CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist
Module Name:xsrc Committed By: martin Date: Sun Oct 29 16:48:00 UTC 2023 Modified Files: xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xiproperty.c xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: enterleave.h xsrc/external/mit/xorg-server/dist/include [netbsd-8]: eventstr.h xsrc/external/mit/xorg-server/dist/mi [netbsd-8]: mipointer.c xsrc/external/mit/xorg-server/dist/os [netbsd-8]: auth.c xsrc/external/mit/xorg-server/dist/randr [netbsd-8]: rrproperty.c Log Message: Apply patch (requested by mrg in ticket #1918): external/mit/xorg-server/dist/dix/enterleave.h external/mit/xorg-server/dist/mi/mipointer.c external/mit/xorg-server/dist/include/eventstr.h external/mit/xorg-server/dist/randr/rrproperty.c external/mit/xorg-server/dist/os/auth.c external/mit/xorg-server/dist/Xi/xiproperty.c merge security fixes from xorg-server 21.1.9 into xorg-server 1.18.4. Fixes CVE-2023-5367 and CVE-2023-5380. To generate a diff of this commit: cvs rdiff -u -r1.3.2.1 -r1.3.2.2 \ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ xsrc/external/mit/xorg-server/dist/dix/enterleave.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ xsrc/external/mit/xorg-server/dist/include/eventstr.h cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \ xsrc/external/mit/xorg-server/dist/mi/mipointer.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server/dist/os/auth.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/randr/rrproperty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c diff -u xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.1 xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.2 --- xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.1 Mon Jan 23 13:33:04 2023 +++ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c Sun Oct 29 16:48:00 2023 @@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, XIDestroyDeviceProperty(prop); return BadAlloc; } -new_value.size = len; +new_value.size = total_len; new_value.type = type; new_value.format = format; @@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, case PropModePrepend: new_data = new_value.data; old_data = (void *) (((char *) new_value.data) + - (prop_value->size * size_in_bytes)); + (len * size_in_bytes)); break; } if (new_data) Index: xsrc/external/mit/xorg-server/dist/dix/enterleave.h diff -u xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3 xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3.2.1 --- xsrc/external/mit/xorg-server/dist/dix/enterleave.h:1.1.1.3 Wed Aug 10 07:44:32 2016 +++ xsrc/external/mit/xorg-server/dist/dix/enterleave.h Sun Oct 29 16:48:00 2023 @@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPt extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode); -extern void LeaveWindow(DeviceIntPtr dev); - extern void CoreFocusEvent(DeviceIntPtr kbd, int type, int mode, int detail, WindowPtr pWin); Index: xsrc/external/mit/xorg-server/dist/include/eventstr.h diff -u xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4 xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4.2.1 --- xsrc/external/mit/xorg-server/dist/include/eventstr.h:1.1.1.4 Wed Aug 10 07:44:32 2016 +++ xsrc/external/mit/xorg-server/dist/include/eventstr.h Sun Oct 29 16:48:00 2023 @@ -286,4 +286,7 @@ union _InternalEvent { #endif }; +extern void +LeaveWindow(DeviceIntPtr dev); + #endif Index: xsrc/external/mit/xorg-server/dist/mi/mipointer.c diff -u xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6 xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6.2.1 --- xsrc/external/mit/xorg-server/dist/mi/mipointer.c:1.1.1.6 Wed Aug 10 07:44:32 2016 +++ xsrc/external/mit/xorg-server/dist/mi/mipointer.c Sun Oct 29 16:48:00 2023 @@ -385,8 +385,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, S #ifdef PANORAMIX && noPanoramiXExtension #endif -) -UpdateSpriteForScreen(pDev, pScreen); +) { +DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER); +/* Hack for CVE-2023-5380: if we're moving + * screens PointerWindows[] keeps referring to the + * old window. If that gets destroyed we have a UAF + * bug later. Only happens when jumping from a window + * to the root window on the other screen. + * Enter/Leave events are incorrect for that case but + * too niche to fix. + */ +LeaveWindow(pDev); +if
CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist
Module Name:xsrc Committed By: martin Date: Sun Oct 29 16:48:00 UTC 2023 Modified Files: xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xiproperty.c xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: enterleave.h xsrc/external/mit/xorg-server/dist/include [netbsd-8]: eventstr.h xsrc/external/mit/xorg-server/dist/mi [netbsd-8]: mipointer.c xsrc/external/mit/xorg-server/dist/os [netbsd-8]: auth.c xsrc/external/mit/xorg-server/dist/randr [netbsd-8]: rrproperty.c Log Message: Apply patch (requested by mrg in ticket #1918): external/mit/xorg-server/dist/dix/enterleave.h external/mit/xorg-server/dist/mi/mipointer.c external/mit/xorg-server/dist/include/eventstr.h external/mit/xorg-server/dist/randr/rrproperty.c external/mit/xorg-server/dist/os/auth.c external/mit/xorg-server/dist/Xi/xiproperty.c merge security fixes from xorg-server 21.1.9 into xorg-server 1.18.4. Fixes CVE-2023-5367 and CVE-2023-5380. To generate a diff of this commit: cvs rdiff -u -r1.3.2.1 -r1.3.2.2 \ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ xsrc/external/mit/xorg-server/dist/dix/enterleave.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ xsrc/external/mit/xorg-server/dist/include/eventstr.h cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \ xsrc/external/mit/xorg-server/dist/mi/mipointer.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server/dist/os/auth.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/randr/rrproperty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist
Module Name:xsrc Committed By: martin Date: Sun Oct 29 16:38:07 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: xiproperty.c xsrc/external/mit/xorg-server.old/dist/dix [netbsd-8]: enterleave.h xsrc/external/mit/xorg-server.old/dist/include [netbsd-8]: eventstr.h xsrc/external/mit/xorg-server.old/dist/mi [netbsd-8]: mipointer.c xsrc/external/mit/xorg-server.old/dist/os [netbsd-8]: auth.c xsrc/external/mit/xorg-server.old/dist/randr [netbsd-8]: rrproperty.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1917): external/mit/xorg-server.old/dist/dix/enterleave.h: revision 1.2 external/mit/xorg-server.old/dist/mi/mipointer.c: revision 1.2 external/mit/xorg-server.old/dist/include/eventstr.h: revision 1.2 external/mit/xorg-server.old/dist/randr/rrproperty.c: revision 1.2 external/mit/xorg-server.old/dist/os/auth.c: revision 1.4 external/mit/xorg-server.old/dist/Xi/xiproperty.c: revision 1.2 merge security fixes from xorg-server 21.1.9 into xorg-server 1.10.6. Fixes CVE-2023-5367 and CVE-2023-5380. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/include/eventstr.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server.old/dist/os/auth.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c diff -u xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c Sun Oct 29 16:38:07 2023 @@ -753,7 +753,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev XIDestroyDeviceProperty (prop); return BadAlloc; } -new_value.size = len; +new_value.size = total_len; new_value.type = type; new_value.format = format; @@ -770,7 +770,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev case PropModePrepend: new_data = new_value.data; old_data = (pointer) (((char *) new_value.data) + - (prop_value->size * size_in_bytes)); + (len * size_in_bytes)); break; } if (new_data) Index: xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h diff -u xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h Sun Oct 29 16:38:07 2023 @@ -76,8 +76,6 @@ extern void EnterWindow(DeviceIntPtr dev WindowPtr win, int mode); -extern void LeaveWindow(DeviceIntPtr dev); - extern void CoreFocusEvent(DeviceIntPtr kbd, int type, int mode, Index: xsrc/external/mit/xorg-server.old/dist/include/eventstr.h diff -u xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1 Thu Jun 9 09:08:00 2016 +++ xsrc/external/mit/xorg-server.old/dist/include/eventstr.h Sun Oct 29 16:38:07 2023 @@ -243,4 +243,7 @@ union _InternalEvent { #endif }; +extern void +LeaveWindow(DeviceIntPtr dev); + #endif Index: xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c diff -u xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1 Thu Jun 9 09:08:00 2016 +++ xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c Sun Oct 29 16:38:07 2023 @@ -41,6 +41,8 @@ in this Software without prior written a # include "inputstr.h" # include "inpututils.h" +# include "eventstr.h" + DevPrivateKeyRec miPointerScreenKeyRec; #define GetScreenPrivate(s) ((miPointerScreenPtr) \ @@ -318,8 +320,21 @@ miPointerWarpCursor (DeviceIntPtr pDev, #ifdef PANORAMIX && noPanoramiXExtension #endif - ) -UpdateSpriteForScreen (pDev, pScreen) ; + ) { +DeviceIntPtr master =
CVS commit: [netbsd-8] xsrc/external/mit/xorg-server.old/dist
Module Name:xsrc Committed By: martin Date: Sun Oct 29 16:38:07 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: xiproperty.c xsrc/external/mit/xorg-server.old/dist/dix [netbsd-8]: enterleave.h xsrc/external/mit/xorg-server.old/dist/include [netbsd-8]: eventstr.h xsrc/external/mit/xorg-server.old/dist/mi [netbsd-8]: mipointer.c xsrc/external/mit/xorg-server.old/dist/os [netbsd-8]: auth.c xsrc/external/mit/xorg-server.old/dist/randr [netbsd-8]: rrproperty.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1917): external/mit/xorg-server.old/dist/dix/enterleave.h: revision 1.2 external/mit/xorg-server.old/dist/mi/mipointer.c: revision 1.2 external/mit/xorg-server.old/dist/include/eventstr.h: revision 1.2 external/mit/xorg-server.old/dist/randr/rrproperty.c: revision 1.2 external/mit/xorg-server.old/dist/os/auth.c: revision 1.4 external/mit/xorg-server.old/dist/Xi/xiproperty.c: revision 1.2 merge security fixes from xorg-server 21.1.9 into xorg-server 1.10.6. Fixes CVE-2023-5367 and CVE-2023-5380. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/include/eventstr.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server.old/dist/os/auth.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Wed Oct 4 15:17:13 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-8]: CrPixmap.c ImUtil.c PutImage.c xsrc/external/mit/libX11/dist/src/xkb [netbsd-8]: XKBGetMap.c xsrc/external/mit/libXpm/dist/src [netbsd-8]: CrPFrBuf.c CrPFrDat.c CrPFrI.c RdFToP.c XpmI.h create.c data.c Log Message: Apply patch, requested by mrg in ticket #1908: xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c(apply patch) xsrc/external/mit/libXpm/dist/src/CrPFrDat.c(apply patch) xsrc/external/mit/libXpm/dist/src/CrPFrI.c (apply patch) xsrc/external/mit/libXpm/dist/src/RdFToP.c (apply patch) xsrc/external/mit/libXpm/dist/src/XpmI.h(apply patch) xsrc/external/mit/libXpm/dist/src/create.c (apply patch) xsrc/external/mit/libXpm/dist/src/data.c(apply patch) xsrc/external/mit/libX11/dist/src/CrPixmap.c(apply patch) xsrc/external/mit/libX11/dist/src/ImUtil.c (apply patch) xsrc/external/mit/libX11/dist/src/PutImage.c(apply patch) xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c (apply patch) Backport of upstream libX11 and libXpm 2023-10 security updates, fixing: CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789 To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \ xsrc/external/mit/libX11/dist/src/CrPixmap.c cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ xsrc/external/mit/libX11/dist/src/ImUtil.c cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \ xsrc/external/mit/libX11/dist/src/PutImage.c cvs rdiff -u -r1.1.1.6.8.1 -r1.1.1.6.8.2 \ xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \ xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c \ xsrc/external/mit/libXpm/dist/src/CrPFrDat.c \ xsrc/external/mit/libXpm/dist/src/CrPFrI.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \ xsrc/external/mit/libXpm/dist/src/RdFToP.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.10.1 \ xsrc/external/mit/libXpm/dist/src/XpmI.h cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/libXpm/dist/src/create.c cvs rdiff -u -r1.1.1.4.10.1 -r1.1.1.4.10.2 \ xsrc/external/mit/libXpm/dist/src/data.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/libX11/dist/src/CrPixmap.c diff -u xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2 xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2.16.1 --- xsrc/external/mit/libX11/dist/src/CrPixmap.c:1.1.1.2 Sat May 22 01:22:12 2010 +++ xsrc/external/mit/libX11/dist/src/CrPixmap.c Wed Oct 4 15:17:12 2023 @@ -28,6 +28,7 @@ in this Software without prior written a #include #endif #include "Xlibint.h" +#include #ifdef USE_DYNAMIC_XCURSOR void @@ -47,6 +48,16 @@ Pixmap XCreatePixmap ( Pixmap pid; register xCreatePixmapReq *req; +/* + * Force a BadValue X Error if the requested dimensions are larger + * than the X11 protocol has room for, since that's how callers expect + * to get notified of errors. + */ +if (width > USHRT_MAX) +width = 0; +if (height > USHRT_MAX) +height = 0; + LockDisplay(dpy); GetReq(CreatePixmap, req); req->drawable = d; Index: xsrc/external/mit/libX11/dist/src/ImUtil.c diff -u xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8 xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8.2.1 --- xsrc/external/mit/libX11/dist/src/ImUtil.c:1.1.1.8 Sun Jul 19 08:08:36 2015 +++ xsrc/external/mit/libX11/dist/src/ImUtil.c Wed Oct 4 15:17:12 2023 @@ -30,6 +30,7 @@ in this Software without prior written a #include #include #include +#include #include "ImUtil.h" static int _XDestroyImage(XImage *); @@ -361,13 +362,22 @@ XImage *XCreateImage ( /* * compute per line accelerator. */ - { - if (format == ZPixmap) + if (format == ZPixmap) { + if ((INT_MAX / bits_per_pixel) < width) { + Xfree(image); + return NULL; + } + min_bytes_per_line = - ROUNDUP((bits_per_pixel * width), image->bitmap_pad); - else + ROUNDUP((bits_per_pixel * width), image->bitmap_pad); + } else { + if ((INT_MAX - offset) < width) { + Xfree(image); + return NULL; + } + min_bytes_per_line = - ROUNDUP((width + offset), image->bitmap_pad); + ROUNDUP((width + offset), image->bitmap_pad); } if (image_bytes_per_line == 0) { image->bytes_per_line = min_bytes_per_line; Index: xsrc/external/mit/libX11/dist/src/PutImage.c diff -u xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.1 xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.2 --- xsrc/external/mit/libX11/dist/src/PutImage.c:1.1.1.7.2.1 Wed Aug 5 14:10:19 2020 +++ xsrc/external/mit/libX11/dist/src/PutImage.c Wed Oct 4
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Wed Oct 4 15:17:13 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-8]: CrPixmap.c ImUtil.c PutImage.c xsrc/external/mit/libX11/dist/src/xkb [netbsd-8]: XKBGetMap.c xsrc/external/mit/libXpm/dist/src [netbsd-8]: CrPFrBuf.c CrPFrDat.c CrPFrI.c RdFToP.c XpmI.h create.c data.c Log Message: Apply patch, requested by mrg in ticket #1908: xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c(apply patch) xsrc/external/mit/libXpm/dist/src/CrPFrDat.c(apply patch) xsrc/external/mit/libXpm/dist/src/CrPFrI.c (apply patch) xsrc/external/mit/libXpm/dist/src/RdFToP.c (apply patch) xsrc/external/mit/libXpm/dist/src/XpmI.h(apply patch) xsrc/external/mit/libXpm/dist/src/create.c (apply patch) xsrc/external/mit/libXpm/dist/src/data.c(apply patch) xsrc/external/mit/libX11/dist/src/CrPixmap.c(apply patch) xsrc/external/mit/libX11/dist/src/ImUtil.c (apply patch) xsrc/external/mit/libX11/dist/src/PutImage.c(apply patch) xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c (apply patch) Backport of upstream libX11 and libXpm 2023-10 security updates, fixing: CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788, CVE-2023-43789 To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \ xsrc/external/mit/libX11/dist/src/CrPixmap.c cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ xsrc/external/mit/libX11/dist/src/ImUtil.c cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \ xsrc/external/mit/libX11/dist/src/PutImage.c cvs rdiff -u -r1.1.1.6.8.1 -r1.1.1.6.8.2 \ xsrc/external/mit/libX11/dist/src/xkb/XKBGetMap.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.16.1 \ xsrc/external/mit/libXpm/dist/src/CrPFrBuf.c \ xsrc/external/mit/libXpm/dist/src/CrPFrDat.c \ xsrc/external/mit/libXpm/dist/src/CrPFrI.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \ xsrc/external/mit/libXpm/dist/src/RdFToP.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.10.1 \ xsrc/external/mit/libXpm/dist/src/XpmI.h cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/libXpm/dist/src/create.c cvs rdiff -u -r1.1.1.4.10.1 -r1.1.1.4.10.2 \ xsrc/external/mit/libXpm/dist/src/data.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src
Module Name:xsrc Committed By: snj Date: Tue Jun 20 23:00:39 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-8]: InitExt.c Log Message: Apply patch (requested by mrg in ticket #1826): InitExt.c: Add bounds checks for extension request, event, & error codes Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ xsrc/external/mit/libX11/dist/src/InitExt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit/libX11/dist/src
Module Name:xsrc Committed By: snj Date: Tue Jun 20 23:00:39 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/src [netbsd-8]: InitExt.c Log Message: Apply patch (requested by mrg in ticket #1826): InitExt.c: Add bounds checks for extension request, event, & error codes Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ xsrc/external/mit/libX11/dist/src/InitExt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/libX11/dist/src/InitExt.c diff -u xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7 xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7.2.1 --- xsrc/external/mit/libX11/dist/src/InitExt.c:1.1.1.7 Sun Jul 19 08:08:36 2015 +++ xsrc/external/mit/libX11/dist/src/InitExt.c Tue Jun 20 23:00:39 2023 @@ -33,6 +33,18 @@ from The Open Group. #include #include +/* The X11 protocol spec reserves events 64 through 127 for extensions */ +#ifndef LastExtensionEvent +#define LastExtensionEvent 127 +#endif + +/* The X11 protocol spec reserves requests 128 through 255 for extensions */ +#ifndef LastExtensionRequest +#define FirstExtensionRequest 128 +#define LastExtensionRequest 255 +#endif + + /* * This routine is used to link a extension in so it will be called * at appropriate times. @@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent( WireToEventType proc) /* routine to call when converting event */ { register WireToEventType oldproc; + if (event_number < 0 || + event_number > LastExtensionEvent) { + fprintf(stderr, "Xlib: ignoring invalid extension event %d\n", + event_number); + return (WireToEventType)_XUnknownWireEvent; + } if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent; LockDisplay (dpy); oldproc = dpy->event_vec[event_number]; @@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCo ) { WireToEventCookieType oldproc; + if (extension < FirstExtensionRequest || + extension > LastExtensionRequest) { + fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n", + extension); + return (WireToEventCookieType)_XUnknownWireEventCookie; + } if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie; LockDisplay (dpy); oldproc = dpy->generic_event_vec[extension & 0x7F]; @@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie ) { CopyEventCookieType oldproc; + if (extension < FirstExtensionRequest || + extension > LastExtensionRequest) { + fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n", + extension); + return (CopyEventCookieType)_XUnknownCopyEventCookie; + } if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie; LockDisplay (dpy); oldproc = dpy->generic_event_copy_vec[extension & 0x7F]; @@ -305,6 +335,12 @@ EventToWireType XESetEventToWire( EventToWireType proc) /* routine to call when converting event */ { register EventToWireType oldproc; + if (event_number < 0 || + event_number > LastExtensionEvent) { + fprintf(stderr, "Xlib: ignoring invalid extension event %d\n", + event_number); + return (EventToWireType)_XUnknownNativeEvent; + } if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent; LockDisplay (dpy); oldproc = dpy->wire_vec[event_number]; @@ -325,6 +361,12 @@ WireToErrorType XESetWireToError( WireToErrorType proc) /* routine to call when converting error */ { register WireToErrorType oldproc = NULL; + if (error_number < 0 || + error_number > LastExtensionError) { + fprintf(stderr, "Xlib: ignoring invalid extension error %d\n", + error_number); + return (WireToErrorType)_XDefaultWireError; + } if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError; LockDisplay (dpy); if (!dpy->error_vec) {
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Sat Apr 1 15:36:27 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/composite [netbsd-8]: compwindow.c xsrc/external/mit/xorg-server/dist/composite [netbsd-8]: compwindow.c Log Message: Pull up the following, requested by mrg in ticket #1812: xsrc/external/mit/xorg-server/dist/composite/compwindow.c up to 1.1.1.9 (patch) xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c 1.2 (patch) Fix ZDI-CAN-19866 and CVE-2023-1393, a use-after-free problem. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \ xsrc/external/mit/xorg-server/dist/composite/compwindow.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c diff -u xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c Sat Apr 1 15:36:27 2023 @@ -588,6 +588,11 @@ compDestroyWindow (WindowPtr pWin) ret = (*pScreen->DestroyWindow) (pWin); cs->DestroyWindow = pScreen->DestroyWindow; pScreen->DestroyWindow = compDestroyWindow; + +/* Did we just destroy the overlay window? */ +if (pWin == cs->pOverlayWin) +cs->pOverlayWin = NULL; + /*compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ return ret; } Index: xsrc/external/mit/xorg-server/dist/composite/compwindow.c diff -u xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6 xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6.2.1 --- xsrc/external/mit/xorg-server/dist/composite/compwindow.c:1.1.1.6 Wed Aug 10 07:44:35 2016 +++ xsrc/external/mit/xorg-server/dist/composite/compwindow.c Sat Apr 1 15:36:27 2023 @@ -609,6 +609,11 @@ compDestroyWindow(WindowPtr pWin) ret = (*pScreen->DestroyWindow) (pWin); cs->DestroyWindow = pScreen->DestroyWindow; pScreen->DestroyWindow = compDestroyWindow; + +/* Did we just destroy the overlay window? */ +if (pWin == cs->pOverlayWin) +cs->pOverlayWin = NULL; + /*compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ return ret; }
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Sat Apr 1 15:36:27 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/composite [netbsd-8]: compwindow.c xsrc/external/mit/xorg-server/dist/composite [netbsd-8]: compwindow.c Log Message: Pull up the following, requested by mrg in ticket #1812: xsrc/external/mit/xorg-server/dist/composite/compwindow.c up to 1.1.1.9 (patch) xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c 1.2 (patch) Fix ZDI-CAN-19866 and CVE-2023-1393, a use-after-free problem. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/composite/compwindow.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.2.1 \ xsrc/external/mit/xorg-server/dist/composite/compwindow.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Tue Feb 14 15:54:26 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: exevents.c xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: exevents.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1797): external/mit/xorg-server.old/dist/Xi/exevents.c: revision 1.2 external/mit/xorg-server/dist/Xi/exevents.c (apply patch) pullover fix from xorg-server 21.1.7: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec Xi: fix potential use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer's avatarPeter Hutterer To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ xsrc/external/mit/xorg-server/dist/Xi/exevents.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c diff -u xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1.2.1 --- xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c Tue Feb 14 15:54:26 2023 @@ -586,8 +586,10 @@ DeepCopyPointerClasses(DeviceIntPtr from } memcpy(to->button->xkb_acts, from->button->xkb_acts, sizeof(XkbAction)); -} else +} else { free(to->button->xkb_acts); +to->button->xkb_acts = NULL; + } memcpy(to->button->labels, from->button->labels, from->button->numButtons * sizeof(Atom)); Index: xsrc/external/mit/xorg-server/dist/Xi/exevents.c diff -u xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8 xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8.2.1 --- xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.8 Wed Aug 10 07:44:31 2016 +++ xsrc/external/mit/xorg-server/dist/Xi/exevents.c Tue Feb 14 15:54:26 2023 @@ -574,9 +574,10 @@ DeepCopyPointerClasses(DeviceIntPtr from } memcpy(to->button->xkb_acts, from->button->xkb_acts, sizeof(XkbAction)); -} -else +} else { free(to->button->xkb_acts); +to->button->xkb_acts = NULL; + } memcpy(to->button->labels, from->button->labels, from->button->numButtons * sizeof(Atom));
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Tue Feb 14 15:54:26 UTC 2023 Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: exevents.c xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: exevents.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1797): external/mit/xorg-server.old/dist/Xi/exevents.c: revision 1.2 external/mit/xorg-server/dist/Xi/exevents.c (apply patch) pullover fix from xorg-server 21.1.7: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec Xi: fix potential use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer's avatarPeter Hutterer To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ xsrc/external/mit/xorg-server/dist/Xi/exevents.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Mon Jan 23 13:33:05 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/modules/om/generic [netbsd-8]: omGeneric.c xsrc/external/mit/libXpm/dist/src [netbsd-8]: RdFToI.c WrFFrI.c create.c data.c parse.c xsrc/external/mit/xorg-server/dist/Xext [netbsd-8]: saver.c xtest.c xvmain.c xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xipassivegrab.c xiproperty.c xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: property.c xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkbUtils.c Log Message: Apply patch, requested by mrg in ticket #1794: Apply upstream security fixes for the following CVEs: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343, CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011 To generate a diff of this commit: cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \ xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \ xsrc/external/mit/libXpm/dist/src/RdFToI.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.8.1 \ xsrc/external/mit/libXpm/dist/src/WrFFrI.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/libXpm/dist/src/create.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.10.1 \ xsrc/external/mit/libXpm/dist/src/data.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/libXpm/dist/src/parse.c cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \ xsrc/external/mit/xorg-server/dist/Xext/saver.c cvs rdiff -u -r1.5 -r1.5.2.1 xsrc/external/mit/xorg-server/dist/Xext/xtest.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ xsrc/external/mit/xorg-server/dist/Xext/xvmain.c cvs rdiff -u -r1.3 -r1.3.2.1 \ xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c \ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/dix/property.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit
Module Name:xsrc Committed By: martin Date: Mon Jan 23 13:33:05 UTC 2023 Modified Files: xsrc/external/mit/libX11/dist/modules/om/generic [netbsd-8]: omGeneric.c xsrc/external/mit/libXpm/dist/src [netbsd-8]: RdFToI.c WrFFrI.c create.c data.c parse.c xsrc/external/mit/xorg-server/dist/Xext [netbsd-8]: saver.c xtest.c xvmain.c xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xipassivegrab.c xiproperty.c xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: property.c xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkbUtils.c Log Message: Apply patch, requested by mrg in ticket #1794: Apply upstream security fixes for the following CVEs: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343, CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011 To generate a diff of this commit: cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \ xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \ xsrc/external/mit/libXpm/dist/src/RdFToI.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.8.1 \ xsrc/external/mit/libXpm/dist/src/WrFFrI.c cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/libXpm/dist/src/create.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.10.1 \ xsrc/external/mit/libXpm/dist/src/data.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/libXpm/dist/src/parse.c cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \ xsrc/external/mit/xorg-server/dist/Xext/saver.c cvs rdiff -u -r1.5 -r1.5.2.1 xsrc/external/mit/xorg-server/dist/Xext/xtest.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ xsrc/external/mit/xorg-server/dist/Xext/xvmain.c cvs rdiff -u -r1.3 -r1.3.2.1 \ xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c \ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/dix/property.c cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c diff -u xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1 xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.2 --- xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1 Wed Aug 5 14:10:17 2020 +++ xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c Mon Jan 23 13:33:04 2023 @@ -1908,7 +1908,8 @@ init_om( char **required_list; XOrientation *orientation; char **value, buf[BUFSIZ], *bufptr; -int count = 0, num = 0, length = 0; +int count = 0, num = 0; +unsigned int length = 0; _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", , ); if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) Index: xsrc/external/mit/libXpm/dist/src/RdFToI.c diff -u xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4 xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4.8.1 --- xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4 Sun Mar 16 22:20:04 2014 +++ xsrc/external/mit/libXpm/dist/src/RdFToI.c Mon Jan 23 13:33:04 2023 @@ -43,6 +43,7 @@ #include #include #include +#include #else #ifdef FOR_MSW #include @@ -161,7 +162,17 @@ xpmPipeThrough( goto err; if ( 0 == pid ) { - execlp(cmd, cmd, arg1, (char *)NULL); +#ifdef HAVE_CLOSEFROM + closefrom(3); +#elif defined(HAVE_CLOSE_RANGE) +# ifdef CLOSE_RANGE_UNSHARE +# define close_range_flags CLOSE_RANGE_UNSHARE +# else +# define close_range_flags 0 +#endif + close_range(3, ~0U, close_range_flags); +#endif + execl(cmd, cmd, arg1, (char *)NULL); perror(cmd); goto err; } @@ -235,12 +246,12 @@ OpenReadFile( if ( ext && !strcmp(ext, ".Z") ) { mdata->type = XPMPIPE; - mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r"); + mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r"); } else if ( ext && !strcmp(ext, ".gz") ) { mdata->type = XPMPIPE; - mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r"); + mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r"); } else #endif /* z-files */ Index: xsrc/external/mit/libXpm/dist/src/WrFFrI.c diff -u xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5 xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5.8.1 --- xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5 Sun Mar 16 22:20:04 2014 +++ xsrc/external/mit/libXpm/dist/src/WrFFrI.c Mon Jan 23 13:33:04 2023 @@ -336,10 +336,10 @@ OpenWriteFile( #ifndef NO_ZPIPE len = strlen(filename); if (len > 2 && !strcmp(".Z", filename + (len - 2))) { - mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w"); + mdata->stream.file =
CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb
Module Name:xsrc Committed By: martin Date: Fri Jul 15 17:19:23 UTC 2022 Modified Files: xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkb.c Log Message: Apply patch, requested by mrg in ticket #1752: xsrc-9/external/mit/xorg-server/dist/xkb/xkb.c apply patch Cherry-pick upstream fixes for * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access To generate a diff of this commit: cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/xorg-server/dist/xkb/xkb.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xorg-server/dist/xkb/xkb.c diff -u xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.1 xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.2 --- xsrc/external/mit/xorg-server/dist/xkb/xkb.c:1.3.2.1 Sun Dec 6 10:24:47 2020 +++ xsrc/external/mit/xorg-server/dist/xkb/xkb.c Fri Jul 15 17:19:23 2022 @@ -5126,7 +5126,7 @@ _GetCountedString(char **wire_inout, Cli } static Status -_CheckSetDoodad(char **wire_inout, +_CheckSetDoodad(char **wire_inout, xkbSetGeometryReq *req, XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client) { char *wire; @@ -5137,6 +5137,9 @@ _CheckSetDoodad(char **wire_inout, Status status; dWire = (xkbDoodadWireDesc *) (*wire_inout); +if (!_XkbCheckRequestBounds(client, req, dWire, dWire + 1)) +return BadLength; + any = dWire->any; wire = (char *) [1]; if (client->swapped) { @@ -5239,7 +5242,7 @@ _CheckSetDoodad(char **wire_inout, } static Status -_CheckSetOverlay(char **wire_inout, +_CheckSetOverlay(char **wire_inout, xkbSetGeometryReq *req, XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client) { register int r; @@ -5250,6 +5253,9 @@ _CheckSetOverlay(char **wire_inout, wire = *wire_inout; olWire = (xkbOverlayWireDesc *) wire; +if (!_XkbCheckRequestBounds(client, req, olWire, olWire + 1)) +return BadLength; + if (client->swapped) { swapl(>name); } @@ -5261,6 +5267,9 @@ _CheckSetOverlay(char **wire_inout, xkbOverlayKeyWireDesc *kWire; XkbOverlayRowPtr row; +if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1)) +return BadLength; + if (rWire->rowUnder > section->num_rows) { client->errorValue = _XkbErrCode4(0x20, r, section->num_rows, rWire->rowUnder); @@ -5269,6 +5278,9 @@ _CheckSetOverlay(char **wire_inout, row = XkbAddGeomOverlayRow(ol, rWire->rowUnder, rWire->nKeys); kWire = (xkbOverlayKeyWireDesc *) [1]; for (k = 0; k < rWire->nKeys; k++, kWire++) { +if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1)) +return BadLength; + if (XkbAddGeomOverlayKey(ol, row, (char *) kWire->over, (char *) kWire->under) == NULL) { @@ -5302,6 +5314,9 @@ _CheckSetSections(XkbGeometryPtr geom, register int r; xkbRowWireDesc *rWire; +if (!_XkbCheckRequestBounds(client, req, sWire, sWire + 1)) +return BadLength; + if (client->swapped) { swapl(>name); swaps(>top); @@ -5327,6 +5342,9 @@ _CheckSetSections(XkbGeometryPtr geom, XkbRowPtr row; xkbKeyWireDesc *kWire; +if (!_XkbCheckRequestBounds(client, req, rWire, rWire + 1)) +return BadLength; + if (client->swapped) { swaps(>top); swaps(>left); @@ -5338,16 +5356,19 @@ _CheckSetSections(XkbGeometryPtr geom, row->left = rWire->left; row->vertical = rWire->vertical; kWire = (xkbKeyWireDesc *) [1]; -for (k = 0; k < rWire->nKeys; k++) { +for (k = 0; k < rWire->nKeys; k++, kWire++) { XkbKeyPtr key; +if (!_XkbCheckRequestBounds(client, req, kWire, kWire + 1)) +return BadLength; + key = XkbAddGeomKey(row); if (!key) return BadAlloc; -memcpy(key->name.name, kWire[k].name, XkbKeyNameLength); -key->gap = kWire[k].gap; -key->shape_ndx = kWire[k].shapeNdx; -key->color_ndx = kWire[k].colorNdx; +memcpy(key->name.name, kWire->name, XkbKeyNameLength); +key->gap = kWire->gap; +key->shape_ndx = kWire->shapeNdx; +key->color_ndx = kWire->colorNdx; if (key->shape_ndx >= geom->num_shapes) { client->errorValue = _XkbErrCode3(0x10, key->shape_ndx,
CVS commit: [netbsd-8] xsrc/external/mit/xorg-server/dist/xkb
Module Name:xsrc Committed By: martin Date: Fri Jul 15 17:19:23 UTC 2022 Modified Files: xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkb.c Log Message: Apply patch, requested by mrg in ticket #1752: xsrc-9/external/mit/xorg-server/dist/xkb/xkb.c apply patch Cherry-pick upstream fixes for * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access To generate a diff of this commit: cvs rdiff -u -r1.3.2.1 -r1.3.2.2 xsrc/external/mit/xorg-server/dist/xkb/xkb.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist
Module Name:xsrc Committed By: martin Date: Thu Feb 3 14:21:27 UTC 2022 Modified Files: xsrc/external/mit/xterm/dist [netbsd-8]: graphics_sixel.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1735): xsrc/external/mit/xterm/dist/graphics_sixel.c: revision 1.2 (patch) apply upstream fix for CVE-2022-24130. To generate a diff of this commit: cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 \ xsrc/external/mit/xterm/dist/graphics_sixel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xterm/dist/graphics_sixel.c diff -u xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.1 xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.2 --- xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.2.1 Wed Feb 17 09:48:38 2021 +++ xsrc/external/mit/xterm/dist/graphics_sixel.c Thu Feb 3 14:21:27 2022 @@ -1,8 +1,8 @@ /* $XTermId: graphics_sixel.c,v 1.28 2020/08/06 20:32:33 Ben.Wong Exp $ */ /* - * Copyright 2014-2016,2020 by Ross Combs - * Copyright 2014-2016,2020 by Thomas E. Dickey + * Copyright 2014-2021,2022 by Ross Combs + * Copyright 2014-2021,2022 by Thomas E. Dickey * * All Rights Reserved * @@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, graphic->color_registers_used[context->background] = 1; } -static void +static Boolean set_sixel(Graphic *graphic, SixelContext const *context, int sixel) { const int mh = graphic->max_height; @@ -170,7 +170,10 @@ set_sixel(Graphic *graphic, SixelContext ((color != COLOR_HOLE) ? (unsigned) graphic->color_registers[color].b : 0U))); for (pix = 0; pix < 6; pix++) { - if (context->col < mw && context->row + pix < mh) { + if (context->col >= 0 && + context->col < mw && + context->row + pix >= 0 && + context->row + pix < mh) { if (sixel & (1 << pix)) { if (context->col + 1 > graphic->actual_width) { graphic->actual_width = context->col + 1; @@ -183,8 +186,10 @@ set_sixel(Graphic *graphic, SixelContext } } else { TRACE(("sixel pixel %d out of bounds\n", pix)); + return False; } } +return True; } static void @@ -462,8 +467,12 @@ parse_sixel(XtermWidget xw, ANSI *params init_sixel_background(graphic, ); graphic->valid = 1; } - if (sixel) - set_sixel(graphic, , sixel); + if (sixel) { + if (!set_sixel(graphic, , sixel)) { + context.col = 0; + break; + } + } context.col++; } else if (ch == '$') { /* DECGCR */ /* ignore DECCRNLM in sixel mode */ @@ -531,8 +540,12 @@ parse_sixel(XtermWidget xw, ANSI *params if (sixel) { int i; for (i = 0; i < Pcount; i++) { - set_sixel(graphic, , sixel); - context.col++; + if (set_sixel(graphic, , sixel)) { + context.col++; + } else { + context.col = 0; + break; + } } } else { context.col += Pcount;
CVS commit: [netbsd-8] xsrc/external/mit/xterm/dist
Module Name:xsrc Committed By: martin Date: Thu Feb 3 14:21:27 UTC 2022 Modified Files: xsrc/external/mit/xterm/dist [netbsd-8]: graphics_sixel.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1735): xsrc/external/mit/xterm/dist/graphics_sixel.c: revision 1.2 (patch) apply upstream fix for CVE-2022-24130. To generate a diff of this commit: cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 \ xsrc/external/mit/xterm/dist/graphics_sixel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src
Module Name:xsrc Committed By: martin Date: Mon Jul 15 08:26:10 UTC 2019 Modified Files: xsrc/external/mit/xf86-video-intel/dist/src [netbsd-8]: intel_list.h Log Message: Pull up following revision(s) (requested by mrg in ticket #1290): external/mit/xf86-video-intel/dist/src/intel_list.h: revision 1.2 merge changes from xorg-server 1.20 list.h into this older version. fixes sandy bridge crashing problems for me. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h diff -u xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2 xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2.2.1 --- xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h:1.1.1.2 Wed Nov 5 17:56:20 2014 +++ xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h Mon Jul 15 08:26:10 2019 @@ -305,9 +305,20 @@ list_is_empty(const struct list *head) #define list_last_entry(ptr, type, member) \ list_entry((ptr)->prev, type, member) -#define __container_of(ptr, sample, member)\ -(void *)((char *)(ptr) \ - - ((char *)&(sample)->member - (char *)(sample))) +#ifdef HAVE_TYPEOF +#define __container_of(ptr, sample, member) \ +container_of(ptr, typeof(*sample), member) +#else +/* This implementation of __container_of has undefined behavior according + * to the C standard, but it works in many cases. If your compiler doesn't + * support typeof() and fails with this implementation, please try a newer + * compiler. + */ +#define __container_of(ptr, sample, member)\ +(void *)((char *)(ptr) \ +- ((char *)&(sample)->member - (char *)(sample))) +#endif + /** * Loop through the list given by head and set pos to struct in the list. * @@ -326,12 +337,14 @@ list_is_empty(const struct list *head) * */ #define list_for_each_entry(pos, head, member)\ -for (pos = __container_of((head)->next, pos, member); \ +for (pos = NULL,\ + pos = __container_of((head)->next, pos, member); \ >member != (head); \ pos = __container_of(pos->member.next, pos, member)) #define list_for_each_entry_reverse(pos, head, member)\ -for (pos = __container_of((head)->prev, pos, member); \ +for (pos = NULL,\ + pos = __container_of((head)->prev, pos, member); \ >member != (head); \ pos = __container_of(pos->member.prev, pos, member)) @@ -343,7 +356,8 @@ list_is_empty(const struct list *head) * See list_for_each_entry for more details. */ #define list_for_each_entry_safe(pos, tmp, head, member) \ -for (pos = __container_of((head)->next, pos, member), \ +for (pos = NULL,\ + pos = __container_of((head)->next, pos, member), \ tmp = __container_of(pos->member.next, pos, member); \ >member != (head); \ pos = tmp, tmp = __container_of(pos->member.next, tmp, member))
CVS commit: [netbsd-8] xsrc/external/mit/xf86-video-intel/dist/src
Module Name:xsrc Committed By: martin Date: Mon Jul 15 08:26:10 UTC 2019 Modified Files: xsrc/external/mit/xf86-video-intel/dist/src [netbsd-8]: intel_list.h Log Message: Pull up following revision(s) (requested by mrg in ticket #1290): external/mit/xf86-video-intel/dist/src/intel_list.h: revision 1.2 merge changes from xorg-server 1.20 list.h into this older version. fixes sandy bridge crashing problems for me. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ xsrc/external/mit/xf86-video-intel/dist/src/intel_list.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.