Your message dated Wed, 4 Aug 2021 07:45:07 +0200 with message-id <8412cbc2-1eb4-0fed-7dc4-02f6ce788d88@debian.org> and subject line Re: Bug#991845: unblock: libx11/2:1.7.2-1 has caused the Debian Bug report #991845, regarding unblock: libx11/2:1.7.2-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 991845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991845 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: libx11/2:1.7.2-1
- From: Timo Aaltonen <tjaalton@debian.org>
- Date: Tue, 03 Aug 2021 11:54:12 +0300
- Message-id: <[🔎] 162798085276.313734.4726793665494861411.reportbug@leon>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: bunk@debian.org mzagrabe@d.umn.edu Please unblock package libx11 [ Reason ] The new upstream release fixes regressions in the previous CVE release, including a segfault in fdesign. (bug 990998) [ Impact ] Regressions remain in bullseye release. [ Tests ] The new version has a commit that fixes a bug with a similar backtrace as 990998, Matt can verify here that fdesign works with the new libx11. [ Risks ] The upstream changes are small, only three commits, [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x attach debdiff against the package in testing [ Other info ] The diff is filtered to have only changes to the code and packaging, autotools changes are removed. unblock libx11/2:1.7.2-1diff -Nru libx11-1.7.1/configure.ac libx11-1.7.2/configure.ac --- libx11-1.7.1/configure.ac 2021-05-18 17:14:20.000000000 +0300 +++ libx11-1.7.2/configure.ac 2021-06-06 19:48:52.000000000 +0300 @@ -1,7 +1,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libX11], [1.7.1], +AC_INIT([libX11], [1.7.2], [https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h]) diff -Nru libx11-1.7.1/debian/changelog libx11-1.7.2/debian/changelog --- libx11-1.7.1/debian/changelog 2021-08-03 11:34:34.000000000 +0300 +++ libx11-1.7.2/debian/changelog 2021-08-03 11:34:35.000000000 +0300 @@ -1,3 +1,13 @@ +libx11 (2:1.7.2-1) unstable; urgency=medium + + [ Timo Aaltonen ] + * New upstream release. (Closes: #990998) + + [ Julien Cristau ] + * Fix Vcs-Git control field. + + -- Timo Aaltonen <tjaalton@debian.org> Mon, 26 Jul 2021 11:29:39 +0300 + libx11 (2:1.7.1-1) unstable; urgency=medium [ Julien Cristau ] diff -Nru libx11-1.7.1/debian/control libx11-1.7.2/debian/control --- libx11-1.7.1/debian/control 2021-08-03 11:34:34.000000000 +0300 +++ libx11-1.7.2/debian/control 2021-08-03 11:34:35.000000000 +0300 @@ -17,7 +17,7 @@ xorg-sgml-doctools (>= 1:1.10), w3m, Standards-Version: 4.5.0 -Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11 +Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11.git Vcs-Browser: https://salsa.debian.org/xorg-team/lib/libx11 Package: libx11-6 diff -Nru libx11-1.7.1/README.md libx11-1.7.2/README.md --- libx11-1.7.1/README.md 2021-05-18 17:14:20.000000000 +0300 +++ libx11-1.7.2/README.md 2021-06-06 19:48:52.000000000 +0300 @@ -31,6 +31,11 @@ https://www.x.org/wiki/Development/Documentation/SubmittingPatches +## Release 1.7.2 + +This is a bug fix release, correcting a regression introduced by and +improving the checks from the fix for CVE-2021-31535. + ## Release 1.7.1 This is a bug fix release, including a security fix for diff -Nru libx11-1.7.1/src/Font.c libx11-1.7.2/src/Font.c --- libx11-1.7.1/src/Font.c 2021-05-18 17:14:33.000000000 +0300 +++ libx11-1.7.2/src/Font.c 2021-06-06 19:48:53.000000000 +0300 @@ -102,7 +102,7 @@ XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy); #endif - if (strlen(name) >= USHRT_MAX) + if (name != NULL && strlen(name) >= USHRT_MAX) return NULL; if (_XF86LoadQueryLocaleFont(dpy, name, &font_result, (Font *)0)) return font_result; @@ -656,7 +656,7 @@ XFontStruct **xfp, Font *fidp) { - int l; + size_t l; const char *charset, *p; char buf[256]; XFontStruct *fs; @@ -664,7 +664,7 @@ if (!name) return 0; - l = (int) strlen(name); + l = strlen(name); if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX) return 0; charset = NULL; @@ -677,11 +677,11 @@ charset = "ISO8859-1"; p = charset + 7; } - if (l - 2 - (p - charset) < 0) + if (l - 2 < p - charset) return 0; if (_XlcNCompareISOLatin1(name + l - 2 - (p - charset), charset, p - charset)) return 0; - if (strlen(p + 1) + (size_t) l - 1 >= sizeof(buf) - 1) + if (strlen(p + 1) + l - 1 >= sizeof(buf) - 1) return 0; strcpy(buf, name); strcpy(buf + l - 1, p + 1); diff -Nru libx11-1.7.1/src/FontInfo.c libx11-1.7.2/src/FontInfo.c --- libx11-1.7.1/src/FontInfo.c 2021-05-18 17:14:33.000000000 +0300 +++ libx11-1.7.2/src/FontInfo.c 2021-06-06 19:48:53.000000000 +0300 @@ -58,7 +58,7 @@ register xListFontsReq *req; int j; - if (strlen(pattern) >= USHRT_MAX) + if (pattern != NULL && strlen(pattern) >= USHRT_MAX) return NULL; LockDisplay(dpy); diff -Nru libx11-1.7.1/src/FontNames.c libx11-1.7.2/src/FontNames.c --- libx11-1.7.1/src/FontNames.c 2021-05-18 17:14:33.000000000 +0300 +++ libx11-1.7.2/src/FontNames.c 2021-06-06 19:48:53.000000000 +0300 @@ -51,7 +51,7 @@ register xListFontsReq *req; unsigned long rlen = 0; - if (strlen(pattern) >= USHRT_MAX) + if (pattern != NULL && strlen(pattern) >= USHRT_MAX) return NULL; LockDisplay(dpy); diff -Nru libx11-1.7.1/src/GetColor.c libx11-1.7.2/src/GetColor.c --- libx11-1.7.1/src/GetColor.c 2021-05-18 17:14:33.000000000 +0300 +++ libx11-1.7.2/src/GetColor.c 2021-06-06 19:48:53.000000000 +0300 @@ -49,7 +49,7 @@ XcmsColor cmsColor_exact; Status ret; - if (strlen(colorname) >= USHRT_MAX) + if (colorname != NULL && strlen(colorname) >= USHRT_MAX) return (0); #ifdef XCMS diff -Nru libx11-1.7.1/src/LoadFont.c libx11-1.7.2/src/LoadFont.c --- libx11-1.7.1/src/LoadFont.c 2021-05-18 17:14:34.000000000 +0300 +++ libx11-1.7.2/src/LoadFont.c 2021-06-06 19:48:53.000000000 +0300 @@ -39,7 +39,7 @@ Font fid; register xOpenFontReq *req; - if (strlen(name) >= USHRT_MAX) + if (name != NULL && strlen(name) >= USHRT_MAX) return (0); if (_XF86LoadQueryLocaleFont(dpy, name, (XFontStruct **)0, &fid)) diff -Nru libx11-1.7.1/src/LookupCol.c libx11-1.7.2/src/LookupCol.c --- libx11-1.7.1/src/LookupCol.c 2021-05-18 17:14:34.000000000 +0300 +++ libx11-1.7.2/src/LookupCol.c 2021-06-06 19:48:53.000000000 +0300 @@ -41,13 +41,15 @@ XColor *def, XColor *scr) { - register int n; + register size_t n; xLookupColorReply reply; register xLookupColorReq *req; XcmsCCC ccc; XcmsColor cmsColor_exact; - n = (int) strlen (spec); + if (spec == NULL) + return 0; + n = strlen (spec); if (n >= USHRT_MAX) return 0; #ifdef XCMS diff -Nru libx11-1.7.1/src/ParseCol.c libx11-1.7.2/src/ParseCol.c --- libx11-1.7.1/src/ParseCol.c 2021-05-18 17:14:34.000000000 +0300 +++ libx11-1.7.2/src/ParseCol.c 2021-06-06 19:48:53.000000000 +0300 @@ -40,14 +40,14 @@ _Xconst char *spec, XColor *def) { - register int n, i; + register size_t n, i; int r, g, b; char c; XcmsCCC ccc; XcmsColor cmsColor; if (!spec) return(0); - n = (int) strlen (spec); + n = strlen (spec); if (n >= USHRT_MAX) return(0); if (*spec == '#') { @@ -64,7 +64,7 @@ r = g; g = b; b = 0; - for (i = n; --i >= 0; ) { + for (i = 0; i < n; i++) { c = *spec++; b <<= 4; if (c >= '0' && c <= '9') @@ -122,7 +122,7 @@ LockDisplay(dpy); GetReq (LookupColor, req); req->cmap = cmap; - req->nbytes = (CARD16) (n = (int) strlen(spec)); + req->nbytes = (CARD16) (n = strlen(spec)); req->length += (n + 3) >> 2; Data (dpy, spec, (long)n); if (!_XReply (dpy, (xReply *) &reply, 0, xTrue)) { diff -Nru libx11-1.7.1/src/QuExt.c libx11-1.7.2/src/QuExt.c --- libx11-1.7.1/src/QuExt.c 2021-05-18 17:14:34.000000000 +0300 +++ libx11-1.7.2/src/QuExt.c 2021-06-06 19:48:53.000000000 +0300 @@ -42,7 +42,7 @@ xQueryExtensionReply rep; register xQueryExtensionReq *req; - if (strlen(name) >= USHRT_MAX) + if (name != NULL && strlen(name) >= USHRT_MAX) return false; LockDisplay(dpy); diff -Nru libx11-1.7.1/src/SetFPath.c libx11-1.7.2/src/SetFPath.c --- libx11-1.7.1/src/SetFPath.c 2021-05-18 17:14:34.000000000 +0300 +++ libx11-1.7.2/src/SetFPath.c 2021-06-06 19:48:53.000000000 +0300 @@ -26,8 +26,8 @@ #ifdef HAVE_CONFIG_H #include <config.h> -#include <limits.h> #endif +#include <limits.h> #include "Xlibint.h" #define safestrlen(s) ((s) ? strlen(s) : 0) @@ -38,7 +38,7 @@ char **directories, int ndirs) { - register int n = 0; + register size_t n = 0; register int i; register int nbytes; char *p; @@ -49,7 +49,7 @@ GetReq (SetFontPath, req); req->nFonts = ndirs; for (i = 0; i < ndirs; i++) { - n = (int) ((size_t) n + (safestrlen (directories[i]) + 1)); + n = n + (safestrlen (directories[i]) + 1); if (n >= USHRT_MAX) { UnlockDisplay(dpy); SyncHandle(); @@ -65,9 +65,9 @@ char *tmp = p; for (i = 0; i < ndirs; i++) { - register int length = (int) safestrlen (directories[i]); + size_t length = safestrlen (directories[i]); *p = length; - memcpy (p + 1, directories[i], (size_t)length); + memcpy (p + 1, directories[i], length); p += length + 1; } Data (dpy, tmp, nbytes); diff -Nru libx11-1.7.1/src/StName.c libx11-1.7.2/src/StName.c --- libx11-1.7.1/src/StName.c 2021-05-18 17:14:35.000000000 +0300 +++ libx11-1.7.2/src/StName.c 2021-06-06 19:48:53.000000000 +0300 @@ -37,7 +37,7 @@ Window w, _Xconst char *name) { - if (strlen(name) >= USHRT_MAX) + if (name != NULL && strlen(name) >= USHRT_MAX) return 0; return XChangeProperty(dpy, w, XA_WM_NAME, XA_STRING, /* */ 8, PropModeReplace, (_Xconst unsigned char *)name, @@ -50,7 +50,7 @@ Window w, _Xconst char *icon_name) { - if (strlen(icon_name) >= USHRT_MAX) + if (icon_name != NULL && strlen(icon_name) >= USHRT_MAX) return 0; return XChangeProperty(dpy, w, XA_WM_ICON_NAME, XA_STRING, 8, PropModeReplace, (_Xconst unsigned char *)icon_name, diff -Nru libx11-1.7.1/src/StNColor.c libx11-1.7.2/src/StNColor.c --- libx11-1.7.1/src/StNColor.c 2021-05-18 17:14:35.000000000 +0300 +++ libx11-1.7.2/src/StNColor.c 2021-06-06 19:48:53.000000000 +0300 @@ -47,7 +47,7 @@ XcmsColor cmsColor_exact; XColor scr_def; - if (strlen(name) >= USHRT_MAX) + if (name != NULL && strlen(name) >= USHRT_MAX) return 0; #ifdef XCMS /*
--- End Message ---
--- Begin Message ---
- To: 991845-done@bugs.debian.org, Timo Aaltonen <tjaalton@debian.org>
- Subject: Re: Bug#991845: unblock: libx11/2:1.7.2-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Wed, 4 Aug 2021 07:45:07 +0200
- Message-id: <8412cbc2-1eb4-0fed-7dc4-02f6ce788d88@debian.org>
- In-reply-to: <[🔎] 20210804003829.6xzsglkvfefrpxcy@mraw.org>
- References: <[🔎] 162798085276.313734.4726793665494861411.reportbug@leon> <[🔎] 162798085276.313734.4726793665494861411.reportbug@leon> <[🔎] 7a32c74e-3872-7ce1-d296-33798b8f9b9f@debian.org> <[🔎] 162798085276.313734.4726793665494861411.reportbug@leon> <[🔎] 20210804003829.6xzsglkvfefrpxcy@mraw.org>
Hi Timo, >> On 03-08-2021 10:54, Timo Aaltonen wrote: >>> Please unblock package libx11 Unblock hints added. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---