This is a bit of a tricky one. With regard to the first patch (fortify2.patch), while it's expedient, I really don't like the idea of just turning down the FORTIFY_SOURCE option, so I'm afraid I can't sponsor that one.
For the second patch (100_md5_bufferoverflow.patch), this looks much more promising, thank you! The change certainly looks sane and I could easily see how the existing code would potentially lead to buffer overrun. One thing that does concern me is that upstream have apparently had a good tidy-up of their buffer handling code (https://sourceforge.net/p/xymon/code/8123/), but that this change doesn't appear there. To be fair, most of their changes seem either mechanical (ensuring buffer termination after certain operations) or cosmetic, while this proposed change is neither. Still, we generally prefer patches are forwarded upstream so we don't have to maintain them as an Ubuntu delta long term. Could Roland forward the patch upstream? (I note Roland is one of the Debian maintainers of the package, so presumably it doesn't need forwarding to himself there :) Next steps: 1. I'll target this bug to noble and jammy (and oracular implicitly). Although jammy doesn't *appear* affected here, it presumably *is* but it's not noticing the buffer overrun because FORTIFY_SOURCE is lower there. 2. Because we don't appear certain that this patch is indeed the root cause, I'm going to prep a PPA (ppa:waveform/xymon) with builds for oracular, noble, and jammy, containing the second patch here (100_md5_bufferoverflow.patch). Could I ask those interested to try the following and report back if it appears to fix things? ** Also affects: xymon (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: xymon (Ubuntu Noble) Importance: Undecided Status: New ** Changed in: xymon (Ubuntu Noble) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078638 Title: coredumps with Xymon on 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/2078638/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
