diff -u libxau-1.0.8/debian/changelog libxau-1.0.8/debian/changelog --- libxau-1.0.8/debian/changelog +++ libxau-1.0.8/debian/changelog @@ -1,3 +1,10 @@ +libxau (1:1.0.8-1ubuntu1) bionic; urgency=medium + + * Add debian/patches/fix-lp1559650.patch to fix a common segfault in + ___vsnprintf_chk() that's crashing gnome-shell (LP: #1559650) + + -- Daniel van Vugt Tue, 21 Apr 2020 15:33:06 +0800 + libxau (1:1.0.8-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- libxau-1.0.8.orig/debian/patches/fix-lp1559650.patch +++ libxau-1.0.8/debian/patches/fix-lp1559650.patch @@ -0,0 +1,32 @@ +From 987fee49dc1750082cfe6e24833379233777a13b Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 19 Oct 2017 22:18:18 +0200 +Subject: [PATCH] Avoid out of boundary read access + +If the environment variable HOME is empty, XauFileName triggers an +out of boundary read access (name[1]). If HOME consists of a single +character relative path, the output becomes unexpected, because +"HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted, +a relative HOME path leads to trouble in general, the code should +properly return "a/.Xauthority" nonetheless. + +Signed-off-by: Tobias Stoeckmann +Reviewed-by: Alan Coopersmith + +Origin: https://gitlab.freedesktop.org/xorg/lib/libxau/-/commit/987fee49dc17 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1559650 +Forwarded: not-needed +Last-Update: 2020-04-21 + +Index: libxau_1.0.8-1ubuntu1/AuFileName.c +=================================================================== +--- libxau_1.0.8-1ubuntu1.orig/AuFileName.c ++++ libxau_1.0.8-1ubuntu1/AuFileName.c +@@ -81,6 +81,6 @@ XauFileName (void) + bsize = size; + } + snprintf (buf, bsize, "%s%s", name, +- slashDotXauthority + (name[1] == '\0' ? 1 : 0)); ++ slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0)); + return buf; + } only in patch2: unchanged: --- libxau-1.0.8.orig/debian/patches/series +++ libxau-1.0.8/debian/patches/series @@ -0,0 +1 @@ +fix-lp1559650.patch