Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/xli/files/xli-security-gentoo.diff
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/xli/files/xli-security-gentoo.diff')
-rw-r--r--media-gfx/xli/files/xli-security-gentoo.diff199
1 files changed, 199 insertions, 0 deletions
diff --git a/media-gfx/xli/files/xli-security-gentoo.diff b/media-gfx/xli/files/xli-security-gentoo.diff
new file mode 100644
index 000000000000..7425e67c7c74
--- /dev/null
+++ b/media-gfx/xli/files/xli-security-gentoo.diff
@@ -0,0 +1,199 @@
+diff -Nrup xli-2005-02-27/imagetypes.c xli-2005-02-27/imagetypes.c
+--- xli-2005-02-27/imagetypes.c 1999-10-24 22:14:57.000000000 -0400
++++ xli-2005-02-27/imagetypes.c 2005-10-18 07:53:46.000000000 -0400
+@@ -53,7 +53,7 @@ Image *loadImage(ImageOptions * image_op
+ Image *image;
+ int a;
+
+- if (findImage(image_ops->name, fullname) < 0) {
++ if (findImage(image_ops->name, fullname, BUFSIZ) < 0) {
+ if (errno == ENOENT)
+ printf("%s: image not found\n", image_ops->name);
+ else if (errno == EISDIR)
+@@ -95,7 +95,7 @@ void identifyImage(char *name)
+ char fullname[BUFSIZ];
+ int a;
+
+- if (findImage(name, fullname) < 0) {
++ if (findImage(name, fullname, BUFSIZ) < 0) {
+ if (errno == ENOENT)
+ printf("%s: image not found\n", name);
+ else if (errno == EISDIR)
+diff -Nrup xli-2005-02-27/path.c xli-2005-02-27/path.c
+--- xli-2005-02-27/path.c 2005-02-27 19:42:39.000000000 -0500
++++ xli-2005-02-27/path.c 2005-10-18 07:56:45.000000000 -0400
+@@ -172,12 +172,12 @@ static int fileIsOk(char *fullname, stru
+ /* find an image with paths and extensions from defaults files. returns
+ * -1 if access denied or not found, 0 if ok.
+ */
+-int findImage(char *name, char *fullname)
++int findImage(char *name, char *fullname, size_t size)
+ {
+ unsigned int p, e;
+ struct stat sbuf;
+
+- strcpy(fullname, name);
++ strncpy(fullname, name, size);
+ if (!strcmp(name, "stdin")) /* stdin is special name */
+ return (0);
+
+@@ -185,26 +185,26 @@ int findImage(char *name, char *fullname
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+- strcat(fullname, ".Z");
++ strncat(fullname, ".Z", size);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #endif
+
+ for (p = 0; p < NumPaths; p++) {
+- sprintf(fullname, "%s/%s", Paths[p], name);
++ snprintf(fullname, size, "%s/%s", Paths[p], name);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+- strcat(fullname, ".Z");
++ strncat(fullname, ".Z", size);
+ if (!stat(fullname, &sbuf))
+ #endif
+ return (fileIsOk(fullname, &sbuf));
+ for (e = 0; e < NumExts; e++) {
+- sprintf(fullname, "%s/%s%s", Paths[p], name, Exts[e]);
++ snprintf(fullname, size, "%s/%s%s", Paths[p], name, Exts[e]);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+- strcat(fullname, ".Z");
++ strncat(fullname, ".Z", size);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #endif
+@@ -212,11 +212,11 @@ int findImage(char *name, char *fullname
+ }
+
+ for (e = 0; e < NumExts; e++) {
+- sprintf(fullname, "%s%s", name, Exts[e]);
++ snprintf(fullname, size, "%s%s", name, Exts[e]);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #ifndef NO_COMPRESS
+- strcat(fullname, ".Z");
++ strncat(fullname, ".Z", size);
+ if (!stat(fullname, &sbuf))
+ return (fileIsOk(fullname, &sbuf));
+ #endif
+@@ -241,7 +241,7 @@ void listImages(void)
+ for (a = 0; a < NumPaths; a++) {
+ printf("%s:\n", Paths[a]);
+ fflush(stdout);
+- sprintf(buf, "ls %s", Paths[a]);
++ snprintf(buf, sizeof(buf)-1, "ls %s", Paths[a]);
+ if (system(buf) < 0) {
+ perror("ls");
+ return;
+@@ -296,14 +296,14 @@ char *expandPath(char *p)
+ var++;
+ else if (*p == '~') {
+ buf1[b1] = '\0';
+- strcat(buf1, getenv("HOME"));
++ strncat(buf1, getenv("HOME"), sizeof(buf1)-1);
+ b1 = strlen(buf1);
+ var = 0;
+ } else if (*p == '/' || *p == '}') {
+ if (var) {
+ buf1[b1] = '\0';
+ buf2[b2] = '\0';
+- strcat(buf1, getenv(buf2));
++ strncat(buf1, getenv(buf2), sizeof(buf1));
+ b1 = strlen(buf1);
+ buf2[0] = '\0';
+ b2 = 0;
+diff -Nrup xli-2005-02-27/reduce.c xli-2005-02-27/reduce.c
+--- xli-2005-02-27/reduce.c 1999-10-24 22:15:02.000000000 -0400
++++ xli-2005-02-27/reduce.c 2005-10-18 07:33:34.000000000 -0400
+@@ -178,7 +178,7 @@ Image *reduce(Image *image, unsigned col
+ /* get destination image */
+ depth = colorsToDepth(OutColors);
+ new_image = newRGBImage(image->width, image->height, depth);
+- sprintf(buf, "%s (%d colors)", image->title, OutColors);
++ snprintf(buf, sizeof(buf)-1, "%s (%d colors)", image->title, OutColors);
+ new_image->title = dupString(buf);
+ new_image->gamma = image->gamma;
+
+diff -Nrup xli-2005-02-27/rlelib.c xli-2005-02-27/rlelib.c
+--- xli-2005-02-27/rlelib.c 2005-10-18 07:40:51.000000000 -0400
++++ xli-2005-02-27/rlelib.c 2005-10-18 07:48:12.000000000 -0400
+@@ -18,7 +18,7 @@
+ #undef DEBUG
+
+ #ifdef DEBUG
+-# define debug(xx) fprintf(stderr,xx)
++# define debug(xx) fprintf(stderr, "%s", xx)
+ #else
+ # define debug(xx)
+ #endif
+Files xli-2005-02-27/xli and xli-2005-02-27/xli differ
+diff -Nrup xli-2005-02-27/xli.h xli-2005-02-27/xli.h
+--- xli-2005-02-27/xli.h 1999-10-24 22:15:07.000000000 -0400
++++ xli-2005-02-27/xli.h 2005-10-19 07:49:21.000000000 -0400
+@@ -229,7 +229,7 @@ char *xlistrstr(char *s1, char *s2);
+
+ /* path.c */
+ char *expandPath(char *p);
+-int findImage(char *name, char *fullname);
++int findImage(char *name, char *fullname, size_t size);
+ void listImages(void);
+ void loadPathsAndExts(void);
+ void showPath(void);
+diff -Nrup xli-2005-02-27/xlito.c xli-2005-02-27/xlito.c
+--- xli-2005-02-27/xlito.c 2005-02-27 19:42:39.000000000 -0500
++++ xli-2005-02-27/xlito.c 2005-10-18 07:48:54.000000000 -0400
+@@ -31,7 +31,7 @@ char *pname, *fname;
+ #undef DEBUG
+
+ #ifdef DEBUG
+-# define debug(xx) fprintf(stderr,xx)
++# define debug(xx) fprintf(stderr, "%s", xx)
+ #else
+ # define debug(xx)
+ #endif
+diff -Nrup xli-2005-02-27/zoom.c xli-2005-02-27/zoom.c
+--- xli-2005-02-27/zoom.c 2005-02-27 19:42:39.000000000 -0500
++++ xli-2005-02-27/zoom.c 2005-10-18 07:35:42.000000000 -0400
+@@ -52,30 +52,30 @@ Image *zoom(Image *oimage, unsigned int
+ if (verbose)
+ printf(" Zooming image Y axis by %d%%...", yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++ snprintf(buf, sizeof(buf)-1, "%s (Y zoom %d%%)", oimage->title, yzoom);
+ }
+ else if (!yzoom) {
+ if (verbose)
+ printf(" Zooming image X axis by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++ snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%%)", oimage->title, xzoom);
+ }
+ else if (xzoom == yzoom) {
+ if (verbose)
+ printf(" Zooming image by %d%%...", xzoom);
+ if (changetitle)
+- sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++ snprintf(buf, sizeof(buf)-1, "%s (%d%% zoom)", oimage->title, xzoom);
+ }
+ else {
+ if (verbose)
+ printf(" Zooming image X axis by %d%% and Y axis by %d%%...",
+ xzoom, yzoom);
+ if (changetitle)
+- sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++ snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ xzoom, yzoom);
+ }
+ if (!changetitle)
+- strcpy(buf,oimage->title);
++ strncpy(buf,oimage->title, sizeof(buf)-1);
+
+ if (verbose)
+ fflush(stdout);