Received: by mail.netbsd.org (Postfix, from userid 605) id 2745184E61; Fri, 14 Aug 2020 17:11:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9D92484E60 for ; Fri, 14 Aug 2020 17:11:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id PDkiujo4MuMv for ; Fri, 14 Aug 2020 17:11:17 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id DAC7184E5F for ; Fri, 14 Aug 2020 17:11:16 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D4EDEFB28; Fri, 14 Aug 2020 17:11:16 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_159742507680340" MIME-Version: 1.0 Date: Fri, 14 Aug 2020 17:11:16 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/x11/libX11 To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20200814171116.D4EDEFB28@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_159742507680340 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Fri Aug 14 17:11:16 UTC 2020 Modified Files: pkgsrc/x11/libX11 [pkgsrc-2020Q2]: Makefile distinfo Added Files: pkgsrc/x11/libX11/patches [pkgsrc-2020Q2]: patch-regression Log Message: Pullup ticket #6295 - requested by maya x11/libX11: bugfix Revisions pulled up: - x11/libX11/Makefile 1.53 - x11/libX11/distinfo 1.32 - x11/libX11/patches/patch-regression 1.1 --- Module Name: pkgsrc Committed By: maya Date: Tue Aug 4 15:50:19 UTC 2020 Modified Files: pkgsrc/x11/libX11: Makefile distinfo Added Files: pkgsrc/x11/libX11/patches: patch-regression Log Message: libX11: backport patch fixing regression from upstream. bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.51.4.1 -r1.51.4.2 pkgsrc/x11/libX11/Makefile cvs rdiff -u -r1.30.6.1 -r1.30.6.2 pkgsrc/x11/libX11/distinfo cvs rdiff -u -r0 -r1.2.2.2 pkgsrc/x11/libX11/patches/patch-regression Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_159742507680340 Content-Disposition: inline Content-Length: 3549 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/x11/libX11/Makefile diff -u pkgsrc/x11/libX11/Makefile:1.51.4.1 pkgsrc/x11/libX11/Makefile:1.51.4.2 --- pkgsrc/x11/libX11/Makefile:1.51.4.1 Sat Aug 1 06:47:52 2020 +++ pkgsrc/x11/libX11/Makefile Fri Aug 14 17:11:16 2020 @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.51.4.1 2020/08/01 06:47:52 bsiegert Exp $ +# $NetBSD: Makefile,v 1.51.4.2 2020/08/14 17:11:16 bsiegert Exp $ DISTNAME= libX11-1.6.10 +PKGREVISION= 1 CATEGORIES= x11 devel MASTER_SITES= ${MASTER_SITE_XORG:=lib/} EXTRACT_SUFX= .tar.bz2 Index: pkgsrc/x11/libX11/distinfo diff -u pkgsrc/x11/libX11/distinfo:1.30.6.1 pkgsrc/x11/libX11/distinfo:1.30.6.2 --- pkgsrc/x11/libX11/distinfo:1.30.6.1 Sat Aug 1 06:47:52 2020 +++ pkgsrc/x11/libX11/distinfo Fri Aug 14 17:11:16 2020 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.30.6.1 2020/08/01 06:47:52 bsiegert Exp $ +$NetBSD: distinfo,v 1.30.6.2 2020/08/14 17:11:16 bsiegert Exp $ SHA1 (libX11-1.6.10.tar.bz2) = e28f6bc0a33ca512b1aeb973a1dd8b3a3c48cd9f RMD160 (libX11-1.6.10.tar.bz2) = 3d7ecf53bf8d87347857a0a810ce772f97c4b352 @@ -7,3 +7,4 @@ Size (libX11-1.6.10.tar.bz2) = 2294095 b SHA1 (patch-Makefile.in) = 93d3b8d9882babf70788e984884a9db46a5367ef SHA1 (patch-aa) = 4f502264e7200fd2f9409d8684c53de3bc6f0649 SHA1 (patch-ac) = 565aa2a636b5c50f67cbd11e7c2adcac8d55418e +SHA1 (patch-regression) = 55d611dacaa9b64e4275f83bb76843323bc38234 Added files: Index: pkgsrc/x11/libX11/patches/patch-regression diff -u /dev/null pkgsrc/x11/libX11/patches/patch-regression:1.2.2.2 --- /dev/null Fri Aug 14 17:11:16 2020 +++ pkgsrc/x11/libX11/patches/patch-regression Fri Aug 14 17:11:16 2020 @@ -0,0 +1,45 @@ +$NetBSD: patch-regression,v 1.2.2.2 2020/08/14 17:11:16 bsiegert Exp $ + +From 93fce3f4e79cbc737d6468a4f68ba3de1b83953b Mon Sep 17 00:00:00 2001 +From: Yichao Yu +Date: Sun, 2 Aug 2020 13:43:58 -0400 +Subject: [PATCH] Fix size calculation in `_XimAttributeToValue`. + +The check here guards the read below. +For `XimType_XIMStyles`, these are `num` of `CARD32` and for `XimType_XIMHotKeyTriggers` +these are `num` of `XIMTRIGGERKEY` ref[1] which is defined as 3 x `CARD32`. +(There are data after the `XIMTRIGGERKEY` according to the spec but they are not read by this +function and doesn't need to be checked.) + +The old code here used the native datatype size instead of the wire protocol size causing +the check to always fail. + +Also fix the size calculation for the header (size). It is 2 x CARD16 for both types +despite the unused `CARD16` for `XimType_XIMStyles`. + +[1] https://www.x.org/releases/X11R7.6/doc/libX11/specs/XIM/xim.html#Input_Method_Styles + +This fixes a regression caused by 388b303c62aa35a245f1704211a023440ad2c488 in 1.6.10. + +Fix #116 + +--- modules/im/ximcp/imRmAttr.c.orig ++++ modules/im/ximcp/imRmAttr.c +@@ -265,7 +265,7 @@ _XimAttributeToValue( + + if (num > (USHRT_MAX / sizeof(XIMStyle))) + return False; +- if ((sizeof(num) + (num * sizeof(XIMStyle))) > data_len) ++ if ((2 * sizeof(CARD16) + (num * sizeof(CARD32))) > data_len) + return False; + alloc_len = sizeof(XIMStyles) + sizeof(XIMStyle) * num; + if (alloc_len < sizeof(XIMStyles)) +@@ -379,7 +379,7 @@ _XimAttributeToValue( + + if (num > (UINT_MAX / sizeof(XIMHotKeyTrigger))) + return False; +- if ((sizeof(num) + (num * sizeof(XIMHotKeyTrigger))) > data_len) ++ if ((2 * sizeof(CARD16) + (num * 3 * sizeof(CARD32))) > data_len) + return False; + alloc_len = sizeof(XIMHotKeyTriggers) + + sizeof(XIMHotKeyTrigger) * num; --_----------=_159742507680340--