1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-03-09 15:50:02 +00:00
Commit graph

1556 commits

Author SHA1 Message Date
Jon Trulson
e4ebb27762 Prepare for 2.3.2 release: HISTORY and version number change 2020-01-12 18:10:57 -07:00
Jon Trulson
0adf782142 dtsession, DtSvc: fix CVE-2020-2696/VU#308289
Marco Ivaldi <marco.ivaldi@mediaservice.net> has identified 3
vulnerabilities in CDE.

Two of them could affect our CDE (open-source version), while the 3rd
(sdtcm_convert) is Solaris specific.

The two vulnerabilities, both of which affect dtsession could allow a
local privilege escalation to root.  A POC exists for Solaris.  The
POC will not function on our CDE for two main reasons:

- the POC is Solaris specific
- The overflowed variables in question are allocated on the heap,
  whereas in Solaris these variables are located on the stack.

The first vulnerability allows an extra long palette name to be used
to cause a crash via insufficient validation in
SrvPalette.c:CheckMonitor().

The second, which has not yet been assigned a CERT CVE resides in
SmCreateDirs.c:_DtCreateDtDirs() in libDtSvc.  Due to insufficient
bounds checking, a crash or corruption can be achieved by using a very
long DISPLAY name.

This one is considered difficult to exploit, and no POC code is
available at this time.  CDE 2.x code-bases are also listed as not
vulnerable, however some work has been done anyway to do some proper
bounds checking in this function.

The following text portions are copied from the relevant advisories,
which have not been released as of this writing.

NOTE: Oracle CDE does NOT use CDE 2.3.0a or earlier as mentioned
below.  They are completely different code-bases):

Regarding CVE-2020-2692:

  A buffer overflow in the CheckMonitor() function in the Common
  Desktop Environment 2.3.0a and earlier, as distributed with Oracle
  Solaris 10 1/13 (Update 11) and earlier, allows local users to gain
  root privileges via a long palette name passed to dtsession in a
  malicious .Xdefaults file.

  Note that Oracle Solaris CDE is based on the original CDE 1.x train,
  which is different from the CDE 2.x codebase that was later open
  sourced. Most notably, the vulnerable buffer in the Oracle Solaris
  CDE is stack-based, while in the open source version it is
  heap-based.

Regarding the DtSvc bug, which does not currently have a CERT CVE:

  A difficult to exploit stack-based buffer overflow in the
  _DtCreateDtDirs() function in the Common Desktop Environment version
  distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may
  allow local users to corrupt memory and potentially execute
  arbitrary code in order to escalate privileges via a long X11
  display name. The vulnerable function is located in the libDtSvc
  library and can be reached by executing the setuid program
  dtsession.

  The open source version of CDE (based on the CDE 2.x codebase) is
  not affected.
2020-01-12 18:10:57 -07:00
Jon Trulson
9753b63dab HISTORY: update for 2.3.1 release 2019-11-15 19:06:11 -07:00
Jon Trulson
5fe7ee5b67 Change CDE version info for 2.3.1 release 2019-11-15 18:04:01 -07:00
Nina Didenko
f75ee32e72 sym2num: don't hardcode path to cpp 2019-11-05 18:49:17 -07:00
Nina Didenko
de7fe55d6a merge: don't hardcode path to gencat 2019-11-05 18:49:10 -07:00
Nina Didenko
52caa8b8e6 udbToAny.ksh: don't hardcode path to awk 2019-11-05 18:49:02 -07:00
Nina Didenko
b3f3997bd1 dtinfogen: don't override PATH 2019-11-05 18:48:00 -07:00
Chase
88b46c6a28 il: remove various deprecated files 2019-11-01 17:23:48 -06:00
Chase
0f36a57eff remove more internal jpeg headers 2019-11-01 17:23:24 -06:00
Jon Trulson
d7e5206d6b DtSvc/DtUtil2: fix implicit function declarations 2019-10-28 14:30:43 -06:00
Jon Trulson
dbce2e4337 DtSvc/DtUtil1: fix implicit function declarations 2019-10-28 14:30:36 -06:00
Jon Trulson
5e05b59025 ttserver: fixup forward (vexing) fucntion decl's in main, get rid of **environ 2019-10-19 18:36:54 -06:00
wmoxam
14e385d175 Remove all optional compile flags from dtwm that are not referenced anywhere, and are unlikely to ever be used 2019-10-17 20:34:14 -06:00
Jon Trulson
ab863f212d dtmail: fix extra format args warnings 2019-10-15 21:22:11 -06:00
Jon Trulson
a38f72c0c8 dtmail: fix NULL char embedded in format string 2019-10-15 21:12:17 -06:00
wmoxam
ab741a1241 'notdef' means it's not used, so we remove it 2019-10-15 20:32:13 -06:00
wmoxam
de81a5b518 Remove ancient HP VUE compatibility support 2019-10-15 20:32:05 -06:00
Chase
4107a1b6be Remove old jpeg files 2019-10-14 19:18:40 -06:00
wmoxam
ca9cdf6cfc Remove 'oldcode' 2019-10-14 15:54:43 -06:00
wmoxam
d380b0fac6 Remove legacysun code blocks 2019-10-14 15:54:33 -06:00
wmoxam
e1e2004696 Remove unused HP_EXTENSIONS code blocks 2019-10-14 15:54:25 -06:00
Jon Trulson
7f414f5d35 dtpad: emit error on catopen() failure
This patch was manually added via a diff supplied from a user on the
CDE mailing list: Michele Ghisolfo <ghisolfo.m@gmail.com>
2019-10-14 14:42:21 -06:00
Jon Trulson
1972d3e378 dtfile: Add scroll wheel support
This patch was manually added via a diff supplied from a user on the
CDE mailing list: Michele Ghisolfo <ghisolfo.m@gmail.com>
2019-10-14 14:34:56 -06:00
Jon Trulson
fd3cffcb37 dtcalc: increase highlight thickness to match Solaris CDE
This patch was manually added via a diff supplied from a user on the
CDE mailing list: Michele Ghisolfo <ghisolfo.m@gmail.com>
2019-10-14 14:30:58 -06:00
Jon Trulson
ad94f2089d dtterm: add scroll wheel support
This patch was manually added via a diff supplied from a user on the
CDE mailing list: Michele Ghisolfo <ghisolfo.m@gmail.com>
2019-10-14 14:08:43 -06:00
wmoxam
923951b414 Remove NOTDONE code 2019-10-14 11:57:41 -06:00
Jon Trulson
f2d52e35d6 linux: build all languages by default again
Someday we should be able to detect which languages are installed and
only build support for those.  Until then, build them all.
2019-10-13 22:24:38 -06:00
Jon Trulson
511c2bb427 Merge /u/jrubio/cdesktopenv/ branch discarded-qualifiers into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/17/
2019-10-13 17:09:04 +00:00
Jon Trulson
08a49581b7 Merge /u/jrubio/cdesktopenv/ branch delete-incomplete into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/18/
2019-10-13 17:06:14 +00:00
Jose Rubio
08cea15be5 get rid of the 'extern sys_errlist' and 'sys_nerr' in SysErrorMsg. 2019-10-13 10:23:49 +02:00
Jon Trulson
34b5ee08c8 Merge /u/jrubio/cdesktopenv/ branch incompatible-pointer-types into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/16/
2019-10-12 21:43:45 +00:00
Jose Rubio
5c56c32d17 Fixes for a few -Wincompatible-pointer-types 2019-10-12 22:29:44 +02:00
Jon Trulson
e05d138c4c Merge /u/jrubio/cdesktopenv/ branch int-conversion into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/14/
2019-10-11 23:58:44 +00:00
Jose Rubio
c900cedbc9 Fix to delete-incomplete warnings. 2019-10-11 13:43:08 +02:00
Jose Rubio
0086a7067e Fix to compile warnings.
* discarded-qualifiers warnings.
* Function definitions, the .h doesn't match the .c.
* Added some include to ensure the .c has function definition.
2019-10-11 10:49:48 +02:00
Jose Rubio
f9790767f3 Fix to different compile warnings.
Fix to multiple int-conversion
Removal of duplicated function definition in dtudcfonted/util.h
Added XtEventHandler prototypes to mtfgui
2019-10-10 19:59:40 +02:00
Jose Rubio
20ba7550cd Fix to Wenum-compare
It seems the purpose is to define a constant as an anonymous enum.
that behaviour triggers the enum  compare. Let's make it a constant.
2019-10-10 17:01:56 +02:00
Jose Rubio
707cc1256f Fix openbsd compile build errors due to dependency on libiconv
The path to libiconv is selected in config/cf/OpenBSD.cf reusing the
same trick  as FreeBSD does.
2019-09-27 21:54:06 +02:00
Jose Rubio
4f86508321 Merge branch 'linux-suse-tcl-link' of https://git.code.sf.net/u/jrubio/cdesktopenv into linux-suse-tcl-link 2019-09-16 14:59:24 +02:00
Jose Rubio
507665352f Link TCL libraries and restrict tcl8.6 to SuSE only. 2019-09-16 14:58:21 +02:00
Jose Rubio
523e9ba304 Update TCL libraries link and restrict tcl8.6 only to SuSE. 2019-09-15 19:01:17 +02:00
Jon Trulson
1ebd1a2416 Merge /u/jrubio/cdesktopenv/ branch implicit-int into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/9/
2019-09-12 22:14:19 +00:00
Jon Trulson
6e23c81914 Merge /u/jrubio/cdesktopenv/ branch pointer-compare into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/8/
2019-09-12 22:11:52 +00:00
Jon Trulson
0561080e16 Merge /u/jrubio/cdesktopenv/ branch linux_aarch64 into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/6/
2019-09-12 22:05:43 +00:00
Jon Trulson
086672e193 Merge /u/jrubio/cdesktopenv/ branch dtksh_include_sys_sysmacros into master
https://sourceforge.net/p/cdesktopenv/code/merge-requests/10/
2019-09-12 22:02:51 +00:00
Jose Rubio
51db5ff378 Fix for deprecated warnings related to gnu libc sys macros.
The patch only includes sysmacros for linux, the only target with gnu libc to avoid regression issues.
2019-09-12 13:10:02 +02:00
Jon Trulson
426a18d9ef isfname.c: remove register keyword 2019-09-11 17:48:06 -06:00
Jon Trulson
b53728d3b3 ksh/libast: include sys/sysmacros.h in fmtdev.c for linux systems
Fix scraped from CDE forum post:
24d7511a39/
2019-09-11 17:39:30 -06:00
Jose Rubio
a49aedc946 FIX: Define Aarch64 as little endian so DtInfo compiles. 2019-08-29 11:12:26 +02:00