pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q3]: pkgsrc/graphics/xli Pullup ticket 867 - requested by ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/544d5bb71611
branches:  pkgsrc-2005Q3
changeset: 499637:544d5bb71611
user:      snj <snj%pkgsrc.org@localhost>
date:      Sun Oct 30 22:24:10 2005 +0000

description:
Pullup ticket 867 - requested by Lubomir Sedlacik
security fix for xli

Revisions pulled up:
- pkgsrc/graphics/xli/Makefile          1.30-1.31
- pkgsrc/graphics/xli/distinfo          1.16-1.18
- pkgsrc/graphics/xli/patches/patch-ad  1.1-1.2
- pkgsrc/graphics/xli/patches/patch-ae  1.1
- pkgsrc/graphics/xli/patches/patch-af  1.1

   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Mon Oct 10 19:54:13 UTC 2005

   Modified Files:
           pkgsrc/graphics/xli: Makefile

   Log Message:
   Use INSTALLATION_DIRS to create lib/X11/app-defaults.
   (Shoujld this be created by something else?)
---
   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Mon Oct 10 19:56:07 UTC 2005

   Modified Files:
           pkgsrc/graphics/xli: distinfo
   Added Files:
           pkgsrc/graphics/xli/patches: patch-ad

   Log Message:
   Add patch-ad:
   It undefines _BSD_SOURCE if on Linux system
   to avoid a parse error on GLIBC /usr/include/string.h.
   This hack is from gentoo.
---
   Module Name:    pkgsrc
   Committed By:   rillig
   Date:           Sun Oct 23 20:02:57 UTC 2005

   Modified Files:
           pkgsrc/graphics/xli: distinfo
           pkgsrc/graphics/xli/patches: patch-ad

   Log Message:
   Added RCS Id to patch-ad.
---
   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Sun Oct 30 17:58:58 UTC 2005

   Modified Files:
           pkgsrc/graphics/xli: Makefile distinfo
   Added Files:
           pkgsrc/graphics/xli/patches: patch-ae patch-af

   Log Message:
   Security fix for CVE-2005-3178:

   "Buffer overflow in xli might allow user-complicit attackers to execute
   arbitrary code via a long title name in a NIFF file, which triggers the
   overflow during zoom, reduce, or rotate operations."

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178

   Patch from Debian.

diffstat:

 graphics/xli/Makefile         |   5 +++--
 graphics/xli/distinfo         |   5 ++++-
 graphics/xli/patches/patch-ad |  15 +++++++++++++++
 graphics/xli/patches/patch-ae |  16 ++++++++++++++++
 graphics/xli/patches/patch-af |  40 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 78 insertions(+), 3 deletions(-)

diffs (121 lines):

diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/Makefile
--- a/graphics/xli/Makefile     Sun Oct 30 21:46:37 2005 +0000
+++ b/graphics/xli/Makefile     Sun Oct 30 22:24:10 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2005/04/11 21:46:10 tv Exp $
+# $NetBSD: Makefile,v 1.29.4.1 2005/10/30 22:24:10 snj Exp $
 
 DISTNAME=      xli-2005-02-27
 PKGNAME=       xli-1.17.0
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    graphics x11
 MASTER_SITES=  http://pantransit.reptiles.org/prog/xli/
 
@@ -11,6 +11,7 @@
 COMMENT=       X11 Image Loading Utility
 
 USE_IMAKE=     YES
+INSTALLATION_DIRS+=    lib/X11/app-defaults
 
 .include "../../graphics/jpeg/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/distinfo
--- a/graphics/xli/distinfo     Sun Oct 30 21:46:37 2005 +0000
+++ b/graphics/xli/distinfo     Sun Oct 30 22:24:10 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $
+$NetBSD: distinfo,v 1.15.6.1 2005/10/30 22:24:10 snj Exp $
 
 SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88
 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426
@@ -6,3 +6,6 @@
 SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7
 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e
 SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a
+SHA1 (patch-ad) = d47bc23051b9e75d265a413fdbde1c5bb9d747de
+SHA1 (patch-ae) = 9085d53b8823ec0ce42dc8072f74e97763abc86b
+SHA1 (patch-af) = e6d762b19dc82377727f045b731b40c04afefe11
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ad     Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ad,v 1.2.2.2 2005/10/30 22:24:11 snj Exp $
+
+--- png.c.orig 2005-02-28 00:42:39.000000000 +0000
++++ png.c      2005-09-18 04:22:14.076313248 +0000
+@@ -3,6 +3,10 @@
+  * Glenn Randers-Pehrson et al.  Any bugs are my fault. -- smar%reptiles.org@localhost
+  */
+ 
++#if defined(linux)
++/* hack from gentoo to avoid a parse error on GLIBC /usr/include/string.h */
++#undef _BSD_SOURCE
++#endif
+ #include "xli.h"
+ #include "imagetypes.h"
+ #include "pbm.h"
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ae     Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ae,v 1.1.2.2 2005/10/30 22:24:11 snj Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- reduce.c.orig      1999-10-25 04:15:02.000000000 +0200
++++ reduce.c   2005-10-30 18:49:53.000000000 +0100
+@@ -178,7 +178,8 @@
+       /* get destination image */
+       depth = colorsToDepth(OutColors);
+       new_image = newRGBImage(image->width, image->height, depth);
+-      sprintf(buf, "%s (%d colors)", image->title, OutColors);
++      snprintf(buf, BUFSIZ, "%s (%d colors)", image->title, OutColors);
++      buf[BUFSIZ-1] = '\0';
+       new_image->title = dupString(buf);
+       new_image->gamma = image->gamma;
+ 
diff -r 36177a905cc7 -r 544d5bb71611 graphics/xli/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-af     Sun Oct 30 22:24:10 2005 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-af,v 1.1.2.2 2005/10/30 22:24:11 snj Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- zoom.c.orig        2005-02-28 01:42:39.000000000 +0100
++++ zoom.c     2005-10-30 18:50:04.000000000 +0100
+@@ -52,28 +52,29 @@
+     if (verbose)
+       printf("  Zooming image Y axis by %d%%...", yzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++      snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom);
+   }
+   else if (!yzoom) {
+     if (verbose)
+       printf("  Zooming image X axis by %d%%...", xzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++      snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom);
+   }
+   else if (xzoom == yzoom) {
+     if (verbose)
+       printf("  Zooming image by %d%%...", xzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++      snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom);
+   }
+   else {
+     if (verbose)
+       printf("  Zooming image X axis by %d%% and Y axis by %d%%...",
+            xzoom, yzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++      snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+           xzoom, yzoom);
+   }
++  buf[BUFSIZ-1] = '\0';
+   if (!changetitle)
+     strcpy(buf,oimage->title);
+ 



Home | Main Index | Thread Index | Old Index