Your message dated Mon, 28 Jun 2021 22:11:43 +0000 with message-id <E1lxzTj-0001nR-3a@respighi.debian.org> and subject line unblock alttab has caused the Debian Bug report #990370, regarding unblock: alttab/1.5.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 990370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990370 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: alttab/1.5.0-2
- From: Peter Pentchev <roam@ringlet.net>
- Date: Sun, 27 Jun 2021 17:35:32 +0300
- Message-id: <[🔎] 162480438611.2590340.2620261084089432252.reportbug@straylight.m.ringlet.net>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package alttab to fix a buffer overflow RC bug. It is marked for autoremoval on June 29, so I realize that it might be a bit too late, but I still thought I'd try. [ Reason ] Upstream version 1.5.0 contains some strncpy() calls to incorrectly sized arrays; see #964357 for more information. [ Impact ] In many cases, the alttab program crashes on startup, making it practically unusable for some users. [ Tests ] The alttab package has an upstream test suite that is not yet run in the Debian package; I adopted it recently and I will try to introduce that in a future upload. [ Risks ] Leaf package, not widely used; pretty straightforward fix for a classic C programming security problem, so hopefully low risk. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock alttab/1.5.0-2diff -Nru alttab-1.5.0/debian/changelog alttab-1.5.0/debian/changelog --- alttab-1.5.0/debian/changelog 2020-07-23 12:19:05.000000000 +0300 +++ alttab-1.5.0/debian/changelog 2021-06-27 16:57:21.000000000 +0300 @@ -1,3 +1,11 @@ +alttab (1.5.0-2) unstable; urgency=medium + + * New maintainer. Closes: #989842 + * Point Vcs-Git and Vcs-Browser to the new salsa/debian repository. + * Add the strncpy patch to fix some buffer overflows. Closes: #964357 + + -- Peter Pentchev <roam@debian.org> Sun, 27 Jun 2021 16:57:21 +0300 + alttab (1.5.0-1) unstable; urgency=medium * New upstream release diff -Nru alttab-1.5.0/debian/control alttab-1.5.0/debian/control --- alttab-1.5.0/debian/control 2020-07-23 12:19:05.000000000 +0300 +++ alttab-1.5.0/debian/control 2021-06-27 16:56:42.000000000 +0300 @@ -1,7 +1,7 @@ Source: alttab Section: x11 Priority: optional -Maintainer: Alexander Kulak <sa-dev@odd.systems> +Maintainer: Peter Pentchev <roam@debian.org> Build-Depends: debhelper-compat (= 13), libx11-dev, libxmu-dev, @@ -14,8 +14,8 @@ autoconf, automake Standards-Version: 4.5.0 -Vcs-Git: https://github.com/sagb/alttab.git -b debian/unstable -Vcs-Browser: https://github.com/sagb/alttab/tree/debian/unstable +Vcs-Git: https://salsa.debian.org/debian/alttab.git +Vcs-Browser: https://salsa.debian.org/debian/alttab Homepage: https://sagb.github.io/alttab Rules-Requires-Root: no diff -Nru alttab-1.5.0/debian/patches/series alttab-1.5.0/debian/patches/series --- alttab-1.5.0/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ alttab-1.5.0/debian/patches/series 2021-06-27 16:56:42.000000000 +0300 @@ -0,0 +1 @@ +strncpy.patch diff -Nru alttab-1.5.0/debian/patches/strncpy.patch alttab-1.5.0/debian/patches/strncpy.patch --- alttab-1.5.0/debian/patches/strncpy.patch 1970-01-01 02:00:00.000000000 +0200 +++ alttab-1.5.0/debian/patches/strncpy.patch 2021-06-27 16:56:42.000000000 +0300 @@ -0,0 +1,85 @@ +Description: fix possible strncpy overflows +Origin: upstream; https://github.com/sagb/alttab/commit/5cb60252e58646a6dd45d55e9373d27fe9f520a1 +Author: Alexander Kulak <sa-dev@odd.systems> +Bug-Debian: https://bugs.debian.org/964357 +Last-Update: 2021-06-27 + +--- a/src/icon.c ++++ b/src/icon.c +@@ -260,8 +260,9 @@ + char *endptr; + char *dim; + int dimlen; +- char sx[5]; +- char sy[5]; ++ char sx[MAXICONDIMLEN]; ++ char sy[MAXICONDIMLEN]; ++ int sx_size, sy_size; + int ix, iy; + icon_t *ic; + char *suff; +@@ -309,11 +310,17 @@ + xchar = strchr(dim, 'x'); + if (xchar == NULL) + return 0; // unknown dimensions +- strncpy(sx, dim, (xchar - dim)); +- sx[xchar - dim] = '\0'; ++ sx_size = xchar - dim; ++ if (sx_size > MAXICONDIMLEN - 1) ++ return 0; ++ strncpy(sx, dim, sx_size); ++ sx[sx_size] = '\0'; + ix = atoi(sx); +- strncpy(sy, xchar + 1, dim + dimlen - xchar); +- sy[dim + dimlen - xchar - 1] = '\0'; ++ sy_size = dim + dimlen - xchar; ++ if (sy_size > MAXICONDIMLEN - 1) ++ return 0; ++ strncpy(sy, xchar + 1, sy_size); ++ sy[sy_size] = '\0'; + iy = atoi(sy); + } else { + // icon other than a priory known dimensions has lowest priority +@@ -335,16 +342,28 @@ + uchar = strrchr(app, '_'); + xchar = strrchr(app, 'x'); + if (xchar != NULL && uchar != NULL && xchar > uchar) { +- strncpy(sx, uchar+1, (xchar - uchar - 1)); +- sx[xchar - uchar - 1] = '\0'; ++ sx_size = xchar - uchar - 1; ++ if (sx_size > MAXICONDIMLEN - 1) { ++ msg (0, special_fail_1, app, "WW"); ++ ix = 0; ++ goto end_special_1; ++ } ++ strncpy(sx, uchar+1, sx_size); ++ sx[sx_size] = '\0'; + ix = strtol(sx, &endptr, 10); + if (!(*sx != '\0' && *endptr == '\0')) { + msg (0, special_fail_1, app, "WW"); + ix = 0; + goto end_special_1; + } +- strncpy(sy, xchar + 1, app + strlen(app) - xchar); +- sy[app + strlen(app) - xchar] = '\0'; ++ sy_size = app + strlen(app) - xchar; ++ if (sy_size > MAXICONDIMLEN - 1) { ++ msg (0, special_fail_1, app, "HH"); ++ iy = 0; ++ goto end_special_1; ++ } ++ strncpy(sy, xchar + 1, sy_size); ++ sy[sy_size] = '\0'; + iy = strtol(sy, &endptr, 10); + if (!(*sy != '\0' && *endptr == '\0')) { + msg (0, special_fail_1, app, "HH"); +--- a/src/icon.h ++++ b/src/icon.h +@@ -38,6 +38,7 @@ + #define MAXICONDIRS 64 + #define MAXAPPLEN 64 + #define MAXICONPATHLEN 1024 ++#define MAXICONDIMLEN 5 + + typedef struct { + char app[MAXAPPLEN]; // application name; uthash keyAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 990370-done@bugs.debian.org
- Subject: unblock alttab
- From: Sebastian Ramacher <sramacher@respighi.debian.org>
- Date: Mon, 28 Jun 2021 22:11:43 +0000
- Message-id: <E1lxzTj-0001nR-3a@respighi.debian.org>
Unblocked.
--- End Message ---