x11/xloadimage/: 2006/06/15 sync stable from p4

6 files changed, 168 insertions, 7 deletions

diff --git a/x11/xloadimage/BUILD b/x11/xloadimage/BUILD
index 063bd53425..0dc601340e 100755
--- a/x11/xloadimage/BUILD
+++ b/x11/xloadimage/BUILD
@@ -1,8 +1,3 @@
-patch -p1 < $SCRIPT_DIRECTORY/xloadimage.4.1-linux.patch 	&&
-patch -p1 < $SCRIPT_DIRECTORY/xloadimage.4.1-nobr.patch 	&&
-patch -p1 < $SCRIPT_DIRECTORY/xloadimage-unaligned.patch 	&&
-patch -p1 < $SCRIPT_DIRECTORY/xloadimage-4.1-buffer.patch 	&&
-
 #gcc3.3 needs this
 for i in $(grep -rl varargs.h .)
 	do sedit "s/varargs.h/stdarg.h/g" $i
diff --git a/x11/xloadimage/DETAILS b/x11/xloadimage/DETAILS
index 7a459395bf..7a067d082c 100755
--- a/x11/xloadimage/DETAILS
+++ b/x11/xloadimage/DETAILS
@@ -3,12 +3,13 @@
           SOURCE=$SPELL.$VERSION.tar.gz
 SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL.$VERSION
    SOURCE_URL[0]=ftp://ftp.x.org/R5contrib/$SOURCE
-          MD5[0]=bb508af740153c61bfab4c03b22d3454
+     SOURCE_HASH=sha512:2c91699c8ef07c101ff9b458708ace01cab2979a5e88cf8a4e47ec971f7b4cb5571108afa3e53271ade4e8ccfdcf72ef9e2e09edfc0be6b8afaba50847aa0586
         WEB_SITE=http://gopher.std.com/homepages/jimf/xloadimage.html
          ENTERED=20030221
-         UPDATED=20030221
+         UPDATED=20051106
          LICENSE=XLOADIMAGE
        BUILD_API=2
+        KEYWORDS="x11"
            SHORT="X11 Image Loading Utility"
 cat << EOF
 Xloadimage is a utility which will view many different types of images under X11, load images onto the root window, or dump processed images into one of several image file formats.
diff --git a/x11/xloadimage/HISTORY b/x11/xloadimage/HISTORY
index e9467577c2..c632f1dc30 100644
--- a/x11/xloadimage/HISTORY
+++ b/x11/xloadimage/HISTORY
@@ -1,3 +1,13 @@
+2006-03-12 Karsten Behrmann <BearPerson@sourcemage.org>
+	* DETAILS: (automated) Add KEYWORDS
+
+2005-11-29 Seth Woolley <seth@tautology.org>
+	* DETAILS: MD5 -> SHA512
+
+2005-11-06 Thomas Houssin <Thomas.Houssin@sourcemage.org>
+	* DETAILS: updated UPDATED
+	* xloadimage-4.1-zio-shell-meta-char.diff, security-sprintf.patch: added security fixes
+
 2005-01-23 Arwed v. Merkatz <v.merkatz@gmx.net>
 	* BUILD: fix the sedit call, fixes bug #7708
 	* BUILD, INSTALL: converted to BUILD_API 2
diff --git a/x11/xloadimage/PRE_BUILD b/x11/xloadimage/PRE_BUILD
new file mode 100755
index 0000000000..9583acfc06
--- /dev/null
+++ b/x11/xloadimage/PRE_BUILD
@@ -0,0 +1,8 @@
+default_pre_build &&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/xloadimage.4.1-linux.patch 	&&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/xloadimage.4.1-nobr.patch 	&&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/xloadimage-unaligned.patch 	&&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/xloadimage-4.1-buffer.patch 	&&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/xloadimage-4.1-zio-shell-meta-char.diff &&
+patch -d ${SOURCE_DIRECTORY} -p1 < $SCRIPT_DIRECTORY/security-sprintf.patch
+ 
diff --git a/x11/xloadimage/security-sprintf.patch b/x11/xloadimage/security-sprintf.patch
new file mode 100644
index 0000000000..b29cc145a2
--- /dev/null
+++ b/x11/xloadimage/security-sprintf.patch
@@ -0,0 +1,111 @@
+diff -urNad --exclude=CVS --exclude=.svn ./mcidas.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/mcidas.c
+--- ./mcidas.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/mcidas.c	2005-10-08 04:15:19.000000000 +0100
+@@ -63,7 +63,7 @@
+   minute = (time % 10000) / 100;
+   second = (time % 100);
+ 
+-  sprintf(buf, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
++  snprintf(buf, 29, "%d:%2.2d:%2.2d %s %d, %d (day %d)",
+ 	  hour, minute, second, month_info[month].name, day, year,
+ 	  (date % 1000));
+   return(buf);
+diff -urNad --exclude=CVS --exclude=.svn ./reduce.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/reduce.c
+--- ./reduce.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/reduce.c	2005-10-08 04:15:19.000000000 +0100
+@@ -501,7 +501,7 @@
+ 
+   depth= colorsToDepth(n);
+   new_image= newRGBImage(image->width, image->height, depth);
+-  sprintf(buf, "%s (%d colors)", image->title, n);
++  snprintf(buf, BUFSIZ - 1, "%s (%d colors)", image->title, n);
+   new_image->title= dupString(buf);
+ 
+   /* calculate RGB table from each color area.  this should really calculate
+diff -urNad --exclude=CVS --exclude=.svn ./rotate.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/rotate.c
+--- ./rotate.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/rotate.c	2005-10-08 04:15:19.000000000 +0100
+@@ -70,7 +70,7 @@
+     { printf("  Rotating image by %d degrees...", degrees);
+       fflush(stdout);
+     }
+-  sprintf(buf, "%s (rotated by %d degrees)", simage->title, degrees);
++  snprintf(buf, BUFSIZ - 1, "%s (rotated by %d degrees)", simage->title, degrees);
+ 
+   image1 = simage;
+   image2 = NULL;
+diff -urNad --exclude=CVS --exclude=.svn ./tiff.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/tiff.c
+--- ./tiff.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/tiff.c	2005-10-08 04:15:19.000000000 +0100
+@@ -125,14 +125,14 @@
+   switch (info->photometric) {
+   case PHOTOMETRIC_MINISBLACK:
+     if (info->bitspersample > 1) {
+-      sprintf(buf, "%d-bit greyscale ", info->bitspersample);
++      snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
+       return(buf);
+     }
+     else
+       return "white-on-black ";
+   case PHOTOMETRIC_MINISWHITE:
+     if (info->bitspersample > 1) {
+-      sprintf(buf, "%d-bit greyscale ", info->bitspersample);
++      snprintf(buf, 31, "%d-bit greyscale ", info->bitspersample);
+       return(buf);
+     }
+     else
+diff -urNad --exclude=CVS --exclude=.svn ./window.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/window.c
+--- ./window.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/window.c	2005-10-08 04:15:19.000000000 +0100
+@@ -602,7 +602,7 @@
+   else {
+     char def_geom[30];
+ 
+-    sprintf(def_geom, "%ux%u+0+0", image->width, image->height);
++    snprintf(def_geom, 29, "%ux%u+0+0", image->width, image->height);
+     XGeometry(disp, scrn, opt->info.geometry.string, def_geom, 0, 1, 1, 0, 0,
+ 	      (int *)&winx, (int *)&winy, (int *)&winwidth, (int *)&winheight);
+   }
+diff -urNad --exclude=CVS --exclude=.svn ./zio.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/zio.c
+--- ./zio.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/zio.c	2005-10-08 04:15:28.000000000 +0100
+@@ -232,7 +232,7 @@
+             strcpy (s, "'");
+             debug(("Filtering image through '%s'\n", filter->filter));
+             zf->type= ZPIPE;
+-            sprintf(buf, "%s %s", filter->filter, fname);
++            snprintf(buf, BUFSIZ - 1, "%s %s", filter->filter, fname);
+             lfree (fname);
+       if (! (zf->stream= popen(buf, "r"))) {
+ 	lfree((byte *)zf->filename);
+diff -urNad --exclude=CVS --exclude=.svn ./zoom.c /tmp/dpep-work.5qsW5w/xloadimage-4.1/zoom.c
+--- ./zoom.c	2005-10-08 04:15:18.000000000 +0100
++++ /tmp/dpep-work.5qsW5w/xloadimage-4.1/zoom.c	2005-10-08 04:15:19.000000000 +0100
+@@ -63,23 +63,23 @@
+   if (!xzoom) {
+     if (verbose)
+       printf("  Zooming image Y axis by %d%%...", yzoom);
+-      sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
++      snprintf(buf, BUFSIZ - 1, "%s (Y zoom %d%%)", oimage->title, yzoom);
+   }
+   else if (!yzoom) {
+     if (verbose)
+       printf("  Zooming image X axis by %d%%...", xzoom);
+-    sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
++    snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%%)", oimage->title, xzoom);
+   }
+   else if (xzoom == yzoom) {
+     if (verbose)
+       printf("  Zooming image by %d%%...", xzoom);
+-    sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
++    snprintf(buf, BUFSIZ - 1, "%s (%d%% zoom)", oimage->title, xzoom);
+   }
+   else {
+     if (verbose)
+       printf("  Zooming image X axis by %d%% and Y axis by %d%%...",
+ 	     xzoom, yzoom);
+-    sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
++    snprintf(buf, BUFSIZ - 1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+ 	    xzoom, yzoom);
+   }
+   if (verbose)
diff --git a/x11/xloadimage/xloadimage-4.1-zio-shell-meta-char.diff b/x11/xloadimage/xloadimage-4.1-zio-shell-meta-char.diff
new file mode 100644
index 0000000000..730504fb43
--- /dev/null
+++ b/x11/xloadimage/xloadimage-4.1-zio-shell-meta-char.diff
@@ -0,0 +1,36 @@
+--- xloadimage.4.1/zio.c	1993-10-28 17:10:02.000000000 +0000
++++ xloadimage.4.1/zio.c	2005-02-28 15:32:05.895470680 +0000
+@@ -210,9 +211,30 @@
+     if ((strlen(name) > strlen(filter->extension)) &&
+ 	!strcmp(filter->extension,
+ 		name + (strlen(name) - strlen(filter->extension)))) {
+-      debug(("Filtering image through '%s'\n", filter->filter));
+-      zf->type= ZPIPE;
+-      sprintf(buf, "%s %s", filter->filter, name);
++            char *fname, *t, *s;
++            
++            /* meta-char protection from xli.
++             *
++             * protect in single quotes, replacing single quotes
++             * with '"'"', so worst-case expansion is 5x
++             */
++            
++            s = fname = (char *) lmalloc(1 + (5 * strlen(name)) + 1 + 1);
++			*s++ = '\'';
++            for (t = name; *t; ++t) {
++                if ('\'' == *t) {
++					/* 'foo'bar' -> 'foo'"'"'bar' */
++                    strcpy(s, "'\"'\"'");
++					s += strlen(s);
++                } else {
++                    *s++ = *t;
++                }
++            }
++            strcpy (s, "'");
++            debug(("Filtering image through '%s'\n", filter->filter));
++            zf->type= ZPIPE;
++            sprintf(buf, "%s %s", filter->filter, fname);
++            lfree (fname);
+       if (! (zf->stream= popen(buf, "r"))) {
+ 	lfree((byte *)zf->filename);
+ 	zf->filename= NULL;