Bug#849045: say where to file upstream bugs

[積丹尼 Dan Jacobson]

Package: x11-xserver-utils
Version: 7.7+7
Severity: wishlist

Please in /usr/share/doc/x11-xserver-utils/ and on each man page say
that one should file upstream bugs at
https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

/usr/share/doc/x11-xserver-utils/
mentions
http://xorg.freedesktop.org/releases/individual/app/
but that is rather distant.

Bug#849026: libxi_1.6.1-1+deb7u2 introduced free of unallocated object

[Thomas Walker]

Package: libxi
Version: 1.6.1-1+deb7u2

After updating the above package (from deb7u1), various applications
(google-chrome-stable notably) begin to crash with messages indicating an
attempt to free an invalid pointer.  Upon looking into the issue further, I
noticed that the following addition to XIQueryDevice.c is flawed:

@@ -103,7 +130,17 @@
SyncHandle();
return info;

+error_loop:
+while (--i >= 0)
+{
+Xfree(info[i].name);
+Xfree(info[i].classes);
+}
error:
+Xfree(info);
+Xfree(buf);
  UnlockDisplay(dpy);
  SyncHandle();

There are 3 places that "goto error", two before info and buf are
allocated, and one after we've checked and found one (or both) to be NULL.
Moving those Xfree()s up a couple of lines into error_loop (where we know
they are already allocated) fixes the problem.

Processed: Re: Bug#848818: xterm: ctlseqs.txt is not rebuilt from ctlseq.ms

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #848818 {Done: Thomas Dickey } [xterm] xterm: ctlseqs.txt 
is not rebuilt from ctlseq.ms
Bug reopened
Ignoring request to alter fixed versions of bug #848818 to the same values 
previously set
> tags -1 - wontfix
Bug #848818 [xterm] xterm: ctlseqs.txt is not rebuilt from ctlseq.ms
Removed tag(s) wontfix.

-- 
848818: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#848818: xterm: ctlseqs.txt is not rebuilt from ctlseq.ms

[Sven Joachim]

Control: reopen -1
Control: tags -1 - wontfix

On 2016-12-21 05:39 +, Branden Robinson wrote:

> On Tue, Dec 20, 2016 at 9:26 AM, Thomas Dickey  wrote:
>> severity 848818 wishlist
>> close 848818
>>
>> I'm not going to discuss this further -
>>
>> https://www.debian.org/Bugs/Developer#severities
>> http://invisible-island.net/personal/changelogs.html#problem_hostile
>
> It's been a while since I've had one of these arguments, but reviewing
> Policy 2.1 I agree.
>
> Failure to generate ctlseqs.* from ctlseqs.ms would be a GPL violation
> and thus a "serious" bug if:
> 1. The document were under the GPL; and
> 2. Debian didn't make the ctlseqs.ms and the requisite tools for
> generating its dervative forms available.
>
> ...but neither of those prerequisites is the case.
>
> That said, I think it would be _nice_ if a package produced all its
> generated forms of documentation from their source forms as part of
> the build process, and declared Build-Depends appropriately.

Yes, that's considered best practice.  Thus I'm re-opening the bug.

Cheers,
   Sven

Processed: adjusting severity

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 848938 important
Bug #848938 [xserver-xorg-video-nouveau] xserver-xorg-video-nouveau: KDE 
freezes sometimes. Nouveau gives a message like "CACHE_ERROR".
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
848938: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848938
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

libxpm: Changes to 'debian-unstable'

[Andreas Boll]

 ChangeLog   |   89 +
 configure.ac|2 
 debian/README.source|   24 -
 debian/changelog|   17 +
 debian/compat   |2 
 debian/control  |   71 +---
 debian/copyright|2 
 debian/patches/series   |1 
 debian/rules|5 
 debian/upstream/signing-key.asc |   64 
 debian/watch|3 
 debian/xsfbs/repack.sh  |   32 --
 debian/xsfbs/xsfbs.mk   |  285 --
 debian/xsfbs/xsfbs.sh   |  622 
 src/CrDatFrI.c  |   34 +-
 src/RdFToBuf.c  |4 
 src/WrFFrBuf.c  |2 
 src/create.c|   11 
 src/parse.c |   40 ++
 19 files changed, 268 insertions(+), 1042 deletions(-)

New commits:
commit 4f6991e94050673168276a0b4101a84e4d59e99c
Author: Andreas Boll 
Date:   Wed Dec 21 14:25:09 2016 +0100

Bump Standards-Version to 3.9.8.

diff --git a/debian/control b/debian/control
index 8c99829..1c97e6e 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,7 @@ Build-Depends:
  x11proto-core-dev (>= 7.0.17),
  libxext-dev (>= 1:0.99.1),
  pkg-config,
-Standards-Version: 3.8.3
+Standards-Version: 3.9.8
 Homepage: https://www.x.org
 Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxpm.git
 Vcs-Browser: https://anonscm.debian.org/git/pkg-xorg/lib/libxpm.git

commit a02ceee9b90ce5049e4e4c352d94d11ffc46cc6e
Author: Andreas Boll 
Date:   Wed Dec 21 14:19:38 2016 +0100

Drop no longer needed dpkg-dev versioned build-dependency.

diff --git a/debian/changelog b/debian/changelog
index 8e6a03b..45c8e41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ libxpm (1:3.5.12-1) UNRELEASED; urgency=medium
 - Drop build-deps on dh-autoreconf, automake and libtool.
   * Stop passing --disable-silent-rules to configure, debhelper does
 that for a while.
+  * Drop no longer needed dpkg-dev versioned build-dependency.
 
  -- Andreas Boll   Wed, 21 Dec 2016 13:47:54 +0100
 
diff --git a/debian/control b/debian/control
index e451bdd..8c99829 100644
--- a/debian/control
+++ b/debian/control
@@ -5,7 +5,6 @@ Maintainer: Debian X Strike Force 
 Build-Depends:
  debhelper (>= 10),
  quilt,
- dpkg-dev (>= 1.16.0),
  xutils-dev (>= 1:7.5+4),
  libx11-dev (>= 1:0.99.2),
  libxt-dev (>= 1:0.99.1-5),

commit 2ad86a778230a724c4cdaf9fdee44a354dc19955
Author: Andreas Boll 
Date:   Wed Dec 21 14:19:05 2016 +0100

Stop passing --disable-silent-rules to configure, debhelper does that for a 
while.

diff --git a/debian/changelog b/debian/changelog
index 7544850..8e6a03b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ libxpm (1:3.5.12-1) UNRELEASED; urgency=medium
   * Add placeholder comment into series file.
   * Bump debhelper compat to 10.
 - Drop build-deps on dh-autoreconf, automake and libtool.
+  * Stop passing --disable-silent-rules to configure, debhelper does
+that for a while.
 
  -- Andreas Boll   Wed, 21 Dec 2016 13:47:54 +0100
 
diff --git a/debian/rules b/debian/rules
index 72b272e..f48ab8f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,9 +13,6 @@ PACKAGE = libxpm4
 %:
dh $@ --with quilt --builddirectory=build/
 
-override_dh_auto_configure:
-   dh_auto_configure -- --disable-silent-rules
-
 override_dh_install:
dh_install --fail-missing -XlibXpm.la
 

commit 3a83c47029413946126d5fc4380cadab7ad8bf2e
Author: Andreas Boll 
Date:   Wed Dec 21 14:18:04 2016 +0100

Drop build-deps on dh-autoreconf, automake and libtool.

diff --git a/debian/changelog b/debian/changelog
index 299c0d1..7544850 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ libxpm (1:3.5.12-1) UNRELEASED; urgency=medium
   * Remove obsolete xsfbs.
   * Add placeholder comment into series file.
   * Bump debhelper compat to 10.
+- Drop build-deps on dh-autoreconf, automake and libtool.
 
  -- Andreas Boll   Wed, 21 Dec 2016 13:47:54 +0100
 
diff --git a/debian/control b/debian/control
index 3980974..e451bdd 100644
--- a/debian/control
+++ b/debian/control
@@ -4,11 +4,8 @@ Priority: optional
 Maintainer: Debian X Strike Force 
 Build-Depends:
  debhelper (>= 10),
- dh-autoreconf,
  quilt,
  dpkg-dev (>= 1.16.0),
- automake,
- libtool,
  xutils-dev (>= 1:7.5+4),
  libx11-dev (>= 1:0.99.2),
  libxt-dev (>= 1:0.99.1-5),

commit e3f955085347ed636d5f6ec58716ad08814156fe
Author: Andreas Boll 
Date:   Wed Dec 21 14:15:37 2016 +0100

Bump debhelper compat to 10.

diff --git a/debian/changelog b/debian/changelog
index 090d2e2..299c0d1 100644
--- 

libxpm: Changes to 'upstream-unstable'

[Andreas Boll]

 configure.ac   |2 +-
 src/CrDatFrI.c |   34 +-
 src/RdFToBuf.c |4 
 src/WrFFrBuf.c |2 +-
 src/create.c   |   11 ++-
 src/parse.c|   40 
 6 files changed, 69 insertions(+), 24 deletions(-)

New commits:
commit 1fab5e81fd761f628fb68d22934615536dbd0220
Author: Matthieu Herrb 
Date:   Mon Dec 12 23:09:52 2016 +0100

libXpm 3.5.12

Signed-off-by: Matthieu Herrb 

diff --git a/configure.ac b/configure.ac
index 46e2a27..2feb9ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libXpm], [3.5.11],
+AC_INIT([libXpm], [3.5.12],
 [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXpm])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])

commit 8b3024e6871ce50b34bf2dff924774bd654703bc
Author: Tobias Stoeckmann 
Date:   Sun Dec 11 13:50:05 2016 +0100

Handle size_t in file/buffer length

The values of file sizes and buffer sizes can exceed current limits.
Therefore, use proper variable types for these operations.

Signed-off-by: Matthieu Herrb 
Reviewed-by: Matthieu Herrb 

diff --git a/src/RdFToBuf.c b/src/RdFToBuf.c
index 7f8ebee..69e3347 100644
--- a/src/RdFToBuf.c
+++ b/src/RdFToBuf.c
@@ -89,6 +89,10 @@ XpmReadFileToBuffer(
return XpmOpenFailed;
 }
 len = stats.st_size;
+if (len < 0 || len >= SIZE_MAX) {
+   close(fd);
+   return XpmOpenFailed;
+}
 ptr = (char *) XpmMalloc(len + 1);
 if (!ptr) {
fclose(fp);
diff --git a/src/WrFFrBuf.c b/src/WrFFrBuf.c
index b80aa62..0e57cc8 100644
--- a/src/WrFFrBuf.c
+++ b/src/WrFFrBuf.c
@@ -44,7 +44,7 @@ XpmWriteFileFromBuffer(
 const char *filename,
 char   *buffer)
 {
-int fcheck, len;
+size_t fcheck, len;
 FILE *fp = fopen(filename, "w");
 
 if (!fp)

commit d1167418f0fd02a27f617ec5afd6db053afbe185
Author: Tobias Stoeckmann 
Date:   Thu Dec 8 17:07:55 2016 +0100

Avoid OOB write when handling malicious XPM files.

libXpm uses unsigned int to store sizes, which fits size_t on 32 bit
systems, but leads to issues on 64 bit systems.

On 64 bit systems, it is possible to overflow 32 bit integers while
parsing XPM extensions in a file.

At first, it looks like a rather unimportant detail, because nobody
will seriously open a 4 GB file. But unfortunately XPM has support for
gzip compression out of the box. An attacker can therefore craft a
compressed file which is merely 4 MB in size, which makes an attack
much for feasable.

Signed-off-by: Matthieu Herrb 
Reviewed-by: Matthieu Herrb 

diff --git a/src/CrDatFrI.c b/src/CrDatFrI.c
index 0dacf51..6735bfc 100644
--- a/src/CrDatFrI.c
+++ b/src/CrDatFrI.c
@@ -48,7 +48,7 @@ LFUNC(CreatePixels, void, (char **dataptr, unsigned int 
data_size,
   unsigned int height, unsigned int cpp,
   unsigned int *pixels, XpmColor *colors));
 
-LFUNC(CountExtensions, void, (XpmExtension *ext, unsigned int num,
+LFUNC(CountExtensions, int, (XpmExtension *ext, unsigned int num,
  unsigned int *ext_size,
  unsigned int *ext_nlines));
 
@@ -122,8 +122,9 @@ XpmCreateDataFromXpmImage(
 
 /* compute the number of extensions lines and size */
 if (extensions)
-   CountExtensions(info->extensions, info->nextensions,
-   _size, _nlines);
+   if (CountExtensions(info->extensions, info->nextensions,
+   _size, _nlines))
+   return(XpmNoMemory);
 
 /*
  * alloc a temporary array of char pointer for the header section which
@@ -187,7 +188,8 @@ XpmCreateDataFromXpmImage(
 if(offset <= image->width || offset <= image->cpp)
RETURN(XpmNoMemory);
 
-if( (image->height + ext_nlines) >= UINT_MAX / sizeof(char *))
+if (image->height > UINT_MAX - ext_nlines ||
+   image->height + ext_nlines >= UINT_MAX / sizeof(char *))
RETURN(XpmNoMemory);
 data_size = (image->height + ext_nlines) * sizeof(char *);
 
@@ -196,7 +198,8 @@ XpmCreateDataFromXpmImage(
RETURN(XpmNoMemory);
 data_size += image->height * offset;
 
-if( (header_size + ext_size) >= (UINT_MAX - data_size) )
+if (header_size > UINT_MAX - ext_size ||
+   header_size + ext_size >= (UINT_MAX - data_size) )
RETURN(XpmNoMemory);
 data_size += header_size + ext_size;
 
@@ -343,13 +346,14 @@ CreatePixels(
 *s = '\0';
 }
 
-static void
+static int
 CountExtensions(
 XpmExtension   *ext,
 unsigned intnum,
 unsigned int   *ext_size,
 unsigned int   *ext_nlines)
 {
+size_t len;
 unsigned int x, y, a, size, nlines;

Bug#847345: libx11-6: the locale is not supported by Xlib, continuing without locale support

[Tomas Janousek]

severity 847345 grave
thanks

(oops, forgot bug number)

-- 
Tomáš Janoušek, a.k.a. Pivník, a.k.a. Liskni_si, http://work.lisk.in/

Processed: Re: Bug#847345: libx11-6: the locale is not supported by Xlib, continuing without locale support

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 847345 grave
Bug #847345 [libx11-6] libx11-6: the locale is not supported by Xlib, 
continuing without locale support
Severity set to 'grave' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
847345: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#847345: libx11-6: the locale is not supported by Xlib, continuing without locale support

[Tomas Janousek]

severity grave
thanks

Hi Kepi,

On Fri, Dec 09, 2016 at 11:29:40PM +0100, Kepi wrote:
> I have same problem. IMHO serverity of this bug should be raised as this
> is making system unusable for people with czech locales.

Indeed, severity should've been raised. The package migrated to testing a few
days ago and probably rendered a lot of systems unusable. Please don't be
afraid to raise the severity yourself next time. Thanks. :-)

-- 
Tomáš Janoušek, a.k.a. Pivník, a.k.a. Liskni_si, http://work.lisk.in/

Bug#848960: xserver-xorg segfaults after starting afterstep

[Frank Brokken]

Package: xserver-xorg
Version: 1:7.7+18
Severity: important

Dear Maintainer,

   * What led up to the situation?

Last week, after performing my weekly Debian update / upgrade session and
after rebooting my desktop computer the xserver segfaulted after logging in
and the (afterstep) window manager had started. Ususally it segfaults
immediately after starting up afterstep, occasionally after about 15 seconds
after showing afterstep's opening screen.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Assuming that the problem was related to the recent update I completely
removed xdm, xorg, xserver-xorg, and afterstep (and any libraries only used by
these packages) from my computer, and installed their stable versions (I'm
using Debian testing). The problem, however, remained.

Next I switched my window manager from afterstep to fvwm: the segfault no
longer appeared. Maybe the segfault somehow is related to using afterstep, but
in the end it's the X server that segfaults, which is why I filed the problem
as a xserver bug. 

I couldn't find hints as to what might be happening in the xserver-xorg log
(which is automatically included by reportbug in this bug report. If you want
a clean log file, generated after reinstalling the packages and rebooting,
then please let me know.

Xdm's log, however, did show the segfault:

Tue Dec 20 12:32:04 2016 xdm info (pid 16348): Starting
Tue Dec 20 12:32:04 2016 xdm info (pid 16348): Starting X server on :0

X.Org X Server 1.19.0
Release Date: 2016-11-15
X Protocol Version 11, Revision 0
Build Operating System: Linux 3.16.0-4-amd64 x86_64 Debian
Current Operating System: Linux suffix 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1 
(2016-12-02) x86_64
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.8.0-2-amd64 
root=UUID=92e1ce07-b39b-462f-aad2-236f67bd86ef ro quiet
Build Date: 23 November 2016  07:20:23PM
xorg-server 2:1.19.0-2 (https://www.debian.org/support) 
Current version of pixman: 0.34.0
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Tue Dec 20 12:32:04 2016
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
resize called 1680 1050
Tue Dec 20 12:32:05 2016 xdm info (pid 16358): sourcing /etc/X11/xdm/Xsetup
Tue Dec 20 12:32:17 2016 xdm info (pid 16358): sourcing 
/etc/X11/xdm/Xstartup
Tue Dec 20 12:32:17 2016 xdm info (pid 16374): executing session 
/etc/X11/xdm/Xsession
(EE) 
(EE) Backtrace:
(EE) 0: /usr/lib/xorg/Xorg (xorg_backtrace+0x4a) [0x55c9a2bfffea]
(EE) 1: /usr/lib/xorg/Xorg (0x55c9a2a47000+0x1bcd69) [0x55c9a2c03d69]
(EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fd62c215000+0x11100) 
[0x7fd62c226100]
(EE) 3: ?? [0x55c9a52c1038]
(EE) 
(EE) Segmentation fault at address 0x55c9a52c1038
(EE) 
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE) 
(EE) 
Please consult the The X.Org Foundation support 
 at http://wiki.x.org
 for help. 
(EE) Please also check the log file at "/var/log/Xorg.0.log" for additional 
information.
(EE) 
(II) AIGLX: Suspending AIGLX clients for VT switch
(EE) Server terminated with error (1). Closing log file.
Tue Dec 20 12:32:39 2016 xdm info (pid 16358): sourcing /etc/X11/xdm/Xreset
Tue Dec 20 12:32:39 2016 xdm info (pid 16348): Starting X server on :0
Tue Dec 20 12:32:39 2016 xdm error (pid 16348): Server for display :0 
terminated unexpectedly: 1536
Tue Dec 20 12:32:39 2016 xdm info (pid 16348): Starting X server on :0

X.Org X Server 1.19.0
Release Date: 2016-11-15
X Protocol Version 11, Revision 0
Build Operating System: Linux 3.16.0-4-amd64 x86_64 Debian
Current Operating System: Linux suffix 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1 
(2016-12-02) x86_64
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.8.0-2-amd64 
root=UUID=92e1ce07-b39b-462f-aad2-236f67bd86ef ro quiet
Build Date: 23 November 2016  07:20:23PM
xorg-server 2:1.19.0-2 (https://www.debian.org/support) 
Current version of pixman: 0.34.0
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Tue Dec 20 12:32:39 2016
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
resize called 1680 1050
Tue Dec 20 12:32:40 2016 xdm info (pid 16587): sourcing