[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cola:09665] zgv 5.9 - svgalib picture viewer with thumbnail-based file selector

zgv is an svgalib (or SDL) picture viewer with a thumbnail-based file
selector. Most file formats are supported, and the thumbnails used are
compatible with xv, xzgv, and the Gimp. It can also be used with `zgv
file(s)', to effectively bypass the file selector.

zgv's homepage is here:

  http://www.svgalib.org/rus/zgv/

You can also download it from ibiblio:

  ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/svga/zgv-5.9.tar.gz


This version has some important security fixes, and existing users not
already using a patched version should upgrade as soon as possible.


Here's the changes relative to the previous version (from NEWS):

** New features

Added SDL mouse support. Thanks to Dimitar Zhekov for this.


** Bugfixes

Added width/height limits to all picture readers, 32767x32765 is now
the maximum image size supported (essentially consistent with xzgv).
This is a crude (albeit effective) fix for several reported overflow
bugs, which had previously meant that zgv could be exploited to run
commands as the user when viewing a maliciously-formatted file. Thanks
to Luke Macken for letting me know about the problems. I suppose I
should also thank "infamous41md" for publishing the original
advisory/exploit, even if he didn't bother emailing me or anything.

Added more multiple-image GIF brokenness checks than before.
Previously it was possible to get a segfault with the `right' file,
despite there already being various range checks. Thanks to Mikulas
Patocka for spotting this.

Fixed a problem with freeing memory when a GIF fails to load. Thanks
to Mikulas Patocka for the fix.

Fixed a possible hang when reading GIF files with corrupted extension
blocks. Thanks to Mikulas Patocka for finding this.

Fixed a possible hang when reading corrupted non-raw PBM files.

The SDL backend previously had a timer-related bug which could cause
some odd problems. Thanks to Dimitar Zhekov for spotting this one.


** Other changes

The `fullscreen' option now defaults to on, so you now have to use
`--fullscreen=off' (or similar config file option) to disable it. This
keeps the SDL backend's behaviour closer to the svgalib one.


-Rus.

##########################################################################
# Send submissions for comp.os.linux.announce to: cola@xxxxxxxxxxxxxxxxx #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################
$B$3$N>pJs$,$"$J$?$NC5$7$F$$?$b$N$+$I$&$+A*Br$7$F$/$@$5$!#(B
yes/$B$^$5$K$3$l$@!*(B   no/$B0c$&$J$!(B   part/$B0lIt8+$D$+$C$?(B   try/$B$3$l$G;n$7$F$_$k(B
$B$"$J$?$,C5$7$F$$?>pJs$O$I$N$h$&$J$3$H$+!"$4<+M3$K5-F~2<$5$!#FC$K!V$^$5$K$3$l$@!*!W$H8@$&>l9g$O5-F~$r$*4j$$7$^$9!#(B
$BNc(B:$B!VJ#?t$N%^%7%s$+$i(BCATV$B7PM3$G(Bipmasquerade$B$rMxMQ$7$F(BWeb$B$r;2>H$7$?$>l9g$N@_Dj$K$D$$F!W(B