diff --git a/xscreensaver-5.42-0002-xjack-avoid-freeing-string-literal-when-window-is-sm.patch b/xscreensaver-5.42-0002-xjack-avoid-freeing-string-literal-when-window-is-sm.patch new file mode 100644 index 0000000..439423a --- /dev/null +++ b/xscreensaver-5.42-0002-xjack-avoid-freeing-string-literal-when-window-is-sm.patch @@ -0,0 +1,54 @@ +From 54078e99a710643df1fa7c2568c8c98113ef4c8f Mon Sep 17 00:00:00 2001 +From: Mamoru TASAKA +Date: Tue, 25 Jun 2019 13:54:03 +0900 +Subject: [PATCH] xjack: avoid freeing string literal when window is small + +Downstream bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1723461 +When the window of a hack is small, xjack causes segfault like: + +Thread 1 (Thread 0x7f97a8825580 (LWP 19681)): +#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 +#1 0x00007f97a90f0895 in __GI_abort () at abort.c:79 +#2 0x00007f97a9148d4f in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f97a9257aad "%s\n") at ../sysdeps/posix/libc_fatal.c:181 +#3 0x00007f97a914f5fc in malloc_printerr (str=str@entry=0x7f97a9259338 "munmap_chunk(): invalid pointer") at malloc.c:5361 +#4 0x00007f97a914f8c4 in munmap_chunk (p=) at malloc.c:2840 +#5 0x00005604f185d418 in xjack_init (dpy=0x5604f1ab91d0, window=48255003) at ../../hacks/xjack.c:100 +#6 0x00005604f185c9f5 in run_screenhack_table (ft=0x5604f18680e0 , anim_state=0x0, window2=0, window=48255003, dpy=0x5604f1ab91d0) at ../../hacks/screenhack.c:567 +#7 main (argc=, argv=) at ../../hacks/screenhack.c:987 + ft = + xgwa = {x = 372, y = 109, width = 350, height = 263, border_width = 0, depth = 24, visual = 0x5604f1ac36e0, root = 330, class = 1, bit_gravity = 1, win_gravity = 1, backing_store = 0, backing_planes = 4294967295, backing_pixel = 0, save_under = 0, colormap = 32, map_installed = 1, map_state = 2, all_event_masks = 4423728, your_event_mask = 131073, do_not_propagate_mask = 0, override_redirect = 0, screen = 0x5604f1ab2e90} + +Note that xgwa.width is 350 here. So in xjack_init(), fontname is "re"initialized at +the line 96 with static buffer, so at the line 100 freeing() this buffer causes +segfault. + +This patch aviods freeing this buffer and also avoids (small) memory leak. +--- + hacks/xjack.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hacks/xjack.c b/hacks/xjack.c +index 27e4c9e..d563dec 100644 +--- a/hacks/xjack.c ++++ b/hacks/xjack.c +@@ -88,12 +88,15 @@ xjack_init (Display *dpy, Window window) + st->window = window; + st->s = source; + st->delay = get_integer_resource (st->dpy, "delay", "Integer"); +- fontname = get_string_resource (st->dpy, "font", "Font"); + + XGetWindowAttributes (st->dpy, st->window, &st->xgwa); + + if (st->xgwa.width <= 480) +- fontname = "-*-courier-medium-r-*-*-*-180-*-*-m-*-*-*"; ++ { ++ fontname = strdup ("-*-courier-medium-r-*-*-*-180-*-*-m-*-*-*"); ++ } else { ++ fontname = get_string_resource (st->dpy, "font", "Font"); ++ } + + st->font = load_font_retry (st->dpy, fontname); + if (!st->font) abort(); +-- +2.21.0 + diff --git a/xscreensaver-5.42-0062-sonar-support-linux-capability.patch b/xscreensaver-5.42-0062-sonar-support-linux-capability.patch new file mode 100644 index 0000000..696a84d --- /dev/null +++ b/xscreensaver-5.42-0062-sonar-support-linux-capability.patch @@ -0,0 +1,247 @@ +From b4028c5e0fe9b493537df112ed4333e38e1cebd3 Mon Sep 17 00:00:00 2001 +From: Mamoru TASAKA +Date: Fri, 14 Jun 2019 11:30:04 +0900 +Subject: [PATCH] sonar: support linux capability + +Nowadays it is not needed to have setuid bit to create +SOCK_RAW packets: only having CAP_NET_RAW capability is needed +and for example on recent distros "ping" utility uses +that capability and does not use setuid bit anymore. + +This patch support linux capability. +--- + configure.in | 53 ++++++++++++++++++++++++++++++++++++++++++ + hacks/glx/Makefile.in | 24 ++++++++++++++++++- + hacks/glx/sonar-icmp.c | 45 ++++++++++++++++++++++++++++++++++- + 3 files changed, 120 insertions(+), 2 deletions(-) + +diff --git a/configure.in b/configure.in +index f8ed25e..512abf6 100644 +--- a/configure.in ++++ b/configure.in +@@ -332,6 +332,9 @@ AH_TEMPLATE([HAVE_PTHREAD], + AH_TEMPLATE([HAVE_RECORD_ANIM], + [Define this to enable recording of videos.]) + ++AH_TEMPLATE([HAVE_LIBCAP], ++ [Define this if your system have libcap.]) ++ + # After checking to see that --srcdir is correct (which AC_INIT does) + # check for some random other files that come later in the tar file, + # to make sure everything is here. +@@ -3898,6 +3901,46 @@ elif test "$setuid_hacks" != no; then + exit 1 + fi + ++############################################################################### ++# ++# And check whether it's ok to install some hacks with some capability ++# This should be more safe than using setuid, but let's give people the option. ++# ++############################################################################### ++ ++setcap_hacks_default=no ++setcap_hacks="$setcap_hacks_default" ++AC_ARG_WITH(setcap-hacks, ++[ --with-setcap-hacks Allow some demos to be installed with non-default capability ++ (which is needed in order to ping other hosts.) ++], ++ [setcap_hacks="$withval"], [setcap_hacks="$setuid_hacks_default"]) ++ ++HANDLE_X_PATH_ARG(setcap_hacks, --with-setcap-hacks, hacks with capability) ++ ++if test "$setcap_hacks" = yes; then ++ true ++elif test "$setcap_hacks" != no; then ++ echo "error: must be yes or no: --with-cap-hacks=$setcap_hacks" ++ exit 1 ++fi ++if test "$setcap_hacks" = yes; then ++ AC_CHECK_PROG([have_setcap], [setcap], [yes], [no]) ++ if test "$have_setcap" = yes ; then ++ PROG_SETCAP="setcap" ++ else ++ AC_MSG_ERROR([Making hacks installed with capability needs \"setcap\" program.]) ++ fi ++ ++ PKG_CHECK_MODULES([LIBCAP], [libcap], have_libcap=yes, have_libcap=no) ++ if test "x$have_libcap" = "xyes" ; then ++ AC_DEFINE([HAVE_LIBCAP]) ++ else ++ echo "Hacks using capability must be linked with libcap library." ++ exit 1 ++ fi ++fi ++ + + ############################################################################### + # +@@ -4020,6 +4063,12 @@ else + SETUID_HACKS=no + fi + ++if test "$setcap_hacks" = yes; then ++ SETCAP_HACKS=yes ++else ++ SETCAP_HACKS=no ++fi ++ + tab=' ' + if test "$have_gl" = yes; then + GL_EXES='$(GL_EXES)' +@@ -4121,8 +4170,12 @@ AC_SUBST(GLE_LIBS) + AC_SUBST(XDPMS_LIBS) + AC_SUBST(XINERAMA_LIBS) + AC_SUBST(PASSWD_LIBS) ++AC_SUBST(LIBCAP_CFLAGS) ++AC_SUBST(LIBCAP_LIBS) ++AC_SUBST(PROG_SETCAP) + AC_SUBST(INSTALL_SETUID) + AC_SUBST(SETUID_HACKS) ++AC_SUBST(SETCAP_HACKS) + AC_SUBST(INSTALL_DIRS) + AC_SUBST(NEED_SETUID) + AC_SUBST(INSTALL_PAM) +diff --git a/hacks/glx/Makefile.in b/hacks/glx/Makefile.in +index 91e4d51..4144e90 100644 +--- a/hacks/glx/Makefile.in ++++ b/hacks/glx/Makefile.in +@@ -43,6 +43,8 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ + INSTALL_SETUID = @INSTALL_SETUID@ + INSTALL_DATA = @INSTALL_DATA@ + INSTALL_DIRS = @INSTALL_DIRS@ ++PROG_SETCAP = @PROG_SETCAP@ ++SETCAP_FLAGS = cap_net_raw=p + + X_CFLAGS = @X_CFLAGS@ + X_LIBS = @X_LIBS@ +@@ -60,6 +62,8 @@ HACK_LIBS = $(HACK_PRE) @ANIM_LIBS@ $(HACK_POST2) + PNG_LIBS = $(HACK_PRE) @PNG_LIBS@ $(HACK_POST2) + GLE_LIBS = $(HACK_PRE) @GLE_LIBS@ @PNG_LIBS@ $(HACK_POST2) + TEXT_LIBS = @PTY_LIBS@ ++LIBCAP_CFLAGS = @LIBCAP_CFLAGS@ ++LIBCAP_LIBS = @LIBCAP_LIBS@ + + HACK_SRC = $(srcdir)/.. + HACK_BIN = .. +@@ -203,6 +207,7 @@ GL_EXES = cage gears moebius pipes sproingies stairs superquadrics \ + maze3d handsy + GLE_EXES = extrusion + SUID_EXES = sonar ++SETCAP_EXES = sonar + GL_UTIL_EXES = xscreensaver-gl-helper + JWZGLES_OBJS = @JWZGLES_OBJS@ + HACK_EXES_1 = @GL_EXES@ @GLE_EXES@ +@@ -321,6 +326,23 @@ install-program:: $(EXES) + exit 1 ; \ + fi ; \ + done ; \ ++ \ ++ exes="${SETCAP_EXES}" ; \ ++ if test @SETCAP_HACKS@ = yes ; then \ ++ for program in $$exes ; do \ ++ if test -e $$idir/$$program ; then \ ++ echo $(PROG_SETCAP) $(SETCAP_FLAGS) $$idir/$$program ; \ ++ if $(PROG_SETCAP) $(SETCAP_FLAGS) $$idir/$$program ; then \ ++ true ; \ ++ else \ ++ echo "WARNING: unable to setcap $$program: installed without capability." ; \ ++ echo "" ; \ ++ fi ; \ ++ else \ ++ exit 1 ; \ ++ fi ; \ ++ done ; \ ++ fi ; \ + fi + + +@@ -898,7 +920,7 @@ skytentacles: skytentacles.o $(TENTACLE_OBJS) + + SONAR_OBJS=sonar-sim.o sonar-icmp.o $(HACK_TRACK_OBJS) + sonar: sonar.o $(SONAR_OBJS) +- $(CC_HACK) -o $@ $@.o $(SONAR_OBJS) $(HACK_LIBS) ++ $(CC_HACK) -o $@ $@.o $(SONAR_OBJS) $(LIBCAP_CFLAGS) $(HACK_LIBS) $(LIBCAP_LIBS) + + JIGSAW_OBJS=normals.o $(UTILS_BIN)/spline.o $(HACK_TRACK_GRAB_OBJS) + jigsaw: jigsaw.o $(JIGSAW_OBJS) +diff --git a/hacks/glx/sonar-icmp.c b/hacks/glx/sonar-icmp.c +index 862f358..94c9553 100644 +--- a/hacks/glx/sonar-icmp.c ++++ b/hacks/glx/sonar-icmp.c +@@ -68,6 +68,9 @@ + # ifdef HAVE_GETIFADDRS + # include + # endif ++#if defined(HAVE_LIBCAP) ++# include ++#endif + #endif /* HAVE_ICMP || HAVE_ICMPHDR */ + + #if defined(HAVE_ICMP) +@@ -1568,6 +1571,45 @@ parse_mode (sonar_sensor_data *ssd, char **error_ret, char **desc_ret, + return hostlist; + } + ++static Bool ++set_net_raw_capalibity(int enable_p) ++{ ++ Bool ret_status = False; ++#if defined(HAVE_LIBCAP) ++ cap_t cap_status; ++ cap_value_t cap_value[] = { CAP_NET_RAW, }; ++ cap_flag_value_t cap_flag_value; ++ cap_flag_value_t new_value = enable_p ? CAP_SET : CAP_CLEAR; ++ ++ cap_status = cap_get_proc(); ++ do { ++ cap_flag_value = CAP_CLEAR; ++ ++ if (cap_get_flag(cap_status, CAP_NET_RAW, CAP_EFFECTIVE, &cap_flag_value)) break; ++ if (cap_flag_value == new_value) { ++ ret_status = True; ++ break; ++ } ++ ++ cap_set_flag(cap_status, CAP_EFFECTIVE, 1, cap_value, new_value); ++ if (!cap_set_proc(cap_status)) { ++ ret_status = True; ++ } ++ } while(0); ++ ++ if (cap_status) cap_free(cap_status); ++#endif ++ ++ return ret_status; ++} ++ ++static Bool ++set_ping_capability(void) ++{ ++ if (geteuid() == 0) return True; ++ return set_net_raw_capalibity(True); ++} ++ + + sonar_sensor_data * + sonar_init_ping (Display *dpy, char **error_ret, char **desc_ret, +@@ -1628,7 +1670,7 @@ sonar_init_ping (Display *dpy, char **error_ret, char **desc_ret, + { + socket_initted_p = True; + } +- else if (geteuid() == 0 && ++ else if (set_ping_capability() && + (pd->icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) >= 0) + { + socket_initted_p = True; +@@ -1648,6 +1690,7 @@ sonar_init_ping (Display *dpy, char **error_ret, char **desc_ret, + + /* Disavow privs */ + setuid(getuid()); ++ set_net_raw_capalibity(False); + + pd->pid = getpid() & 0xFFFF; + pd->seq = 0; +-- +2.21.0 +