Date: Wed, 19 Dec 2001 11:09:26 +0100 (CET) From: corecode <corecode@corecode.ath.cx> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/33003: wmcube-gdk port update SUPERCEDES ports/32972 Message-ID: <200112191009.fBJA9QQ04439@elevation.zuhause.stoert.net>
next in thread | raw e-mail | index | archive | help
>Number: 33003 >Category: ports >Synopsis: wmcube-gdk port update SUPERCEDES ports/32972 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 19 02:10:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: corecode >Release: FreeBSD 4.4-STABLE i386 >Organization: >Environment: System: FreeBSD elevation.zuhause.stoert.net 4.4-STABLE FreeBSD 4.4-STABLE #3: Thu Dec 13 16:08:02 CET 2001 corecode@elevation.zuhause.stoert.net:/usr/obj/usr/src/sys/ELEVATION i386 >Description: wmcube-gdk is vulnerable to a local buffer overflow exploit resulting in priviledge escalation the upstream author provides a new version >How-To-Repeat: n/a >Fix: apply one of these patches: the first one is for version 0.98p1 (original one) -> 0.98p2 (current) the second one is for version 0.98p1_1 (patched version from ports/32972) -> 0.98p2 (current) diff -ruN wmcube-gdk.old/Makefile wmcube-gdk/Makefile --- wmcube-gdk.old/Makefile Tue Dec 4 02:00:43 2001 +++ wmcube-gdk/Makefile Wed Dec 19 10:45:18 2001 @@ -6,7 +6,7 @@ # PORTNAME= wmcube -PORTVERSION= 0.98p1 +PORTVERSION= 0.98p2 CATEGORIES= sysutils windowmaker MASTER_SITES= http://www.ne.jp/asahi/linux/timecop/software/ PKGNAMESUFFIX= -gdk diff -ruN wmcube-gdk.old/distinfo wmcube-gdk/distinfo --- wmcube-gdk.old/distinfo Tue Dec 4 02:00:43 2001 +++ wmcube-gdk/distinfo Wed Dec 19 10:44:09 2001 @@ -1 +1 @@ -MD5 (wmcube-gdk-0.98p1.tar.gz) = fc4ac69f0f9c9abe974f634df37d3f7c +MD5 (wmcube-gdk-0.98p2.tar.gz) = 6e8be3ed2a8ab6d3fc6bb748c220d376 diff -ruN wmcube-gdk.old/files/patch-wmcube.c wmcube-gdk/files/patch-wmcube.c --- wmcube-gdk.old/files/patch-wmcube.c Thu Aug 30 06:24:25 2001 +++ wmcube-gdk/files/patch-wmcube.c Tue Dec 18 14:38:42 2001 @@ -1,10 +1,73 @@ ---- wmcube.c.orig Thu Aug 16 13:04:38 2001 -+++ wmcube.c Thu Aug 16 13:05:00 2001 -@@ -38,7 +38,6 @@ - #include <math.h> +--- wmcube.c.orig Tue Aug 28 12:08:13 2001 ++++ wmcube.c Tue Dec 18 14:37:25 2001 +@@ -39,7 +39,6 @@ + #ifdef LINUX /* forgotten includes */ -#include <getopt.h> #include <dirent.h> + #endif - #include <sys/wait.h> +@@ -778,7 +777,7 @@ + newx -= CHAR_WIDTH; + } + +- sprintf(buf, "%02i%%", num); ++ snprintf(buf, 5, "%02i%%", num); + for (i = 0; (c = buf[i]); i++) { + if (c == '%') + copy_xpm_area(60, 0, 7, 9, newx, y); +@@ -1250,7 +1249,7 @@ + exit(0); + } + +- fscanf(fp, "%s", tmp); ++ fscanf(fp, "%63s", tmp); + + if (strcmp(tmp, "WMCUBE_COORDINATES") != 0) { + printf +@@ -1259,7 +1258,7 @@ + exit(0); + } + +- fscanf(fp, "%s", tmp); ++ fscanf(fp, "%63s", tmp); + counter = atoi(tmp); + + while ((strcmp(tmp, "WMCUBE_LINES") != 0) +@@ -1280,7 +1279,7 @@ + fclose(fp); + exit(0); + } +- fscanf(fp, "%s", tmp); ++ fscanf(fp, "%63s", tmp); + + if (feof(fp)) { + printf +@@ -1398,7 +1397,7 @@ + char cpuid[6]; + char check_cpu[6]; + +- sprintf(check_cpu, "cpu%d", which_cpu); ++ snprintf(check_cpu, 6, "cpu%d", which_cpu); + + if ((fp = fopen("/proc/stat", "rb")) == NULL) { + perror("/proc/stat required for this system"); +@@ -1409,7 +1408,7 @@ + return 0; + + for (i = -2; i < which_cpu; i++) { +- fscanf(fp, "%s", cpuid); ++ fscanf(fp, "%5s", cpuid); + } + + if (strcmp(check_cpu, cpuid) != 0) { +@@ -1431,7 +1430,7 @@ + fp = fopen("/proc/stat", "rt"); + + for (i = -2; i < which_cpu; i++) { +- fscanf(fp, "%s %d %d %d %d", cpuid, &cpu, &nice, &system, &idle); ++ fscanf(fp, "%5s %d %d %d %d", cpuid, &cpu, &nice, &system, &idle); + } + + fclose(fp); =================================================================== ========== ATTENTION! CUT HERE! OTHER PATCH FOLLOWING! ============ =================================================================== diff -ruN wmcube-gdk/Makefile wmcube-gdk.new/Makefile --- wmcube-gdk/Makefile Wed Dec 19 11:00:44 2001 +++ wmcube-gdk.new/Makefile Wed Dec 19 10:45:18 2001 @@ -6,8 +6,7 @@ # PORTNAME= wmcube -PORTVERSION= 0.98p1 -PORTREVISION= 1 +PORTVERSION= 0.98p2 CATEGORIES= sysutils windowmaker MASTER_SITES= http://www.ne.jp/asahi/linux/timecop/software/ PKGNAMESUFFIX= -gdk diff -ruN wmcube-gdk/distinfo wmcube-gdk.new/distinfo --- wmcube-gdk/distinfo Tue Dec 4 02:00:43 2001 +++ wmcube-gdk.new/distinfo Wed Dec 19 10:44:09 2001 @@ -1 +1 @@ -MD5 (wmcube-gdk-0.98p1.tar.gz) = fc4ac69f0f9c9abe974f634df37d3f7c +MD5 (wmcube-gdk-0.98p2.tar.gz) = 6e8be3ed2a8ab6d3fc6bb748c220d376 diff -ruN wmcube-gdk/files/patch-wmcube.c.orig wmcube-gdk.new/files/patch-wmcube.c.orig --- wmcube-gdk/files/patch-wmcube.c.orig Thu Aug 30 06:24:25 2001 +++ wmcube-gdk.new/files/patch-wmcube.c.orig Thu Jan 1 01:00:00 1970 @@ -1,10 +0,0 @@ ---- wmcube.c.orig Thu Aug 16 13:04:38 2001 -+++ wmcube.c Thu Aug 16 13:05:00 2001 -@@ -38,7 +38,6 @@ - #include <math.h> - - /* forgotten includes */ --#include <getopt.h> - #include <dirent.h> - - #include <sys/wait.h> >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112191009.fBJA9QQ04439>