Author: adwol Date: Mon Jul 2 12:21:14 2012 GMT Module: packages Tag: HEAD ---- Log message: - fixed segfault caused by buffer overflow (one of many, many...)
---- Files affected: packages/xv: xv.spec (1.49 -> 1.50) , xv-buffer_overflows.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/xv/xv.spec diff -u packages/xv/xv.spec:1.49 packages/xv/xv.spec:1.50 --- packages/xv/xv.spec:1.49 Thu Feb 9 19:55:09 2012 +++ packages/xv/xv.spec Mon Jul 2 14:21:09 2012 @@ -10,7 +10,7 @@ Summary(uk.UTF-8): Програма для перегляду та перетворення файлів зображень для X Name: xv Version: 3.10a -Release: 37 +Release: 38 License: Shareware Group: X11/Applications/Graphics Source0: ftp://ftp.cis.upenn.edu/pub/xv/%{name}-%{version}.tar.gz @@ -29,6 +29,7 @@ #from http://www.gregroelofs.com/code/%{name}-3.10a-enhancements.20070520-20081216.diff Patch1: %{name}-3.10a-enhancements.20070520-20081216.diff Patch2: %{name}-libpng-1.5.patch +Patch3: %{name}-buffer_overflows.patch URL: http://www.trilon.com/xv/xv.html BuildRequires: jasper-devel BuildRequires: libjpeg-devel @@ -108,6 +109,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p0 +%patch3 -p1 %build %{__make} \ @@ -153,6 +155,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.50 2012/07/02 12:21:09 adwol +- fixed segfault caused by buffer overflow (one of many, many...) + Revision 1.49 2012/02/09 18:55:09 baggins - rel 37 - fix building with libpng 1.5, from openbsd ================================================================ Index: packages/xv/xv-buffer_overflows.patch diff -u /dev/null packages/xv/xv-buffer_overflows.patch:1.1 --- /dev/null Mon Jul 2 14:21:14 2012 +++ packages/xv/xv-buffer_overflows.patch Mon Jul 2 14:21:09 2012 @@ -0,0 +1,39 @@ +diff -ruNp xv-3.10a.orig/xvtext.c xv-3.10a/xvtext.c +--- xv-3.10a.orig/xvtext.c 2012-07-02 14:12:18.729232321 +0200 ++++ xv-3.10a/xvtext.c 2012-07-02 14:14:09.245684311 +0200 +@@ -53,7 +53,7 @@ + # define TV_J_NBUTTS 8 + #endif + +-#define TITLELEN 128 ++#define TITLELEN 270 + + #ifdef TV_MULTILINGUAL + struct coding_spec { +@@ -385,7 +385,7 @@ int TextView(fname) + + int filetype; + long textlen; +- char *text, buf[512], title[128], rfname[MAXPATHLEN+1]; ++ char *text, buf[512], title[TITLELEN], rfname[MAXPATHLEN+1]; + char *basefname[128]; /* just current fname, no path */ + FILE *fp; + char filename[MAXPATHLEN+1]; +@@ -453,7 +453,7 @@ int TextView(fname) + + fclose(fp); + +- sprintf(title, "File: '%s'", BaseName(fname)); ++ snprintf(title, TITLELEN, "File: '%s'", BaseName(fname)); + OpenTextView(text, (int) textlen, title, 1); + + /* note: text gets freed when window gets closed */ +@@ -545,7 +545,7 @@ void ChangeCommentText() + tv->freeonclose = 0; + + if (strlen(fullfname)) +- sprintf(tv->title, "File: '%s'", BaseName(fullfname)); ++ snprintf(tv->title, TITLELEN, "File: '%s'", BaseName(fullfname)); + else + sprintf(tv->title, "<no file loaded>"); + ================================================================ ---- CVS-web: http://cvs.pld-linux.org/packages/xv/xv.spec?r1=1.49&r2=1.50 _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
