Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/libX11 libX11: backport patch fixing regression fr...
details: https://anonhg.NetBSD.org/pkgsrc/rev/69d7cfaa5c88
branches: trunk
changeset: 436535:69d7cfaa5c88
user: maya <maya%pkgsrc.org@localhost>
date: Tue Aug 04 15:50:19 2020 +0000
description:
libX11: backport patch fixing regression from upstream. bump PKGREVISION
diffstat:
x11/libX11/Makefile | 3 +-
x11/libX11/distinfo | 3 +-
x11/libX11/patches/patch-regression | 45 +++++++++++++++++++++++++++++++++++++
3 files changed, 49 insertions(+), 2 deletions(-)
diffs (75 lines):
diff -r 4366aeadff92 -r 69d7cfaa5c88 x11/libX11/Makefile
--- a/x11/libX11/Makefile Tue Aug 04 15:36:11 2020 +0000
+++ b/x11/libX11/Makefile Tue Aug 04 15:50:19 2020 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2020/07/31 16:36:55 maya Exp $
+# $NetBSD: Makefile,v 1.53 2020/08/04 15:50:19 maya Exp $
DISTNAME= libX11-1.6.10
+PKGREVISION= 1
CATEGORIES= x11 devel
MASTER_SITES= ${MASTER_SITE_XORG:=lib/}
EXTRACT_SUFX= .tar.bz2
diff -r 4366aeadff92 -r 69d7cfaa5c88 x11/libX11/distinfo
--- a/x11/libX11/distinfo Tue Aug 04 15:36:11 2020 +0000
+++ b/x11/libX11/distinfo Tue Aug 04 15:50:19 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2020/07/31 16:36:55 maya Exp $
+$NetBSD: distinfo,v 1.32 2020/08/04 15:50:19 maya Exp $
SHA1 (libX11-1.6.10.tar.bz2) = e28f6bc0a33ca512b1aeb973a1dd8b3a3c48cd9f
RMD160 (libX11-1.6.10.tar.bz2) = 3d7ecf53bf8d87347857a0a810ce772f97c4b352
@@ -7,3 +7,4 @@
SHA1 (patch-Makefile.in) = 93d3b8d9882babf70788e984884a9db46a5367ef
SHA1 (patch-aa) = 4f502264e7200fd2f9409d8684c53de3bc6f0649
SHA1 (patch-ac) = 565aa2a636b5c50f67cbd11e7c2adcac8d55418e
+SHA1 (patch-regression) = 55d611dacaa9b64e4275f83bb76843323bc38234
diff -r 4366aeadff92 -r 69d7cfaa5c88 x11/libX11/patches/patch-regression
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/libX11/patches/patch-regression Tue Aug 04 15:50:19 2020 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-regression,v 1.1 2020/08/04 15:50:19 maya Exp $
+
+From 93fce3f4e79cbc737d6468a4f68ba3de1b83953b Mon Sep 17 00:00:00 2001
+From: Yichao Yu <yyc1992%gmail.com@localhost>
+Date: Sun, 2 Aug 2020 13:43:58 -0400
+Subject: [PATCH] Fix size calculation in `_XimAttributeToValue`.
+
+The check here guards the read below.
+For `XimType_XIMStyles`, these are `num` of `CARD32` and for `XimType_XIMHotKeyTriggers`
+these are `num` of `XIMTRIGGERKEY` ref[1] which is defined as 3 x `CARD32`.
+(There are data after the `XIMTRIGGERKEY` according to the spec but they are not read by this
+function and doesn't need to be checked.)
+
+The old code here used the native datatype size instead of the wire protocol size causing
+the check to always fail.
+
+Also fix the size calculation for the header (size). It is 2 x CARD16 for both types
+despite the unused `CARD16` for `XimType_XIMStyles`.
+
+[1] https://www.x.org/releases/X11R7.6/doc/libX11/specs/XIM/xim.html#Input_Method_Styles
+
+This fixes a regression caused by 388b303c62aa35a245f1704211a023440ad2c488 in 1.6.10.
+
+Fix #116
+
+--- modules/im/ximcp/imRmAttr.c.orig
++++ modules/im/ximcp/imRmAttr.c
+@@ -265,7 +265,7 @@ _XimAttributeToValue(
+
+ if (num > (USHRT_MAX / sizeof(XIMStyle)))
+ return False;
+- if ((sizeof(num) + (num * sizeof(XIMStyle))) > data_len)
++ if ((2 * sizeof(CARD16) + (num * sizeof(CARD32))) > data_len)
+ return False;
+ alloc_len = sizeof(XIMStyles) + sizeof(XIMStyle) * num;
+ if (alloc_len < sizeof(XIMStyles))
+@@ -379,7 +379,7 @@ _XimAttributeToValue(
+
+ if (num > (UINT_MAX / sizeof(XIMHotKeyTrigger)))
+ return False;
+- if ((sizeof(num) + (num * sizeof(XIMHotKeyTrigger))) > data_len)
++ if ((2 * sizeof(CARD16) + (num * 3 * sizeof(CARD32))) > data_len)
+ return False;
+ alloc_len = sizeof(XIMHotKeyTriggers)
+ + sizeof(XIMHotKeyTrigger) * num;
Home |
Main Index |
Thread Index |
Old Index