diff options
author | salo <salo@pkgsrc.org> | 2005-03-21 15:19:28 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-03-21 15:19:28 +0000 |
commit | ec97a965ae025d186ef55e7c38607e6bf7409bd0 (patch) | |
tree | 5cfc7820d0d708f7748a0719d80c0503a9a0b5ee | |
parent | de4333b663bd1dc194ebe528b0ad6bcdd604a84f (diff) | |
download | pkgsrc-ec97a965ae025d186ef55e7c38607e6bf7409bd0.tar.gz |
Security fix for CAN-2001-0775:
"Buffer overflow in xli 1.17 allows remote attacker to execute arbitrary
code via a FACES format image containing a long Firstname or Lastname
field."
Patch from Debian. Bump PKGREVISION.
-rw-r--r-- | graphics/xli/Makefile | 4 | ||||
-rw-r--r-- | graphics/xli/distinfo | 3 | ||||
-rw-r--r-- | graphics/xli/patches/patch-ac | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/graphics/xli/Makefile b/graphics/xli/Makefile index 87c7d75df37..d8c0ec2341e 100644 --- a/graphics/xli/Makefile +++ b/graphics/xli/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.27 2005/03/05 23:02:30 fredb Exp $ +# $NetBSD: Makefile,v 1.28 2005/03/21 15:19:28 salo Exp $ DISTNAME= xli-2005-02-27 PKGNAME= xli-1.17.0 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics x11 MASTER_SITES= http://pantransit.reptiles.org/prog/xli/ diff --git a/graphics/xli/distinfo b/graphics/xli/distinfo index bca649d97b9..8fc5cc7244e 100644 --- a/graphics/xli/distinfo +++ b/graphics/xli/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.14 2005/03/10 14:18:51 tv Exp $ +$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $ SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426 Size (xli-2005-02-27.tar.gz) = 201011 bytes SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e +SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a diff --git a/graphics/xli/patches/patch-ac b/graphics/xli/patches/patch-ac new file mode 100644 index 00000000000..60d8da122f8 --- /dev/null +++ b/graphics/xli/patches/patch-ac @@ -0,0 +1,22 @@ +$NetBSD: patch-ac,v 1.3 2005/03/21 15:19:28 salo Exp $ + +--- faces.c.orig 2005-02-28 01:42:39.000000000 +0100 ++++ faces.c 2005-03-21 16:08:17.000000000 +0100 +@@ -54,9 +54,15 @@ + if (! strcmp(buf, "\n")) + break; + if (!strncmp(buf, "FirstName:", 10)) +- strcpy(fname, buf + 11); ++ { ++ strncpy(fname, buf + 11, BUFSIZ - 1); ++ fname[BUFSIZ - 1] = '\0'; ++ } + else if (!strncmp(buf, "LastName:", 9)) +- strcpy(lname, buf + 10); ++ { ++ strncpy(lname, buf + 10, BUFSIZ - 1); ++ lname[BUFSIZ - 1] = '\0'; ++ } + else if (!strncmp(buf, "Image:", 6)) { + if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) { + fprintf(stderr,"facesLoad: %s - Bad image\n", name); |