caribou: Segfault as regression of xorg CVE-2020-25712 fix that cause security issue for cinnamon

Debian Bug report logs - #980061
caribou: Segfault as regression of xorg CVE-2020-25712 fix that cause security issue for cinnamon

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Fabio Fantoni <fantonifabio@tiscali.it>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: caribou: Segfault as regression of xorg CVE-2020-25712 fix that cause security issue for cinnamon

Date: Wed, 13 Jan 2021 19:41:59 +0100

Source: caribou
Version: 0.4.21-7
Severity: grave
Tags: patch security upstream
Forwarded: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3

Hi, after xorg CVE-2020-25712 fix a regression is intruduced that make
possible crash caribou and add a security issue for cinnamon that use it
as virtual keyboard in screensaver:
https://github.com/linuxmint/cinnamon-screensaver/issues/354

Cinnamon developers already prepared, tested and open a MR on caribou
upstream for solves this issue (link in forwarded)

Message #10 received at 980061@bugs.debian.org (full text, mbox, reply):

From: Fabio Fantoni <fantonifabio@tiscali.it>

To: 980061@bugs.debian.org

Subject: Re: caribou: Segfault as regression of xorg CVE-2020-25712 fix that cause security issue for cinnamon

Date: Fri, 15 Jan 2021 17:22:16 +0100

Prepared a MR:
https://salsa.debian.org/gnome-team/caribou/-/merge_requests/2

Already tested build
(http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog
<http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog>),
installed and verified that issue is not reproducible anymore

Message #15 received at 980061@bugs.debian.org (full text, mbox, reply):

From: Fabio Fantoni <fantonifabio@tiscali.it>

To: 980061@bugs.debian.org

Subject: caribou: diff for NMU version 0.4.21-7.1

Date: Sat, 23 Jan 2021 00:43:58 +0100

Control: tags 980061 + pending

Dear maintainer,

As this is older than 7 days and no maintainer activity about this bug
and it cause security issue to cinnamon (that I think should be solved
ASAP);
I've prepared an NMU for caribou (versioned as 0.4.21-7.1) and will be
uploaded.

Regards.

diff -Nru caribou-0.4.21/debian/changelog caribou-0.4.21/debian/changelog
--- caribou-0.4.21/debian/changelog    2018-12-24 00:18:21.000000000 +0100
+++ caribou-0.4.21/debian/changelog    2021-01-15 15:49:43.000000000 +0100
@@ -1,3 +1,11 @@
+caribou (0.4.21-7.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix segfault (regression of xorg CVE-2020-25712 fix) that
+    cause security issue for cinnamon (Closes: #980061)
+
+ -- Fabio Fantoni <fantonifabio@tiscali.it>  Fri, 15 Jan 2021 15:49:43
+0100
+
 caribou (0.4.21-7) unstable; urgency=medium
 
   * Restore -Wl,-O1 to our LDFLAGS
diff -Nru caribou-0.4.21/debian/patches/Fix-compilation-error.patch
caribou-0.4.21/debian/patches/Fix-compilation-error.patch
--- caribou-0.4.21/debian/patches/Fix-compilation-error.patch   
1970-01-01 01:00:00.000000000 +0100
+++ caribou-0.4.21/debian/patches/Fix-compilation-error.patch   
2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,24 @@
+From bc6f3e7ca0921b50a3ff836d08ce264a4f114224 Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 17:29:16 +0000
+Subject: [PATCH 1/4] Fix compilation error
+
+---
+ libcaribou/key-model.vala | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcaribou/key-model.vala b/libcaribou/key-model.vala
+index 89015bc..e88342e 100644
+--- a/libcaribou/key-model.vala
++++ b/libcaribou/key-model.vala
+@@ -101,7 +101,7 @@ namespace Caribou {
+                     unichar uc;
+                     while (text.get_next_char (ref index, out uc)) {
+                         uint keyval = Gdk.unicode_to_keyval (uc);
+-                        if (keyval != uc | 0x01000000)
++                        if (keyval != (uc | 0x01000000))
+                             _keyvals += keyval;
+                     }
+                 } else {
+--
+2.29.2
diff -Nru
caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch
caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch
---
caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch   
1970-01-01 01:00:00.000000000 +0100
+++
caribou-0.4.21/debian/patches/Fix-subkey-popmenu-not-showing-after-being-dismissed.patch   
2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,31 @@
+From 85ac8f9e210243d95163cf8b1013470a6d9c7eaa Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 17:30:25 +0000
+Subject: [PATCH 2/4] Fix subkey popmenu not showing after being dismissed
+
+To reproduce the issue:
+
+- long-press the "e" button
+- don't select any sub button.. just select "e" again to close the menu
+
+After this the menu no long appears when long-pressing "e".
+
+This commit fixes that.
+---
+ libcaribou/key-model.vala | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libcaribou/key-model.vala b/libcaribou/key-model.vala
+index e88342e..2f640f2 100644
+--- a/libcaribou/key-model.vala
++++ b/libcaribou/key-model.vala
+@@ -179,6 +179,7 @@ namespace Caribou {
+                 hold_tid = GLib.Timeout.add (1000, on_key_held);
+
+             key_pressed(this);
++            show_subkeys = false;
+         }
+
+         public void release () {
+--
+2.29.2
diff -Nru caribou-0.4.21/debian/patches/series
caribou-0.4.21/debian/patches/series
--- caribou-0.4.21/debian/patches/series    2018-12-24
00:18:21.000000000 +0100
+++ caribou-0.4.21/debian/patches/series    2021-01-15
15:49:43.000000000 +0100
@@ -1,2 +1,5 @@
 autostart-set-nodisplay.patch
 fix-font-property-in-style.css.patch
+Fix-compilation-error.patch
+Fix-subkey-popmenu-not-showing-after-being-dismissed.patch
+xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch
diff -Nru
caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch
caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch
---
caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch   
1970-01-01 01:00:00.000000000 +0100
+++
caribou-0.4.21/debian/patches/xadapter.vala-Remove-XkbKeyTypesMask-and-f.patch   
2021-01-15 15:49:43.000000000 +0100
@@ -0,0 +1,46 @@
+From 00653c5dcc4be5e983b670d00d5724fc21da2e82 Mon Sep 17 00:00:00 2001
+From: Clement Lefebvre <clement.lefebvre@linuxmint.com>
+Date: Tue, 12 Jan 2021 18:01:47 +0000
+Subject: [PATCH 3/4] [mtwebster] xadapter.vala: Remove XkbKeyTypesMask and
+ fields from XKbChangeMap call.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This was originally a workaround for xFree86 4.3 - see:
+https://bugzilla.gnome.org/show_bug.cgi?id=673547
+​
+As of https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0 this
+causes a BadLength error when attempting to use shifted characters.
+​
+Ref:
+https://www.x.org/releases/X11R7.7/doc/libX11/XKB/xkblib.html#Changing_Map_Components_in_the_Server
+---
+ libcaribou/xadapter.vala | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/libcaribou/xadapter.vala b/libcaribou/xadapter.vala
+index 22858b7..1da5a78 100644
+--- a/libcaribou/xadapter.vala
++++ b/libcaribou/xadapter.vala
+@@ -195,15 +195,10 @@ namespace Caribou {
+
+             Xkb.MapChanges changes = Xkb.MapChanges ();
+
+-            // We don't touch key types here but include the
+-            // information in XkbSetMap request to the server, because
+-            // some X servers need the information to check the sanity
+-            // of the keysyms change.
+-            changes.changed = (ushort) (Xkb.KeySymsMask |
Xkb.KeyTypesMask);
++            changes.changed = (ushort) Xkb.KeySymsMask;
+             changes.first_key_sym = (char) this.reserved_keycode;
+             changes.num_key_syms =
this.xkbdesc.map.key_sym_map[this.reserved_keycode].width;
+-            changes.first_type = 0;
+-            changes.num_types = this.xkbdesc.map.num_types;
++
+             Xkb.change_map (this.xdisplay, this.xkbdesc, changes);
+
+             this.xdisplay.flush ();
+--
+2.29.2
+

Message #22 received at 980061-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 980061-close@bugs.debian.org

Subject: Bug#980061: fixed in caribou 0.4.21-7.1

Date: Sat, 23 Jan 2021 00:03:39 +0000

Source: caribou
Source-Version: 0.4.21-7.1
Done: Fabio Fantoni <fantonifabio@tiscali.it>

We believe that the bug you reported is fixed in the latest version of
caribou, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 980061@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabio Fantoni <fantonifabio@tiscali.it> (supplier of updated caribou package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Jan 2021 15:49:43 +0100
Source: caribou
Architecture: source
Version: 0.4.21-7.1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Fabio Fantoni <fantonifabio@tiscali.it>
Closes: 980061
Changes:
 caribou (0.4.21-7.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix segfault (regression of xorg CVE-2020-25712 fix) that
     cause security issue for cinnamon (Closes: #980061)
Checksums-Sha1:
 b96275a87d2b25516950111a14307ffcb9fe1518 2529 caribou_0.4.21-7.1.dsc
 af399edc6d5f148c9c01a4a93b7623b6d2c798ee 8340 caribou_0.4.21-7.1.debian.tar.xz
 7f40e2502364d5cbe79688b3d87bfab31e2d15d4 17622 caribou_0.4.21-7.1_source.buildinfo
Checksums-Sha256:
 f3b89c6675a046c51630281e5b6dcab5257862d1eaa978274b5debeae90f87d0 2529 caribou_0.4.21-7.1.dsc
 77bdfc748ad445bb6828925dafc7e7a6f5c481ba0514fb94f53c1abdd2c92c8a 8340 caribou_0.4.21-7.1.debian.tar.xz
 0041289fdeba03938ae6b14b93647cd5ef893c8b03e833b001d0316facb80d05 17622 caribou_0.4.21-7.1_source.buildinfo
Files:
 e7b3384e80a68ddda422a8e37661d223 2529 libs optional caribou_0.4.21-7.1.dsc
 70ee70f37b759a87afe640da5eaf28c7 8340 libs optional caribou_0.4.21-7.1.debian.tar.xz
 0304e0d83e36d6b4523e6cb18a9a8100 17622 libs optional caribou_0.4.21-7.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE68ws0vrA2voQX53I2A4JsIcUAGYFAmALZYkACgkQ2A4JsIcU
AGZRqwgAqHAvVrsTYBOeesbsUDuXgMaSaA2hlBQY7/Ur1eU81E/J+nTMFVYjxkDt
W16PwC7OGJgDmvg8y8ZsAUY2osgMb90CIg9gUbcTprt4ASocr9bMoRFeBamZnYJB
eL9anFmztQvV463kDsGSy6jd6qPMZ2CJ04HObC+wnY3HUcu0AtgrMSscpAHaXyOV
ZQlsV2nS93h9q3HCdeNl38kana6U0gSzkqgHfrdUA03hgym9Ec7W4Z0OLvZchLaV
APfz2t1QGpBoVSAyYTyqRbBrqcDCatIkcaVcaUpNdG+SQs+mOsbdWWefL+/1M6Pj
sc50pymfxKqGJCszxiho2ct/oqiY2A==
=aBuR
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.