[pkgsrc/trunk]: pkgsrc/x11/xscreensaver xscreensaver: update to 5.45nb4.

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/35b475f7b967
branches:  trunk
changeset: 454016:35b475f7b967
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sat Jun 05 08:50:31 2021 +0000

description:
xscreensaver: update to 5.45nb4.

Fix vulnerability when disconnecting screens.

diffstat:

 x11/xscreensaver/Makefile                       |   4 +-
 x11/xscreensaver/distinfo                       |   3 +-
 x11/xscreensaver/patches/patch-driver_screens.c |  37 +++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 3 deletions(-)

diffs (71 lines):

diff -r 745da4e9b404 -r 35b475f7b967 x11/xscreensaver/Makefile
--- a/x11/xscreensaver/Makefile Sat Jun 05 08:43:54 2021 +0000
+++ b/x11/xscreensaver/Makefile Sat Jun 05 08:50:31 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.130 2021/05/24 19:56:06 wiz Exp $
+# $NetBSD: Makefile,v 1.131 2021/06/05 08:50:31 wiz Exp $
 
 COMMENT=       Screen saver and locker for the X window system
-PKGREVISION=   3
+PKGREVISION=   4
 
 CONFLICTS+=    xscreensaver-gnome<4.14
 
diff -r 745da4e9b404 -r 35b475f7b967 x11/xscreensaver/distinfo
--- a/x11/xscreensaver/distinfo Sat Jun 05 08:43:54 2021 +0000
+++ b/x11/xscreensaver/distinfo Sat Jun 05 08:50:31 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.82 2021/01/04 23:51:41 gutteridge Exp $
+$NetBSD: distinfo,v 1.83 2021/06/05 08:50:31 wiz Exp $
 
 SHA1 (xscreensaver/xscreensaver-5.45.tar.gz) = 933cd5451bdfc4a2bf15bc49f629a8c8665cae62
 RMD160 (xscreensaver/xscreensaver-5.45.tar.gz) = 4b7c1488db3f1f07e621fd175d1cb10388acee63
@@ -6,6 +6,7 @@
 Size (xscreensaver/xscreensaver-5.45.tar.gz) = 27729147 bytes
 SHA1 (patch-ad) = 675b8e30b08b64279d0112cdc7b202878736a6d1
 SHA1 (patch-af) = 4ee300a205a0ac448939ac2776087db48d808ad8
+SHA1 (patch-driver_screens.c) = 22d197b0ca42f531cdc4de5222c3e93f2877915a
 SHA1 (patch-hacks_Makefile.in) = 8dbc1c4674c1c10cdaa7954b019384505977cb69
 SHA1 (patch-hacks_images_Makefile.in) = bc071812df74cbb6826cfb65bad4dfcf94e0d68d
 SHA1 (patch-utils_Makefile.in) = 785112970eb71334d89e560b2b251e5053374748
diff -r 745da4e9b404 -r 35b475f7b967 x11/xscreensaver/patches/patch-driver_screens.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/xscreensaver/patches/patch-driver_screens.c   Sat Jun 05 08:50:31 2021 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-driver_screens.c,v 1.1 2021/06/05 08:50:31 wiz Exp $
+
+https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
+
+From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001
+From: Marek Marczykowski-Górecki <marmarek%invisiblethingslab.com@localhost>
+Date: Tue, 18 May 2021 15:41:55 +0200
+Subject: [PATCH] Fix updating outputs info
+
+When an output is disconnected, update_screen_layout() will try to unset
+a property on window assigned to that output. It does that by iterating
+si->screens up to 'count', while 'good_count' signifies how many outputs
+are currently connected (good_count <= count). si->screens has few more
+entries allocated (at start 10), but if there are more disconnected
+outputs, the iteration will go beyond si->screens array.
+The only out of bound access there is reading window ID to delete
+property from, which in most cases will be a bogus number -> crashing
+xscreensaver with BadWindow error.
+
+Fix this by allocating array up to full 'count' entries, even if much
+fewer outputs are connected at the moment.
+
+
+--- driver/screens.c.orig      2020-07-29 22:32:11.000000000 +0000
++++ driver/screens.c
+@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si)
+         calloc (sizeof(*si->screens), si->ssi_count);
+     }
+ 
+-  if (si->ssi_count <= good_count)
++  if (si->ssi_count <= count)
+     {
+-      si->ssi_count = good_count + 10;
++      si->ssi_count = count;
+       si->screens = (saver_screen_info *)
+         realloc (si->screens, sizeof(*si->screens) * si->ssi_count);
+       memset (si->screens + si->nscreens, 0,