dist

Martin Husemann Sun, 29 Oct 2023 11:02:44 -0700

Module Name:    xsrc
Committed By:   martin
Date:           Sun Oct 29 18:02:37 UTC 2023


Modified Files:
        xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-10]: xiproperty.c
        xsrc/external/mit/xorg-server.old/dist/dix [netbsd-10]: enterleave.h
        xsrc/external/mit/xorg-server.old/dist/include [netbsd-10]: eventstr.h
        xsrc/external/mit/xorg-server.old/dist/mi [netbsd-10]: mipointer.c
        xsrc/external/mit/xorg-server.old/dist/os [netbsd-10]: auth.c
        xsrc/external/mit/xorg-server.old/dist/randr [netbsd-10]: rrproperty.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #438):

        external/mit/xorg-server.old/dist/dix/enterleave.h: revision 1.2
        external/mit/xorg-server.old/dist/mi/mipointer.c: revision 1.2
        external/mit/xorg-server.old/dist/include/eventstr.h: revision 1.2
        external/mit/xorg-server.old/dist/randr/rrproperty.c: revision 1.2
        external/mit/xorg-server.old/dist/os/auth.c: revision 1.4
        external/mit/xorg-server.old/dist/Xi/xiproperty.c: revision 1.2

merge security fixes from xorg-server 21.1.9 into xorg-server 1.10.6.
Fixes CVE-2023-5367 and CVE-2023-5380.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \
    xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \
    xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \
    xsrc/external/mit/xorg-server.old/dist/include/eventstr.h
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \
    xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c
cvs rdiff -u -r1.3 -r1.3.6.1 xsrc/external/mit/xorg-server.old/dist/os/auth.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \
    xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1.6.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/xiproperty.c	Sun Oct 29 18:02:37 2023
@@ -753,7 +753,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev
                 XIDestroyDeviceProperty (prop);
             return BadAlloc;
         }
-        new_value.size = len;
+        new_value.size = total_len;
         new_value.type = type;
         new_value.format = format;
 
@@ -770,7 +770,7 @@ XIChangeDeviceProperty (DeviceIntPtr dev
         case PropModePrepend:
             new_data = new_value.data;
             old_data = (pointer) (((char *) new_value.data) +
-                                  (prop_value->size * size_in_bytes));
+                                  (len * size_in_bytes));
             break;
         }
         if (new_data)

Index: xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h
diff -u xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1.6.1
--- xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/dix/enterleave.h	Sun Oct 29 18:02:36 2023
@@ -76,8 +76,6 @@ extern void EnterWindow(DeviceIntPtr dev
                         WindowPtr win,
                         int mode);
 
-extern void LeaveWindow(DeviceIntPtr dev);
-
 extern void CoreFocusEvent(DeviceIntPtr kbd,
                            int type,
                            int mode,

Index: xsrc/external/mit/xorg-server.old/dist/include/eventstr.h
diff -u xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1.6.1
--- xsrc/external/mit/xorg-server.old/dist/include/eventstr.h:1.1.1.1	Thu Jun  9 09:08:00 2016
+++ xsrc/external/mit/xorg-server.old/dist/include/eventstr.h	Sun Oct 29 18:02:37 2023
@@ -243,4 +243,7 @@ union _InternalEvent {
 #endif
 };
 
+extern void
+LeaveWindow(DeviceIntPtr dev);
+
 #endif

Index: xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c
diff -u xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1.6.1
--- xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c:1.1.1.1	Thu Jun  9 09:08:00 2016
+++ xsrc/external/mit/xorg-server.old/dist/mi/mipointer.c	Sun Oct 29 18:02:36 2023
@@ -41,6 +41,8 @@ in this Software without prior written a
 # include   "inputstr.h"
 # include   "inpututils.h"
 
+# include   "eventstr.h"
+
 DevPrivateKeyRec miPointerScreenKeyRec;
 
 #define GetScreenPrivate(s) ((miPointerScreenPtr) \
@@ -318,8 +320,21 @@ miPointerWarpCursor (DeviceIntPtr pDev, 
 #ifdef PANORAMIX
             && noPanoramiXExtension
 #endif
-       )
-        UpdateSpriteForScreen (pDev, pScreen) ;
+       ) {
+            DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER);
+            /* Hack for CVE-2023-5380: if we're moving
+             * screens PointerWindows[] keeps referring to the
+             * old window. If that gets destroyed we have a UAF
+             * bug later. Only happens when jumping from a window
+             * to the root window on the other screen.
+             * Enter/Leave events are incorrect for that case but
+             * too niche to fix.
+             */
+            LeaveWindow(pDev);
+            if (master)
+                LeaveWindow(master);
+            UpdateSpriteForScreen(pDev, pScreen);
+    }
 }
 
 /*

Index: xsrc/external/mit/xorg-server.old/dist/os/auth.c
diff -u xsrc/external/mit/xorg-server.old/dist/os/auth.c:1.3 xsrc/external/mit/xorg-server.old/dist/os/auth.c:1.3.6.1
--- xsrc/external/mit/xorg-server.old/dist/os/auth.c:1.3	Wed Mar  8 07:44:16 2017
+++ xsrc/external/mit/xorg-server.old/dist/os/auth.c	Sun Oct 29 18:02:37 2023
@@ -45,9 +45,7 @@ from The Open Group.
 #ifdef WIN32
 #include    <X11/Xw32defs.h>
 #endif
-#ifdef HAVE_LIBBSD
-#include   <bsd/stdlib.h>       /* for arc4random_buf() */
-#endif
+#include   <stdlib.h>       /* for arc4random_buf() */
 
 struct protocol {
     unsigned short   name_length;

Index: xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c
diff -u xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c:1.1.1.1.6.1
--- xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c:1.1.1.1	Thu Jun  9 09:08:01 2016
+++ xsrc/external/mit/xorg-server.old/dist/randr/rrproperty.c	Sun Oct 29 18:02:37 2023
@@ -190,7 +190,7 @@ RRChangeOutputProperty (RROutputPtr outp
 		RRDestroyOutputProperty (prop);
 	    return BadAlloc;
 	}
-	new_value.size = len;
+	new_value.size = total_len;
 	new_value.type = type;
 	new_value.format = format;
 
@@ -207,7 +207,7 @@ RRChangeOutputProperty (RROutputPtr outp
 	case PropModePrepend:
 	    new_data = new_value.data;
 	    old_data = (pointer) (((char *) new_value.data) + 
-				  (prop_value->size * size_in_bytes));
+				  (len * size_in_bytes));
 	    break;
 	}
 	if (new_data)

CVS commit: [netbsd-10] xsrc/external/mit/xorg-server.old/dist

Reply via email to