pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q3]: pkgsrc/graphics/xli Pullup ticket 867 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/544d5bb71611
branches: pkgsrc-2005Q3
changeset: 499637:544d5bb71611
user: snj <snj%pkgsrc.org@localhost>
date: Sun Oct 30 22:24:10 2005 +0000
description:
Pullup ticket 867 - requested by Lubomir Sedlacik
security fix for xli
Revisions pulled up:
- pkgsrc/graphics/xli/Makefile 1.30-1.31
- pkgsrc/graphics/xli/distinfo 1.16-1.18
- pkgsrc/graphics/xli/patches/patch-ad 1.1-1.2
- pkgsrc/graphics/xli/patches/patch-ae 1.1
- pkgsrc/graphics/xli/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: reed
Date: Mon Oct 10 19:54:13 UTC 2005
Modified Files:
pkgsrc/graphics/xli: Makefile
Log Message:
Use INSTALLATION_DIRS to create lib/X11/app-defaults.
(Shoujld this be created by something else?)
---
Module Name: pkgsrc
Committed By: reed
Date: Mon Oct 10 19:56:07 UTC 2005
Modified Files:
pkgsrc/graphics/xli: distinfo
Added Files:
pkgsrc/graphics/xli/patches: patch-ad
Log Message:
Add patch-ad:
It undefines _BSD_SOURCE if on Linux system
to avoid a parse error on GLIBC /usr/include/string.h.
This hack is from gentoo.
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Oct 23 20:02:57 UTC 2005
Modified Files:
pkgsrc/graphics/xli: distinfo
pkgsrc/graphics/xli/patches: patch-ad
Log Message:
Added RCS Id to patch-ad.
---
Module Name: pkgsrc
Committed By: salo
Date: Sun Oct 30 17:58:58 UTC 2005
Modified Files:
pkgsrc/graphics/xli: Makefile distinfo
Added Files:
pkgsrc/graphics/xli/patches: patch-ae patch-af
Log Message:
Security fix for CVE-2005-3178:
"Buffer overflow in xli might allow user-complicit attackers to execute
arbitrary code via a long title name in a NIFF file, which triggers the
overflow during zoom, reduce, or rotate operations."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178
Patch from Debian.
diffstat:
graphics/xli/Makefile | 5 +++--
graphics/xli/distinfo | 5 ++++-
graphics/xli/patches/patch-ad | 15 +++++++++++++++
graphics/xli/patches/patch-ae | 16 ++++++++++++++++
graphics/xli/patches/patch-af | 40 ++++++++++++++++++++++++++++++++++++++++
5 files changed, 78 insertions(+), 3 deletions(-)
diffs (121 lines):
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/Makefile
--- a/graphics/xli/Makefile Sun Oct 30 21:46:37 2005 +0000
+++ b/graphics/xli/Makefile Sun Oct 30 22:24:10 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2005/04/11 21:46:10 tv Exp $
+# $NetBSD: Makefile,v 1.29.4.1 2005/10/30 22:24:10 snj Exp $
DISTNAME= xli-2005-02-27
PKGNAME= xli-1.17.0
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= graphics x11
MASTER_SITES= http://pantransit.reptiles.org/prog/xli/
@@ -11,6 +11,7 @@
COMMENT= X11 Image Loading Utility
USE_IMAKE= YES
+INSTALLATION_DIRS+= lib/X11/app-defaults
.include "../../graphics/jpeg/buildlink3.mk"
.include "../../graphics/png/buildlink3.mk"
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/distinfo
--- a/graphics/xli/distinfo Sun Oct 30 21:46:37 2005 +0000
+++ b/graphics/xli/distinfo Sun Oct 30 22:24:10 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $
+$NetBSD: distinfo,v 1.15.6.1 2005/10/30 22:24:10 snj Exp $
SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88
RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426
@@ -6,3 +6,6 @@
SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7
SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e
SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a
+SHA1 (patch-ad) = d47bc23051b9e75d265a413fdbde1c5bb9d747de
+SHA1 (patch-ae) = 9085d53b8823ec0ce42dc8072f74e97763abc86b
+SHA1 (patch-af) = e6d762b19dc82377727f045b731b40c04afefe11
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ad Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ad,v 1.2.2.2 2005/10/30 22:24:11 snj Exp $
+
+--- png.c.orig 2005-02-28 00:42:39.000000000 +0000
++++ png.c 2005-09-18 04:22:14.076313248 +0000
+@@ -3,6 +3,10 @@
+ * Glenn Randers-Pehrson et al. Any bugs are my fault. -- smar%reptiles.org@localhost
+ */
+
++#if defined(linux)
++/* hack from gentoo to avoid a parse error on GLIBC /usr/include/string.h */
++#undef _BSD_SOURCE
++#endif
+ #include "xli.h"
+ #include "imagetypes.h"
+ #include "pbm.h"
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ae Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ae,v 1.1.2.2 2005/10/30 22:24:11 snj Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- reduce.c.orig 1999-10-25 04:15:02.000000000 +0200
++++ reduce.c 2005-10-30 18:49:53.000000000 +0100
+@@ -178,7 +178,8 @@
+ /* get destination image */
+ depth = colorsToDepth(OutColors);
+ new_image = newRGBImage(image->width, image->height, depth);
+- sprintf(buf, "%s (%d colors)", image->title, OutColors);
++ snprintf(buf, BUFSIZ, "%s (%d colors)", image->title, OutColors);
++ buf[BUFSIZ-1] = '\0';
+ new_image->title = dupString(buf);
+ new_image->gamma = image->gamma;
+
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-af Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-af,v 1.1.2.2 2005/10/30 22:24:11 snj Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- zoom.c.orig 2005-02-28 01:42:39.000000000 +0100
++++ zoom.c 2005-10-30 18:50:04.000000000 +0100
+@@ -52,28 +52,29 @@
+ if (verbose)
+ printf(" Zooming image Y axis by %d%%...", yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++ snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom);
+ }
+ else if (!yzoom) {
+ if (verbose)
+ printf(" Zooming image X axis by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++ snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom);
+ }
+ else if (xzoom == yzoom) {
+ if (verbose)
+ printf(" Zooming image by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++ snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom);
+ }
+ else {
+ if (verbose)
+ printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
+ xzoom, yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++ snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ xzoom, yzoom);
+ }
++ buf[BUFSIZ-1] = '\0';
+ if (!changetitle)
+ strcpy(buf,oimage->title);
+
Home |
Main Index |
Thread Index |
Old Index