untrusted comment: verify with openbsd-71-base.pub
RWR2eHwZTOEiTY8NLyQrp9w6Zi+QU3O9Hhe2ioG9YNFbWjzBpT6V086jgGdaKURBH6AzY7VdzTlLHe/H5N7hqHccaKwQBBHKoQQ=

OpenBSD 7.1 errata 023, February 7, 2023:

CVE-2023-0494: use after free in the Xinput X server extension.

Apply by doing:
   signify -Vep /etc/signify/openbsd-71-base.pub -x 023_xserver.patch.sig \
       -m - | (cd /usr/xenocara && patch -p0)

And then rebuild and install the X server:
   cd /usr/xenocara/xserver
   make -f Makefile.bsd-wrapper obj
   make -f Makefile.bsd-wrapper build

Index: xserver/Xi/exevents.c
===================================================================
RCS file: /cvs/xenocara/xserver/Xi/exevents.c,v
diff -u -p -u -r1.25 exevents.c
--- xserver/Xi/exevents.c       17 Nov 2021 19:46:39 -0000      1.25
+++ xserver/Xi/exevents.c       30 Jan 2023 11:35:52 -0000
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
            memcpy(to->button->xkb_acts, from->button->xkb_acts,
                   sizeof(XkbAction));
        }
-        else
+        else {
            free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+        }

        memcpy(to->button->labels, from->button->labels,
               from->button->numButtons * sizeof(Atom));

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.