Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 26 Jul 2014, 05:25
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects
pUPnGO - 6Mb ISO - Basic Building Block Puplet
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 48 of 58 [868 Posts]   Goto page: Previous 1, 2, 3, ..., 46, 47, 48, 49, 50, ..., 56, 57, 58 Next
Author Message
goingnuts

Joined: 07 Dec 2008
Posts: 779

PostPosted: Sun 06 Jan 2013, 06:54    Post subject:  

Jan99: Thanks for reporting this severe bug! It should be fixed now.
Back to top
View user's profile Send private message Visit poster's website 
starhawk

Joined: 22 Nov 2010
Posts: 2759
Location: Everybody knows this is nowhere...

PostPosted: Sun 06 Jan 2013, 12:33    Post subject:  

@Jan99: FYI, see here --> http://murga-linux.com/puppy/viewtopic.php?p=675823#675823

Hope that's helpful Wink

_________________
Loving X-Slacko 1.1! Get the PetGet patch on pg8; it's important.
Next system will be an HP MOCA-AR + Core2Duo in an innovative case... if I ever get off my butt and build it Razz
Back to top
View user's profile Send private message 
Jan99

Joined: 01 Jan 2013
Posts: 6

PostPosted: Sun 06 Jan 2013, 14:55    Post subject: pUPnGO
Subject description: Cryptoloop
 

@starhawk,

I had already seen that Thanks anyway.

There should be my bug report in the first place sorry for posting it here.

Yes now encrypted save file is working perfectly.
Back to top
View user's profile Send private message 
goingnuts

Joined: 07 Dec 2008
Posts: 779

PostPosted: Sat 02 Feb 2013, 15:50    Post subject:  

I have been messing with XFree86 4.8.0 and created a static build of XFree86 which holds a lot of drivers for various graphic cards. Attached a build with mesa and glx. The install is a bit tricky as not much in pupngo/puppy is targeted XFree86:
Install the package
Delete your present X symlink (rm -f /usr/X11R7/bin/X)
Symlink XFree86 to X (cd /usr/X11R7/bin; ln -s Xfree86 X)
Now exit to prompt
run 'XFree86 -configure'
Copy the generated /root/XF86Config.new to /etc/X11 (cp /root/XF86Config.new /etc/X11)
start X with xinit

You should now be running XFree86.
It quite big (>3MB upx-ed, > 8Mb uncompressed) but delivers the following extensions:

Quote:
BIG-REQUESTS
DEC-XTRAP
DPMS
FontCache
GLX
LBX
MIT-SCREEN-SAVER
MIT-SHM
MIT-SUNDRY-NONSTANDARD
RANDR
RECORD
RENDER
SGI-GLX
SHAPE
SYNC
TOG-CUP
X-Resource
XC-MISC
XFree86-Bigfont
XFree86-DGA
XFree86-Misc
XFree86-VidModeExtension
XInputExtension
XKEYBOARD
XTEST
XVideo

I do not know much about the configuring of XFree86 - but changing things in /etc/X11/XF86Config is the way to go.
I got my mouse scroll working with:
Quote:
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "imps/2"
Option "Device" "/dev/mouse"
Option "ZAxisMapping" "4 5"
EndSection

ohh - and the download link Smile
Back to top
View user's profile Send private message Visit poster's website 
technosaurus


Joined: 18 May 2008
Posts: 4279

PostPosted: Sat 02 Feb 2013, 16:49    Post subject:  

I previously mentioned mupdf's thirdparty archive has minimal (read-only) configurations of freetype, jpeg, openjpeg, zlib and jbig2 (the config files are in mupdf's scripts directory)

I just wanted to add that libpng similarly has a lot of user configurable parameters but no preexisting build actually builds the library, but inside the contrib subdirectory, they do have a shortcut to making a read-only png library (useful for everything except image editors)

I can put these together to use in the libtiny package (probably could drop the X11) if others are interested... probably shift to musl as well as the 0.9.9 release seems to build quite nicely

does anyone have input on a C++ library? uclibc++ seems to work ok with musl, but the ustl project looks promising

btw, I started working on this in light of jwm's recent support for svg images via librsvg, but am trying to port it to use libsvg or libtinysvg instead to avoid the cairo dependency (I decided on libsvg because libtinysvg doesn't support embedded png/jpeg images AFAIK)

_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Sun 03 Feb 2013, 03:22    Post subject:  

technosaurus wrote:
I previously mentioned mupdf's thirdparty archive has minimal (read-only) configurations of freetype, jpeg, openjpeg, zlib and jbig2 (the config files are in mupdf's scripts directory)

I just wanted to add that libpng similarly has a lot of user configurable parameters but no preexisting build actually builds the library, but inside the contrib subdirectory, they do have a shortcut to making a read-only png library (useful for everything except image editors)

I can put these together to use in the libtiny package (probably could drop the X11) if others are interested... probably shift to musl as well as the 0.9.9 release seems to build quite nicely

does anyone have input on a C++ library? uclibc++ seems to work ok with musl, but the ustl project looks promising

btw, I started working on this in light of jwm's recent support for svg images via librsvg, but am trying to port it to use libsvg or libtinysvg instead to avoid the cairo dependency (I decided on libsvg because libtinysvg doesn't support embedded png/jpeg images AFAIK)


There is a libpnglite, somewhere...no idea what the difference is.

ustl needs source changes: it uses <ustl.h> and namespace ustl.
Back to top
View user's profile Send private message 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Tue 05 Feb 2013, 11:27    Post subject:  

Code:
$ ls -l Xfbdev Xvesa
-rwxr-xr-x 1 idunham idunham 557972 Feb  4 22:39 Xfbdev
-rwxr-xr-x 1 idunham idunham 574264 Feb  4 22:39 Xvesa

Linked with my patched version of musl statically (I had to change __{u,g}id_t to {u,g}id_t and {IF,IOPL}_MASK to X86_EFLAGS_{IF,IOPL} for Xvesa to work.)

Now for the fun part:
It errors complaining about bieng unable to find default font "fixed" and not being able to open /usr/X11R7/lib/X11/fonts/misc
I'm running Debian Squeeze, so this is well away from the real location. What does
Code:
find /usr/X11R7/lib/X11/fonts/
show on a pupngo system with working tinyx?
Back to top
View user's profile Send private message 
goingnuts

Joined: 07 Dec 2008
Posts: 779

PostPosted: Tue 05 Feb 2013, 11:35    Post subject:  

Just tested in pupngo2012 and it says:
Quote:
/usr/X11R7/lib/X11/fonts
/usr/X11R7/lib/X11/fonts/100dpi
/usr/X11R7/lib/X11/fonts/75dpi
/usr/X11R7/lib/X11/fonts/CID
/usr/X11R7/lib/X11/fonts/Speedo
/usr/X11R7/lib/X11/fonts/TTF
/usr/X11R7/lib/X11/fonts/Type1
/usr/X11R7/lib/X11/fonts/misc
Back to top
View user's profile Send private message Visit poster's website 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Tue 05 Feb 2013, 15:40    Post subject:  

goingnuts wrote:
Just tested in pupngo2012 and it says:
Quote:
/usr/X11R7/lib/X11/fonts
/usr/X11R7/lib/X11/fonts/100dpi
/usr/X11R7/lib/X11/fonts/75dpi
/usr/X11R7/lib/X11/fonts/CID
/usr/X11R7/lib/X11/fonts/Speedo
/usr/X11R7/lib/X11/fonts/TTF
/usr/X11R7/lib/X11/fonts/Type1
/usr/X11R7/lib/X11/fonts/misc


OK, thanks.
Solution was to change -DCOMPILEDFONTDIR to /usr/share/fonts/X11...and fonts worked.
OTOH, my system's terminal didn't get keyboard input, probably due to xkb.

I've made a couple more changes to os/utils.c, backporting security fixes. Several other security fixes are needed, though; I plan to post my sources as soon as I have them added.
-if you define USE_CHMOD, it allows an attacker to change the permissions of any file on the system
-and there's another bug that's harder to explain
Code:
commit 3b3cf4a05aabf56aeca7edb65c2a3455fd65c265
Author: Isaac Dunham <idunham@lavabit.com>
Date:   Tue Feb 5 10:00:27 2013 -0800

    Fix CVE-2011-4028, CVE-2011-4029.
   
    Based on patches by Matthieu Herrb.
    Avoid revealing whether file exists (|O_NOFOLLOW)
    and avoid race that allows setting any file to mode 0444
    (delete USE_CHMOD, which was vulnerable).

diff --git a/os/utils.c b/os/utils.c
index ef42a24..147ce01 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -294,11 +294,10 @@ LockServer()
   (void) sprintf(pid_str, "%10ld\n", (long)getpid());
   (void) write(lfd, pid_str, 11);
 #ifndef __EMX__
-#ifndef USE_CHMOD
+  /*
+   * Don't use chmod, ever. CVE-2011-4029: file permission change vulnerability
+   */
   (void) fchmod(lfd, 0444);
-#else
-  (void) chmod(tmp, 0444);
-#endif
 #endif
   (void) close(lfd);
 
@@ -319,8 +318,9 @@ LockServer()
     else {
       /*
        * Read the pid from the existing file
+       * Don't follow symlinks, CVE-2011-4028
        */
-      lfd = open(LockFile, O_RDONLY);
+      lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
       if (lfd < 0) {
         unlink(tmp);
         FatalError("Can't read lock file %s\n", LockFile);
Back to top
View user's profile Send private message 
goingnuts

Joined: 07 Dec 2008
Posts: 779

PostPosted: Tue 05 Feb 2013, 16:08    Post subject:  

Cool! Any chance that one could "backport" the composite? Would be nice if we could get more of the extensions added (as a choice) and working...
Back to top
View user's profile Send private message Visit poster's website 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Tue 05 Feb 2013, 21:26    Post subject:  

goingnuts wrote:
Cool! Any chance that one could "backport" the composite? Would be nice if we could get more of the extensions added (as a choice) and working...

http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.7-branch&id=d690556d496c7331bd112903a0c9e6553c7d3342
That's the commit that added it.
Judging by age, it should be practical...but, it's 4000+ lines.
Once you get too much "backporting" done, you end up with pretty much the same thing as the newer code, and lose the size advantage of the older code. The security fixes alone will probably cost a few kb. I have about four more to go.

And FYI:
Upstream Xorg hasn't supported TOG-CUP since 2008.

UPDATE:
It turns out only about 6 of ~10 CVEs affected tiny-Xserver.
The rest were in code that was not present. Wink
Back to top
View user's profile Send private message 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Wed 06 Feb 2013, 01:19    Post subject:  

OK, I've gotten the CVE backports done.
You'll probably want to keep standard_definitions.mk from 0.02, since I've adjusted it for a musl build on Debian.
Also, adding -DHAVE_STDINT_H=1 will allow including stdint.h...but MAX_UINT32 is defined manually otherwise.

Hmmm. Attachment is too big. Max Size: 256 kb.
I can squeeze the tarball down to 870kb, but no further (that's xz -9c).

So I'm uploading a diff and no more.


I'll see about putting this on github too.
tinyXserver.diff.gz
Description  The diff from 0.02 to 0.03, compressed with gzip.
Apply with patch -p1
gz

 Download 
Filename  tinyXserver.diff.gz 
Filesize  4.4 KB 
Downloaded  136 Time(s) 
Back to top
View user's profile Send private message 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Wed 06 Feb 2013, 03:00    Post subject:  

Here's the missing functions for xkb:
Code:
noXkbExtension
ProcessKeyboardEvent
ProcessPointerEvent
XkbApplyMappingChange
XkbDisableComputedAutoRepeats
XkbExtensionInit
XkbFilterEvents
XkbFinishDeviceInit
XkbFreeInfo
XkbFreeSrvLedInfo
XkbHandleBell
XkbInitDevice
XkbProcessArguments
XkbRemoveResourceClient
XkbSetIndicators
XkbSetRepeatKeys
XkbUseMsg
Back to top
View user's profile Send private message 
goingnuts

Joined: 07 Dec 2008
Posts: 779

PostPosted: Wed 06 Feb 2013, 12:37    Post subject:  

Ibidem: Thanks a lot for looking at this! I could not get the patch to /hw/kdrive/vesa/vm86.c to build - otherwise it seems ok. I also have FontCache extension to show up (xdpyinfo) but does not work correct (needed for abiword).
Did initial trial to implement the composite but failed so have been looking for a release of Xorg/Xfree with composite and where Kdrive is present but found none. Anyone know where to look?
Back to top
View user's profile Send private message Visit poster's website 
Ibidem

Joined: 25 May 2010
Posts: 463
Location: State of Jefferson

PostPosted: Wed 06 Feb 2013, 14:04    Post subject:  

goingnuts wrote:
Ibidem: Thanks a lot for looking at this! I could not get the patch to /hw/kdrive/vesa/vm86.c to build - otherwise it seems ok. I also have FontCache extension to show up (xdpyinfo) but does not work correct (needed for abiword).
Did initial trial to implement the composite but failed so have been looking for a release of Xorg/Xfree with composite and where Kdrive is present but found none. Anyone know where to look?

1: Which libc? uClibc or musl?
I should note that in the latter case, it requires a patched version (my g_hack branch from github.com/idunham/musl )
In the former case, I'm guessing it's a kernel-specific issue. Current uClibc includes <asm/vm86.h>, which includes <asm/processor-flags.h>, which currently defines X86_EFLAGS_* rather than *_MASK.
I could use
Code:
#ifndef IF_MASK
#ifdef X86_EFLAGS_IF
#define IF_MASK X86_EFLAGS_IF
#define IOPL_MASK X86_EFLAGS_IOPL
#endif
#endif


2. I'm under the impression it should be Xorg 6.8.? or later (possibly, there's some sort of patch for that version), or xorg-xserver 1.4 to 1.6.x

However, there's pretty few programs that need composite, afaict.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 48 of 58 [868 Posts]   Goto page: Previous 1, 2, 3, ..., 46, 47, 48, 49, 50, ..., 56, 57, 58 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Projects
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1212s ][ Queries: 13 (0.0256s) ][ GZIP on ]