Commits · fd524633c472db23e6a4111a81ba343d554abe26 · derf / feh

Aug 21, 2017
- Release v2.19.3 · fd524633
  Birte Kristina Friesel authored Aug 21, 2017
  
  2.19.3
  
  fd524633
Aug 19, 2017
- Make feh abort immediately if an index image could not be created (#306) · be4c0b01
  Birte Kristina Friesel authored Aug 19, 2017
  
  be4c0b01
- Save --geometry flags in .fehbg if specified (closes #313) · 9ffb418a
  Birte Kristina Friesel authored Aug 19, 2017
  
  9ffb418a
Aug 12, 2017
- Release v2.19.2 · 19655b45
  Birte Kristina Friesel authored Aug 12, 2017
  
  2.19.2
  
  19655b45
Aug 10, 2017
- Fix segfault in feh_event_handle_keypress for certain key inputs · b7cf37bc
  Birte Kristina Friesel authored Aug 10, 2017
```
Turns out that it is undefined behaviour to pass a value to isctype functions
which does not fit inside a char. Closes #312
```
  b7cf37bc
Aug 05, 2017
- Show ImageMagick output on the terminal unless --quiet is specified · 0c5ed692
  Birte Kristina Friesel authored Aug 05, 2017
```
(cf #309)
```
  0c5ed692
Jul 25, 2017
- Release v2.19.1 · 42ef8d98
  Birte Kristina Friesel authored Jul 25, 2017
  
  2.19.1
  
  42ef8d98
Jun 21, 2017
- changelog · 40649b76
  Birte Kristina Friesel authored Jun 21, 2017
  
  40649b76
Jun 20, 2017
- Make key names in KEYS section more consistent with X11 keysyms (#304) · 964171b8
  Birte Kristina Friesel authored Jun 20, 2017
  
  964171b8
Jun 19, 2017
- Fix Shift modifier not being recognized for tab, space and similar keys · 428c7eed
  Birte Kristina Friesel authored Jun 19, 2017
```
Closes #303
```
  428c7eed
Jun 18, 2017
- Use X11-style key names in the feh(1) KEYS section · 5888d94b
  Birte Kristina Friesel authored Jun 18, 2017
```
closes #302
```
  5888d94b
Jun 06, 2017
- release v2.19 · 117d64d6
  Birte Kristina Friesel authored Jun 06, 2017
  
  2.19
  
  117d64d6
- install feh icons with the correct permissions (644) (closes #301) · 3c6c943c
  Birte Kristina Friesel authored Jun 06, 2017
  
  3c6c943c
Jun 01, 2017
- feh(1): files are saved in the current working directory (closes #300) · 9b027e6c
  Birte Kristina Friesel authored Jun 01, 2017
  
  9b027e6c
Apr 16, 2017
- feh(1): Note that --fullscreen and --scale-down do not affect thumbnail lists · 03d816e3
  Birte Kristina Friesel authored Apr 16, 2017
```
closes #270
```
  03d816e3
- Merge branch 'Ferada-xdg-thumbnails' · b79cb3cf
  Birte Kristina Friesel authored Apr 16, 2017
  
  b79cb3cf
- Thumbnail generation: Handle HOME-less users (and some other edge cases) · a22f1452
  Birte Kristina Friesel authored Apr 16, 2017
  
  a22f1452
Apr 06, 2017
- Fix indentation. · cc6d820e
  Olof-Joachim Frahm authored Apr 06, 2017
  
  cc6d820e
Apr 05, 2017
- Use temporary file to create thumbnail. · 848c5f8a
  Olof-Joachim Frahm authored Apr 05, 2017
  
  848c5f8a
- `sizeof(char)` is defined to be 1. · c42d5542
  Olof-Joachim Frahm authored Apr 05, 2017
  
  c42d5542
- Use XDG_CACHE_HOME for thumbnails. · c41e7244
  Olof-Joachim Frahm authored Apr 05, 2017
  
  c41e7244
Apr 04, 2017
- version bump · 1535aed1
  Birte Kristina Friesel authored Apr 04, 2017
  
  2.18.3
  
  1535aed1
Apr 03, 2017
- changelog · e507ef3e
  Birte Kristina Friesel authored Apr 03, 2017
  
  e507ef3e
Apr 02, 2017

replace _emalloc with emalloc (is the same unless DMALLOC is used) · 03a64923
Birte Kristina Friesel authored Apr 02, 2017

03a64923
Merge pull request #290 from stoeckmann/emalloc · 3b23637b
derf authored Apr 02, 2017
```
Check malloc return value for NULL.
```
3b23637b
Merge pull request #289 from stoeckmann/memory-leak · d10e9221
derf authored Apr 02, 2017
```
Fixed memory leak on file name collision.
```
d10e9221
Merge pull request #288 from stoeckmann/strncpy · b6bc4ef7
derf authored Apr 02, 2017
```
Always terminate strncpy results with '\0'.
```
b6bc4ef7
Merge pull request #287 from stoeckmann/empty-file · 78a840ed
derf authored Apr 02, 2017
```
Avoid out of boundary read on empty/broken file.
```
78a840ed

Check malloc return value for NULL. · b95c1ea6

Tobias Stoeckmann authored Apr 02, 2017



If malloc cannot allocate enough memory, it could return NULL. This is
not necessarily true for default Linux settings, but can be provoked
there as well by adjusting proc entries. Other systems like the *BSD
ones definitely do this.

The function _emalloc exists for exactly this purpose, so use it instead
of calling malloc directly.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

b95c1ea6

Fixed memory leak on file name collision. · 08dbe8e2

Tobias Stoeckmann authored Apr 02, 2017

If feh_unique_filename encounters a file that already exists, the memory
for the temporary filename is not released. As this happens in /tmp at
some code places, an attacker could use this to spray the memory of feh,
or simply triggering an out of memory condition.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

08dbe8e2

Avoid out of boundary read on empty/broken file. · bdee6af0

Tobias Stoeckmann authored Apr 02, 2017

If ereadfile encounters an empty file or the file could not be read, an
out ouf boundary read (and possible write) occurs. Always check the
return value of fread to be > 0 before processing the result buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

bdee6af0

Always terminate strncpy results with '\0'. · 575b9345

Tobias Stoeckmann authored Apr 02, 2017



The strncpy function does not guarantee to end the resulting character
sequence with a terminating nul character if not enough space is
available. This could be triggered by supplying a sufficiently long
output_file option.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

575b9345

Apr 01, 2017
- changelog · 1e042038
  Birte Kristina Friesel authored Apr 01, 2017
  
  1e042038
Mar 28, 2017
- Merge pull request #286 from stoeckmann/ipc · a5e60401
  derf authored Mar 29, 2017
```
Fix double-free/OOB-write while receiving IPC data
```
  a5e60401
Mar 23, 2017

Fix double-free/OOB-write while receiving IPC data · f7a547b7

Tobias Stoeckmann authored Mar 23, 2017

If a malicious client pretends to be the E17 window manager, it is
possible to trigger an out of boundary heap write while receiving an
IPC message.

The length of the already received message is stored in an unsigned
short, which overflows after receiving 64 KB of data. It's comparably
small amount of data and therefore achievable for an attacker.

When len overflows, realloc() will either be called with a small value
and therefore chars will be appended out of bounds, or len + 1 will be
exactly 0, in which case realloc() behaves like free(). This could be
abused for a later double-free attack as it's even possible to overwrite
the free information -- but this depends on the malloc implementation.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

f7a547b7

Feb 26, 2017
- Also update window title for thumbnail windows (closes #280) · a0072d60
  Birte Kristina Friesel authored Feb 26, 2017
  
  a0072d60
Feb 23, 2017
- Fix memory leak when closing images opened from thumbnail mode · f05ba61a
  Birte Kristina Friesel authored Feb 23, 2017
  
  f05ba61a
Feb 16, 2017
- I made a derp · f27be5de
  Birte Kristina Friesel authored Feb 16, 2017
  
  2.18.2
  
  f27be5de
Jan 22, 2017
- release v2.18.1 · 43cb0db3
  Birte Kristina Friesel authored Jan 22, 2017
  
  2.18.1
  
  43cb0db3
Jan 15, 2017
- feh(1): Update giflib notes · cc402464
  Birte Kristina Friesel authored Jan 15, 2017
  
  cc402464