These are the latest versions of the XV jumbo patches I originally created in February 2000 (but never distributed) and eventually updated and released in May 2004, prompted by a discussion on LWN (http://lwn.net/Articles/76391/). Information about the patches, updates to the patches, and the patches themselves can all be found here: http://pobox.com/~newt/greg_xv.html http://freshmeat.net/projects/xvjumbopatches/ (Use the "Subscribe to new releases" link on the latter page if you want to be notified of new versions automatically; trivial registration required.) These two patches incorporate all of the fix- and enhancement-patches available from John's XV site (http://www.trilon.com/xv/downloads.html and ftp://ftp.trilon.com/pub/xv/patches/), plus a number of my own fixes and additions, plus quite a few from other people--though not all of the ones I'd intended to, due to lack of time after dealing with the latest set of security issues (one of which I discovered, sigh). They're still not fully complete, and it's possible they never will be, but I do plan to continue tinkering with them whenever the mood strikes--and I may even release them publicly on rare occasions. (At the current rate, it looks like once a year may be the best we can hope for...we'll see.) Also be aware that several other people have had the same idea over the years. Ones I've found, more or less by accident, include: - Landon Curt "chongo" Noll (http://www.isthe.com/chongo/) http://www.isthe.com/chongo/src/xv-patch/ - Mark Ashley http://www.ibiblio.org/pub/packages/solaris/sparc/html/xv.3.10a.p19.html - Peter Jordan http://www.ibiblio.org/pub/Linux/apps/graphics/viewers/X/xv-3.10a.patch.* - Uwe F. Mayer (http://www.tux.org/~mayer/) http://www.tux.org/~mayer/linux/book/node311.html - Kurt Wall http://www.kurtwerks.com/software/xv.html - Chisato Yamauchi (http://phe.phyas.aichi-edu.ac.jp/~cyamauch/index_en.html) http://phe.phyas.aichi-edu.ac.jp/~cyamauch/xv.html - Daisuke Yabuki http://www.optix.org/~dxy/solaris/xv/ - Pekoe (http://pekoe.lair.net/) http://pekoe.lair.net/diary/xv.html - FreeBSD FreshPorts http://www.freshports.org/graphics/xv/ - Kyoichiro Suda http://www.coara.or.jp/~sudakyo/XV_jp.html I very much doubt that this is an exhaustive list. So far, most of the other patch-sets appear not to be as extensive or as up-to-date as my own, particularly now that the (very large) "Japanese extension" patches are incorporated--big thanks to Werner Fink of SuSE for that! Below I summarize the component patches that are encompassed by my jumbo bugfixes and jumbo enhancements patches. Unfortunately, some of my own additions never saw the light of day as standalone patches, but considering the number of overlaps (collisions) already implicit in this list, it would have been difficult to accomplish even if I'd had the time. Here's a quick guide to the "third-party" credits in the lists below: AAC = Andrey A. Chernov [ache] (http://cvsweb.freebsd.org/ports/graphics/xv/files/patch-ab) AD = Andreas Dilger (adilger clusterfs.com) AL = Alexander Lehmann (lehmann usa.net) AT = Anthony Thyssen (http://www.cit.gu.edu.au/~anthony/) DAC = David A. Clunie (http://www.dclunie.com/xv-pcd.html) EK = Egmont Koblinger (egmont users.sourceforge.net) GRR = Greg Roelofs (http://pobox.com/~newt/) GV = Guido Vollbeding (http://sylvana.net/guido/) IM = IKEMOTO Masahiro (ikeyan airlab.cs.ritsumei.ac.jp) JCE = John C. Elliott (http://www.seasip.demon.co.uk/ZX/zxdload.html) JHB = John H. Bradley, of course (http://www.trilon.com/xv/) JPD = Jean-Pierre Demailly (http://www-fourier.ujf-grenoble.fr/~demailly/) JR = John Rochester (http://www.freebsd.org/cgi/query-pr.cgi?pr=2920) (also http://cvsweb.freebsd.org/ports/graphics/xv/files/patch-af, -ag) JZ = Joe Zbiciak (http://spatula-city.org/~im14u2c/) KS = Kyoichiro Suda (http://www.coara.or.jp/~sudakyo/XV_jp.html) LCN = Landon Curt "chongo" Noll (http://www.isthe.com/chongo/) LJ = Larry Jones (lawrence.jones ugs.com) PBJ = Peter Jordan (http://www.ibiblio.org/pub/Linux/apps/graphics/viewers/X/) PSV = Pawel S. Veselov (http://manticore.2y.net/wbmp.html) SB = Sean Borman (http://www.nd.edu/~sborman/software/xvwheelmouse.html) SJT = TenThumbs (tenthumbs cybernex.net) TA = Tim Adye (http://hepwww.rl.ac.uk/Adye/xv-psnewstyle.html) TI = Tetsuya INOUE (tin329 chino.it.okayama-u.ac.jp) TO = Tavis Ormandy (taviso gentoo.org) WF = Werner Fink (http://www.suse.de/~werner/) Other credits are as listed on the XV Downloads page or in the respective patches (e.g., the jp-extension patches or within the PNG patch). Finally, please note that these patches have not been blessed by John Bradley in any way (although I copied him on the May 2004 announcement--no response at that time). Nor have I personally tested every change and feature! (See the BIG SCARY WARNING below for further caveats.) In other words, they're both completely unofficial and completely unguaranteed. But they seem to work for me. (And when they don't, I fix 'em. Eventually, anyway... ;-) ) One further "final" note: as of this release, I am no longer updating the fixes patch; new stuff (including fixes) now appears only in the enhancements one. It simply became too much of a timesink to maintain parallel trees--not to mention parallel makefiles (generic/public vs. local/personal, old vs. new libjpeg/libtiff) and xv.h (unregistered/public vs. registered/personal), particularly when some fixes came about while working on an enhancement and others were provided by third parties relative to the previous fix+enh state. Hence the mismatched "20050410" date on the fixes patch. GRR 20050501 How to build ------------ The following assumes you, the user, already have the libtiff,[1] libjpeg,[2] libpng,[3] and zlib[4] libraries downloaded, patched (if necessary), compiled, and installed, not to mention a C compiler and the bzip2,[5] tar,[6] patch,[7] and make[8] utilities. You should also have downloaded the original XV 3.10a source distribution from the XV Downloads page[9] and be able to edit its Makefile and config.h files as indicated in the INSTALL file. Finally, you should know what a Unix(-style) command line is, where to find one, and how to wield it with abandon (or at least with adult supervision)--and preferably not as the root user until the make install step. (A filesystem is a terrible thing to waste.) [1] http://www.remotesensing.org/libtiff/ [2] http://www.ijg.org/ [3] http://www.libpng.org/pub/png/libpng.html [4] http://www.zlib.net/ [5] http://sources.redhat.com/bzip2/ [6] http://www.gnu.org/directory/devel/specific/tar.html [7] http://www.gnu.org/directory/devel/specific/patch.html [8] http://www.gnu.org/directory/devel/specific/make.html [9] http://www.trilon.com/xv/downloads.html#src-distrib +-------------------------------------------------------------------------+ | | | BIG SCARY WARNING | | | | These patches work for Greg (and parts of them apparently work for | | various other people), and so far Greg's CPU still computes and his | | hard disks haven't been wiped. But there's no guarantee that that | | will be the case for you! In particular, not every incorporated patch | | has been explicitly tested, nor has every possible subcase of the | | explicitly tested subset. (Read that again; it's grammatical.) Nor are | | these patches officially blessed by John Bradley in any way. In other | | words, if you use these patches, you do so at your own risk. (Greg | | doesn't believe there are any serious problems remaining, but then, | | what programmer ever does? Bugs happen.) | | | +-------------------------------------------------------------------------+ Assuming you have the prerequisites out of the way and aren't scared off by the Big Scary Warning, here's the build procedure: bzip2 -dc xv-3.10a-jumbo-patches-20050501.tar.bz2 | tar xvf - (or tar xvzf xv-3.10a-jumbo-patches-20050501.tar.gz) tar xvzf xv-3.10a.tar.gz cd xv-3.10a patch -p1 < ../xv-3.10a-jumbo-fix-patch-20050410.txt [optional] patch -p1 < ../xv-3.10a-jumbo-enh-patch-20050501.txt edit Makefile and config.h as directed in INSTALL file (in particular, ensure paths to external libraries and header files are correct) make ./xv your_favorite_image your_other_favorite_image etc. If everything seems to be working to your satisfaction, go ahead and install: make -n install (and double-check that things will be installed where you want them to be) become root if necessary (e.g., type su) make install That wasn't so hard, was it? Summary of incorporated and unincorporated patches -------------------------------------------------- fixes ((*) = listed on XV Downloads page, (f) = on ftp site only): 20040516: - grabpatch (*) [obsoleted by new-xvgrab.c below] - vispatch (*) - mp-tiff-patch (*) [technically an enhancement, but JHB says...] - longname.patch (*) [*SECURITY*] - xpm.patch (*) - deepcolor.patch (*) [slightly modified for language conformance] - gifpatch (*) - exceed_grab.patch (*) - xv-redhat6-readme.txt (*) [slightly modified for portability] - beos.patch (*) [modified for portability] - croppad.patch (f) - epsfpatch (f) - tiff1200.patch (*) - gssafer.patch (*) [*SECURITY*] - new-xvgrab.c (f) [includes grabpatch but not exceed_grab.patch] - xcmap.diff (AD) [part of xv-3.10a-png-1.2d.tar.gz] - fixes for huge number gcc -Wall warnings--including two bugs (GRR) - fix for cleandir script when no makefile exists (GRR) - *SECURITY* fix for gets() in vdcomp.c (GRR, LCN vdcomp-security.patch) - *SECURITY* fix for getwd() on Linux (GRR, LCN Linux-compile.patch) - fix for "no fuss" Linux compiles (LCN Linux-compile.patch) - partial *SECURITY* fix for mktemp() in xv.c and xvdir.c (GRR) (remaining instances in xv.c (2), xvimage.c, xvfits.c, xvpds.c, xvps.c, and possibly xvtiff.c--most involve system()) - freebsd-vdcomp-newline.patch (AAC) - xv-3.10a.patch.linux (PBJ) [/bin/sh versions of cleandir, RANLIB.sh only] - removed trailing white space (GRR) [purely cosmetic] 20040523: - fixed compilation error in registered versions (GRR) 20050410: - fix for YCbCr oversaturated-green bug(s) in TIFF decoder (GRR) - provisional fix for contiguous tiled TIFFs with bottom-* orientation (GRR) - fixes for gcc 3.3 -Wall warnings (GRR) - fix for incorrect 16/24-bit display of xwd dumps (SJT) - *SECURITY* fix for multiple input-validation bugs (OpenBSD/SuSE, Gentoo, GRR) (this also completes the partial mktemp() security fix listed above) - fix for (probable) 24-bit endianness bug in fixpix code (GRR) enhancements ((*) = listed on XV Downloads page, () = third-party): 20040516: - xv-3.10a.JPEG-patch (*) (xv-3.10a.JPEG-patch.old differs only in ftp site listed in comments at top) - xv-3.10a.TIFF-patch (*) - xv-3.10a-png-1.2d.tar.gz (AL, AD) (*) (xvjpeg.diff and xvtiff.diff ignored; xcmap.diff included in fixes) - xvpng-1.2d-fix3.patch (GRR, SJT) (*) - pdf.patch (*) - windowid.patch + windowid.patch.readme (*) - bmp32.patch (*) - fixpix-20000610.tar.gz (GV) (identical to 19961127 version except for README updates and new Win32 file) [modified to be runtime-selectable via -/+fixpix option] - browse-remember.patch (JZ) - faster-smooth.patch (JZ) - PAM support (GRR) - PNG/GIF -ibg ("image background") transparency option (GRR) (does not yet support TIFF, XPM or TGA) - VersionInfo* in help screen (GRR) - minor grammar/spelling fixes (GRR) - floating-point support for -wait when USE_TICKS enabled (GRR) - wheelmouse.patch (SB) - freebsd-gravity-hints-patch (JR) - xv-zx.patch (JCE) - xv3.10a.wapbmp.patch (PSV) - xv-3.10a-pcd.patch.20010708 (DAC) - jp-ext-bzip2-1.1.patch (from ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/shige/xv/) 20050410: - boosted maximum number of files from 4096 to 32768 (GRR) (note that OS kernel limits may also apply; for example, in Linux see MAX_ARG_PAGES in linux-/include/linux/binfmts.h) - xv-3.10a-bmp16.patch (KS) - final-image delay (e.g., "-wait 0.2,3" : pause 3 secs on final image) (GRR) - xv-numpad.patch (EK) - xv-delete-is-not-backspace.patch (EK) - made browser window (schnauzer) and icons configurable (AT, GRR) 20050501: - xv-3.10a-bmpfix.patch (WF) [*SECURITY*] - xv310a-jp-extension-rev5.3.3.tar.gz (TI, IM, ..., WF) (adds support for MAG, MAKI, Pi, PIC, and PIC2 formats[*]; "magic suffix" detection/conversion; MacBinary prefixes; archives as virtual filesystems; multilingual text viewer [though not Unicode]; etc.) - xv-3.10a-yaos.dif (WF, TO) [*SECURITY*] (fixes a number of format-string issues and system() calls) - xv-3.10a.dif (WF) [*SECURITY*] (fixes more format-string issues, mktemp() and open() calls, and compilation warnings [mostly from jp-extension patch]) - xv-3.10a-jumbo-jpd_startgrab-patch-20050420.txt (JPD) - PATCH.alwaysnever (LJ) - PATCH.bsd (LJ) - PATCH.linedraw (LJ) - PATCH.multipage (LJ) - PATCH.multipageGIF (LJ) - PATCH.random (LJ) - PATCH.stat (LJ) - PATCH.thumbs (LJ) - xv-startgrab-imake-hips.patch (JPD) ("hips" portion only; adds support for HIPS image format[*]) - xv-3.10a-formatstr.patch (KS) - xv-3.10a-shortsleep.patch (KS) - xv-3.10a-locale-linux.patch (KS) - xv-3.10a-printkey.patch (KS) - xv-3.10a-sysconfdir.patch (KS) - added PREFIX and DESTDIR support to Makefile (KS, GRR) - xv-3.10a-xvexecpath.patch (but disabled pending fixes) (KS) - xv-3.10a-zeroquit.patch (KS, GRR) [*] Note that all six of these formats may still suffer from exploitable heap overflows [*SECURITY*] when decoding images with large (possibly invalid) dimensions; as a result, they are DISABLED by default. (Search for "GRR POSSIBLE OVERFLOW / FIXME" comments in xvmag.c, xvmaki.c, xvpi.c, xvpic.c, xvpic2.c, and xvhips.c, but keep in mind that these may not be exhaustive.) Users who choose to overlook these security issues can enable any or all of them by editing config.h. not (yet?) included: - others from http://www.coara.or.jp/~sudakyo/XV_jp.html (some are duplicates): -rw-r--r-- 4644 Mar 11 2004 xv-3.10a-directory.patch -rw-r--r-- 462 Mar 11 2004 xv-3.10a-dirwkey.patch -rw-r--r-- 688 Mar 11 2004 xv-3.10a-docdir.patch -rw-r--r-- 11952 Mar 11 2004 xv-3.10a-download-test0.patch -rw-r--r-- 41786 Mar 11 2004 xv-3.10a-download-test1.patch -rw-r--r-- 42397 Mar 11 2004 xv-3.10a-download-test2.patch -rw-r--r-- 47679 Mar 11 2004 xv-3.10a-download-test3.patch -rw-r--r-- 52745 Mar 11 2004 xv-3.10a-download-test4.patch -rw-r--r-- 3423 Apr 24 2004 xv-3.10a-keyzoom.patch -rw-r--r-- 12387 Mar 15 2004 xv-3.10a-menubutton.patch -rw-r--r-- 1178 Apr 24 2004 xv-3.10a-noblink.patch -rw-r--r-- 57092 Jul 9 2004 xv-3.10a-resolution.patch -rw-r--r-- 4645 Apr 24 2004 xv-3.10a-selall.patch -rw-r--r-- 702 Apr 24 2004 xv-3.10a-showlongname.patch -rw-r--r-- 1205 Apr 24 2004 xv-3.10a-staytoppdir.patch -rw-r--r-- 4228 Apr 24 2004 xv-3.10a-wheelmouse.patch -rw-r--r-- 744 Apr 24 2004 xv-3.10a-xvbutt_wait.patch -rw-r--r-- 3757 Jul 9 2004 xv-3.10a-xvscrl_button2.patch -rw-r--r-- 1494 Jul 9 2004 xv-3.10a-xvscrl_wait.patch -rw-r--r-- 19352 Jul 9 2004 xv-3.10a-xvzoom.patch - xv-3.10a+jp-extension-rev5.3.3+FLmask.v2.1+png+misc.patch ["mask" support] - xv-psnewstyle.patch (TA) [coming later in 2005?] - xv-3.10a.patch.linux (PBJ) [maybe use vdcomp.c changes?] - xvxpm-anthony-thyssen.c (AT) ["slate grey" bug already gone?] - stuff in xv/unsupt: -rw-r--r-- 30527 Dec 22 1994 FITS.rite -rw-r--r-- 49152 Dec 22 1994 FITS.tar -rw-r--r-- 3753 Dec 22 1994 G3.patch1 -rw-r--r-- 24576 Dec 22 1994 G3.tar -rw-r--r-- 1098 Dec 22 1994 INFO.cgm -rw-r--r-- 1941 Dec 22 1994 README -rwxr-xr-x 1059 Dec 22 1994 getweather -rwxr-xr-x 2186 Dec 22 1994 getweather.ksh -rw-r--r-- 856 Dec 22 1994 twm.fix -rw-r--r-- 844 Dec 22 1994 vargs.c -rw-r--r-- 47626 Dec 22 1994 vis -rw-r--r-- 21097 Dec 22 1994 xscm not finished (and/or even started ;-) ): - fix xvpng.c not to use direct struct access - (better) fix for never-ending pile of SLOW popups when viewing TIFFs with unknown tags (or truncated/corrupted images) - fix for minor .Z inefficiency in xv.c ("FIXME") - fix for filename entry-field mouse/cursor bogosity (want at least positioning to work; preferably also select/cut/paste) - fix for spacebar-for-next-image getting stuck at first text file - fix for .ppm.gz "disk leak" [can't reproduce...already fixed?] (maybe occurs only if filesystem is already nearly full? bad .gz?) - transparency support for TIFF, XPM and TGA images - support for tiled background image (with transparent foreground image) - MNG/JNG support - SVG support ChangeLog --------- 20000220 original pair of jumbo patches, comprising perhaps 16 fix-patches and a dozen enhancement-patches; never publicly released 20040516 first public release, incorporating 25 fix-patches and 21 enhancement- patches 20040523 minor fix to xvctrl.c to support registered versions (GRR warnings-patch was slightly overzealous); switched to tarball packaging 20040531 fixed undefined CLK_TCK with gcc -ansi (enh/USE_TICKS option); made libjpeg, libtiff, libpng and zlib sections of makefile more consistent (enh) 20040606 added freshmeat link, build instructions, and changelog to jumbo README (this file) 20050213 increased max number of files from 4096 to 32768 (enh) 20050320-20050410 fixed two very long-standing YCbCr bugs in TIFF decoder (fix); provisionally fixed bug in TIFF decoder for contiguous tiled TIFFs with bottom-* orientation (fix/USE_TILED_TIFF_BOTLEFT_FIX option); fixed new gcc 3.3 warnings (fix); fixed incorrect 16/24-bit display of xwd dumps (fix); fixed multiple input-validation bugs (potential heap overflows) and mktemp() dependencies (*SECURITY* fixes: CAN-2004-1725, CAN-2004- 1726, CAN-2005-0665, CERT VU#622622, and others); added support for 16- and 32-bit BMPs using bitfields "compression" (enh); fixed probable byte- sex bug in 24-bit FixPix display code (enh/USE_24BIT_ENDIAN_FIX option); fixed numerical-keypad NumLock behavior and delete-key behavior in file- load/save window (enh); made schnauzer window and icons configurable (enh) 20050417 incorporated "Japanese extension" patches, revision 5.3.3 (enh); fixed additional *SECURITY* issues (format-string vulnerabilities, system() and mktemp() calls, etc., but NOT heap overflows in new decoders) both in existing code and in jp-extension additions (enh) 20050425 added support for -startgrab option (enh); added support for a "Never" button to file-overwrite popups (enh); added NetBSD and BSDI to list of mkstemp()-supporting systems (enh); improved line-drawing code to set the correct pixels for lines of all slopes (enh); added "Page n of m" to Info window for multipage images (enh); added support for multipage (animated) GIFs (enh); fixed -random support so randomized file list can be traversed normally in forward or backward direction (enh); added typecasts to stat() printfs for portability (enh); fixed erroneous use of "creation" time and forced unlink prior to overwrite in schnauzer thumbnail code (enh); added HIPS support (enh/HAVE_HIPS option) 20050501 extended multipage keyboard support (PgUp/PgDn) to all windows except control ("console") and directory (enh); fixed minor (non-security) format-string issue in xv.c (enh); shortened delay on popup error windows from 3 seconds to 1 second (enh); tweaked text-viewer localization support (TV_L10N) for Linux (enh); added keyboard short cuts for Color and Grayscale buttons in print dialog (enh); added support for separate "magic suffix" (xv_mgcsfx) config dir (enh); added PREFIX and DESTDIR support to Makefile (enh); fixed handling of zero-length files and other text-viewer failures (enh)