diff options
| author |   Tavis Ormandy <taviso@gentoo.org> | 2005-02-28 15:46:04 +0000 |
|---|---|---|
| committer | Tavis Ormandy <taviso@gentoo.org> | 2005-02-28 15:46:04 +0000 |
| commit | 44021fe780e7962f03491dd631ef6e954fa16a56 (patch) | |
| tree | a6349cef5cd24664b2b49b59926085ccc6a7e760 /media-gfx | |
| parent | Version bumped. (diff) | |
| download | historical-44021fe780e7962f03491dd631ef6e954fa16a56.tar.gz historical-44021fe780e7962f03491dd631ef6e954fa16a56.tar.bz2 historical-44021fe780e7962f03491dd631ef6e954fa16a56.zip | |
security patch
Package-Manager: portage-2.0.51.17
Diffstat (limited to 'media-gfx')
| -rw-r--r-- | media-gfx/xloadimage/ChangeLog | 8 | ||||
| -rw-r--r-- | media-gfx/xloadimage/Manifest | 9 | ||||
| -rw-r--r-- | media-gfx/xloadimage/files/digest-xloadimage-4.1-r2 | 2 | ||||
| -rw-r--r-- | media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff | 36 | ||||
| -rw-r--r-- | media-gfx/xloadimage/xloadimage-4.1-r2.ebuild | 79 |
5 files changed, 130 insertions, 4 deletions
diff --git a/media-gfx/xloadimage/ChangeLog b/media-gfx/xloadimage/ChangeLog index fda3173375e9..fe3d38dfab98 100644 --- a/media-gfx/xloadimage/ChangeLog +++ b/media-gfx/xloadimage/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-gfx/xloadimage # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.9 2005/01/02 23:54:38 gongloo Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/ChangeLog,v 1.10 2005/02/28 15:46:04 taviso Exp $ + +*xloadimage-4.1-r2 (28 Feb 2005) + + 28 Feb 2005; Tavis Ormandy <taviso@gentoo.org> + +files/xloadimage-4.1-zio-shell-meta-char.diff, +xloadimage-4.1-r2.ebuild: + security patch, escape shell meta chars when viewing compressed files. 02 Jan 2005; <gongloo@gentoo.org> xloadimage-4.1-r1.ebuild: Stable on ppc-macos. diff --git a/media-gfx/xloadimage/Manifest b/media-gfx/xloadimage/Manifest index e4d56bbba38a..d0ad1715d28a 100644 --- a/media-gfx/xloadimage/Manifest +++ b/media-gfx/xloadimage/Manifest @@ -1,5 +1,8 @@ -MD5 77ee56c748e7170fea45d8690f40fb42 ChangeLog 3152 -MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166 MD5 078fc3ab12c2f7564321ccdb25dda6f7 xloadimage-4.1-r1.ebuild 1987 -MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r1 140 +MD5 4feca7c45afc3e124fa18b5a7b61d138 xloadimage-4.1-r2.ebuild 2046 +MD5 a02686517879c954f21c0f670eb063e9 ChangeLog 3386 +MD5 cdb11033a3fa6525334cecf938961c07 metadata.xml 166 MD5 c411c977cc7ae79dd96aad933980dbb2 files/xloadimage-4.1-include-errno_h.patch 303 +MD5 9208b10866e00f1e47bb12a7f8bec04a files/xloadimage-4.1-zio-shell-meta-char.diff 1372 +MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r1 140 +MD5 bad387ba03d0111a70dd7066ba97d5e5 files/digest-xloadimage-4.1-r2 140 diff --git a/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2 b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2 new file mode 100644 index 000000000000..4036b1b2fd56 --- /dev/null +++ b/media-gfx/xloadimage/files/digest-xloadimage-4.1-r2 @@ -0,0 +1,2 @@ +MD5 7331850fc04056ab8ae6b5725d1fb3d2 xloadimage.4.1.tar.gz 596021 +MD5 8f5cc72c54ea730ba99026f006e71e10 xloadimage-4.1-gentoo.diff.bz2 41390 diff --git a/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff new file mode 100644 index 000000000000..730504fb43f6 --- /dev/null +++ b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff @@ -0,0 +1,36 @@ +--- xloadimage.4.1/zio.c 1993-10-28 17:10:02.000000000 +0000 ++++ xloadimage.4.1/zio.c 2005-02-28 15:32:05.895470680 +0000 +@@ -210,9 +211,30 @@ + if ((strlen(name) > strlen(filter->extension)) && + !strcmp(filter->extension, + name + (strlen(name) - strlen(filter->extension)))) { +- debug(("Filtering image through '%s'\n", filter->filter)); +- zf->type= ZPIPE; +- sprintf(buf, "%s %s", filter->filter, name); ++ char *fname, *t, *s; ++ ++ /* meta-char protection from xli. ++ * ++ * protect in single quotes, replacing single quotes ++ * with '"'"', so worst-case expansion is 5x ++ */ ++ ++ s = fname = (char *) lmalloc(1 + (5 * strlen(name)) + 1 + 1); ++ *s++ = '\''; ++ for (t = name; *t; ++t) { ++ if ('\'' == *t) { ++ /* 'foo'bar' -> 'foo'"'"'bar' */ ++ strcpy(s, "'\"'\"'"); ++ s += strlen(s); ++ } else { ++ *s++ = *t; ++ } ++ } ++ strcpy (s, "'"); ++ debug(("Filtering image through '%s'\n", filter->filter)); ++ zf->type= ZPIPE; ++ sprintf(buf, "%s %s", filter->filter, fname); ++ lfree (fname); + if (! (zf->stream= popen(buf, "r"))) { + lfree((byte *)zf->filename); + zf->filename= NULL; diff --git a/media-gfx/xloadimage/xloadimage-4.1-r2.ebuild b/media-gfx/xloadimage/xloadimage-4.1-r2.ebuild new file mode 100644 index 000000000000..7e036d820ab5 --- /dev/null +++ b/media-gfx/xloadimage/xloadimage-4.1-r2.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xloadimage/xloadimage-4.1-r2.ebuild,v 1.1 2005/02/28 15:46:04 taviso Exp $ + +inherit alternatives eutils flag-o-matic + +MY_P="${P/-/.}" +S=${WORKDIR}/${MY_P} +DESCRIPTION="utility to view many different types of images under X11" +HOMEPAGE="http://world.std.com/~jimf/xloadimage.html" +SRC_URI="ftp://ftp.x.org/R5contrib/${MY_P}.tar.gz + mirror://gentoo/${P}-gentoo.diff.bz2" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos" +IUSE="tiff jpeg png" + +RDEPEND="virtual/x11 + tiff? ( media-libs/tiff ) + png? ( media-libs/libpng ) + jpeg? ( media-libs/jpeg )" +DEPEND="${RDEPEND} + >=sys-apps/sed-4.0.5" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${WORKDIR}/${P}-gentoo.diff + epatch ${FILESDIR}/${P}-zio-shell-meta-char.diff + + # Do not define errno extern, but rather include errno.h + # <azarah@gentoo.org> (1 Jan 2003) + epatch ${FILESDIR}/${P}-include-errno_h.patch + + sed -i "s:OPT_FLAGS=:OPT_FLAGS=$CFLAGS:" Make.conf + sed -i "s:^#include <varargs.h>:#include <stdarg.h>:" ${S}/rlelib.c + + if use ppc-macos ; then + sed -i 's,<malloc.h>,<malloc/malloc.h>,' vicar.c + for f in $(grep zopen * | cut -d':' -f1 | uniq);do + sed -i "s:zopen:zloadimage_zopen:g" $f + done + fi + + chmod +x ${S}/configure +} + +src_install() { + dobin xloadimage + dobin uufilter + + insinto /etc/X11 + doins xloadimagerc + + newman xloadimage.man xloadimage.1 + newman uufilter.man uufilter.1 + + dodoc README +} + +update_alternatives() { + alternatives_makesym /usr/bin/xview \ + /usr/bin/{xloadimage,xli} + alternatives_makesym /usr/bin/xsetbg \ + /usr/bin/{xloadimage,xli} + alternatives_makesym /usr/share/man/man1/xview.1.gz \ + /usr/share/man/man1/{xloadimage,xli}.1.gz + alternatives_makesym /usr/share/man/man1/xsetbg.1.gz \ + /usr/share/man/man1/{xloadimage,xli}.1.gz +} + +pkg_postinst() { + use ppc-macos || update_alternatives +} + +pkg_postrm() { + use ppc-macos || update_alternatives +} |