pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/xli Security fix for CAN-2001-0775:
details: https://anonhg.NetBSD.org/pkgsrc/rev/083cf3a4dfe6
branches: trunk
changeset: 490837:083cf3a4dfe6
user: salo <salo%pkgsrc.org@localhost>
date: Mon Mar 21 15:19:28 2005 +0000
description:
Security fix for CAN-2001-0775:
"Buffer overflow in xli 1.17 allows remote attacker to execute arbitrary
code via a FACES format image containing a long Firstname or Lastname
field."
Patch from Debian. Bump PKGREVISION.
diffstat:
graphics/xli/Makefile | 4 ++--
graphics/xli/distinfo | 3 ++-
graphics/xli/patches/patch-ac | 22 ++++++++++++++++++++++
3 files changed, 26 insertions(+), 3 deletions(-)
diffs (53 lines):
diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/Makefile
--- a/graphics/xli/Makefile Mon Mar 21 14:49:25 2005 +0000
+++ b/graphics/xli/Makefile Mon Mar 21 15:19:28 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.27 2005/03/05 23:02:30 fredb Exp $
+# $NetBSD: Makefile,v 1.28 2005/03/21 15:19:28 salo Exp $
DISTNAME= xli-2005-02-27
PKGNAME= xli-1.17.0
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= graphics x11
MASTER_SITES= http://pantransit.reptiles.org/prog/xli/
diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/distinfo
--- a/graphics/xli/distinfo Mon Mar 21 14:49:25 2005 +0000
+++ b/graphics/xli/distinfo Mon Mar 21 15:19:28 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.14 2005/03/10 14:18:51 tv Exp $
+$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $
SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88
RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426
Size (xli-2005-02-27.tar.gz) = 201011 bytes
SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7
SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e
+SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a
diff -r a10b7ee821ff -r 083cf3a4dfe6 graphics/xli/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ac Mon Mar 21 15:19:28 2005 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.3 2005/03/21 15:19:28 salo Exp $
+
+--- faces.c.orig 2005-02-28 01:42:39.000000000 +0100
++++ faces.c 2005-03-21 16:08:17.000000000 +0100
+@@ -54,9 +54,15 @@
+ if (! strcmp(buf, "\n"))
+ break;
+ if (!strncmp(buf, "FirstName:", 10))
+- strcpy(fname, buf + 11);
++ {
++ strncpy(fname, buf + 11, BUFSIZ - 1);
++ fname[BUFSIZ - 1] = '\0';
++ }
+ else if (!strncmp(buf, "LastName:", 9))
+- strcpy(lname, buf + 10);
++ {
++ strncpy(lname, buf + 10, BUFSIZ - 1);
++ lname[BUFSIZ - 1] = '\0';
++ }
+ else if (!strncmp(buf, "Image:", 6)) {
+ if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) {
+ fprintf(stderr,"facesLoad: %s - Bad image\n", name);
Home |
Main Index |
Thread Index |
Old Index