Date: Wed, 20 Sep 2006 15:30:58 +0300 From: Peter Pentchev <roam@ringlet.net> To: Norio Suzuki <nosuzuki@postcard.st> Cc: ports@FreeBSD.org Subject: Fix the xzgv port's security vulnerability Message-ID: <20060920123057.GA36213@straylight.m.ringlet.net>
next in thread | raw e-mail | index | archive | help
--XF85m9dhOBO43t/C Content-Type: multipart/mixed; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Thanks for maintaining the graphics/xzgv port! What do you think about the attached patch, taken from the Debian xzgv package - http://bugs.debian.org/362288 - which fixes the latest security vulnerability? If you have no objections, I could commit it. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence is false. --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="graphics-xzgv.patch" Content-Transfer-Encoding: quoted-printable Index: ports/graphics/xzgv/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/graphics/xzgv/Makefile,v retrieving revision 1.20 diff -u -r1.20 Makefile --- ports/graphics/xzgv/Makefile 2 Sep 2006 18:06:12 -0000 1.20 +++ ports/graphics/xzgv/Makefile 20 Sep 2006 12:10:06 -0000 @@ -7,7 +7,7 @@ =20 PORTNAME=3D xzgv PORTVERSION=3D 0.8 -PORTREVISION=3D 3 +PORTREVISION=3D 4 CATEGORIES=3D graphics MASTER_SITES=3D ${MASTER_SITE_SUNSITE} MASTER_SITE_SUBDIR=3D apps/graphics/viewers/X @@ -15,10 +15,6 @@ MAINTAINER=3D nosuzuki@postcard.st COMMENT=3D An image viewer with thumbnail-based file selector for X =20 -FORBIDDEN=3D http://vuxml.freebsd.org/a813a219-d2d4-11da-a672-000e0c2e438a= =2Ehtml -DEPRECATED=3D ${FORBIDDEN} -EXPIRATION_DATE=3D2006-12-01 - USE_X_PREFIX=3D yes USE_GNOME=3D imlib USE_GMAKE=3D yes Index: ports/graphics/xzgv/files/patch-src-readjpeg.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: ports/graphics/xzgv/files/patch-src-readjpeg.c diff -N ports/graphics/xzgv/files/patch-src-readjpeg.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ ports/graphics/xzgv/files/patch-src-readjpeg.c 20 Sep 2006 12:09:34 -00= 00 @@ -0,0 +1,80 @@ +--- src/readjpeg.c Tue Mar 21 12:16:07 2006 ++++ src/readjpeg.c Wed Sep 21 21:15:01 2005 +@@ -179,11 +179,13 @@ + static int have_image; + static int width,height; + static unsigned char *image; ++static int cmyk; + unsigned char *ptr,*ptr2; + int chkw,chkh; + int f,rec; + static int greyscale; /* static to satisfy gcc -Wall */ +=20 ++cmyk=3D0; + greyscale=3D0; +=20 + lineptrs=3DNULL; +@@ -225,6 +227,15 @@ + greyscale=3D1; + } +=20 ++if(cinfo.jpeg_color_space=3D=3DJCS_CMYK) ++ cmyk=3D1; ++ ++if(cinfo.jpeg_color_space=3D=3DJCS_YCCK) ++ { ++ cmyk=3D1; ++ cinfo.out_color_space=3DJCS_CMYK; ++ } ++ + *wp=3Dwidth=3Dcinfo.image_width; + *hp=3Dheight=3Dcinfo.image_height; +=20 +@@ -266,7 +277,7 @@ + /* this one shouldn't hurt */ + cinfo.do_block_smoothing=3DFALSE; +=20 +-if(WH_BAD(width,height) || (*imagep=3Dimage=3Dmalloc(width*height*3))=3D= =3DNULL) ++if(WH_BAD(width,height) || (*imagep=3Dimage=3Dmalloc(width*(height+cmyk)*= 3))=3D=3DNULL) + longjmp(jerr.setjmp_buffer,1); +=20 + jpeg_start_decompress(&cinfo); +@@ -279,12 +290,33 @@ + for(f=3D0;f<height;f++,ptr+=3Dwidth*3) + lineptrs[f]=3Dptr; +=20 +-rec=3Dcinfo.rec_outbuf_height; +-while(cinfo.output_scanline<height) ++if(!cmyk) + { +- f=3Dheight-cinfo.output_scanline; +- jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline, +- f>rec?rec:f); ++ rec=3Dcinfo.rec_outbuf_height; ++ while(cinfo.output_scanline<height) ++ { ++ f=3Dheight-cinfo.output_scanline; ++ jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline, ++ f>rec?rec:f); ++ } ++ } ++else /* cmyk output */ ++ { ++ int tmp; ++ ++ ptr=3Dimage; ++ while(cinfo.output_scanline<height) ++ { ++ jpeg_read_scanlines(&cinfo,&ptr,1); ++ ptr2=3Dptr; ++ for(f=3D0;f<width;f++,ptr+=3D3,ptr2+=3D4) ++ { ++ tmp=3Dptr2[3]; ++ ptr[0]=3D(tmp*ptr2[0])/255; ++ ptr[1]=3D(tmp*ptr2[1])/255; ++ ptr[2]=3D(tmp*ptr2[2])/255; ++ } ++ } + } +=20 + free(lineptrs); --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="graphics-xzgv.patch.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFETRp7Ri2jRYZRVMRAkmoAKCRC2Gdn6VJIuEwFAkZlw8iYKonQgCgtOQn pe/3QJ+9l9dv2eQ1x8IZv84= =q6QY -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK-- --XF85m9dhOBO43t/C Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFETSB7Ri2jRYZRVMRAgSoAJ9UDzCHG/5weSjrpilM+JX5ASCZHwCfcyJ2 LzsWxVUL4lBWy2TQPPMaamE= =zEQ0 -----END PGP SIGNATURE----- --XF85m9dhOBO43t/C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920123057.GA36213>