Fix security bug 108365.

(Portage version: 2.0.53_rc6)
author: Krzysztof Pawlik <nelchael@gentoo.org> 2005-10-26 18:58:38 +0000
committer: Krzysztof Pawlik <nelchael@gentoo.org> 2005-10-26 18:58:38 +0000
commit: 6f7c340a53575fa654828c0665ee8f9221f59dd0 (patch)
tree: d11bc6601830ef37cb964c6f5313c3d88911af11 /media-gfx/xloadimage
parent: New upstream version. (diff)
download: gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.tar.gz
gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.tar.bz2
gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.zip
5 files changed, 356 insertions, 15 deletions
diff --git a/media-gfx/xloadimage/ChangeLog b/media-gfx/xloadimage/ChangeLog
index 7cded6ca99a7..d57664c49016 100644
--- a/media-gfx/xloadimage/ChangeLog
+++ b/media-gfx/xloadimage/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/xloadimage
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.20 2005/09/17 11:54:43 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.21 2005/10/26 18:58:38 nelchael Exp $
+
+*xloadimage-4.1-r4 (26 Oct 2005)
+
+  26 Oct 2005; Krzysiek Pawlik <nelchael@gentoo.org>
+  +files/xloadimage-gentoo.patch, +xloadimage-4.1-r4.ebuild:
+  Fix security bug 108365.
 
 *xloadimage-4.1-r2 (25 Aug 2005)
 
diff --git a/media-gfx/xloadimage/Manifest b/media-gfx/xloadimage/Manifest
index 19ac4163d1be..6f5a917b6150 100644
--- a/media-gfx/xloadimage/Manifest
+++ b/media-gfx/xloadimage/Manifest
@@ -1,21 +1,14 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166
-MD5 078fc3ab12c2f7564321ccdb25dda6f7 xloadimage-4.1-r1.ebuild 1987
-MD5 c70706f60bc9c49272d9117bd7d0ea00 xloadimage-4.1-r2.ebuild 2036
-MD5 eb2e15ec1eb2e879d416b8692be3cee6 xloadimage-4.1-r3.ebuild 2072
 MD5 10e21541a07360d273a86c48d141d1c8 ChangeLog 4462
 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r1 140
 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r2 140
 MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r3 140
+MD5 1e91f350f870e196e1f181a27f3fd1ab files/digest-xloadimage-4.1-r4 140
 MD5 fb91a22d37e6c6db534f1dc81add707e files/xloadimage-4.1-endif.patch 321
 MD5 c411c977cc7ae79dd96aad933980dbb2 files/xloadimage-4.1-include-errno_h.patch 303
 MD5 9208b10866e00f1e47bb12a7f8bec04a files/xloadimage-4.1-zio-shell-meta-char.diff 1372
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2 (GNU/Linux)
-
-iD8DBQFDLAQYKf2g/qXtneoRAtL7AKCpOeUbCIze3taOYJSVqVWUubpYEACgunFp
-YrnhG94CBVc8tulEIauKPvI=
-=424i
------END PGP SIGNATURE-----
+MD5 49ea6a01c79f1540896bd264c3606cb3 files/xloadimage-gentoo.patch 8956
+MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166
+MD5 078fc3ab12c2f7564321ccdb25dda6f7 xloadimage-4.1-r1.ebuild 1987
+MD5 c70706f60bc9c49272d9117bd7d0ea00 xloadimage-4.1-r2.ebuild 2036
+MD5 eb2e15ec1eb2e879d416b8692be3cee6 xloadimage-4.1-r3.ebuild 2072
+MD5 c530d4709798cafbe596ddc8e0f6902e xloadimage-4.1-r4.ebuild 2130
diff --git a/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4 b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4
new file mode 100644
index 000000000000..6446a21b6b17
--- /dev/null
+++ b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r4
@@ -0,0 +1,2 @@
+MD5 8f5cc72c54ea730ba99026f006e71e10 xloadimage-4.1-gentoo.diff.bz2 41390
+MD5 7331850fc04056ab8ae6b5725d1fb3d2 xloadimage.4.1.tar.gz 596021
diff --git a/media-gfx/xloadimage/files/xloadimage-gentoo.patch b/media-gfx/xloadimage/files/xloadimage-gentoo.patch
new file mode 100644
index 000000000000..896786680e30
--- /dev/null
+++ b/media-gfx/xloadimage/files/xloadimage-gentoo.patch
@@ -0,0 +1,258 @@
+diff -ru xloadimage.4.1.orig/config.c xloadimage.4.1/config.c
+--- xloadimage.4.1.orig/config.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/config.c	2005-10-22 15:58:16.000000000 +0200
+@@ -313,12 +313,13 @@
+  * -1 if access denied or not found, 0 if ok.
+  */
+ 
+-int findImage(name, fullname)
++int findImage(name, fullname, size)
+      char *name, *fullname;
++     size_t size;
+ { unsigned int   p, e;
+   struct stat    sbuf;
+ 
+-  strcpy(fullname, name);
++  strncpy(fullname, name, size);
+   if (!strcmp(name, "stdin")) /* stdin is special name */
+     return(0);
+ 
+@@ -327,7 +328,7 @@
+   if (! stat(fullname, &sbuf))
+       return(fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+-  strcat(fullname, ".Z");
++  strncat(fullname, ".Z", size);
+   if (! stat(fullname, &sbuf))
+       return(fileIsOk(fullname, &sbuf));
+ #endif
+@@ -336,12 +337,12 @@
+ #ifdef VMS
+     sprintf(fullname, "%s%s", Paths[p], name);
+ #else
+-    sprintf(fullname, "%s/%s", Paths[p], name);
++    snprintf(fullname, size, "%s/%s", Paths[p], name);
+ #endif
+     if (! stat(fullname, &sbuf))
+       return(fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+-    strcat(fullname, ".Z");
++    strncat(fullname, ".Z", size);
+     if (! stat(fullname, &sbuf))
+ #endif
+       return(fileIsOk(fullname, &sbuf));
+@@ -349,12 +350,12 @@
+ #ifdef VMS
+       sprintf(fullname, "%s%s%s", Paths[p], name, Exts[e]);
+ #else
+-      sprintf(fullname, "%s/%s%s", Paths[p], name, Exts[e]);
++      snprintf(fullname, size, "%s/%s%s", Paths[p], name, Exts[e]);
+ #endif
+       if (! stat(fullname, &sbuf))
+ 	return(fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+-      strcat(fullname, ".Z");
++      strncat(fullname, ".Z", size);
+       if (! stat(fullname, &sbuf))
+ 	return(fileIsOk(fullname, &sbuf));
+ #endif
+@@ -362,11 +363,11 @@
+   }
+ 
+   for (e= 0; e < NumExts; e++) {
+-    sprintf(fullname, "%s%s", name, Exts[e]);
++    snprintf(fullname, size, "%s%s", name, Exts[e]);
+     if (! stat(fullname, &sbuf))
+       return(fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+-    strcat(fullname, ".Z");
++    strncat(fullname, ".Z", size);
+     if (! stat(fullname, &sbuf))
+       return(fileIsOk(fullname, &sbuf));
+ #endif
+@@ -392,7 +393,7 @@
+ #ifdef VMS
+     sprintf(buf, "directory %s", Paths[a]);
+ #else
+-    sprintf(buf, "ls %s", Paths[a]);
++    snprintf(buf, sizeof(buf)-1, "ls %s", Paths[a]);
+ #endif
+     if (system(buf) < 0) {
+ #ifdef VMS
+diff -ru xloadimage.4.1.orig/imagetypes.c xloadimage.4.1/imagetypes.c
+--- xloadimage.4.1.orig/imagetypes.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/imagetypes.c	2005-10-22 15:51:31.000000000 +0200
+@@ -17,7 +17,7 @@
+ /* SUPPRESS 560 */
+ 
+ extern int errno;
+-extern int findImage(char *name, char *fullname);
++extern int findImage(char *name, char *fullname, size_t size);
+ 
+ /* load a named image
+  */
+@@ -32,7 +32,7 @@
+   Image  *image;
+   int     a;
+ 
+-  if (findImage(name, fullname) < 0) {
++  if (findImage(name, fullname, BUFSIZ) < 0) {
+     if (errno == ENOENT)
+       fprintf(stderr, "%s: image not found\n", name);
+     else
+@@ -109,7 +109,7 @@
+ { char fullname[BUFSIZ];
+   int  a;
+ 
+-  if (findImage(name, fullname) < 0) {
++  if (findImage(name, fullname, BUFSIZ) < 0) {
+     if (errno == ENOENT)
+       fprintf(stderr, "%s: image not found\n", name);
+     else
+diff -ru xloadimage.4.1.orig/jpeg.c xloadimage.4.1/jpeg.c
+--- xloadimage.4.1.orig/jpeg.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/jpeg.c	2005-10-22 16:02:03.000000000 +0200
+@@ -19,7 +19,7 @@
+ #undef  debug
+ 
+ #ifdef DEBUG
+-# define debug(xx)	fprintf(stderr,xx)
++# define debug(xx)	fprintf(stderr, "%s", xx)
+ #else
+ # define debug(xx)
+ #endif
+diff -ru xloadimage.4.1.orig/mcidas.c xloadimage.4.1/mcidas.c
+--- xloadimage.4.1.orig/mcidas.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/mcidas.c	2005-10-22 15:48:49.000000000 +0200
+@@ -63,7 +63,7 @@
+   minute = (time % 10000) / 100;
+   second = (time % 100);
+ 
+-  sprintf(buf, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
++  snprintf(buf, 29, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
+ 	  hour, minute, second, month_info[month].name, day, year,
+ 	  (date % 1000));
+   return(buf);
+diff -ru xloadimage.4.1.orig/png.c xloadimage.4.1/png.c
+--- xloadimage.4.1.orig/png.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/png.c	2005-10-22 16:02:20.000000000 +0200
+@@ -30,7 +30,7 @@
+ #undef  debug
+ 
+ #ifdef DEBUG
+-# define debug(xx)	fprintf(stderr,xx)
++# define debug(xx)	fprintf(stderr, "%s", xx)
+ #else
+ # define debug(xx)
+ #endif
+diff -ru xloadimage.4.1.orig/reduce.c xloadimage.4.1/reduce.c
+--- xloadimage.4.1.orig/reduce.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/reduce.c	2005-10-22 15:48:49.000000000 +0200
+@@ -502,7 +502,7 @@
+ 
+   depth= colorsToDepth(n);
+   new_image= newRGBImage(image->width, image->height, depth);
+-  sprintf(buf, "%s (%d colors)", image->title, n);
++  snprintf(buf, BUFSIZ - 1, "%s (%d colors)", image->title, n);
+   new_image->title= dupString(buf);
+ 
+   /* calculate RGB table from each color area.  this should really calculate
+diff -ru xloadimage.4.1.orig/rle.c xloadimage.4.1/rle.c
+--- xloadimage.4.1.orig/rle.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/rle.c	2005-10-22 16:00:06.000000000 +0200
+@@ -21,7 +21,7 @@
+ #undef  debug
+ 
+ #ifdef DEBUG
+-# define debug(xx)	fprintf(stderr,xx)
++# define debug(xx)	fprintf(stderr, "%s", xx)
+ #else
+ # define debug(xx)
+ #endif
+diff -ru xloadimage.4.1.orig/rotate.c xloadimage.4.1/rotate.c
+--- xloadimage.4.1.orig/rotate.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/rotate.c	2005-10-22 15:48:49.000000000 +0200
+@@ -70,7 +70,7 @@
+     { printf("  Rotating image by %d degrees...", degrees);
+       fflush(stdout);
+     }
+-  sprintf(buf, "%s (rotated by %d degrees)", simage->title, degrees);
++  snprintf(buf, BUFSIZ - 1, "%s (rotated by %d degrees)", simage->title, degrees);
+ 
+   image1 = simage;
+   image2 = NULL;
+diff -ru xloadimage.4.1.orig/tiff.c xloadimage.4.1/tiff.c
+--- xloadimage.4.1.orig/tiff.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/tiff.c	2005-10-22 15:48:49.000000000 +0200
+@@ -133,14 +133,14 @@
+   switch (info->photometric) {
+   case PHOTOMETRIC_MINISBLACK:
+     if (info->bitspersample > 1) {
+-      sprintf(buf, "%d-bit greyscale ", info->bitspersample);
++      snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
+       return(buf);
+     }
+     else
+       return "white-on-black ";
+   case PHOTOMETRIC_MINISWHITE:
+     if (info->bitspersample > 1) {
+-      sprintf(buf, "%d-bit greyscale ", info->bitspersample);
++      snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
+       return(buf);
+     }
+     else
+diff -ru xloadimage.4.1.orig/window.c xloadimage.4.1/window.c
+--- xloadimage.4.1.orig/window.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/window.c	2005-10-22 15:48:50.000000000 +0200
+@@ -606,7 +606,7 @@
+   else {
+     char def_geom[30];
+ 
+-    sprintf(def_geom, "%ux%u+0+0", image->width, image->height);
++    snprintf(def_geom, 29, "%ux%u+0+0", image->width, image->height);
+     XGeometry(disp, scrn, opt->info.geometry.string, def_geom, 0, 1, 1, 0, 0,
+ 	      (int *)&winx, (int *)&winy, (int *)&winwidth, (int *)&winheight);
+   }
+diff -ru xloadimage.4.1.orig/zio.c xloadimage.4.1/zio.c
+--- xloadimage.4.1.orig/zio.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/zio.c	2005-10-22 15:48:50.000000000 +0200
+@@ -233,7 +233,7 @@
+             strcpy (s, "'");
+             debug(("Filtering image through '%s'\n", filter->filter));
+             zf->type= ZPIPE;
+-            sprintf(buf, "%s %s", filter->filter, fname);
++            snprintf(buf, BUFSIZ - 1, "%s %s", filter->filter, fname);
+             lfree (fname);
+       if (! (zf->stream= popen(buf, "r"))) {
+ 	lfree((byte *)zf->filename);
+diff -ru xloadimage.4.1.orig/zoom.c xloadimage.4.1/zoom.c
+--- xloadimage.4.1.orig/zoom.c	2005-10-22 15:47:17.000000000 +0200
++++ xloadimage.4.1/zoom.c	2005-10-22 15:48:50.000000000 +0200
+@@ -63,23 +63,23 @@
+   if (!xzoom) {
+     if (verbose)
+       printf("  Zooming image Y axis by %d%%...", yzoom);
+-      sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++      snprintf(buf, BUFSIZ - 1, "%s (Y zoom %d%%)", oimage->title, yzoom);
+   }
+   else if (!yzoom) {
+     if (verbose)
+       printf("  Zooming image X axis by %d%%...", xzoom);
+-    sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++    snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%%)", oimage->title, xzoom);
+   }
+   else if (xzoom == yzoom) {
+     if (verbose)
+       printf("  Zooming image by %d%%...", xzoom);
+-    sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++    snprintf(buf, BUFSIZ - 1, "%s (%d%% zoom)", oimage->title, xzoom);
+   }
+   else {
+     if (verbose)
+       printf("  Zooming image X axis by %d%% and Y axis by %d%%...",
+ 	     xzoom, yzoom);
+-    sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++    snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ 	    xzoom, yzoom);
+   }
+   if (verbose)
diff --git a/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild b/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild
new file mode 100644
index 000000000000..3211e827703e
--- /dev/null
+++ b/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/xloadimage-4.1-r4.ebuild,v 1.1 2005/10/26 18:58:38 nelchael Exp $
+
+inherit alternatives eutils flag-o-matic
+
+MY_P="${P/-/.}"
+S=${WORKDIR}/${MY_P}
+DESCRIPTION="utility to view many different types of images under X11"
+HOMEPAGE="http://world.std.com/~jimf/xloadimage.html"
+SRC_URI="ftp://ftp.x.org/R5contrib/${MY_P}.tar.gz
+	mirror://gentoo/${P}-gentoo.diff.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~ppc-macos ~sparc ~x86"
+IUSE="tiff jpeg png"
+
+RDEPEND="virtual/x11
+	tiff? ( media-libs/tiff )
+	png? ( media-libs/libpng )
+	jpeg? ( media-libs/jpeg )"
+DEPEND="${RDEPEND}
+	>=sys-apps/sed-4.0.5"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${WORKDIR}/${P}-gentoo.diff
+	epatch ${FILESDIR}/${P}-zio-shell-meta-char.diff
+	epatch ${FILESDIR}/${P}-endif.patch
+
+	# Do not define errno extern, but rather include errno.h
+	# <azarah@gentoo.org> (1 Jan 2003)
+	epatch ${FILESDIR}/${P}-include-errno_h.patch
+
+	epatch "${FILESDIR}/xloadimage-gentoo.patch"
+
+	sed -i "s:OPT_FLAGS=:OPT_FLAGS=$CFLAGS:" Make.conf
+	sed -i "s:^#include <varargs.h>:#include <stdarg.h>:" ${S}/rlelib.c
+
+	if use ppc-macos ; then
+		sed -i 's,<malloc.h>,<malloc/malloc.h>,' vicar.c
+		for f in $(grep zopen * | cut -d':' -f1 | uniq);do
+			sed -i "s:zopen:zloadimage_zopen:g" $f
+		done
+	fi
+
+	chmod +x ${S}/configure
+}
+
+src_install() {
+	dobin xloadimage
+	dobin uufilter
+
+	insinto /etc/X11
+	doins xloadimagerc
+
+	newman xloadimage.man xloadimage.1
+	newman uufilter.man uufilter.1
+
+	dodoc README
+}
+
+update_alternatives() {
+	alternatives_makesym /usr/bin/xview \
+		/usr/bin/{xloadimage,xli}
+	alternatives_makesym /usr/bin/xsetbg \
+		/usr/bin/{xloadimage,xli}
+	alternatives_makesym /usr/share/man/man1/xview.1.gz \
+		/usr/share/man/man1/{xloadimage,xli}.1.gz
+	alternatives_makesym /usr/share/man/man1/xsetbg.1.gz \
+		/usr/share/man/man1/{xloadimage,xli}.1.gz
+}
+
+pkg_postinst() {
+	use ppc-macos || update_alternatives
+}
+
+pkg_postrm() {
+	use ppc-macos || update_alternatives
+}
author	Krzysztof Pawlik <nelchael@gentoo.org>	2005-10-26 18:58:38 +0000
committer	Krzysztof Pawlik <nelchael@gentoo.org>	2005-10-26 18:58:38 +0000
commit	6f7c340a53575fa654828c0665ee8f9221f59dd0 (patch)
tree	d11bc6601830ef37cb964c6f5313c3d88911af11 /media-gfx/xloadimage
parent	New upstream version. (diff)
download	gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.tar.gz gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.tar.bz2 gentoo-2-6f7c340a53575fa654828c0665ee8f9221f59dd0.zip