libxfixes: Changes to 'debian-unstable'
ChangeLog | 24 +++++++++++++++
configure.ac | 2 -
debian/changelog | 10 ++++++
debian/control | 8 ++---
debian/copyright | 2 -
debian/upstream/signing-key.asc | 64 ++++++++++++++++++++++++++++++++++++++++
debian/watch | 2 -
src/Region.c | 15 +++++++--
8 files changed, 117 insertions(+), 10 deletions(-)
New commits:
commit 1aba2df04e54542176699e6fbc225c20aee738e4
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:08:58 2016 +0200
Update a bunch of URLs in packaging to https.
diff --git a/debian/changelog b/debian/changelog
index ecb352a..b62f4f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
- Fixes CVE-2016-7944.
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
* Fix Vcs-* URLs.
+ * Update a bunch of URLs in packaging to https.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200
diff --git a/debian/control b/debian/control
index 97d9025..a4180f8 100644
--- a/debian/control
+++ b/debian/control
@@ -29,7 +29,7 @@ Description: X11 miscellaneous 'fixes' extension library
It provides support for Region types, and some cursor functions.
.
More information about X.Org can be found at:
- <URL:http://www.X.org>
+ <URL:https://www.X.org>
.
This module can be found at
git://anongit.freedesktop.org/git/xorg/lib/libXfixes
@@ -64,7 +64,7 @@ Description: X11 miscellaneous 'fixes' extension library (development headers)
libxfixes3. Non-developers likely have little use for this package.
.
More information about X.Org can be found at:
- <URL:http://www.X.org>
+ <URL:https://www.X.org>
.
This module can be found at
git://anongit.freedesktop.org/git/xorg/lib/libXfixes
diff --git a/debian/copyright b/debian/copyright
index 5723143..5aaa075 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
Copyright © 2001,2003 Keith Packard
diff --git a/debian/watch b/debian/watch
index c714ef7..09dad10 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
#git=git://anongit.freedesktop.org/xorg/lib/libXfixes
version=3
opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz
commit ff86914830f2fbbb4d9d0dc77b94093d9f80be32
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:06:47 2016 +0200
Fix Vcs-* URLs.
diff --git a/debian/changelog b/debian/changelog
index 93ff4ea..ecb352a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
* New upstream release.
- Fixes CVE-2016-7944.
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+ * Fix Vcs-* URLs.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200
diff --git a/debian/control b/debian/control
index 5488e2f..97d9025 100644
--- a/debian/control
+++ b/debian/control
@@ -11,8 +11,8 @@ Build-Depends:
quilt,
xutils-dev (>= 1:7.5+4),
Standards-Version: 3.9.8
-Vcs-Git: https://anonscm.debian.org/git/pkg-xorglib/libxfixes.git
-Vcs-Browser: https://anonscm.debian.org/git/lib/libxfixes.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxfixes.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxfixes.git
Package: libxfixes3
Section: libs
commit 122514e9683af33a4b8f0ac0aa462c7dea2bb2f7
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:04:37 2016 +0200
Update d/upstream/signing-key.asc with Matthieu Herrb's key.
diff --git a/debian/changelog b/debian/changelog
index cce418e..93ff4ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
* New upstream release.
- Fixes CVE-2016-7944.
+ * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index 3904961..8b91e4d 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -100,3 +100,67 @@ zcY6HF8gDQ9tQqWlYxqmG1JMz70Ypv04gIDN83QWEZ6n1p/stMjS121EMPVle500
+v0snqqnIoZLjsQ=
=7XLO
-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFeKY50BEADAX0lod3IVceb/IWJn3kTAcO2P7PWlcBiyUDaq5b2kFkliKleZ
+ec4LoCHakQBlkRBMPNwOOxvADNk3tLQjBDpbYr6lQIrN+AxMGkXBhJ82T3bsDvlj
+3Z1wRJ1zVA7eMIktsk0FAoJxV1y7e3sBKcP0eTlXqXvR2djhi+FW+ueJDAJIFSkb
+uFirgwtX5t8nt8jCmIl75KNUKOakoENY3hLWtr16W8fO1JGkEhghI2mXcz664KTd
+MPZp6JH0/8UHTHzmATOCTqNxoDtMTi2l5059Lh/nhmso9moTYqyKmaJP2rnZUr62
+97sRMG4WcxaYfWpPyO3MCmDyGeh4sW0OC06PpED3i9xMzf/kMkMdY4ZIFcLRcPtf
+LIJhw+lc/GE1Rqe961IB5xCgnZezB7ZIL+ZlOAMwKGkq7lLbcZr2QZn84lpABKF0
+AvxECoJ4etmIcdbDVmsw18AhA3u9sr98hS5IXDyeos3Xwz6Abml8aPrhqhkKvo+J
+Kcq9FNYHg0RRlos0TqocjDzGnUjEYrmIopLcwIu2SnsNSJTygZGtqrpT+2sGEqvm
+k6Oyk95QCa580zqldvxe3CG0vrAfPvoG7irllM68TS4JcqqDHTq6eupUv9ZdIzXf
+eyTHa5cytGahgVtUcui1lzqcCBkqwN8TKl+0wCcEnxRasHJy3A2Gp+AG3wARAQAB
+tCJNYXR0aGlldSBIZXJyYiA8bWF0dGhpZXVAaGVycmIuZXU+iQI+BBMBAgAoBQJX
+imOdAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo
++PF1EACldzZPNYaC9H5E9sMn9pMsJTucBYVUy74Aw6MWAiAzRpxb9DmySmC2oEYW
+JJkwDTwv6M0Na0ed6zD79GKtAalORz2GppZpS7uoINClElWoM5TCYph6linyv9Wj
+OTlcbpX0Jqw0tdHNI2UOEjvBP3vW9kVYpEhfnHET8Ncp55j1hzoqxOhGIBE/67zc
+cLAenONAvA3YN3tHTGaOaFv+vuCFRJx9FpKbGHmdUPd3MtLqtaA4EQvDvDEholEI
+eWrjmdXJibSet6Amc5AIdFaQevZiADjjMh8MINw/6OEy9OB4s+z1RzgOrHgLiIZm
+dlP6WrNjXQwl2gmNPhctGaSHM+j2+3gckNGlI4LQYxNtKvI4iv/CoHDYmwgrcrZO
+TwFHfqt0LwqjpsU203Hw609oWYcxLeGZdITBjDz20UcfsmKQDqrBq3P1FuC5GBW3
+5bEa3wAhyE+/WKhJ94bXiHmpKsp50va3bEe17uQcYd8+E8L53aR7XP87qaHx//Mu
++OQa5Wc2d1OFHf1Mi62nbzr7pws/Mf7OSf/tnhRthuwtlfYnsUVo8usUKL/xStqo
+Ul4kc/Q81AlyaZfr7dbxsQWm2q3ksLaMaAxnk0p+kMXVzXZ9GKNOgUOJdbahORs5
+RU2f44xzfNavb63u3McADtaXskl+KHB4uDbGbGESVhm5PULk37QnTWF0dGhpZXUg
+SGVycmIgPG1hdHRoaWV1LmhlcnJiQGxhYXMuZnI+iQI+BBMBAgAoBQJXlJ63AhsD
+BQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo+PKID/wM
+II+2d11clp1X7eZgkxkAHUhI2W3NSesuFnjkkQRKQoVMokDdeSOkBhMJuWoFfbZk
+jYs2VHU9029rDqcoDSqGwo2IffvrXXJ4SjOTjlvXS1lr/H2VdWRbq8ImnDwSsoiD
+dWB3dZyqzf7ABKZ7ccA+NMSs6NxeEN/0+0sTJ386Zp480ByNX0uPqYSq5lX/VEke
+nI8r02u2ZfuykhGkT0sM013VprfYLa+6HvF+QT9KfP220mqRbonaDkYvCxwjCMzd
+rUmvyqw3VsooUpg/W/PmDNeShSuOxebaGnFyGTNvTarElCBdynFD01dqOecOqfY8
+gy+PJ1aF1qjmf+RQD/SZq+gvgyXqyBhJy7zgJnzzNWzDlUIw0ZOLyZxzFR7lRV79
+2mrGgczlQr5rLAgBy2pgwsCmP7nFx50r4ft2juugnQixoOBU/YfhBplM76EROaCc
+MTs5nPEqzJ9p4SNkPcK8AroR2Ka3+f7t+XOoHpx/XhJOBYlPaUmoFkWKr0Y8BWWh
+1nJxyFKrSNbwUgam8ypZzwzbI1vDiX8Ol6NpEeOLwzFNT0pyTdC9UN93M1VIyKWC
+1vaeMogUREKT6SmDjRn3fISktZ0IGVf2AnFMhtgZ46TJO4BZgDdZAjTkZc/lP0yF
+Nl6MpGwnaymmL50ckT77OdlfIcXFwvNPFwWlFPlcyrkCDQRXimOdARAA4otssvZm
+sKg+g0bVyJHhn/YOHLYMih+Xf07xJHyalH0UCGnGdHZwl0B97G950SwQ7yVXtGa9
+CAPe97clE6dPD6jaumQ13BHavXM+ThgjCe8V56ayYcdzqFkxlCx0Uocoa63G0/cE
+TiOqeqhNZs8JY+D7l83jCa4lU/1pLusbkCpCQ7d5/FFLz7QSihzJWp+UTsjbNik5
+spaseEMGFRKUcB3SZ/l1dTgc0wBQ1hlvLX+h4/sG0iUs1pVpo5ORC+bUfWRokl96
+uj5QZz5rY21FaNSP1rB1HKHNkwhxifBCHQMhYGTXvD7GH+JNyF2TdRmo7eBCfAPJ
+aP3mX9t2SkCipdSsUs+Uuyib9MLA71ApW90AGiRm6HtOCxR0c3+qQRNIdFVm8mnM
+hCxXRexf6Z2wZdXXy6uY0LVRgI0o31NPJPk8l2Hnb/kHGxjyUFzEWh65J/eA368d
+4m8uF+Rr7WWlpQjwgWHU12kGThEVFFBFh2gmeIjYZdDDVhCi2mQ6lGSV2Pt7pZYL
+/PPChWLBqrVBkIUQ0GV22nRYvGdaIv2LVPu8PggbPs/wwh35nJ3rUQyJF55CFV5y
+WIWAWXfRYTKG9jkt+ncjZLEBxDO26zzO/MjIVPZxGyYryXEOgr6xp38xbyX9FpjL
+KBaIueLWEyphVjBb1uUpDGx+UDYe9vbJjPUAEQEAAYkCJQQYAQIADwUCV4pjnQIb
+DAUJA8JnAAAKCRBoc5PuN9Eo+D8dEACa60Q3ta6BWyHG0SOgfYGHE15LodACVHNI
+N6Ou+JtmLarMW/AvPclNC25mxZV0ywLbun4CnJ9qYbt/Kx7djn48mrNa0rKN8Q+V
+K5RvQA1kD890yzwu5jH6r5BQ8VBcfsPvsvatgbquzFn+NNiH9U4xRf/9BSY2Zk3G
+yA15xG0T9zoklOMg8MWbeRaJPkDELyaHPWerbO7rebynePENSFPz3o3g+K9WcCM2
+xkEL571SmT4z3Mp/p0pwemWBCP2WoKCnSjAGiiHpCFru3SlZhRIvNJyK5jeS/IU6
+d5qeTBse6TXzp6Q4xkzACIN66P5SG/YY3/ONbfs6wB3lIkvVC9n7jEXjMK1T0fK8
+9DBDjzvAkJcKLLuIljjkMhRWSCED74sn+MlaWm0xMeo276EnaVILNcrHecSr8+eX
+pVXSWEJ1+ErzZladJC+CrqUm0QljPV8Smtmk9MvOLHZ4qL4bI4Hu7MywuGNrLSol
+qO0pAT1AjaYTRuH2MhZ6mJe/EtSl0EHXEkcDteE4jbYj3lwVhA1c/So0CdayImmD
+/0tdqUfekw4va8PpbQ0wroL0XUvf3wl6HOhFhahWSqqb1fVr2slVttkaMb8M4MPt
+Ka2m4qiiuGYivPIAVapSEA4DYc+krVqVXV/yDd3T7XcNtnClVo+rmOn5WiGq24am
+79+hF4bWyw==
+=WW1Z
+-----END PGP PUBLIC KEY BLOCK-----
commit 3b5016b8abbc0ee91dbce17ef4b24bb80655e7c6
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:04:16 2016 +0200
Bump changelogs.
diff --git a/ChangeLog b/ChangeLog
index cdffbb1..474ead3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,27 @@
+commit 84df9cb81cc31bbed27ba241a23ae04f61da57db
+Author: Matthieu Herrb <matthieu.herrb@laas.fr>
+Date: Tue Oct 4 21:11:55 2016 +0200
+
+ libXfixes 5.0.3
+
+ Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+
+commit 61c1039ee23a2d1de712843bed3480654d7ef42e
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun Sep 25 22:38:44 2016 +0200
+
+ Integer overflow on illegal server response
+
+ The 32 bit field "rep.length" is not checked for validity, which allows
+ an integer overflow on 32 bit systems.
+
+ A malicious server could send INT_MAX as length, which gets multiplied
+ by the size of XRectangle. In that case the client won't read the whole
+ data from server, getting out of sync.
+
+ Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+ Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
commit b2406ed9031991b7ddc5b76b308623afc8a590c5
Author: Matt Turner <mattst88@gmail.com>
Date: Wed May 25 18:53:28 2016 -0700
diff --git a/debian/changelog b/debian/changelog
index 7f470c9..cce418e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2016-7944.
+
+ -- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200
+
libxfixes (1:5.0.2-1) sid; urgency=medium
* Team upload.
commit 84df9cb81cc31bbed27ba241a23ae04f61da57db
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Tue Oct 4 21:11:55 2016 +0200
libXfixes 5.0.3
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
diff --git a/configure.ac b/configure.ac
index a9052cf..0ec7b86 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,7 +32,7 @@ AC_PREREQ([2.60])
# that 'revision' number appears in Xfixes.h and has to be manually
# synchronized.
#
-AC_INIT(libXfixes, [5.0.2],
+AC_INIT(libXfixes, [5.0.3],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfixes])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
commit 61c1039ee23a2d1de712843bed3480654d7ef42e
Author: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun Sep 25 22:38:44 2016 +0200
Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
diff --git a/src/Region.c b/src/Region.c
index cb0cf6e..59bcc1a 100644
--- a/src/Region.c
+++ b/src/Region.c
@@ -23,6 +23,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include <limits.h>
#include "Xfixesint.h"
XserverRegion
@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy,
bounds->y = rep.y;
bounds->width = rep.width;
bounds->height = rep.height;
- nbytes = (long) rep.length << 2;
- nrects = rep.length >> 1;
- rects = Xmalloc (nrects * sizeof (XRectangle));
+
+ if (rep.length < (INT_MAX >> 2)) {
+ nbytes = (long) rep.length << 2;
+ nrects = rep.length >> 1;
+ rects = Xmalloc (nrects * sizeof (XRectangle));
+ } else {
+ nbytes = 0;
+ nrects = 0;
+ rects = NULL;
+ }
+
if (!rects)
{
_XEatDataWords(dpy, rep.length);
Reply to: