Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[xsrc/netbsd-9]: xsrc/external/mit/xorg-server/dist/xkb Apply patch, requeste...
details: https://anonhg.NetBSD.org/xsrc/rev/aeae0a617dfd
branches: netbsd-9
changeset: 7403:aeae0a617dfd
user: martin <martin%NetBSD.org@localhost>
date: Mon Jan 23 13:40:00 2023 +0000
description:
Apply patch, requested by mrg in ticket #1577:
Apply upstream fixes for the following CVEs:
CVE-2022-46285, CVE-2022-44617, CVE-2022-4883, CVE-2020-14363,
CVE-2022-46340, CVE-2022-46341, CVE-2022-46342 CVE-2022-46343,
CVE-2022-46344, CVE-2022-46283, CVE-2021-4008, CVE-2021-4009,
CVE-2021-4010, CVE-2021-4011
diffstat:
external/mit/libX11/dist/modules/om/generic/omGeneric.c | 3 +-
external/mit/libXpm/dist/src/RdFToI.c | 17 +++++++-
external/mit/libXpm/dist/src/WrFFrI.c | 4 +-
external/mit/libXpm/dist/src/create.c | 6 ++-
external/mit/libXpm/dist/src/data.c | 24 +++++++++---
external/mit/libXpm/dist/src/parse.c | 31 ++++++++++++++--
external/mit/xorg-server/dist/Xext/saver.c | 2 +-
external/mit/xorg-server/dist/Xext/xtest.c | 5 +-
external/mit/xorg-server/dist/Xext/xvmain.c | 4 +-
external/mit/xorg-server/dist/Xi/xipassivegrab.c | 12 ++++++
external/mit/xorg-server/dist/Xi/xiproperty.c | 9 +++-
external/mit/xorg-server/dist/dix/property.c | 3 +-
external/mit/xorg-server/dist/xkb/xkbUtils.c | 1 +
13 files changed, 97 insertions(+), 24 deletions(-)
diffs (truncated from 366 to 300 lines):
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libX11/dist/modules/om/generic/omGeneric.c
--- a/external/mit/libX11/dist/modules/om/generic/omGeneric.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libX11/dist/modules/om/generic/omGeneric.c Mon Jan 23 13:40:00 2023 +0000
@@ -1908,7 +1908,8 @@
char **required_list;
XOrientation *orientation;
char **value, buf[BUFSIZ], *bufptr;
- int count = 0, num = 0, length = 0;
+ int count = 0, num = 0;
+ unsigned int length = 0;
_XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libXpm/dist/src/RdFToI.c
--- a/external/mit/libXpm/dist/src/RdFToI.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libXpm/dist/src/RdFToI.c Mon Jan 23 13:40:00 2023 +0000
@@ -43,6 +43,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <unistd.h>
#else
#ifdef FOR_MSW
#include <fcntl.h>
@@ -161,7 +162,17 @@
goto err;
if ( 0 == pid )
{
- execlp(cmd, cmd, arg1, (char *)NULL);
+#ifdef HAVE_CLOSEFROM
+ closefrom(3);
+#elif defined(HAVE_CLOSE_RANGE)
+# ifdef CLOSE_RANGE_UNSHARE
+# define close_range_flags CLOSE_RANGE_UNSHARE
+# else
+# define close_range_flags 0
+#endif
+ close_range(3, ~0U, close_range_flags);
+#endif
+ execl(cmd, cmd, arg1, (char *)NULL);
perror(cmd);
goto err;
}
@@ -235,12 +246,12 @@
if ( ext && !strcmp(ext, ".Z") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "uncompress", "-c", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_UNCOMPRESS, "-c", "r");
}
else if ( ext && !strcmp(ext, ".gz") )
{
mdata->type = XPMPIPE;
- mdata->stream.file = xpmPipeThrough(fd, "gunzip", "-qc", "r");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
}
else
#endif /* z-files */
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libXpm/dist/src/WrFFrI.c
--- a/external/mit/libXpm/dist/src/WrFFrI.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libXpm/dist/src/WrFFrI.c Mon Jan 23 13:40:00 2023 +0000
@@ -336,10 +336,10 @@
#ifndef NO_ZPIPE
len = strlen(filename);
if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
- mdata->stream.file = xpmPipeThrough(fd, "compress", NULL, "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_COMPRESS, NULL, "w");
mdata->type = XPMPIPE;
} else if (len > 3 && !strcmp(".gz", filename + (len - 3))) {
- mdata->stream.file = xpmPipeThrough(fd, "gzip", "-q", "w");
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-q", "w");
mdata->type = XPMPIPE;
} else
#endif
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libXpm/dist/src/create.c
--- a/external/mit/libXpm/dist/src/create.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libXpm/dist/src/create.c Mon Jan 23 13:40:00 2023 +0000
@@ -994,11 +994,15 @@
#if !defined(FOR_MSW) && !defined(AMIGA)
if (height != 0 && (*image_return)->bytes_per_line >= INT_MAX / height) {
XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
}
/* now that bytes_per_line must have been set properly alloc data */
- if((*image_return)->bytes_per_line == 0 || height == 0)
+ if((*image_return)->bytes_per_line == 0 || height == 0) {
+ XDestroyImage(*image_return);
+ *image_return = NULL;
return XpmNoMemory;
+ }
(*image_return)->data =
(char *) XpmMalloc((*image_return)->bytes_per_line * height);
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libXpm/dist/src/data.c
--- a/external/mit/libXpm/dist/src/data.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libXpm/dist/src/data.c Mon Jan 23 13:40:00 2023 +0000
@@ -174,6 +174,10 @@
notend = 0;
Ungetc(data, *s, file);
}
+ else if (c == EOF) {
+ /* hit end of file before the end of the comment */
+ return XpmFileInvalid;
+ }
}
return 0;
}
@@ -191,19 +195,23 @@
register char c;
/* get to the end of the current string */
- if (data->Eos)
- while ((c = *data->cptr++) && c != data->Eos);
+ if (data->Eos) {
+ while ((c = *data->cptr++) && c != data->Eos && c != '\0');
+
+ if (c == '\0')
+ return XpmFileInvalid;
+ }
/*
* then get to the beginning of the next string looking for possible
* comment
*/
if (data->Bos) {
- while ((c = *data->cptr++) && c != data->Bos)
+ while ((c = *data->cptr++) && c != data->Bos && c != '\0')
if (data->Bcmt && c == data->Bcmt[0])
ParseComment(data);
} else if (data->Bcmt) { /* XPM2 natural */
- while ((c = *data->cptr++) == data->Bcmt[0])
+ while (((c = *data->cptr++) == data->Bcmt[0]) && c != '\0')
ParseComment(data);
data->cptr--;
}
@@ -212,9 +220,13 @@
FILE *file = data->stream.file;
/* get to the end of the current string */
- if (data->Eos)
+ if (data->Eos) {
while ((c = Getc(data, file)) != data->Eos && c != EOF);
+ if (c == EOF)
+ return XpmFileInvalid;
+ }
+
/*
* then get to the beginning of the next string looking for possible
* comment
@@ -230,7 +242,7 @@
Ungetc(data, c, file);
}
}
- return 0;
+ return XpmSuccess;
}
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/libXpm/dist/src/parse.c
--- a/external/mit/libXpm/dist/src/parse.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/libXpm/dist/src/parse.c Mon Jan 23 13:40:00 2023 +0000
@@ -391,6 +391,13 @@
{
unsigned int *iptr, *iptr2 = NULL; /* found by Egbert Eich */
unsigned int a, x, y;
+ int ErrorStatus;
+
+ if ((width == 0) && (height != 0))
+ return (XpmFileInvalid);
+
+ if ((height == 0) && (width != 0))
+ return (XpmFileInvalid);
if ((height > 0 && width >= UINT_MAX / height) ||
width * height >= UINT_MAX / sizeof(unsigned int))
@@ -428,7 +435,11 @@
colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int c = xpmGetC(data);
@@ -475,7 +486,11 @@
}
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
int cc1 = xpmGetC(data);
if (cc1 > 0 && cc1 < 256) {
@@ -515,7 +530,11 @@
xpmHashAtom *slot;
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
@@ -535,7 +554,11 @@
}
} else {
for (y = 0; y < height; y++) {
- xpmNextString(data);
+ ErrorStatus = xpmNextString(data);
+ if (ErrorStatus != XpmSuccess) {
+ XpmFree(iptr2);
+ return (ErrorStatus);
+ }
for (x = 0; x < width; x++, iptr++) {
for (a = 0, s = buf; a < cpp; a++, s++) {
int c = xpmGetC(data);
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/xorg-server/dist/Xext/saver.c
--- a/external/mit/xorg-server/dist/Xext/saver.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/xorg-server/dist/Xext/saver.c Mon Jan 23 13:40:00 2023 +0000
@@ -1051,7 +1051,7 @@
pVlist++;
}
if (pPriv->attr)
- FreeScreenAttr(pPriv->attr);
+ FreeResource(pPriv->attr->resource, AttrType);
pPriv->attr = pAttr;
pAttr->resource = FakeClientID(client->index);
if (!AddResource(pAttr->resource, AttrType, (void *) pAttr))
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/xorg-server/dist/Xext/xtest.c
--- a/external/mit/xorg-server/dist/Xext/xtest.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/xorg-server/dist/Xext/xtest.c Mon Jan 23 13:40:00 2023 +0000
@@ -501,10 +501,11 @@
nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent);
for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) {
+ int evtype = ev->u.u.type & 0x177;
/* Swap event */
- proc = EventSwapVector[ev->u.u.type & 0177];
+ proc = EventSwapVector[evtype];
/* no swapping proc; invalid event type? */
- if (!proc || proc == NotImplemented) {
+ if (!proc || proc == NotImplemented || evtype == GenericEvent) {
client->errorValue = ev->u.u.type;
return BadValue;
}
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/xorg-server/dist/Xext/xvmain.c
--- a/external/mit/xorg-server/dist/Xext/xvmain.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/xorg-server/dist/Xext/xvmain.c Mon Jan 23 13:40:00 2023 +0000
@@ -811,8 +811,10 @@
tpn = pn;
while (tpn) {
if (tpn->client == client) {
- if (!onoff)
+ if (!onoff) {
tpn->client = NULL;
+ FreeResource(tpn->id, XvRTVideoNotify);
+ }
return Success;
}
if (!tpn->client)
diff -r a3a1827526b9 -r aeae0a617dfd external/mit/xorg-server/dist/Xi/xipassivegrab.c
--- a/external/mit/xorg-server/dist/Xi/xipassivegrab.c Fri Jul 15 17:17:02 2022 +0000
+++ b/external/mit/xorg-server/dist/Xi/xipassivegrab.c Mon Jan 23 13:40:00 2023 +0000
@@ -133,6 +133,12 @@
return BadValue;
}
+ /* XI2 allows 32-bit keycodes but thanks to XKB we can never
+ * implement this. Just return an error for all keycodes that
+ * cannot work anyway, same for buttons > 255. */
+ if (stuff->detail > 255)
+ return XIAlreadyGrabbed;
+
if (XICheckInvalidMaskBits(client, (unsigned char *) &stuff[1],
stuff->mask_len * 4) != Success)
return BadValue;
@@ -313,6 +319,12 @@
return BadValue;
}
+ /* We don't allow passive grabs for details > 255 anyway */
+ if (stuff->detail > 255) {
+ client->errorValue = stuff->detail;
+ return BadValue;
+ }
+
rc = dixLookupWindow(&win, stuff->grab_window, client, DixSetAttrAccess);
Home |
Main Index |
Thread Index |
Old Index