Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 695603

Summary: xrdb passes broken defines to cpp
Product: Red Hat Enterprise Linux 5 Reporter: Peder Stray <peder.stray>
Component: xorg-x11-server-utilsAssignee: Adam Jackson <ajax>
Status: CLOSED DUPLICATE QA Contact: desktop-bugs <desktop-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 5.6CC: adam.winberg, ajb, David.M.Cooke, ejb, gnugv_maintainer, goeran, griffint, gsgatlin, j.s.peatfield, jwest, kalle.kiviaho, lampe, martinsson.patrik, mishu, pasteur, phil, poisson02, rdassen, rhel, simon.matter, stephan.wiesand, uwe.menges, vgotchev
Target Milestone: rcKeywords: Patch, Regression
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 697490 (view as bug list) Environment:
Last Closed: 2011-04-18 17:33:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 697490    
Attachments:
Description Flags
Proposed cve-2011-0465 fix none

Description Peder Stray 2011-04-12 07:03:15 UTC 
Description of problem:

xrdb in the xorg-x11-server-utils-7.1-5.el5_6.1.x86_64 package passes broken defines through sh to cpp causing sh to fail parsing the command line, thus failing to preprocess the xresources file passed and not loading anything.

The cause is the xdb-defined constant VENDOR, which is set to '_The X.Org Foundation"'

Version-Release number of selected component (if applicable):
xorg-x11-server-utils-7.1-5.el5_6.1.x86_64

How reproducible:

just run xrdb on any file

  
Actual results:
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file

Expected results:
no errors from sh
Comment 1 Patrik Martinsson 2011-04-12 09:34:13 UTC 
I can confirm the same behaviour on RHEL 6. 

This needs an immediate fix.
Comment 2 David M. Cooke 2011-04-13 15:14:38 UTC 
I can confirm this on RHEL5.  I have many users complaining.
Comment 3 Peder Stray 2011-04-13 19:18:50 UTC 
For those of you needing a quick fix, put the following line in /etc/yum.conf:

   exclude=xorg-x11-server-utils-7.1-5.el5_6.1

and run 'yum downgrade xorg-x11-server-utils'.  That should block the broken version on RHEL5 at least, and seems to do the trick here.
Comment 4 gregory 2011-04-14 09:24:55 UTC 
I confirm this for xorg-x11-server-utils-7.1-5.el5_6.1.i386
This is appartently related to

* Wed Mar 16 2011 Adam Jackson <ajax> 7.1-5.el5_6.1
- cve-2011-0465.patch: Sanitize cpp macro expansion. (CVE 2011-0465)

The following appears to work fine
$ xrdb -nocpp -load .Xresources
Comment 5 Uwe Menges 2011-04-14 18:02:29 UTC 
This issue also occurs on RHEL6 (xorg-x11-server-utils-7.4-15.el6_0.1.x86_64).

We have '-DVENDOR=_The X.Org Foundation\"' in the /usr/bin/mcpp call.

The workaround with -nocpp does not work (there), because all the option parsing code does on -nocpp is "cpp_program = NULL;" (xrdb.c:815), which causes it to be auto-filled (in xrdb.c:881)! This makes the -nocpp parameter completely pointless.
Comment 6 Uwe Menges 2011-04-14 18:04:53 UTC 
Created attachment 492187 [details]
Proposed cve-2011-0465 fix
Comment 8 Gary Gatling 2011-04-15 19:05:46 UTC 
I am seeing this problem also. My .Xresources file is no longer being
loaded. downgrading to xorg-x11-server-utils 7.1-4 temporarily fixes the problem
for me.
Comment 9 Adam Jackson 2011-04-18 17:33:18 UTC 

*** This bug has been marked as a duplicate of bug 696316 ***