[pkgsrc/trunk]: pkgsrc/graphics/xli Security fix for CAN-2001-0775:

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/graphics/xli Security fix for CAN-2001-0775:
From: salo <salo%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 01:30:52 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/083cf3a4dfe6
branches:  trunk
changeset: 490837:083cf3a4dfe6
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Mar 21 15:19:28 2005 +0000

description:
Security fix for CAN-2001-0775:

"Buffer overflow in xli 1.17 allows remote attacker to execute arbitrary
 code via a FACES format image containing a long Firstname or Lastname
 field."

Patch from Debian.  Bump PKGREVISION.

diffstat:

 graphics/xli/Makefile         |   4 ++--
 graphics/xli/distinfo         |   3 ++-
 graphics/xli/patches/patch-ac |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (53 lines):

diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/Makefile
--- a/graphics/xli/Makefile     Mon Mar 21 14:49:25 2005 +0000
+++ b/graphics/xli/Makefile     Mon Mar 21 15:19:28 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.27 2005/03/05 23:02:30 fredb Exp $
+# $NetBSD: Makefile,v 1.28 2005/03/21 15:19:28 salo Exp $
 
 DISTNAME=      xli-2005-02-27
 PKGNAME=       xli-1.17.0
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    graphics x11
 MASTER_SITES=  http://pantransit.reptiles.org/prog/xli/
 
diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/distinfo
--- a/graphics/xli/distinfo     Mon Mar 21 14:49:25 2005 +0000
+++ b/graphics/xli/distinfo     Mon Mar 21 15:19:28 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.14 2005/03/10 14:18:51 tv Exp $
+$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $
 
 SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88
 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426
 Size (xli-2005-02-27.tar.gz) = 201011 bytes
 SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7
 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e
+SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a
diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ac     Mon Mar 21 15:19:28 2005 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.3 2005/03/21 15:19:28 salo Exp $
+
+--- faces.c.orig       2005-02-28 01:42:39.000000000 +0100
++++ faces.c    2005-03-21 16:08:17.000000000 +0100
+@@ -54,9 +54,15 @@
+     if (! strcmp(buf, "\n"))
+       break;
+     if (!strncmp(buf, "FirstName:", 10))
+-      strcpy(fname, buf + 11);
++      {
++      strncpy(fname, buf + 11, BUFSIZ - 1);
++      fname[BUFSIZ - 1] = '\0';
++      }
+     else if (!strncmp(buf, "LastName:", 9))
+-      strcpy(lname, buf + 10);
++      {
++      strncpy(lname, buf + 10, BUFSIZ - 1);
++      lname[BUFSIZ - 1] = '\0';
++      }
+     else if (!strncmp(buf, "Image:", 6)) {
+       if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) {
+       fprintf(stderr,"facesLoad: %s - Bad image\n", name);

Prev by Date: [pkgsrc/trunk]: pkgsrc/net/gtk-gnutella Fixes from PR#24373 (little cosmetics)
Next by Date: [pkgsrc/trunk]: pkgsrc/multimedia/libtheora fix this on systems without getop...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/net/gtk-gnutella Fixes from PR#24373 (little cosmetics)
Next by Thread: [pkgsrc/trunk]: pkgsrc/multimedia/libtheora fix this on systems without getop...
Indexes:

Home | Main Index | Thread Index | Old Index