head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.174 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.172 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.170 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.168 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.166 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.164 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.162 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.160 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.158 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.156 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.154 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.152 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.150 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.148 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.146 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.144 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.142 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.140 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.138 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.136 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.134 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.132 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.130 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.126 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.106 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.128 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.124 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.122 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.120 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.118 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.116 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.114 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.112 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.110 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.108 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.104 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.102 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.100 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.98 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.96 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.94 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.92 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.90 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.88 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.86 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.84 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.82 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.80 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.78 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.76 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.74 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.72 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.70 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.68 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.66 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.64 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.62 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.60 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.58 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.56 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.54 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.52 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.50 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.48 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.46 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.44 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.42 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.40 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.38 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.36 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.34 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.32 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.30 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.28 pkgsrc-2008Q1:1.3.0.26 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.24 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.22 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.20 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.18 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.16 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.14 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.12 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.10 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.8 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.6 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.4 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.2 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.1.0.10 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.8 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.6 pkgsrc-2004Q2-base:1.1 pkgsrc-2004Q1:1.1.0.4 pkgsrc-2004Q1-base:1.1 pkgsrc-2003Q4:1.1.0.2 pkgsrc-2003Q4-base:1.1; locks; strict; comment @# @; 1.3 date 2005.03.21.15.19.28; author salo; state Exp; branches; next 1.2; 1.2 date 2005.03.05.20.09.44; author fredb; state dead; branches; next 1.1; 1.1 date 2003.06.14.17.50.56; author fredb; state Exp; branches; next ; desc @@ 1.3 log @Security fix for CAN-2001-0775: "Buffer overflow in xli 1.17 allows remote attacker to execute arbitrary code via a FACES format image containing a long Firstname or Lastname field." Patch from Debian. Bump PKGREVISION. @ text @$NetBSD$ --- faces.c.orig 2005-02-28 01:42:39.000000000 +0100 +++ faces.c 2005-03-21 16:08:17.000000000 +0100 @@@@ -54,9 +54,15 @@@@ if (! strcmp(buf, "\n")) break; if (!strncmp(buf, "FirstName:", 10)) - strcpy(fname, buf + 11); + { + strncpy(fname, buf + 11, BUFSIZ - 1); + fname[BUFSIZ - 1] = '\0'; + } else if (!strncmp(buf, "LastName:", 9)) - strcpy(lname, buf + 10); + { + strncpy(lname, buf + 10, BUFSIZ - 1); + lname[BUFSIZ - 1] = '\0'; + } else if (!strncmp(buf, "Image:", 6)) { if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) { fprintf(stderr,"facesLoad: %s - Bad image\n", name); @ 1.2 log @Update to latest snapshot for some "security issues" -- apparently, this... http://www.gentoo.org/security/en/glsa/glsa-200503-05.xml but just make it an "nb" bump so as not to confuse "audit-pacakges" &c. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2003/06/14 17:50:56 fredb Exp $ d3 20 a22 10 --- rlelib.c.orig 1993-07-23 03:18:45.000000000 -0500 +++ rlelib.c @@@@ -12,7 +12,6 @@@@ */ #include "xli.h" -#include #include #include "rle.h" @ 1.1 log @Elide a bogus include of , so that this will compile under gcc-3.3. @ text @d1 1 a1 1 $NetBSD$ @