Your message dated Wed, 26 May 2021 21:50:14 +0200 with message-id <d903d350-73c6-15e4-cf30-83cb2163551f@debian.org> and subject line Re: Bug#988832: unblock: libx11/2:1.7.1-1 has caused the Debian Bug report #988832, regarding unblock: libx11/2:1.7.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 988832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988832 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: libx11/2:1.7.1-1
- From: Emilio Pozuelo Monfort <pochu@debian.org>
- Date: Thu, 20 May 2021 10:26:27 +0200
- Message-id: <[🔎] 162149918786.4387.15016608718527191097.reportbug@andromeda>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-x@lists.debian.org Please unblock package libx11 This fixes CVE-2021-31535, a bug in libX11 which could lead to the execution of additional X requests due to insufficient buffer checks. I have done some manual tests (run an X server with various applications) The risks are minor as the changes are pretty much limited to the security fix, with minor changes aside of that. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing The debdiff is a little large due to the autotools version the tarball was generated with. I'm attaching a debdiff filtered with filterdiff -x '*/Makefile.in' -x '*.man' -x '*/aclocal.m4' -x '*/configure' (the *.man changes are actual manpage syntax fixes, but make it harder to review the actually important code fixes in this update, so I filtered them). unblock libx11/2:1.7.1-1diff -Nru libx11-1.7.0/compile libx11-1.7.1/compile --- libx11-1.7.0/compile 2020-11-20 20:08:19.000000000 +0100 +++ libx11-1.7.1/compile 2021-05-18 16:14:45.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <tromey@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN* | MSYS*) + CYGWIN*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/* | msys/*) + cygwin/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) diff -Nru libx11-1.7.0/configure.ac libx11-1.7.1/configure.ac --- libx11-1.7.0/configure.ac 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/configure.ac 2021-05-18 16:14:20.000000000 +0200 @@ -1,7 +1,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libX11], [1.7.0], +AC_INIT([libX11], [1.7.1], [https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h]) diff -Nru libx11-1.7.0/debian/changelog libx11-1.7.1/debian/changelog --- libx11-1.7.0/debian/changelog 2021-05-20 10:05:15.000000000 +0200 +++ libx11-1.7.1/debian/changelog 2021-05-20 10:05:15.000000000 +0200 @@ -1,3 +1,16 @@ +libx11 (2:1.7.1-1) unstable; urgency=medium + + [ Julien Cristau ] + * libx11-6 Breaks old libx11-xcb1, as further mitigation for bug + #979590. + + [ Emilio Pozuelo Monfort ] + * New upstream release. + * CVE-2021-31535: X protocol command injection due to missing request + length checks (closes: #988737) + + -- Emilio Pozuelo Monfort <pochu@debian.org> Wed, 19 May 2021 17:22:09 +0200 + libx11 (2:1.7.0-2) unstable; urgency=medium * Set a strict dependency of libx11-xcb1 on libx11-6, as internal ABI diff -Nru libx11-1.7.0/debian/control libx11-1.7.1/debian/control --- libx11-1.7.0/debian/control 2021-05-20 10:05:15.000000000 +0200 +++ libx11-1.7.1/debian/control 2021-05-20 10:05:15.000000000 +0200 @@ -28,6 +28,8 @@ ${misc:Depends}, libx11-data, Pre-Depends: ${misc:Pre-Depends} +Breaks: + libx11-xcb1 (<< 2:1.7.0-2), Multi-Arch: same Description: X11 client-side library This package provides a client interface to the X Window System, otherwise diff -Nru libx11-1.7.0/depcomp libx11-1.7.1/depcomp --- libx11-1.7.0/depcomp 2020-11-20 20:08:19.000000000 +0100 +++ libx11-1.7.1/depcomp 2021-05-18 16:14:46.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -Nru libx11-1.7.0/include/X11/Xlib.h libx11-1.7.1/include/X11/Xlib.h --- libx11-1.7.0/include/X11/Xlib.h 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/include/X11/Xlib.h 2021-05-18 16:14:20.000000000 +0200 @@ -367,7 +367,7 @@ int bitmap_bit_order; /* LSBFirst, MSBFirst */ int bitmap_pad; /* 8, 16, 32 either XY or ZPixmap */ int depth; /* depth of image */ - int bytes_per_line; /* accelarator to next line */ + int bytes_per_line; /* accelerator to next line */ int bits_per_pixel; /* bits per pixel (ZPixmap) */ unsigned long red_mask; /* bits in z arrangement */ unsigned long green_mask; diff -Nru libx11-1.7.0/install-sh libx11-1.7.1/install-sh --- libx11-1.7.0/install-sh 2020-11-20 20:08:19.000000000 +0100 +++ libx11-1.7.1/install-sh 2021-05-18 16:14:45.000000000 +0200 @@ -451,18 +451,7 @@ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. - (umask $cp_umask && - { test -z "$stripcmd" || { - # Create $dsttmp read-write so that cp doesn't create it read-only, - # which would cause strip to fail. - if test -z "$doit"; then - : >"$dsttmp" # No need to fork-exec 'touch'. - else - $doit touch "$dsttmp" - fi - } - } && - $doit_exec $cpprog "$src" "$dsttmp") && + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # diff -Nru libx11-1.7.0/missing libx11-1.7.1/missing --- libx11-1.7.0/missing 2020-11-20 20:08:19.000000000 +0100 +++ libx11-1.7.1/missing 2021-05-18 16:14:45.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify diff -Nru libx11-1.7.0/nls/en_US.UTF-8/Compose.pre libx11-1.7.1/nls/en_US.UTF-8/Compose.pre --- libx11-1.7.0/nls/en_US.UTF-8/Compose.pre 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/nls/en_US.UTF-8/Compose.pre 2021-05-18 16:14:29.000000000 +0200 @@ -924,9 +924,11 @@ <Multi_key> <e> <minus> : "ē" U0113 # LATIN SMALL LETTER E WITH MACRON <dead_breve> <E> : "Ĕ" U0114 # LATIN CAPITAL LETTER E WITH BREVE <Multi_key> <U> <E> : "Ĕ" U0114 # LATIN CAPITAL LETTER E WITH BREVE +<Multi_key> <u> <E> : "Ĕ" U0114 # LATIN CAPITAL LETTER E WITH BREVE <Multi_key> <b> <E> : "Ĕ" U0114 # LATIN CAPITAL LETTER E WITH BREVE <dead_breve> <e> : "ĕ" U0115 # LATIN SMALL LETTER E WITH BREVE <Multi_key> <U> <e> : "ĕ" U0115 # LATIN SMALL LETTER E WITH BREVE +<Multi_key> <u> <e> : "ĕ" U0115 # LATIN SMALL LETTER E WITH BREVE <Multi_key> <b> <e> : "ĕ" U0115 # LATIN SMALL LETTER E WITH BREVE <dead_abovedot> <E> : "Ė" U0116 # LATIN CAPITAL LETTER E WITH DOT ABOVE <Multi_key> <period> <E> : "Ė" U0116 # LATIN CAPITAL LETTER E WITH DOT ABOVE @@ -960,14 +962,18 @@ <Multi_key> <asciicircum> <g> : "ĝ" U011D # LATIN SMALL LETTER G WITH CIRCUMFLEX <dead_breve> <G> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <U> <G> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE +<Multi_key> <u> <G> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <G> <U> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE +<Multi_key> <G> <u> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <b> <G> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <breve> <G> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <G> <breve> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <Multi_key> <G> <parenleft> : "Ğ" U011E # LATIN CAPITAL LETTER G WITH BREVE <dead_breve> <g> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE <Multi_key> <U> <g> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE +<Multi_key> <u> <g> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE <Multi_key> <g> <U> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE +<Multi_key> <g> <u> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE <Multi_key> <b> <g> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE <Multi_key> <breve> <g> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE <Multi_key> <g> <breve> : "ğ" U011F # LATIN SMALL LETTER G WITH BREVE @@ -1016,9 +1022,11 @@ <Multi_key> <i> <minus> : "ī" U012B # LATIN SMALL LETTER I WITH MACRON <dead_breve> <I> : "Ĭ" U012C # LATIN CAPITAL LETTER I WITH BREVE <Multi_key> <U> <I> : "Ĭ" U012C # LATIN CAPITAL LETTER I WITH BREVE +<Multi_key> <u> <I> : "Ĭ" U012C # LATIN CAPITAL LETTER I WITH BREVE <Multi_key> <b> <I> : "Ĭ" U012C # LATIN CAPITAL LETTER I WITH BREVE <dead_breve> <i> : "ĭ" U012D # LATIN SMALL LETTER I WITH BREVE <Multi_key> <U> <i> : "ĭ" U012D # LATIN SMALL LETTER I WITH BREVE +<Multi_key> <u> <i> : "ĭ" U012D # LATIN SMALL LETTER I WITH BREVE <Multi_key> <b> <i> : "ĭ" U012D # LATIN SMALL LETTER I WITH BREVE <dead_ogonek> <I> : "Į" U012E # LATIN CAPITAL LETTER I WITH OGONEK <Multi_key> <semicolon> <I> : "Į" U012E # LATIN CAPITAL LETTER I WITH OGONEK @@ -1123,9 +1131,11 @@ <Multi_key> <o> <minus> : "ō" U014D # LATIN SMALL LETTER O WITH MACRON <dead_breve> <O> : "Ŏ" U014E # LATIN CAPITAL LETTER O WITH BREVE <Multi_key> <U> <O> : "Ŏ" U014E # LATIN CAPITAL LETTER O WITH BREVE +<Multi_key> <u> <O> : "Ŏ" U014E # LATIN CAPITAL LETTER O WITH BREVE <Multi_key> <b> <O> : "Ŏ" U014E # LATIN CAPITAL LETTER O WITH BREVE <dead_breve> <o> : "ŏ" U014F # LATIN SMALL LETTER O WITH BREVE <Multi_key> <U> <o> : "ŏ" U014F # LATIN SMALL LETTER O WITH BREVE +<Multi_key> <u> <o> : "ŏ" U014F # LATIN SMALL LETTER O WITH BREVE <Multi_key> <b> <o> : "ŏ" U014F # LATIN SMALL LETTER O WITH BREVE <dead_doubleacute> <O> : "Ő" U0150 # LATIN CAPITAL LETTER O WITH DOUBLE ACUTE <Multi_key> <equal> <O> : "Ő" U0150 # LATIN CAPITAL LETTER O WITH DOUBLE ACUTE @@ -6019,8 +6029,7 @@ <Multi_key> <minus> <U2191> : "⍏" U234f # - ↑ APL FUNCTIONAL SYMBOL UPWARDS VANE <Multi_key> <U2191> <U2395> : "⍐" U2350 # ↑ ⎕ APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW <Multi_key> <U2395> <U2191> : "⍐" U2350 # ⎕ ↑ APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW -XCOMM I cannot get anything to work with <macron>. Given that no extant APLs use ⍑ I will just leave the lines -XCOMM in place. +XCOMM The next two somehow don't work. However, no extant APL uses "⍑". <Multi_key> <macron> <U22a4> : "⍑" U2351 # ¯ ⊤ APL FUNCTIONAL SYMBOL UP TACK OVERBAR <Multi_key> <U22a4> <macron> : "⍑" U2351 # ⊤ ¯ APL FUNCTIONAL SYMBOL UP TACK OVERBAR <Multi_key> <U2207> <bar> : "⍒" U2352 # ∇ | APL FUNCTIONAL SYMBOL DEL STILE @@ -6035,10 +6044,7 @@ <Multi_key> <minus> <U2193> : "⍖" U2356 # - ↓ APL FUNCTIONAL SYMBOL DOWNWARDS VANE <Multi_key> <U2193> <U2395> : "⍗" U2357 # ↓ ⎕ APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW <Multi_key> <U2395> <U2193> : "⍗" U2357 # ⎕ ↓ APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW -XCOMM This line clashes with the <apostrophe> <underscore> <E> (and similar) that appear to be there to provide -XCOMM a work around for the problems with <macron>. Or to cope with keyboards that do not have <macron> (more likely). -XCOMM All APL keyboards have <macron>, it is used as the -ve sign for numbers. -XCOMM I do not know of an extant APL using ⍘ +XCOMM The <apostrophe> <underscore> is used elsewhere. However, no extant APL uses "⍘". <Multi_key> <underscore> <apostrophe> : "⍘" U2358 # _ ' APL FUNCTIONAL SYMBOL QUOTE UNDERBAR <Multi_key> <U2206> <underscore> : "⍙" U2359 # ∆ _ APL FUNCTIONAL SYMBOL DELTA UNDERBAR <Multi_key> <underscore> <U2206> : "⍙" U2359 # _ ∆ APL FUNCTIONAL SYMBOL DELTA UNDERBAR @@ -6079,10 +6085,7 @@ <Multi_key> <asciitilde> <0> : "⍬" U236c # ~ 0 APL FUNCTIONAL SYMBOL ZILDE <Multi_key> <bar> <asciitilde> : "⍭" U236d # | ~ APL FUNCTIONAL SYMBOL STILE TILDE <Multi_key> <asciitilde> <bar> : "⍭" U236d # ~ | APL FUNCTIONAL SYMBOL STILE TILDE -XCOMM This line does not work. It clashes with -XCOMM <underscore> <semicolon> <O> for Ǭ and -XCOMM <underscore> <semicolon> <o> for ǭ. -XCOMM Given that no extant APLs use ⍮ I will just leave the line in place. +XCOMM The <underscore> <semicolon> is used elsewhere. However, no extant APL uses "⍮". <Multi_key> <semicolon> <underscore> : "⍮" U236e # ; _ APL FUNCTIONAL SYMBOL SEMICOLON UNDERBAR <Multi_key> <U2260> <U2395> : "⍯" U236f # ≠ ⎕ APL FUNCTIONAL SYMBOL QUAD NOT EQUAL <Multi_key> <U2395> <U2260> : "⍯" U236f # ⎕ ≠ APL FUNCTIONAL SYMBOL QUAD NOT EQUAL diff -Nru libx11-1.7.0/nls/locale.alias.pre libx11-1.7.1/nls/locale.alias.pre --- libx11-1.7.0/nls/locale.alias.pre 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/nls/locale.alias.pre 2021-05-18 16:14:30.000000000 +0200 @@ -16,6 +16,7 @@ Cextend.en: en_US.ISO8859-1 English_United-States.437: C C.UTF-8: en_US.UTF-8 +C.utf8: en_US.UTF-8 XCOMM a3 is not an ISO 639 language code, but in Cyrillic, "Z" looks like "3". a3: az_AZ.KOI8-C a3_AZ: az_AZ.KOI8-C diff -Nru libx11-1.7.0/README.md libx11-1.7.1/README.md --- libx11-1.7.0/README.md 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/README.md 2021-05-18 16:14:20.000000000 +0200 @@ -31,6 +31,17 @@ https://www.x.org/wiki/Development/Documentation/SubmittingPatches +## Release 1.7.1 + +This is a bug fix release, including a security fix for +CVE-2021-31535, nls and documentation corrections. + + * Reject string longer than USHRT_MAX before sending them on the wire + * Fix out-of-bound access in KeySymToUcs4() + * nls: allow composing all breved letters also with a lowercase "u" + * nls: add 'C.utf8' as an alias for 'en_US.UTF-8' + * Nroff code fixes + * Comments fixes ## Release 1.7.0 diff -Nru libx11-1.7.0/src/Font.c libx11-1.7.1/src/Font.c --- libx11-1.7.0/src/Font.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/Font.c 2021-05-18 16:14:33.000000000 +0200 @@ -102,6 +102,8 @@ XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy); #endif + if (strlen(name) >= USHRT_MAX) + return NULL; if (_XF86LoadQueryLocaleFont(dpy, name, &font_result, (Font *)0)) return font_result; LockDisplay(dpy); @@ -663,7 +665,7 @@ if (!name) return 0; l = (int) strlen(name); - if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-') + if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX) return 0; charset = NULL; /* next three lines stolen from _XkbGetCharset() */ diff -Nru libx11-1.7.0/src/FontInfo.c libx11-1.7.1/src/FontInfo.c --- libx11-1.7.0/src/FontInfo.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/FontInfo.c 2021-05-18 16:14:33.000000000 +0200 @@ -58,6 +58,9 @@ register xListFontsReq *req; int j; + if (strlen(pattern) >= USHRT_MAX) + return NULL; + LockDisplay(dpy); GetReq(ListFontsWithInfo, req); req->maxNames = maxNames; diff -Nru libx11-1.7.0/src/FontNames.c libx11-1.7.1/src/FontNames.c --- libx11-1.7.0/src/FontNames.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/FontNames.c 2021-05-18 16:14:33.000000000 +0200 @@ -51,6 +51,9 @@ register xListFontsReq *req; unsigned long rlen = 0; + if (strlen(pattern) >= USHRT_MAX) + return NULL; + LockDisplay(dpy); GetReq(ListFonts, req); req->maxNames = maxNames; diff -Nru libx11-1.7.0/src/GetColor.c libx11-1.7.1/src/GetColor.c --- libx11-1.7.0/src/GetColor.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/GetColor.c 2021-05-18 16:14:33.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <stdio.h> #include "Xlibint.h" #include "Xcmsint.h" @@ -48,6 +49,9 @@ XcmsColor cmsColor_exact; Status ret; + if (strlen(colorname) >= USHRT_MAX) + return (0); + #ifdef XCMS /* * Let's Attempt to use Xcms and i18n approach to Parse Color diff -Nru libx11-1.7.0/src/LoadFont.c libx11-1.7.1/src/LoadFont.c --- libx11-1.7.0/src/LoadFont.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/LoadFont.c 2021-05-18 16:14:34.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include "Xlibint.h" Font @@ -38,6 +39,9 @@ Font fid; register xOpenFontReq *req; + if (strlen(name) >= USHRT_MAX) + return (0); + if (_XF86LoadQueryLocaleFont(dpy, name, (XFontStruct **)0, &fid)) return fid; diff -Nru libx11-1.7.0/src/LookupCol.c libx11-1.7.1/src/LookupCol.c --- libx11-1.7.0/src/LookupCol.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/LookupCol.c 2021-05-18 16:14:34.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <stdio.h> #include "Xlibint.h" #include "Xcmsint.h" @@ -46,6 +47,9 @@ XcmsCCC ccc; XcmsColor cmsColor_exact; + n = (int) strlen (spec); + if (n >= USHRT_MAX) + return 0; #ifdef XCMS /* * Let's Attempt to use Xcms and i18n approach to Parse Color @@ -77,8 +81,6 @@ * Xcms and i18n methods failed, so lets pass it to the server * for parsing. */ - - n = (int) strlen (spec); LockDisplay(dpy); GetReq (LookupColor, req); req->cmap = cmap; diff -Nru libx11-1.7.0/src/ParseCol.c libx11-1.7.1/src/ParseCol.c --- libx11-1.7.0/src/ParseCol.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/ParseCol.c 2021-05-18 16:14:34.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <stdio.h> #include "Xlibint.h" #include "Xcmsint.h" @@ -47,6 +48,8 @@ if (!spec) return(0); n = (int) strlen (spec); + if (n >= USHRT_MAX) + return(0); if (*spec == '#') { /* * RGB diff -Nru libx11-1.7.0/src/QuExt.c libx11-1.7.1/src/QuExt.c --- libx11-1.7.0/src/QuExt.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/QuExt.c 2021-05-18 16:14:34.000000000 +0200 @@ -27,6 +27,8 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> +#include <stdbool.h> #include "Xlibint.h" Bool @@ -40,6 +42,9 @@ xQueryExtensionReply rep; register xQueryExtensionReq *req; + if (strlen(name) >= USHRT_MAX) + return false; + LockDisplay(dpy); GetReq(QueryExtension, req); req->nbytes = name ? (CARD16) strlen(name) : 0; diff -Nru libx11-1.7.0/src/SetFPath.c libx11-1.7.1/src/SetFPath.c --- libx11-1.7.0/src/SetFPath.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/SetFPath.c 2021-05-18 16:14:34.000000000 +0200 @@ -26,6 +26,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> +#include <limits.h> #endif #include "Xlibint.h" @@ -49,6 +50,11 @@ req->nFonts = ndirs; for (i = 0; i < ndirs; i++) { n = (int) ((size_t) n + (safestrlen (directories[i]) + 1)); + if (n >= USHRT_MAX) { + UnlockDisplay(dpy); + SyncHandle(); + return 0; + } } nbytes = (n + 3) & ~3; req->length += nbytes >> 2; diff -Nru libx11-1.7.0/src/SetHints.c libx11-1.7.1/src/SetHints.c --- libx11-1.7.0/src/SetHints.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/SetHints.c 2021-05-18 16:14:34.000000000 +0200 @@ -49,6 +49,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <X11/Xlibint.h> #include <X11/Xutil.h> #include "Xatomtype.h" @@ -214,6 +215,8 @@ register char *buf, *bp; for (i = 0, nbytes = 0; i < argc; i++) { nbytes += safestrlen(argv[i]) + 1; + if (nbytes >= USHRT_MAX) + return 1; } if ((bp = buf = Xmalloc(nbytes))) { /* copy arguments into single buffer */ @@ -256,6 +259,8 @@ if (name != NULL) XStoreName (dpy, w, name); + if (safestrlen(icon_string) >= USHRT_MAX) + return 1; if (icon_string != NULL) { XChangeProperty (dpy, w, XA_WM_ICON_NAME, XA_STRING, 8, PropModeReplace, @@ -298,6 +303,8 @@ len_nm = safestrlen(classhint->res_name); len_cl = safestrlen(classhint->res_class); + if (len_nm + len_cl >= USHRT_MAX) + return 1; if ((class_string = s = Xmalloc(len_nm + len_cl + 2))) { if (len_nm) { strcpy(s, classhint->res_name); diff -Nru libx11-1.7.0/src/StName.c libx11-1.7.1/src/StName.c --- libx11-1.7.0/src/StName.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/StName.c 2021-05-18 16:14:35.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <X11/Xlibint.h> #include <X11/Xatom.h> @@ -36,7 +37,9 @@ Window w, _Xconst char *name) { - return XChangeProperty(dpy, w, XA_WM_NAME, XA_STRING, + if (strlen(name) >= USHRT_MAX) + return 0; + return XChangeProperty(dpy, w, XA_WM_NAME, XA_STRING, /* */ 8, PropModeReplace, (_Xconst unsigned char *)name, name ? (int) strlen(name) : 0); } @@ -47,6 +50,8 @@ Window w, _Xconst char *icon_name) { + if (strlen(icon_name) >= USHRT_MAX) + return 0; return XChangeProperty(dpy, w, XA_WM_ICON_NAME, XA_STRING, 8, PropModeReplace, (_Xconst unsigned char *)icon_name, icon_name ? (int) strlen(icon_name) : 0); diff -Nru libx11-1.7.0/src/StNColor.c libx11-1.7.1/src/StNColor.c --- libx11-1.7.0/src/StNColor.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/StNColor.c 2021-05-18 16:14:35.000000000 +0200 @@ -27,6 +27,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include <stdio.h> #include "Xlibint.h" #include "Xcmsint.h" @@ -46,6 +47,8 @@ XcmsColor cmsColor_exact; XColor scr_def; + if (strlen(name) >= USHRT_MAX) + return 0; #ifdef XCMS /* * Let's Attempt to use Xcms approach to Parse Color diff -Nru libx11-1.7.0/src/xlibi18n/imKStoUCS.c libx11-1.7.1/src/xlibi18n/imKStoUCS.c --- libx11-1.7.0/src/xlibi18n/imKStoUCS.c 2020-11-20 20:08:11.000000000 +0100 +++ libx11-1.7.1/src/xlibi18n/imKStoUCS.c 2021-05-18 16:14:36.000000000 +0200 @@ -285,7 +285,7 @@ return keysym_to_unicode_3a2_3fe[keysym - 0x3a2]; else if (keysym > 0x4a0 && keysym < 0x4e0) return keysym_to_unicode_4a1_4df[keysym - 0x4a1]; - else if (keysym > 0x589 && keysym < 0x5ff) + else if (keysym > 0x58f && keysym < 0x5ff) return keysym_to_unicode_590_5fe[keysym - 0x590]; else if (keysym > 0x67f && keysym < 0x700) return keysym_to_unicode_680_6ff[keysym - 0x680]; diff -Nru libx11-1.7.0/test-driver libx11-1.7.1/test-driver --- libx11-1.7.0/test-driver 2020-11-20 20:08:20.000000000 +0100 +++ libx11-1.7.1/test-driver 2021-05-18 16:14:46.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2020 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by
--- End Message ---
--- Begin Message ---
- To: 988832-done@bugs.debian.org, Emilio Pozuelo Monfort <pochu@debian.org>
- Subject: Re: Bug#988832: unblock: libx11/2:1.7.1-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Wed, 26 May 2021 21:50:14 +0200
- Message-id: <d903d350-73c6-15e4-cf30-83cb2163551f@debian.org>
- In-reply-to: <[🔎] 20210522044348.muc6qvaahsivrkys@mraw.org>
- References: <[🔎] 162149918786.4387.15016608718527191097.reportbug@andromeda> <[🔎] 162149918786.4387.15016608718527191097.reportbug@andromeda> <[🔎] b2bc7ca4-ef3b-e7d0-f444-bacace9056e6@debian.org> <[🔎] 162149918786.4387.15016608718527191097.reportbug@andromeda> <[🔎] 20210522044348.muc6qvaahsivrkys@mraw.org>
Hi, On 22-05-2021 06:43, Cyril Brulebois wrote: > Tests are looking good, feel free to go ahead. Unblocked earlier and the package migrated. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---