Hi Christopher, On Tue, May 10, 2005 at 09:28:36AM -0400, Christopher Martin wrote: > > > As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is that > > > we added a very small patch (from upstream) to upstream's latest > > > security fix, which caused regressions reading some image files. > > > Definitely worth getting into Sarge, even if the problem doesn't seem > > > to have security implications. > > > 23_kimgio_fix.diff > > > --- kde.orig/kimgio/rgb.cpp > > > +++ kde.patched/kimgio/rgb.cpp > > > @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img) > > > // sanity ckeck > > > if (m_rle) > > > for (uint o = 0; o < m_numrows; o++) > > > - if (m_starttab[o] + m_lengthtab[o] >= > > > m_data.size()) { > > > + // do not convert to >= > > > + if (m_starttab[o] + m_lengthtab[o] > > > > m_data.size()) { > > > kdDebug(399) << "image corrupt (sanity > > > check failed)" << endl; > > > return false; > > > } > > The accompanying changelog isn't very enlightening; what filetypes are > > broken, and why? Can you offer a pointer to discussion of this bug? > Certainly. The security advisory can be found at > http://www.kde.org/info/security/advisory-20050504-1.txt. In summary, most > RGB files (an older SGI format, but it's still around) can no longer be > read. The one-line change (from upstream) we added between -5 and -6 fixes > this regression. Ok, also approved. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature