Received: by mail.netbsd.org (Postfix, from userid 605)
	id E6F3584DB6; Sat,  5 Jun 2021 08:50:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 47BC884D23
	for <pkgsrc-changes@NetBSD.org>; Sat,  5 Jun 2021 08:50:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id S5g4BlDmH4J5 for <pkgsrc-changes@netbsd.org>;
	Sat,  5 Jun 2021 08:50:31 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id A418F84CDF
	for <pkgsrc-changes@NetBSD.org>; Sat,  5 Jun 2021 08:50:31 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 97A81FA95; Sat,  5 Jun 2021 08:50:31 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_162288303126810"
MIME-Version: 1.0
Date: Sat, 5 Jun 2021 08:50:31 +0000
From: "Thomas Klausner" <wiz@netbsd.org>
Subject: CVS commit: pkgsrc/x11/xscreensaver
To: pkgsrc-changes@NetBSD.org
Reply-To: wiz@netbsd.org
X-Mailer: log_accum
Message-Id: <20210605085031.97A81FA95@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_162288303126810
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	wiz
Date:		Sat Jun  5 08:50:31 UTC 2021

Modified Files:
	pkgsrc/x11/xscreensaver: Makefile distinfo
Added Files:
	pkgsrc/x11/xscreensaver/patches: patch-driver_screens.c

Log Message:
xscreensaver: update to 5.45nb4.

Fix vulnerability when disconnecting screens.


To generate a diff of this commit:
cvs rdiff -u -r1.130 -r1.131 pkgsrc/x11/xscreensaver/Makefile
cvs rdiff -u -r1.82 -r1.83 pkgsrc/x11/xscreensaver/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xscreensaver/patches/patch-driver_screens.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_162288303126810
Content-Disposition: inline
Content-Length: 3588
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=utf-8

Modified files:

Index: pkgsrc/x11/xscreensaver/Makefile
diff -u pkgsrc/x11/xscreensaver/Makefile:1.130 pkgsrc/x11/xscreensaver/Makefile:1.131
--- pkgsrc/x11/xscreensaver/Makefile:1.130	Mon May 24 19:56:06 2021
+++ pkgsrc/x11/xscreensaver/Makefile	Sat Jun  5 08:50:31 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.130 2021/05/24 19:56:06 wiz Exp $
+# $NetBSD: Makefile,v 1.131 2021/06/05 08:50:31 wiz Exp $
 
 COMMENT=	Screen saver and locker for the X window system
-PKGREVISION=	3
+PKGREVISION=	4
 
 CONFLICTS+=	xscreensaver-gnome<4.14
 

Index: pkgsrc/x11/xscreensaver/distinfo
diff -u pkgsrc/x11/xscreensaver/distinfo:1.82 pkgsrc/x11/xscreensaver/distinfo:1.83
--- pkgsrc/x11/xscreensaver/distinfo:1.82	Mon Jan  4 23:51:41 2021
+++ pkgsrc/x11/xscreensaver/distinfo	Sat Jun  5 08:50:31 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.82 2021/01/04 23:51:41 gutteridge Exp $
+$NetBSD: distinfo,v 1.83 2021/06/05 08:50:31 wiz Exp $
 
 SHA1 (xscreensaver/xscreensaver-5.45.tar.gz) = 933cd5451bdfc4a2bf15bc49f629a8c8665cae62
 RMD160 (xscreensaver/xscreensaver-5.45.tar.gz) = 4b7c1488db3f1f07e621fd175d1cb10388acee63
@@ -6,6 +6,7 @@ SHA512 (xscreensaver/xscreensaver-5.45.t
 Size (xscreensaver/xscreensaver-5.45.tar.gz) = 27729147 bytes
 SHA1 (patch-ad) = 675b8e30b08b64279d0112cdc7b202878736a6d1
 SHA1 (patch-af) = 4ee300a205a0ac448939ac2776087db48d808ad8
+SHA1 (patch-driver_screens.c) = 22d197b0ca42f531cdc4de5222c3e93f2877915a
 SHA1 (patch-hacks_Makefile.in) = 8dbc1c4674c1c10cdaa7954b019384505977cb69
 SHA1 (patch-hacks_images_Makefile.in) = bc071812df74cbb6826cfb65bad4dfcf94e0d68d
 SHA1 (patch-utils_Makefile.in) = 785112970eb71334d89e560b2b251e5053374748

Added files:

Index: pkgsrc/x11/xscreensaver/patches/patch-driver_screens.c
diff -u /dev/null pkgsrc/x11/xscreensaver/patches/patch-driver_screens.c:1.1
--- /dev/null	Sat Jun  5 08:50:31 2021
+++ pkgsrc/x11/xscreensaver/patches/patch-driver_screens.c	Sat Jun  5 08:50:31 2021
@@ -0,0 +1,37 @@
+$NetBSD: patch-driver_screens.c,v 1.1 2021/06/05 08:50:31 wiz Exp $
+
+https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
+
+From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001
+From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+Date: Tue, 18 May 2021 15:41:55 +0200
+Subject: [PATCH] Fix updating outputs info
+
+When an output is disconnected, update_screen_layout() will try to unset
+a property on window assigned to that output. It does that by iterating
+si->screens up to 'count', while 'good_count' signifies how many outputs
+are currently connected (good_count <= count). si->screens has few more
+entries allocated (at start 10), but if there are more disconnected
+outputs, the iteration will go beyond si->screens array.
+The only out of bound access there is reading window ID to delete
+property from, which in most cases will be a bogus number -> crashing
+xscreensaver with BadWindow error.
+
+Fix this by allocating array up to full 'count' entries, even if much
+fewer outputs are connected at the moment.
+
+
+--- driver/screens.c.orig	2020-07-29 22:32:11.000000000 +0000
++++ driver/screens.c
+@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si)
+         calloc (sizeof(*si->screens), si->ssi_count);
+     }
+ 
+-  if (si->ssi_count <= good_count)
++  if (si->ssi_count <= count)
+     {
+-      si->ssi_count = good_count + 10;
++      si->ssi_count = count;
+       si->screens = (saver_screen_info *)
+         realloc (si->screens, sizeof(*si->screens) * si->ssi_count);
+       memset (si->screens + si->nscreens, 0, 


--_----------=_162288303126810--