Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/xloadimage/files
diff options
context:
space:
mode:
authorTavis Ormandy <taviso@gentoo.org>2005-02-28 15:46:04 +0000
committerTavis Ormandy <taviso@gentoo.org>2005-02-28 15:46:04 +0000
commit44021fe780e7962f03491dd631ef6e954fa16a56 (patch)
treea6349cef5cd24664b2b49b59926085ccc6a7e760 /media-gfx/xloadimage/files
parentVersion bumped. (diff)
downloadhistorical-44021fe780e7962f03491dd631ef6e954fa16a56.tar.gz
historical-44021fe780e7962f03491dd631ef6e954fa16a56.tar.bz2
historical-44021fe780e7962f03491dd631ef6e954fa16a56.zip
security patch
Package-Manager: portage-2.0.51.17
Diffstat (limited to 'media-gfx/xloadimage/files')
-rw-r--r--media-gfx/xloadimage/files/digest-xloadimage-4.1-r22
-rw-r--r--media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff36
2 files changed, 38 insertions, 0 deletions
diff --git a/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2 b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2
new file mode 100644
index 000000000000..4036b1b2fd56
--- /dev/null
+++ b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2
@@ -0,0 +1,2 @@
+MD5 7331850fc04056ab8ae6b5725d1fb3d2 xloadimage.4.1.tar.gz 596021
+MD5 8f5cc72c54ea730ba99026f006e71e10 xloadimage-4.1-gentoo.diff.bz2 41390
diff --git a/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff
new file mode 100644
index 000000000000..730504fb43f6
--- /dev/null
+++ b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff
@@ -0,0 +1,36 @@
+--- xloadimage.4.1/zio.c 1993-10-28 17:10:02.000000000 +0000
++++ xloadimage.4.1/zio.c 2005-02-28 15:32:05.895470680 +0000
+@@ -210,9 +211,30 @@
+ if ((strlen(name) > strlen(filter->extension)) &&
+ !strcmp(filter->extension,
+ name + (strlen(name) - strlen(filter->extension)))) {
+- debug(("Filtering image through '%s'\n", filter->filter));
+- zf->type= ZPIPE;
+- sprintf(buf, "%s %s", filter->filter, name);
++ char *fname, *t, *s;
++
++ /* meta-char protection from xli.
++ *
++ * protect in single quotes, replacing single quotes
++ * with '"'"', so worst-case expansion is 5x
++ */
++
++ s = fname = (char *) lmalloc(1 + (5 * strlen(name)) + 1 + 1);
++ *s++ = '\'';
++ for (t = name; *t; ++t) {
++ if ('\'' == *t) {
++ /* 'foo'bar' -> 'foo'"'"'bar' */
++ strcpy(s, "'\"'\"'");
++ s += strlen(s);
++ } else {
++ *s++ = *t;
++ }
++ }
++ strcpy (s, "'");
++ debug(("Filtering image through '%s'\n", filter->filter));
++ zf->type= ZPIPE;
++ sprintf(buf, "%s %s", filter->filter, fname);
++ lfree (fname);
+ if (! (zf->stream= popen(buf, "r"))) {
+ lfree((byte *)zf->filename);
+ zf->filename= NULL;