diff options
Diffstat (limited to 'source/xap/xv/xv-3.10a-jumbo-README.txt')
| -rw-r--r-- | source/xap/xv/xv-3.10a-jumbo-README.txt | 442 |
1 files changed, 442 insertions, 0 deletions
diff --git a/source/xap/xv/xv-3.10a-jumbo-README.txt b/source/xap/xv/xv-3.10a-jumbo-README.txt new file mode 100644 index 00000000..63627ddf --- /dev/null +++ b/source/xap/xv/xv-3.10a-jumbo-README.txt @@ -0,0 +1,442 @@ +These are the latest versions of the XV jumbo patches I originally created +in February 2000 (but never distributed) and eventually updated and released +in May 2004, prompted by a discussion on LWN (http://lwn.net/Articles/76391/). +Information about the patches, updates to the patches, and the patches +themselves can all be found here: + + http://pobox.com/~newt/greg_xv.html + http://freshmeat.net/projects/xvjumbopatches/ + +(Use the "Subscribe to new releases" link on the latter page if you want to +be notified of new versions automatically; trivial registration required.) + +These two patches incorporate all of the fix- and enhancement-patches +available from John's XV site (http://www.trilon.com/xv/downloads.html +and ftp://ftp.trilon.com/pub/xv/patches/), plus a number of my own fixes +and additions, plus quite a few from other people--though not all of the +ones I'd intended to, due to lack of time after dealing with the latest +set of security issues (one of which I discovered, sigh). They're still +not fully complete, and it's possible they never will be, but I do plan +to continue tinkering with them whenever the mood strikes--and I may even +release them publicly on rare occasions. (At the current rate, it looks +like once a year may be the best we can hope for...we'll see.) + +Also be aware that several other people have had the same idea over the +years. Ones I've found, more or less by accident, include: + + - Landon Curt "chongo" Noll (http://www.isthe.com/chongo/) + http://www.isthe.com/chongo/src/xv-patch/ + - Mark Ashley <mark ibiblio.org> + http://www.ibiblio.org/pub/packages/solaris/sparc/html/xv.3.10a.p19.html + - Peter Jordan <pete dc.seflin.org> + http://www.ibiblio.org/pub/Linux/apps/graphics/viewers/X/xv-3.10a.patch.* + - Uwe F. Mayer (http://www.tux.org/~mayer/) + http://www.tux.org/~mayer/linux/book/node311.html + - Kurt Wall <kwall kurtwerks.com> + http://www.kurtwerks.com/software/xv.html + - Chisato Yamauchi (http://phe.phyas.aichi-edu.ac.jp/~cyamauch/index_en.html) + http://phe.phyas.aichi-edu.ac.jp/~cyamauch/xv.html + - Daisuke Yabuki <dxy optix.org> + http://www.optix.org/~dxy/solaris/xv/ + - Pekoe (http://pekoe.lair.net/) + http://pekoe.lair.net/diary/xv.html + - FreeBSD FreshPorts + http://www.freshports.org/graphics/xv/ + - Kyoichiro Suda <sudakyo fat.coara.or.jp> + http://www.coara.or.jp/~sudakyo/XV_jp.html + +I very much doubt that this is an exhaustive list. So far, most of the +other patch-sets appear not to be as extensive or as up-to-date as my own, +particularly now that the (very large) "Japanese extension" patches are +incorporated--big thanks to Werner Fink of SuSE for that! + +Below I summarize the component patches that are encompassed by my jumbo +bugfixes and jumbo enhancements patches. Unfortunately, some of my own +additions never saw the light of day as standalone patches, but considering +the number of overlaps (collisions) already implicit in this list, it would +have been difficult to accomplish even if I'd had the time. + +Here's a quick guide to the "third-party" credits in the lists below: + + AAC = Andrey A. Chernov [ache] + (http://cvsweb.freebsd.org/ports/graphics/xv/files/patch-ab) + AD = Andreas Dilger (adilger clusterfs.com) + AL = Alexander Lehmann (lehmann usa.net) + AT = Anthony Thyssen (http://www.cit.gu.edu.au/~anthony/) + DAC = David A. Clunie (http://www.dclunie.com/xv-pcd.html) + EK = Egmont Koblinger (egmont users.sourceforge.net) + GRR = Greg Roelofs (http://pobox.com/~newt/) + GV = Guido Vollbeding (http://sylvana.net/guido/) + IM = IKEMOTO Masahiro (ikeyan airlab.cs.ritsumei.ac.jp) + JCE = John C. Elliott (http://www.seasip.demon.co.uk/ZX/zxdload.html) + JHB = John H. Bradley, of course (http://www.trilon.com/xv/) + JPD = Jean-Pierre Demailly (http://www-fourier.ujf-grenoble.fr/~demailly/) + JR = John Rochester (http://www.freebsd.org/cgi/query-pr.cgi?pr=2920) + (also http://cvsweb.freebsd.org/ports/graphics/xv/files/patch-af, -ag) + JZ = Joe Zbiciak (http://spatula-city.org/~im14u2c/) + KS = Kyoichiro Suda (http://www.coara.or.jp/~sudakyo/XV_jp.html) + LCN = Landon Curt "chongo" Noll (http://www.isthe.com/chongo/) + LJ = Larry Jones (lawrence.jones ugs.com) + PBJ = Peter Jordan (http://www.ibiblio.org/pub/Linux/apps/graphics/viewers/X/) + PSV = Pawel S. Veselov (http://manticore.2y.net/wbmp.html) + SB = Sean Borman (http://www.nd.edu/~sborman/software/xvwheelmouse.html) + SJT = TenThumbs (tenthumbs cybernex.net) + TA = Tim Adye (http://hepwww.rl.ac.uk/Adye/xv-psnewstyle.html) + TI = Tetsuya INOUE (tin329 chino.it.okayama-u.ac.jp) + TO = Tavis Ormandy (taviso gentoo.org) + WF = Werner Fink (http://www.suse.de/~werner/) + +Other credits are as listed on the XV Downloads page or in the respective +patches (e.g., the jp-extension patches or within the PNG patch). + +Finally, please note that these patches have not been blessed by John Bradley +in any way (although I copied him on the May 2004 announcement--no response +at that time). Nor have I personally tested every change and feature! (See +the BIG SCARY WARNING below for further caveats.) In other words, they're +both completely unofficial and completely unguaranteed. But they seem to +work for me. (And when they don't, I fix 'em. Eventually, anyway... ;-) ) + +One further "final" note: as of this release, I am no longer updating the +fixes patch; new stuff (including fixes) now appears only in the enhancements +one. It simply became too much of a timesink to maintain parallel trees--not +to mention parallel makefiles (generic/public vs. local/personal, old vs. +new libjpeg/libtiff) and xv.h (unregistered/public vs. registered/personal), +particularly when some fixes came about while working on an enhancement and +others were provided by third parties relative to the previous fix+enh state. +Hence the mismatched "20050410" date on the fixes patch. + +GRR 20050501 + + +How to build +------------ + +The following assumes you, the user, already have the libtiff,[1] +libjpeg,[2] libpng,[3] and zlib[4] libraries downloaded, patched (if +necessary), compiled, and installed, not to mention a C compiler and +the bzip2,[5] tar,[6] patch,[7] and make[8] utilities. You should also +have downloaded the original XV 3.10a source distribution from the XV +Downloads page[9] and be able to edit its Makefile and config.h files +as indicated in the INSTALL file. Finally, you should know what a +Unix(-style) command line is, where to find one, and how to wield it +with abandon (or at least with adult supervision)--and preferably not +as the root user until the make install step. (A filesystem is a +terrible thing to waste.) + + [1] http://www.remotesensing.org/libtiff/ + [2] http://www.ijg.org/ + [3] http://www.libpng.org/pub/png/libpng.html + [4] http://www.zlib.net/ + [5] http://sources.redhat.com/bzip2/ + [6] http://www.gnu.org/directory/devel/specific/tar.html + [7] http://www.gnu.org/directory/devel/specific/patch.html + [8] http://www.gnu.org/directory/devel/specific/make.html + [9] http://www.trilon.com/xv/downloads.html#src-distrib + ++-------------------------------------------------------------------------+ +| | +| BIG SCARY WARNING | +| | +| These patches work for Greg (and parts of them apparently work for | +| various other people), and so far Greg's CPU still computes and his | +| hard disks haven't been wiped. But there's no guarantee that that | +| will be the case for you! In particular, not every incorporated patch | +| has been explicitly tested, nor has every possible subcase of the | +| explicitly tested subset. (Read that again; it's grammatical.) Nor are | +| these patches officially blessed by John Bradley in any way. In other | +| words, if you use these patches, you do so at your own risk. (Greg | +| doesn't believe there are any serious problems remaining, but then, | +| what programmer ever does? Bugs happen.) | +| | ++-------------------------------------------------------------------------+ + +Assuming you have the prerequisites out of the way and aren't scared +off by the Big Scary Warning, here's the build procedure: + + bzip2 -dc xv-3.10a-jumbo-patches-20050501.tar.bz2 | tar xvf - + (or tar xvzf xv-3.10a-jumbo-patches-20050501.tar.gz) + + tar xvzf xv-3.10a.tar.gz + + cd xv-3.10a + + patch -p1 < ../xv-3.10a-jumbo-fix-patch-20050410.txt + + [optional] patch -p1 < ../xv-3.10a-jumbo-enh-patch-20050501.txt + + edit Makefile and config.h as directed in INSTALL file (in particular, + ensure paths to external libraries and header files are correct) + + make + + ./xv your_favorite_image your_other_favorite_image etc. + +If everything seems to be working to your satisfaction, go ahead and install: + + make -n install (and double-check that things will be installed + where you want them to be) + + become root if necessary (e.g., type su) + + make install + +That wasn't so hard, was it? + + +Summary of incorporated and unincorporated patches +-------------------------------------------------- + +fixes ((*) = listed on XV Downloads page, (f) = on ftp site only): + +20040516: + - grabpatch (*) [obsoleted by new-xvgrab.c below] + - vispatch (*) + - mp-tiff-patch (*) [technically an enhancement, but JHB says...] + - longname.patch (*) [*SECURITY*] + - xpm.patch (*) + - deepcolor.patch (*) [slightly modified for language conformance] + - gifpatch (*) + - exceed_grab.patch (*) + - xv-redhat6-readme.txt (*) [slightly modified for portability] + - beos.patch (*) [modified for portability] + - croppad.patch (f) + - epsfpatch (f) + - tiff1200.patch (*) + - gssafer.patch (*) [*SECURITY*] + - new-xvgrab.c (f) [includes grabpatch but not exceed_grab.patch] + - xcmap.diff (AD) [part of xv-3.10a-png-1.2d.tar.gz] + - fixes for huge number gcc -Wall warnings--including two bugs (GRR) + - fix for cleandir script when no makefile exists (GRR) + - *SECURITY* fix for gets() in vdcomp.c (GRR, LCN vdcomp-security.patch) + - *SECURITY* fix for getwd() on Linux (GRR, LCN Linux-compile.patch) + - fix for "no fuss" Linux compiles (LCN Linux-compile.patch) + - partial *SECURITY* fix for mktemp() in xv.c and xvdir.c (GRR) + (remaining instances in xv.c (2), xvimage.c, xvfits.c, xvpds.c, xvps.c, and + possibly xvtiff.c--most involve system()) + - freebsd-vdcomp-newline.patch (AAC) + - xv-3.10a.patch.linux (PBJ) [/bin/sh versions of cleandir, RANLIB.sh only] + - removed trailing white space (GRR) [purely cosmetic] +20040523: + - fixed compilation error in registered versions (GRR) +20050410: + - fix for YCbCr oversaturated-green bug(s) in TIFF decoder (GRR) + - provisional fix for contiguous tiled TIFFs with bottom-* orientation (GRR) + - fixes for gcc 3.3 -Wall warnings (GRR) + - fix for incorrect 16/24-bit display of xwd dumps (SJT) + - *SECURITY* fix for multiple input-validation bugs (OpenBSD/SuSE, Gentoo, GRR) + (this also completes the partial mktemp() security fix listed above) + - fix for (probable) 24-bit endianness bug in fixpix code (GRR) + + +enhancements ((*) = listed on XV Downloads page, (<who>) = third-party): + +20040516: + - xv-3.10a.JPEG-patch (*) + (xv-3.10a.JPEG-patch.old differs only in ftp site listed in comments at top) + - xv-3.10a.TIFF-patch (*) + - xv-3.10a-png-1.2d.tar.gz (AL, AD) (*) + (xvjpeg.diff and xvtiff.diff ignored; xcmap.diff included in fixes) + - xvpng-1.2d-fix3.patch (GRR, SJT) (*) + - pdf.patch (*) + - windowid.patch + windowid.patch.readme (*) + - bmp32.patch (*) + - fixpix-20000610.tar.gz (GV) + (identical to 19961127 version except for README updates and new Win32 file) + [modified to be runtime-selectable via -/+fixpix option] + - browse-remember.patch (JZ) + - faster-smooth.patch (JZ) + - PAM support (GRR) + - PNG/GIF -ibg ("image background") transparency option (GRR) + (does not yet support TIFF, XPM or TGA) + - VersionInfo* in help screen (GRR) + - minor grammar/spelling fixes (GRR) + - floating-point support for -wait when USE_TICKS enabled (GRR) + - wheelmouse.patch (SB) + - freebsd-gravity-hints-patch (JR) + - xv-zx.patch (JCE) + - xv3.10a.wapbmp.patch (PSV) + - xv-3.10a-pcd.patch.20010708 (DAC) + - jp-ext-bzip2-1.1.patch + (from ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/shige/xv/) +20050410: + - boosted maximum number of files from 4096 to 32768 (GRR) + (note that OS kernel limits may also apply; for example, in Linux see + MAX_ARG_PAGES in linux-<version>/include/linux/binfmts.h) + - xv-3.10a-bmp16.patch (KS) + - final-image delay (e.g., "-wait 0.2,3" : pause 3 secs on final image) (GRR) + - xv-numpad.patch (EK) + - xv-delete-is-not-backspace.patch (EK) + - made browser window (schnauzer) and icons configurable (AT, GRR) +20050501: + - xv-3.10a-bmpfix.patch (WF) [*SECURITY*] + - xv310a-jp-extension-rev5.3.3.tar.gz (TI, IM, ..., WF) + (adds support for MAG, MAKI, Pi, PIC, and PIC2 formats[*]; "magic suffix" + detection/conversion; MacBinary prefixes; archives as virtual filesystems; + multilingual text viewer [though not Unicode]; etc.) + - xv-3.10a-yaos.dif (WF, TO) [*SECURITY*] + (fixes a number of format-string issues and system() calls) + - xv-3.10a.dif (WF) [*SECURITY*] + (fixes more format-string issues, mktemp() and open() calls, and compilation + warnings [mostly from jp-extension patch]) + - xv-3.10a-jumbo-jpd_startgrab-patch-20050420.txt (JPD) + - PATCH.alwaysnever (LJ) + - PATCH.bsd (LJ) + - PATCH.linedraw (LJ) + - PATCH.multipage (LJ) + - PATCH.multipageGIF (LJ) + - PATCH.random (LJ) + - PATCH.stat (LJ) + - PATCH.thumbs (LJ) + - xv-startgrab-imake-hips.patch (JPD) + ("hips" portion only; adds support for HIPS image format[*]) + - xv-3.10a-formatstr.patch (KS) + - xv-3.10a-shortsleep.patch (KS) + - xv-3.10a-locale-linux.patch (KS) + - xv-3.10a-printkey.patch (KS) + - xv-3.10a-sysconfdir.patch (KS) + - added PREFIX and DESTDIR support to Makefile (KS, GRR) + - xv-3.10a-xvexecpath.patch (but disabled pending fixes) (KS) + - xv-3.10a-zeroquit.patch (KS, GRR) + + +[*] Note that all six of these formats may still suffer from exploitable heap + overflows [*SECURITY*] when decoding images with large (possibly invalid) + dimensions; as a result, they are DISABLED by default. (Search for "GRR + POSSIBLE OVERFLOW / FIXME" comments in xvmag.c, xvmaki.c, xvpi.c, xvpic.c, + xvpic2.c, and xvhips.c, but keep in mind that these may not be exhaustive.) + Users who choose to overlook these security issues can enable any or all + of them by editing config.h. + + +not (yet?) included: + + - others from http://www.coara.or.jp/~sudakyo/XV_jp.html (some are duplicates): + -rw-r--r-- 4644 Mar 11 2004 xv-3.10a-directory.patch + -rw-r--r-- 462 Mar 11 2004 xv-3.10a-dirwkey.patch + -rw-r--r-- 688 Mar 11 2004 xv-3.10a-docdir.patch + -rw-r--r-- 11952 Mar 11 2004 xv-3.10a-download-test0.patch + -rw-r--r-- 41786 Mar 11 2004 xv-3.10a-download-test1.patch + -rw-r--r-- 42397 Mar 11 2004 xv-3.10a-download-test2.patch + -rw-r--r-- 47679 Mar 11 2004 xv-3.10a-download-test3.patch + -rw-r--r-- 52745 Mar 11 2004 xv-3.10a-download-test4.patch + -rw-r--r-- 3423 Apr 24 2004 xv-3.10a-keyzoom.patch + -rw-r--r-- 12387 Mar 15 2004 xv-3.10a-menubutton.patch + -rw-r--r-- 1178 Apr 24 2004 xv-3.10a-noblink.patch + -rw-r--r-- 57092 Jul 9 2004 xv-3.10a-resolution.patch + -rw-r--r-- 4645 Apr 24 2004 xv-3.10a-selall.patch + -rw-r--r-- 702 Apr 24 2004 xv-3.10a-showlongname.patch + -rw-r--r-- 1205 Apr 24 2004 xv-3.10a-staytoppdir.patch + -rw-r--r-- 4228 Apr 24 2004 xv-3.10a-wheelmouse.patch + -rw-r--r-- 744 Apr 24 2004 xv-3.10a-xvbutt_wait.patch + -rw-r--r-- 3757 Jul 9 2004 xv-3.10a-xvscrl_button2.patch + -rw-r--r-- 1494 Jul 9 2004 xv-3.10a-xvscrl_wait.patch + -rw-r--r-- 19352 Jul 9 2004 xv-3.10a-xvzoom.patch + + - xv-3.10a+jp-extension-rev5.3.3+FLmask.v2.1+png+misc.patch ["mask" support] + + - xv-psnewstyle.patch (TA) [coming later in 2005?] + - xv-3.10a.patch.linux (PBJ) [maybe use vdcomp.c changes?] + - xvxpm-anthony-thyssen.c (AT) ["slate grey" bug already gone?] + + - stuff in xv/unsupt: + -rw-r--r-- 30527 Dec 22 1994 FITS.rite + -rw-r--r-- 49152 Dec 22 1994 FITS.tar + -rw-r--r-- 3753 Dec 22 1994 G3.patch1 + -rw-r--r-- 24576 Dec 22 1994 G3.tar + -rw-r--r-- 1098 Dec 22 1994 INFO.cgm + -rw-r--r-- 1941 Dec 22 1994 README + -rwxr-xr-x 1059 Dec 22 1994 getweather + -rwxr-xr-x 2186 Dec 22 1994 getweather.ksh + -rw-r--r-- 856 Dec 22 1994 twm.fix + -rw-r--r-- 844 Dec 22 1994 vargs.c + -rw-r--r-- 47626 Dec 22 1994 vis + -rw-r--r-- 21097 Dec 22 1994 xscm + + + +not finished (and/or even started ;-) ): + + - fix xvpng.c not to use direct struct access + - (better) fix for never-ending pile of SLOW popups when viewing TIFFs with + unknown tags (or truncated/corrupted images) + - fix for minor .Z inefficiency in xv.c ("FIXME") + - fix for filename entry-field mouse/cursor bogosity + (want at least positioning to work; preferably also select/cut/paste) + - fix for spacebar-for-next-image getting stuck at first text file + - fix for .ppm.gz "disk leak" [can't reproduce...already fixed?] + (maybe occurs only if filesystem is already nearly full? bad .gz?) + + - transparency support for TIFF, XPM and TGA images + - support for tiled background image (with transparent foreground image) + - MNG/JNG support + - SVG support + + +ChangeLog +--------- + + 20000220 + original pair of jumbo patches, comprising perhaps 16 fix-patches and a + dozen enhancement-patches; never publicly released + + 20040516 + first public release, incorporating 25 fix-patches and 21 enhancement- + patches + + 20040523 + minor fix to xvctrl.c to support registered versions (GRR warnings-patch + was slightly overzealous); switched to tarball packaging + + 20040531 + fixed undefined CLK_TCK with gcc -ansi (enh/USE_TICKS option); made + libjpeg, libtiff, libpng and zlib sections of makefile more consistent + (enh) + + 20040606 + added freshmeat link, build instructions, and changelog to jumbo README + (this file) + + 20050213 + increased max number of files from 4096 to 32768 (enh) + + 20050320-20050410 + fixed two very long-standing YCbCr bugs in TIFF decoder (fix); + provisionally fixed bug in TIFF decoder for contiguous tiled TIFFs with + bottom-* orientation (fix/USE_TILED_TIFF_BOTLEFT_FIX option); fixed new + gcc 3.3 warnings (fix); fixed incorrect 16/24-bit display of xwd dumps + (fix); fixed multiple input-validation bugs (potential heap overflows) + and mktemp() dependencies (*SECURITY* fixes: CAN-2004-1725, CAN-2004- + 1726, CAN-2005-0665, CERT VU#622622, and others); added support for 16- + and 32-bit BMPs using bitfields "compression" (enh); fixed probable byte- + sex bug in 24-bit FixPix display code (enh/USE_24BIT_ENDIAN_FIX option); + fixed numerical-keypad NumLock behavior and delete-key behavior in file- + load/save window (enh); made schnauzer window and icons configurable (enh) + + 20050417 + incorporated "Japanese extension" patches, revision 5.3.3 (enh); fixed + additional *SECURITY* issues (format-string vulnerabilities, system() + and mktemp() calls, etc., but NOT heap overflows in new decoders) both + in existing code and in jp-extension additions (enh) + + 20050425 + added support for -startgrab option (enh); added support for a "Never" + button to file-overwrite popups (enh); added NetBSD and BSDI to list of + mkstemp()-supporting systems (enh); improved line-drawing code to set the + correct pixels for lines of all slopes (enh); added "Page n of m" to Info + window for multipage images (enh); added support for multipage (animated) + GIFs (enh); fixed -random support so randomized file list can be traversed + normally in forward or backward direction (enh); added typecasts to stat() + printfs for portability (enh); fixed erroneous use of "creation" time and + forced unlink prior to overwrite in schnauzer thumbnail code (enh); added + HIPS support (enh/HAVE_HIPS option) + + 20050501 + extended multipage keyboard support (PgUp/PgDn) to all windows except + control ("console") and directory (enh); fixed minor (non-security) + format-string issue in xv.c (enh); shortened delay on popup error windows + from 3 seconds to 1 second (enh); tweaked text-viewer localization support + (TV_L10N) for Linux (enh); added keyboard short cuts for Color and + Grayscale buttons in print dialog (enh); added support for separate "magic + suffix" (xv_mgcsfx) config dir (enh); added PREFIX and DESTDIR support to + Makefile (enh); fixed handling of zero-length files and other text-viewer + failures (enh) |