summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJim Ramsay <lack@gentoo.org>2009-08-06 20:23:20 +0000
committerJim Ramsay <lack@gentoo.org>2009-08-06 20:23:20 +0000
commit126b7ad474e9e8722ada26e736d165a82e6fbfea (patch)
tree65a9e50b1d07075e671a2a8b9cfaa6d2b2755e8f
parentx11-drivers/xf86-video-siliconmotion: drop old ebuilds (diff)
downloadgentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.tar.gz
gentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.tar.bz2
gentoo-2-126b7ad474e9e8722ada26e736d165a82e6fbfea.zip
Fix a segfault and set of buffer overflows
(Portage version: 2.1.6.13/cvs/Linux x86_64)
-rw-r--r--x11-plugins/wmfrog/ChangeLog10
-rw-r--r--x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch54
-rw-r--r--x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch60
-rw-r--r--x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild37
4 files changed, 159 insertions, 2 deletions
diff --git a/x11-plugins/wmfrog/ChangeLog b/x11-plugins/wmfrog/ChangeLog
index ac04cf944f1e..a5327a57fbd8 100644
--- a/x11-plugins/wmfrog/ChangeLog
+++ b/x11-plugins/wmfrog/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for x11-plugins/wmfrog
-# Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/ChangeLog,v 1.6 2008/04/28 15:41:44 drac Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/ChangeLog,v 1.7 2009/08/06 20:23:20 lack Exp $
+
+*wmfrog-0.2.0-r1 (06 Aug 2009)
+
+ 06 Aug 2009; Jim Ramsay <lack@gentoo.org> +wmfrog-0.2.0-r1.ebuild,
+ +files/01-fix-segfault-0.2.0.patch, +files/02-buffer-overflow-0.2.0.patch:
+ Fix a segfault and set of buffer overflows
*wmfrog-0.2.0 (28 Apr 2008)
diff --git a/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch b/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch
new file mode 100644
index 000000000000..7e88f49058ff
--- /dev/null
+++ b/x11-plugins/wmfrog/files/01-fix-segfault-0.2.0.patch
@@ -0,0 +1,54 @@
+From 7b9ead8d480eb2be07db646e9c6383f3397beaea Mon Sep 17 00:00:00 2001
+From: Jim Ramsay <lack@gentoo.org>
+Date: Thu, 6 Aug 2009 12:22:26 -0400
+Subject: [PATCH] Fixed segfault if Weather or Clouds not present
+
+Though the variables 'weatherFound' and 'cloudsFound' were being set properly by
+fscanf, their values were never actually checked.
+
+Furthermore, the strings (Weather, Clouds, tmp1 and tmp2) were not being
+initialized to NULL as the code seems to have been expecting.
+---
+ Src/wmFrog.c | 12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Src/wmFrog.c b/Src/wmFrog.c
+index e2d82af..af4101a 100644
+--- a/Src/wmFrog.c
++++ b/Src/wmFrog.c
+@@ -68,10 +68,10 @@ int n, s, m, i, dt1, dt2, dt3 ;
+ XEvent event;
+ char command[1024], Line[512], FileName[10];
+ FILE *fp;
+- char* Weather;
+- char* Clouds;
+- char* tmp1;
+- char* tmp2;
++ char* Weather = NULL;
++ char* Clouds = NULL;
++ char* tmp1 = NULL;
++ char* tmp2 = NULL;
+ int intensity=0;
+ char* precip;
+ char* desc;
+@@ -238,7 +238,7 @@ FILE *fp;
+ keepgoing=1;
+ {
+
+- do{
++ if (weatherFound) do{
+
+
+ tmp1=mystrsep(&Weather,";");
+@@ -289,7 +289,7 @@ FILE *fp;
+ while(keepgoing);
+ }
+
+- do{
++ if (cloudsFound) do{
+ tmp1=mystrsep(&Clouds,";");
+ if(tmp1)
+ {
+--
+1.6.3.3
+
diff --git a/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch b/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch
new file mode 100644
index 000000000000..c4267585836c
--- /dev/null
+++ b/x11-plugins/wmfrog/files/02-buffer-overflow-0.2.0.patch
@@ -0,0 +1,60 @@
+From 5cc2198aebf090b399bd8aaea0e1c8b054bbda58 Mon Sep 17 00:00:00 2001
+From: Jim Ramsay <i.am@jimramsay.com>
+Date: Thu, 6 Aug 2009 12:51:56 -0400
+Subject: [PATCH] Remove buffer overflows
+
+Replaced all 'sprintf' calls with 'snprintf' and fixed all buffers to reasonable
+sizes.
+---
+ Src/wmFrog.c | 11 +++++------
+ 1 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/Src/wmFrog.c b/Src/wmFrog.c
+index af4101a..74e8b56 100644
+--- a/Src/wmFrog.c
++++ b/Src/wmFrog.c
+@@ -66,7 +66,7 @@ char* folder;
+ int main(int argc, char *argv[]) {
+ int n, s, m, i, dt1, dt2, dt3 ;
+ XEvent event;
+-char command[1024], Line[512], FileName[10];
++char command[1024], Line[512], FileName[128];
+ FILE *fp;
+ char* Weather = NULL;
+ char* Clouds = NULL;
+@@ -213,7 +213,7 @@ FILE *fp;
+
+ dt2 = 0;
+
+- sprintf(FileName, "%s/%s", folder, StationID);
++ snprintf(FileName, 128, "%s/%s", folder, StationID);
+ fprintf(stderr,"%s\n\n",FileName);
+ if ((fp = fopen(FileName, "r")) != NULL){
+ fscanf(fp, "Hour:%d", &hour);
+@@ -571,7 +571,7 @@ UpToDate = 0;
+ /*
+ * Execute Perl script to grab the Latest METAR Report
+ */
+- sprintf(command, "/usr/lib/wmfrog/weather.pl %s %s &", StationID, folder);
++ snprintf(command, 1024, "/usr/lib/wmfrog/weather.pl %s %s &", StationID, folder);
+ //printf("Retrieveing data\n");
+ system(command);
+ ForceDownload = 0;
+@@ -844,12 +844,11 @@ char *GetTempDir(char *suffix)
+ {
+ uid_t id;
+ struct passwd *userEntry;
+- char * userHome;
++ static char userHome[128];
+
+ id=getuid();
+ userEntry=getpwuid(id);
+- userHome=userEntry->pw_dir;
+- sprintf(userHome,"%s/%s",userHome,suffix);
++ snprintf(userHome, 128, "%s/%s", userEntry->pw_dir, suffix);
+ return userHome;
+ }
+
+--
+1.6.3.3
+
diff --git a/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild b/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild
new file mode 100644
index 000000000000..802a83ce77a2
--- /dev/null
+++ b/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-plugins/wmfrog/wmfrog-0.2.0-r1.ebuild,v 1.1 2009/08/06 20:23:20 lack Exp $
+
+EAPI=2
+inherit eutils toolchain-funcs
+
+DESCRIPTION="a weather application, it shows the weather in a graphical way."
+HOMEPAGE="http://wiki.colar.net/wmfrog_dockapp"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+RDEPEND="x11-libs/libXext
+ x11-libs/libXpm
+ x11-libs/libX11"
+DEPEND="${RDEPEND}
+ x11-proto/xextproto"
+
+S=${WORKDIR}/Src
+
+src_prepare() {
+ epatch "${FILESDIR}"/*-${PV}.patch
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" INCDIR="" \
+ LIBDIR="" || die "emake failed."
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed."
+ dodoc ../{CHANGES,HINTS}
+}