Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability roundup 85: libxkbcommon-0.7.2: 8 advisories [7.8] #90856

Open
8 tasks
ckauhaus opened this issue Jun 18, 2020 · 2 comments
Open
8 tasks

Vulnerability roundup 85: libxkbcommon-0.7.2: 8 advisories [7.8] #90856

ckauhaus opened this issue Jun 18, 2020 · 2 comments
Labels
1.severity: security

Comments

@ckauhaus
Copy link
Contributor

search, files

Scanned versions: nixos-20.03: a84b797; nixos-unstable: 22c9881. May contain false positives.

Cc @ttuegel
@ttuegel
Copy link
Member

ttuegel commented Jul 7, 2020

@michalrus @mrVanDalo The only package using the vulnerable version of libxkbcommon is Bitwig Studio. Is there a newer version of this package that would be compatible with newer libxkbcommon?

@mrVanDalo
Copy link
Contributor

I'm updating to 20.09 right now, and libxkbcommon (7.2) is not compiling anymore anyway.

[4/96] Compiling C object libxkbcommon-internal.a.p/meson-generated_parser.c.o
FAILED: libxkbcommon-internal.a.p/meson-generated_parser.c.o 
gcc -Ilibxkbcommon-internal.a.p -I. -I.. -I../src -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -std=c99 -fvisibility=hidden -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wpointer-arith -Wmissing-declarations -Wformat=2 -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wshadow -Wlogical-op -Wdate-time -Wwrite-strings -include config.h -fPIC -MD -MQ libxkbcommon-internal.a.p/meson-generated_parser.c.o -MF libxkbcommon-internal.a.p/meson-generated_parser.c.o.d -o libxkbcommon-internal.a.p/meson-generated_parser.c.o -c libxkbcommon-internal.a.p/parser.c
libxkbcommon-internal.a.p/parser.c: In function '_xkbcommon_parse':
libxkbcommon-internal.a.p/parser.c:1631:12: error: 'YYEMPTY' undeclared (first use in this function)
 1631 |   yychar = YYEMPTY; /* Cause a token to be read.  */
      |            ^~~~~~~
libxkbcommon-internal.a.p/parser.c:1631:12: note: each undeclared identifier is reported only once for each function it appears in
libxkbcommon-internal.a.p/parser.c:1751:22: error: 'YYerror' undeclared (first use in this function); did you mean 'perror'?
 1751 |   else if (yychar == YYerror)
      |                      ^~~~~~~
      |                      perror
libxkbcommon-internal.a.p/parser.c:1757:16: error: 'YYUNDEF' undeclared (first use in this function); did you mean 'YYUSE'?
 1757 |       yychar = YYUNDEF;
      |                ^~~~~~~
      |                YYUSE
  GEN      man/base32.1
  GEN      man/basenc.1
  GEN      man/basename.1
  GEN      man/cat.1
[7/96] Compiling C object libxkbcommon-internal.a.p/src_compose_parser.c.o
ninja: build stopped: subcommand failed.

I had no time checking if a newer libxkbcommon library is working, yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ttuegel @mrVanDalo @ckauhaus