ChangeLog | 24 +++++++++++++++ configure.ac | 2 - debian/changelog | 10 ++++++ debian/control | 8 ++--- debian/copyright | 2 - debian/upstream/signing-key.asc | 64 ++++++++++++++++++++++++++++++++++++++++ debian/watch | 2 - src/Region.c | 15 +++++++-- 8 files changed, 117 insertions(+), 10 deletions(-)
New commits: commit 1aba2df04e54542176699e6fbc225c20aee738e4 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 13:08:58 2016 +0200 Update a bunch of URLs in packaging to https. diff --git a/debian/changelog b/debian/changelog index ecb352a..b62f4f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium - Fixes CVE-2016-7944. * Update d/upstream/signing-key.asc with Matthieu Herrb's key. * Fix Vcs-* URLs. + * Update a bunch of URLs in packaging to https. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200 diff --git a/debian/control b/debian/control index 97d9025..a4180f8 100644 --- a/debian/control +++ b/debian/control @@ -29,7 +29,7 @@ Description: X11 miscellaneous 'fixes' extension library It provides support for Region types, and some cursor functions. . More information about X.Org can be found at: - <URL:http://www.X.org> + <URL:https://www.X.org> . This module can be found at git://anongit.freedesktop.org/git/xorg/lib/libXfixes @@ -64,7 +64,7 @@ Description: X11 miscellaneous 'fixes' extension library (development headers) libxfixes3. Non-developers likely have little use for this package. . More information about X.Org can be found at: - <URL:http://www.X.org> + <URL:https://www.X.org> . This module can be found at git://anongit.freedesktop.org/git/xorg/lib/libXfixes diff --git a/debian/copyright b/debian/copyright index 5723143..5aaa075 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,5 +1,5 @@ This package was downloaded from -http://xorg.freedesktop.org/releases/individual/lib/ +https://xorg.freedesktop.org/releases/individual/lib/ Copyright © 2001,2003 Keith Packard diff --git a/debian/watch b/debian/watch index c714ef7..09dad10 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ #git=git://anongit.freedesktop.org/xorg/lib/libXfixes version=3 opts=pgpsigurlmangle=s/$/.sig/ \ -http://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz +https://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz commit ff86914830f2fbbb4d9d0dc77b94093d9f80be32 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 13:06:47 2016 +0200 Fix Vcs-* URLs. diff --git a/debian/changelog b/debian/changelog index 93ff4ea..ecb352a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium * New upstream release. - Fixes CVE-2016-7944. * Update d/upstream/signing-key.asc with Matthieu Herrb's key. + * Fix Vcs-* URLs. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200 diff --git a/debian/control b/debian/control index 5488e2f..97d9025 100644 --- a/debian/control +++ b/debian/control @@ -11,8 +11,8 @@ Build-Depends: quilt, xutils-dev (>= 1:7.5+4), Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/pkg-xorglib/libxfixes.git -Vcs-Browser: https://anonscm.debian.org/git/lib/libxfixes.git +Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxfixes.git +Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxfixes.git Package: libxfixes3 Section: libs commit 122514e9683af33a4b8f0ac0aa462c7dea2bb2f7 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 13:04:37 2016 +0200 Update d/upstream/signing-key.asc with Matthieu Herrb's key. diff --git a/debian/changelog b/debian/changelog index cce418e..93ff4ea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium * New upstream release. - Fixes CVE-2016-7944. + * Update d/upstream/signing-key.asc with Matthieu Herrb's key. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200 diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc index 3904961..8b91e4d 100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@ -100,3 +100,67 @@ zcY6HF8gDQ9tQqWlYxqmG1JMz70Ypv04gIDN83QWEZ6n1p/stMjS121EMPVle500 +v0snqqnIoZLjsQ= =7XLO -----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFeKY50BEADAX0lod3IVceb/IWJn3kTAcO2P7PWlcBiyUDaq5b2kFkliKleZ +ec4LoCHakQBlkRBMPNwOOxvADNk3tLQjBDpbYr6lQIrN+AxMGkXBhJ82T3bsDvlj +3Z1wRJ1zVA7eMIktsk0FAoJxV1y7e3sBKcP0eTlXqXvR2djhi+FW+ueJDAJIFSkb +uFirgwtX5t8nt8jCmIl75KNUKOakoENY3hLWtr16W8fO1JGkEhghI2mXcz664KTd +MPZp6JH0/8UHTHzmATOCTqNxoDtMTi2l5059Lh/nhmso9moTYqyKmaJP2rnZUr62 +97sRMG4WcxaYfWpPyO3MCmDyGeh4sW0OC06PpED3i9xMzf/kMkMdY4ZIFcLRcPtf +LIJhw+lc/GE1Rqe961IB5xCgnZezB7ZIL+ZlOAMwKGkq7lLbcZr2QZn84lpABKF0 +AvxECoJ4etmIcdbDVmsw18AhA3u9sr98hS5IXDyeos3Xwz6Abml8aPrhqhkKvo+J +Kcq9FNYHg0RRlos0TqocjDzGnUjEYrmIopLcwIu2SnsNSJTygZGtqrpT+2sGEqvm +k6Oyk95QCa580zqldvxe3CG0vrAfPvoG7irllM68TS4JcqqDHTq6eupUv9ZdIzXf +eyTHa5cytGahgVtUcui1lzqcCBkqwN8TKl+0wCcEnxRasHJy3A2Gp+AG3wARAQAB +tCJNYXR0aGlldSBIZXJyYiA8bWF0dGhpZXVAaGVycmIuZXU+iQI+BBMBAgAoBQJX +imOdAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo ++PF1EACldzZPNYaC9H5E9sMn9pMsJTucBYVUy74Aw6MWAiAzRpxb9DmySmC2oEYW +JJkwDTwv6M0Na0ed6zD79GKtAalORz2GppZpS7uoINClElWoM5TCYph6linyv9Wj +OTlcbpX0Jqw0tdHNI2UOEjvBP3vW9kVYpEhfnHET8Ncp55j1hzoqxOhGIBE/67zc +cLAenONAvA3YN3tHTGaOaFv+vuCFRJx9FpKbGHmdUPd3MtLqtaA4EQvDvDEholEI +eWrjmdXJibSet6Amc5AIdFaQevZiADjjMh8MINw/6OEy9OB4s+z1RzgOrHgLiIZm +dlP6WrNjXQwl2gmNPhctGaSHM+j2+3gckNGlI4LQYxNtKvI4iv/CoHDYmwgrcrZO +TwFHfqt0LwqjpsU203Hw609oWYcxLeGZdITBjDz20UcfsmKQDqrBq3P1FuC5GBW3 +5bEa3wAhyE+/WKhJ94bXiHmpKsp50va3bEe17uQcYd8+E8L53aR7XP87qaHx//Mu ++OQa5Wc2d1OFHf1Mi62nbzr7pws/Mf7OSf/tnhRthuwtlfYnsUVo8usUKL/xStqo +Ul4kc/Q81AlyaZfr7dbxsQWm2q3ksLaMaAxnk0p+kMXVzXZ9GKNOgUOJdbahORs5 +RU2f44xzfNavb63u3McADtaXskl+KHB4uDbGbGESVhm5PULk37QnTWF0dGhpZXUg +SGVycmIgPG1hdHRoaWV1LmhlcnJiQGxhYXMuZnI+iQI+BBMBAgAoBQJXlJ63AhsD +BQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo+PKID/wM +II+2d11clp1X7eZgkxkAHUhI2W3NSesuFnjkkQRKQoVMokDdeSOkBhMJuWoFfbZk +jYs2VHU9029rDqcoDSqGwo2IffvrXXJ4SjOTjlvXS1lr/H2VdWRbq8ImnDwSsoiD +dWB3dZyqzf7ABKZ7ccA+NMSs6NxeEN/0+0sTJ386Zp480ByNX0uPqYSq5lX/VEke +nI8r02u2ZfuykhGkT0sM013VprfYLa+6HvF+QT9KfP220mqRbonaDkYvCxwjCMzd +rUmvyqw3VsooUpg/W/PmDNeShSuOxebaGnFyGTNvTarElCBdynFD01dqOecOqfY8 +gy+PJ1aF1qjmf+RQD/SZq+gvgyXqyBhJy7zgJnzzNWzDlUIw0ZOLyZxzFR7lRV79 +2mrGgczlQr5rLAgBy2pgwsCmP7nFx50r4ft2juugnQixoOBU/YfhBplM76EROaCc +MTs5nPEqzJ9p4SNkPcK8AroR2Ka3+f7t+XOoHpx/XhJOBYlPaUmoFkWKr0Y8BWWh +1nJxyFKrSNbwUgam8ypZzwzbI1vDiX8Ol6NpEeOLwzFNT0pyTdC9UN93M1VIyKWC +1vaeMogUREKT6SmDjRn3fISktZ0IGVf2AnFMhtgZ46TJO4BZgDdZAjTkZc/lP0yF +Nl6MpGwnaymmL50ckT77OdlfIcXFwvNPFwWlFPlcyrkCDQRXimOdARAA4otssvZm +sKg+g0bVyJHhn/YOHLYMih+Xf07xJHyalH0UCGnGdHZwl0B97G950SwQ7yVXtGa9 +CAPe97clE6dPD6jaumQ13BHavXM+ThgjCe8V56ayYcdzqFkxlCx0Uocoa63G0/cE +TiOqeqhNZs8JY+D7l83jCa4lU/1pLusbkCpCQ7d5/FFLz7QSihzJWp+UTsjbNik5 +spaseEMGFRKUcB3SZ/l1dTgc0wBQ1hlvLX+h4/sG0iUs1pVpo5ORC+bUfWRokl96 +uj5QZz5rY21FaNSP1rB1HKHNkwhxifBCHQMhYGTXvD7GH+JNyF2TdRmo7eBCfAPJ +aP3mX9t2SkCipdSsUs+Uuyib9MLA71ApW90AGiRm6HtOCxR0c3+qQRNIdFVm8mnM +hCxXRexf6Z2wZdXXy6uY0LVRgI0o31NPJPk8l2Hnb/kHGxjyUFzEWh65J/eA368d +4m8uF+Rr7WWlpQjwgWHU12kGThEVFFBFh2gmeIjYZdDDVhCi2mQ6lGSV2Pt7pZYL +/PPChWLBqrVBkIUQ0GV22nRYvGdaIv2LVPu8PggbPs/wwh35nJ3rUQyJF55CFV5y +WIWAWXfRYTKG9jkt+ncjZLEBxDO26zzO/MjIVPZxGyYryXEOgr6xp38xbyX9FpjL +KBaIueLWEyphVjBb1uUpDGx+UDYe9vbJjPUAEQEAAYkCJQQYAQIADwUCV4pjnQIb +DAUJA8JnAAAKCRBoc5PuN9Eo+D8dEACa60Q3ta6BWyHG0SOgfYGHE15LodACVHNI +N6Ou+JtmLarMW/AvPclNC25mxZV0ywLbun4CnJ9qYbt/Kx7djn48mrNa0rKN8Q+V +K5RvQA1kD890yzwu5jH6r5BQ8VBcfsPvsvatgbquzFn+NNiH9U4xRf/9BSY2Zk3G +yA15xG0T9zoklOMg8MWbeRaJPkDELyaHPWerbO7rebynePENSFPz3o3g+K9WcCM2 +xkEL571SmT4z3Mp/p0pwemWBCP2WoKCnSjAGiiHpCFru3SlZhRIvNJyK5jeS/IU6 +d5qeTBse6TXzp6Q4xkzACIN66P5SG/YY3/ONbfs6wB3lIkvVC9n7jEXjMK1T0fK8 +9DBDjzvAkJcKLLuIljjkMhRWSCED74sn+MlaWm0xMeo276EnaVILNcrHecSr8+eX +pVXSWEJ1+ErzZladJC+CrqUm0QljPV8Smtmk9MvOLHZ4qL4bI4Hu7MywuGNrLSol +qO0pAT1AjaYTRuH2MhZ6mJe/EtSl0EHXEkcDteE4jbYj3lwVhA1c/So0CdayImmD +/0tdqUfekw4va8PpbQ0wroL0XUvf3wl6HOhFhahWSqqb1fVr2slVttkaMb8M4MPt +Ka2m4qiiuGYivPIAVapSEA4DYc+krVqVXV/yDd3T7XcNtnClVo+rmOn5WiGq24am +79+hF4bWyw== +=WW1Z +-----END PGP PUBLIC KEY BLOCK----- commit 3b5016b8abbc0ee91dbce17ef4b24bb80655e7c6 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 13:04:16 2016 +0200 Bump changelogs. diff --git a/ChangeLog b/ChangeLog index cdffbb1..474ead3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,27 @@ +commit 84df9cb81cc31bbed27ba241a23ae04f61da57db +Author: Matthieu Herrb <matthieu.he...@laas.fr> +Date: Tue Oct 4 21:11:55 2016 +0200 + + libXfixes 5.0.3 + + Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr> + +commit 61c1039ee23a2d1de712843bed3480654d7ef42e +Author: Tobias Stoeckmann <tob...@stoeckmann.org> +Date: Sun Sep 25 22:38:44 2016 +0200 + + Integer overflow on illegal server response + + The 32 bit field "rep.length" is not checked for validity, which allows + an integer overflow on 32 bit systems. + + A malicious server could send INT_MAX as length, which gets multiplied + by the size of XRectangle. In that case the client won't read the whole + data from server, getting out of sync. + + Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> + Reviewed-by: Matthieu Herrb <matth...@herrb.eu> + commit b2406ed9031991b7ddc5b76b308623afc8a590c5 Author: Matt Turner <matts...@gmail.com> Date: Wed May 25 18:53:28 2016 -0700 diff --git a/debian/changelog b/debian/changelog index 7f470c9..cce418e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium + + * New upstream release. + - Fixes CVE-2016-7944. + + -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 13:02:11 +0200 + libxfixes (1:5.0.2-1) sid; urgency=medium * Team upload. commit 84df9cb81cc31bbed27ba241a23ae04f61da57db Author: Matthieu Herrb <matthieu.he...@laas.fr> Date: Tue Oct 4 21:11:55 2016 +0200 libXfixes 5.0.3 Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr> diff --git a/configure.ac b/configure.ac index a9052cf..0ec7b86 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ AC_PREREQ([2.60]) # that 'revision' number appears in Xfixes.h and has to be manually # synchronized. # -AC_INIT(libXfixes, [5.0.2], +AC_INIT(libXfixes, [5.0.3], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfixes]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) commit 61c1039ee23a2d1de712843bed3480654d7ef42e Author: Tobias Stoeckmann <tob...@stoeckmann.org> Date: Sun Sep 25 22:38:44 2016 +0200 Integer overflow on illegal server response The 32 bit field "rep.length" is not checked for validity, which allows an integer overflow on 32 bit systems. A malicious server could send INT_MAX as length, which gets multiplied by the size of XRectangle. In that case the client won't read the whole data from server, getting out of sync. Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> Reviewed-by: Matthieu Herrb <matth...@herrb.eu> diff --git a/src/Region.c b/src/Region.c index cb0cf6e..59bcc1a 100644 --- a/src/Region.c +++ b/src/Region.c @@ -23,6 +23,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <limits.h> #include "Xfixesint.h" XserverRegion @@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy, bounds->y = rep.y; bounds->width = rep.width; bounds->height = rep.height; - nbytes = (long) rep.length << 2; - nrects = rep.length >> 1; - rects = Xmalloc (nrects * sizeof (XRectangle)); + + if (rep.length < (INT_MAX >> 2)) { + nbytes = (long) rep.length << 2; + nrects = rep.length >> 1; + rects = Xmalloc (nrects * sizeof (XRectangle)); + } else { + nbytes = 0; + nrects = 0; + rects = NULL; + } + if (!rects) { _XEatDataWords(dpy, rep.length);