Sat Jun 5 08:50:31 2021 UTC ()

xscreensaver: update to 5.45nb4.

Fix vulnerability when disconnecting screens.


(wiz)

diff -r1.130 -r1.131 pkgsrc/x11/xscreensaver/Makefile
diff -r1.82 -r1.83 pkgsrc/x11/xscreensaver/distinfo
diff -r0 -r1.1 pkgsrc/x11/xscreensaver/patches/patch-driver_screens.c

--- pkgsrc/x11/xscreensaver/Makefile 2021/05/24 19:56:06 1.130
+++ pkgsrc/x11/xscreensaver/Makefile 2021/06/05 08:50:31 1.131

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.130 2021/05/24 19:56:06 wiz Exp $
+# $NetBSD: Makefile,v 1.131 2021/06/05 08:50:31 wiz Exp $
 COMMENT=	Screen saver and locker for the X window system
-PKGREVISION=	3
+PKGREVISION=	4
 CONFLICTS+=	xscreensaver-gnome<4.14
 .include "Makefile.common"
 .include "options.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
 CONFIGURE_ARGS+=	--without-gtk
 #CONFIGURE_ARGS+=	--with-xml=${BUILDLINK_PREFIX.libxml2}
 CONFIGURE_ARGS+=	--with-configdir=${PREFIX}/libexec/xscreensaver/config
 INSTALLATION_DIRS=	share/doc/${PKGBASE}

--- pkgsrc/x11/xscreensaver/distinfo 2021/01/04 23:51:41 1.82
+++ pkgsrc/x11/xscreensaver/distinfo 2021/06/05 08:50:31 1.83

 @@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.82 2021/01/04 23:51:41 gutteridge Exp $
+$NetBSD: distinfo,v 1.83 2021/06/05 08:50:31 wiz Exp $
 SHA1 (xscreensaver/xscreensaver-5.45.tar.gz) = 933cd5451bdfc4a2bf15bc49f629a8c8665cae62
 RMD160 (xscreensaver/xscreensaver-5.45.tar.gz) = 4b7c1488db3f1f07e621fd175d1cb10388acee63
 SHA512 (xscreensaver/xscreensaver-5.45.tar.gz) = 1b21418c591fd99f3caaea9d31ca49abdb94b8e89f33e661c464299bc81bf4ff13fd99a187070fce19b3843c28a1f2a2a7b94bd6949d2b3b06bba730cae59f14
 Size (xscreensaver/xscreensaver-5.45.tar.gz) = 27729147 bytes
 SHA1 (patch-ad) = 675b8e30b08b64279d0112cdc7b202878736a6d1
 SHA1 (patch-af) = 4ee300a205a0ac448939ac2776087db48d808ad8
 SHA1 (patch-driver_screens.c) = 22d197b0ca42f531cdc4de5222c3e93f2877915a
 SHA1 (patch-hacks_Makefile.in) = 8dbc1c4674c1c10cdaa7954b019384505977cb69
 SHA1 (patch-hacks_images_Makefile.in) = bc071812df74cbb6826cfb65bad4dfcf94e0d68d
 SHA1 (patch-utils_Makefile.in) = 785112970eb71334d89e560b2b251e5053374748

$NetBSD: patch-driver_screens.c,v 1.1 2021/06/05 08:50:31 wiz Exp $

https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch

From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Tue, 18 May 2021 15:41:55 +0200
Subject: [PATCH] Fix updating outputs info

When an output is disconnected, update_screen_layout() will try to unset
a property on window assigned to that output. It does that by iterating
si->screens up to 'count', while 'good_count' signifies how many outputs
are currently connected (good_count <= count). si->screens has few more
entries allocated (at start 10), but if there are more disconnected
outputs, the iteration will go beyond si->screens array.
The only out of bound access there is reading window ID to delete
property from, which in most cases will be a bogus number -> crashing
xscreensaver with BadWindow error.

Fix this by allocating array up to full 'count' entries, even if much
fewer outputs are connected at the moment.

--- driver/screens.c.orig	2020-07-29 22:32:11.000000000 +0000
+++ driver/screens.c
@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si)
         calloc (sizeof(*si->screens), si->ssi_count);
     }

-  if (si->ssi_count <= good_count)
+  if (si->ssi_count <= count)
     {
-      si->ssi_count = good_count + 10;
+      si->ssi_count = count;
       si->screens = (saver_screen_info *)
         realloc (si->screens, sizeof(*si->screens) * si->ssi_count);
       memset (si->screens + si->nscreens, 0,