Hello community, here is the log from the commit of package feh for openSUSE:Factory checked in at 2017-04-19 18:11:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/feh (Old) and /work/SRC/openSUSE:Factory/.feh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "feh" Wed Apr 19 18:11:23 2017 rev:12 rq:489249 version:2.18.3 Changes: -------- --- /work/SRC/openSUSE:Factory/feh/feh.changes 2017-02-26 17:09:16.427736473 +0100 +++ /work/SRC/openSUSE:Factory/.feh.new/feh.changes 2017-04-19 18:11:24.652875748 +0200 @@ -1,0 +2,17 @@ +Wed Apr 19 08:23:36 UTC 2017 - mimi...@gmail.com + +- update to 2.18.3 +- fixes boo#1034567 - CVE-2017-7875 + * Fix double-free/OOB-write in E17 IPC. This only affects the background + setting options and requires a malicious X11 app to run alongside feh + and pretend to be an E17 window manager. + * Fix image-specific format specifiers not being updated correctly in thumbnail + mode window titles + * Fix memory leak when closing images opened from thumbnail mode + * Fix a possible out of bounds read caused by an unterminated string when + using --output to save images in long paths + * Fix out of bounds read/write when handling empty or broken caption files. + * Fix memory leak when saving a filelist or image whose target filename + already exists. + +------------------------------------------------------------------- Old: ---- feh-2.18.2.tar.bz2 feh-2.18.2.tar.bz2.asc New: ---- feh-2.18.3.tar.bz2 feh-2.18.3.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ feh.spec ++++++ --- /var/tmp/diff_new_pack.arJKoX/_old 2017-04-19 18:11:25.448763166 +0200 +++ /var/tmp/diff_new_pack.arJKoX/_new 2017-04-19 18:11:25.452762600 +0200 @@ -17,7 +17,7 @@ Name: feh -Version: 2.18.2 +Version: 2.18.3 Release: 0 Summary: Fast and Lightweight Image Viewer License: MIT and LGPL-2.0+ ++++++ feh-2.18.2.tar.bz2 -> feh-2.18.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/ChangeLog new/feh-2.18.3/ChangeLog --- old/feh-2.18.2/ChangeLog 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/ChangeLog 2017-04-04 21:26:38.000000000 +0200 @@ -1,3 +1,20 @@ +Tue, 04 Apr 2017 21:22:16 +0200 Daniel Friesel <derf+...@finalrewind.org> + +* Release v2.18.3 + * Fix double-free/OOB-write in E17 IPC. This only affects the + background setting options and requires a malicious X11 app to run + alongside feh and pretend to be an E17 window manager. + (patch by Tobias Stoeckmann) + * Fix image-specific format specifiers not being updated correctly in + thumbnail mode window titles + * Fix memory leak when closing images opened from thumbnail mode + * Fix a possible out of bounds read caused by an unterminated string when + using --output to save images in long paths. (patch by Tobias Stoeckmann) + * Fix out of bounds read/write when handling empty or broken caption files. + (patch by Tobias Stoeckmann) + * Fix memory leak when saving a filelist or image whose target filename + already exists. (patch by Tobias Stoeckmann) + Thu, 16 Feb 2017 23:05:39 +0100 Daniel Friesel <derf+...@finalrewind.org> * Release v2.18.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/config.mk new/feh-2.18.3/config.mk --- old/feh-2.18.2/config.mk 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/config.mk 2017-04-04 21:26:38.000000000 +0200 @@ -1,5 +1,5 @@ PACKAGE ?= feh -VERSION ?= 2.18.2 +VERSION ?= 2.18.3 app ?= 0 cam ?= 0 @@ -73,7 +73,7 @@ MAN_EXIF = disabled endif -MAN_DATE ?= February 16, 2017 +MAN_DATE ?= April 04, 2017 # Uncomment this to use dmalloc #CFLAGS += -DWITH_DMALLOC diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/collage.c new/feh-2.18.3/src/collage.c --- old/feh-2.18.2/src/collage.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/collage.c 2017-04-04 21:26:38.000000000 +0200 @@ -191,8 +191,10 @@ char output_buf[1024]; if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image(im_main, output_buf); if (opt.verbose) { int tw, th; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/feh.h new/feh-2.18.3/src/feh.h --- old/feh-2.18.2/src/feh.h 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/feh.h 2017-04-04 21:26:38.000000000 +0200 @@ -138,6 +138,7 @@ void slideshow_change_image(winwidget winwid, int change, int render); void slideshow_pause_toggle(winwidget w); char *slideshow_create_name(feh_file * file, winwidget winwid); +char *thumbnail_create_name(feh_file * file, winwidget winwid); void init_keyevents(void); void init_buttonbindings(void); void feh_event_handle_keypress(XEvent * ev); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/index.c new/feh-2.18.3/src/index.c --- old/feh-2.18.2/src/index.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/index.c 2017-04-04 21:26:38.000000000 +0200 @@ -324,8 +324,10 @@ if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image_with_error_return(im_main, output_buf, &err); if (err) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/slideshow.c new/feh-2.18.3/src/slideshow.c --- old/feh-2.18.2/src/slideshow.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/slideshow.c 2017-04-04 21:26:38.000000000 +0200 @@ -686,6 +686,7 @@ filelist = feh_file_rm_and_free(filelist, winwid->file); else filelist = feh_file_remove_from_list(filelist, winwid->file); + winwid->file = NULL; winwidget_destroy(winwid); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/thumbnail.c new/feh-2.18.3/src/thumbnail.c --- old/feh-2.18.2/src/thumbnail.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/thumbnail.c 2017-04-04 21:26:38.000000000 +0200 @@ -381,8 +381,10 @@ if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image_with_error_return(td.im_main, output_buf, &err); if (err) { feh_imlib_print_load_error(output_buf, td.im_main, err); @@ -876,3 +878,16 @@ return status; } + +char *thumbnail_create_name(feh_file * file, winwidget winwid) +{ + char *s = NULL; + + if (!opt.thumb_title) { + s = estrdup(file->filename); + } else { + s = estrdup(feh_printf(opt.thumb_title, file, winwid)); + } + + return(s); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/timers.c new/feh-2.18.3/src/timers.c --- old/feh-2.18.2/src/timers.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/timers.c 2017-04-04 21:26:38.000000000 +0200 @@ -95,7 +95,7 @@ D(("adding timer %s for %f seconds time\n", name, in)); feh_remove_timer(name); - ft = malloc(sizeof(_fehtimer)); + ft = emalloc(sizeof(_fehtimer)); ft->next = NULL; ft->func = func; ft->data = data; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/utils.c new/feh-2.18.3/src/utils.c --- old/feh-2.18.2/src/utils.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/utils.c 2017-04-04 21:26:38.000000000 +0200 @@ -122,7 +122,7 @@ s = va_arg(args, char *); } va_end(args); - string = malloc(sizeof(char) * (len + 1)); + string = emalloc(sizeof(char) * (len + 1)); *string = 0; va_start(args, separator); @@ -169,9 +169,11 @@ ppid = getpid(); snprintf(cppid, sizeof(cppid), "%06ld", (long) ppid); + tmpname = NULL; /* make sure file doesn't exist */ do { snprintf(num, sizeof(num), "%06ld", i++); + free(tmpname); tmpname = estrjoin("", path, "feh_", cppid, "_", num, "_", basename, NULL); } while (stat(tmpname, &st) == 0); @@ -183,14 +185,14 @@ { char buffer[4096]; FILE *fp; - int count; + size_t count; fp = fopen(path, "r"); if (!fp) return NULL; count = fread(buffer, sizeof(char), sizeof(buffer) - 1, fp); - if (buffer[count - 1] == '\n') + if (count > 0 && buffer[count - 1] == '\n') buffer[count - 1] = '\0'; else buffer[count] = '\0'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/wallpaper.c new/feh-2.18.3/src/wallpaper.c --- old/feh-2.18.2/src/wallpaper.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/wallpaper.c 2017-04-04 21:26:38.000000000 +0200 @@ -795,7 +795,7 @@ { static char *message = NULL; - static unsigned short len = 0; + static size_t len = 0; char buff[13], *ret_msg = NULL; register unsigned char i; unsigned char blen; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/feh-2.18.2/src/winwidget.c new/feh-2.18.3/src/winwidget.c --- old/feh-2.18.2/src/winwidget.c 2017-02-16 23:11:12.000000000 +0100 +++ new/feh-2.18.3/src/winwidget.c 2017-04-04 21:26:38.000000000 +0200 @@ -634,9 +634,14 @@ feh_draw_info(winwid); if (winwid->errstr) feh_draw_errstr(winwid); - if (opt.title && (current_file != NULL)) { - /* title might contain e.g. the zoom specifier -> rewrite */ - char *s = slideshow_create_name(FEH_FILE(current_file->data), winwid); + if (opt.title && (winwid->type != WIN_TYPE_THUMBNAIL_VIEWER) && + (winwid->file != NULL)) { + char *s = slideshow_create_name(FEH_FILE(winwid->file->data), winwid); + winwidget_rename(winwid, s); + free(s); + } else if (opt.thumb_title && (winwid->type == WIN_TYPE_THUMBNAIL_VIEWER) && + (winwid->file != NULL)) { + char *s = thumbnail_create_name(FEH_FILE(winwid->file->data), winwid); winwidget_rename(winwid, s); free(s); } @@ -755,6 +760,8 @@ free(winwid->name); if (winwid->gc) XFreeGC(disp, winwid->gc); + if ((winwid->type == WIN_TYPE_THUMBNAIL_VIEWER) && (winwid->file != NULL)) + gib_list_free(winwid->file); if (winwid->im) gib_imlib_free_image_and_decache(winwid->im); free(winwid);