SECURITY:
Update to Debian revision 15. Fixes buffer overflows for titles in NIFF format images.
This commit is contained in:
parent
7a6b27f1d2
commit
4bcfe43cfc
@ -1,12 +1,12 @@
|
||||
# $OpenBSD: Makefile,v 1.28 2005/04/17 23:02:51 naddy Exp $
|
||||
# $OpenBSD: Makefile,v 1.29 2005/10/19 18:35:43 naddy Exp $
|
||||
|
||||
COMMENT= "graphics file viewer for X11"
|
||||
|
||||
VERSION= 4.1
|
||||
REVISION= 14 # Debian
|
||||
REVISION= 15 # Debian
|
||||
|
||||
DISTNAME= xloadimage.${VERSION}
|
||||
PKGNAME= xloadimage-${VERSION}.${REVISION}p0
|
||||
PKGNAME= xloadimage-${VERSION}.${REVISION}
|
||||
CATEGORIES= x11 graphics
|
||||
|
||||
FAKE= lib
|
||||
@ -17,7 +17,6 @@ PERMIT_PACKAGE_CDROM= Yes
|
||||
PERMIT_PACKAGE_FTP= Yes
|
||||
PERMIT_DISTFILES_CDROM= Yes
|
||||
PERMIT_DISTFILES_FTP= Yes
|
||||
WANTLIB= X11 c jpeg m z
|
||||
|
||||
MASTER_SITES= ${MASTER_SITE_R5CONTRIB}
|
||||
MASTER_SITES0= ftp://ftp.debian.org/debian/pool/main/x/xloadimage/ \
|
||||
@ -27,6 +26,7 @@ PATCHFILES= xloadimage_${VERSION}-${REVISION}.diff.gz:0
|
||||
PATCH_DIST_STRIP= -p1
|
||||
|
||||
LIB_DEPENDS= png.2::graphics/png tiff.35::graphics/tiff
|
||||
WANTLIB= X11 c jpeg m z
|
||||
|
||||
USE_X11= Yes
|
||||
CONFIGURE_STYLE=gnu
|
||||
|
@ -1,8 +1,8 @@
|
||||
MD5 (xloadimage.4.1.tar.gz) = 7331850fc04056ab8ae6b5725d1fb3d2
|
||||
MD5 (xloadimage_4.1-14.diff.gz) = 10233df1518a45d85e8d3e63b0254771
|
||||
MD5 (xloadimage_4.1-15.diff.gz) = 546f446c617456d1a0187be57fe09ec6
|
||||
RMD160 (xloadimage.4.1.tar.gz) = 000271b40f58601cd1057b4e99c31a30da6e10af
|
||||
RMD160 (xloadimage_4.1-14.diff.gz) = 686b00764406d9082bba130feef7f957dd529b03
|
||||
RMD160 (xloadimage_4.1-15.diff.gz) = 4d7fc4eefdb25d7aa38589a6132b1b94c6cd078f
|
||||
SHA1 (xloadimage.4.1.tar.gz) = 0a8ee9b185702750706f68e4a34e086873f17690
|
||||
SHA1 (xloadimage_4.1-14.diff.gz) = a349298f070752dedac79f24331da23a9e4c0975
|
||||
SHA1 (xloadimage_4.1-15.diff.gz) = 0e91db5a9e92f8030aa85240f828cb16e6dda7dd
|
||||
SIZE (xloadimage.4.1.tar.gz) = 596021
|
||||
SIZE (xloadimage_4.1-14.diff.gz) = 64893
|
||||
SIZE (xloadimage_4.1-15.diff.gz) = 67508
|
||||
|
@ -1,35 +0,0 @@
|
||||
$OpenBSD: patch-zio_c,v 1.1 2005/03/06 01:31:11 naddy Exp $
|
||||
--- zio.c.orig Sat Mar 5 21:32:19 2005
|
||||
+++ zio.c Sat Mar 5 21:41:06 2005
|
||||
@@ -210,9 +210,30 @@ ZFILE *zopen(name)
|
||||
if ((strlen(name) > strlen(filter->extension)) &&
|
||||
!strcmp(filter->extension,
|
||||
name + (strlen(name) - strlen(filter->extension)))) {
|
||||
+ char *fname, *t, *s;
|
||||
+
|
||||
+ /* meta-char protection
|
||||
+ *
|
||||
+ * protect in single quotes, replacing single quotes
|
||||
+ * with '\'', so worst-case expansion is 4x
|
||||
+ */
|
||||
+
|
||||
+ s = fname = (char *)lmalloc(1 + (4 * strlen(name)) + 1 + 1);
|
||||
+ *s++ = '\'';
|
||||
+ for (t = name; *t; t++) {
|
||||
+ if (*t == '\'') {
|
||||
+ /* 'foo'bar' -> 'foo'\''bar' */
|
||||
+ *s++ = '\''; *s++ = '\\'; *s++ = '\''; *s++ = '\'';
|
||||
+ }
|
||||
+ else {
|
||||
+ *s++ = *t;
|
||||
+ }
|
||||
+ }
|
||||
+ *s++ = '\'';
|
||||
+ *s++ = '\0';
|
||||
debug(("Filtering image through '%s'\n", filter->filter));
|
||||
zf->type= ZPIPE;
|
||||
- sprintf(buf, "%s %s", filter->filter, name);
|
||||
+ sprintf(buf, "%s %s", filter->filter, fname);
|
||||
if (! (zf->stream= popen(buf, "r"))) {
|
||||
lfree((byte *)zf->filename);
|
||||
zf->filename= NULL;
|
Loading…
Reference in New Issue
Block a user