From owner-freebsd-ports Sat Jan 26 14:20:16 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4D9EA37B416 for ; Sat, 26 Jan 2002 14:20:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0QMK1w57410; Sat, 26 Jan 2002 14:20:01 -0800 (PST) (envelope-from gnats) Received: from postfix1-2.free.fr (postfix1-2.free.fr [213.228.0.130]) by hub.freebsd.org (Postfix) with ESMTP id D82DB37B404; Sat, 26 Jan 2002 14:18:17 -0800 (PST) Received: from graf.pompo.net (lyon-1-a7-18-96.dial.proxad.net [62.147.18.96]) by postfix1-2.free.fr (Postfix) with ESMTP id 3D373AB225; Sat, 26 Jan 2002 23:18:14 +0100 (CET) Received: by graf.pompo.net (Postfix, from userid 1001) id 06F007607; Sat, 26 Jan 2002 23:15:10 +0100 (CET) Message-Id: <20020126221510.06F007607@graf.pompo.net> Date: Sat, 26 Jan 2002 23:15:10 +0100 (CET) From: Thierry Thomas Reply-To: Thierry Thomas To: FreeBSD-gnats-submit@freebsd.org Cc: Kris Kennaway X-Send-Pr-Version: 3.113 Subject: ports/34313: Security: unbreak french/xtel Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 34313 >Category: ports >Synopsis: Security: unbreak french/xtel >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 26 14:20:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Thierry Thomas >Release: FreeBSD 4.5-RC i386 >Organization: Kabbale Eros >Environment: System: FreeBSD graf.pompo.net 4.5-RC FreeBSD 4.5-RC #0: Sat Jan 12 16:26:48 CET 2002 root@graf.pompo.net:/usr/obj/mntsrc/src/sys/GRAF010429 i386 >Description: This port had been marked "forbidden" by the security officer (buffer overflows in mdmdetect). >How-To-Repeat: Install bfbtester port, and run bfbtester -a mdmdetect. >Fix: The following patch fixes the parsing of arguments in mdmdetect.c, bumps portrevision, and make some cleaning. diff -urN /usr/ports/french/xtel.orig/Makefile /usr/ports/french/xtel/Makefile --- /usr/ports/french/xtel.orig/Makefile Sat Jan 26 15:19:16 2002 +++ /usr/ports/french/xtel/Makefile Sat Jan 26 20:34:33 2002 @@ -7,13 +7,11 @@ PORTNAME= xtel PORTVERSION= 3.3.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= french comms emulators MASTER_SITES= http://pficheux.free.fr/xtel/download/ MAINTAINER= thierry@pompo.net - -FORBIDDEN= "Lots of buffer overflows yielding setuid root" LIB_DEPENDS+= jpeg.9:${PORTSDIR}/graphics/jpeg diff -urN /usr/ports/french/xtel.orig/files/patch-Config.tmpl /usr/ports/french/xtel/files/patch-Config.tmpl --- /usr/ports/french/xtel.orig/files/patch-Config.tmpl Tue Dec 25 22:39:56 2001 +++ /usr/ports/french/xtel/files/patch-Config.tmpl Sat Jan 26 17:50:56 2002 @@ -1,5 +1,5 @@ ---- Config.tmpl.orig Tue Feb 13 09:53:03 2001 -+++ Config.tmpl Sat Jul 28 11:34:57 2001 +--- Config.tmpl.orig Sat Jan 26 17:48:22 2002 ++++ Config.tmpl Sat Jan 26 17:50:24 2002 @@ -13,6 +13,9 @@ * Pas de popup-menu DONT_USE_POPUP (pb LessTif) */ @@ -10,3 +10,20 @@ /* Pour installer le démon */ #define INSTALLDEMON +@@ -41,13 +44,13 @@ + /*#define PURE*/ + + /* Pas de Télétel vitesse rapide */ +-/*#define NO_TVR*/ ++#define NO_TVR + + /* Pour debug du demon "xteld" */ +-#define DEBUG_XTELD ++/*#define DEBUG_XTELD*/ + + /* Pour la distribution RedHat Linux */ +-#define REDHAT ++/*#define REDHAT*/ + + /* Pas de popup-menu (pb LessTif) */ + #define DONT_USE_POPUP diff -urN /usr/ports/french/xtel.orig/files/patch-README_IMINITEL.txt /usr/ports/french/xtel/files/patch-README_IMINITEL.txt --- /usr/ports/french/xtel.orig/files/patch-README_IMINITEL.txt Thu Jan 1 01:00:00 1970 +++ /usr/ports/french/xtel/files/patch-README_IMINITEL.txt Fri Jan 4 23:11:18 2002 @@ -0,0 +1,8 @@ +--- README_IMINITEL.txt.orig Fri Jan 4 21:59:14 2002 ++++ README_IMINITEL.txt Fri Jan 4 23:10:53 2002 +@@ -74,4 +74,4 @@ + de la connexion PPP (login/password) + + /etc/ppp/peers/iminitel Script de lancement de pppd, contient le nom de +- la ligne série utilisée (par défaut ttyS0) ++ la ligne série utilisée (par défaut cuaa0) diff -urN /usr/ports/french/xtel.orig/files/patch-iminitel /usr/ports/french/xtel/files/patch-iminitel --- /usr/ports/french/xtel.orig/files/patch-iminitel Thu Jan 1 01:00:00 1970 +++ /usr/ports/french/xtel/files/patch-iminitel Sat Jan 5 23:15:57 2002 @@ -0,0 +1,10 @@ +--- iminitel/iminitel.orig Fri Jan 4 21:59:14 2002 ++++ iminitel/iminitel Fri Jan 4 23:06:29 2002 +@@ -1,5 +1,5 @@ +-ttyS0 115200 crtscts usepeerdns noipdefault nodefaultroute +-connect '/usr/sbin/chat -v -f /etc/ppp/chat-iminitel' ++cuaa0 115200 crtscts noipdefault nodefaultroute ++connect '/usr/bin/chat -v -f /etc/ppp/chat-iminitel' + noauth + lock + idle 120 diff -urN /usr/ports/french/xtel.orig/files/patch-ip-down.iminitel /usr/ports/french/xtel/files/patch-ip-down.iminitel --- /usr/ports/french/xtel.orig/files/patch-ip-down.iminitel Thu Jan 1 01:00:00 1970 +++ /usr/ports/french/xtel/files/patch-ip-down.iminitel Fri Jan 4 23:16:20 2002 @@ -0,0 +1,8 @@ +--- iminitel/ip-down.iminitel.orig Fri Jan 4 21:59:14 2002 ++++ iminitel/ip-down.iminitel Fri Jan 4 22:38:55 2002 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!%%LOCALBASE%%/bin/bash + # $Id: ip-down.iminitel,v 1.1 2001/02/05 09:34:59 pierre Exp $ + # I-Minitel + if [ "$6" = "iminitel" ]; then diff -urN /usr/ports/french/xtel.orig/files/patch-ip-up.iminitel /usr/ports/french/xtel/files/patch-ip-up.iminitel --- /usr/ports/french/xtel.orig/files/patch-ip-up.iminitel Thu Jan 1 01:00:00 1970 +++ /usr/ports/french/xtel/files/patch-ip-up.iminitel Fri Jan 4 23:16:31 2002 @@ -0,0 +1,8 @@ +--- iminitel/ip-up.iminitel.orig Fri Jan 4 21:59:14 2002 ++++ iminitel/ip-up.iminitel Fri Jan 4 23:01:04 2002 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!%%LOCALBASE%%/bin/bash + # $Id: ip-up.iminitel,v 1.1 2001/02/05 09:34:59 pierre Exp $ + # I-Minitel + if [ "$6" = "iminitel" ]; then diff -urN /usr/ports/french/xtel.orig/files/patch-mdmdetect.c /usr/ports/french/xtel/files/patch-mdmdetect.c --- /usr/ports/french/xtel.orig/files/patch-mdmdetect.c Tue Dec 25 22:39:56 2001 +++ /usr/ports/french/xtel/files/patch-mdmdetect.c Sat Jan 26 22:44:45 2002 @@ -1,5 +1,5 @@ ---- mdmdetect.c.orig Sun Feb 11 01:02:58 2001 -+++ mdmdetect.c Tue Jul 24 00:10:05 2001 +--- mdmdetect.c.orig Sat Jan 26 22:38:32 2002 ++++ mdmdetect.c Sat Jan 26 22:44:35 2002 @@ -37,7 +37,16 @@ #include #include @@ -17,3 +17,51 @@ #ifdef SVR4 #include #endif /* SVR4 */ +@@ -71,6 +80,18 @@ + exit (1); + } + ++char *CtrlArg (arg) ++char *arg; ++{ ++ static char ret[240]; ++ ++ if(strlcpy(ret, arg, 240) >= 240) { ++ fprintf(stderr, "Argument trop long: %s\n", arg); ++ exit (1); ++ } ++ return (ret); ++} ++ + /* Sortie */ + static void the_end (r) + int r; +@@ -228,23 +249,24 @@ + + progname = xtel_basename(av[0]); + +- if (ac < 2) ++ if (ac < 2 || ac > 7) + Usage (progname); + + /* Lecture de la ligne de commande */ + while (--ac) { +- if ((cp = *++av) == NULL) ++ if ((cp = CtrlArg(*++av)) == NULL) { + break; ++ } + if (*cp == '-' && *++cp) { + switch(*cp) { + case 'b' : +- builder = *++av; break; ++ builder = CtrlArg(*++av); break; + + case 'd' : + ++debug; break; + + case 'l' : +- modem_list = *++av; break; ++ modem_list = CtrlArg(*++av); break; + + case 'q' : + query = 1; break; diff -urN /usr/ports/french/xtel.orig/pkg-descr /usr/ports/french/xtel/pkg-descr --- /usr/ports/french/xtel.orig/pkg-descr Sat Nov 10 23:23:55 2001 +++ /usr/ports/french/xtel/pkg-descr Sat Jan 26 20:32:35 2002 @@ -2,7 +2,7 @@ XTEL permet d'émuler un Minitel 1B, 2. Xtel est aussi utilisable en réseau, et il permet d'émuler les TVR et les I-Minitel, mais ceci n'est pas encore -pris en compte ce port FreeBSD. +pris en compte dans ce port FreeBSD. XTEL is an emulator for the Minitel. The Minitel is a passive terminal, used in France to access to different network services via a telephone line. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message