From b1a286444b3fa91576e157d0defc5671267bd42c Mon Sep 17 00:00:00 2001 From: salo Date: Mon, 21 Mar 2005 15:19:28 +0000 Subject: Security fix for CAN-2001-0775: "Buffer overflow in xli 1.17 allows remote attacker to execute arbitrary code via a FACES format image containing a long Firstname or Lastname field." Patch from Debian. Bump PKGREVISION. --- graphics/xli/Makefile | 4 ++-- graphics/xli/distinfo | 3 ++- graphics/xli/patches/patch-ac | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 graphics/xli/patches/patch-ac (limited to 'graphics/xli') diff --git a/graphics/xli/Makefile b/graphics/xli/Makefile index 87c7d75df37..d8c0ec2341e 100644 --- a/graphics/xli/Makefile +++ b/graphics/xli/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.27 2005/03/05 23:02:30 fredb Exp $ +# $NetBSD: Makefile,v 1.28 2005/03/21 15:19:28 salo Exp $ DISTNAME= xli-2005-02-27 PKGNAME= xli-1.17.0 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics x11 MASTER_SITES= http://pantransit.reptiles.org/prog/xli/ diff --git a/graphics/xli/distinfo b/graphics/xli/distinfo index bca649d97b9..8fc5cc7244e 100644 --- a/graphics/xli/distinfo +++ b/graphics/xli/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.14 2005/03/10 14:18:51 tv Exp $ +$NetBSD: distinfo,v 1.15 2005/03/21 15:19:28 salo Exp $ SHA1 (xli-2005-02-27.tar.gz) = 977d8ece0edd41f3ec606310496cf3231f046d88 RMD160 (xli-2005-02-27.tar.gz) = fc83fa5173befa73a0eeb56ad323dad148ef1426 Size (xli-2005-02-27.tar.gz) = 201011 bytes SHA1 (patch-aa) = e9092fdad849405c5a42760e64875566ed1e04f7 SHA1 (patch-ab) = 4c9e01d046fb96c056799b078c5d78451270f52e +SHA1 (patch-ac) = b4fca6bc9c198728aa3adc0a9f8afaf5be5a004a diff --git a/graphics/xli/patches/patch-ac b/graphics/xli/patches/patch-ac new file mode 100644 index 00000000000..60d8da122f8 --- /dev/null +++ b/graphics/xli/patches/patch-ac @@ -0,0 +1,22 @@ +$NetBSD: patch-ac,v 1.3 2005/03/21 15:19:28 salo Exp $ + +--- faces.c.orig 2005-02-28 01:42:39.000000000 +0100 ++++ faces.c 2005-03-21 16:08:17.000000000 +0100 +@@ -54,9 +54,15 @@ + if (! strcmp(buf, "\n")) + break; + if (!strncmp(buf, "FirstName:", 10)) +- strcpy(fname, buf + 11); ++ { ++ strncpy(fname, buf + 11, BUFSIZ - 1); ++ fname[BUFSIZ - 1] = '\0'; ++ } + else if (!strncmp(buf, "LastName:", 9)) +- strcpy(lname, buf + 10); ++ { ++ strncpy(lname, buf + 10, BUFSIZ - 1); ++ lname[BUFSIZ - 1] = '\0'; ++ } + else if (!strncmp(buf, "Image:", 6)) { + if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) { + fprintf(stderr,"facesLoad: %s - Bad image\n", name); -- cgit v1.2.3