untrusted comment: verify with openbsd-72-base.pub
RWQTKNnK3CZZ8C8LVjSlfPxqXq23hhk/xxKL9ZbxLzhOpe8zePnMvg+UjN8XFxsnWwiKfgnjYRYTZ5i/g5PHsQ9Ap5iFnseXCAc=

OpenBSD 7.2 errata 019, February 7, 2023:

CVE-2023-0494: use after free in the Xinput X server extension.

Apply by doing:
   signify -Vep /etc/signify/openbsd-72-base.pub -x 019_xserver.patch.sig \
       -m - | (cd /usr/xenocara && patch -p0)

And then rebuild and install the X server:
   cd /usr/xenocara/xserver
   make -f Makefile.bsd-wrapper obj
   make -f Makefile.bsd-wrapper build

Index: xserver/Xi/exevents.c
===================================================================
RCS file: /cvs/xenocara/xserver/Xi/exevents.c,v
diff -u -p -u -r1.26 exevents.c
--- xserver/Xi/exevents.c       31 Aug 2022 11:25:19 -0000      1.26
+++ xserver/Xi/exevents.c       30 Jan 2023 11:33:08 -0000
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
            memcpy(to->button->xkb_acts, from->button->xkb_acts,
                   sizeof(XkbAction));
        }
-        else
+        else {
            free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+        }

        memcpy(to->button->labels, from->button->labels,
               from->button->numButtons * sizeof(Atom));

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.