[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991845: marked as done (unblock: libx11/2:1.7.2-1)

Your message dated Wed, 4 Aug 2021 07:45:07 +0200
with message-id <8412cbc2-1eb4-0fed-7dc4-02f6ce788d88@debian.org>
and subject line Re: Bug#991845: unblock: libx11/2:1.7.2-1
has caused the Debian Bug report #991845,
regarding unblock: libx11/2:1.7.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991845
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: bunk@debian.org mzagrabe@d.umn.edu

Please unblock package libx11

[ Reason ]
The new upstream release fixes regressions in the previous CVE release, including a segfault in fdesign. (bug 990998)

[ Impact ]
Regressions remain in bullseye release.

[ Tests ]
The new version has a commit that fixes a bug with a similar backtrace as 990998, Matt can verify here that fdesign works with the new libx11.

[ Risks ]
The upstream changes are small, only three commits, 

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x attach debdiff against the package in testing

[ Other info ]
The diff is filtered to have only changes to the code and packaging, autotools changes are removed.

unblock libx11/2:1.7.2-1

diff -Nru libx11-1.7.1/configure.ac libx11-1.7.2/configure.ac
--- libx11-1.7.1/configure.ac	2021-05-18 17:14:20.000000000 +0300
+++ libx11-1.7.2/configure.ac	2021-06-06 19:48:52.000000000 +0300
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libX11], [1.7.1],
+AC_INIT([libX11], [1.7.2],
         [https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])
diff -Nru libx11-1.7.1/debian/changelog libx11-1.7.2/debian/changelog
--- libx11-1.7.1/debian/changelog	2021-08-03 11:34:34.000000000 +0300
+++ libx11-1.7.2/debian/changelog	2021-08-03 11:34:35.000000000 +0300
@@ -1,3 +1,13 @@
+libx11 (2:1.7.2-1) unstable; urgency=medium
+
+  [ Timo Aaltonen ]
+  * New upstream release. (Closes: #990998)
+
+  [ Julien Cristau ]
+  * Fix Vcs-Git control field.
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Mon, 26 Jul 2021 11:29:39 +0300
+
 libx11 (2:1.7.1-1) unstable; urgency=medium
 
   [ Julien Cristau ]
diff -Nru libx11-1.7.1/debian/control libx11-1.7.2/debian/control
--- libx11-1.7.1/debian/control	2021-08-03 11:34:34.000000000 +0300
+++ libx11-1.7.2/debian/control	2021-08-03 11:34:35.000000000 +0300
@@ -17,7 +17,7 @@
  xorg-sgml-doctools (>= 1:1.10),
  w3m,
 Standards-Version: 4.5.0
-Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11
+Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11.git
 Vcs-Browser: https://salsa.debian.org/xorg-team/lib/libx11
 
 Package: libx11-6
diff -Nru libx11-1.7.1/README.md libx11-1.7.2/README.md
--- libx11-1.7.1/README.md	2021-05-18 17:14:20.000000000 +0300
+++ libx11-1.7.2/README.md	2021-06-06 19:48:52.000000000 +0300
@@ -31,6 +31,11 @@
 
   https://www.x.org/wiki/Development/Documentation/SubmittingPatches
 
+## Release 1.7.2
+
+This is a bug fix release, correcting a regression introduced by and
+improving the checks from the fix for CVE-2021-31535.
+
 ## Release 1.7.1
 
 This is a bug fix release, including a security fix for
diff -Nru libx11-1.7.1/src/Font.c libx11-1.7.2/src/Font.c
--- libx11-1.7.1/src/Font.c	2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/Font.c	2021-06-06 19:48:53.000000000 +0300
@@ -102,7 +102,7 @@
     XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy);
 #endif
 
-    if (strlen(name) >= USHRT_MAX)
+    if (name != NULL && strlen(name) >= USHRT_MAX)
         return NULL;
     if (_XF86LoadQueryLocaleFont(dpy, name, &font_result, (Font *)0))
       return font_result;
@@ -656,7 +656,7 @@
    XFontStruct **xfp,
    Font *fidp)
 {
-    int l;
+    size_t l;
     const char *charset, *p;
     char buf[256];
     XFontStruct *fs;
@@ -664,7 +664,7 @@
 
     if (!name)
 	return 0;
-    l = (int) strlen(name);
+    l = strlen(name);
     if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX)
 	return 0;
     charset = NULL;
@@ -677,11 +677,11 @@
 	charset = "ISO8859-1";
 	p = charset + 7;
     }
-    if (l - 2 - (p - charset) < 0)
+    if (l - 2 < p - charset)
 	return 0;
     if (_XlcNCompareISOLatin1(name + l - 2 - (p - charset), charset, p - charset))
 	return 0;
-    if (strlen(p + 1) + (size_t) l - 1 >= sizeof(buf) - 1)
+    if (strlen(p + 1) + l - 1 >= sizeof(buf) - 1)
 	return 0;
     strcpy(buf, name);
     strcpy(buf + l - 1, p + 1);
diff -Nru libx11-1.7.1/src/FontInfo.c libx11-1.7.2/src/FontInfo.c
--- libx11-1.7.1/src/FontInfo.c	2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/FontInfo.c	2021-06-06 19:48:53.000000000 +0300
@@ -58,7 +58,7 @@
     register xListFontsReq *req;
     int j;
 
-    if (strlen(pattern) >= USHRT_MAX)
+    if (pattern != NULL && strlen(pattern) >= USHRT_MAX)
         return NULL;
 
     LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/FontNames.c libx11-1.7.2/src/FontNames.c
--- libx11-1.7.1/src/FontNames.c	2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/FontNames.c	2021-06-06 19:48:53.000000000 +0300
@@ -51,7 +51,7 @@
     register xListFontsReq *req;
     unsigned long rlen = 0;
 
-    if (strlen(pattern) >= USHRT_MAX)
+    if (pattern != NULL && strlen(pattern) >= USHRT_MAX)
         return NULL;
 
     LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/GetColor.c libx11-1.7.2/src/GetColor.c
--- libx11-1.7.1/src/GetColor.c	2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/GetColor.c	2021-06-06 19:48:53.000000000 +0300
@@ -49,7 +49,7 @@
     XcmsColor cmsColor_exact;
     Status ret;
 
-    if (strlen(colorname) >= USHRT_MAX)
+    if (colorname != NULL && strlen(colorname) >= USHRT_MAX)
         return (0);
 
 #ifdef XCMS
diff -Nru libx11-1.7.1/src/LoadFont.c libx11-1.7.2/src/LoadFont.c
--- libx11-1.7.1/src/LoadFont.c	2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/LoadFont.c	2021-06-06 19:48:53.000000000 +0300
@@ -39,7 +39,7 @@
     Font fid;
     register xOpenFontReq *req;
 
-    if (strlen(name) >= USHRT_MAX)
+    if (name != NULL && strlen(name) >= USHRT_MAX)
         return (0);
 
     if (_XF86LoadQueryLocaleFont(dpy, name, (XFontStruct **)0, &fid))
diff -Nru libx11-1.7.1/src/LookupCol.c libx11-1.7.2/src/LookupCol.c
--- libx11-1.7.1/src/LookupCol.c	2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/LookupCol.c	2021-06-06 19:48:53.000000000 +0300
@@ -41,13 +41,15 @@
 	XColor *def,
 	XColor *scr)
 {
-	register int n;
+	register size_t n;
 	xLookupColorReply reply;
 	register xLookupColorReq *req;
 	XcmsCCC ccc;
 	XcmsColor cmsColor_exact;
 
-	n = (int) strlen (spec);
+	if (spec == NULL)
+		return 0;
+	n = strlen (spec);
 	if (n >= USHRT_MAX)
             return 0;
 #ifdef XCMS
diff -Nru libx11-1.7.1/src/ParseCol.c libx11-1.7.2/src/ParseCol.c
--- libx11-1.7.1/src/ParseCol.c	2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/ParseCol.c	2021-06-06 19:48:53.000000000 +0300
@@ -40,14 +40,14 @@
 	_Xconst char *spec,
 	XColor *def)
 {
-	register int n, i;
+	register size_t n, i;
 	int r, g, b;
 	char c;
 	XcmsCCC ccc;
 	XcmsColor cmsColor;
 
         if (!spec) return(0);
-	n = (int) strlen (spec);
+	n = strlen (spec);
 	if (n >= USHRT_MAX)
             return(0);
 	if (*spec == '#') {
@@ -64,7 +64,7 @@
 		r = g;
 		g = b;
 		b = 0;
-		for (i = n; --i >= 0; ) {
+		for (i = 0; i < n; i++) {
 		    c = *spec++;
 		    b <<= 4;
 		    if (c >= '0' && c <= '9')
@@ -122,7 +122,7 @@
 	    LockDisplay(dpy);
 	    GetReq (LookupColor, req);
 	    req->cmap = cmap;
-	    req->nbytes = (CARD16) (n = (int) strlen(spec));
+	    req->nbytes = (CARD16) (n = strlen(spec));
 	    req->length += (n + 3) >> 2;
 	    Data (dpy, spec, (long)n);
 	    if (!_XReply (dpy, (xReply *) &reply, 0, xTrue)) {
diff -Nru libx11-1.7.1/src/QuExt.c libx11-1.7.2/src/QuExt.c
--- libx11-1.7.1/src/QuExt.c	2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/QuExt.c	2021-06-06 19:48:53.000000000 +0300
@@ -42,7 +42,7 @@
     xQueryExtensionReply rep;
     register xQueryExtensionReq *req;
 
-    if (strlen(name) >= USHRT_MAX)
+    if (name != NULL && strlen(name) >= USHRT_MAX)
         return false;
 
     LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/SetFPath.c libx11-1.7.2/src/SetFPath.c
--- libx11-1.7.1/src/SetFPath.c	2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/SetFPath.c	2021-06-06 19:48:53.000000000 +0300
@@ -26,8 +26,8 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-#include <limits.h>
 #endif
+#include <limits.h>
 #include "Xlibint.h"
 
 #define safestrlen(s) ((s) ? strlen(s) : 0)
@@ -38,7 +38,7 @@
     char **directories,
     int ndirs)
 {
-	register int n = 0;
+	register size_t n = 0;
 	register int i;
 	register int nbytes;
 	char *p;
@@ -49,7 +49,7 @@
 	GetReq (SetFontPath, req);
 	req->nFonts = ndirs;
 	for (i = 0; i < ndirs; i++) {
-		n = (int) ((size_t) n + (safestrlen (directories[i]) + 1));
+		n = n + (safestrlen (directories[i]) + 1);
 		if (n >= USHRT_MAX) {
 			UnlockDisplay(dpy);
 			SyncHandle();
@@ -65,9 +65,9 @@
 		char	*tmp = p;
 
 		for (i = 0; i < ndirs; i++) {
-			register int length = (int) safestrlen (directories[i]);
+			size_t length = safestrlen (directories[i]);
 			*p = length;
-			memcpy (p + 1, directories[i], (size_t)length);
+			memcpy (p + 1, directories[i], length);
 			p += length + 1;
 		}
 		Data (dpy, tmp, nbytes);
diff -Nru libx11-1.7.1/src/StName.c libx11-1.7.2/src/StName.c
--- libx11-1.7.1/src/StName.c	2021-05-18 17:14:35.000000000 +0300
+++ libx11-1.7.2/src/StName.c	2021-06-06 19:48:53.000000000 +0300
@@ -37,7 +37,7 @@
     Window w,
     _Xconst char *name)
 {
-    if (strlen(name) >= USHRT_MAX)
+    if (name != NULL && strlen(name) >= USHRT_MAX)
         return 0;
     return XChangeProperty(dpy, w, XA_WM_NAME, XA_STRING, /*  */
 			   8, PropModeReplace, (_Xconst unsigned char *)name,
@@ -50,7 +50,7 @@
     Window w,
     _Xconst char *icon_name)
 {
-    if (strlen(icon_name) >= USHRT_MAX)
+    if (icon_name != NULL && strlen(icon_name) >= USHRT_MAX)
         return 0;
     return XChangeProperty(dpy, w, XA_WM_ICON_NAME, XA_STRING, 8,
                            PropModeReplace, (_Xconst unsigned char *)icon_name,
diff -Nru libx11-1.7.1/src/StNColor.c libx11-1.7.2/src/StNColor.c
--- libx11-1.7.1/src/StNColor.c	2021-05-18 17:14:35.000000000 +0300
+++ libx11-1.7.2/src/StNColor.c	2021-06-06 19:48:53.000000000 +0300
@@ -47,7 +47,7 @@
     XcmsColor cmsColor_exact;
     XColor scr_def;
 
-    if (strlen(name) >= USHRT_MAX)
+    if (name != NULL && strlen(name) >= USHRT_MAX)
         return 0;
 #ifdef XCMS
     /*

--- End Message ---
--- Begin Message --- 
Hi Timo,

>> On 03-08-2021 10:54, Timo Aaltonen wrote:
>>> Please unblock package libx11

Unblock hints added.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: