Index: branches/2017Q4/x11-wm/spectrwm/Makefile =================================================================== --- branches/2017Q4/x11-wm/spectrwm/Makefile (revision 452544) +++ branches/2017Q4/x11-wm/spectrwm/Makefile (revision 452545) @@ -1,56 +1,59 @@ # Created by: Aragon Gouveia # $FreeBSD$ PORTNAME= spectrwm DISTVERSIONPREFIX= SPECTRWM_ DISTVERSION= 3_0_2 +PORTREVISION= 1 CATEGORIES= x11-wm MAINTAINER= zeising@FreeBSD.org COMMENT= Small, dynamic tiling window manager for X11 LICENSE= ISCL LIB_DEPENDS+= libxcb-util.so:x11/xcb-util \ libxcb-icccm.so:x11/xcb-util-wm \ libxcb-keysyms.so:x11/xcb-util-keysyms RUN_DEPENDS+= dmenu:x11/dmenu USE_GITHUB= yes GH_ACCOUNT= conformal USE_XORG= x11 xcb xcursor xft xrandr xt USE_LDCONFIG= yes PORTEXAMPLES= spectrwm_cz.conf \ spectrwm_es.conf \ spectrwm_fr.conf \ spectrwm_fr_ch.conf \ spectrwm_se.conf \ spectrwm_us.conf + +EXTRA_PATCHES= ${FILESDIR}/ea3e6da-oob-fix.patch post-patch: @${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|g' ${WRKSRC}/spectrwm.* do-build: ${CC} ${CFLAGS} -I${LOCALBASE}/include \ -I${LOCALBASE}/include/freetype2 -I${WRKSRC}/freebsd \ -lutil -L${LOCALBASE}/lib -lX11 -lX11-xcb -lxcb -lxcb-icccm \ -lxcb-keysyms -lxcb-randr -lxcb-util -lxcb-xtest -lXcursor \ -lXft -DSWM_LIB=\"${PREFIX}/lib/libswmhack.so\" \ -o ${WRKSRC}/${PORTNAME} ${WRKSRC}/${PORTNAME}.c ${CC} ${CFLAGS} -I${LOCALBASE}/include -shared -fpic -DPIC \ -o ${WRKSRC}/libswmhack.so ${WRKSRC}/lib/swm_hack.c do-install: ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/screenshot.sh ${STAGEDIR}${PREFIX}/bin ${INSTALL_LIB} ${WRKSRC}/libswmhack.so ${STAGEDIR}${PREFIX}/lib ${INSTALL_MAN} ${WRKSRC}/spectrwm.1 ${STAGEDIR}${MAN1PREFIX}/man/man1 ${INSTALL_DATA} ${WRKSRC}/spectrwm.conf ${STAGEDIR}${PREFIX}/etc/spectrwm.conf.sample ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for conf in ${PORTEXAMPLES} ${INSTALL_DATA} ${WRKSRC}/${conf} ${STAGEDIR}${EXAMPLESDIR} .endfor .include Index: branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch =================================================================== --- branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch (nonexistent) +++ branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch (revision 452545) @@ -0,0 +1,30 @@ +From ea3e6da62247572e92c4ba00f70eab73f6254adf Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Sat, 14 Oct 2017 10:22:31 +0200 +Subject: [PATCH] Fix OOB while reading bar input. + +If the status bar script returns NUL as the first character through +stdin, spectrwm is prone to an out of boundary access. Depending on +the memory layout of the machine, it could turn into an OOB write. + +The fix is simple: If the string is empty, do not further check for +newline character. + +Signed-off-by: Tobias Stoeckmann +--- + spectrwm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/spectrwm.c b/spectrwm.c +index 9d3ec23..9b0ad2c 100644 +--- spectrwm.c ++++ spectrwm.c +@@ -2761,7 +2761,7 @@ bar_extra_update(void) + while (fgets(b, sizeof(b), stdin) != NULL) { + if (bar_enabled) { + len = strlen(b); +- if (b[len - 1] == '\n') { ++ if (len > 0 && b[len - 1] == '\n') { + /* Remove newline. */ + b[--len] = '\0'; + Property changes on: branches/2017Q4/x11-wm/spectrwm/files/ea3e6da-oob-fix.patch ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4 =================================================================== --- branches/2017Q4 (revision 452544) +++ branches/2017Q4 (revision 452545) Property changes on: branches/2017Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r452308