Index: head/x11-wm/spectrwm/Makefile =================================================================== --- head/x11-wm/spectrwm/Makefile (revision 452307) +++ head/x11-wm/spectrwm/Makefile (revision 452308) @@ -1,67 +1,70 @@ # Created by: Aragon Gouveia # $FreeBSD$ PORTNAME= spectrwm DISTVERSIONPREFIX= SPECTRWM_ DISTVERSION= 3_1_0 +PORTREVISION= 1 CATEGORIES= x11-wm MAINTAINER= zeising@FreeBSD.org COMMENT= Small, dynamic tiling window manager for X11 LICENSE= ISCL LIB_DEPENDS+= libxcb-util.so:x11/xcb-util \ libxcb-icccm.so:x11/xcb-util-wm \ libxcb-keysyms.so:x11/xcb-util-keysyms RUN_DEPENDS+= dmenu:x11/dmenu USE_GITHUB= yes GH_ACCOUNT= conformal OPTIONS_DEFINE= EXAMPLES .include USE_XORG= x11 xcb xcursor xft xrandr xt USE_LDCONFIG= yes CONFEXAMPLES= spectrwm_cz.conf \ spectrwm_es.conf \ spectrwm_fr.conf \ spectrwm_fr_ch.conf \ spectrwm_se.conf \ spectrwm_us.conf SCRIPTEXAMPLES= baraction.sh \ screenshot.sh + +EXTRA_PATCHES= ${FILESDIR}/ea3e6da-oob-fix.patch post-patch: @${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|g' ${WRKSRC}/spectrwm.* do-build: ${CC} ${CFLAGS} -Wall -Werror -I${LOCALBASE}/include \ -I${LOCALBASE}/include/freetype2 -I${WRKSRC}/freebsd \ -lutil -L${LOCALBASE}/lib -lX11 -lX11-xcb -lxcb -lxcb-icccm \ -lxcb-keysyms -lxcb-randr -lxcb-util -lxcb-xtest -lXcursor \ -lXft -DSWM_LIB=\"${PREFIX}/lib/libswmhack.so\" \ -o ${WRKSRC}/${PORTNAME} ${WRKSRC}/${PORTNAME}.c ${CC} ${CFLAGS} -Wall -Werror -I${LOCALBASE}/include -shared -fpic -DPIC \ -o ${WRKSRC}/libswmhack.so ${WRKSRC}/lib/swm_hack.c do-install: ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin ${INSTALL_LIB} ${WRKSRC}/libswmhack.so ${STAGEDIR}${PREFIX}/lib ${INSTALL_MAN} ${WRKSRC}/spectrwm.1 ${STAGEDIR}${MAN1PREFIX}/man/man1 ${INSTALL_DATA} ${WRKSRC}/spectrwm.conf ${STAGEDIR}${PREFIX}/etc/spectrwm.conf.sample do-install-EXAMPLES-on: ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for file in ${CONFEXAMPLES} ${INSTALL_DATA} ${WRKSRC}/${file} ${STAGEDIR}${EXAMPLESDIR} .endfor .for file in ${SCRIPTEXAMPLES} ${INSTALL_SCRIPT} ${WRKSRC}/${file} ${STAGEDIR}${EXAMPLESDIR} .endfor .include Index: head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch =================================================================== --- head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch (nonexistent) +++ head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch (revision 452308) @@ -0,0 +1,30 @@ +From ea3e6da62247572e92c4ba00f70eab73f6254adf Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Sat, 14 Oct 2017 10:22:31 +0200 +Subject: [PATCH] Fix OOB while reading bar input. + +If the status bar script returns NUL as the first character through +stdin, spectrwm is prone to an out of boundary access. Depending on +the memory layout of the machine, it could turn into an OOB write. + +The fix is simple: If the string is empty, do not further check for +newline character. + +Signed-off-by: Tobias Stoeckmann +--- + spectrwm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/spectrwm.c b/spectrwm.c +index 9d3ec23..9b0ad2c 100644 +--- spectrwm.c ++++ spectrwm.c +@@ -2761,7 +2761,7 @@ bar_extra_update(void) + while (fgets(b, sizeof(b), stdin) != NULL) { + if (bar_enabled) { + len = strlen(b); +- if (b[len - 1] == '\n') { ++ if (len > 0 && b[len - 1] == '\n') { + /* Remove newline. */ + b[--len] = '\0'; + Property changes on: head/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property