Your message dated Mon, 28 Jun 2021 22:11:43 +0000
with message-id <[email protected]>
and subject line unblock alttab
has caused the Debian Bug report #990370,
regarding unblock: alttab/1.5.0-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990370
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package alttab to fix a buffer overflow RC bug.
It is marked for autoremoval on June 29, so I realize that it might
be a bit too late, but I still thought I'd try.
[ Reason ]
Upstream version 1.5.0 contains some strncpy() calls to
incorrectly sized arrays; see #964357 for more information.
[ Impact ]
In many cases, the alttab program crashes on startup, making it
practically unusable for some users.
[ Tests ]
The alttab package has an upstream test suite that is not yet
run in the Debian package; I adopted it recently and I will try to
introduce that in a future upload.
[ Risks ]
Leaf package, not widely used; pretty straightforward fix for
a classic C programming security problem, so hopefully low risk.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock alttab/1.5.0-2
diff -Nru alttab-1.5.0/debian/changelog alttab-1.5.0/debian/changelog
--- alttab-1.5.0/debian/changelog 2020-07-23 12:19:05.000000000 +0300
+++ alttab-1.5.0/debian/changelog 2021-06-27 16:57:21.000000000 +0300
@@ -1,3 +1,11 @@
+alttab (1.5.0-2) unstable; urgency=medium
+
+ * New maintainer. Closes: #989842
+ * Point Vcs-Git and Vcs-Browser to the new salsa/debian repository.
+ * Add the strncpy patch to fix some buffer overflows. Closes: #964357
+
+ -- Peter Pentchev <[email protected]> Sun, 27 Jun 2021 16:57:21 +0300
+
alttab (1.5.0-1) unstable; urgency=medium
* New upstream release
diff -Nru alttab-1.5.0/debian/control alttab-1.5.0/debian/control
--- alttab-1.5.0/debian/control 2020-07-23 12:19:05.000000000 +0300
+++ alttab-1.5.0/debian/control 2021-06-27 16:56:42.000000000 +0300
@@ -1,7 +1,7 @@
Source: alttab
Section: x11
Priority: optional
-Maintainer: Alexander Kulak <[email protected]>
+Maintainer: Peter Pentchev <[email protected]>
Build-Depends: debhelper-compat (= 13),
libx11-dev,
libxmu-dev,
@@ -14,8 +14,8 @@
autoconf,
automake
Standards-Version: 4.5.0
-Vcs-Git: https://github.com/sagb/alttab.git -b debian/unstable
-Vcs-Browser: https://github.com/sagb/alttab/tree/debian/unstable
+Vcs-Git: https://salsa.debian.org/debian/alttab.git
+Vcs-Browser: https://salsa.debian.org/debian/alttab
Homepage: https://sagb.github.io/alttab
Rules-Requires-Root: no
diff -Nru alttab-1.5.0/debian/patches/series alttab-1.5.0/debian/patches/series
--- alttab-1.5.0/debian/patches/series 1970-01-01 02:00:00.000000000 +0200
+++ alttab-1.5.0/debian/patches/series 2021-06-27 16:56:42.000000000 +0300
@@ -0,0 +1 @@
+strncpy.patch
diff -Nru alttab-1.5.0/debian/patches/strncpy.patch
alttab-1.5.0/debian/patches/strncpy.patch
--- alttab-1.5.0/debian/patches/strncpy.patch 1970-01-01 02:00:00.000000000
+0200
+++ alttab-1.5.0/debian/patches/strncpy.patch 2021-06-27 16:56:42.000000000
+0300
@@ -0,0 +1,85 @@
+Description: fix possible strncpy overflows
+Origin: upstream;
https://github.com/sagb/alttab/commit/5cb60252e58646a6dd45d55e9373d27fe9f520a1
+Author: Alexander Kulak <[email protected]>
+Bug-Debian: https://bugs.debian.org/964357
+Last-Update: 2021-06-27
+
+--- a/src/icon.c
++++ b/src/icon.c
+@@ -260,8 +260,9 @@
+ char *endptr;
+ char *dim;
+ int dimlen;
+- char sx[5];
+- char sy[5];
++ char sx[MAXICONDIMLEN];
++ char sy[MAXICONDIMLEN];
++ int sx_size, sy_size;
+ int ix, iy;
+ icon_t *ic;
+ char *suff;
+@@ -309,11 +310,17 @@
+ xchar = strchr(dim, 'x');
+ if (xchar == NULL)
+ return 0; // unknown dimensions
+- strncpy(sx, dim, (xchar - dim));
+- sx[xchar - dim] = '\0';
++ sx_size = xchar - dim;
++ if (sx_size > MAXICONDIMLEN - 1)
++ return 0;
++ strncpy(sx, dim, sx_size);
++ sx[sx_size] = '\0';
+ ix = atoi(sx);
+- strncpy(sy, xchar + 1, dim + dimlen - xchar);
+- sy[dim + dimlen - xchar - 1] = '\0';
++ sy_size = dim + dimlen - xchar;
++ if (sy_size > MAXICONDIMLEN - 1)
++ return 0;
++ strncpy(sy, xchar + 1, sy_size);
++ sy[sy_size] = '\0';
+ iy = atoi(sy);
+ } else {
+ // icon other than a priory known dimensions has lowest priority
+@@ -335,16 +342,28 @@
+ uchar = strrchr(app, '_');
+ xchar = strrchr(app, 'x');
+ if (xchar != NULL && uchar != NULL && xchar > uchar) {
+- strncpy(sx, uchar+1, (xchar - uchar - 1));
+- sx[xchar - uchar - 1] = '\0';
++ sx_size = xchar - uchar - 1;
++ if (sx_size > MAXICONDIMLEN - 1) {
++ msg (0, special_fail_1, app, "WW");
++ ix = 0;
++ goto end_special_1;
++ }
++ strncpy(sx, uchar+1, sx_size);
++ sx[sx_size] = '\0';
+ ix = strtol(sx, &endptr, 10);
+ if (!(*sx != '\0' && *endptr == '\0')) {
+ msg (0, special_fail_1, app, "WW");
+ ix = 0;
+ goto end_special_1;
+ }
+- strncpy(sy, xchar + 1, app + strlen(app) - xchar);
+- sy[app + strlen(app) - xchar] = '\0';
++ sy_size = app + strlen(app) - xchar;
++ if (sy_size > MAXICONDIMLEN - 1) {
++ msg (0, special_fail_1, app, "HH");
++ iy = 0;
++ goto end_special_1;
++ }
++ strncpy(sy, xchar + 1, sy_size);
++ sy[sy_size] = '\0';
+ iy = strtol(sy, &endptr, 10);
+ if (!(*sy != '\0' && *endptr == '\0')) {
+ msg (0, special_fail_1, app, "HH");
+--- a/src/icon.h
++++ b/src/icon.h
+@@ -38,6 +38,7 @@
+ #define MAXICONDIRS 64
+ #define MAXAPPLEN 64
+ #define MAXICONPATHLEN 1024
++#define MAXICONDIMLEN 5
+
+ typedef struct {
+ char app[MAXAPPLEN]; // application name; uthash key
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
