diff options
author | Krzysztof Pawlik <nelchael@gentoo.org> | 2005-10-26 18:58:38 +0000 |
---|---|---|
committer | Krzysztof Pawlik <nelchael@gentoo.org> | 2005-10-26 18:58:38 +0000 |
commit | b03ea88e76b4b7ae255b8651724f54ed4d8842d5 (patch) | |
tree | 47969ff9b3d3b63e43c5bdf00810aafab3668528 | |
parent | New upstream version. (diff) | |
download | historical-b03ea88e76b4b7ae255b8651724f54ed4d8842d5.tar.gz historical-b03ea88e76b4b7ae255b8651724f54ed4d8842d5.tar.bz2 historical-b03ea88e76b4b7ae255b8651724f54ed4d8842d5.zip |
Fix security bug 108365.
Package-Manager: portage-2.0.53_rc6
-rw-r--r-- | media-gfx/xloadimage/ChangeLog | 8 | ||||
-rw-r--r-- | media-gfx/xloadimage/Manifest | 23 | ||||
-rw-r--r-- | media-gfx/xloadimage/files/digest-xloadimage-4.1-r4 | 2 | ||||
-rw-r--r-- | media-gfx/xloadimage/files/xloadimage-gentoo.patch | 258 | ||||
-rw-r--r-- | media-gfx/xloadimage/xloadimage-4.1-r4.ebuild | 82 |
5 files changed, 357 insertions, 16 deletions
diff --git a/media-gfx/xloadimage/ChangeLog b/media-gfx/xloadimage/ChangeLog index 7cded6ca99a7..d57664c49016 100644 --- a/media-gfx/xloadimage/ChangeLog +++ b/media-gfx/xloadimage/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-gfx/xloadimage # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.20 2005/09/17 11:54:43 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.21 2005/10/26 18:58:38 nelchael Exp $ + +*xloadimage-4.1-r4 (26 Oct 2005) + + 26 Oct 2005; Krzysiek Pawlik <nelchael@gentoo.org> + +files/xloadimage-gentoo.patch, +xloadimage-4.1-r4.ebuild: + Fix security bug 108365. *xloadimage-4.1-r2 (25 Aug 2005) diff --git a/media-gfx/xloadimage/Manifest b/media-gfx/xloadimage/Manifest index 19ac4163d1be..26de2f531c25 100644 --- a/media-gfx/xloadimage/Manifest +++ b/media-gfx/xloadimage/Manifest @@ -1,21 +1,14 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166 -MD5 078fc3ab12c2f7564321ccdb25dda6f7 xloadimage-4.1-r1.ebuild 1987 -MD5 c70706f60bc9c49272d9117bd7d0ea00 xloadimage-4.1-r2.ebuild 2036 -MD5 eb2e15ec1eb2e879d416b8692be3cee6 xloadimage-4.1-r3.ebuild 2072 -MD5 10e21541a07360d273a86c48d141d1c8 ChangeLog 4462 +MD5 024b38330a09e5fd65fdbbae64dc3f67 ChangeLog 4640 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r1 140 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r2 140 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r3 140 +MD5 1e91f350f870e196e1f181a27f3fd1ab files/digest-xloadimage-4.1-r4 140 MD5 fb91a22d37e6c6db534f1dc81add707e files/xloadimage-4.1-endif.patch 321 MD5 c411c977cc7ae79dd96aad933980dbb2 files/xloadimage-4.1-include-errno_h.patch 303 MD5 9208b10866e00f1e47bb12a7f8bec04a files/xloadimage-4.1-zio-shell-meta-char.diff 1372 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.2 (GNU/Linux) - -iD8DBQFDLAQYKf2g/qXtneoRAtL7AKCpOeUbCIze3taOYJSVqVWUubpYEACgunFp -YrnhG94CBVc8tulEIauKPvI= -=424i ------END PGP SIGNATURE----- +MD5 49ea6a01c79f1540896bd264c3606cb3 files/xloadimage-gentoo.patch 8956 +MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166 +MD5 078fc3ab12c2f7564321ccdb25dda6f7 xloadimage-4.1-r1.ebuild 1987 +MD5 c70706f60bc9c49272d9117bd7d0ea00 xloadimage-4.1-r2.ebuild 2036 +MD5 eb2e15ec1eb2e879d416b8692be3cee6 xloadimage-4.1-r3.ebuild 2072 +MD5 5adee4c3f0c34e022b7a62538982b4ac xloadimage-4.1-r4.ebuild 2132 diff --git a/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4 b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4 new file mode 100644 index 000000000000..6446a21b6b17 --- /dev/null +++ b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4 @@ -0,0 +1,2 @@ +MD5 8f5cc72c54ea730ba99026f006e71e10 xloadimage-4.1-gentoo.diff.bz2 41390 +MD5 7331850fc04056ab8ae6b5725d1fb3d2 xloadimage.4.1.tar.gz 596021 diff --git a/media-gfx/xloadimage/files/xloadimage-gentoo.patch b/media-gfx/xloadimage/files/xloadimage-gentoo.patch new file mode 100644 index 000000000000..896786680e30 --- /dev/null +++ b/media-gfx/xloadimage/files/xloadimage-gentoo.patch @@ -0,0 +1,258 @@ +diff -ru xloadimage.4.1.orig/config.c xloadimage.4.1/config.c +--- xloadimage.4.1.orig/config.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/config.c 2005-10-22 15:58:16.000000000 +0200 +@@ -313,12 +313,13 @@ + * -1 if access denied or not found, 0 if ok. + */ + +-int findImage(name, fullname) ++int findImage(name, fullname, size) + char *name, *fullname; ++ size_t size; + { unsigned int p, e; + struct stat sbuf; + +- strcpy(fullname, name); ++ strncpy(fullname, name, size); + if (!strcmp(name, "stdin")) /* stdin is special name */ + return(0); + +@@ -327,7 +328,7 @@ + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #ifndef NO_COMPRESS +- strcat(fullname, ".Z"); ++ strncat(fullname, ".Z", size); + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #endif +@@ -336,12 +337,12 @@ + #ifdef VMS + sprintf(fullname, "%s%s", Paths[p], name); + #else +- sprintf(fullname, "%s/%s", Paths[p], name); ++ snprintf(fullname, size, "%s/%s", Paths[p], name); + #endif + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #ifndef NO_COMPRESS +- strcat(fullname, ".Z"); ++ strncat(fullname, ".Z", size); + if (! stat(fullname, &sbuf)) + #endif + return(fileIsOk(fullname, &sbuf)); +@@ -349,12 +350,12 @@ + #ifdef VMS + sprintf(fullname, "%s%s%s", Paths[p], name, Exts[e]); + #else +- sprintf(fullname, "%s/%s%s", Paths[p], name, Exts[e]); ++ snprintf(fullname, size, "%s/%s%s", Paths[p], name, Exts[e]); + #endif + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #ifndef NO_COMPRESS +- strcat(fullname, ".Z"); ++ strncat(fullname, ".Z", size); + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #endif +@@ -362,11 +363,11 @@ + } + + for (e= 0; e < NumExts; e++) { +- sprintf(fullname, "%s%s", name, Exts[e]); ++ snprintf(fullname, size, "%s%s", name, Exts[e]); + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #ifndef NO_COMPRESS +- strcat(fullname, ".Z"); ++ strncat(fullname, ".Z", size); + if (! stat(fullname, &sbuf)) + return(fileIsOk(fullname, &sbuf)); + #endif +@@ -392,7 +393,7 @@ + #ifdef VMS + sprintf(buf, "directory %s", Paths[a]); + #else +- sprintf(buf, "ls %s", Paths[a]); ++ snprintf(buf, sizeof(buf)-1, "ls %s", Paths[a]); + #endif + if (system(buf) < 0) { + #ifdef VMS +diff -ru xloadimage.4.1.orig/imagetypes.c xloadimage.4.1/imagetypes.c +--- xloadimage.4.1.orig/imagetypes.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/imagetypes.c 2005-10-22 15:51:31.000000000 +0200 +@@ -17,7 +17,7 @@ + /* SUPPRESS 560 */ + + extern int errno; +-extern int findImage(char *name, char *fullname); ++extern int findImage(char *name, char *fullname, size_t size); + + /* load a named image + */ +@@ -32,7 +32,7 @@ + Image *image; + int a; + +- if (findImage(name, fullname) < 0) { ++ if (findImage(name, fullname, BUFSIZ) < 0) { + if (errno == ENOENT) + fprintf(stderr, "%s: image not found\n", name); + else +@@ -109,7 +109,7 @@ + { char fullname[BUFSIZ]; + int a; + +- if (findImage(name, fullname) < 0) { ++ if (findImage(name, fullname, BUFSIZ) < 0) { + if (errno == ENOENT) + fprintf(stderr, "%s: image not found\n", name); + else +diff -ru xloadimage.4.1.orig/jpeg.c xloadimage.4.1/jpeg.c +--- xloadimage.4.1.orig/jpeg.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/jpeg.c 2005-10-22 16:02:03.000000000 +0200 +@@ -19,7 +19,7 @@ + #undef debug + + #ifdef DEBUG +-# define debug(xx) fprintf(stderr,xx) ++# define debug(xx) fprintf(stderr, "%s", xx) + #else + # define debug(xx) + #endif +diff -ru xloadimage.4.1.orig/mcidas.c xloadimage.4.1/mcidas.c +--- xloadimage.4.1.orig/mcidas.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/mcidas.c 2005-10-22 15:48:49.000000000 +0200 +@@ -63,7 +63,7 @@ + minute = (time % 10000) / 100; + second = (time % 100); + +- sprintf(buf, "%d:%2.2d:%2.2d %s %d, %d (day %d)", ++ snprintf(buf, 29, "%d:%2.2d:%2.2d %s %d, %d (day %d)", + hour, minute, second, month_info[month].name, day, year, + (date % 1000)); + return(buf); +diff -ru xloadimage.4.1.orig/png.c xloadimage.4.1/png.c +--- xloadimage.4.1.orig/png.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/png.c 2005-10-22 16:02:20.000000000 +0200 +@@ -30,7 +30,7 @@ + #undef debug + + #ifdef DEBUG +-# define debug(xx) fprintf(stderr,xx) ++# define debug(xx) fprintf(stderr, "%s", xx) + #else + # define debug(xx) + #endif +diff -ru xloadimage.4.1.orig/reduce.c xloadimage.4.1/reduce.c +--- xloadimage.4.1.orig/reduce.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/reduce.c 2005-10-22 15:48:49.000000000 +0200 +@@ -502,7 +502,7 @@ + + depth= colorsToDepth(n); + new_image= newRGBImage(image->width, image->height, depth); +- sprintf(buf, "%s (%d colors)", image->title, n); ++ snprintf(buf, BUFSIZ - 1, "%s (%d colors)", image->title, n); + new_image->title= dupString(buf); + + /* calculate RGB table from each color area. this should really calculate +diff -ru xloadimage.4.1.orig/rle.c xloadimage.4.1/rle.c +--- xloadimage.4.1.orig/rle.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/rle.c 2005-10-22 16:00:06.000000000 +0200 +@@ -21,7 +21,7 @@ + #undef debug + + #ifdef DEBUG +-# define debug(xx) fprintf(stderr,xx) ++# define debug(xx) fprintf(stderr, "%s", xx) + #else + # define debug(xx) + #endif +diff -ru xloadimage.4.1.orig/rotate.c xloadimage.4.1/rotate.c +--- xloadimage.4.1.orig/rotate.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/rotate.c 2005-10-22 15:48:49.000000000 +0200 +@@ -70,7 +70,7 @@ + { printf(" Rotating image by %d degrees...", degrees); + fflush(stdout); + } +- sprintf(buf, "%s (rotated by %d degrees)", simage->title, degrees); ++ snprintf(buf, BUFSIZ - 1, "%s (rotated by %d degrees)", simage->title, degrees); + + image1 = simage; + image2 = NULL; +diff -ru xloadimage.4.1.orig/tiff.c xloadimage.4.1/tiff.c +--- xloadimage.4.1.orig/tiff.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/tiff.c 2005-10-22 15:48:49.000000000 +0200 +@@ -133,14 +133,14 @@ + switch (info->photometric) { + case PHOTOMETRIC_MINISBLACK: + if (info->bitspersample > 1) { +- sprintf(buf, "%d-bit greyscale ", info->bitspersample); ++ snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample); + return(buf); + } + else + return "white-on-black "; + case PHOTOMETRIC_MINISWHITE: + if (info->bitspersample > 1) { +- sprintf(buf, "%d-bit greyscale ", info->bitspersample); ++ snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample); + return(buf); + } + else +diff -ru xloadimage.4.1.orig/window.c xloadimage.4.1/window.c +--- xloadimage.4.1.orig/window.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/window.c 2005-10-22 15:48:50.000000000 +0200 +@@ -606,7 +606,7 @@ + else { + char def_geom[30]; + +- sprintf(def_geom, "%ux%u+0+0", image->width, image->height); ++ snprintf(def_geom, 29, "%ux%u+0+0", image->width, image->height); + XGeometry(disp, scrn, opt->info.geometry.string, def_geom, 0, 1, 1, 0, 0, + (int *)&winx, (int *)&winy, (int *)&winwidth, (int *)&winheight); + } +diff -ru xloadimage.4.1.orig/zio.c xloadimage.4.1/zio.c +--- xloadimage.4.1.orig/zio.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/zio.c 2005-10-22 15:48:50.000000000 +0200 +@@ -233,7 +233,7 @@ + strcpy (s, "'"); + debug(("Filtering image through '%s'\n", filter->filter)); + zf->type= ZPIPE; +- sprintf(buf, "%s %s", filter->filter, fname); ++ snprintf(buf, BUFSIZ - 1, "%s %s", filter->filter, fname); + lfree (fname); + if (! (zf->stream= popen(buf, "r"))) { + lfree((byte *)zf->filename); +diff -ru xloadimage.4.1.orig/zoom.c xloadimage.4.1/zoom.c +--- xloadimage.4.1.orig/zoom.c 2005-10-22 15:47:17.000000000 +0200 ++++ xloadimage.4.1/zoom.c 2005-10-22 15:48:50.000000000 +0200 +@@ -63,23 +63,23 @@ + if (!xzoom) { + if (verbose) + printf(" Zooming image Y axis by %d%%...", yzoom); +- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom); ++ snprintf(buf, BUFSIZ - 1, "%s (Y zoom %d%%)", oimage->title, yzoom); + } + else if (!yzoom) { + if (verbose) + printf(" Zooming image X axis by %d%%...", xzoom); +- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom); ++ snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%%)", oimage->title, xzoom); + } + else if (xzoom == yzoom) { + if (verbose) + printf(" Zooming image by %d%%...", xzoom); +- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom); ++ snprintf(buf, BUFSIZ - 1, "%s (%d%% zoom)", oimage->title, xzoom); + } + else { + if (verbose) + printf(" Zooming image X axis by %d%% and Y axis by %d%%...", + xzoom, yzoom); +- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, ++ snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, + xzoom, yzoom); + } + if (verbose) diff --git a/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild b/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild new file mode 100644 index 000000000000..3211e827703e --- /dev/null +++ b/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild,v 1.1 2005/10/26 18:58:38 nelchael Exp $ + +inherit alternatives eutils flag-o-matic + +MY_P="${P/-/.}" +S=${WORKDIR}/${MY_P} +DESCRIPTION="utility to view many different types of images under X11" +HOMEPAGE="http://world.std.com/~jimf/xloadimage.html" +SRC_URI="ftp://ftp.x.org/R5contrib/${MY_P}.tar.gz + mirror://gentoo/${P}-gentoo.diff.bz2" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~ppc-macos ~sparc ~x86" +IUSE="tiff jpeg png" + +RDEPEND="virtual/x11 + tiff? ( media-libs/tiff ) + png? ( media-libs/libpng ) + jpeg? ( media-libs/jpeg )" +DEPEND="${RDEPEND} + >=sys-apps/sed-4.0.5" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${WORKDIR}/${P}-gentoo.diff + epatch ${FILESDIR}/${P}-zio-shell-meta-char.diff + epatch ${FILESDIR}/${P}-endif.patch + + # Do not define errno extern, but rather include errno.h + # <azarah@gentoo.org> (1 Jan 2003) + epatch ${FILESDIR}/${P}-include-errno_h.patch + + epatch "${FILESDIR}/xloadimage-gentoo.patch" + + sed -i "s:OPT_FLAGS=:OPT_FLAGS=$CFLAGS:" Make.conf + sed -i "s:^#include <varargs.h>:#include <stdarg.h>:" ${S}/rlelib.c + + if use ppc-macos ; then + sed -i 's,<malloc.h>,<malloc/malloc.h>,' vicar.c + for f in $(grep zopen * | cut -d':' -f1 | uniq);do + sed -i "s:zopen:zloadimage_zopen:g" $f + done + fi + + chmod +x ${S}/configure +} + +src_install() { + dobin xloadimage + dobin uufilter + + insinto /etc/X11 + doins xloadimagerc + + newman xloadimage.man xloadimage.1 + newman uufilter.man uufilter.1 + + dodoc README +} + +update_alternatives() { + alternatives_makesym /usr/bin/xview \ + /usr/bin/{xloadimage,xli} + alternatives_makesym /usr/bin/xsetbg \ + /usr/bin/{xloadimage,xli} + alternatives_makesym /usr/share/man/man1/xview.1.gz \ + /usr/share/man/man1/{xloadimage,xli}.1.gz + alternatives_makesym /usr/share/man/man1/xsetbg.1.gz \ + /usr/share/man/man1/{xloadimage,xli}.1.gz +} + +pkg_postinst() { + use ppc-macos || update_alternatives +} + +pkg_postrm() { + use ppc-macos || update_alternatives +} |