Debian Patches
Status for libinput/1.28.1-1+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| tools-remove-references-to-libinput_quir.patch | tools: Remove references to LIBINPUT_QUIRKS_SRCDIR. (Closes: #995809) This embeds the build path which is not generally available at runtime and makes it more difficult to reproduce the build. https://reproducible-builds.org/docs/build-path/ |
Vagrant Cascadian <vagrant@reproducible-builds.org> | no | 2023-12-01 | ||
| util-don-t-call-function-in-macro-argument.patch | util: don't call function in macro argument | Kacper PiwiĆski <vfjpl1@gmail.com> | no | https://gitlab.freedesktop.org/libinput/libinput/-/commit/8c15a01d1692cf0301b25ec2ead1d15d8176ad29 | 2025-06-29 | |
| util-sanitize-control-characters-in-str_sanitize.patch | util: sanitize control characters in str_sanitize() str_sanitize() only escaped '%' characters for format string safety. Device names from uinput devices can contain arbitrary bytes including ANSI escape sequences (ESC, 0x1b) and other control characters. When these strings are included in log messages and printed to a terminal, the escape sequences are interpreted by the terminal emulator. This could allow an attacker to manipulate terminal output (change colors, set window title, clear screen) when an administrator views libinput logs. Replace all control characters (0x00-0x1f and 0x7f) with '?' in addition to the existing '%' escaping. This prevents terminal escape sequence injection through device names in log output. (cherry picked from commit 71a2c5cae2a80a1e3bb29e3f3a07ccc3f3de5acb) |
Peter Hutterer <peter.hutterer@who-t.net> | no | https://gitlab.freedesktop.org/libinput/libinput/-/commit/fc2262e1c1847021239065e84f39f15492ef05cc | 2026-06-01 | |
| libinput-device-group-sanitize-phys-before-printing-.patch | libinput-device-group: sanitize phys before printing it A malicious uinput device could set the phys value (via UI_SET_PHYS) to contain a '\n'. When the value is printed as part of the device group the udev rules will interpret it as separate property. Depending on the property this can cause local privilege escalation. Closes #1296 (cherry picked from commit 76f0d8a7f57e2868882864b4611281f12f704b55) |
Peter Hutterer <peter.hutterer@who-t.net> | yes | upstream | https://gitlab.freedesktop.org/libinput/libinput/-/commit/b2bde9504d42a5976d76e1f27c640dc561fbd99b | 2026-06-01 |
All known versions for source package 'libinput'
- 1.31.3-1 (sid, forky)
- 1.28.1-1+deb13u1 (trixie-security, trixie-proposed-updates)
- 1.28.1-1 (trixie)
- 1.22.1-1+deb12u1 (bookworm-security, bookworm-proposed-updates)
- 1.22.1-1 (bookworm)