giftnuss:

package/rene/xzgv/gcc-3.3.patch

@@ -1,220 +0,0 @@
-# --- ROCK-COPYRIGHT-NOTE-BEGIN ---
-# 
-# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
-# Please add additional copyright information _after_ the line containing
-# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by
-# the ./scripts/Create-CopyPatch script. Do not edit this copyright text!
-# 
-# ROCK Linux: rock-src/package/rene/xzgv/gcc-3.3.patch
-# ROCK Linux is Copyright (C) 1998 - 2004 Clifford Wolf
-# 
-# This patch file is dual-licensed. It is available under the license the
-# patched project is licensed under, as long as it is an OpenSource license
-# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
-# of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
-# 
-# --- ROCK-COPYRIGHT-NOTE-END ---
-
---- ./src/rcfile.c.orig	2001-01-16 03:50:47.000000000 +0200
-+++ ./src/rcfile.c	2003-10-19 09:16:03.000000000 +0300
-@@ -577,102 +577,102 @@
- {
- printf("xzgv " XZGV_VER
-        " - (c) 1999,2000 Russell Marks for improbabledesigns.\n");
--puts("
--usage: xzgv [options] [dir | file ...]
--
--   -a	--auto-hide	automatically hide selector on selecting a picture.
--	--careful-jpeg	enable JPEG `fancy upsampling' (see info file
--			or man page).
--	--delete-single-prompt
--			(normally enabled, use --delete-single-prompt=off to
--			disable) if *disabled*, don't prompt for confirmation
--			when deleting a file.
--	--dither-hicol	use dithering in 15/16-bit to increase apparent
--			colour depth, whatever Imlib's default setting is.
--			You can also use `--dither-hicol=off' to disable
--			this if you normally have Imlib use it.
--	--fast-recursive-update
--			when doing recursive thumbnail update, don't
--			read visible thumbnails for a directory before
--			doing the update (only slightly faster).
--   -f	--fullscreen	use the whole screen for the xzgv window, without
--			even window-manager decorations if possible. (But
--			your wm may not care to trust borderless programs.)
--   -g	--geometry geom
--			use geometry `geom'. For example, `400x300' specifies
--			window size in pixels, `70%x50%' specifies size as
--			percentage of screen width/height, `+100+50' specifies
--			position relative to top-left, and `50%x30%-30%-20%'
--			is left as an exercise for the reader. :-) The default
--			geometry is `92%x85%'.
--			(See info file or man page for more details.)
--   -G	--gamma val	set gamma adjustment to `val'. The default is 1.0, i.e.
--			no adjustment. (See info file or man page for details,
--			and a discussion of gamma issues.)
--   -h	--help		give this usage help.
--	--image-bigness-threshold numpix
--			set the boundary `numpix' above which images are
--			considered `big', and rendered piece-by-piece rather
--			than all-at-once (which is nicer, but harder on
--			memory). Units are number of pixels in image (i.e.
--			width times height), and the default is 2000000 pixels.
--	--interpolate	interpolate between the picture's pixels when
--			scaling up. Usually looks nicer, but it's slow.
--	--mouse-scale-x	if enabled, control-click scales only the X axis -
--			the default is to scale only the Y axis.
--	--revert-orient	(normally enabled, use --revert-orient=off to disable)
--			if *disabled*, orientation (flip/mirror/rotate) state
--			is retained between pictures.
--	--revert-scale	(normally enabled, use --revert-scale=off to disable)
--			if *disabled*, scaling is retained between pictures.
--	--selector-width width
--			set initial/default selector width to `width'. (The
--			units used are pixels, and the normal setting 200.)
--   -T	--show-tagged	show names of tagged files on exit (they're listed
--			to stdout).
--	--show-thumbnail-messages
--			show on the status bar when thumbnails are being read.
--			The status bar must be enabled for the messages to be
--			visible, of course. :-)
--   -k	--skip-parent	for the first directory shown, skip the cursor past
--			`..' (the parent dir). Can be useful when you'd like
--			to immediately use space to `page' through the dir.
--   -o	--sort-order	set initial sorting order used in the selector.
--			Types are `name', `ext', `size', `date' (or `time');
--			only the first char (n/e/s/d/t) need be given.
--			(The default is name order.)
--	--sort-timestamp-type type
--			set timestamp type to use when using time/date sorting
--			order. Types are `mtime' (default), `ctime', and
--			`atime'; only the first char (m/c/a) need be given.
--	--statusbar	show a status bar below the selector; this, for
--			example, says when a picture is being read.
--   -t	--thin-rows	use rows a third the normal height in the selector.
--			This can be very useful on lower-resolution screens,
--			or if you're really interested in filenames, not
--			thumbnails.
--   -v	--version	report version number.
--	--version-gtk	report version of GTK+ being used by xzgv.
--   -z	--zoom		fit pictures in the viewer window, whatever their
--			actual size.
--   -r	--zoom-reduce-only
--			when zooming, only *reduce* pictures to fit; i.e.
--			make big pictures viewable all-at-once while leaving
--			small picures intact.
--
--	dir		start xzgv on a certain directory.
--	file ...	view (only) the file(s) specified.
--
--All options are processed after any ~/.xzgvrc or /etc/xzgv.conf file.
--Most long options (minus `--') can used in either file with e.g. `zoom on'.
--
--On/off settings (such as zoom) are enabled by e.g. `-z' or `--zoom';
--however, the long-option form `--option=off' can be used to disable
--them (needed when they are enabled by default - revert-scale, for
--example - or to override them being enabled in a config file).
--
--(This syntax actually lets you both disable *and* enable options,
--using (for the arg after `=') on/off, y/n, yes/no, or 1/0.)");
-+puts("\n"
-+"usage: xzgv [options] [dir | file ...]\n"
-+"\n"
-+"   -a	--auto-hide	automatically hide selector on selecting a picture.\n"
-+"	--careful-jpeg	enable JPEG `fancy upsampling' (see info file\n"
-+"			or man page).\n"
-+"	--delete-single-prompt\n"
-+"			(normally enabled, use --delete-single-prompt=off to\n"
-+"			disable) if *disabled*, don't prompt for confirmation\n"
-+"			when deleting a file.\n"
-+"	--dither-hicol	use dithering in 15/16-bit to increase apparent\n"
-+"			colour depth, whatever Imlib's default setting is.\n"
-+"			You can also use `--dither-hicol=off' to disable\n"
-+"			this if you normally have Imlib use it.\n"
-+"	--fast-recursive-update\n"
-+"			when doing recursive thumbnail update, don't\n"
-+"			read visible thumbnails for a directory before\n"
-+"			doing the update (only slightly faster).\n"
-+"   -f	--fullscreen	use the whole screen for the xzgv window, without\n"
-+"			even window-manager decorations if possible. (But\n"
-+"			your wm may not care to trust borderless programs.)\n"
-+"   -g	--geometry geom\n"
-+"			use geometry `geom'. For example, `400x300' specifies\n"
-+"			window size in pixels, `70%x50%' specifies size as\n"
-+"			percentage of screen width/height, `+100+50' specifies\n"
-+"			position relative to top-left, and `50%x30%-30%-20%'\n"
-+"			is left as an exercise for the reader. :-) The default\n"
-+"			geometry is `92%x85%'.\n"
-+"			(See info file or man page for more details.)\n"
-+"   -G	--gamma val	set gamma adjustment to `val'. The default is 1.0, i.e.\n"
-+"			no adjustment. (See info file or man page for details,\n"
-+"			and a discussion of gamma issues.)\n"
-+"   -h	--help		give this usage help.\n"
-+"	--image-bigness-threshold numpix\n"
-+"			set the boundary `numpix' above which images are\n"
-+"			considered `big', and rendered piece-by-piece rather\n"
-+"			than all-at-once (which is nicer, but harder on\n"
-+"			memory). Units are number of pixels in image (i.e.\n"
-+"			width times height), and the default is 2000000 pixels.\n"
-+"	--interpolate	interpolate between the picture's pixels when\n"
-+"			scaling up. Usually looks nicer, but it's slow.\n"
-+"	--mouse-scale-x	if enabled, control-click scales only the X axis -\n"
-+"			the default is to scale only the Y axis.\n"
-+"	--revert-orient	(normally enabled, use --revert-orient=off to disable)\n"
-+"			if *disabled*, orientation (flip/mirror/rotate) state\n"
-+"			is retained between pictures.\n"
-+"	--revert-scale	(normally enabled, use --revert-scale=off to disable)\n"
-+"			if *disabled*, scaling is retained between pictures.\n"
-+"	--selector-width width\n"
-+"			set initial/default selector width to `width'. (The\n"
-+"			units used are pixels, and the normal setting 200.)\n"
-+"   -T	--show-tagged	show names of tagged files on exit (they're listed\n"
-+"			to stdout).\n"
-+"	--show-thumbnail-messages\n"
-+"			show on the status bar when thumbnails are being read.\n"
-+"			The status bar must be enabled for the messages to be\n"
-+"			visible, of course. :-)\n"
-+"   -k	--skip-parent	for the first directory shown, skip the cursor past\n"
-+"			`..' (the parent dir). Can be useful when you'd like\n"
-+"			to immediately use space to `page' through the dir.\n"
-+"   -o	--sort-order	set initial sorting order used in the selector.\n"
-+"			Types are `name', `ext', `size', `date' (or `time');\n"
-+"			only the first char (n/e/s/d/t) need be given.\n"
-+"			(The default is name order.)\n"
-+"	--sort-timestamp-type type\n"
-+"			set timestamp type to use when using time/date sorting\n"
-+"			order. Types are `mtime' (default), `ctime', and\n"
-+"			`atime'; only the first char (m/c/a) need be given.\n"
-+"	--statusbar	show a status bar below the selector; this, for\n"
-+"			example, says when a picture is being read.\n"
-+"   -t	--thin-rows	use rows a third the normal height in the selector.\n"
-+"			This can be very useful on lower-resolution screens,\n"
-+"			or if you're really interested in filenames, not\n"
-+"			thumbnails.\n"
-+"   -v	--version	report version number.\n"
-+"	--version-gtk	report version of GTK+ being used by xzgv.\n"
-+"   -z	--zoom		fit pictures in the viewer window, whatever their\n"
-+"			actual size.\n"
-+"   -r	--zoom-reduce-only\n"
-+"			when zooming, only *reduce* pictures to fit; i.e.\n"
-+"			make big pictures viewable all-at-once while leaving\n"
-+"			small picures intact.\n"
-+"\n"
-+"	dir		start xzgv on a certain directory.\n"
-+"	file ...	view (only) the file(s) specified.\n"
-+"\n"
-+"All options are processed after any ~/.xzgvrc or /etc/xzgv.conf file.\n"
-+"Most long options (minus `--') can used in either file with e.g. `zoom on'.\n"
-+"\n"
-+"On/off settings (such as zoom) are enabled by e.g. `-z' or `--zoom';\n"
-+"however, the long-option form `--option=off' can be used to disable\n"
-+"them (needed when they are enabled by default - revert-scale, for\n"
-+"example - or to override them being enabled in a config file).\n"
-+"\n"
-+"(This syntax actually lets you both disable *and* enable options,\n"
-+"using (for the arg after `=') on/off, y/n, yes/no, or 1/0.)");
- 
- exit(0);
- }diff -Nru3 trunk-1595/package/jimmy/zgv/gcc-3.3.patch trunk/package/jimmy/zgv/gcc-3.3.patch

package/rene/xzgv/xzgv-0.8-integer-overflow-fix.patch

@@ -0,0 +1,197 @@
+diff -urN xzgv-0.8/ChangeLog xzgv/ChangeLog
+--- xzgv-0.8/ChangeLog	Tue Sep 16 15:08:42 2003
++++ xzgv/ChangeLog	Wed Dec 15 03:30:46 2004
+@@ -1,3 +1,13 @@
++2004-11-03  Russell Marks  <russell.marks@ntlworld.com>
++
++	* Added width/height limits to all native picture readers. This is
++	a crude (albeit effective) fix for heap overflow bugs - there may
++	yet be more subtle problems, but I can't really fix them until I
++	know they're there. :-) Thanks to Luke Macken for letting me know
++	about the heap overflow problems (in zgv). I suppose I should also
++	thank "infamous41md" for publishing the original advisory/exploit
++	(again for zgv), even if he didn't bother emailing me or anything.
++
+ 2003-09-16  Russell Marks  <russell.marks@ntlworld.com>
+ 
+ 	* Version 0.8.
+diff -urN xzgv-0.8/src/Makefile xzgv/src/Makefile
+--- xzgv-0.8/src/Makefile	Tue Jan  1 05:37:45 2002
++++ xzgv/src/Makefile	Wed Dec 15 03:30:46 2004
+@@ -84,18 +84,19 @@
+ logo.o: logo.c logodata.h
+ logoconv.o: logoconv.c
+ main.o: main.c backend.h readmrf.h readgif.h readpng.h readjpeg.h \
+- readtiff.h resizepic.h rcfile.h filedetails.h gotodir.h updatetn.h \
+- confirm.h misc.h copymove.h rename.h help.h dir_icon.xpm \
++ readtiff.h readprf.h resizepic.h rcfile.h filedetails.h gotodir.h \
++ updatetn.h confirm.h misc.h copymove.h rename.h help.h dir_icon.xpm \
+  dir_icon_small.xpm file_icon.xpm file_icon_small.xpm logo.h \
+  icon-48.xpm main.h
+ misc.o: misc.c misc.h
+ rcfile.o: rcfile.c getopt.h rcfile.h rcfile_opt.h rcfile_var.h \
+  rcfile_short.h
+-readgif.o: readgif.c readgif.h
+-readjpeg.o: readjpeg.c rcfile.h readjpeg.h
+-readmrf.o: readmrf.c readmrf.h
++readgif.o: readgif.c reader.h readgif.h
++readjpeg.o: readjpeg.c rcfile.h reader.h readjpeg.h
++readmrf.o: readmrf.c reader.h readmrf.h
+ readpng.o: readpng.c readpng.h
+-readtiff.o: readtiff.c readtiff.h
++readprf.o: readprf.c reader.h readprf.h
++readtiff.o: readtiff.c reader.h readtiff.h
+ rename.o: rename.c backend.h main.h rename.h
+ resizepic.o: resizepic.c resizepic.h
+ updatetn.o: updatetn.c backend.h main.h rcfile.h dither.h resizepic.h \
+diff -urN xzgv-0.8/src/reader.h xzgv/src/reader.h
+--- xzgv-0.8/src/reader.h	Thu Jan  1 01:00:00 1970
++++ xzgv/src/reader.h	Wed Dec 15 03:30:46 2004
+@@ -0,0 +1,15 @@
++/* xzgv 0.8 - picture viewer for X, with file selector.
++ * Copyright (C) 1999-2004 Russell Marks. See main.c for license details.
++ *
++ * reader.h
++ */
++
++/* range check on width and height as a crude way of avoiding overflows
++ * when calling malloc/calloc. 32767 is the obvious limit to use given that
++ * xzgv effectively imposes such a limit anyway.
++ * Adds an extra 2 to height for max-height check, partly to reflect what
++ * the check in zgv does but also to allow for readtiff.c allocating an
++ * extra line (so at least an extra 1 would have been needed in any case).
++ */
++#define WH_MAX	32767
++#define WH_BAD(w,h)	((w)<=0 || (w)>WH_MAX || (h)<=0 || ((h)+2)>WH_MAX)
+diff -urN xzgv-0.8/src/readgif.c xzgv/src/readgif.c
+--- xzgv-0.8/src/readgif.c	Sun Mar  3 04:34:32 2002
++++ xzgv/src/readgif.c	Wed Dec 15 03:30:46 2004
+@@ -8,6 +8,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <stdlib.h>
++#include "reader.h"
+ #include "readgif.h"
+ 
+ 
+@@ -103,7 +104,7 @@
+   
+   if(local_colour_map) readcolmap(in);
+   
+-  if((image=malloc(width*height*3))==NULL)
++  if(WH_BAD(width,height) || (image=malloc(width*height*3))==NULL)
+     {
+     fclose(in);
+     return(0);
+diff -urN xzgv-0.8/src/readjpeg.c xzgv/src/readjpeg.c
+--- xzgv-0.8/src/readjpeg.c	Tue Sep 16 12:52:04 2003
++++ xzgv/src/readjpeg.c	Wed Dec 15 03:30:46 2004
+@@ -13,6 +13,7 @@
+ #include <jpeglib.h>
+ 
+ #include "rcfile.h"
++#include "reader.h"
+ 
+ #include "readjpeg.h"
+ 
+@@ -265,7 +266,7 @@
+ /* this one shouldn't hurt */
+ cinfo.do_block_smoothing=FALSE;
+ 
+-if((*imagep=image=malloc(width*height*3))==NULL)
++if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL)
+   longjmp(jerr.setjmp_buffer,1);
+ 
+ jpeg_start_decompress(&cinfo);
+diff -urN xzgv-0.8/src/readmrf.c xzgv/src/readmrf.c
+--- xzgv-0.8/src/readmrf.c	Sat Oct  7 14:26:55 2000
++++ xzgv/src/readmrf.c	Wed Dec 15 03:30:46 2004
+@@ -7,6 +7,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include "reader.h"
+ #include "readmrf.h"
+ 
+ 
+@@ -91,7 +92,8 @@
+ w64=(w+63)/64;
+ h64=(h+63)/64;
+ 
+-if((*bmap=malloc(w*h*3))==NULL ||
++if(WH_BAD(w64*64,h64*64) || WH_BAD(w,h) ||
++   (*bmap=malloc(w*h*3))==NULL ||
+    (image=calloc(w64*h64*64*64,1))==NULL)
+   {
+   if(*bmap) free(*bmap),*bmap=NULL;
+diff -urN xzgv-0.8/src/readpng.c xzgv/src/readpng.c
+--- xzgv-0.8/src/readpng.c	Thu Jul 10 16:13:43 2003
++++ xzgv/src/readpng.c	Wed Dec 15 03:32:46 2004
+@@ -16,6 +16,7 @@
+ #include <stdlib.h>
+ #include <png.h>
+ #include <setjmp.h>	/* after png.h to avoid horrible thing in pngconf.h */
++#include "reader.h"
+ #include "readpng.h"
+ 
+ 
+@@ -129,7 +130,8 @@
+   }
+ 
+ /* allocate image memory */
+-if((*theimageptr=theimage=malloc(width*height*3))==NULL)
++if(WH_BAD(width,height) ||
++   (*theimageptr=theimage=malloc(width*height*3))==NULL)
+   {
+   png_read_end(png_ptr,info_ptr);
+   png_destroy_read_struct(&png_ptr,&info_ptr,NULL);
+diff -urN xzgv-0.8/src/readprf.c xzgv/src/readprf.c
+--- xzgv-0.8/src/readprf.c	Mon Apr  9 19:08:19 2001
++++ xzgv/src/readprf.c	Wed Dec 15 03:30:46 2004
+@@ -7,6 +7,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include "reader.h"
+ #include "readprf.h"
+ 
+ #define squaresize	64
+@@ -164,7 +165,7 @@
+   bytepp=1;
+ 
+ n=width*squaresize;
+-if((planebuf[0]=calloc(n,planes))==NULL)
++if(WH_BAD(width,height) || (planebuf[0]=calloc(n,planes))==NULL)
+   {
+   fclose(in);
+   return(0);
+@@ -173,6 +174,7 @@
+ for(f=1;f<planes;f++)
+   planebuf[f]=planebuf[f-1]+n;
+ 
++/* width/height already checked above */
+ if((*theimageptr=malloc(width*height*3))==NULL)
+   {
+   free(planebuf[0]);
+diff -urN xzgv-0.8/src/readtiff.c xzgv/src/readtiff.c
+--- xzgv-0.8/src/readtiff.c	Thu Dec 28 03:20:55 2000
++++ xzgv/src/readtiff.c	Wed Dec 15 03:30:46 2004
+@@ -11,7 +11,7 @@
+ #include <setjmp.h>
+ #include <sys/file.h>  /* for open et al */
+ #include <tiffio.h>
+-
++#include "reader.h"
+ #include "readtiff.h"
+ 
+ 
+@@ -36,7 +36,8 @@
+  * spare for the flip afterwards.
+  */
+ numpix=width*height;
+-if((image=malloc(numpix*sizeof(uint32)+width*3))==NULL)
++if(WH_BAD(width,height) ||
++   (image=malloc(numpix*sizeof(uint32)+width*3))==NULL)
+   {
+   TIFFClose(in);
+   return(0);

package/rene/xzgv/xzgv.desc

@@ -43,14 +43,15 @@
 [T] So anyway, it's just terribly great. :-)
 
 [A] Russel Marks <russel.marks@ntlworld.com>
-[M] unmaintained
+[M] Sebastian Knapp <rock@ccls-online.de>
 
+[U] http://rus.members.beeb.net/xzgv.html
 [C] extra/multimedia
 
 [L] GPL
 [S] Stable
-[V] 0.7
+[V] 0.8
 [P] X -?---5---9 157.400
 
-[D] 924896931 xzgv-0.7.tar.gz http://xzgv.browser.org/
+[D] 2679961143 xzgv-0.8.tar.gz ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X/