Module Name: xsrc
Committed By: martin
Date: Mon Jan 23 13:33:05 UTC 2023
Modified Files:
xsrc/external/mit/libX11/dist/modules/om/generic [netbsd-8]:
omGeneric.c
xsrc/external/mit/libXpm/dist/src [netbsd-8]: RdFToI.c WrFFrI.c
create.c data.c parse.c
xsrc/external/mit/xorg-server/dist/Xext [netbsd-8]: saver.c xtest.c
xvmain.c
xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: xipassivegrab.c
xiproperty.c
xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: property.c
xsrc/external/mit/xorg-server/dist/xkb [netbsd-8]: xkbUtils.c
Log Message:
Apply patch, requested by mrg in ticket #1794:
Apply upstream security fixes for the following CVEs:
CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363,
CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343,
CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009,
CVE-2021-4010, CVE-2021-4011
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \
xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.8.1 \
xsrc/external/mit/libXpm/dist/src/RdFToI.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.8.1 \
xsrc/external/mit/libXpm/dist/src/WrFFrI.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/libXpm/dist/src/create.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.10.1 \
xsrc/external/mit/libXpm/dist/src/data.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/libXpm/dist/src/parse.c
cvs rdiff -u -r1.1.1.7.2.1 -r1.1.1.7.2.2 \
xsrc/external/mit/xorg-server/dist/Xext/saver.c
cvs rdiff -u -r1.5 -r1.5.2.1 xsrc/external/mit/xorg-server/dist/Xext/xtest.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/xorg-server/dist/Xext/xvmain.c
cvs rdiff -u -r1.3 -r1.3.2.1 \
xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c \
xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/dix/property.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \
xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c
diff -u xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1 xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.2
--- xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c:1.1.1.8.2.1 Wed Aug 5 14:10:17 2020
+++ xsrc/external/mit/libX11/dist/modules/om/generic/omGeneric.c Mon Jan 23 13:33:04 2023
@@ -1908,7 +1908,8 @@ init_om(
char **required_list;
XOrientation *orientation;
char **value, buf[BUFSIZ], *bufptr;
- int count = 0, num = 0, length = 0;
+ int count = 0, num = 0;
+ unsigned int length = 0;
_XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
Index: xsrc/external/mit/libXpm/dist/src/RdFToI.c
diff -u xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4 xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4.8.1
--- xsrc/external/mit/libXpm/dist/src/RdFToI.c:1.1.1.4 Sun Mar 16 22:20:04 2014
+++ xsrc/external/mit/libXpm/dist/src/RdFToI.c Mon Jan 23 13:33:04 2023
@@ -43,6 +43,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <unistd.h>
#else
#ifdef FOR_MSW
#include <fcntl.h>
@@ -161,7 +162,17 @@ xpmPipeThrough(
goto err;
if ( 0 == pid )
{
- execlp(cmd, cmd, arg1, (char *)NULL);
+#ifdef HAVE_CLOSEFROM
+ closefrom(3);
+#elif defined(HAVE_CLOSE_RANGE)
+# ifdef CLOSE_RANGE_UNSHARE
+# define close_range_flags CLOSE_RANGE_UNSHARE
+# else
+# define close_range_flags 0
+#endif
+ close_range(3, ~0U, close_range_flags);
+#endif
+ execl(cmd, cmd, arg1, (char *)NULL);
perror(cmd);
goto err;
}
@@ -235,12 +246,12 @@ OpenReadFile(
if ( ext && !strcmp(ext, ".Z") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r");
}
else if ( ext && !strcmp(ext, ".gz") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
}
else
#endif /* z-files */
Index: xsrc/external/mit/libXpm/dist/src/WrFFrI.c
diff -u xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5 xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5.8.1
--- xsrc/external/mit/libXpm/dist/src/WrFFrI.c:1.1.1.5 Sun Mar 16 22:20:04 2014
+++ xsrc/external/mit/libXpm/dist/src/WrFFrI.c Mon Jan 23 13:33:04 2023
@@ -336,10 +336,10 @@ OpenWriteFile(
#ifndef NO_ZPIPE
len = strlen(filename);
if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
- mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w");
mdata->type = XPMPIPE;
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
- mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w");
mdata->type = XPMPIPE;
} else
#endif
Index: xsrc/external/mit/libXpm/dist/src/create.c
diff -u xsrc/external/mit/libXpm/dist/src/create.c:1.3 xsrc/external/mit/libXpm/dist/src/create.c:1.3.2.1
--- xsrc/external/mit/libXpm/dist/src/create.c:1.3 Sat Mar 4 21:48:03 2017
+++ xsrc/external/mit/libXpm/dist/src/create.c Mon Jan 23 13:33:04 2023
@@ -994,11 +994,15 @@ CreateXImage(
#if !defined(FOR_MSW) && !defined(AMIGA)
if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
}
/* now that bytes_per_line must have been set properly alloc data */
- if((*image_return)->bytes_per_line == 0 || height == 0)
+ if((*image_return)->bytes_per_line == 0 || height == 0) {
+ XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
+ }
(*image_return)->data =
(char *) XpmMalloc((*image_return)->bytes_per_line * height);
Index: xsrc/external/mit/libXpm/dist/src/data.c
diff -u xsrc/external/mit/libXpm/dist/src/data.c:1.1.1.4 xsrc/external/mit/libXpm/dist/src/data.c:1.1.1.4.10.1
--- xsrc/external/mit/libXpm/dist/src/data.c:1.1.1.4 Fri May 31 01:09:03 2013
+++ xsrc/external/mit/libXpm/dist/src/data.c Mon Jan 23 13:33:04 2023
@@ -174,6 +174,10 @@ ParseComment(xpmData *data)
notend = 0;
Ungetc(data, *s, file);
}
+ else if (c == EOF) {
+ /* hit end of file before the end of the comment */
+ return XpmFileInvalid;
+ }
}
return 0;
}
@@ -191,19 +195,23 @@ xpmNextString(xpmData *data)
register char c;
/* get to the end of the current string */
- if (data->Eos)
- while ((c = *data->cptr++) && c != data->Eos);
+ if (data->Eos) {
+ while ((c = *data->cptr++) && c != data->Eos && c != '\0');
+
+ if (c == '\0')
+ return XpmFileInvalid;
+ }
/*
* then get to the beginning of the next string looking for possible
* comment
*/
if (data->Bos) {
- while ((c = *data->cptr++) && c != data->Bos)
+ while ((c = *data->cptr++) && c != data->Bos && c != '\0')
if (data->Bcmt && c == data->Bcmt[0])
ParseComment(data);
} else if (data->Bcmt) { /* XPM2 natural */
- while ((c = *data->cptr++) == data->Bcmt[0])
+ while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0')
ParseComment(data);
data->cptr--;
}
@@ -212,9 +220,13 @@ xpmNextString(xpmData *data)
FILE *file = data->stream.file;
/* get to the end of the current string */
- if (data->Eos)
+ if (data->Eos) {
while ((c = Getc(data, file)) != data->Eos && c != EOF);
+ if (c == EOF)
+ return XpmFileInvalid;
+ }
+
/*
* then get to the beginning of the next string looking for possible
* comment
@@ -230,7 +242,7 @@ xpmNextString(xpmData *data)
Ungetc(data, c, file);
}
}
- return 0;
+ return XpmSuccess;
}
Index: xsrc/external/mit/libXpm/dist/src/parse.c
diff -u xsrc/external/mit/libXpm/dist/src/parse.c:1.1.1.5 xsrc/external/mit/libXpm/dist/src/parse.c:1.1.1.5.2.1
--- xsrc/external/mit/libXpm/dist/src/parse.c:1.1.1.5 Sat Mar 4 21:43:45 2017
+++ xsrc/external/mit/libXpm/dist/src/parse.c Mon Jan 23 13:33:04 2023
@@ -391,6 +391,13 @@ ParsePixels(
{
unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
unsigned int a, x, y;
+ int ErrorStatus;
+
+ if ((width == 0) && (height != 0))
+ return (XpmFileInvalid);
+
+ if ((height == 0) && (width != 0))
+ return (XpmFileInvalid);
if ((height > 0 && width >= UINT_MAX / height) ||
width * height >= UINT_MAX / sizeof(unsigned int))
@@ -428,7 +435,11 @@ ParsePixels(
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int c = xpmGetC(data);
@@ -475,7 +486,11 @@ do \
}
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int cc1 = xpmGetC(data);
if (cc1 > 0 && cc1 < 256) {
@@ -515,7 +530,11 @@ do \
xpmHashAtom *slot;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
@@ -535,7 +554,11 @@ do \
}
} else {
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
Index: xsrc/external/mit/xorg-server/dist/Xext/saver.c
diff -u xsrc/external/mit/xorg-server/dist/Xext/saver.c:1.1.1.7.2.1 xsrc/external/mit/xorg-server/dist/Xext/saver.c:1.1.1.7.2.2
--- xsrc/external/mit/xorg-server/dist/Xext/saver.c:1.1.1.7.2.1 Mon Nov 6 09:43:02 2017
+++ xsrc/external/mit/xorg-server/dist/Xext/saver.c Mon Jan 23 13:33:04 2023
@@ -1050,7 +1050,7 @@ ScreenSaverSetAttributes(ClientPtr clien
pVlist++;
}
if (pPriv->attr)
- FreeScreenAttr(pPriv->attr);
+ FreeResource(pPriv->attr->resource, AttrType);
pPriv->attr = pAttr;
pAttr->resource = FakeClientID(client->index);
if (!AddResource(pAttr->resource, AttrType, (void *) pAttr))
Index: xsrc/external/mit/xorg-server/dist/Xext/xtest.c
diff -u xsrc/external/mit/xorg-server/dist/Xext/xtest.c:1.5 xsrc/external/mit/xorg-server/dist/Xext/xtest.c:1.5.2.1
--- xsrc/external/mit/xorg-server/dist/Xext/xtest.c:1.5 Thu Aug 11 00:04:26 2016
+++ xsrc/external/mit/xorg-server/dist/Xext/xtest.c Mon Jan 23 13:33:04 2023
@@ -501,10 +501,11 @@ XTestSwapFakeInput(ClientPtr client, xRe
nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent);
for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) {
+ int evtype = ev->u.u.type & 0x177;
/* Swap event */
- proc = EventSwapVector[ev->u.u.type & 0177];
+ proc = EventSwapVector[evtype];
/* no swapping proc; invalid event type? */
- if (!proc || proc == NotImplemented) {
+ if (!proc || proc == NotImplemented || evtype == GenericEvent) {
client->errorValue = ev->u.u.type;
return BadValue;
}
Index: xsrc/external/mit/xorg-server/dist/Xext/xvmain.c
diff -u xsrc/external/mit/xorg-server/dist/Xext/xvmain.c:1.1.1.4 xsrc/external/mit/xorg-server/dist/Xext/xvmain.c:1.1.1.4.2.1
--- xsrc/external/mit/xorg-server/dist/Xext/xvmain.c:1.1.1.4 Wed Aug 10 07:44:31 2016
+++ xsrc/external/mit/xorg-server/dist/Xext/xvmain.c Mon Jan 23 13:33:04 2023
@@ -811,8 +811,10 @@ XvdiSelectVideoNotify(ClientPtr client,
tpn = pn;
while (tpn) {
if (tpn->client == client) {
- if (!onoff)
+ if (!onoff) {
tpn->client = NULL;
+ FreeResource(tpn->id, XvRTVideoNotify);
+ }
return Success;
}
if (!tpn->client)
Index: xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c:1.3 xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c:1.3.2.1
--- xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c:1.3 Thu Aug 11 00:04:26 2016
+++ xsrc/external/mit/xorg-server/dist/Xi/xipassivegrab.c Mon Jan 23 13:33:04 2023
@@ -133,6 +133,12 @@ ProcXIPassiveGrabDevice(ClientPtr client
return BadValue;
}
+ /* XI2 allows 32-bit keycodes but thanks to XKB we can never
+ * implement this. Just return an error for all keycodes that
+ * cannot work anyway, same for buttons > 255. */
+ if (stuff->detail > 255)
+ return XIAlreadyGrabbed;
+
if (XICheckInvalidMaskBits(client, (unsigned char *) &stuff[1],
stuff->mask_len * 4) != Success)
return BadValue;
@@ -313,6 +319,12 @@ ProcXIPassiveUngrabDevice(ClientPtr clie
return BadValue;
}
+ /* We don't allow passive grabs for details > 255 anyway */
+ if (stuff->detail > 255) {
+ client->errorValue = stuff->detail;
+ return BadValue;
+ }
+
rc = dixLookupWindow(&win, stuff->grab_window, client, DixSetAttrAccess);
if (rc != Success)
return rc;
Index: xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3 xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3.2.1
--- xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c:1.3 Thu Aug 11 00:04:26 2016
+++ xsrc/external/mit/xorg-server/dist/Xi/xiproperty.c Mon Jan 23 13:33:04 2023
@@ -886,7 +886,7 @@ ProcXChangeDeviceProperty(ClientPtr clie
REQUEST(xChangeDevicePropertyReq);
DeviceIntPtr dev;
unsigned long len;
- int totalSize;
+ uint64_t totalSize;
int rc;
REQUEST_AT_LEAST_SIZE(xChangeDevicePropertyReq);
@@ -898,6 +898,8 @@ ProcXChangeDeviceProperty(ClientPtr clie
rc = check_change_property(client, stuff->property, stuff->type,
stuff->format, stuff->mode, stuff->nUnits);
+ if (rc != Success)
+ return rc;
len = stuff->nUnits;
if (len > (bytes_to_int32(0xffffffff - sizeof(xChangeDevicePropertyReq))))
@@ -1124,7 +1126,7 @@ ProcXIChangeProperty(ClientPtr client)
{
int rc;
DeviceIntPtr dev;
- int totalSize;
+ uint64_t totalSize;
unsigned long len;
REQUEST(xXIChangePropertyReq);
@@ -1137,6 +1139,9 @@ ProcXIChangeProperty(ClientPtr client)
rc = check_change_property(client, stuff->property, stuff->type,
stuff->format, stuff->mode, stuff->num_items);
+ if (rc != Success)
+ return rc;
+
len = stuff->num_items;
if (len > bytes_to_int32(0xffffffff - sizeof(xXIChangePropertyReq)))
return BadLength;
Index: xsrc/external/mit/xorg-server/dist/dix/property.c
diff -u xsrc/external/mit/xorg-server/dist/dix/property.c:1.1.1.5 xsrc/external/mit/xorg-server/dist/dix/property.c:1.1.1.5.2.1
--- xsrc/external/mit/xorg-server/dist/dix/property.c:1.1.1.5 Wed Aug 10 07:44:31 2016
+++ xsrc/external/mit/xorg-server/dist/dix/property.c Mon Jan 23 13:33:05 2023
@@ -194,7 +194,8 @@ ProcChangeProperty(ClientPtr client)
WindowPtr pWin;
char format, mode;
unsigned long len;
- int sizeInBytes, totalSize, err;
+ int sizeInBytes, err;
+ uint64_t totalSize;
REQUEST(xChangePropertyReq);
Index: xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c
diff -u xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c:1.1.1.5 xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c:1.1.1.5.2.1
--- xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c:1.1.1.5 Wed Aug 10 07:44:35 2016
+++ xsrc/external/mit/xorg-server/dist/xkb/xkbUtils.c Mon Jan 23 13:33:05 2023
@@ -1327,6 +1327,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr
}
else {
free(dst->names->radio_groups);
+ dst->names->radio_groups = NULL;
}
dst->names->num_rg = src->names->num_rg;
