untrusted comment: verify with openbsd-67-base.pub RWRmkIA877Io3oYCNOYWmQfDtXSzkFqA4+WfoBw7vnjFHBghxdLhUpH/+XhCIbqQms+4FZT+xHdsmXFldyy+Em2ZqqNeTd+i2Ak= OpenBSD 6.7 errata 021, August 25, 2020: An integer overflow in libX11 could lead to a double free. Additionally fix a regression in ximcp. Apply by doing: signify -Vep /etc/signify/openbsd-67-base.pub -x 021_xinitom.patch.sig \ -m - | (cd /usr/xenocara && patch -p0) And then compile and rebuild libX11 with cd /usr/xenocara/lib/libX11 make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper build Index: lib/libX11/modules/im/ximcp/imRmAttr.c =================================================================== RCS file: /cvs/xenocara/lib/libX11/modules/im/ximcp/imRmAttr.c,v retrieving revision 1.9.20.2 diff -u -p -u -p -r1.9.20.2 imRmAttr.c --- lib/libX11/modules/im/ximcp/imRmAttr.c 6 Aug 2020 14:53:33 -0000 1.9.20.2 +++ lib/libX11/modules/im/ximcp/imRmAttr.c 20 Aug 2020 18:00:27 -0000 @@ -1407,7 +1407,7 @@ _XimCountNumberOfAttr( *names_len = 0; while (total > min_len) { len = attr[2]; - if (len >= (total - min_len)) { + if (len > (total - min_len)) { return 0; } *names_len += (len + 1); Index: lib/libX11/modules/om/generic/omGeneric.c =================================================================== RCS file: /cvs/xenocara/lib/libX11/modules/om/generic/omGeneric.c,v retrieving revision 1.9 diff -u -p -u -p -r1.9 omGeneric.c --- lib/libX11/modules/om/generic/omGeneric.c 23 Aug 2018 19:38:12 -0000 1.9 +++ lib/libX11/modules/om/generic/omGeneric.c 20 Aug 2020 18:00:27 -0000 @@ -1908,7 +1908,8 @@ init_om( char **required_list; XOrientation *orientation; char **value, buf[BUFSIZ], *bufptr; - int count = 0, num = 0, length = 0; + int count = 0, num = 0; + unsigned int length = 0; _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)