xscreensaver: update to 5.45nb4.

Fix vulnerability when disconnecting screens.

3 files changed, 41 insertions, 3 deletions

diff --git a/x11/xscreensaver/Makefile b/x11/xscreensaver/Makefile
index f2495cd0618..0dab39d824d 100644
--- a/x11/xscreensaver/Makefile
+++ b/x11/xscreensaver/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.130 2021/05/24 19:56:06 wiz Exp $
+# $NetBSD: Makefile,v 1.131 2021/06/05 08:50:31 wiz Exp $
 
 COMMENT=	Screen saver and locker for the X window system
-PKGREVISION=	3
+PKGREVISION=	4
 
 CONFLICTS+=	xscreensaver-gnome<4.14
 
diff --git a/x11/xscreensaver/distinfo b/x11/xscreensaver/distinfo
index 94e3858c118..7346a77e22d 100644
--- a/x11/xscreensaver/distinfo
+++ b/x11/xscreensaver/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.82 2021/01/04 23:51:41 gutteridge Exp $
+$NetBSD: distinfo,v 1.83 2021/06/05 08:50:31 wiz Exp $
 
 SHA1 (xscreensaver/xscreensaver-5.45.tar.gz) = 933cd5451bdfc4a2bf15bc49f629a8c8665cae62
 RMD160 (xscreensaver/xscreensaver-5.45.tar.gz) = 4b7c1488db3f1f07e621fd175d1cb10388acee63
@@ -6,6 +6,7 @@ SHA512 (xscreensaver/xscreensaver-5.45.tar.gz) = 1b21418c591fd99f3caaea9d31ca49a
 Size (xscreensaver/xscreensaver-5.45.tar.gz) = 27729147 bytes
 SHA1 (patch-ad) = 675b8e30b08b64279d0112cdc7b202878736a6d1
 SHA1 (patch-af) = 4ee300a205a0ac448939ac2776087db48d808ad8
+SHA1 (patch-driver_screens.c) = 22d197b0ca42f531cdc4de5222c3e93f2877915a
 SHA1 (patch-hacks_Makefile.in) = 8dbc1c4674c1c10cdaa7954b019384505977cb69
 SHA1 (patch-hacks_images_Makefile.in) = bc071812df74cbb6826cfb65bad4dfcf94e0d68d
 SHA1 (patch-utils_Makefile.in) = 785112970eb71334d89e560b2b251e5053374748
diff --git a/x11/xscreensaver/patches/patch-driver_screens.c b/x11/xscreensaver/patches/patch-driver_screens.c
new file mode 100644
index 00000000000..16d81aeb36a
--- /dev/null
+++ b/x11/xscreensaver/patches/patch-driver_screens.c
@@ -0,0 +1,37 @@
+$NetBSD: patch-driver_screens.c,v 1.1 2021/06/05 08:50:31 wiz Exp $
+
+https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
+
+From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001
+From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+Date: Tue, 18 May 2021 15:41:55 +0200
+Subject: [PATCH] Fix updating outputs info
+
+When an output is disconnected, update_screen_layout() will try to unset
+a property on window assigned to that output. It does that by iterating
+si->screens up to 'count', while 'good_count' signifies how many outputs
+are currently connected (good_count <= count). si->screens has few more
+entries allocated (at start 10), but if there are more disconnected
+outputs, the iteration will go beyond si->screens array.
+The only out of bound access there is reading window ID to delete
+property from, which in most cases will be a bogus number -> crashing
+xscreensaver with BadWindow error.
+
+Fix this by allocating array up to full 'count' entries, even if much
+fewer outputs are connected at the moment.
+
+
+--- driver/screens.c.orig	2020-07-29 22:32:11.000000000 +0000
++++ driver/screens.c
+@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si)
+         calloc (sizeof(*si->screens), si->ssi_count);
+     }
+ 
+-  if (si->ssi_count <= good_count)
++  if (si->ssi_count <= count)
+     {
+-      si->ssi_count = good_count + 10;
++      si->ssi_count = count;
+       si->screens = (saver_screen_info *)
+         realloc (si->screens, sizeof(*si->screens) * si->ssi_count);
+       memset (si->screens + si->nscreens, 0,