Re: Cinnamon security issue caused by segfault in caribou (as regression of xorg CVE-2020-25712 fix)
Il 16/01/2021 10:53, Norbert Preining ha scritto:
> Hi Fabio,
>
> On Sat, 16 Jan 2021, Fabio Fantoni wrote:
>> Yesterday not seeing any answer on debian I prepared a MR on caribou
>> that solves the problem:
>> https://salsa.debian.org/gnome-team/caribou/-/merge_requests/2
>>
>> I already tested tested build
>> (http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog
>> <http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog>),
>> installed and verified that issue is not reproducible anymore.
>>
>> I should do other things to make possible apply it ASAP?
> Please do
> * send an email to the bug report clearly stating that you will NMU
> this, and attach the debdiff (nmudiff)
> State that you will upload directly (without delay) after 7 days
> according to https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu
> * wait and hope
>
> OR:
> * upload *now* to DELAY/9
> * write to the bug report that according to (above link), after 7 days
> of no activity a 0-delay is fine, and even if there is activity
> a delay/2 is fine - that gives in sum at max a delay/9
>
> That way we can do that now and forget about it ;-)
>
> If you need the actual upload done, please prepare the package and send
> me either a dget-able .dsc source, or the package.
Thanks for reply, I did a nmudiff, no error showed but seems not arrived
to bugtracker, tried another time and same result, did another for
saving to file (and not send), see attachment; is it correct and I
should resend?
About packages to upload you can clone
https://salsa.debian.org/fantu-guest/caribou and do:
> gbp buildpackage --git-builder='debuild -d -S -sa'
or I must attach generated packages in mail?
>
> Best
>
> Norbert
>
> --
> PREINING Norbert https://www.preining.info
> Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
> GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
From: fantonifabio@tiscali.it
To: 980061@bugs.debian.org
Cc:
Bcc:
Subject: caribou: diff for NMU version 0.4.21-7.1
Date: Fri, 22 Jan 2021 18:27:11 +0100
X-NMUDIFF-Version: 2.20.2ubuntu2
Control: tags 980061 + pending
Dear maintainer,
As this is older than 7 days, no maintainer activity and this bug cause security issue to cinnamon (that I think must be solved ASAP);
I've prepared an NMU for caribou (versioned as 0.4.21-7.1) and will be uploaded.
Regards.
diff -Nru caribou-0.4.21/debian/changelog caribou-0.4.21/debian/changelog
--- caribou-0.4.21/debian/changelog 2018-12-24 00:18:21.000000000 +0100
+++ caribou-0.4.21/debian/changelog 2021-01-15 15:49:43.000000000 +0100
@@ -1,3 +1,11 @@
+caribou (0.4.21-7.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix segfault (regression of xorg CVE-2020-25712 fix) that
+ cause security issue for cinnamon (Closes: #980061)
+
+ -- Fabio Fantoni <fantonifabio@tiscali.it> Fri, 15 Jan 2021 15:49:43 +0100
+
caribou (0.4.21-7) unstable; urgency=medium
* Restore -Wl,-O1 to our LDFLAGS
diff -Nru caribou-0.4.21/debian/patches/Fix-compilation-error.patch caribou-0.4.21/debian/patches/Fix-compilation-error.patch
--- caribou-0.4.21/debian/patches/Fix-compilation-error.patch 1970-01-01 01:00:00.000000000 +0100
+++ caribou-0.4.21/debian/patches/Fix-compilation-error.patch 2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,24 @@
+From bc6f3e7ca0921b50a3ff836d08ce264a4f114224 Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 17:29:16 +0000
+Subject: [PATCH 1/4] Fix compilation error
+
+---
+ libcaribou/key-model.vala | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcaribou/key-model.vala b/libcaribou/key-model.vala
+index 89015bc..e88342e 100644
+--- a/libcaribou/key-model.vala
++++ b/libcaribou/key-model.vala
+@@ -101,7 +101,7 @@ namespace Caribou {
+ unichar uc;
+ while (text.get_next_char (ref index, out uc)) {
+ uint keyval = Gdk.unicode_to_keyval (uc);
+- if (keyval != uc | 0x01000000)
++ if (keyval != (uc | 0x01000000))
+ _keyvals += keyval;
+ }
+ } else {
+--
+2.29.2
diff -Nru caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch
--- caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch 1970-01-01 01:00:00.000000000 +0100
+++ caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch 2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,31 @@
+From 85ac8f9e210243d95163cf8b1013470a6d9c7eaa Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 17:30:25 +0000
+Subject: [PATCH 2/4] Fix subkey popmenu not showing after being dismissed
+
+To reproduce the issue:
+
+- long-press the "e" button
+- don't select any sub button.. just select "e" again to close the menu
+
+After this the menu no long appears when long-pressing "e".
+
+This commit fixes that.
+---
+ libcaribou/key-model.vala | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libcaribou/key-model.vala b/libcaribou/key-model.vala
+index e88342e..2f640f2 100644
+--- a/libcaribou/key-model.vala
++++ b/libcaribou/key-model.vala
+@@ -179,6 +179,7 @@ namespace Caribou {
+ hold_tid = GLib.Timeout.add (1000, on_key_held);
+
+ key_pressed(this);
++ show_subkeys = false;
+ }
+
+ public void release () {
+--
+2.29.2
diff -Nru caribou-0.4.21/debian/patches/series caribou-0.4.21/debian/patches/series
--- caribou-0.4.21/debian/patches/series 2018-12-24 00:18:21.000000000 +0100
+++ caribou-0.4.21/debian/patches/series 2021-01-15 15:49:43.000000000 +0100
@@ -1,2 +1,5 @@
autostart-set-nodisplay.patch
fix-font-property-in-style.css.patch
+Fix-compilation-error.patch
+Fix-subkey-popmenu-not-showing-after-being-dismissed.patch
+xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch
diff -Nru caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch
--- caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch 1970-01-01 01:00:00.000000000 +0100
+++ caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch 2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,46 @@
+From 00653c5dcc4be5e983b670d00d5724fc21da2e82 Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 18:01:47 +0000
+Subject: [PATCH 3/4] [mtwebster] xadapter.vala: Remove XkbKeyTypesMask and
+ fields from XKbChangeMap call.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This was originally a workaround for xFree86 4.3 - see:
+https://bugzilla.gnome.org/show_bug.cgi?id=673547
+
+As of https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0 this
+causes a BadLength error when attempting to use shifted characters.
+
+Ref:
+https://www.x.org/releases/X11R7.7/doc/libX11/XKB/xkblib.html#Changing_Map_Components_in_the_Server
+---
+ libcaribou/xadapter.vala | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/libcaribou/xadapter.vala b/libcaribou/xadapter.vala
+index 22858b7..1da5a78 100644
+--- a/libcaribou/xadapter.vala
++++ b/libcaribou/xadapter.vala
+@@ -195,15 +195,10 @@ namespace Caribou {
+
+ Xkb.MapChanges changes = Xkb.MapChanges ();
+
+- // We don't touch key types here but include the
+- // information in XkbSetMap request to the server, because
+- // some X servers need the information to check the sanity
+- // of the keysyms change.
+- changes.changed = (ushort) (Xkb.KeySymsMask | Xkb.KeyTypesMask);
++ changes.changed = (ushort) Xkb.KeySymsMask;
+ changes.first_key_sym = (char) this.reserved_keycode;
+ changes.num_key_syms = this.xkbdesc.map.key_sym_map[this.reserved_keycode].width;
+- changes.first_type = 0;
+- changes.num_types = this.xkbdesc.map.num_types;
++
+ Xkb.change_map (this.xdisplay, this.xkbdesc, changes);
+
+ this.xdisplay.flush ();
+--
+2.29.2
+
Reply to: