diff options
| -rw-r--r-- | graphics/xli/Makefile | 4 | ||||
| -rw-r--r-- | graphics/xli/distinfo | 4 | ||||
| -rw-r--r-- | graphics/xli/patches/patch-ae | 16 | ||||
| -rw-r--r-- | graphics/xli/patches/patch-af | 40 |
4 files changed, 61 insertions, 3 deletions
diff --git a/graphics/xli/Makefile b/graphics/xli/Makefile index bcffa1e9d26..3bb0dd8e4f9 100644 --- a/graphics/xli/Makefile +++ b/graphics/xli/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.30 2005/10/10 19:54:13 reed Exp $ +# $NetBSD: Makefile,v 1.31 2005/10/30 17:58:58 salo Exp $ DISTNAME= xli-2005-02-27 PKGNAME= xli-1.17.0 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= graphics x11 MASTER_SITES= http://pantransit.reptiles.org/prog/xli/ diff --git a/graphics/xli/distinfo b/graphics/xli/distinfo index a36def49076..606341e8bb9 100644 --- a/graphics/xli/distinfo +++ b/graphics/xli/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2005/10/23 20:02:57 rillig Exp $ +$NetBSD: distinfo,v 1.18 2005/10/30 17:58:58 salo Exp $ SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426 @@ -7,3 +7,5 @@ SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a SHA1 (patch-ad) = d47bc23051b9e75d265a413fdbde1c5bb9d747de +SHA1 (patch-ae) = 9085d53b8823ec0ce42dc8072f74e97763abc86b +SHA1 (patch-af) = e6d762b19dc82377727f045b731b40c04afefe11 diff --git a/graphics/xli/patches/patch-ae b/graphics/xli/patches/patch-ae new file mode 100644 index 00000000000..78be8b31155 --- /dev/null +++ b/graphics/xli/patches/patch-ae @@ -0,0 +1,16 @@ +$NetBSD: patch-ae,v 1.1 2005/10/30 17:58:58 salo Exp $ + +Security fix for CVE-2005-3178, from Debian. + +--- reduce.c.orig 1999-10-25 04:15:02.000000000 +0200 ++++ reduce.c 2005-10-30 18:49:53.000000000 +0100 +@@ -178,7 +178,8 @@ + /* get destination image */ + depth = colorsToDepth(OutColors); + new_image = newRGBImage(image->width, image->height, depth); +- sprintf(buf, "%s (%d colors)", image->title, OutColors); ++ snprintf(buf, BUFSIZ, "%s (%d colors)", image->title, OutColors); ++ buf[BUFSIZ-1] = '\0'; + new_image->title = dupString(buf); + new_image->gamma = image->gamma; + diff --git a/graphics/xli/patches/patch-af b/graphics/xli/patches/patch-af new file mode 100644 index 00000000000..7e4565ee9b7 --- /dev/null +++ b/graphics/xli/patches/patch-af @@ -0,0 +1,40 @@ +$NetBSD: patch-af,v 1.1 2005/10/30 17:58:58 salo Exp $ + +Security fix for CVE-2005-3178, from Debian. + +--- zoom.c.orig 2005-02-28 01:42:39.000000000 +0100 ++++ zoom.c 2005-10-30 18:50:04.000000000 +0100 +@@ -52,28 +52,29 @@ + if (verbose) + printf(" Zooming image Y axis by %d%%...", yzoom); + if (changetitle) +- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom); ++ snprintf(buf, BUFSIZ, "%s (Y zoom %d%%)", oimage->title, yzoom); + } + else if (!yzoom) { + if (verbose) + printf(" Zooming image X axis by %d%%...", xzoom); + if (changetitle) +- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom); ++ snprintf(buf, BUFSIZ, "%s (X zoom %d%%)", oimage->title, xzoom); + } + else if (xzoom == yzoom) { + if (verbose) + printf(" Zooming image by %d%%...", xzoom); + if (changetitle) +- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom); ++ snprintf(buf, BUFSIZ, "%s (%d%% zoom)", oimage->title, xzoom); + } + else { + if (verbose) + printf(" Zooming image X axis by %d%% and Y axis by %d%%...", + xzoom, yzoom); + if (changetitle) +- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, ++ snprintf(buf, BUFSIZ, "%s (X zoom %d%% Y zoom %d%%)", oimage->title, + xzoom, yzoom); + } ++ buf[BUFSIZ-1] = '\0'; + if (!changetitle) + strcpy(buf,oimage->title); + |