[pkgsrc/trunk]: pkgsrc/graphics/xli Security fix for CVE-2005-3178:

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/71b56bd9e22f
branches:  trunk
changeset: 501854:71b56bd9e22f
user:      salo <salo%pkgsrc.org@localhost>
date:      Sun Oct 30 17:58:58 2005 +0000

description:
Security fix for CVE-2005-3178:

"Buffer overflow in xli might allow user-complicit attackers to execute
arbitrary code via a long title name in a NIFF file, which triggers the
overflow during zoom, reduce, or rotate operations."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178

Patch from Debian.

diffstat:

 graphics/xli/Makefile         |   4 ++--
 graphics/xli/distinfo         |   4 +++-
 graphics/xli/patches/patch-ae |  16 ++++++++++++++++
 graphics/xli/patches/patch-af |  40 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 3 deletions(-)

diffs (93 lines):

diff -r 32113b3b1d60 -r 71b56bd9e22f graphics/xli/Makefile
--- a/graphics/xli/Makefile     Sun Oct 30 17:32:07 2005 +0000
+++ b/graphics/xli/Makefile     Sun Oct 30 17:58:58 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.30 2005/10/10 19:54:13 reed Exp $
+# $NetBSD: Makefile,v 1.31 2005/10/30 17:58:58 salo Exp $
 
 DISTNAME=      xli-2005-02-27
 PKGNAME=       xli-1.17.0
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    graphics x11
 MASTER_SITES=  http://pantransit.reptiles.org/prog/xli/
 
diff -r 32113b3b1d60 -r 71b56bd9e22f graphics/xli/distinfo
--- a/graphics/xli/distinfo     Sun Oct 30 17:32:07 2005 +0000
+++ b/graphics/xli/distinfo     Sun Oct 30 17:58:58 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2005/10/23 20:02:57 rillig Exp $
+$NetBSD: distinfo,v 1.18 2005/10/30 17:58:58 salo Exp $
 
 SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88
 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426
@@ -7,3 +7,5 @@
 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e
 SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a
 SHA1 (patch-ad) = d47bc23051b9e75d265a413fdbde1c5bb9d747de
+SHA1 (patch-ae) = 9085d53b8823ec0ce42dc8072f74e97763abc86b
+SHA1 (patch-af) = e6d762b19dc82377727f045b731b40c04afefe11
diff -r 32113b3b1d60 -r 71b56bd9e22f graphics/xli/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-ae     Sun Oct 30 17:58:58 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ae,v 1.1 2005/10/30 17:58:58 salo Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- reduce.c.orig      1999-10-25 04:15:02.000000000 +0200
++++ reduce.c   2005-10-30 18:49:53.000000000 +0100
+@@ -178,7 +178,8 @@
+       /* get destination image */
+       depth = colorsToDepth(OutColors);
+       new_image = newRGBImage(image->width, image->height, depth);
+-      sprintf(buf, "%s (%d colors)", image->title, OutColors);
++      snprintf(buf, BUFSIZ, "%s (%d colors)", image->title, OutColors);
++      buf[BUFSIZ-1] = '\0';
+       new_image->title = dupString(buf);
+       new_image->gamma = image->gamma;
+ 
diff -r 32113b3b1d60 -r 71b56bd9e22f graphics/xli/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xli/patches/patch-af     Sun Oct 30 17:58:58 2005 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-af,v 1.1 2005/10/30 17:58:58 salo Exp $
+
+Security fix for CVE-2005-3178, from Debian.
+
+--- zoom.c.orig        2005-02-28 01:42:39.000000000 +0100
++++ zoom.c     2005-10-30 18:50:04.000000000 +0100
+@@ -52,28 +52,29 @@
+     if (verbose)
+       printf("  Zooming image Y axis by %d%%...", yzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++      snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom);
+   }
+   else if (!yzoom) {
+     if (verbose)
+       printf("  Zooming image X axis by %d%%...", xzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++      snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom);
+   }
+   else if (xzoom == yzoom) {
+     if (verbose)
+       printf("  Zooming image by %d%%...", xzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++      snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom);
+   }
+   else {
+     if (verbose)
+       printf("  Zooming image X axis by %d%% and Y axis by %d%%...",
+            xzoom, yzoom);
+     if (changetitle)
+-      sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++      snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+           xzoom, yzoom);
+   }
++  buf[BUFSIZ-1] = '\0';
+   if (!changetitle)
+     strcpy(buf,oimage->title);
+