Fix warnings related to secruity concerns on varargs functions. By specifying
"%s" on single string calls to sprintf() (and related) it's not possible to
have a % in the input string causing random data to be read off the stack.
tmpnam() usage replaced with mkstemp(). Find a suitable tmp directory
checking the TMPDIR environment variable first, then the P_tmpdir
macro and finally /tmp directly.
On 64-bit Linux platforms, check to see if libc.so exists in /usr/lib64.
If found, use it over /usr/lib/libc.so.
The libc.so file is not always in /usr/lib. On multilib systems, the
file we care about could be in /usr/lib64. Likewise, common Linux
conventions call for 64-bit libraries to go in lib64 directories, so
check there first when on a Linux 64-bit system.
Use the same set of langs as on Linux and FreeBSD (no Japanese), don't
redefine a needed macro as no-op, and unset LC_CTYPE in the environment
when building cat files.
We need to use mkcatdefs to build those.
mkcatdefs needs to be built from the open motif
source tree (localized/util/mkcatdefs.c)
and installed as:
cde/imports/motif/localized/util/mkcatdefs
GetBaseName causes segfaults, because when the pathname
ends in a "/" it returns NULL. This happens when trying
to give a valid filename to dtcreate for an icon.
ProcessExecString thought it was returning an array of size 3; however
in C arrays are second-class and there is no direct way to return an
array like this; GCC warning triggered because it was actually
just returning a pointer to local storage. Fixed using malloc.
Also fix some obviously wrong usages of sizeof, although they were
relatively harmless. A little other warning quieting using 0 instead of
NULL.
This code always buffer overflowed, because exactly 2 bytes
less than were used were allocated. This led to dtcreate
crashing when hitting "Find Set..."
The following font families
(or their aliases) will be used:
-adobe-courier-bold-o-normal--*-
-adobe-courier-bold-r-normal--*-
-adobe-courier-medium-o-normal--*-
-adobe-courier-medium-r-normal--*-
-adobe-helvetica-bold-o-normal--*-
-adobe-helvetica-bold-r-normal--*-
-adobe-helvetica-medium-o-normal--*-
-adobe-helvetica-medium-r-normal--*-
-adobe-symbol-medium-r-normal--*-
-adobe-times-bold-i-normal--*-
-adobe-times-bold-r-normal--*-
-adobe-times-medium-i-normal--*-
-adobe-times-medium-r-normal--*-
-b&h-lucidasans-medium-r-normal-sans-*-
-b&h-lucidatypewriter-bold-r-normal-sans-*-
-b&h-lucidatypewriter-medium-r-normal-sans-*-
The files will be installed in
/usr/dt/config/xfonts/C
This directory should be added to the
X server font path:
xset fp+ /usr/dt/config/xfonts/C
and/or via
FontPath "/usr/dt/config/xfonts/C"
in the "Files" section of the xorg.conf file.
We have
pid_t
wait3(int *status, int options, struct rusage *rusage);
on FreeBSD and we don't need (union wait) handling.
Another good candidate for one #ifdef from imake templates.
We have already OPT_BSD_WAIT in ToolTalk's tt_options.h
Add preprocessor directives not to try
to redefine sys_errlist[] or sys_nerr
There are already definitions:
extern __const char *__const sys_errlist[];
extern __const int sys_nerr;
in <stdio.h>
Actually we should have something like
NeedSysErrlist in imake definitions
to get rid of those #ifdefs.
This code tried to automatically generate the X DISPLAY
from the combination of the hostname and display number;
however 127.0.0.1:0 is normally rejected by X11, so this
technique is no good. Fixes dticon hang on startup, caused by
XOpenDisplay failure leading to this message from tttrace:
tt_default_session_set(0x0x875190=="X 127.0.0.1 0") = 1032 (TT_ERR_ACCESS)
BSD make interrupts shell pipeline after
if it cannot run the command:
rm -f Mrm.msg
ln -s ../../../../imports/motif/localized/de_DE.ISO8859-1/msg/Mrm.msg Mrm.msg
Running mkcatdefs for Mrm.cat with LANG set to de_DE.ISO8859-1
( rm -f Mrm.cat Mrm.tmp.msg; LANG=de_DE.ISO8859-1; export LANG; ../../../../imports/motif/localized/util/mkcatdefs Mrm Mrm.msg -h > Mrm.tmp.msg; gencat Mrm.cat Mrm.tmp.msg; rm -f Mrm.tmp.msg )
../../../../imports/motif/localized/util/mkcatdefs: not found
*** Error code 127
After this, an empty Mrm.tmp.msg is left.
- Const strings referenced by non-const variables.
- Incorrect format specifers for printing addresses
- Unused variables
- Signed comparison to unsigned
Also fix an incorrect enumeration value in a switch statement.
Introduce KORNSHELL make variable to point
to the implementation of the Korn Shell.
Use $(SHELL) or $(KORNSHELL) explicitly for
make programs that do not automatically call
shell scripts from the current directory.
dtksh can be now compiled on FreeBSD. Work in progress.
Needs a real Korn shell to bootstrap as $(KSHELL).
KSHELL is set by default to /usr/local/bin/ksh93
(generic POSIX shell may not work)
Tested on:
FreeBSD 9.0-BETA1 #0 r224912M amd64
Known issues:
xvmstat:
* sleep does not work well (SIGSTOP is delivered)
xpong:
* xpong: line 220: ball1x = max_x * 2.2 / 3 : arithmetic syntax error
* dtksh is rebuilt uncondtionally every time make is invoked
Fixes many, though not all 64bit-warnings. In lots of places, pointers are
cast to ints to be then used as array subscripts. The only way to deal with
this is to change them to long. Additionally, use calloc() to allocate the
int_array in istr.c and drop the (wrong) macro patch to istr.h. Should make
dtbuilder work on 32bit again.
Fixes:
agent.c: In function '_DtCm_init_agent':
agent.c:160: warning: passing argument 5 of 'registerrpc' from incompatible pointer type
agent.c:160: warning: passing argument 6 of 'registerrpc' from incompatible pointer type
agent.c:167: warning: passing argument 5 of 'registerrpc' from incompatible pointer type
agent.c:167: warning: passing argument 6 of 'registerrpc' from incompatible pointer type
This reverts commit 0d2f7866ac.
This causes great mayhem in building/generating dtbuilder .msg files
(corrupting them, and inserting '(nil)' all over the place).
These would cause dtbuilder, and any other program built by dtcodegen
to have screwed up colors, missing callbacks and other mayhem.
This was confirmed by others on the list - reverting this made those
issues go away.
It may be that the int -> long is correct, but the NULL check
certainly does not seem to do what was intended. I'll leave it up to
Pascal to investigate :)
cpp was removed from /usr/libexec with FreeBSD 5.0-RELEASE.
Use __FreeBSD_version to tell imake if it's still there.
While here, X.Y.Z versioning ended with FreeBSD 3.0, so
we must be dealing with 2.Y.Z when checking for -lgnumalloc.
A patch from Pascal Stumpf using external jpeg broke linux builds,
since libjpeg needs to be linked in when using a remote jpeg lib.
So, in lnxLib.tmpl, define SharedDtHelpReqs so -ljpeg is used. Also,
in DtHelp/Imakefile, use proper Arch defines so external jpeg libs are
only used on linux, fbsd, and obsd systems.
This is a non-POSIX/ISO-C header. It is ok to include this on Linux, but it
is obsolete on BSD; FreeBSD even throws an error if you include it with
__STDC__ defined. Every system should nowadays have malloc() defined in
stdlib.h.
Diff is largely mechanical, replacing malloc.h with stdlib.h where it is not
yet included anyway.
Nowadays, OpenMotif is itself linked to libjpeg, so pulling in another
version of it causes symbol size mismatches, not to mention the maintenance
burden and security implications arising from keeping our own copy of libjpeg.
We still need some of the header files provided here because they are internal
to libjpeg and not installed on most distributions.
In part of the tooltalk rpc code (mp_message.c), it was assumed that on
the majority of platforms, sizeof(uid_t)=sizeof(gid_t)=sizeof(long). On
Linux-x64, uid_t is an unsigned int, which makes the code fail: all
tooltalk messages fail to send with an RPC_CANTENCODEARGS at the
rpc-level, and TT_INTERNAL_ERR for the actual program. We instead
change the code to explicitly examine sizeof(uid_t) to see whether it is
int or long sized. This allows tooltalk-dependent functinoality
like logout and multiple calls to dtfile to work.
Enums may be represented with a smaller type than int; however, they are
automatically promoted to int when passed in va_arg lists, just as
short, char, etc. are. GCC thus "knows" that you never want to call
va_arg with an enum type, and instead inserts an abort.
strstream.h is now called "strstream" and is obsolete, but use it anyway until
all code is converted over. This also needs std:: added, at least for GCC
4.2.1. Lastly, when hardcoding the path to perl, /usr/bin/perl should be used
rather than anything else.
Some of these older files just clutter up things and do not contribute
much information that is not historical in nature, so preserve them
in an out of the way location.
Mostly this is adding appropriate #includes and declarations,
but for WmImage.c we also change from using the proper name
for XmeGetMask, rather than the identical but renamed
version _DtGetMask which is not exported in any header.
Patch from Pascal Stumpf <Pascal.Stumpf@cubes.de>
The official POSIX name for this signal is SIGCHLD. Linux probably
has SIGCLD only for SysV compatibility, but BSD does not.
Patch from Pascal Stumpf <Pascal.Stumpf@cubes.de>:
So here are all the patches that deal with the fact that modern
compilers assume different scoping rules for variables declared in for
loops. On Linux, -fpermissive has been added as a compiler flag to
compensate for this old C code, but I think it is the wrong approach.
Sorry, couldn't help sneaking in a || defined(CSRG_BASED) and some casts
needed for other reasons ...
Patch from Pascal Stumpf <Pascal.Stumpf@cubes.de>
Most is just copied from the existing imake installation in
/usr/X11R6. Additionally:
* Allow overriding CDESharedRev, X11ProjectRoot and ProjectRoot
* Add a new define to be able to override MINCLUDESRC too
(this allows me to build CDE without symlinking any include directories)
don't use the idiom
char foo[BUFSIZ];
snprintf(foo, BUFSIZ, ....);
but
char foo[BUFSIZ];
snprintf(foo, sizeo foo, ....);
because this will automatically catch situations where the size of foo
is later changed, e.g. like foo[BUFSIZ + 8];
Fix another use of sprintf.
Patch from Robert Tomsick <robert+cde@tomsick.net>:
I believe this fixes vulnerability #3 from CERT CA-1999-11.[1] The other
uses of sprintf in DtAction seem to be safe.
[1] https://www.cert.org/advisories/CA-1999-11.html
Patch from Douglas Mencken <dougmencken@gmail.com>:
"%wc" is Microsoft extension, not supported in every Std C Library. So
if we don't want to print "%wc%wc%wc%wc%..." instead of real chars, we
shall not use it.
Before:
%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wcession[28326]:
_Tt_s_session::s_init(): 1051 (TT_ERR_INTERNAL)!
%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wcession[28326]: waitpid():
No child processes
%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wcession[28326]: child
ttsession exited with status 1
After:
/usr/dt/bin/ttsession[12397]: _Tt_s_session::s_init(): 1051 (TT_ERR_INTERNAL)!
/usr/dt/bin/ttsession[12397]: waitpid(): No child processes
/usr/dt/bin/ttsession[12397]: child ttsession exited with status 1
Patch from Frederic Koehler <f.koehler427@gmail.com>:
These implicit definitions cause segfaults on x64 because
the implicit return type is a 32-bit signed int, rather than a pointer
type.
Patch from Frederic Koehler <f.koehler427@gmail.com>:
Define a final fallback for loading default window manager font;
before exiting, forcefully try to load "fixed" font. This is sufficient
to allow systems where fontList is set to an empty list to startup dtwm,
for now.
dtlogin's genauth routines were trying to open and read /dev/mem on
linux and (presumably) bsd systems in order to obtain random data used
in creating an auth key.
This is bad for a variety of reasons. Newer linux kernels (at least
on 3.2) issue the following warning to the kernel logs:
"Program dtlogin tried to access /dev/mem between 100000->102000."
Now on linux we will use /dev/urandom, and on CSRG_BASED (bsd) systems
we will use /dev/random to obtain some entropy.
With Aaron's fixes to dtdbcache fixing a potential coredump, the
comment block in the write_db() function regarding tmpnam() no longer
applies, and the tmpnam_buf variable is no longer used.
So, remove them :)
Patch from Ulrich Wilkens <mail@uwilkens.de>
I have a little patch for a problem that I found when I tried to
compile dthelp on 64bit FreeBSD. It could also be a problem on other
64bit systems. The problem is that the program context compiles but
fails running with segmentation fault.
context uses the function m_malloc() which is missing a correct
prototype sometimes. Then it's treated to return int instead of void *
. On 64bit systems this cuts off the higher 32 bits because void * is
64bit whereas int is only 32bit.
Patch from Douglas Mencken <dougmencken@gmail.com>:
The issue is that MESSAGE tries to invoke catgets with NULL first
parameter, which is dereferenced inside catgets (Std C Library
function) without checking, from catgets.c source:
if (catalog->name_ptr[idx + 0] == (u_int32_t) set
&& catalog->name_ptr[idx + 1] == (u_int32_t) message)
On the other hand, there's a special value: -1 (cast to nl_catd),
which must be used instead of 0 (NULL) in the case when we are unable
to provide real catalog_desc, from catgets.c source:
/* Be generous if catalog which failed to be open is used. */
if (catalog_desc == (nl_catd) -1 || ++set <= 0 || message < 0)
return (char *) string;
In dtlogin, you can select the language to switch to by selecting it
via Options->Language. Unfortunately this was also including '.' and
'..', since this list is built dynamically by scanning a directory.
Now we screen out '.' and '..'.
The TOG copyrights were being removed after a rebuild, leaving behind
the scary "RESTRICTED" copyright text that was originally there.
The issue was that the TOG copyrights were not properly embedded
within a 'DTB_USER_CODE_START' code block.
dtcodegen does not preserve any code outside DT_USER_CODE START and
END blocks.
Additionally, these objects are built with -merge by dtcodgen, so the
existing 'RESTRICTED' header within the codeblocks was being retained.
It is amazing what mayhem can be caused by a bad define :)
The reason most of the CDE programs were not actually using their
localized catalogs was because their use was being disabled by this
line.
Certain programs like dtwm and dthelp/libDtHelp did their own
localization handling and did not use the results of this define.
This is why they worked properly, and most everything else did not :)
/usr/share/terminfo as well as /usr/share/lib/terminfo
This allows fully functioning dtterm on Ubuntu 12.04 on which the terminfo file
failed to install.
The dtwm DefaultWindowMenu did not list any of the workspace enabled
Occupy commands, which makes it a bit difficult to move windows into a
workspace, or to occupy multiple workspaces.
This was rectified by copying the relevant lines from the
SampleWindowMenu sections containing them that already existed in the
localized files. Tested on C and DE (German).
