rpms/xloadimage/FC-3 xloadimage-4.1-leak.patch, NONE, 1.1 xloadimage-4.1-title.patch, NONE, 1.1 xloadimage.spec, 1.6, 1.7
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 10 08:30:59 UTC 2005
- Previous message (by thread): rpms/ntp/devel ntp-stable-4.2.0a-20040617-C-Frame-121.patch, NONE, 1.1 ntp.spec, 1.36, 1.37
- Next message (by thread): rpms/man-pages/devel .cvsignore, 1.15, 1.16 man-pages.spec, 1.30, 1.31 sources, 1.15, 1.16 man-pages-1.67-readv.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: stransky
Update of /cvs/dist/rpms/xloadimage/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv1791
Modified Files:
xloadimage.spec
Added Files:
xloadimage-4.1-leak.patch xloadimage-4.1-title.patch
Log Message:
fix for CAN-2005-3178 xloadimage NIFF buffer overflow (#170150), fix a memory leak
xloadimage-4.1-leak.patch:
zio.c | 2 ++
1 files changed, 2 insertions(+)
--- NEW FILE xloadimage-4.1-leak.patch ---
--- xloadimage.4.1/zio.c.old 2005-04-11 11:24:57.000000000 +0200
+++ xloadimage.4.1/zio.c 2005-04-11 11:26:15.000000000 +0200
@@ -232,8 +232,10 @@
if (! (zf->stream= popen(buf, "r"))) {
lfree((byte *)zf->filename);
zf->filename= NULL;
+ lfree(buf);
return(NULL);
}
+ lfree(buf);
return(zf);
}
}
xloadimage-4.1-title.patch:
reduce.c | 2 +-
rotate.c | 2 +-
zoom.c | 9 +++++----
3 files changed, 7 insertions(+), 6 deletions(-)
--- NEW FILE xloadimage-4.1-title.patch ---
--- xloadimage.4.1/rotate.c.title 1993-10-21 22:28:41.000000000 +0100
+++ xloadimage.4.1/rotate.c 2005-10-09 22:39:56.000000000 +0200
@@ -71,7 +71,7 @@
{ printf(" Rotating image by %d degrees...", degrees);
fflush(stdout);
}
- sprintf(buf, "%s (rotated by %d degrees)", simage->title, degrees);
+ snprintf(buf, sizeof(buf), "%s (rotated by %d degrees)", simage->title, degrees);
image1 = simage;
do {
--- xloadimage.4.1/zoom.c.title 1993-10-21 22:28:44.000000000 +0100
+++ xloadimage.4.1/zoom.c 2005-10-09 22:39:44.000000000 +0200
@@ -61,25 +61,26 @@
if (!xzoom) {
if (verbose)
printf(" Zooming image Y axis by %d%%...", yzoom);
- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
+ snprintf(buf, sizeof(buf), "%s (Y zoom %d%%)", oimage->title, yzoom);
}
else if (!yzoom) {
if (verbose)
printf(" Zooming image X axis by %d%%...", xzoom);
- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
+ snprintf(buf, sizeof(buf), "%s (X zoom %d%%)", oimage->title, xzoom);
}
else if (xzoom == yzoom) {
if (verbose)
printf(" Zooming image by %d%%...", xzoom);
- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
+ snprintf(buf, sizeof(buf),"%s (%d%% zoom)", oimage->title, xzoom);
}
else {
if (verbose)
printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
xzoom, yzoom);
- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ snprintf(buf, sizeof(buf),"%s (X zoom %d%% Y zoom %d%%)", oimage->title,
xzoom, yzoom);
}
+
if (verbose)
fflush(stdout);
--- xloadimage.4.1/reduce.c.title 1993-10-21 22:28:40.000000000 +0100
+++ xloadimage.4.1/reduce.c 2005-10-09 22:40:15.000000000 +0200
@@ -501,7 +501,7 @@
depth= colorsToDepth(n);
new_image= newRGBImage(image->width, image->height, depth);
- sprintf(buf, "%s (%d colors)", image->title, n);
+ snprintf(buf, sizeof(buf), "%s (%d colors)", image->title, n);
new_image->title= dupString(buf);
/* calculate RGB table from each color area. this should really calculate
Index: xloadimage.spec
===================================================================
RCS file: /cvs/dist/rpms/xloadimage/FC-3/xloadimage.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- xloadimage.spec 18 Mar 2005 21:20:12 -0000 1.6
+++ xloadimage.spec 10 Oct 2005 08:30:40 -0000 1.7
@@ -1,7 +1,7 @@
Summary: An X Window System based image viewer.
Name: xloadimage
Version: 4.1
-Release: 34.FC3
+Release: 35.FC3
License: MIT
Group: Amusements/Graphics
Source: ftp.x.org:/R5contrib/xloadimage.4.1.tar.gz
@@ -15,6 +15,8 @@
Patch7: xloadimage-format.patch
Patch8: 01_libjpeg-support.dpatch
Patch9: xloadimage-4.1-popen.patch
+Patch10: xloadimage-4.1-leak.patch
+Patch11: xloadimage-4.1-title.patch
BuildRoot: /var/tmp/xloadimage-root
BuildPrereq: libtiff-devel XFree86-devel
@@ -36,6 +38,8 @@
%patch7 -p0 -b .format
%patch8 -p1 -b .jpeg
%patch9 -p1 -b .popen
+%patch10 -p1 -b .leak
+%patch11 -p1 -b .title
%build
xmkmf
@@ -66,6 +70,12 @@
/usr/X11R6/man/man1/xloadimage.*
%changelog
+* Mon Oct 10 2005 Martin Stransky <stransky at redhat.com> 4.1-35
+- fix for CAN-2005-3178 xloadimage NIFF buffer overflow (#170150)
+
+* Mon Apr 11 2005 Martin Stransky <stransky at redhat.com>
+- fix a memory leak
+
* Fri Mar 18 2005 Bill Nottingham <notting at redhat.com>
- use system libjpeg
- fix quoting in filenames (CAN-2005-0638)
- Previous message (by thread): rpms/ntp/devel ntp-stable-4.2.0a-20040617-C-Frame-121.patch, NONE, 1.1 ntp.spec, 1.36, 1.37
- Next message (by thread): rpms/man-pages/devel .cvsignore, 1.15, 1.16 man-pages.spec, 1.30, 1.31 sources, 1.15, 1.16 man-pages-1.67-readv.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list