Bug#1110771: marked as done (xterm: allowC1Printable (-k8) does the opposite of what it says)

To: Sven Joachim <svenjoac@gmx.de>
Subject: Bug#1110771: marked as done (xterm: allowC1Printable (-k8) does the opposite of what it says)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 02 Nov 2025 16:37:03 +0000
Message-id: <[🔎] handler.1110771.D1110771.17621012722891876.ackdone@bugs.debian.org>
Reply-to: 1110771@bugs.debian.org
References: <E1vFb2D-004lAR-1c@fasolo.debian.org> <20250810230926.GA2173244@qaa.vinc17.org>

Your message dated Sun, 02 Nov 2025 16:34:29 +0000
with message-id <E1vFb2D-004lAR-1c@fasolo.debian.org>
and subject line Bug#1110771: fixed in xterm 403-1
has caused the Debian Bug report #1110771,
regarding xterm: allowC1Printable (-k8) does the opposite of what it says
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1110771: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110771
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xterm: segfault in ScrnWriteText on 3-byte binary data
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 11 Aug 2025 01:09:26 +0200
Message-id: <20250810230926.GA2173244@qaa.vinc17.org>

Package: xterm
Version: 398-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

I've just noticed that it is very easy to make xterm crash with
some binary data:

  /usr/bin/xterm -e 'printf "\x9a\x85\x08"; sleep 2'

The backtrace:

$ gdb /usr/bin/xterm core.2173502
[...]
Core was generated by `/usr/bin/xterm -e printf\ \"\\x9a\\x85\\x08\"\;\ sleep\ 2'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ScrnWriteText (xw=xw@entry=0x7f64cb324010, offset=offset@entry=0, 
    length=length@entry=36, flags=flags@entry=393216, cur_fg_bg=...)
    at ../screen.c:925
 
warning: 925    ../screen.c: No such file or directory
(gdb) bt
#0  ScrnWriteText (xw=xw@entry=0x7f64cb324010, offset=offset@entry=0, 
    length=length@entry=36, flags=flags@entry=393216, cur_fg_bg=...)
    at ../screen.c:925
#1  0x000055a713b46734 in WriteText (xw=xw@entry=0x7f64cb324010, offset=0, 
    length=length@entry=36) at ../util.c:1201
#2  0x000055a713aeb157 in dotext (xw=xw@entry=0x7f64cb324010, 
    charset=<optimized out>, buf=0x55a714df7d40, len=36) at ../charproc.c:7128
#3  0x000055a713af30af in doparsing (xw=xw@entry=0x7f64cb324010, c=99, 
    sp=<optimized out>) at ../charproc.c:3376
#4  0x000055a713afbe54 in VTparse (xw=xw@entry=0x7f64cb324010)
    at ../charproc.c:6471
#5  0x000055a713afc0a9 in VTRun (xw=0x7f64cb324010) at ../charproc.c:9593
#6  0x000055a713adbb0a in main (argc=<optimized out>, argv=<optimized out>)
    at ../main.c:3113

An attacker could make an xterm crash by providing such a sequence
in a text file. It is generally a bad idea to can untrusted and
unfiltered data to a terminal, but here, the sequence is so simple
that it could pass trough. Or it could be a mistake, as I've just
done (I forgot to remove "-o -" from arguments); this was on several
hundreds of KB of binary data, and I could reduce the testcase to
just 3 bytes.

-- System Information:
Debian Release: 13.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xterm depends on:
ii  libc6           2.41-12
ii  libfontconfig1  2.15.0-2.3
ii  libfreetype6    2.13.3+dfsg-1
ii  libice6         2:1.1.1-1
ii  libtinfo6       6.5+20250216-2
ii  libutempter0    1.2.1-4
ii  libx11-6        2:1.8.12-1
ii  libxaw7         2:1.0.16-1
ii  libxext6        2:1.3.4-1+b3
ii  libxft2         2.3.6-1+b4
ii  libxinerama1    2:1.1.4-3+b4
ii  libxmu6         2:1.1.3-3+b4
ii  libxpm4         1:3.5.17-1+b3
ii  libxt6t64       1:1.2.1-1.2+b2
ii  xbitmaps        1.1.1-2.2

Versions of packages xterm recommends:
ii  luit [luit]  2.0.20240910-1
ii  x11-utils    7.7+7

Versions of packages xterm suggests:
pn  xfonts-cyrillic  <none>

-- no debconf information

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

--- End Message ---

--- Begin Message ---

To: 1110771-close@bugs.debian.org
Subject: Bug#1110771: fixed in xterm 403-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 02 Nov 2025 16:34:29 +0000
Message-id: <E1vFb2D-004lAR-1c@fasolo.debian.org>
Reply-to: Sven Joachim <svenjoac@gmx.de>

Source: xterm
Source-Version: 403-1
Done: Sven Joachim <svenjoac@gmx.de>

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1110771@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Nov 2025 17:21:57 +0100
Source: xterm
Architecture: source
Version: 403-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Closes: 1109472 1110771
Changes:
 xterm (403-1) unstable; urgency=medium
 .
   * New upstream release.
     - Modify a special case which gives the expected width of Latin-1
       characters to account for the allowC1Printable resource
       (Closes: #1110771).
     - Adjust limits for built-in line-drawing characters
       (Closes: #1109472).
   * Modify debian/rules to set the 'disallowedWindowOps' resource to "*",
     and refresh patch 902_windowops.diff accordingly.
   * Drop the redundant Rules-Requires-Root field from debian/control.
Checksums-Sha1:
 517cb9be879685b295f2501f9c3f62c567f64245 2397 xterm_403-1.dsc
 52e96401d896de42f0fe3e1bd94c8bcb69232dbe 1615373 xterm_403.orig.tar.gz
 7b29c547d5f3c97cdeb620b52c3c047344ea1dc9 729 xterm_403.orig.tar.gz.asc
 a57353ecbe0094495e819e75b6cf44ff99fe08a8 125608 xterm_403-1.debian.tar.xz
 ba6b24eef909d782052073736dbaad990a4ef7c4 7531 xterm_403-1_source.buildinfo
Checksums-Sha256:
 ed2f4be023263458a793d1b535b4de0784b4b01ce51f1b65342af0c3a9706dee 2397 xterm_403-1.dsc
 1331b0df5919cb243ffe326dc6ff10a291e683a262f70cdf964a664be733ad83 1615373 xterm_403.orig.tar.gz
 781f75d5e8f8aabd7d8d8dc18fabe69c5d43ca2dde1ac1bb27816c5cacdfc16d 729 xterm_403.orig.tar.gz.asc
 8a813a7bafbc863683d68bea718601c8a8c9a67a71d453e42dbea53a1c743a8f 125608 xterm_403-1.debian.tar.xz
 7ce7be5a40c924eb32a8e97d5abfeef6b965cf6fa53c06daaa192a0a22903667 7531 xterm_403-1_source.buildinfo
Files:
 cb36d5d49daa80b894d9574bc4551b72 2397 x11 optional xterm_403-1.dsc
 79f1aae7cb79066b4252b699169c378c 1615373 x11 optional xterm_403.orig.tar.gz
 c7a6863c1f339f2ca14c2450878cfcac 729 x11 optional xterm_403.orig.tar.gz.asc
 d26f6894198bce205812d699ed2b38c9 125608 x11 optional xterm_403-1.debian.tar.xz
 5097b149f9d63e6f83091ed804859c5d 7531 x11 optional xterm_403-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmkHhYsACgkQOxBucY1r
MawRlhAAvGpq4eQPp2i2fmsPeMsX1wVHpTUAdvniYB+nyLKqYeN+DopEvRczq7on
7XVdIx4sVuUPkB00nH4tKkaGJ315ro5uk42YBbc8K/mfru+gRks2Oey6xoitOIep
33dZIY71vWxMRPbMUKhtTGMbJ10iBWE/wtj8ttjjnW5PN6Wo+GJtpL2k0yW3g4Lf
o7UAwhaSq9ldZ8Pb7p6Tj5HJmtP90PWr4oBVQVSP+6Op+EO3YG7Ef3aURGhYV0H7
vZ19CzHuglCz1+um7eZowhb3QkDVBEMLCS6c28vAFEcxqPYkpk1i+SaNjXDYV1eq
stiLD3uwPzjmu+omGwHmHyaOvJEZgz+6bOKFAbMPr8tuy5W0CRVaNcuR5lPQ8wel
LwxjHnIiiTt8XvoDY+endhySlT7CLsHSVedwQQ9r+sd6Wwu72Uzz1FiIT8EtI2Kq
tf4SWi60UnfOyYimuq+dgiw8IKxOasWluPj+DwM8BVCQZQyvOcYONCWwmFOjjXiN
v/1olAM8m7MFy0yXrPMUbdIfVBwJo7+8DyNox+qReKpEeDsvuYmNg/RN1RHuqbWA
S7a4hwlxVRkkte9OjplijOYyCKAwRKX70cbSdZBx7RbTCYqHrcn56aJwdPB10ARA
a5DRMY9Ffua3pWQmIGTbHQedzLKaJLJGn4WpZ46eaxxGEeBKuls=
=0a7U
-----END PGP SIGNATURE-----

Attachment: pgpDfnzRInnlS.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1109472: marked as done (xterm: display issue: dots in the bottom line due to box drawings vertical line)
Next by Date: [Git][xorg-team/app/xterm][debian-unstable] Upload to unstable
Previous by thread: Bug#1109472: marked as done (xterm: display issue: dots in the bottom line due to box drawings vertical line)
Next by thread: [Git][xorg-team/app/xterm][debian-unstable] Upload to unstable
Index(es):
- Date
- Thread