Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xcb is unsound and unmaintained #653

Closed
Shnatsel opened this issue Jan 23, 2021 · 3 comments · Fixed by #750
Closed

xcb is unsound and unmaintained #653

Shnatsel opened this issue Jan 23, 2021 · 3 comments · Fixed by #750

Comments

@Shnatsel
Copy link
Member

Following up from #575 (comment), the following issues are currently outstanding in the xcb crate:

  • interpret some bytes coming from the X11 server as any type you like: rtbo/rust-xcb#95
  • Out-of-bounds read for sending bytes to the server: rtbo/rust-xcb#94
  • a "safe" version of mem::transmute (with some limits on the types, but not enough): rtbo/rust-xcb#78

The README states:

Maintainance request

I've been very happy to work on this project, but I don't have the possibility anymore to maintain these bindings to the level the Rust community deserves. I can't spend as much time on it as I used to, and I'm not using neither Rust nor XCB anymore, so I clearly can't improve the bindings with the latest Rust features. Person with motivation and good knowledge of Rust and XCB may contact me per email.
@Shnatsel
Copy link
Member Author

I've emailed the author as requested in the readme, flagging these issues and offering to help with finding a new maintainer.

@Shnatsel
Copy link
Member Author

Shnatsel commented Feb 4, 2021

I have not received a reply in 12 days, so let's proceed with advisories for the known soundness bugs as well as unmaintained status.

@psychon would you do the honors and open the advisory PR, like #575?

psychon added a commit to psychon/advisory-db that referenced this issue Feb 4, 2021
@psychon
Report various rust-xcb issues to RustSec
f2c5747 
Closes: rustsec#653
@psychon psychon mentioned this issue Feb 4, 2021
Merged
@complexspaces complexspaces mentioned this issue Feb 5, 2021
Merged
@Shnatsel
Copy link
Member Author

x11rb crate looks like a maintained alternative. We don't carry an "unmaintained" advisory yet, just reports of soundness issues.

@github-actions github-actions bot mentioned this issue May 30, 2021
Closed
FallenWarrior2k added a commit to FallenWarrior2k/xbgdump that referenced this issue May 31, 2021
@FallenWarrior2k
Switch to x11rb from xcb
3cdb0a5 
xcb is unmaintained and has several soundness issues
(rustsec/advisory-db#653).
x11rb provides an equivalent API and also avoids the dependency on
libxcb, allowing the build and distribution of an entirely static
executable.
This was referenced Oct 22, 2021
Open
Closed
This was referenced Nov 14, 2021
Open
Closed
@Shatur Shatur mentioned this issue Feb 6, 2022
Closed
This was referenced Mar 5, 2022
Closed
Open
@github-actions github-actions bot mentioned this issue Mar 25, 2022
Open
@Shatur Shatur mentioned this issue Apr 10, 2022
Closed
@github-actions github-actions bot mentioned this issue Sep 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Report various rust-xcb issues to RustSec psychon/advisory-db
1 participant
@Shnatsel