Hello community,
here is the log from the commit of package feh for openSUSE:Factory checked in
at 2017-04-19 18:11:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/feh (Old)
and /work/SRC/openSUSE:Factory/.feh.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "feh"
Wed Apr 19 18:11:23 2017 rev:12 rq:489249 version:2.18.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/feh/feh.changes 2017-02-26 17:09:16.427736473
+0100
+++ /work/SRC/openSUSE:Factory/.feh.new/feh.changes 2017-04-19
18:11:24.652875748 +0200
@@ -1,0 +2,17 @@
+Wed Apr 19 08:23:36 UTC 2017 - mimi...@gmail.com
+
+- update to 2.18.3
+- fixes boo#1034567 - CVE-2017-7875
+ * Fix double-free/OOB-write in E17 IPC. This only affects the background
+ setting options and requires a malicious X11 app to run alongside feh
+ and pretend to be an E17 window manager.
+ * Fix image-specific format specifiers not being updated correctly in
thumbnail
+ mode window titles
+ * Fix memory leak when closing images opened from thumbnail mode
+ * Fix a possible out of bounds read caused by an unterminated string when
+ using --output to save images in long paths
+ * Fix out of bounds read/write when handling empty or broken caption files.
+ * Fix memory leak when saving a filelist or image whose target filename
+ already exists.
+
+-------------------------------------------------------------------
Old:
----
feh-2.18.2.tar.bz2
feh-2.18.2.tar.bz2.asc
New:
----
feh-2.18.3.tar.bz2
feh-2.18.3.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ feh.spec ++++++
--- /var/tmp/diff_new_pack.arJKoX/_old 2017-04-19 18:11:25.448763166 +0200
+++ /var/tmp/diff_new_pack.arJKoX/_new 2017-04-19 18:11:25.452762600 +0200
@@ -17,7 +17,7 @@
Name: feh
-Version: 2.18.2
+Version: 2.18.3
Release: 0
Summary: Fast and Lightweight Image Viewer
License: MIT and LGPL-2.0+
++++++ feh-2.18.2.tar.bz2 -> feh-2.18.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/ChangeLog new/feh-2.18.3/ChangeLog
--- old/feh-2.18.2/ChangeLog 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/ChangeLog 2017-04-04 21:26:38.000000000 +0200
@@ -1,3 +1,20 @@
+Tue, 04 Apr 2017 21:22:16 +0200 Daniel Friesel <derf+...@finalrewind.org>
+
+* Release v2.18.3
+ * Fix double-free/OOB-write in E17 IPC. This only affects the
+ background setting options and requires a malicious X11 app to run
+ alongside feh and pretend to be an E17 window manager.
+ (patch by Tobias Stoeckmann)
+ * Fix image-specific format specifiers not being updated correctly in
+ thumbnail mode window titles
+ * Fix memory leak when closing images opened from thumbnail mode
+ * Fix a possible out of bounds read caused by an unterminated string when
+ using --output to save images in long paths. (patch by Tobias Stoeckmann)
+ * Fix out of bounds read/write when handling empty or broken caption files.
+ (patch by Tobias Stoeckmann)
+ * Fix memory leak when saving a filelist or image whose target filename
+ already exists. (patch by Tobias Stoeckmann)
+
Thu, 16 Feb 2017 23:05:39 +0100 Daniel Friesel <derf+...@finalrewind.org>
* Release v2.18.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/config.mk new/feh-2.18.3/config.mk
--- old/feh-2.18.2/config.mk 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/config.mk 2017-04-04 21:26:38.000000000 +0200
@@ -1,5 +1,5 @@
PACKAGE ?= feh
-VERSION ?= 2.18.2
+VERSION ?= 2.18.3
app ?= 0
cam ?= 0
@@ -73,7 +73,7 @@
MAN_EXIF = disabled
endif
-MAN_DATE ?= February 16, 2017
+MAN_DATE ?= April 04, 2017
# Uncomment this to use dmalloc
#CFLAGS += -DWITH_DMALLOC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/collage.c new/feh-2.18.3/src/collage.c
--- old/feh-2.18.2/src/collage.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/collage.c 2017-04-04 21:26:38.000000000 +0200
@@ -191,8 +191,10 @@
char output_buf[1024];
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir,
opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image(im_main, output_buf);
if (opt.verbose) {
int tw, th;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/feh.h new/feh-2.18.3/src/feh.h
--- old/feh-2.18.2/src/feh.h 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/feh.h 2017-04-04 21:26:38.000000000 +0200
@@ -138,6 +138,7 @@
void slideshow_change_image(winwidget winwid, int change, int render);
void slideshow_pause_toggle(winwidget w);
char *slideshow_create_name(feh_file * file, winwidget winwid);
+char *thumbnail_create_name(feh_file * file, winwidget winwid);
void init_keyevents(void);
void init_buttonbindings(void);
void feh_event_handle_keypress(XEvent * ev);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/index.c new/feh-2.18.3/src/index.c
--- old/feh-2.18.2/src/index.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/index.c 2017-04-04 21:26:38.000000000 +0200
@@ -324,8 +324,10 @@
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir,
opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image_with_error_return(im_main, output_buf,
&err);
if (err) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/slideshow.c
new/feh-2.18.3/src/slideshow.c
--- old/feh-2.18.2/src/slideshow.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/slideshow.c 2017-04-04 21:26:38.000000000 +0200
@@ -686,6 +686,7 @@
filelist = feh_file_rm_and_free(filelist, winwid->file);
else
filelist = feh_file_remove_from_list(filelist,
winwid->file);
+ winwid->file = NULL;
winwidget_destroy(winwid);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/thumbnail.c
new/feh-2.18.3/src/thumbnail.c
--- old/feh-2.18.2/src/thumbnail.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/thumbnail.c 2017-04-04 21:26:38.000000000 +0200
@@ -381,8 +381,10 @@
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir,
opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image_with_error_return(td.im_main, output_buf,
&err);
if (err) {
feh_imlib_print_load_error(output_buf, td.im_main, err);
@@ -876,3 +878,16 @@
return status;
}
+
+char *thumbnail_create_name(feh_file * file, winwidget winwid)
+{
+ char *s = NULL;
+
+ if (!opt.thumb_title) {
+ s = estrdup(file->filename);
+ } else {
+ s = estrdup(feh_printf(opt.thumb_title, file, winwid));
+ }
+
+ return(s);
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/timers.c new/feh-2.18.3/src/timers.c
--- old/feh-2.18.2/src/timers.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/timers.c 2017-04-04 21:26:38.000000000 +0200
@@ -95,7 +95,7 @@
D(("adding timer %s for %f seconds time\n", name, in));
feh_remove_timer(name);
- ft = malloc(sizeof(_fehtimer));
+ ft = emalloc(sizeof(_fehtimer));
ft->next = NULL;
ft->func = func;
ft->data = data;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/utils.c new/feh-2.18.3/src/utils.c
--- old/feh-2.18.2/src/utils.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/utils.c 2017-04-04 21:26:38.000000000 +0200
@@ -122,7 +122,7 @@
s = va_arg(args, char *);
}
va_end(args);
- string = malloc(sizeof(char) * (len + 1));
+ string = emalloc(sizeof(char) * (len + 1));
*string = 0;
va_start(args, separator);
@@ -169,9 +169,11 @@
ppid = getpid();
snprintf(cppid, sizeof(cppid), "%06ld", (long) ppid);
+ tmpname = NULL;
/* make sure file doesn't exist */
do {
snprintf(num, sizeof(num), "%06ld", i++);
+ free(tmpname);
tmpname = estrjoin("", path, "feh_", cppid, "_", num, "_",
basename, NULL);
}
while (stat(tmpname, &st) == 0);
@@ -183,14 +185,14 @@
{
char buffer[4096];
FILE *fp;
- int count;
+ size_t count;
fp = fopen(path, "r");
if (!fp)
return NULL;
count = fread(buffer, sizeof(char), sizeof(buffer) - 1, fp);
- if (buffer[count - 1] == '\n')
+ if (count > 0 && buffer[count - 1] == '\n')
buffer[count - 1] = '\0';
else
buffer[count] = '\0';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/wallpaper.c
new/feh-2.18.3/src/wallpaper.c
--- old/feh-2.18.2/src/wallpaper.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/wallpaper.c 2017-04-04 21:26:38.000000000 +0200
@@ -795,7 +795,7 @@
{
static char *message = NULL;
- static unsigned short len = 0;
+ static size_t len = 0;
char buff[13], *ret_msg = NULL;
register unsigned char i;
unsigned char blen;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/feh-2.18.2/src/winwidget.c
new/feh-2.18.3/src/winwidget.c
--- old/feh-2.18.2/src/winwidget.c 2017-02-16 23:11:12.000000000 +0100
+++ new/feh-2.18.3/src/winwidget.c 2017-04-04 21:26:38.000000000 +0200
@@ -634,9 +634,14 @@
feh_draw_info(winwid);
if (winwid->errstr)
feh_draw_errstr(winwid);
- if (opt.title && (current_file != NULL)) {
- /* title might contain e.g. the zoom specifier ->
rewrite */
- char *s =
slideshow_create_name(FEH_FILE(current_file->data), winwid);
+ if (opt.title && (winwid->type != WIN_TYPE_THUMBNAIL_VIEWER) &&
+ (winwid->file != NULL)) {
+ char *s =
slideshow_create_name(FEH_FILE(winwid->file->data), winwid);
+ winwidget_rename(winwid, s);
+ free(s);
+ } else if (opt.thumb_title && (winwid->type ==
WIN_TYPE_THUMBNAIL_VIEWER) &&
+ (winwid->file != NULL)) {
+ char *s =
thumbnail_create_name(FEH_FILE(winwid->file->data), winwid);
winwidget_rename(winwid, s);
free(s);
}
@@ -755,6 +760,8 @@
free(winwid->name);
if (winwid->gc)
XFreeGC(disp, winwid->gc);
+ if ((winwid->type == WIN_TYPE_THUMBNAIL_VIEWER) && (winwid->file !=
NULL))
+ gib_list_free(winwid->file);
if (winwid->im)
gib_imlib_free_image_and_decache(winwid->im);
free(winwid);
