Commit graph

738 commits

Author SHA1 Message Date
Doug Torrance 74bc5a7660 wmtv: Fix security hole.
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>.  From [1]:

   From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
   To: Debian Bug Tracking System <submit@bugs.debian.org>
   Subject: wmtv: dangerous suid root
   Date: Thu, 08 Nov 2001 20:07:52 +0100

   Hi !
   I think there is a huge security hole with wmtv and, when wmtv is installed,
   anyone can easily get a root account. Here is what I have in my terminal:
   (everytime I launch wmtv, I double-clicked in the tv subwindow to call the
   external program)

   ----------------------------------------------------------------------
   Tintin:~> wmtv -e whoami
   root
   Tintin:~> cat > crack_root.sh
   #!/bin/sh
   cp /bin/sh /tmp
   chmod u+s /tmp/sh
   Tintin:~> chmod +x crack_root.sh
   Tintin:~> wmtv -e ~/crack_root.sh
   Tintin:~> ll /tmp/sh
   -rwsr-xr-x    1 root     users      407356 Nov  8 19:25 /tmp/sh*
   ----------------------------------------------------------------------

   I tried to make wmtv non-suid root, and... sometimes it works (despite an
   error message), sometimes it does not...

   ----------------------------------------------------------------------
   Tintin:~> ll /usr/bin/X11/wmtv
   -rwxr-xr-x    1 root     root        62588 Jul 31 01:55 /usr/bin/X11/wmtv*
   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted

   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted
   wmtv: no physical frame buffer access
   ----------------------------------------------------------------------

   Hence, I guess you should either correct wmtv so that it always work without
   being suid root, or make wmtv lose its privileges before it runs an external
   program.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118778
2016-02-01 15:26:00 +05:30
Doug Torrance 199e0065fe wmtv: Fix calculation of bytes per line.
Patch by Yann Vernier <yann@donkey.dyndns.org>.  From [1]:

   From: Malcolm Parsons <malcolm@ivywell.screaming.net>
   Subject: wmtv: incorrectly calculates bytes per line
   Date: Mon, 09 Apr 2001 21:15:52 +0100

   wmtv does not put the tv display in its window on my second head.
   According to bttv, wmtv is telling bttv that the display is:

   Display at ea800000 is 800 by 600, bytedepth 2, bpl 1600

   If I use xawtv, it correctly sets the bpl value:

   Display at ea800000 is 800 by 600, bytedepth 2, bpl 1664

   wmtv is probably incorrectly assuming width * bytedepth = bpl.

   From: Yann Vernier <yann@donkey.dyndns.org>
   Subject: wmtv: incorrectly calculates bytes per line
   Date: Sun, 15 Jul 2001 14:21:56 +0200

   Found the problem, at least this fixes it for me at 1600x1200.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93439
2016-02-01 15:26:00 +05:30
Doug Torrance 61e2c5f228 wmtv: Config file handling.
Patch by Yann Vernier <yann@algonet.se>.  From [1]:

   wmtv failed to read my .wmtvrc (hand written) correctly, I tracked it
   down to incorrect memory management (sizeof() instead of strlen()).
   The code was so bad that I chose to rewrite it to a simpler version,
   patch below.

   Other bugs fixed include some of the memory leaks (which are quite
   numerous) and truncating the .wmtvrc when writing to it.

   Cosmetic changes include keeping comments in .wmtvrc, C++-style
   comments changed to C style, and numbering channels from 1.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=105325
2016-02-01 15:26:00 +05:30
Doug Torrance 0703ba0b82 wmbiff: Add missing command line options to documentation.
Closes Debian bug #770117 [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770117
2015-10-26 09:44:23 -04:00
Doug Torrance db83d64e1c libdockapp: Bump to version 0.7.2. 2015-10-21 09:07:01 -04:00
Doug Torrance 8f98cec497 libdockapp: Clean generated file dockapp.pc.
Based on the Debian patch [1].

[1] https://sources.debian.net/src/libdockapp/1:0.7.1-1/debian/patches/clean_dockapp.pc.patch/
2015-10-21 09:07:01 -04:00
Doug Torrance ee44bd28c4 libdockapp: Remove AC_PATH_XTRA macro from configure.ac
We already check for libraries with the PKG_CHECK_MODULES macros.  This also
allows the Debian package to drop the Build-Depend on libice-dev.

Based on the Debian patch [1].

[1] https://sources.debian.net/src/libdockapp/1:0.7.1-1/debian/patches/remove_AC_PATH_XTRA.diff/
2015-10-21 09:07:01 -04:00
Doug Torrance 79685780ff libdockapp: Recompress fonts without timestamp.
This fixes the package-contains-timestamped-gzip warning given by Lintian
for the Debian package.  (This warning is really unnecessary, as its purpose
it to check for reproducible builds and the fonts are not compressed at
build time, but I see no harm in removing these timestamps.)
2015-10-21 09:07:01 -04:00
Doug Torrance 1ba41abe0c wmacpi: Update header file location.
In libdockapp 0.7.0, dockapp.h was moved to /usr/include/libdockapp.
2015-10-21 09:07:01 -04:00
Doug Torrance e5cf1b958e wmmenu: Update header file location.
In libdockapp 0.7.0, dockapp.h was moved to /usr/include/libdockapp.
2015-10-21 09:07:01 -04:00
Doug Torrance c11470a0b7 libdockapp: Bump to version 0.7.1. 2015-10-18 00:20:33 -04:00
Doug Torrance 54e081bcc4 libdockapp: Update update-changelog target in Makefile.
Only grab libdockapp commits.
2015-10-18 00:20:33 -04:00
Doug Torrance fc16f5d425 libdockapp: Update header location in examples. 2015-10-18 00:20:33 -04:00
Shining 796427153b libdockapp: Simplify instructions to generate a ./configure script.
Based on suggestions by Alexey Frolov and BALATON Zoltan.
2015-10-09 17:43:38 -04:00
Shining 582393e1ba libdockapp: Info about generating 'configure' script in README
In the README it is said to run ./configure but there's no such script in the
tarball. I wrote instructions to generate a ./configure with libtool and autotools.
2015-10-05 17:38:14 -04:00
Doug Torrance 4cbed06642 wmclock: Bump to version 1.0.16. 2015-09-24 10:16:48 +01:00
Doug Torrance c2462c2e7b wmclock: Get manpage date from ChangeLog instead of manually updating. 2015-09-24 10:16:48 +01:00
Doug Torrance 81952635d5 wmclock: Use defines to get language xpms instead of creating symlinks. 2015-09-24 10:16:48 +01:00
Doug Torrance 1332c07b8f wmclock: Fix "comparison between signed and unsigned integer" warnings. 2015-09-24 10:16:48 +01:00
Johannes Holmberg 5ca72823d7 Allow sound api to be specified in the config file 2015-09-17 03:23:07 +01:00
Johannes Holmberg 7678102e3b Better handling of configuration defaults for the new settings 2015-09-17 03:23:07 +01:00
Johannes Holmberg f28188a36b Improve monitor selection code
- Default to monitor 0 instead of failing if a crazy number is given
- Allow monitor to be specified by osdmonitor in the config file
2015-09-17 03:23:07 +01:00
Johannes Holmberg 3934bbe02f Add a command line option for choosing a monitor for osd display 2015-09-17 03:23:07 +01:00
Johannes Holmberg 5c08e40e12 Draw osd only on the primary monitor if randr extensions are available 2015-09-17 03:23:07 +01:00
Johannes Holmberg a0af850b29 Improve the osd update code
- More logical relationship between volume level and bar length
- No unnecessary drawing
- Volume bar shrinks properly even when volume is lowered very quickly
2015-09-17 03:23:07 +01:00
Johannes Holmberg 96ec41a88f Add native ALSA mixer support 2015-09-17 03:23:07 +01:00
Johannes Holmberg 5a441cd6de Fix a buffer overflow (how did this ever work?) 2015-09-17 03:23:07 +01:00
Doug Torrance 1f4e7e6178 wmbattery: Bump to version 2.50. 2015-08-30 21:24:10 +01:00
Doug Torrance 14526dd328 wmbattery: Free memory allocated by strdup.
This corrects a mistake in [1] noticed by Andrew Shadura [2].

[1] http://repo.or.cz/dockapps.git/commitdiff/29e5012
[2] https://github.com/d-torrance/wmbattery/commit/9f7be30#commitcomment-12965145
2015-08-30 21:24:10 +01:00
Doug Torrance 54b81ad2f6 wmsun: Bump to version 1.05. 2015-08-25 15:39:34 +01:00
Doug Torrance f7a4975e47 wmsun: Fix typos in manpage. 2015-08-25 15:39:34 +01:00
Doug Torrance 24649af391 wmsun: Expand README. 2015-08-25 15:39:34 +01:00
Doug Torrance b1af2eae67 wmppp.app: Bump to version 1.3.2. 2015-08-25 15:38:30 +01:00
Doug Torrance 559f73d745 wmppp.app: Add note about libdockapp to INSTALL. 2015-08-25 15:38:30 +01:00
Doug Torrance ed6f2efc00 wmifs: Bump to version 1.6. 2015-08-25 15:38:01 +01:00
Doug Torrance bde2e76fa2 wmifs: Add note about libdockapp to INSTALL. 2015-08-25 15:38:01 +01:00
Doug Torrance 84b9867ef5 wmtime: Bump to version 1.4. 2015-08-24 07:19:12 +01:00
Doug Torrance 5d9d82f5c4 wmtime: Add note about libdockapp to INSTALL. 2015-08-24 07:19:12 +01:00
Doug Torrance 703ea7fd6d wmbattery: Bump to version 2.49. 2015-08-24 07:18:02 +01:00
Doug Torrance 60476ab087 wmbattery: Add config.h.in to make distclean.
Its absence created a problem for the Debian package.  During the build,
dh_auto_clean results in a call to autoheader, which creates config.h.in.  If
this isn't then removed, we get a dpkg-source error.

Obtained from [1].

[1] https://sources.debian.net/src/wmbattery/2.48-1/debian/patches/clean_config.h.in.patch/
2015-08-24 07:18:02 +01:00
Doug Torrance 8d86fe394f wmload: Bump to version 0.9.7. 2015-08-24 07:17:16 +01:00
Doug Torrance 77359686b0 wmload: Fix -Wunused-result compiler warning.
Obtained from the Debian package [1].

[1] https://sources.debian.net/src/wmload/0.9.6-1/debian/patches/fix_unused_result.patch/
2015-08-24 07:17:16 +01:00
Doug Torrance 67052deb3c wmload: Bump _POSIX_C_SOURCE to 200112L.
Otherwise, we get the following warning during build.
 wmload.c: In function ‘GetLoad’:
 wmload.c:523:10: warning: incompatible implicit declaration of built-in function ‘rint’
    *usr = rint(Maximum * (float)(*usr)   /total);
           ^
Obtained from the Debian package [1].

[1] https://sources.debian.net/src/wmload/0.9.6-1/debian/patches/bump_POSIX_C_SOURCE.patch/
2015-08-24 07:17:16 +01:00
Doug Torrance fc030713c4 wmcalc: Bump to version 0.6. 2015-08-23 08:35:36 +01:00
Doug Torrance a0d989abdf wmcalc: Move changelog from README to new ChangeLog file. 2015-08-23 08:35:36 +01:00
Doug Torrance 65d994a688 wmcalc: Fix manpage spelling.
Avoid Lintian warning in the Debian package.  Obtained from [1].

[1] https://sources.debian.net/src/wmcalc/0.5-1/debian/patches/fix_manpage_spelling.patch/
2015-08-23 08:35:36 +01:00
Doug Torrance cdc66d640f wmcalc: Fix typo in Makefile.
Correctly create the directory /usr/share/man/man1 instead of
/usr/share/man/man1/man1.

Obtained from the Debian package [1].

[1] https://sources.debian.net/src/wmcalc/0.5-1/debian/patches/fix_makefile_typo.patch/
2015-08-23 08:35:36 +01:00
Doug Torrance 66ea05ae67 wmcalc: Increase significant digits.
Patch by Antony Gelberg <antony@wayforth.co.uk> to fix Debian bug #320597 [1].
Obtained from the Debian package [2].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320597
[2] https://sources.debian.net/src/wmcalc/0.5-1/debian/patches/10_bts-320597_increase_significant_digits.patch/
2015-08-23 08:35:36 +01:00
Doug Torrance f6689b791e wmfsm: Bump to version 0.36. 2015-08-21 08:24:26 +01:00
Doug Torrance 2be3432290 wmfsm: Handle errors related to the HOME environment variable.
In particular, if HOME is undefined, then a segmentation fault will occur.
Also, if HOME is at least 245 characters, then a buffer overflow will occur.
We check for these conditions and exit with an error message instead.

Patch obtained from Debian package [1].

[1] https://sources.debian.net/src/wmfsm/0.35-1/debian/patches/handle_HOME_errors.patch/
2015-08-21 08:24:26 +01:00