ANN: xterm-327

2016-10-07 Thread Thomas Dickey 
Files:
ftp://invisible-island.net/xterm/current/xterm-327.tgz
ftp://invisible-island.net/xterm/current/xterm-327.tgz.asc
ftp://invisible-island.net/xterm/patches/xterm-327.patch.gz
ftp://invisible-island.net/xterm/patches/xterm-327.patch.gz.asc
ftp://invisible-island.net/xterm/xterm-327.tgz
ftp://invisible-island.net/xterm/xterm-327.tgz.asc

Patch #327 - 2016/10/07

 * add  a  check in the function which handles end-of-line wrapping to
   ensure   that   C1   controls   are   allocated   one  column  when
   allowC1Printable is set (Debian #738794).
 * use  consistent  error-checking  after  strtol  calls, fixes a case
   where  a  query  with  OSC 6 did not ensure there was a valid color
   number (report by Alex Smith).
 * add -baudrate option, for testing ncurses.
 * always  generate  the CASE_xxx symbols in VTparse.h and Tekparse.h,
   as  part of a change to improve debug-logging. This makes the build
   always depend upon awk.
 * modify   allowC1Printable   to  disallow  codes  160-254  as  being
   equivalent  to  codes  32-126 when parsing escape sequences (Debian
   #839220).
 * amend  fix from patch #326 for TrueType fonts to exclude the hidden
   character used for double-width cells (report by Grady Martin).
 * fix a typo in ctlseqs.ms


-- 
Thomas E. Dickey 
http://invisible-island.net
ftp://invisible-island.net


signature.asc
Description: Digital signature

libxvmc: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   21 +
 configure.ac|2 -
 debian/changelog|   11 ++
 debian/control  |   12 +++
 debian/copyright|2 -
 debian/patches/series   |1 
 debian/upstream/signing-key.asc |   64 
 debian/watch|2 -
 src/XvMC.c  |4 +-
 9 files changed, 107 insertions(+), 12 deletions(-)

New commits:
commit 313569bf7cafe7a24c493ac07413632925581895
Author: Andreas Boll 
Date:   Fri Oct 7 15:15:19 2016 +0200

Add placeholder comment into series file.

diff --git a/debian/changelog b/debian/changelog
index 33ad903..30f35bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
   * Remove Drew from Uploaders.
+  * Add placeholder comment into series file.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:06:25 +0200
 
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..fdffa2a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+# placeholder

commit e1b176dd1cf1944e52949628621bab280e1f3d0f
Author: Andreas Boll 
Date:   Fri Oct 7 15:11:03 2016 +0200

Remove Drew from Uploaders.

diff --git a/debian/changelog b/debian/changelog
index 14a8396..33ad903 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-7953.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
+  * Remove Drew from Uploaders.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:06:25 +0200
 
diff --git a/debian/control b/debian/control
index e99131c..eb2d444 100644
--- a/debian/control
+++ b/debian/control
@@ -2,8 +2,6 @@ Source: libxvmc
 Section: x11
 Priority: optional
 Maintainer: Debian X Strike Force 
-Uploaders:
- Drew Parsons ,
 Build-Depends:
  dpkg-dev (>= 1.16.1),
  debhelper (>= 8.1.3),

commit 83dbc4c8e195735359af5e10f947995cb6b81639
Author: Andreas Boll 
Date:   Fri Oct 7 15:09:48 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index 949a41a..14a8396 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium
   * New upstream release.
 - Fixes CVE-2016-7953.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+  * Update a bunch of URLs in packaging to https.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:06:25 +0200
 
diff --git a/debian/control b/debian/control
index 82d96b7..e99131c 100644
--- a/debian/control
+++ b/debian/control
@@ -17,8 +17,8 @@ Build-Depends:
  automake,
  libtool
 Standards-Version: 3.9.4
-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxvmc
-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxvmc.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxvmc.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxvmc.git
 
 Package: libxvmc1
 Section: libs
@@ -36,7 +36,7 @@ Description: X11 Video extension library
  non-existent.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXvMC
@@ -59,7 +59,7 @@ Description: X11 Video extension library (debug package)
  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXvMC
@@ -84,7 +84,7 @@ Description: X11 Video extension library (development headers)
  libxvmc1.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXvMC
diff --git a/debian/copyright b/debian/copyright
index 0c3621b..b788d08 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 Copyright (c) 2004 The Unichrome project. All rights reserved.
 
diff --git a/debian/watch b/debian/watch
index 16b3f5d..0c6b747 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
 #git=git://anongit.freedesktop.org/xorg/lib/libXvMC
 version=3
 opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/

libxv: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   42 ++
 configure.ac|2 -
 debian/changelog|   11 ++
 debian/control  |   12 +++
 debian/copyright|2 -
 debian/patches/series   |1 
 debian/upstream/signing-key.asc |   64 
 debian/watch|3 +
 src/Makefile.am |2 -
 src/Xv.c|   46 ++--
 10 files changed, 157 insertions(+), 28 deletions(-)

New commits:
commit e2ebef6a1a2f50c1fac846ec55e78b19a46c06a6
Author: Andreas Boll 
Date:   Fri Oct 7 15:34:43 2016 +0200

Remove obsolete Conflicts/Replaces from pre-wheezy.

diff --git a/debian/changelog b/debian/changelog
index 72f434d..228544a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ libxv (2:1.0.11-1) UNRELEASED; urgency=medium
   * Let uscan verify tarball signatures.
   * Update a bunch of URLs in packaging to https.
   * Add placeholder comment into series file.
+  * Remove obsolete Conflicts/Replaces from pre-wheezy.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:20:58 +0200
 
diff --git a/debian/control b/debian/control
index 13229ad..e161e88 100644
--- a/debian/control
+++ b/debian/control
@@ -77,8 +77,6 @@ Depends:
  libx11-dev,
  libxext-dev,
  x11proto-video-dev,
-Conflicts: x11proto-video-dev (<< 2.2+cvs.20050712-1)
-Replaces: x11proto-video-dev (<< 2.2+cvs.20050712-1)
 Description: X11 Video extension library (development headers)
  libXv provides an X Window System client interface to the XVideo
  extension to the X protocol.

commit edfd931c1f5589fdc8410454c9af6f71ae1aa87e
Author: Andreas Boll 
Date:   Fri Oct 7 15:28:34 2016 +0200

Add placeholder comment into series file.

diff --git a/debian/changelog b/debian/changelog
index 5513c24..72f434d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxv (2:1.0.11-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-5407.
   * Let uscan verify tarball signatures.
   * Update a bunch of URLs in packaging to https.
+  * Add placeholder comment into series file.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:20:58 +0200
 
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..fdffa2a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+# placeholder

commit 61121213ca9be2cc246eb728ecc092106ec641c7
Author: Andreas Boll 
Date:   Fri Oct 7 15:28:24 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index 1e84115..5513c24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxv (2:1.0.11-1) UNRELEASED; urgency=medium
   * New upstream release.
 - Fixes CVE-2016-5407.
   * Let uscan verify tarball signatures.
+  * Update a bunch of URLs in packaging to https.
 
  -- Andreas Boll   Fri, 07 Oct 2016 15:20:58 +0200
 
diff --git a/debian/control b/debian/control
index 3663be8..13229ad 100644
--- a/debian/control
+++ b/debian/control
@@ -14,8 +14,8 @@ Build-Depends:
  automake,
  libtool,
  xutils-dev (>= 1:7.5+4),
-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxv
-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxv.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxv.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxv.git
 
 Package: libxv1
 Section: libs
@@ -35,7 +35,7 @@ Description: X11 Video extension library
  including YUV.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXv
@@ -61,7 +61,7 @@ Description: X11 Video extension library (debug package)
  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXv
@@ -91,7 +91,7 @@ Description: X11 Video extension library (development headers)
  libxv1.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXv
diff --git a/debian/copyright b/debian/copyright
index 7aaa9d0..f93231b 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 Original Debian package author(s): Stephen Early, Mark Eichin, Branden 
   Robinson, ISHIKAWA Mutsumi, Daniel Stone
diff --git a/debian/watch b/debian/watch
index 27b6755..8846da3

libxvmc: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac |2 +-
 src/XvMC.c   |4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

New commits:
commit 44a462835cbe263451a463af17f0fbedc1c957b2
Author: Matthieu Herrb 
Date:   Tue Oct 4 22:09:12 2016 +0200

libXvMC 1.0.10

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index 01f286f..c0b87c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,7 +21,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libXvMC], [1.0.9],
+AC_INIT([libXvMC], [1.0.10],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXvMC])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 22:34:27 2016 +0200

Avoid buffer underflow on empty strings.

If an empty string is received from an x-server, do not underrun the
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
up being -1.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/XvMC.c b/src/XvMC.c
index 7336760..3ee4212 100644
--- a/src/XvMC.c
+++ b/src/XvMC.c
@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
if (*name && *busID && tmpBuf) {
_XRead(dpy, tmpBuf, realSize);
strncpy(*name,tmpBuf,rep.nameLen);
-   (*name)[rep.nameLen - 1] = '\0';
+   (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
-   (*busID)[rep.busIDLen - 1] = '\0';
+   (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
XFree(tmpBuf);
} else {
XFree(*name);

libxtst: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   44 +++
 configure.ac|   10 +-
 debian/changelog|   14 +++-
 debian/control  |   17 +-
 debian/copyright|2 -
 debian/upstream/signing-key.asc |   64 
 debian/watch|3 +
 src/XRecord.c   |   54 -
 8 files changed, 172 insertions(+), 36 deletions(-)

New commits:
commit 2e1d4fb1bbb73e7ece94dc254506f8a8479a
Author: Andreas Boll 
Date:   Fri Oct 7 15:29:42 2016 +0200

Fix lintian error: pre-depends-directly-on-multiarch-support.

diff --git a/debian/changelog b/debian/changelog
index e3f74de..22346c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ libxtst (2:1.2.3-1) UNRELEASED; urgency=low
   * Let uscan verify tarball signatures.
   * Remove Cyril from Uploaders.
   * Update a bunch of URLs in packaging to https.
+  * Fix lintian error: pre-depends-directly-on-multiarch-support.
 
   [ Julien Cristau ]
   * Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}.
diff --git a/debian/control b/debian/control
index 63f71ad..71bf723 100644
--- a/debian/control
+++ b/debian/control
@@ -29,7 +29,7 @@ Package: libxtst6
 Section: libs
 Architecture: any
 Multi-Arch: same
-Pre-Depends: multiarch-support
+Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}, x11-common
 Description: X11 Testing -- Record extension library
  libXtst provides an X Window System client interface to the Record

commit 45bcf14288e06351d481f69e98c54fccf26cbcc8
Author: Andreas Boll 
Date:   Fri Oct 7 15:01:11 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index 3009be1..e3f74de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ libxtst (2:1.2.3-1) UNRELEASED; urgency=low
   * Bump libx11-dev build-dep to 2:1.6.0 per configure.ac.
   * Let uscan verify tarball signatures.
   * Remove Cyril from Uploaders.
+  * Update a bunch of URLs in packaging to https.
 
   [ Julien Cristau ]
   * Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}.
diff --git a/debian/control b/debian/control
index a3003a8..63f71ad 100644
--- a/debian/control
+++ b/debian/control
@@ -22,8 +22,8 @@ Build-Depends:
  xorg-sgml-doctools (>= 1:1.8),
  w3m,
 Standards-Version: 3.8.3
-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxtst
-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxtst.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxtst.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxtst.git
 
 Package: libxtst6
 Section: libs
@@ -39,7 +39,7 @@ Description: X11 Testing -- Record extension library
  is useful for automated testing.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXtst
@@ -69,7 +69,7 @@ Description: X11 Record extension library (debug package)
  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXtst
@@ -101,7 +101,7 @@ Description: X11 Record extension library (development 
headers)
  libxtst6.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXtst
@@ -127,7 +127,7 @@ Description: X11 Record extension library (documentation)
  extension libraries.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXtst
diff --git a/debian/copyright b/debian/copyright
index 86acfb6..94c9caa 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 Copyright 1990, 1991 by UniSoft Group Limited
 Copyright 1992, 1993, 1995, 1998  The Open Group
diff --git a/debian/watch b/debian/watch
index e28968c..b3c5654 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
 #git=git://anongit.freedesktop.org/xorg/lib/libXtst
 version=3
 opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXtst-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXtst-(.*)\.tar\.gz

commit 44669586e7e4495e81763b507ee449e100927bed
Author: Andreas Boll 
Date:   Fri Oct 7 14:58:48

libx11: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 .gitignore |1 
 ChangeLog  |  566 +
 configure.ac   |   91 
 debian/changelog   |   11 
 debian/control |   30 -
 debian/copyright   |4 
 debian/patches/007_iso8859-15_Compose_fix.diff |2 
 debian/patches/008_remove_ko_Compose.diff  |2 
 debian/watch   |2 
 include/X11/Xlib.h |   34 -
 include/X11/Xlibint.h  |  126 +
 man/XFree.man  |3 
 modules/im/ximcp/imExten.c |2 
 modules/im/ximcp/imLcIm.c  |6 
 modules/im/ximcp/imLcPrs.c |6 
 modules/om/generic/omGeneric.c |   75 ---
 modules/om/generic/omImText.c  |4 
 nls/compose.dir.pre|8 
 nls/en_US.UTF-8/Compose.pre|  107 
 nls/locale.alias.pre   |   10 
 nls/locale.dir.pre |   10 
 nls/pt_PT.UTF-8/Compose.pre|3 
 nls/pt_PT.UTF-8/XI18N_OBJS |7 
 nls/pt_PT.UTF-8/XLC_LOCALE.pre |  142 ++
 specs/libX11/CH04.xml  |3 
 src/ClDisplay.c|2 
 src/Font.c |2 
 src/FontNames.c|   25 -
 src/GetAtomNm.c|   13 
 src/GetFPath.c |2 
 src/GetImage.c |   29 -
 src/GetWAttrs.c|   13 
 src/IntAtom.c  |   14 
 src/ListExt.c  |   14 
 src/Makefile.am|1 
 src/ModMap.c   |3 
 src/OpenDis.c  |4 
 src/PutImage.c |2 
 src/XlibAsync.c|   18 
 src/XlibInt.c  |   35 -
 src/Xxcbint.h  |4 
 src/xcb_io.c   |   80 +--
 src/xcms/HVC.c |8 
 src/xcms/IdOfPr.c  |2 
 src/xcms/LRGB.c|6 
 src/xcms/Lab.c |4 
 src/xcms/Luv.c |4 
 src/xcms/XYZ.c |4 
 src/xcms/cmsColNm.c|6 
 src/xcms/cmsTrig.c |   11 
 src/xcms/uvY.c |8 
 src/xcms/xyY.c |4 
 src/xkb/XKBGetByName.c |6 
 src/xkb/XKBNames.c |2 
 src/xlibi18n/ICWrap.c  |   15 
 src/xlibi18n/XDefaultIMIF.c|   66 +-
 src/xlibi18n/XDefaultOMIF.c|  156 --
 src/xlibi18n/XlcDL.c   |   22 
 src/xlibi18n/lcPrTxt.c |2 
 src/xlibi18n/lcPubWrap.c   |3 
 60 files changed, 1275 insertions(+), 570 deletions(-)

New commits:
commit e4235f0262a96b8aac21de85c79f6e9906faceb5
Author: Andreas Boll 
Date:   Fri Oct 7 14:03:49 2016 +0200

Bump libxcb1-dev build-dep to 1.11.1 per configure.ac.

diff --git a/debian/changelog b/debian/changelog
index 80720ca..b68a03b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libx11 (2:1.6.4-1) UNRELEASED; urgency=medium
   [ Andreas Boll ]
   * New upstream release.
 - Fixes CVE-2016-7942 and CVE-2016-7943.
+  * Bump libxcb1-dev build-dep to 1.11.1 per configure.ac.
   * Update a bunch of URLs in packaging to https.
 
   [ Julien Cristau ]
diff --git a/debian/control b/debian/control
index 078a5fb..02a5016 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends:
  x11proto-input-dev,
  x11proto-xext-dev,
  x11proto-xf86bigfont-dev (>= 1.2.0),
- libxcb1-dev (>= 1.5-3),
+ libxcb1-dev (>= 1.11.1),
  quilt,
  automake,
  libtool,
@@ -177,7 +177,7 @@ Depends:
  ${shlibs:Depends},
  ${misc:Depends},
  libx11-xcb1 (= ${binary:Version}),
- libxcb1-dev (>= 0.9.92),
+ libxcb1-dev (>= 1.11.1),
  libx11-dev,
 Description: Xlib/XCB interface library (development headers)
  libX11-xcb provides functions needed by clients which take advantage of

commit cfa06d0cc3b3d2f4229cc92f4b2c6b4e6cac2e29
Author: Andreas Boll 
Date:   Fri Oct 7 13:56:43 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index de1fd8a..80720ca

libxtst: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac  |   10 ++
 src/XRecord.c |   54 +++---
 2 files changed, 41 insertions(+), 23 deletions(-)

New commits:
commit 9f5621a410f18149d4c76b02daa7f1a98b4a2c16
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:28:17 2016 +0200

libXtst 1.2.3

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index 34ae352..466f431 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,7 +22,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libXtst], [1.2.2],
+AC_INIT([libXtst], [1.2.3],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXtst])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit 9556ad67af3129ec4a7a4f4b54a0d59701beeae3
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 21:37:01 2016 +0200

Out of boundary access and endless loop in libXtst

A lack of range checks in libXtst allows out of boundary accesses.
The checks have to be done in-place here, because it cannot be done
without in-depth knowledge of the read data.

If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
without a client sequence have attached data, an endless loop would
occur. The do-while-loop continues until the current index reaches
the end. But in these cases, the current index would not be
incremented, leading to an endless processing.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/XRecord.c b/src/XRecord.c
index 50420c0..fefd842 100644
--- a/src/XRecord.c
+++ b/src/XRecord.c
@@ -749,15 +749,23 @@ parse_reply_call_callback(
switch (rep->category) {
case XRecordFromServer:
if (rep->elementHeader) {
+   if (current_index + 4 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index,
   data->server_time);
current_index += 4;
}
+   if (current_index + 1 > rep->length << 2)
+   return Error;
switch (reply->buf[current_index]) {
case X_Reply: /* reply */
+   if (current_index + 8 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index+4, datum_bytes);
+   if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
+   return Error;
datum_bytes = (datum_bytes+8) << 2;
break;
default: /* error or event */
@@ -766,52 +774,73 @@ parse_reply_call_callback(
break;
case XRecordFromClient:
if (rep->elementHeader) {
+   if (current_index + 4 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index,
   data->server_time);
current_index += 4;
}
if (rep->elementHeader) {
+   if (current_index + 4 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index,
   data->client_seq);
current_index += 4;
}
+   if (current_index + 4 > rep->length<<2)
+   return Error;
if (reply->buf[current_index+2] == 0
&& reply->buf[current_index+3] == 0) /* needn't swap 0 */
{   /* BIG-REQUESTS */
+   if (current_index + 8 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index+4, datum_bytes);
} else {
EXTRACT_CARD16(rep->clientSwapped,
   reply->buf+current_index+2, datum_bytes);
}
+   if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
+   return Error;
datum_bytes <<= 2;
break;
case XRecordClientStarted:
+   if (current_index + 8 > rep->length << 2)
+   return Error;
EXTRACT_CARD16(rep->clientSwapped,
   reply->buf+current_index+6, datum_bytes);
datum_bytes = (datum_bytes+2) << 2;
break;
case XRecordClientDied:
if (rep->elementHeader) {
+   if (current_index + 4 > rep->length << 2)
+   return Error;
EXTRACT_CARD32(rep->clientSwapped,
   reply->buf+current_index,
   data->client_seq);
current_index += 4;
-   }
-

libxrender: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   56 +++
 configure.ac|2 
 debian/README.source|   24 -
 debian/changelog|   11 
 debian/control  |   10 
 debian/copyright|2 
 debian/upstream/signing-key.asc |   64 
 debian/watch|2 
 debian/xsfbs/repack.sh  |   32 --
 debian/xsfbs/xsfbs.mk   |  285 --
 debian/xsfbs/xsfbs.sh   |  622 
 doc/libXrender.txt  |5 
 src/Filter.c|   13 
 src/Xrender.c   |   18 +
 14 files changed, 173 insertions(+), 973 deletions(-)

New commits:
commit a015acf08554b6a856439542de82e3c79a77c79a
Author: Andreas Boll 
Date:   Fri Oct 7 14:38:20 2016 +0200

Bump Standards-Version to 3.9.8, no changes needed.

diff --git a/debian/changelog b/debian/changelog
index 34d61c6..c6a5016 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ libxrender (1:0.9.10-1) UNRELEASED; urgency=medium
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
   * Remove obsolete xsfbs.
+  * Bump Standards-Version to 3.9.8, no changes needed.
 
  -- Andreas Boll   Fri, 07 Oct 2016 14:14:49 +0200
 
diff --git a/debian/control b/debian/control
index a4b6966..65305f8 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends:
  automake,
  libtool,
  xutils-dev (>= 1:7.5+4),
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxrender.git
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxrender.git
 

commit 218ccab8e35d927fd8aa9bed48c46fc34049777b
Author: Andreas Boll 
Date:   Fri Oct 7 14:37:44 2016 +0200

Remove obsolete xsfbs.

diff --git a/debian/README.source b/debian/README.source
index b09a1ab..4ecd5e6 100644
--- a/debian/README.source
+++ b/debian/README.source
@@ -47,27 +47,3 @@ are involved:
   case, it appears directly in the .diff.gz.
 * Otherwise, the patch is added to debian/patches/ which is managed
   with quilt as documented in /usr/share/doc/quilt/README.source.
-
-quilt is actually invoked by the Debian X packaging through a larger
-set of scripts called XSFBS. XSFBS brings some other X specific
-features such as managing dependencies and conflicts due to the video
-and input driver ABIs.
-XSFBS itself is maintained in a separate repository at
-  git://git.debian.org/pkg-xorg/xsfbs.git
-and it is pulled inside the other Debian X repositories when needed.
-
-The XSFBS patching system requires a build dependency on quilt. Also
-a dependency on $(STAMP_DIR)/patch has to be added to debian/rules
-so that the XSFBS patching occurs before the actual build. So the
-very first target of the build (likely the one running autoreconf)
-should depend on $(STAMP_DIR)/patch. It should also not depend on
-anything so that parallel builds are correctly supported (nothing
-should probably run while patching is being done). And finally, the
-clean target should depend on the xsfclean target so that patches
-are unapplied on clean.
-
-When the upstream sources contain some DFSG-nonfree files, they are
-listed in text files in debian/prune/ in the "debian-*" branch of
-the Debian repository. XSFBS' scripts then take care of removing
-these listed files during the build so as to generate a modified
-DFSG-free .orig.tar.gz tarball.
diff --git a/debian/changelog b/debian/changelog
index 860f6a5..34d61c6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxrender (1:0.9.10-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-7949 and CVE-2016-7950.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
+  * Remove obsolete xsfbs.
 
  -- Andreas Boll   Fri, 07 Oct 2016 14:14:49 +0200
 
diff --git a/debian/xsfbs/repack.sh b/debian/xsfbs/repack.sh
deleted file mode 100755
index 5935cc9..000
--- a/debian/xsfbs/repack.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if ! [ -d debian/prune ]; then
-   exit 0
-fi
-
-if [ "x$1" != x--upstream-version ]; then
-   exit 1
-fi
-
-version="$2"
-filename="$3"
-
-if [ -z "$version" ] || ! [ -f "$filename" ]; then
-   exit 1
-fi
-
-dir="$(pwd)"
-tempdir="$(mktemp -d)"
-
-cd "$tempdir"
-tar xf "$dir/$filename"
-cat "$dir"/debian/prune/* | while read file; do rm -f */$file; done
-
-tar czf "$dir/$filename" *
-cd "$dir"
-rm -rf "$tempdir"
-echo "Done pruning upstream tarball"
-
-exit 0
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
deleted file mode 100755
index 3c59c20..000
--- a/debian/xsfbs/xsfbs.mk
+++ /dev/null
@@ -1,285 +0,0 @@
-#!/usr/bin/make -f
-
-# Debian X Strike Force Build System (XSFBS): Make portion
-
-# Copyright 1996 Stephen Early

libxrender: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac   |   10 ++
 doc/libXrender.txt |5 -
 src/Filter.c   |   13 -
 src/Glyph.c|2 +-
 src/Xrender.c  |   18 ++
 src/Xrenderint.h   |   14 --
 6 files changed, 37 insertions(+), 25 deletions(-)

New commits:
commit 845716f8f14963d338e5a8d5d2424baafc90fb30
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:24:55 2016 +0200

libXrender 0.9.10

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index ff83023..e5b82b1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,7 +29,7 @@ AC_PREREQ([2.60])
 # digit in the version number to track changes which don't affect the
 # protocol, so Xrender version l.n.m corresponds to protocol version l.n
 #
-AC_INIT(libXrender, [0.9.9],
+AC_INIT(libXrender, [0.9.10],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXrender])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit 9362c7ddd1af3b168953d0737877bc52d79c94f4
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 21:43:09 2016 +0200

Validate lengths while parsing server data.

Individual lengths inside received server data can overflow
the previously reserved memory.

It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.

v2: consume remaining bytes in the reply buffer on error.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu he...@laas.fr

diff --git a/src/Xrender.c b/src/Xrender.c
index 3102eb2..71cf3e6 100644
--- a/src/Xrender.c
+++ b/src/Xrender.c
@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
screen->subpixel = SubPixelUnknown;
xDepth = (xPictDepth *) (xScreen + 1);
+   if (screen->ndepths > rep.numDepths) {
+   Xfree (xri);
+   Xfree (xData);
+   _XEatDataWords (dpy, rep.length);
+   UnlockDisplay (dpy);
+   SyncHandle ();
+   return 0;
+   }
+   rep.numDepths -= screen->ndepths;
for (nd = 0; nd < screen->ndepths; nd++)
{
depth->depth = xDepth->depth;
depth->nvisuals = xDepth->nPictVisuals;
depth->visuals = visual;
xVisual = (xPictVisual *) (xDepth + 1);
+   if (depth->nvisuals > rep.numVisuals) {
+   Xfree (xri);
+   Xfree (xData);
+   _XEatDataWords (dpy, rep.length);
+   UnlockDisplay (dpy);
+   SyncHandle ();
+   return 0;
+   }
+   rep.numVisuals -= depth->nvisuals;
for (nv = 0; nv < depth->nvisuals; nv++)
{
visual->visual = _XRenderFindVisual (dpy, xVisual->visual);

commit 8fad00b0b647ee662ce4737ca15be033b7a21714
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 21:42:09 2016 +0200

Avoid OOB write in XRenderQueryFilters

The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.

The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.

v2: consume remaining bytes in reply buffer on error.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/Filter.c b/src/Filter.c
index edfa572..8d701eb 100644
--- a/src/Filter.c
+++ b/src/Filter.c
@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
 char   *name;
 char   len;
 inti;
-unsigned long  nbytes, nbytesAlias, nbytesName;
+unsigned long  nbytes, nbytesAlias, nbytesName, reply_left;
 
 if (!RenderHasExtension (info))
return NULL;
@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
  * Read the filter aliases
  */
 _XRead16Pad (dpy, filters->alias, 2 * rep.numAliases);
+reply_left = 8 + rep.length - 2 * rep.numAliases;;
 
 /*
  * Read the filter names
@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
 {
int l;
_XRead (dpy, , 1);
+   reply_left--;
l = len & 0xff;
+   if ((unsigned long)l + 1 > nbytesName) {
+_XEatDataWords(dpy, reply_left);
+   Xfree(filters);
+   UnlockDisplay (dpy);
+   SyncHandle ();
+   return NULL;
+   }
+   nbytesName -= l + 1;
filters->filter[i] = name;
_XRead (dpy, name, l);
+reply_left -= l;
name[l] = '\0';

libx11: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 .gitignore |1 
 configure.ac   |   91 ++-
 include/X11/Xlib.h |   34 
 include/X11/Xlibint.h  |  126 +++--
 man/XFree.man  |3 
 modules/im/ximcp/imExten.c |2 
 modules/im/ximcp/imLcIm.c  |6 -
 modules/im/ximcp/imLcPrs.c |6 -
 modules/om/generic/omGeneric.c |   75 ++-
 modules/om/generic/omImText.c  |4 -
 nls/compose.dir.pre|8 +-
 nls/en_US.UTF-8/Compose.pre|  107 +++-
 nls/locale.alias.pre   |   10 +-
 nls/locale.dir.pre |   10 +-
 nls/pt_PT.UTF-8/Compose.pre|3 
 nls/pt_PT.UTF-8/XI18N_OBJS |7 +
 nls/pt_PT.UTF-8/XLC_LOCALE.pre |  142 +
 specs/libX11/CH04.xml  |3 
 src/ClDisplay.c|2 
 src/Font.c |2 
 src/FontNames.c|   25 --
 src/GetAtomNm.c|   13 +--
 src/GetFPath.c |2 
 src/GetImage.c |   29 +--
 src/GetWAttrs.c|   13 +--
 src/IntAtom.c  |   14 ++-
 src/ListExt.c  |   14 ++-
 src/Makefile.am|1 
 src/ModMap.c   |3 
 src/OpenDis.c  |4 -
 src/PutImage.c |2 
 src/XlibAsync.c|   18 +++-
 src/XlibInt.c  |   35 +
 src/Xxcbint.h  |5 -
 src/xcb_io.c   |   80 +
 src/xcms/HVC.c |8 +-
 src/xcms/IdOfPr.c  |2 
 src/xcms/LRGB.c|6 -
 src/xcms/Lab.c |4 -
 src/xcms/Luv.c |4 -
 src/xcms/XYZ.c |4 -
 src/xcms/cmsColNm.c|6 -
 src/xcms/cmsTrig.c |   11 --
 src/xcms/uvY.c |8 +-
 src/xcms/xyY.c |4 -
 src/xkb/XKBGetByName.c |6 +
 src/xkb/XKBNames.c |2 
 src/xlibi18n/ICWrap.c  |   15 ++-
 src/xlibi18n/XDefaultIMIF.c|   66 +++--
 src/xlibi18n/XDefaultOMIF.c|  156 -
 src/xlibi18n/XlcDL.c   |   22 ++---
 src/xlibi18n/lcPrTxt.c |2 
 src/xlibi18n/lcPubWrap.c   |3 
 53 files changed, 681 insertions(+), 548 deletions(-)

New commits:
commit 8f349feac24aacc958bd816afcc52380764e3d92
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:01:39 2016 +0200

libX11 1.6.4

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index b15194a..58f2681 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libX11], [1.6.3],
+AC_INIT([libX11], [1.6.4],
 [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libX11])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])

commit 8ea762f94f4c942d898fdeb590a1630c83235c17
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 21:25:25 2016 +0200

Validation of server responses in XGetImage()

Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/GetImage.c b/src/GetImage.c
index c461abc..ff32d58 100644
--- a/src/GetImage.c
+++ b/src/GetImage.c
@@ -59,6 +59,7 @@ XImage *XGetImage (
char *data;
unsigned long nbytes;
XImage *image;
+   int planes;
LockDisplay(dpy);
GetReq (GetImage, req);
/*
@@ -91,18 +92,28 @@ XImage *XGetImage (
return (XImage *) NULL;
}
 _XReadPad (dpy, data, nbytes);
-if (format == XYPixmap)
-  image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
- Ones (plane_mask &
-   (((unsigned long)0x) >> (32 - rep.depth))),
- format, 0, data, width, height, dpy->bitmap_pad, 0);
-   else /* format == ZPixmap */
-   image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
-rep.depth, ZPixmap, 0, data, width, height,
- _XGetScanlinePad(dpy, (int) rep.depth), 0);
+if (format == XYPixmap) {
+   image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
+   Ones (plane_mask &
+   (((unsigned long)0x) >> (32 - rep.depth))),
+   format, 0, data, width, height, dpy->bitmap_pad, 0);
+   planes = image->depth;
+   } else { /* format == ZPixmap */
+image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
+

libxrandr: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac  |2 -
 src/XrrConfig.c   |   32 +---
 src/XrrCrtc.c |   83 +-
 src/XrrMonitor.c  |   25 +---
 src/XrrOutput.c   |   11 +++
 src/XrrProvider.c |   28 +++---
 src/XrrScreen.c   |   56 
 7 files changed, 178 insertions(+), 59 deletions(-)

New commits:
commit 54ac1eb5d14636002b018607227c6d52cca0b754
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:23:23 2016 +0200

libXrandr 1.5.1

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index d0baa08..90621fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,7 +29,7 @@ AC_PREREQ([2.60])
 # digit in the version number to track changes which don't affect the
 # protocol, so Xrandr version l.n.m corresponds to protocol version l.n
 #
-AC_INIT([libXrandr], [1.5.0],
+AC_INIT([libXrandr], [1.5.1],
 [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXrandr])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit a0df3e1c7728205e5c7650b2e6dce684139254a6
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 22:21:40 2016 +0200

Avoid out of boundary accesses on illegal responses

The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/XrrConfig.c b/src/XrrConfig.c
index 2f0282b..e68c45a 100644
--- a/src/XrrConfig.c
+++ b/src/XrrConfig.c
@@ -29,6 +29,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display 
*dpy,
rep.rate = 0;
rep.nrateEnts = 0;
 }
+if (rep.length < INT_MAX >> 2) {
+   nbytes = (long) rep.length << 2;
 
-nbytes = (long) rep.length << 2;
+   nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+   ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
 
-nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
-((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+   /*
+* first we must compute how much space to allocate for
+* randr library's use; we'll allocate the structures in a single
+* allocation, on cleanlyness grounds.
+*/
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+   rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+  rep.nrateEnts * sizeof (int));
 
-rbytes = sizeof (XRRScreenConfiguration) +
-  (rep.nSizes * sizeof (XRRScreenSize) +
-   rep.nrateEnts * sizeof (int));
+   scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+} else {
+   nbytes = 0;
+   nbytesRead = 0;
+   rbytes = 0;
+   scp = NULL;
+}
 
-scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
 if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index 5ae35c5..6665092 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -24,6 +24,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources 
*resources, RRCrtc crtc)
return NULL;
 }
 
-nbytes = (long) rep.length << 2;
+if (rep.length < INT_MAX >> 2)
+{
+   nbytes = (long) rep.length << 2;
 
-nbytesRead = (long) (rep.nOutput * 4 +
-rep.nPossibleOutput * 4);
+   nbytesRead = (long) (rep.nOutput * 4 +
+rep.nPossibleOutput * 4);
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+   /*
+* first we must compute how much space to allocate for
+* randr library's use; we'll allocate the structures in a single
+* allocation, on cleanlyness grounds.
+*/
 
-rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+   rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
+
+   xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+}
+else
+{
+   nbytes = 0;
+   nbytesRead = 0;
+   rbytes = 0;
+   xci =

libxrandr: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   84 
 configure.ac|2 
 debian/changelog|   10 
 debian/control  |   12 ++---
 debian/copyright|2 
 debian/upstream/signing-key.asc |   64 ++
 debian/watch|2 
 src/XrrConfig.c |   32 +--
 src/XrrCrtc.c   |   83 ++-
 src/XrrMonitor.c|   25 ++-
 src/XrrOutput.c |   11 +
 src/XrrProvider.c   |   28 +++--
 src/XrrScreen.c |   56 +-
 13 files changed, 344 insertions(+), 67 deletions(-)

New commits:
commit b195413968237dc5015c982e738838d087b70c2b
Author: Andreas Boll 
Date:   Fri Oct 7 13:42:08 2016 +0200

Bump Standards-Version to 3.9.8, no changes needed.

diff --git a/debian/changelog b/debian/changelog
index 4e08f6d..0fb9c20 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-7947 and CVE-2016-7948.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
+  * Bump Standards-Version to 3.9.8, no changes needed.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:38:27 +0200
 
diff --git a/debian/control b/debian/control
index 9b97265..510e461 100644
--- a/debian/control
+++ b/debian/control
@@ -17,7 +17,7 @@ Build-Depends:
  automake,
  libtool,
  xutils-dev (>= 1:7.5+4),
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxrandr.git
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxrandr.git
 

commit 0d5009c4d391b9aecdf5364d81d7bb103d7dfb08
Author: Andreas Boll 
Date:   Fri Oct 7 13:41:45 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index 88b0347..4e08f6d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
   * New upstream release.
 - Fixes CVE-2016-7947 and CVE-2016-7948.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+  * Update a bunch of URLs in packaging to https.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:38:27 +0200
 
diff --git a/debian/control b/debian/control
index 3493e47..9b97265 100644
--- a/debian/control
+++ b/debian/control
@@ -18,8 +18,8 @@ Build-Depends:
  libtool,
  xutils-dev (>= 1:7.5+4),
 Standards-Version: 3.9.6
-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxrandr
-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxrandr.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxrandr.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxrandr.git
 
 Package: libxrandr2
 Section: libs
@@ -35,7 +35,7 @@ Description: X11 RandR extension library
  such as resolution, rotation, and reflection.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXrandr
@@ -57,7 +57,7 @@ Description: X11 RandR extension library (debug package)
  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXrandr
@@ -85,7 +85,7 @@ Description: X11 RandR extension library (development headers)
  libxrandr2.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXrandr
diff --git a/debian/copyright b/debian/copyright
index 0cb8d6c..674e200 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 Copyright © 2000, Compaq Computer Corporation,
 Copyright © 2002, Hewlett Packard, Inc.
diff --git a/debian/watch b/debian/watch
index 673b481..b91c305 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
 #git=git://anongit.freedesktop.org/xorg/lib/libXrandr
 version=3
 opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXrandr-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXrandr-(.*)\.tar\.gz

commit 0d44adf959c9c1370d5e25fabe9374859d78de62
Author: Andreas Boll 
Date:   Fri Oct 7 13:39:26 2016 +0200

Update d/upstream/signing-key.asc with Matthieu Herrb's key.

diff --git

libxi: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   20 
 configure.ac|2 -
 debian/changelog|   10 ++
 debian/control  |   10 +++---
 debian/copyright|2 -
 debian/upstream/signing-key.asc |   64 
 debian/watch|2 -
 src/XGMotion.c  |3 +
 src/XGetBMap.c  |3 +
 src/XGetDCtl.c  |6 ++-
 src/XGetFCtl.c  |7 +++-
 src/XGetKMap.c  |   14 ++--
 src/XGetMMap.c  |   11 +-
 src/XIQueryDevice.c |   36 +-
 src/XListDev.c  |   21 +
 src/XOpenDev.c  |   13 ++--
 src/XQueryDv.c  |8 +++--
 17 files changed, 201 insertions(+), 31 deletions(-)

New commits:
commit 49310859c869dab1eb2f50ff296ae0e65488318d
Author: Andreas Boll 
Date:   Fri Oct 7 13:33:30 2016 +0200

Bump Standards-Version to 3.9.8, no changes needed.

diff --git a/debian/changelog b/debian/changelog
index 2896723..aed45a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxi (2:1.7.7-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-7945 and CVE-2016-7946.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Update a bunch of URLs in packaging to https.
+  * Bump Standards-Version to 3.9.8, no changes needed.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:19:05 +0200
 
diff --git a/debian/control b/debian/control
index b40d21e..f8ef4dc 100644
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Build-Depends:
  xorg-sgml-doctools (>= 1:1.8),
  xsltproc,
  w3m,
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxi.git
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxi.git
 Homepage: https://www.x.org/

commit 91587b757c163f8bbc2e9cfa1453ce045f9b36c9
Author: Andreas Boll 
Date:   Fri Oct 7 13:22:12 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index 0015ee0..2896723 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxi (2:1.7.7-1) UNRELEASED; urgency=medium
   * New upstream release.
 - Fixes CVE-2016-7945 and CVE-2016-7946.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+  * Update a bunch of URLs in packaging to https.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:19:05 +0200
 
diff --git a/debian/control b/debian/control
index aa5f529..b40d21e 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Build-Depends:
 Standards-Version: 3.9.6
 Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxi.git
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxi.git
-Homepage: http://www.x.org/
+Homepage: https://www.x.org/
 
 Package: libxi6
 Section: libs
@@ -43,7 +43,7 @@ Description: X11 Input extension library
  and hotplugging of input devices (to be added and removed on the fly).
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXi
@@ -73,7 +73,7 @@ Description: X11 Input extension library (debug package)
  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXi
@@ -103,7 +103,7 @@ Description: X11 Input extension library (development 
headers)
  libxi6.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXi
diff --git a/debian/copyright b/debian/copyright
index 561c972..74d612a 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 Copyright 1989, 1998  The Open Group
 
diff --git a/debian/watch b/debian/watch
index 919d93a..d55b672 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
 #git=git://anongit.freedesktop.org/xorg/lib/libXi
 version=3
 opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXi-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXi-(.*)\.tar\.gz

commit 6783f21403450ad4ab270e09b24ad3017ff97eaa
Author: Andreas Boll 
Date:   Fri Oct 7 13:20:53 2016 +0200

Update d/upstream/signing-key.asc with Matthieu Herrb's key.

diff --git a/debian/changelog b/debian/changelog
index

libxi: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac|2 +-
 src/XGMotion.c  |3 ++-
 src/XGetBMap.c  |3 ++-
 src/XGetDCtl.c  |6 --
 src/XGetFCtl.c  |7 ++-
 src/XGetKMap.c  |   14 +++---
 src/XGetMMap.c  |   11 +--
 src/XIQueryDevice.c |   36 ++--
 src/XListDev.c  |   21 +++--
 src/XOpenDev.c  |   13 ++---
 src/XQueryDv.c  |8 ++--
 11 files changed, 100 insertions(+), 24 deletions(-)

New commits:
commit 8e0476653dd134cee84f4e893f656b2f93c4e3b0
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:14:01 2016 +0200

libXi 1.7.7

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index 64033be..f7d322c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libXi], [1.7.6],
+AC_INIT([libXi], [1.7.7],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXi])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([src/config.h])

commit 19a9cd607de73947fcfb104682f203ffe4e1f4e5
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 22:31:34 2016 +0200

Properly validate server responses.

By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/XGMotion.c b/src/XGMotion.c
index 7785843..9433e29 100644
--- a/src/XGMotion.c
+++ b/src/XGMotion.c
@@ -114,7 +114,8 @@ XGetDeviceMotionEvents(
 }
 /* rep.axes is a CARD8, so assume max number of axes for bounds check */
 if (rep.nEvents <
-   (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int) {
+   (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int &&
+   rep.nEvents * (rep.axes + 1) <= rep.length) {
size_t bsize = rep.nEvents *
(sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int)));
bufp = Xmalloc(bsize);
diff --git a/src/XGetBMap.c b/src/XGetBMap.c
index 002daba..13bb8c6 100644
--- a/src/XGetBMap.c
+++ b/src/XGetBMap.c
@@ -92,7 +92,8 @@ XGetDeviceButtonMapping(
 
 status = _XReply(dpy, (xReply *) & rep, 0, xFalse);
 if (status == 1) {
-   if (rep.length <= (sizeof(mapping) >> 2)) {
+   if (rep.length <= (sizeof(mapping) >> 2) &&
+   rep.nElts <= (rep.length << 2)) {
unsigned long nbytes = rep.length << 2;
_XRead(dpy, (char *)mapping, nbytes);
 
diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c
index c5d3b53..7f6b396 100644
--- a/src/XGetDCtl.c
+++ b/src/XGetDCtl.c
@@ -93,7 +93,8 @@ XGetDeviceControl(
 if (rep.length > 0) {
unsigned long nbytes;
size_t size = 0;
-   if (rep.length < (INT_MAX >> 2)) {
+   if (rep.length < (INT_MAX >> 2) &&
+   (rep.length << 2) >= sizeof(xDeviceState)) {
nbytes = (unsigned long) rep.length << 2;
d = Xmalloc(nbytes);
}
@@ -117,7 +118,8 @@ XGetDeviceControl(
size_t val_size;
 
r = (xDeviceResolutionState *) d;
-   if (r->num_valuators >= (INT_MAX / (3 * sizeof(int
+   if (sizeof(xDeviceResolutionState) > nbytes ||
+   r->num_valuators >= (INT_MAX / (3 * sizeof(int
goto out;
val_size = 3 * sizeof(int) * r->num_valuators;
if ((sizeof(xDeviceResolutionState) + val_size) > nbytes)
diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c
index 7fd6d0e..82dcc64 100644
--- a/src/XGetFCtl.c
+++ b/src/XGetFCtl.c
@@ -73,6 +73,7 @@ XGetFeedbackControl(
 XFeedbackState *Sav = NULL;
 xFeedbackState *f = NULL;
 xFeedbackState *sav = NULL;
+char *end = NULL;
 xGetFeedbackControlReq *req;
 xGetFeedbackControlReply rep;
 XExtDisplayInfo *info = XInput_find_display(dpy);
@@ -105,10 +106,12 @@ XGetFeedbackControl(
goto out;
}
sav = f;
+   end = (char *)f + nbytes;
_XRead(dpy, (char *)f, nbytes);
 
for (i = 0; i < *num_feedbacks; i++) {
-   if (f->length > nbytes)
+   if ((char *)f + sizeof(*f) > end ||
+   f->length == 0 || f->length > nbytes)
goto out;
nbytes -= f->length;
 
@@ -125,6 +128,8 @@ XGetFeedbackControl(
case StringFeedbackClass:
{
xStringFeedbackState *strf = (xStringFeedbackState *) f;
+   if ((char *)f + sizeof(*strf) > end)
+   goto out;
size += sizeof(XStringFeedbackState) +
(strf->num_syms_supported * sizeof(KeySym));
}
diff --git a/src/XGetKMap.c b/src/XGetKMap.c
index 0540ce4..008a72b 100644
--- a/src/XGetKMap.c
+++ b/src/XGetKMap.c
@@ -54,6 +54,7 @@ SOFTWARE.
 #include 
 #endif
 
+#include 
 #include 
 #include 
 #include 
@@ -93,9 +94,16 @@

libxfixes: Changes to 'upstream-unstable'

2016-10-07 Thread Andreas Boll 
 configure.ac |2 +-
 src/Region.c |   15 ---
 2 files changed, 13 insertions(+), 4 deletions(-)

New commits:
commit 84df9cb81cc31bbed27ba241a23ae04f61da57db
Author: Matthieu Herrb 
Date:   Tue Oct 4 21:11:55 2016 +0200

libXfixes 5.0.3

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index a9052cf..0ec7b86 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,7 +32,7 @@ AC_PREREQ([2.60])
 # that 'revision' number appears in Xfixes.h and has to be manually
 # synchronized.
 #
-AC_INIT(libXfixes, [5.0.2],
+AC_INIT(libXfixes, [5.0.3],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfixes])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit 61c1039ee23a2d1de712843bed3480654d7ef42e
Author: Tobias Stoeckmann 
Date:   Sun Sep 25 22:38:44 2016 +0200

Integer overflow on illegal server response

The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.

A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.

Signed-off-by: Tobias Stoeckmann 
Reviewed-by: Matthieu Herrb 

diff --git a/src/Region.c b/src/Region.c
index cb0cf6e..59bcc1a 100644
--- a/src/Region.c
+++ b/src/Region.c
@@ -23,6 +23,7 @@
 #ifdef HAVE_CONFIG_H
 #include 
 #endif
+#include 
 #include "Xfixesint.h"
 
 XserverRegion
@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display*dpy,
 bounds->y = rep.y;
 bounds->width = rep.width;
 bounds->height = rep.height;
-nbytes = (long) rep.length << 2;
-nrects = rep.length >> 1;
-rects = Xmalloc (nrects * sizeof (XRectangle));
+
+if (rep.length < (INT_MAX >> 2)) {
+   nbytes = (long) rep.length << 2;
+   nrects = rep.length >> 1;
+   rects = Xmalloc (nrects * sizeof (XRectangle));
+} else {
+   nbytes = 0;
+   nrects = 0;
+   rects = NULL;
+}
+
 if (!rects)
 {
_XEatDataWords(dpy, rep.length);

libxfixes: Changes to 'debian-unstable'

2016-10-07 Thread Andreas Boll 
 ChangeLog   |   24 +++
 configure.ac|2 -
 debian/changelog|   10 ++
 debian/control  |8 ++---
 debian/copyright|2 -
 debian/upstream/signing-key.asc |   64 
 debian/watch|2 -
 src/Region.c|   15 +++--
 8 files changed, 117 insertions(+), 10 deletions(-)

New commits:
commit 1aba2df04e54542176699e6fbc225c20aee738e4
Author: Andreas Boll 
Date:   Fri Oct 7 13:08:58 2016 +0200

Update a bunch of URLs in packaging to https.

diff --git a/debian/changelog b/debian/changelog
index ecb352a..b62f4f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
 - Fixes CVE-2016-7944.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
   * Fix Vcs-* URLs.
+  * Update a bunch of URLs in packaging to https.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:02:11 +0200
 
diff --git a/debian/control b/debian/control
index 97d9025..a4180f8 100644
--- a/debian/control
+++ b/debian/control
@@ -29,7 +29,7 @@ Description: X11 miscellaneous 'fixes' extension library
  It provides support for Region types, and some cursor functions.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXfixes
@@ -64,7 +64,7 @@ Description: X11 miscellaneous 'fixes' extension library 
(development headers)
  libxfixes3.  Non-developers likely have little use for this package.
  .
  More information about X.Org can be found at:
- 
+ 
  .
  This module can be found at
  git://anongit.freedesktop.org/git/xorg/lib/libXfixes
diff --git a/debian/copyright b/debian/copyright
index 5723143..5aaa075 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
 This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
 
 
 Copyright © 2001,2003 Keith Packard
diff --git a/debian/watch b/debian/watch
index c714ef7..09dad10 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
 #git=git://anongit.freedesktop.org/xorg/lib/libXfixes
 version=3
 opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXfixes-(.*)\.tar\.gz

commit ff86914830f2fbbb4d9d0dc77b94093d9f80be32
Author: Andreas Boll 
Date:   Fri Oct 7 13:06:47 2016 +0200

Fix Vcs-* URLs.

diff --git a/debian/changelog b/debian/changelog
index 93ff4ea..ecb352a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
   * New upstream release.
 - Fixes CVE-2016-7944.
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+  * Fix Vcs-* URLs.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:02:11 +0200
 
diff --git a/debian/control b/debian/control
index 5488e2f..97d9025 100644
--- a/debian/control
+++ b/debian/control
@@ -11,8 +11,8 @@ Build-Depends:
  quilt,
  xutils-dev (>= 1:7.5+4),
 Standards-Version: 3.9.8
-Vcs-Git: https://anonscm.debian.org/git/pkg-xorglib/libxfixes.git
-Vcs-Browser: https://anonscm.debian.org/git/lib/libxfixes.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxfixes.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxfixes.git
 
 Package: libxfixes3
 Section: libs

commit 122514e9683af33a4b8f0ac0aa462c7dea2bb2f7
Author: Andreas Boll 
Date:   Fri Oct 7 13:04:37 2016 +0200

Update d/upstream/signing-key.asc with Matthieu Herrb's key.

diff --git a/debian/changelog b/debian/changelog
index cce418e..93ff4ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ libxfixes (1:5.0.3-1) UNRELEASED; urgency=medium
 
   * New upstream release.
 - Fixes CVE-2016-7944.
+  * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
 
  -- Andreas Boll   Fri, 07 Oct 2016 13:02:11 +0200
 
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index 3904961..8b91e4d 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -100,3 +100,67 @@ 
zcY6HF8gDQ9tQqWlYxqmG1JMz70Ypv04gIDN83QWEZ6n1p/stMjS121EMPVle500
 +v0snqqnIoZLjsQ=
 =7XLO
 -END PGP PUBLIC KEY BLOCK-
+-BEGIN PGP PUBLIC KEY BLOCK-
+
+mQINBFeKY50BEADAX0lod3IVceb/IWJn3kTAcO2P7PWlcBiyUDaq5b2kFkliKleZ
+ec4LoCHakQBlkRBMPNwOOxvADNk3tLQjBDpbYr6lQIrN+AxMGkXBhJ82T3bsDvlj
+3Z1wRJ1zVA7eMIktsk0FAoJxV1y7e3sBKcP0eTlXqXvR2djhi+FW+ueJDAJIFSkb
+uFirgwtX5t8nt8jCmIl75KNUKOakoENY3hLWtr16W8fO1JGkEhghI2mXcz664KTd