Bug#990370: marked as done (unblock: alttab/1.5.0-2)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 28 Jun 2021 22:11:43 +0000
with message-id <E1lxzTj-0001nR-3a@respighi.debian.org>
and subject line unblock alttab
has caused the Debian Bug report #990370,
regarding unblock: alttab/1.5.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990370
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: alttab/1.5.0-2
• From: Peter Pentchev <roam@ringlet.net>
• Date: Sun, 27 Jun 2021 17:35:32 +0300
• Message-id: <[🔎] 162480438611.2590340.2620261084089432252.reportbug@straylight.m.ringlet.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package alttab to fix a buffer overflow RC bug.
It is marked for autoremoval on June 29, so I realize that it might
be a bit too late, but I still thought I'd try.

[ Reason ]
Upstream version 1.5.0 contains some strncpy() calls to
incorrectly sized arrays; see #964357 for more information.

[ Impact ]
In many cases, the alttab program crashes on startup, making it
practically unusable for some users.

[ Tests ]
The alttab package has an upstream test suite that is not yet
run in the Debian package; I adopted it recently and I will try to
introduce that in a future upload.

[ Risks ]
Leaf package, not widely used; pretty straightforward fix for
a classic C programming security problem, so hopefully low risk.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock alttab/1.5.0-2

diff -Nru alttab-1.5.0/debian/changelog alttab-1.5.0/debian/changelog
--- alttab-1.5.0/debian/changelog	2020-07-23 12:19:05.000000000 +0300
+++ alttab-1.5.0/debian/changelog	2021-06-27 16:57:21.000000000 +0300
@@ -1,3 +1,11 @@
+alttab (1.5.0-2) unstable; urgency=medium
+
+  * New maintainer. Closes: #989842
+  * Point Vcs-Git and Vcs-Browser to the new salsa/debian repository.
+  * Add the strncpy patch to fix some buffer overflows. Closes: #964357
+
+ -- Peter Pentchev <roam@debian.org>  Sun, 27 Jun 2021 16:57:21 +0300
+
 alttab (1.5.0-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru alttab-1.5.0/debian/control alttab-1.5.0/debian/control
--- alttab-1.5.0/debian/control	2020-07-23 12:19:05.000000000 +0300
+++ alttab-1.5.0/debian/control	2021-06-27 16:56:42.000000000 +0300
@@ -1,7 +1,7 @@
 Source: alttab
 Section: x11
 Priority: optional
-Maintainer: Alexander Kulak <sa-dev@odd.systems>
+Maintainer: Peter Pentchev <roam@debian.org>
 Build-Depends: debhelper-compat (= 13),
                libx11-dev,
                libxmu-dev,
@@ -14,8 +14,8 @@
                autoconf,
                automake
 Standards-Version: 4.5.0
-Vcs-Git: https://github.com/sagb/alttab.git -b debian/unstable
-Vcs-Browser: https://github.com/sagb/alttab/tree/debian/unstable
+Vcs-Git: https://salsa.debian.org/debian/alttab.git
+Vcs-Browser: https://salsa.debian.org/debian/alttab
 Homepage: https://sagb.github.io/alttab
 Rules-Requires-Root: no
 
diff -Nru alttab-1.5.0/debian/patches/series alttab-1.5.0/debian/patches/series
--- alttab-1.5.0/debian/patches/series	1970-01-01 02:00:00.000000000 +0200
+++ alttab-1.5.0/debian/patches/series	2021-06-27 16:56:42.000000000 +0300
@@ -0,0 +1 @@
+strncpy.patch
diff -Nru alttab-1.5.0/debian/patches/strncpy.patch alttab-1.5.0/debian/patches/strncpy.patch
--- alttab-1.5.0/debian/patches/strncpy.patch	1970-01-01 02:00:00.000000000 +0200
+++ alttab-1.5.0/debian/patches/strncpy.patch	2021-06-27 16:56:42.000000000 +0300
@@ -0,0 +1,85 @@
+Description: fix possible strncpy overflows
+Origin: upstream; https://github.com/sagb/alttab/commit/5cb60252e58646a6dd45d55e9373d27fe9f520a1
+Author: Alexander Kulak <sa-dev@odd.systems>
+Bug-Debian: https://bugs.debian.org/964357
+Last-Update: 2021-06-27
+
+--- a/src/icon.c
++++ b/src/icon.c
+@@ -260,8 +260,9 @@
+     char *endptr;
+     char *dim;
+     int dimlen;
+-    char sx[5];
+-    char sy[5];
++    char sx[MAXICONDIMLEN];
++    char sy[MAXICONDIMLEN];
++    int sx_size, sy_size;
+     int ix, iy;
+     icon_t *ic;
+     char *suff;
+@@ -309,11 +310,17 @@
+         xchar = strchr(dim, 'x');
+         if (xchar == NULL)
+             return 0;               // unknown dimensions
+-        strncpy(sx, dim, (xchar - dim));
+-        sx[xchar - dim] = '\0';
++        sx_size = xchar - dim;
++        if (sx_size > MAXICONDIMLEN - 1)
++            return 0;
++        strncpy(sx, dim, sx_size);
++        sx[sx_size] = '\0';
+         ix = atoi(sx);
+-        strncpy(sy, xchar + 1, dim + dimlen - xchar);
+-        sy[dim + dimlen - xchar - 1] = '\0';
++        sy_size = dim + dimlen - xchar;
++        if (sy_size > MAXICONDIMLEN - 1)
++            return 0;
++        strncpy(sy, xchar + 1, sy_size);
++        sy[sy_size] = '\0';
+         iy = atoi(sy);
+     } else {
+         // icon other than a priory known dimensions has lowest priority
+@@ -335,16 +342,28 @@
+         uchar = strrchr(app, '_');
+         xchar = strrchr(app, 'x');
+         if (xchar != NULL && uchar != NULL && xchar > uchar) {
+-            strncpy(sx, uchar+1, (xchar - uchar - 1));
+-            sx[xchar - uchar - 1] = '\0';
++            sx_size = xchar - uchar - 1;
++            if (sx_size > MAXICONDIMLEN - 1) {
++                msg (0, special_fail_1, app, "WW");
++                ix = 0;
++                goto end_special_1;
++            }
++            strncpy(sx, uchar+1, sx_size);
++            sx[sx_size] = '\0';
+             ix = strtol(sx, &endptr, 10);
+             if (!(*sx != '\0' && *endptr == '\0')) {
+                 msg (0, special_fail_1, app, "WW");
+                 ix = 0;
+                 goto end_special_1;
+             }
+-            strncpy(sy, xchar + 1, app + strlen(app) - xchar);
+-            sy[app + strlen(app) - xchar] = '\0';
++            sy_size = app + strlen(app) - xchar;
++            if (sy_size > MAXICONDIMLEN - 1) {
++                msg (0, special_fail_1, app, "HH");
++                iy = 0;
++                goto end_special_1;
++            }
++            strncpy(sy, xchar + 1, sy_size);
++            sy[sy_size] = '\0';
+             iy = strtol(sy, &endptr, 10);
+             if (!(*sy != '\0' && *endptr == '\0')) {
+                 msg (0, special_fail_1, app, "HH");
+--- a/src/icon.h
++++ b/src/icon.h
+@@ -38,6 +38,7 @@
+ #define MAXICONDIRS     64
+ #define MAXAPPLEN       64
+ #define MAXICONPATHLEN  1024
++#define MAXICONDIMLEN   5
+ 
+ typedef struct {
+     char app[MAXAPPLEN];        // application name; uthash key

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 990370-done@bugs.debian.org
• Subject: unblock alttab
• From: Sebastian Ramacher <sramacher@respighi.debian.org>
• Date: Mon, 28 Jun 2021 22:11:43 +0000
• Message-id: <E1lxzTj-0001nR-3a@respighi.debian.org>

Unblocked.

--- End Message ---