Bug#991845: unblock: libx11/2:1.7.2-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: bunk@debian.org mzagrabe@d.umn.edu
Please unblock package libx11
[ Reason ]
The new upstream release fixes regressions in the previous CVE release, including a segfault in fdesign. (bug 990998)
[ Impact ]
Regressions remain in bullseye release.
[ Tests ]
The new version has a commit that fixes a bug with a similar backtrace as 990998, Matt can verify here that fdesign works with the new libx11.
[ Risks ]
The upstream changes are small, only three commits,
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x attach debdiff against the package in testing
[ Other info ]
The diff is filtered to have only changes to the code and packaging, autotools changes are removed.
unblock libx11/2:1.7.2-1
diff -Nru libx11-1.7.1/configure.ac libx11-1.7.2/configure.ac
--- libx11-1.7.1/configure.ac 2021-05-18 17:14:20.000000000 +0300
+++ libx11-1.7.2/configure.ac 2021-06-06 19:48:52.000000000 +0300
@@ -1,7 +1,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libX11], [1.7.1],
+AC_INIT([libX11], [1.7.2],
[https://gitlab.freedesktop.org/xorg/lib/libx11/issues], [libX11])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])
diff -Nru libx11-1.7.1/debian/changelog libx11-1.7.2/debian/changelog
--- libx11-1.7.1/debian/changelog 2021-08-03 11:34:34.000000000 +0300
+++ libx11-1.7.2/debian/changelog 2021-08-03 11:34:35.000000000 +0300
@@ -1,3 +1,13 @@
+libx11 (2:1.7.2-1) unstable; urgency=medium
+
+ [ Timo Aaltonen ]
+ * New upstream release. (Closes: #990998)
+
+ [ Julien Cristau ]
+ * Fix Vcs-Git control field.
+
+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 26 Jul 2021 11:29:39 +0300
+
libx11 (2:1.7.1-1) unstable; urgency=medium
[ Julien Cristau ]
diff -Nru libx11-1.7.1/debian/control libx11-1.7.2/debian/control
--- libx11-1.7.1/debian/control 2021-08-03 11:34:34.000000000 +0300
+++ libx11-1.7.2/debian/control 2021-08-03 11:34:35.000000000 +0300
@@ -17,7 +17,7 @@
xorg-sgml-doctools (>= 1:1.10),
w3m,
Standards-Version: 4.5.0
-Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11
+Vcs-Git: https://salsa.debian.org/xorg-team/lib/libx11.git
Vcs-Browser: https://salsa.debian.org/xorg-team/lib/libx11
Package: libx11-6
diff -Nru libx11-1.7.1/README.md libx11-1.7.2/README.md
--- libx11-1.7.1/README.md 2021-05-18 17:14:20.000000000 +0300
+++ libx11-1.7.2/README.md 2021-06-06 19:48:52.000000000 +0300
@@ -31,6 +31,11 @@
https://www.x.org/wiki/Development/Documentation/SubmittingPatches
+## Release 1.7.2
+
+This is a bug fix release, correcting a regression introduced by and
+improving the checks from the fix for CVE-2021-31535.
+
## Release 1.7.1
This is a bug fix release, including a security fix for
diff -Nru libx11-1.7.1/src/Font.c libx11-1.7.2/src/Font.c
--- libx11-1.7.1/src/Font.c 2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/Font.c 2021-06-06 19:48:53.000000000 +0300
@@ -102,7 +102,7 @@
XF86BigfontCodes *extcodes = _XF86BigfontCodes(dpy);
#endif
- if (strlen(name) >= USHRT_MAX)
+ if (name != NULL && strlen(name) >= USHRT_MAX)
return NULL;
if (_XF86LoadQueryLocaleFont(dpy, name, &font_result, (Font *)0))
return font_result;
@@ -656,7 +656,7 @@
XFontStruct **xfp,
Font *fidp)
{
- int l;
+ size_t l;
const char *charset, *p;
char buf[256];
XFontStruct *fs;
@@ -664,7 +664,7 @@
if (!name)
return 0;
- l = (int) strlen(name);
+ l = strlen(name);
if (l < 2 || name[l - 1] != '*' || name[l - 2] != '-' || l >= USHRT_MAX)
return 0;
charset = NULL;
@@ -677,11 +677,11 @@
charset = "ISO8859-1";
p = charset + 7;
}
- if (l - 2 - (p - charset) < 0)
+ if (l - 2 < p - charset)
return 0;
if (_XlcNCompareISOLatin1(name + l - 2 - (p - charset), charset, p - charset))
return 0;
- if (strlen(p + 1) + (size_t) l - 1 >= sizeof(buf) - 1)
+ if (strlen(p + 1) + l - 1 >= sizeof(buf) - 1)
return 0;
strcpy(buf, name);
strcpy(buf + l - 1, p + 1);
diff -Nru libx11-1.7.1/src/FontInfo.c libx11-1.7.2/src/FontInfo.c
--- libx11-1.7.1/src/FontInfo.c 2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/FontInfo.c 2021-06-06 19:48:53.000000000 +0300
@@ -58,7 +58,7 @@
register xListFontsReq *req;
int j;
- if (strlen(pattern) >= USHRT_MAX)
+ if (pattern != NULL && strlen(pattern) >= USHRT_MAX)
return NULL;
LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/FontNames.c libx11-1.7.2/src/FontNames.c
--- libx11-1.7.1/src/FontNames.c 2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/FontNames.c 2021-06-06 19:48:53.000000000 +0300
@@ -51,7 +51,7 @@
register xListFontsReq *req;
unsigned long rlen = 0;
- if (strlen(pattern) >= USHRT_MAX)
+ if (pattern != NULL && strlen(pattern) >= USHRT_MAX)
return NULL;
LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/GetColor.c libx11-1.7.2/src/GetColor.c
--- libx11-1.7.1/src/GetColor.c 2021-05-18 17:14:33.000000000 +0300
+++ libx11-1.7.2/src/GetColor.c 2021-06-06 19:48:53.000000000 +0300
@@ -49,7 +49,7 @@
XcmsColor cmsColor_exact;
Status ret;
- if (strlen(colorname) >= USHRT_MAX)
+ if (colorname != NULL && strlen(colorname) >= USHRT_MAX)
return (0);
#ifdef XCMS
diff -Nru libx11-1.7.1/src/LoadFont.c libx11-1.7.2/src/LoadFont.c
--- libx11-1.7.1/src/LoadFont.c 2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/LoadFont.c 2021-06-06 19:48:53.000000000 +0300
@@ -39,7 +39,7 @@
Font fid;
register xOpenFontReq *req;
- if (strlen(name) >= USHRT_MAX)
+ if (name != NULL && strlen(name) >= USHRT_MAX)
return (0);
if (_XF86LoadQueryLocaleFont(dpy, name, (XFontStruct **)0, &fid))
diff -Nru libx11-1.7.1/src/LookupCol.c libx11-1.7.2/src/LookupCol.c
--- libx11-1.7.1/src/LookupCol.c 2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/LookupCol.c 2021-06-06 19:48:53.000000000 +0300
@@ -41,13 +41,15 @@
XColor *def,
XColor *scr)
{
- register int n;
+ register size_t n;
xLookupColorReply reply;
register xLookupColorReq *req;
XcmsCCC ccc;
XcmsColor cmsColor_exact;
- n = (int) strlen (spec);
+ if (spec == NULL)
+ return 0;
+ n = strlen (spec);
if (n >= USHRT_MAX)
return 0;
#ifdef XCMS
diff -Nru libx11-1.7.1/src/ParseCol.c libx11-1.7.2/src/ParseCol.c
--- libx11-1.7.1/src/ParseCol.c 2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/ParseCol.c 2021-06-06 19:48:53.000000000 +0300
@@ -40,14 +40,14 @@
_Xconst char *spec,
XColor *def)
{
- register int n, i;
+ register size_t n, i;
int r, g, b;
char c;
XcmsCCC ccc;
XcmsColor cmsColor;
if (!spec) return(0);
- n = (int) strlen (spec);
+ n = strlen (spec);
if (n >= USHRT_MAX)
return(0);
if (*spec == '#') {
@@ -64,7 +64,7 @@
r = g;
g = b;
b = 0;
- for (i = n; --i >= 0; ) {
+ for (i = 0; i < n; i++) {
c = *spec++;
b <<= 4;
if (c >= '0' && c <= '9')
@@ -122,7 +122,7 @@
LockDisplay(dpy);
GetReq (LookupColor, req);
req->cmap = cmap;
- req->nbytes = (CARD16) (n = (int) strlen(spec));
+ req->nbytes = (CARD16) (n = strlen(spec));
req->length += (n + 3) >> 2;
Data (dpy, spec, (long)n);
if (!_XReply (dpy, (xReply *) &reply, 0, xTrue)) {
diff -Nru libx11-1.7.1/src/QuExt.c libx11-1.7.2/src/QuExt.c
--- libx11-1.7.1/src/QuExt.c 2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/QuExt.c 2021-06-06 19:48:53.000000000 +0300
@@ -42,7 +42,7 @@
xQueryExtensionReply rep;
register xQueryExtensionReq *req;
- if (strlen(name) >= USHRT_MAX)
+ if (name != NULL && strlen(name) >= USHRT_MAX)
return false;
LockDisplay(dpy);
diff -Nru libx11-1.7.1/src/SetFPath.c libx11-1.7.2/src/SetFPath.c
--- libx11-1.7.1/src/SetFPath.c 2021-05-18 17:14:34.000000000 +0300
+++ libx11-1.7.2/src/SetFPath.c 2021-06-06 19:48:53.000000000 +0300
@@ -26,8 +26,8 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-#include <limits.h>
#endif
+#include <limits.h>
#include "Xlibint.h"
#define safestrlen(s) ((s) ? strlen(s) : 0)
@@ -38,7 +38,7 @@
char **directories,
int ndirs)
{
- register int n = 0;
+ register size_t n = 0;
register int i;
register int nbytes;
char *p;
@@ -49,7 +49,7 @@
GetReq (SetFontPath, req);
req->nFonts = ndirs;
for (i = 0; i < ndirs; i++) {
- n = (int) ((size_t) n + (safestrlen (directories[i]) + 1));
+ n = n + (safestrlen (directories[i]) + 1);
if (n >= USHRT_MAX) {
UnlockDisplay(dpy);
SyncHandle();
@@ -65,9 +65,9 @@
char *tmp = p;
for (i = 0; i < ndirs; i++) {
- register int length = (int) safestrlen (directories[i]);
+ size_t length = safestrlen (directories[i]);
*p = length;
- memcpy (p + 1, directories[i], (size_t)length);
+ memcpy (p + 1, directories[i], length);
p += length + 1;
}
Data (dpy, tmp, nbytes);
diff -Nru libx11-1.7.1/src/StName.c libx11-1.7.2/src/StName.c
--- libx11-1.7.1/src/StName.c 2021-05-18 17:14:35.000000000 +0300
+++ libx11-1.7.2/src/StName.c 2021-06-06 19:48:53.000000000 +0300
@@ -37,7 +37,7 @@
Window w,
_Xconst char *name)
{
- if (strlen(name) >= USHRT_MAX)
+ if (name != NULL && strlen(name) >= USHRT_MAX)
return 0;
return XChangeProperty(dpy, w, XA_WM_NAME, XA_STRING, /* */
8, PropModeReplace, (_Xconst unsigned char *)name,
@@ -50,7 +50,7 @@
Window w,
_Xconst char *icon_name)
{
- if (strlen(icon_name) >= USHRT_MAX)
+ if (icon_name != NULL && strlen(icon_name) >= USHRT_MAX)
return 0;
return XChangeProperty(dpy, w, XA_WM_ICON_NAME, XA_STRING, 8,
PropModeReplace, (_Xconst unsigned char *)icon_name,
diff -Nru libx11-1.7.1/src/StNColor.c libx11-1.7.2/src/StNColor.c
--- libx11-1.7.1/src/StNColor.c 2021-05-18 17:14:35.000000000 +0300
+++ libx11-1.7.2/src/StNColor.c 2021-06-06 19:48:53.000000000 +0300
@@ -47,7 +47,7 @@
XcmsColor cmsColor_exact;
XColor scr_def;
- if (strlen(name) >= USHRT_MAX)
+ if (name != NULL && strlen(name) >= USHRT_MAX)
return 0;
#ifdef XCMS
/*
Reply to: