/dist/src/create.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.10.1 \
xsrc/external/mit/libXpm/dist/src/data.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/libXpm/dist/src/parse.c
cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \
xsrc/external/mit/xorg-server/dist/Xext/saver.c
cvs rdiff -u -r1.5 -r1.5.2.1 xsrc/external/mit/xorg-server/dist/Xext/xtest.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/xorg-server/dist/Xext/xvmain.c
cvs rdiff -u -r1.3 -r1.3.2.1 \
xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c \
xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/dix/property.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit

2023-01-23 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Mon Jan 23 13:33:05 UTC 2023

Modified Files:
xsrc/external/mit/libX11/dist/modules/om/generic [netbsd-8]:
omGeneric.c
xsrc/external/mit/libXpm/dist/src [netbsd-8]: RdFToI.c WrFFrI.c
create.c data.c parse.c
xsrc/external/mit/xorg-server/dist/Xext [netbsd-8]: saver.c xtest.c
xvmain.c
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xipassivegrab.c
xiproperty.c
xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: property.c
xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkbUtils.c

Log Message:
Apply patch, requested by mrg in ticket #1794:

Apply upstream security fixes for the following CVEs:

   CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363,
   CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343,
   CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009,
   CVE-2021-4010, CVE-2021-4011


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \
xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \
xsrc/external/mit/libXpm/dist/src/RdFToI.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.8.1 \
xsrc/external/mit/libXpm/dist/src/WrFFrI.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/libXpm/dist/src/create.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.10.1 \
xsrc/external/mit/libXpm/dist/src/data.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/libXpm/dist/src/parse.c
cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \
xsrc/external/mit/xorg-server/dist/Xext/saver.c
cvs rdiff -u -r1.5 -r1.5.2.1 xsrc/external/mit/xorg-server/dist/Xext/xtest.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/xorg-server/dist/Xext/xvmain.c
cvs rdiff -u -r1.3 -r1.3.2.1 \
xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c \
xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/dix/property.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c
diff -u xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1 xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.2
--- xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1	Wed Aug  5 14:10:17 2020
+++ xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c	Mon Jan 23 13:33:04 2023
@@ -1908,7 +1908,8 @@ init_om(
 char **required_list;
 XOrientation *orientation;
 char **value, buf[BUFSIZ], *bufptr;
-int count = 0, num = 0, length = 0;
+int count = 0, num = 0;
+unsigned int length = 0;
 
 _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", , );
 if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)

Index: xsrc/external/mit/libXpm/dist/src/RdFToI.c
diff -u xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4 xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4.8.1
--- xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4	Sun Mar 16 22:20:04 2014
+++ xsrc/external/mit/libXpm/dist/src/RdFToI.c	Mon Jan 23 13:33:04 2023
@@ -43,6 +43,7 @@
 #include 
 #include 
 #include 
+#include 
 #else
 #ifdef FOR_MSW
 #include 
@@ -161,7 +162,17 @@ xpmPipeThrough(
 	goto err;
 	if ( 0 == pid )
 	{
-	execlp(cmd, cmd, arg1, (char *)NULL);
+#ifdef HAVE_CLOSEFROM
+	closefrom(3);
+#elif defined(HAVE_CLOSE_RANGE)
+# ifdef CLOSE_RANGE_UNSHARE
+#  define close_range_flags CLOSE_RANGE_UNSHARE
+# else
+#  define close_range_flags 0
+#endif
+	close_range(3, ~0U, close_range_flags);
+#endif
+	execl(cmd, cmd, arg1, (char *)NULL);
 	perror(cmd);
 	goto err;
 	}
@@ -235,12 +246,12 @@ OpenReadFile(
 	if ( ext && !strcmp(ext, ".Z") )
 	{
 	mdata->type = XPMPIPE;
-	mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r");
+	mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r");
 	}
 	else if ( ext && !strcmp(ext, ".gz") )
 	{
 	mdata->type = XPMPIPE;
-	mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r");
+	mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
 	}
 	else
 #endif /* z-files */

Index: xsrc/external/mit/libXpm/dist/src/WrFFrI.c
diff -u xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5 xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5.8.1
--- xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5	Sun Mar 16 22:20:04 2014
+++ xsrc/external/mit/libXpm/dist/src/WrFFrI.c	Mon Jan 23 13:33:04 2023
@@ -336,10 +336,10 @@ OpenWriteFile(
 #ifndef NO_ZPIPE
 	len = strlen(filename);
 	if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
-	mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w");
+	mdata->stream.file =

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb

2022-07-15 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Fri Jul 15 17:19:23 UTC 2022

Modified Files:
xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkb.c

Log Message:
Apply patch, requested by mrg in ticket #1752:

xsrc-9/external/mit/xorg-server/dist/xkb/xkb.c  apply patch

Cherry-pick upstream fixes for
 * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
   Access
 * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
   Access


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/xorg-server/dist/xkb/xkb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server/dist/xkb/xkb.c
diff -u xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.1 xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.2
--- xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.1	Sun Dec  6 10:24:47 2020
+++ xsrc/external/mit/xorg-server/dist/xkb/xkb.c	Fri Jul 15 17:19:23 2022
@@ -5126,7 +5126,7 @@ _GetCountedString(char **wire_inout, Cli
 }
 
 static Status
-_CheckSetDoodad(char **wire_inout,
+_CheckSetDoodad(char **wire_inout, xkbSetGeometryReq *req,
 XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
 {
 char *wire;
@@ -5137,6 +5137,9 @@ _CheckSetDoodad(char **wire_inout,
 Status status;
 
 dWire = (xkbDoodadWireDesc *) (*wire_inout);
+if (!_XkbCheckRequestBounds(client, req, dWire, dWire + 1))
+return BadLength;
+
 any = dWire->any;
 wire = (char *) [1];
 if (client->swapped) {
@@ -5239,7 +5242,7 @@ _CheckSetDoodad(char **wire_inout,
 }
 
 static Status
-_CheckSetOverlay(char **wire_inout,
+_CheckSetOverlay(char **wire_inout, xkbSetGeometryReq *req,
  XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
 {
 register int r;
@@ -5250,6 +5253,9 @@ _CheckSetOverlay(char **wire_inout,
 
 wire = *wire_inout;
 olWire = (xkbOverlayWireDesc *) wire;
+if (!_XkbCheckRequestBounds(client, req, olWire, olWire + 1))
+return BadLength;
+
 if (client->swapped) {
 swapl(>name);
 }
@@ -5261,6 +5267,9 @@ _CheckSetOverlay(char **wire_inout,
 xkbOverlayKeyWireDesc *kWire;
 XkbOverlayRowPtr row;
 
+if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1))
+return BadLength;
+
 if (rWire->rowUnder > section->num_rows) {
 client->errorValue = _XkbErrCode4(0x20, r, section->num_rows,
   rWire->rowUnder);
@@ -5269,6 +5278,9 @@ _CheckSetOverlay(char **wire_inout,
 row = XkbAddGeomOverlayRow(ol, rWire->rowUnder, rWire->nKeys);
 kWire = (xkbOverlayKeyWireDesc *) [1];
 for (k = 0; k < rWire->nKeys; k++, kWire++) {
+if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1))
+return BadLength;
+
 if (XkbAddGeomOverlayKey(ol, row,
  (char *) kWire->over,
  (char *) kWire->under) == NULL) {
@@ -5302,6 +5314,9 @@ _CheckSetSections(XkbGeometryPtr geom,
 register int r;
 xkbRowWireDesc *rWire;
 
+if (!_XkbCheckRequestBounds(client, req, sWire, sWire + 1))
+return BadLength;
+
 if (client->swapped) {
 swapl(>name);
 swaps(>top);
@@ -5327,6 +5342,9 @@ _CheckSetSections(XkbGeometryPtr geom,
 XkbRowPtr row;
 xkbKeyWireDesc *kWire;
 
+if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1))
+return BadLength;
+
 if (client->swapped) {
 swaps(>top);
 swaps(>left);
@@ -5338,16 +5356,19 @@ _CheckSetSections(XkbGeometryPtr geom,
 row->left = rWire->left;
 row->vertical = rWire->vertical;
 kWire = (xkbKeyWireDesc *) [1];
-for (k = 0; k < rWire->nKeys; k++) {
+for (k = 0; k < rWire->nKeys; k++, kWire++) {
 XkbKeyPtr key;
 
+if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1))
+return BadLength;
+
 key = XkbAddGeomKey(row);
 if (!key)
 return BadAlloc;
-memcpy(key->name.name, kWire[k].name, XkbKeyNameLength);
-key->gap = kWire[k].gap;
-key->shape_ndx = kWire[k].shapeNdx;
-key->color_ndx = kWire[k].colorNdx;
+memcpy(key->name.name, kWire->name, XkbKeyNameLength);
+key->gap = kWire->gap;
+key->shape_ndx = kWire->shapeNdx;
+key->color_ndx = kWire->colorNdx;
 if (key->shape_ndx >= geom->num_shapes) {
 client->errorValue = _XkbErrCode3(0x10, key->shape_ndx,

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb

2022-07-15 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Fri Jul 15 17:19:23 UTC 2022

Modified Files:
xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkb.c

Log Message:
Apply patch, requested by mrg in ticket #1752:

xsrc-9/external/mit/xorg-server/dist/xkb/xkb.c  apply patch

Cherry-pick upstream fixes for
 * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
   Access
 * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
   Access


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/xorg-server/dist/xkb/xkb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist

2022-02-03 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Thu Feb  3 14:21:27 UTC 2022

Modified Files:
xsrc/external/mit/xterm/dist [netbsd-8]: graphics_sixel.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1735):

xsrc/external/mit/xterm/dist/graphics_sixel.c: revision 1.2 (patch)

apply upstream fix for CVE-2022-24130.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 \
xsrc/external/mit/xterm/dist/graphics_sixel.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xterm/dist/graphics_sixel.c
diff -u xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.1 xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.2
--- xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.1	Wed Feb 17 09:48:38 2021
+++ xsrc/external/mit/xterm/dist/graphics_sixel.c	Thu Feb  3 14:21:27 2022
@@ -1,8 +1,8 @@
 /* $XTermId: graphics_sixel.c,v 1.28 2020/08/06 20:32:33 Ben.Wong Exp $ */
 
 /*
- * Copyright 2014-2016,2020 by Ross Combs
- * Copyright 2014-2016,2020 by Thomas E. Dickey
+ * Copyright 2014-2021,2022 by Ross Combs
+ * Copyright 2014-2021,2022 by Thomas E. Dickey
  *
  * All Rights Reserved
  *
@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, 
 graphic->color_registers_used[context->background] = 1;
 }
 
-static void
+static Boolean
 set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
 {
 const int mh = graphic->max_height;
@@ -170,7 +170,10 @@ set_sixel(Graphic *graphic, SixelContext
 	   ((color != COLOR_HOLE)
 	? (unsigned) graphic->color_registers[color].b : 0U)));
 for (pix = 0; pix < 6; pix++) {
-	if (context->col < mw && context->row + pix < mh) {
+	if (context->col >= 0 &&
+	context->col < mw &&
+	context->row + pix >= 0 &&
+	context->row + pix < mh) {
 	if (sixel & (1 << pix)) {
 		if (context->col + 1 > graphic->actual_width) {
 		graphic->actual_width = context->col + 1;
@@ -183,8 +186,10 @@ set_sixel(Graphic *graphic, SixelContext
 	}
 	} else {
 	TRACE(("sixel pixel %d out of bounds\n", pix));
+	return False;
 	}
 }
+return True;
 }
 
 static void
@@ -462,8 +467,12 @@ parse_sixel(XtermWidget xw, ANSI *params
 		init_sixel_background(graphic, );
 		graphic->valid = 1;
 	}
-	if (sixel)
-		set_sixel(graphic, , sixel);
+	if (sixel) {
+		if (!set_sixel(graphic, , sixel)) {
+		context.col = 0;
+		break;
+		}
+	}
 	context.col++;
 	} else if (ch == '$') {	/* DECGCR */
 	/* ignore DECCRNLM in sixel mode */
@@ -531,8 +540,12 @@ parse_sixel(XtermWidget xw, ANSI *params
 	if (sixel) {
 		int i;
 		for (i = 0; i < Pcount; i++) {
-		set_sixel(graphic, , sixel);
-		context.col++;
+		if (set_sixel(graphic, , sixel)) {
+			context.col++;
+		} else {
+			context.col = 0;
+			break;
+		}
 		}
 	} else {
 		context.col += Pcount;

CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist

2022-02-03 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Thu Feb  3 14:21:27 UTC 2022

Modified Files:
xsrc/external/mit/xterm/dist [netbsd-8]: graphics_sixel.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1735):

xsrc/external/mit/xterm/dist/graphics_sixel.c: revision 1.2 (patch)

apply upstream fix for CVE-2022-24130.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 \
xsrc/external/mit/xterm/dist/graphics_sixel.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src

2019-07-15 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Mon Jul 15 08:26:10 UTC 2019

Modified Files:
xsrc/external/mit/xf86-video-intel/dist/src [netbsd-8]: intel_list.h

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1290):

external/mit/xf86-video-intel/dist/src/intel_list.h: revision 1.2

merge changes from xorg-server 1.20 list.h into this older version.
fixes sandy bridge crashing problems for me.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \
xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h
diff -u xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2 xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2.2.1
--- xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2	Wed Nov  5 17:56:20 2014
+++ xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h	Mon Jul 15 08:26:10 2019
@@ -305,9 +305,20 @@ list_is_empty(const struct list *head)
 #define list_last_entry(ptr, type, member) \
 list_entry((ptr)->prev, type, member)
 
-#define __container_of(ptr, sample, member)\
-(void *)((char *)(ptr)		\
-	 - ((char *)&(sample)->member - (char *)(sample)))
+#ifdef HAVE_TYPEOF
+#define __container_of(ptr, sample, member)			\
+container_of(ptr, typeof(*sample), member)
+#else
+/* This implementation of __container_of has undefined behavior according
+ * to the C standard, but it works in many cases.  If your compiler doesn't
+ * support typeof() and fails with this implementation, please try a newer
+ * compiler.
+ */
+#define __container_of(ptr, sample, member)\
+(void *)((char *)(ptr) \
+- ((char *)&(sample)->member - (char *)(sample)))
+#endif
+
 /**
  * Loop through the list given by head and set pos to struct in the list.
  *
@@ -326,12 +337,14 @@ list_is_empty(const struct list *head)
  *
  */
 #define list_for_each_entry(pos, head, member)\
-for (pos = __container_of((head)->next, pos, member);		\
+for (pos = NULL,\
+ pos = __container_of((head)->next, pos, member);		\
 	 >member != (head);	\
 	 pos = __container_of(pos->member.next, pos, member))
 
 #define list_for_each_entry_reverse(pos, head, member)\
-for (pos = __container_of((head)->prev, pos, member);		\
+for (pos = NULL,\
+ pos = __container_of((head)->prev, pos, member);		\
 	 >member != (head);	\
 	 pos = __container_of(pos->member.prev, pos, member))
 
@@ -343,7 +356,8 @@ list_is_empty(const struct list *head)
  * See list_for_each_entry for more details.
  */
 #define list_for_each_entry_safe(pos, tmp, head, member)		\
-for (pos = __container_of((head)->next, pos, member),		\
+for (pos = NULL,\
+ pos = __container_of((head)->next, pos, member),		\
 	 tmp = __container_of(pos->member.next, pos, member);		\
 	 >member != (head);	\
 	 pos = tmp, tmp = __container_of(pos->member.next, tmp, member))

CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src

2019-07-15 Thread Martin Husemann

Module Name:xsrc
Committed By:   martin
Date:   Mon Jul 15 08:26:10 UTC 2019

Modified Files:
xsrc/external/mit/xf86-video-intel/dist/src [netbsd-8]: intel_list.h

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1290):

external/mit/xf86-video-intel/dist/src/intel_list.h: revision 1.2

merge changes from xorg-server 1.20 list.h into this older version.
fixes sandy bridge crashing problems for me.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \
xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src

CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb

CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb

CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist

CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist

CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src

CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src

20 matches

Site Navigation

Mail list logo

Footer information