Bug#889740: xmotd: crashes when built with hardening
Hello,
so, I suggest the attached patch for a solution. It removes most compile
time warnings and makes xmotd to not crash (tested on stretch amd64).
Regards
ChristophRemove compiler and linker warnings
Index: xmotd-1.17.3b/atom.c
===
--- xmotd-1.17.3b.orig/atom.c 2018-02-13 10:44:27.104309051 +0100
+++ xmotd-1.17.3b/atom.c 2018-02-13 10:44:27.096309028 +0100
@@ -29,6 +29,7 @@
*/
#include
+#include
#include
#include
#include
Index: xmotd-1.17.3b/main.c
===
--- xmotd-1.17.3b.orig/main.c 2018-02-13 10:44:27.104309051 +0100
+++ xmotd-1.17.3b/main.c 2018-02-13 10:44:27.096309028 +0100
@@ -205,9 +205,10 @@
: end-of-file()";
char *
-getTimeStampName()
+getTimeStampName(void)
{
static char buf[256];
+ int result;
sprintf(buf, "%s/%s", getenv("HOME"), app_res.stampfile);
@@ -215,10 +216,12 @@
{
char domainame[256];
- getdomainname(domainame, 256);
+ result = getdomainname(domainame, 256);
strcat(buf, ".");
- strcat(buf, domainame);
+
+ if (result == 0)
+ strcat(buf, domainame);
}
return(buf);
@@ -394,7 +397,7 @@
if ((dir = opendir(argv[i])))
{
- while (dp = readdir(dir))
+ while ((dp = readdir(dir)))
{
if (dp->d_ino == 0)
continue;
@@ -481,139 +484,21 @@
/* next check if any messages need to be displayed, if there
aren't any, go back to sleep; otherwise return to display
messages*/
- if(numsg=numFilesToDisplay(gargc, gargv)) return(numsg);
- }
-
-}
-
-
-main(argc, argv)
-int argc;
-char **argv;
-{
- extern Boolean atomExists(String);
- Display *display;
- register int i, start=0;
- int numsg;
-
-
- if ((argc > 1) && !(strcmp(argv[1],"-help")))
- {
- printUsage(argv[0]); /* and exit */
- }
-
- /* Test to see whether we are connected to an X display. If we
- aren't, we proceed in text-only mode: bare-bones functionality;
- output to stdout. Why bare-bones, I hear you asking? Well, X
- does all the command-line options parsing for me and I don't feel
- like duplicating all that code. So there.*/
-
- if((display=XOpenDisplay((char *)NULL))==NULL)
- {
-
- if(argc<2)
- {
- fprintf(stderr, "xmotd: ERROR, missing file.\n");
- printUsage(argv[0]); /* and exit */
- }
- else
- {
- extern void runInTextMode();
- runInTextMode(argc, argv); /* ...and exit... */
- }
-
- fprintf(stderr,"Never gets here!\n");
- exit(0);/* just in case */
-
- }
- else
- {
- XCloseDisplay(display);
- }
-
- /* we have to init the toolkit *before* we check the command-line so
- we can use X's parsing routines, since -geom options, etc. may be
- specified, in which case, the motd-filename is *not* the 2nd
- argument*/
- topLevel = XtVaAppInitialize(&app_con, "XMotd", options,
- XtNumber(options),
- &argc, argv, fallback_resources,
- NULL);
-
- XtGetApplicationResources(topLevel, (caddr_t) &app_res,
- resources, XtNumber(resources),
- (ArgList) NULL, (Cardinal) 0);
-
- if(argc<2)
- {
- fprintf(stderr,"xmotd: ERROR, missing file\n");
- printUsage(argv[0]); /* and exit */
- }
-
- if(app_res.paranoid && !app_res.warnfile)
- {
- fprintf(stderr,"xmotd: ERROR, specified \"-paranoid\" without \"-warnfile\"\n");
- printUsage(argv[0]); /* and exit */
- }
-
- strcpy(timeStamp, getTimeStampName());
-
- gargc=argc;
- gargv=argv;
-
- /* first figure out how many of the files supplied on the
- command-line we will be actually displaying; i.e. we only show
- the new ones (unless -always has been specified, in which case we
- show all of them)*/
- numsg=numFilesToDisplay(argc, argv);
-
- if(!app_res.periodic && !numsg)
- {
- /* if none of the messages need to be displayed and -wakeup not
- specified */
-
- XtDestroyApplicationContext(app_con);
- exit(0);
- }
-
- if(app_res.periodic) /*-wakeup or -timeout specified*/
- {
-
- /*ensure no other copies of xmotd are running*/
- if(atomExists(app_res.atomname)){
- XtDestroyApplicationContext(app_con);
- exit(0);
- }
-
- if(fork()) exit(0); /*we have to daemonize ourselves*/
- alreadyForked=1; /* make a note of it */
-
- if(!numsg)
- {
- /* if no messages to be displayed, we sleep */
- numsg=runSilentRunDeep(getAlarmTime(app_res.periodic));
- }
-
+ if((numsg=numFilesToDisplay(gargc, gargv))) return(numsg);
}
- createWidgets(numsg);
- nextMessage((Widget)NULL, (caddr_t)NULL, (caddr_t)NULL);
-
- XtAddEventHandler(topLevel, (EventMask)0, True,
- (XtEventHandler)_XEditResCheckMessages, 0);
-
- XtRealizeWidget(topLevel);
- XtAppMainLoop(app_con);
}
-createWidgets(int anymsg)
+void createWidgets(int anymsg)
{
- Widget form, paned, logo, mlabel, hline;
+ Widget form, logo, mlabel, hline;
XtTranslations shift1TransTable, tailTransTable;
Pixel fg, b
Bug#868283: cups-browsed ignores "DefaultPolicy authenticated" from cupsd.conf
Package: cups-browsed Version: 1.11.6-3 Severity: critical Dear maintainers, cups-browsed from Debian stretch ignores the "DefaultPolicy authenticated" entry in my cupsd.conf, so that all browsed-imported printers in /etc/cups/printers.conf are listed with "OpPolicy default". That differs from how it was in older Debian versions and their cups-browseds, and it allows users to print with another user id than their own without authentication, critical in an environment like ours where users have to pay for their print quota. Regards Christoph
Bug#865976: mdadm destroys my LSI Megaraid software raid
Package: mdadm Version: 3.3.2-5+deb8u2 Severity: critical Dear maintainers, I created a virtual drive in the the RAID-Setup of a computer with LSI Megaraid software raid support. Then I booted from my self-created installation DVD (that has mdadm installed), let it partition the virtual drive and installed a basic system on the drive. But at the next boot, when I wanted to start from the basic system on the drive, that was not possible because the virtual raid drive had disappeared, that means the drive was neither shown in the boot order list, nor in the RAID setup routine of the computer. My temporary solution was to switch back to dmraid, which handled my RAID setup without destroying it. Regards Christoph
Bug#864423: Software RAID is not activated at boot time
Package: dmraid Version: 1.0.0.rc16-5 Severity: critical Dear maintainers, dmraid in jessie currently does not activate my software raid. As the boot/root partition is on the raid, my machine does not boot. The reason is that in /usr/share/initramfs-tools/scripts/local-top/dmraid, the call of "dmraid -r -c" results in /dev/sdb /dev/sda so that dmraid-activate is run with these parameters, and dmraid-activate calls Raid_Name=$(dmraid -i -r -cr /dev/$Node_Name | grep -vi "No RAID disks" | grep -vi "formats discovered") As $Node_Name already contains "/dev", in my case dmraid is called with parameters /dev/dev/sdb and /dev/dev/sda . Regards Christoph
Bug#544687: libpam-unix2: forks numerous instances of unix2_chkpwd
On Sun, 27 May 2012 21:53:59 +0200 Jakub Wilk wrote: > >It seems that this only happens when a user wants to unlock the > >screen, not when logging in. > > Does it happen regardless of whether the entered password was correct > or not? This is always happening, regardless of if the password is correct or not. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Hello, > For your information, security uploads for etch and lenny have been > done, so we are close to release a Debian Security Announce (DSA) > with a fix (we are only missing a few builds for etch). > > I have also build the lenny package for i386 and uploaded it here: > http://temp.aurel32.net/glibc-nis/ . Would it be possible that you > test that everything is still working as expected before releasing > the DSA? Thanks in advance. I tested your packages and everything worked as expected. Regards Christoph -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#519947: resolvconf destroys /etc/resolv.conf on every boot
Package: resolvconf Version: 1.42 Severity: critical Justification: breaks unrelated software Hello, after installing resolvconf (because it is recommended by vpnc), my file /etc/resolv.conf was overwritten by only a comment that the file should not be edited by hand. Because it contained no information about nameserver configuration, all resolution of DNS host names did not work anymore. To make DNS resolution work again, I restored my old /etc/resolv.conf, but after the next reboot, the file again only contained the comment mentioned above. I think that this bug is critical, as it makes networking nearly unusable. Surely, most users do not want to type in IP addresses. Regards Christoph -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages resolvconf depends on: ii coreutils 6.10-6 The GNU core utilities ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip resolvconf recommends no packages. resolvconf suggests no packages. -- debconf information: * resolvconf/linkify-resolvconf: true * resolvconf/downup-interfaces: resolvconf/link-tail-to-original: false -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#492348: libpam-devperm: Breaks execution of at jobs
Package: libpam-devperm Version: 1.5-2 Severity: critical Justification: breaks unrelated software Hello, as you can see in the bug description for Debian Bug #418560, at jobs are not executed if I include "session required pam_devperm.so" to my /etc/pam.d/common-session. I do not know if this is a problem in at or in libpam-devperm. Regards Christoph -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libpam-devperm depends on: ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries libpam-devperm recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#418560: unreproducible
Hello Mario, > I have the same version installed here and I can't agree that this bug > exists, I tested it here on my local machine in the office: > > [EMAIL PROTECTED]:~$ at 11:40 > warning: commands will be executed using /bin/sh > at> echo test | mail [EMAIL PROTECTED] > at> > job 1 at Mon Apr 16 11:40:00 2007 > [EMAIL PROTECTED]:~$ atq > 1 Mon Apr 16 11:40:00 2007 a mario > > Exactly on time the command was executed (as I can see in > /var/log/mail.log) so I think you use the program in a wrong way?! > Maybe you forgot to finish scheduling the job with Ctrl+D. No, I used at in the same way as I did before under sarge. My favourite way to execute the at command is something like this: for host in ; do ssh -l root $host 'echo "shutdown -r +5" | at 16:43'; done This works on sarge, but fails on etch. I can see that the job starts running, because the output of atq changes from "1 Sun Apr 15 16:43:00 2007 a root" to "1 Sun Apr 15 16:43:00 2007 = root", but the job is not completed and stays in the queue. Regards Christoph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#418675: kdelibs: missing dependency on g++
Package: kdelibs Version: 4:3.5.5a.dfsg.1-8 Severity: serious Justification: no longer builds from source Hello, I tried to build kdelibs from source but got an error message during the configure process. I found out that the problem could be solved by installing package g++. Regards Christoph Pleger -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-686-irb Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kdelibs depends on: ii kdelibs-data 4:3.5.5a.dfsg.1-8 core shared data for all KDE appli ii kdelibs4c2a4:3.5.5a.dfsg.1-8 core libraries and binaries for al kdelibs recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#418560: at: fails to execute jobs
Package: at Version: 3.1.10 Severity: grave Justification: renders package unusable I tried to execute a simple job (creating a file) as user root on several machines, but on none of the machines the file has been created. I can see that execution of the job was started (atq shows that the job is running), but it never ends and no mail is sent to me. I also tried other users and other jobs (e.g. executing a shutdown), none of them was completed successfully. Regards Christoph Pleger -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-686-irb Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages at depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libpam0g0.79-4 Pluggable Authentication Modules l ii lsb-base3.1-23.1 Linux Standard Base 3.1 init scrip ii ssmtp [mail-transport-agent 2.61-11.1extremely simple MTA to get mail o at recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
