Hello community, here is the log from the commit of package xv for openSUSE:Factory:NonFree checked in at 2011-11-05 11:08:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory:NonFree/xv (Old) and /work/SRC/openSUSE:Factory:NonFree/.xv.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xv", Maintainer is "werner@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory:NonFree/xv/xv.changes 2011-09-23 15:03:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory:NonFree/.xv.new/xv.changes 2011-11-05 11:34:39.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Nov 2 12:58:36 UTC 2011 - werner@suse.de + +- Do not overwrite base name buffer in wrong order (bnc#722130) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xv-3.10a-overflow.dif ++++++ --- /var/tmp/diff_new_pack.WaJAUh/_old 2011-11-05 11:35:01.000000000 +0100 +++ /var/tmp/diff_new_pack.WaJAUh/_new 2011-11-05 11:35:01.000000000 +0100 @@ -65,8 +65,8 @@ - strcpy(fullfname, fullname); - strcpy(basefname, BaseName(fullname)); - -+ strncpy(filename, fullfname, sizeof(filename)-1); -+ strncpy(basefname, BaseName(fullfname), sizeof(basefname)-1); ++ strncpy(fullfname, fullname, sizeof(fullfname)-1); ++ strncpy(basefname, BaseName(fullname), sizeof(basefname)-1); /* chop off trailing ".Z", ".z", or ".gz" from displayed basefname, if any */ if (strlen(basefname)>2 && strcmp(basefname+strlen(basefname)-2,".Z")==0) @@ -286,3 +286,17 @@ return pbmError(bname, "image dimensions too large"); /* allocate 24-bit image */ +--- xvtext.c ++++ xvtext.c 2011-11-02 12:38:01.383646158 +0000 +@@ -545,9 +545,9 @@ void ChangeCommentText() + tv->freeonclose = 0; + + if (strlen(fullfname)) +- sprintf(tv->title, "File: '%s'", BaseName(fullfname)); ++ snprintf(tv->title, TITLELEN-1, "File: '%s'", BaseName(fullfname)); + else +- sprintf(tv->title, "<no file loaded>"); ++ snprintf(tv->title, TITLELEN-1, "<no file loaded>"); + + computeText(tv); /* compute # lines and linestarts array */ + -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org