Re: conky for lenny (exception possible?)

[Kapil Hari Paranjape <kapil@imsc.res.in>]

Hello,

On Wed, 10 Sep 2008, Marc 'HE' Brockschmidt wrote:
> > If not, I would backport some of the bug fixes (like the buffer
> > overflow) and create a 1.6.0-2.
> 
> Please do.

I have created the necessary changes. (The interdiff between 1.6.0-1
and 1.6.0-2) is attached.

Could you please confirm that this can be uploaded to unstable
enroute to lenny?

Regards,

Kapil.
--

diff -u conky-1.6.0/debian/changelog conky-1.6.0/debian/changelog
--- conky-1.6.0/debian/changelog
+++ conky-1.6.0/debian/changelog
@@ -1,3 +1,14 @@
+conky (1.6.0-2) unstable; urgency=low
+
+  * Backport of fixes from version 1.6.1-1.
+  * debian/patches/ifaddr_buffer_overflow: fix buffer
+    overflow in update_net_stats. Thanks to Miroslav Lichvar.
+  * debian/NEWS: documented the need to re-examine the conky
+    configuration file for the changes since version 1.5.x.
+    Closes: #495864.
+
+ -- Kapil Hari Paranjape <kapil@debian.org>  Wed, 10 Sep 2008 12:10:31 +0530
+
 conky (1.6.0-1) unstable; urgency=low
 
   * New upstream release (1.6.0).
diff -u conky-1.6.0/debian/NEWS conky-1.6.0/debian/NEWS
--- conky-1.6.0/debian/NEWS
+++ conky-1.6.0/debian/NEWS
@@ -1,3 +1,12 @@
+conky (1.6.0-1) unstable; urgency=low
+
+    User's may find that older conky configuration files give
+    unexpected results. This is because some buffer sizes have been
+    "optimized". For the details about these changes please refer
+    to the man page.
+
+ -- Kapil Hari Paranjape <kapil@debian.org>  Tue, 09 Sep 2008 08:44:42 +0530
+
 conky (1.5.1-1) unstable; urgency=low
 
     The system default config file for conky is an external
diff -u conky-1.6.0/debian/patches/series conky-1.6.0/debian/patches/series
--- conky-1.6.0/debian/patches/series
+++ conky-1.6.0/debian/patches/series
@@ -1,3 +1,4 @@
+ifaddr_buffer_overflow
 x86_64_rdtsc
 man_page_type_first_char
 move_compile_end_man_page
only in patch2:
unchanged:
--- conky-1.6.0.orig/debian/patches/ifaddr_buffer_overflow
+++ conky-1.6.0/debian/patches/ifaddr_buffer_overflow
@@ -0,0 +1,33 @@
+I'm getting glibc errors that a buffer overflow is detected. I've
+traced it to the sprintf call on line 428 in linux.c file, where the
+temp_addr array doesn't have space for trailing \0.
+
+The attached patch should fix it.
+
+Miroslav Lichvar
+
+Index: conky-1.6.1/src/linux.c
+===================================================================
+--- conky-1.6.1.orig/src/linux.c	2008-09-08 10:14:57.000000000 +0530
++++ conky-1.6.1/src/linux.c	2008-09-08 10:54:34.000000000 +0530
+@@ -353,7 +353,7 @@
+ 	for (i2 = 0; i2 < 16; i2++) {
+ 		struct net_stat *ns;
+ 		char *s, *p;
+-		char temp_addr[17];
++		char temp_addr[18];
+ 		long long r, t, last_recv, last_trans;
+ 
+ 		if (fgets(buf, 255, net_dev_fp) == NULL) {
+@@ -380,9 +380,9 @@
+ 		memset(&(ns->addr.sa_data), 0, 14);
+ 
+ 		if(NULL == ns->addrs)
+-			ns->addrs = (char*) malloc(17 * 16);
++			ns->addrs = (char*) malloc(17 * 16 + 1);
+ 		if(NULL != ns->addrs)
+-			memset(ns->addrs, 0, 17 * 16); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
++			memset(ns->addrs, 0, 17 * 16 + 1); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
+ 
+ 		last_recv = ns->recv;
+ 		last_trans = ns->trans;

Attachment: signature.asc
Description: Digital signature