SECURITY:

Update to Debian revision 15.  Fixes buffer overflows for titles
in NIFF format images.
This commit is contained in:
naddy 2005-10-19 18:35:43 +00:00
parent 7a6b27f1d2
commit 4bcfe43cfc
3 changed files with 8 additions and 43 deletions

View File

@ -1,12 +1,12 @@
# $OpenBSD: Makefile,v 1.28 2005/04/17 23:02:51 naddy Exp $
# $OpenBSD: Makefile,v 1.29 2005/10/19 18:35:43 naddy Exp $
COMMENT= "graphics file viewer for X11"
VERSION= 4.1
REVISION= 14 # Debian
REVISION= 15 # Debian
DISTNAME= xloadimage.${VERSION}
PKGNAME= xloadimage-${VERSION}.${REVISION}p0
PKGNAME= xloadimage-${VERSION}.${REVISION}
CATEGORIES= x11 graphics
FAKE= lib
@ -17,7 +17,6 @@ PERMIT_PACKAGE_CDROM= Yes
PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
WANTLIB= X11 c jpeg m z
MASTER_SITES= ${MASTER_SITE_R5CONTRIB}
MASTER_SITES0= ftp://ftp.debian.org/debian/pool/main/x/xloadimage/ \
@ -27,6 +26,7 @@ PATCHFILES= xloadimage_${VERSION}-${REVISION}.diff.gz:0
PATCH_DIST_STRIP= -p1
LIB_DEPENDS= png.2::graphics/png tiff.35::graphics/tiff
WANTLIB= X11 c jpeg m z
USE_X11= Yes
CONFIGURE_STYLE=gnu

View File

@ -1,8 +1,8 @@
MD5 (xloadimage.4.1.tar.gz) = 7331850fc04056ab8ae6b5725d1fb3d2
MD5 (xloadimage_4.1-14.diff.gz) = 10233df1518a45d85e8d3e63b0254771
MD5 (xloadimage_4.1-15.diff.gz) = 546f446c617456d1a0187be57fe09ec6
RMD160 (xloadimage.4.1.tar.gz) = 000271b40f58601cd1057b4e99c31a30da6e10af
RMD160 (xloadimage_4.1-14.diff.gz) = 686b00764406d9082bba130feef7f957dd529b03
RMD160 (xloadimage_4.1-15.diff.gz) = 4d7fc4eefdb25d7aa38589a6132b1b94c6cd078f
SHA1 (xloadimage.4.1.tar.gz) = 0a8ee9b185702750706f68e4a34e086873f17690
SHA1 (xloadimage_4.1-14.diff.gz) = a349298f070752dedac79f24331da23a9e4c0975
SHA1 (xloadimage_4.1-15.diff.gz) = 0e91db5a9e92f8030aa85240f828cb16e6dda7dd
SIZE (xloadimage.4.1.tar.gz) = 596021
SIZE (xloadimage_4.1-14.diff.gz) = 64893
SIZE (xloadimage_4.1-15.diff.gz) = 67508

View File

@ -1,35 +0,0 @@
$OpenBSD: patch-zio_c,v 1.1 2005/03/06 01:31:11 naddy Exp $
--- zio.c.orig Sat Mar 5 21:32:19 2005
+++ zio.c Sat Mar 5 21:41:06 2005
@@ -210,9 +210,30 @@ ZFILE *zopen(name)
if ((strlen(name) > strlen(filter->extension)) &&
!strcmp(filter->extension,
name + (strlen(name) - strlen(filter->extension)))) {
+ char *fname, *t, *s;
+
+ /* meta-char protection
+ *
+ * protect in single quotes, replacing single quotes
+ * with '\'', so worst-case expansion is 4x
+ */
+
+ s = fname = (char *)lmalloc(1 + (4 * strlen(name)) + 1 + 1);
+ *s++ = '\'';
+ for (t = name; *t; t++) {
+ if (*t == '\'') {
+ /* 'foo'bar' -> 'foo'\''bar' */
+ *s++ = '\''; *s++ = '\\'; *s++ = '\''; *s++ = '\'';
+ }
+ else {
+ *s++ = *t;
+ }
+ }
+ *s++ = '\'';
+ *s++ = '\0';
debug(("Filtering image through '%s'\n", filter->filter));
zf->type= ZPIPE;
- sprintf(buf, "%s %s", filter->filter, name);
+ sprintf(buf, "%s %s", filter->filter, fname);
if (! (zf->stream= popen(buf, "r"))) {
lfree((byte *)zf->filename);
zf->filename= NULL;