rpms/netpbm/F-9 .cvsignore, 1.37, 1.38 netpbm-10.22-security2.patch, 1.3, 1.4 netpbm-10.23-security.patch, 1.18, 1.19 netpbm.spec, 1.111, 1.112 sources, 1.41, 1.42
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Mon Aug 4 13:03:06 UTC 2008
Author: jnovy
Update of /cvs/extras/rpms/netpbm/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16632
Modified Files:
.cvsignore netpbm-10.22-security2.patch
netpbm-10.23-security.patch netpbm.spec sources
Log Message:
* Mon Aug 4 2008 Jindrich Novy <jnovy at redhat.com> 10.35.48-1
- update to 10.35.48
- fixes buffer overrun in pamperspective and pngtopnm output format
- fixes pbmtext, pamtotga, pamtouil and pnmtopclxl
- update .security2 patch so that it applies with fuzz==0
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/netpbm/F-9/.cvsignore,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- .cvsignore 9 Jun 2008 11:09:58 -0000 1.37
+++ .cvsignore 4 Aug 2008 13:02:36 -0000 1.38
@@ -1 +1 @@
-netpbm-10.35.45.tar.bz2
+netpbm-10.35.48.tar.bz2
netpbm-10.22-security2.patch:
Index: netpbm-10.22-security2.patch
===================================================================
RCS file: /cvs/extras/rpms/netpbm/F-9/netpbm-10.22-security2.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- netpbm-10.22-security2.patch 10 Jun 2005 09:16:43 -0000 1.3
+++ netpbm-10.22-security2.patch 4 Aug 2008 13:02:36 -0000 1.4
@@ -1,6 +1,7 @@
---- netpbm-10.28/converter/other/anytopnm.security2 2005-05-27 00:10:39.000000000 +0200
-+++ netpbm-10.28/converter/other/anytopnm 2005-06-10 09:42:48.609492080 +0200
-@@ -522,11 +522,7 @@ else
+diff -up netpbm-10.35.48/converter/other/anytopnm.security2 netpbm-10.35.48/converter/other/anytopnm
+--- netpbm-10.35.48/converter/other/anytopnm.security2 2008-08-03 22:07:04.000000000 +0200
++++ netpbm-10.35.48/converter/other/anytopnm 2008-08-04 07:11:46.000000000 +0200
+@@ -506,11 +506,7 @@ else
inputFile="-"
fi
@@ -11,9 +12,9 @@
-trap 'rm -rf $tempdir' 0
+tempdir=$(mktemp -d -t anytopnm.XXXXXXXXXX) || exit 1
- findAwk;
-
-@@ -549,9 +545,17 @@ if [ "$filetype" = "unknown" ]; then
+ # Take out all spaces
+ # Find the filename extension for last-ditch efforts later
+@@ -536,9 +532,17 @@ if [ "$filetype" = "unknown" ]; then
echo "$progname: unknown file type. " \
"'file' says mime type is '$mimeType', " 1>&2
echo "type description is '$typeDescription'" 1>&2
@@ -31,8 +32,97 @@
+fi
+
exit 0
---- netpbm-10.28/editor/ppmfade.security2 2005-03-16 22:10:39.000000000 +0100
-+++ netpbm-10.28/editor/ppmfade 2005-06-10 09:02:04.545046352 +0200
+diff -up netpbm-10.35.48/editor/pamstretch-gen.security2 netpbm-10.35.48/editor/pamstretch-gen
+--- netpbm-10.35.48/editor/pamstretch-gen.security2 2008-08-03 22:06:45.000000000 +0200
++++ netpbm-10.35.48/editor/pamstretch-gen 2008-08-04 07:11:46.000000000 +0200
+@@ -31,10 +31,7 @@ if [ "$1" = "" ]; then
+ exit 1
+ fi
+
+-tempdir="${TMPDIR-/tmp}/pamstretch-gen.$$"
+-mkdir $tempdir || { echo "Could not create temporary file. Exiting."; exit 1;}
+-chmod 700 $tempdir
+-tempfile=$tempdir/pnmig
++tempfile=$(mktemp /tmp/pnmig.XXXXXXXXXX) || exit 1
+
+ trap 'rm -rf $tempdir' 0 1 3 15
+
+diff -up netpbm-10.35.48/editor/pnmmargin.security2 netpbm-10.35.48/editor/pnmmargin
+--- netpbm-10.35.48/editor/pnmmargin.security2 2008-08-03 22:06:45.000000000 +0200
++++ netpbm-10.35.48/editor/pnmmargin 2008-08-04 07:11:46.000000000 +0200
+@@ -11,16 +11,11 @@
+ # documentation. This software is provided "as is" without express or
+ # implied warranty.
+
+-tempdir="${TMPDIR-/tmp}/pnmmargin.$$"
+-mkdir $tempdir || { echo "Could not create temporary file. Exiting."; exit 1;}
+-chmod 700 $tempdir
+-
+-trap 'rm -rf $tempdir' 0 1 3 15
+-
+-tmp1=$tempdir/pnmm1
+-tmp2=$tempdir/pnmm2
+-tmp3=$tempdir/pnmm3
+-tmp4=$tempdir/pnmm4
++tmpdir=$(mktemp -d -t ppmmargin.XXXXXXX) || exit 1
++tmp1="$tmpdir/tmp1"
++tmp2="$tmpdir/tmp2"
++tmp3="$tmpdir/tmp3"
++tmp4="$tmpdir/tmp4"
+
+ color="-gofigure"
+
+@@ -39,6 +34,9 @@ while true ; do
+ shift
+ if [ ! ${1-""} ] ; then
+ echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
++ if [ -d "$tmpdir" ]; then
++ rm -rf "$tmpdir"
++ fi
+ exit 1
+ fi
+ color="$1"
+@@ -46,6 +44,9 @@ while true ; do
+ ;;
+ -* )
+ echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
++ if [ -d "$tmpdir" ]; then
++ rm -rf "$tmpdir"
++ fi
+ exit 1
+ ;;
+ * )
+@@ -56,6 +57,9 @@ done
+
+ if [ ! ${1-""} ] ; then
+ echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
++ if [ -d "$tmpdir" ]; then
++ rm -rf "$tmpdir"
++ fi
+ exit 1
+ fi
+ size="$1"
+@@ -63,6 +67,9 @@ shift
+
+ if [ ${2-""} ] ; then
+ echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
++ if [ -d "$tmpdir" ]; then
++ rm -rf "$tmpdir"
++ fi
+ exit 1
+ fi
+
+@@ -86,3 +93,7 @@ pamflip -rotate90 $tmp2 > $tmp3
+ # Cat things together.
+ pnmcat -lr $tmp2 $tmp1 $tmp2 > $tmp4
+ pnmcat -tb $tmp3 $tmp4 $tmp3
++
++if [ -d "$tmpdir" ]; then
++ rm -rf "$tmpdir"
++fi
+diff -up netpbm-10.35.48/editor/ppmfade.security2 netpbm-10.35.48/editor/ppmfade
+--- netpbm-10.35.48/editor/ppmfade.security2 2008-08-03 22:06:45.000000000 +0200
++++ netpbm-10.35.48/editor/ppmfade 2008-08-04 07:11:46.000000000 +0200
@@ -14,6 +14,7 @@
#
#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
@@ -297,9 +387,10 @@
exit(0);
---- netpbm-10.28/editor/ppmquantall.security2 2005-03-17 00:44:03.000000000 +0100
-+++ netpbm-10.28/editor/ppmquantall 2005-06-10 09:02:04.547046048 +0200
-@@ -63,13 +63,8 @@ for i in ${files[@]}; do
+diff -up netpbm-10.35.48/editor/ppmquantall.security2 netpbm-10.35.48/editor/ppmquantall
+--- netpbm-10.35.48/editor/ppmquantall.security2 2008-08-03 22:06:45.000000000 +0200
++++ netpbm-10.35.48/editor/ppmquantall 2008-08-04 07:11:46.000000000 +0200
+@@ -70,13 +70,8 @@ for i in ${files[@]}; do
heights=(${heights[*]} `grep -v '^#' $i | sed '1d; s/.* //; 2q'`)
done
@@ -315,94 +406,9 @@
pnmcat -topbottom -jleft -white ${files[@]} | pnmquant $newcolors > $all
if [ $? != 0 ]; then
---- netpbm-10.28/editor/pnmmargin.security2 2003-12-31 05:01:26.000000000 +0100
-+++ netpbm-10.28/editor/pnmmargin 2005-06-10 09:02:04.549045744 +0200
-@@ -11,16 +11,11 @@
- # documentation. This software is provided "as is" without express or
- # implied warranty.
-
--tempdir="${TMPDIR-/tmp}/pnmmargin.$$"
--mkdir $tempdir || { echo "Could not create temporary file. Exiting."; exit 1;}
--chmod 700 $tempdir
--
--trap 'rm -rf $tempdir' 0 1 3 15
--
--tmp1=$tempdir/pnmm1
--tmp2=$tempdir/pnmm2
--tmp3=$tempdir/pnmm3
--tmp4=$tempdir/pnmm4
-+tmpdir=$(mktemp -d -t ppmmargin.XXXXXXX) || exit 1
-+tmp1="$tmpdir/tmp1"
-+tmp2="$tmpdir/tmp2"
-+tmp3="$tmpdir/tmp3"
-+tmp4="$tmpdir/tmp4"
-
- color="-gofigure"
-
-@@ -39,6 +34,9 @@ while true ; do
- shift
- if [ ! ${1-""} ] ; then
- echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
-+ if [ -d "$tmpdir" ]; then
-+ rm -rf "$tmpdir"
-+ fi
- exit 1
- fi
- color="$1"
-@@ -46,6 +44,9 @@ while true ; do
- ;;
- -* )
- echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
-+ if [ -d "$tmpdir" ]; then
-+ rm -rf "$tmpdir"
-+ fi
- exit 1
- ;;
- * )
-@@ -56,6 +57,9 @@ done
-
- if [ ! ${1-""} ] ; then
- echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
-+ if [ -d "$tmpdir" ]; then
-+ rm -rf "$tmpdir"
-+ fi
- exit 1
- fi
- size="$1"
-@@ -63,6 +67,9 @@ shift
-
- if [ ${2-""} ] ; then
- echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2
-+ if [ -d "$tmpdir" ]; then
-+ rm -rf "$tmpdir"
-+ fi
- exit 1
- fi
-
-@@ -86,3 +93,7 @@ pamflip -rotate90 $tmp2 > $tmp3
- # Cat things together.
- pnmcat -lr $tmp2 $tmp1 $tmp2 > $tmp4
- pnmcat -tb $tmp3 $tmp4 $tmp3
-+
-+if [ -d "$tmpdir" ]; then
-+ rm -rf "$tmpdir"
-+fi
---- netpbm-10.28/editor/pamstretch-gen.security2 2004-07-25 02:01:24.000000000 +0200
-+++ netpbm-10.28/editor/pamstretch-gen 2005-06-10 09:02:04.550045592 +0200
-@@ -31,10 +31,7 @@ if [ "$1" = "" ]; then
- exit 1
- fi
-
--tempdir="${TMPDIR-/tmp}/pamstretch-gen.$$"
--mkdir $tempdir || { echo "Could not create temporary file. Exiting."; exit 1;}
--chmod 700 $tempdir
--tempfile=$tempdir/pnmig
-+tempfile=$(mktemp /tmp/pnmig.XXXXXXXXXX) || exit 1
-
- trap 'rm -rf $tempdir' 0 1 3 15
-
---- netpbm-10.28/editor/ppmshadow.security2 2005-04-23 23:16:16.000000000 +0200
-+++ netpbm-10.28/editor/ppmshadow 2005-06-10 09:37:19.253561792 +0200
+diff -up netpbm-10.35.48/editor/ppmshadow.security2 netpbm-10.35.48/editor/ppmshadow
+--- netpbm-10.35.48/editor/ppmshadow.security2 2008-08-03 22:06:45.000000000 +0200
++++ netpbm-10.35.48/editor/ppmshadow 2008-08-04 07:11:46.000000000 +0200
@@ -72,9 +72,10 @@ sub makeConvolutionKernel($$) {
netpbm-10.23-security.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.18 -r 1.19 netpbm-10.23-security.patch
Index: netpbm-10.23-security.patch
===================================================================
RCS file: /cvs/extras/rpms/netpbm/F-9/netpbm-10.23-security.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- netpbm-10.23-security.patch 26 Nov 2007 13:47:53 -0000 1.18
+++ netpbm-10.23-security.patch 4 Aug 2008 13:02:36 -0000 1.19
@@ -1,515 +1,216 @@
---- netpbm-10.34/generator/pbmtext.c.security 2005-07-18 03:14:10.000000000 +0200
-+++ netpbm-10.34/generator/pbmtext.c 2006-06-22 12:45:18.000000000 +0200
-@@ -89,12 +89,14 @@
-
- for (i = 1; i < argc; i++) {
- if (i > 1) {
-+ overflow_add(totaltextsize, 1);
- totaltextsize += 1;
- text = realloc(text, totaltextsize);
- if (text == NULL)
- pm_error("out of memory allocating space for input text");
- strcat(text, " ");
- }
-+ overflow_add(totaltextsize, strlen(argv[i]));
- totaltextsize += strlen(argv[i]);
- text = realloc(text, totaltextsize);
- if (text == NULL)
-@@ -581,6 +583,7 @@
- struct text input_text;
-
- if (cmdline_text) {
-+ overflow_add(strlen(cmdline_text), 1);
- allocTextArray(&input_text, 1, strlen(cmdline_text));
- strcpy(input_text.textArray[0], cmdline_text);
- fix_control_chars(input_text.textArray[0], fn);
-@@ -603,7 +606,9 @@
- while (fgets(buf, sizeof(buf), stdin) != NULL) {
- fix_control_chars(buf, fn);
- if (lineCount >= maxlines) {
-+ overflow2(maxlines, 2);
- maxlines *= 2;
-+ overflow2(maxlines, sizeof(char *));
- text_array = (char**) realloc((char*) text_array,
- maxlines * sizeof(char*));
- if (text_array == NULL)
-@@ -689,6 +694,7 @@
- hmargin = fontP->maxwidth;
- } else {
- vmargin = fontP->maxheight;
-+ overflow2(2, fontP->maxwidth);
- hmargin = 2 * fontP->maxwidth;
- }
- }
-@@ -705,6 +711,12 @@
- } else
- formattedText = inputText;
-
-+ overflow2(2, vmargin);
-+ overflow2(formattedText.lineCount, fontP->maxheight);
-+ overflow2(formattedText.lineCount-1, cmdline.lspace);
-+ overflow_add(vmargin * 2, formattedText.lineCount * fontP->maxheight);
-+ overflow_add(vmargin * 2 + formattedText.lineCount * fontP->maxheight, (formattedText.lineCount-1) * cmdline.lspace);
-+
- rows = 2 * vmargin +
- formattedText.lineCount * fontP->maxheight +
- (formattedText.lineCount-1) * cmdline.lspace;
-@@ -712,6 +724,9 @@
- compute_image_width(formattedText, fontP, cmdline.space,
- &maxwidth, &maxleftb);
-
-+ overflow2(2, hmargin);
-+ overflow_add(2*hmargin, maxwidth);
-+
- cols = 2 * hmargin + maxwidth;
- bits = pbm_allocarray(cols, rows);
+diff -up netpbm-10.35.46/analyzer/pgmhist.c.security netpbm-10.35.46/analyzer/pgmhist.c
+--- netpbm-10.35.46/analyzer/pgmhist.c.security 2008-06-24 08:58:57.000000000 +0200
++++ netpbm-10.35.46/analyzer/pgmhist.c 2008-06-24 09:04:21.000000000 +0200
+@@ -45,6 +45,7 @@ main( argc, argv )
+ grayrow = pgm_allocrow( cols );
---- netpbm-10.34/generator/pgmkernel.c.security 2003-07-06 22:03:29.000000000 +0200
-+++ netpbm-10.34/generator/pgmkernel.c 2006-06-22 12:45:18.000000000 +0200
-@@ -68,7 +68,7 @@
- kycenter = (fysize - 1) / 2.0;
- ixsize = fxsize + 0.999;
- iysize = fysize + 0.999;
-- MALLOCARRAY(fkernel, ixsize * iysize);
-+ fkernel = (double *) malloc3 (ixsize, iysize, sizeof(double));
- for (i = 0; i < iysize; i++)
- for (j = 0; j < ixsize; j++) {
- fkernel[i*ixsize+j] = 1.0 / (1.0 + w * sqrt((double)
---- netpbm-10.34/generator/pgmcrater.c.security 2005-12-22 10:28:49.000000000 +0100
-+++ netpbm-10.34/generator/pgmcrater.c 2006-06-22 12:45:18.000000000 +0200
-@@ -131,7 +131,7 @@
- /* Acquire the elevation array and initialize it to mean
- surface elevation. */
+ /* Build histogram. */
++ overflow_add(maxval, 1);
+ MALLOCARRAY(hist, maxval + 1);
+ MALLOCARRAY(rcount, maxval + 1);
+ if ( hist == NULL || rcount == NULL )
+diff -up netpbm-10.35.46/analyzer/pgmtexture.c.security netpbm-10.35.46/analyzer/pgmtexture.c
+--- netpbm-10.35.46/analyzer/pgmtexture.c.security 2008-06-24 08:58:57.000000000 +0200
++++ netpbm-10.35.46/analyzer/pgmtexture.c 2008-06-24 09:04:21.000000000 +0200
+@@ -79,6 +79,9 @@ vector (int nl, int nh)
+ {
+ float *v;
-- MALLOCARRAY(aux, SCRX * SCRY);
-+ aux = (unsigned short *) malloc3(SCRX, SCRY, sizeof(short));
- if (aux == NULL)
- pm_error("out of memory allocating elevation array");
++ if(nh < nl)
++ pm_error("assert: h < l");
++ overflow_add(nh - nl, 1);
+ MALLOCARRAY(v, (unsigned) (nh - nl + 1));
+ if (v == NULL)
+ pm_error("Unable to allocate memory for a vector.");
+@@ -95,6 +98,9 @@ matrix (int nrl, int nrh, int ncl, int n
+ float **m;
---- netpbm-10.34/generator/pbmpage.c.security 2005-08-27 19:27:19.000000000 +0200
-+++ netpbm-10.34/generator/pbmpage.c 2006-06-22 12:45:18.000000000 +0200
-@@ -170,6 +170,9 @@
- /* We round the allocated row space up to a multiple of 8 so the ugly
- fast code below can work.
- */
-+
-+ overflow_add(bitmap.Width, 7);
-+
- pbmrow = pbm_allocrow(((bitmap.Width+7)/8)*8);
-
- bitmap_cursor = 0;
---- netpbm-10.34/generator/ppmrainbow.security 2003-01-04 01:40:56.000000000 +0100
-+++ netpbm-10.34/generator/ppmrainbow 2006-06-22 12:45:18.000000000 +0200
-@@ -11,7 +11,7 @@
- # set defaults
- $Twid = 600;
- $Thgt = 8;
--$tmpdir = $ENV{"TMPDIR"} || "/tmp";
-+$tmpdir = $ENV{"TMPDIR"} || ".tmp";
- $norepeat = $FALSE;
- $verbose = $FALSE;
+ /* allocate pointers to rows */
++ if(nrh < nrl)
++ pm_error("assert: h < l");
++ overflow_add(nrh - nrl, 1);
+ MALLOCARRAY(m, (unsigned) (nrh - nrl + 1));
+ if (m == NULL)
+ pm_error("Unable to allocate memory for a matrix.");
+@@ -102,6 +108,9 @@ matrix (int nrl, int nrh, int ncl, int n
+ m -= ncl;
---- netpbm-10.34/other/pnmcolormap.c.security 2005-12-21 05:35:06.000000000 +0100
-+++ netpbm-10.34/other/pnmcolormap.c 2006-06-22 12:45:18.000000000 +0200
-@@ -836,6 +836,7 @@
- pamP->width = intsqrt;
- else
- pamP->width = intsqrt + 1;
-+ overflow_add(intsqrt, 1);
- }
+ /* allocate rows and set pointers to them */
++ if(nch < ncl)
++ pm_error("assert: h < l");
++ overflow_add(nch - ncl, 1);
+ for (i = nrl; i <= nrh; i++)
{
- unsigned int const intQuotient = colormap.size / pamP->width;
---- netpbm-10.34/converter/pgm/psidtopgm.c.security 2005-08-27 20:38:40.000000000 +0200
-+++ netpbm-10.34/converter/pgm/psidtopgm.c 2006-06-22 12:45:18.000000000 +0200
-@@ -78,6 +78,7 @@
- pm_error("bits/sample (%d) is too large.", bitspersample);
-
- pgm_writepgminit(stdout, cols, rows, maxval, 0);
-+ overflow_add(cols, 7);
- grayrow = pgm_allocrow((cols + 7) / 8 * 8);
- for (row = 0; row < rows; ++row) {
- unsigned int col;
---- netpbm-10.34/converter/pgm/lispmtopgm.c.security 2005-10-07 09:03:29.000000000 +0200
-+++ netpbm-10.34/converter/pgm/lispmtopgm.c 2006-06-22 12:45:18.000000000 +0200
-@@ -58,6 +58,7 @@
- pm_error( "depth (%d bits) is too large", depth);
-
- pgm_writepgminit( stdout, cols, rows, (gray) maxval, 0 );
-+ overflow_add(cols, 7);
- grayrow = pgm_allocrow( ( cols + 7 ) / 8 * 8 );
-
- for ( row = 0; row < rows; ++row )
-@@ -102,7 +103,9 @@
-
- if ( *depthP == 0 )
- *depthP = 1; /* very old file */
--
-+
-+ overflow_add((int)colsP, 31);
-+
- *padrightP = ( ( *colsP + 31 ) / 32 ) * 32 - *colsP;
-
- if ( *colsP != (cols_32 - *padrightP) ) {
---- netpbm-10.34/converter/ppm/pjtoppm.c.security 2003-07-06 23:45:36.000000000 +0200
[...3278 lines suppressed...]
for ( cp=to_hdr->comments; *cp; cp++ )
@@ -1915,19 +1959,102 @@
size *= sizeof(char *);
to_hdr->comments = (CONST_DECL char **)malloc( size );
RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" );
---- netpbm-10.34/urt/README.security 2000-06-02 22:53:04.000000000 +0200
-+++ netpbm-10.34/urt/README 2006-06-22 12:45:18.000000000 +0200
-@@ -18,3 +18,8 @@
- defines stdout as a variable, so that wouldn't compile. So I changed
- it to NULL and added a line to rle_hdr_init to set that field to
- 'stdout' dynamically. 2000.06.02 BJH.
-+
-+Redid the code to check for maths overflows and other crawly horrors.
-+Removed pipe through and compress support (unsafe)
-+
-+Alan Cox <alan at redhat.com>
---- netpbm-10.34/urt/Runput.c.security 2005-10-16 23:36:29.000000000 +0200
-+++ netpbm-10.34/urt/Runput.c 2006-06-22 12:45:18.000000000 +0200
+diff -up netpbm-10.35.46/urt/rle.h.security netpbm-10.35.46/urt/rle.h
+--- netpbm-10.35.46/urt/rle.h.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle.h 2008-06-24 09:04:21.000000000 +0200
+@@ -14,6 +14,9 @@
+ * If you modify this software, you should include a notice giving the
+ * name of the person performing the modification, the date of modification,
+ * and the reason for such modification.
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
++ * Header declarations needed
+ */
+ /*
+ * rle.h - Global declarations for Utah Raster Toolkit RLE programs.
+@@ -166,6 +169,17 @@ rle_hdr /* End of typedef. *
+ */
+ extern rle_hdr rle_dflt_hdr;
+
++/*
++ * Provided by pm library
++ */
++
++extern void overflow_add(int, int);
++#define overflow2(a,b) __overflow2(a,b)
++extern void __overflow2(int, int);
++extern void overflow3(int, int, int);
++extern void *malloc2(int, int);
++extern void *malloc3(int, int, int);
++extern void *realloc2(void *, int, int);
+
+ /* Declare RLE library routines. */
+
+diff -up netpbm-10.35.46/urt/rle_open_f.c.security netpbm-10.35.46/urt/rle_open_f.c
+--- netpbm-10.35.46/urt/rle_open_f.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle_open_f.c 2008-06-24 09:04:21.000000000 +0200
+@@ -6,6 +6,9 @@
+ * University of Michigan
+ * Date: 11/14/89
+ * Copyright (c) 1990, University of Michigan
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
++ * Killed of crazy unsafe pipe/compress stuff
+ */
+
+ #define _XOPEN_SOURCE /* Make sure fdopen() is in stdio.h */
+@@ -188,7 +191,7 @@ rle_open_f_noexit(const char * const pro
+
+ cp = file_name + strlen( (char*) file_name ) - 2;
+ /* Pipe case. */
+- if ( *file_name == '|' )
++ if ( *file_name == '|' && 0 /* BOLLOCKS ARE WE DOING THIS ANY MORE */)
+ {
+ int thepid; /* PID from my_popen */
+ if ( (fp = my_popen( file_name + 1, mode, &thepid )) == NULL )
+@@ -203,9 +206,10 @@ rle_open_f_noexit(const char * const pro
+ }
+
+ /* Compress case. */
+- else if ( cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
++ else if ( /* SMOKING SOMETHING */ 0 && cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
+ {
+ int thepid; /* PID from my_popen. */
++ overflow_add(20, strlen(file_name));
+ combuf = (char *)malloc( 20 + strlen( file_name ) );
+ if ( combuf == NULL )
+ {
+diff -up netpbm-10.35.46/urt/rle_putcom.c.security netpbm-10.35.46/urt/rle_putcom.c
+--- netpbm-10.35.46/urt/rle_putcom.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle_putcom.c 2008-06-24 09:04:21.000000000 +0200
+@@ -14,6 +14,8 @@
+ * If you modify this software, you should include a notice giving the
+ * name of the person performing the modification, the date of modification,
+ * and the reason for such modification.
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
+ */
+ /*
+ * rle_putcom.c - Add a picture comment to the header struct.
+@@ -98,12 +100,14 @@ rle_putcom(const char * const value,
+ const char * v;
+ const char ** old_comments;
+ int i;
+- for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp)
++ for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp) {
++ overflow_add(i, 1);
+ if (match(value, *cp) != NULL) {
+ v = *cp;
+ *cp = value;
+ return v;
+ }
++ }
+ /* Not found */
+ /* Can't realloc because somebody else might be pointing to this
+ * comments block. Of course, if this were true, then the
+diff -up netpbm-10.35.46/urt/Runput.c.security netpbm-10.35.46/urt/Runput.c
+--- netpbm-10.35.46/urt/Runput.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/Runput.c 2008-06-24 09:04:21.000000000 +0200
@@ -17,6 +17,8 @@
*
* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
@@ -1937,7 +2064,7 @@
*/
/*
* Runput.c - General purpose Run Length Encoding.
-@@ -202,9 +204,11 @@
+@@ -202,9 +204,11 @@ RunSetup(rle_hdr * the_hdr)
if ( the_hdr->background != 0 )
{
register int i;
@@ -1951,7 +2078,7 @@
/*
* If even number of bg color bytes, put out one more to get to
* 16 bit boundary.
-@@ -224,7 +228,7 @@
+@@ -224,7 +228,7 @@ RunSetup(rle_hdr * the_hdr)
/* Big-endian machines are harder */
register int i, nmap = (1 << the_hdr->cmaplen) *
the_hdr->ncmap;
@@ -1960,49 +2087,26 @@
if ( h_cmap == NULL )
{
fprintf( stderr,
---- netpbm-10.34/urt/rle_getrow.c.security 2005-10-16 23:47:53.000000000 +0200
-+++ netpbm-10.34/urt/rle_getrow.c 2006-06-22 12:45:18.000000000 +0200
-@@ -17,6 +17,8 @@
+diff -up netpbm-10.35.46/urt/scanargs.c.security netpbm-10.35.46/urt/scanargs.c
+--- netpbm-10.35.46/urt/scanargs.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/scanargs.c 2008-06-24 09:04:21.000000000 +0200
+@@ -38,6 +38,8 @@
*
* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
* to have all "void" functions so declared.
+ *
+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
*/
- /*
- * rle_getrow.c - Read an RLE file in.
-@@ -168,6 +170,7 @@
- register char * cp;
- VAXSHORT( comlen, infile ); /* get comment length */
-+ overflow_add(comlen, 1);
- evenlen = (comlen + 1) & ~1; /* make it even */
- if ( evenlen )
- {
---- netpbm-10.34/urt/rle_putcom.c.security 2005-10-07 18:01:42.000000000 +0200
-+++ netpbm-10.34/urt/rle_putcom.c 2006-06-22 12:45:18.000000000 +0200
-@@ -14,6 +14,8 @@
- * If you modify this software, you should include a notice giving the
- * name of the person performing the modification, the date of modification,
- * and the reason for such modification.
-+ *
-+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
- */
+ #include "rle.h"
+@@ -65,8 +67,8 @@ typedef int *ptr;
/*
- * rle_putcom.c - Add a picture comment to the header struct.
-@@ -98,12 +100,14 @@
- const char * v;
- const char ** old_comments;
- int i;
-- for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp)
-+ for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp) {
-+ overflow_add(i, 1);
- if (match(value, *cp) != NULL) {
- v = *cp;
- *cp = value;
- return v;
- }
-+ }
- /* Not found */
- /* Can't realloc because somebody else might be pointing to this
- * comments block. Of course, if this were true, then the
+ * Storage allocation macros
+ */
+-#define NEW( type, cnt ) (type *) malloc( (cnt) * sizeof( type ) )
+-#define RENEW( type, ptr, cnt ) (type *) realloc( ptr, (cnt) * sizeof( type ) )
++#define NEW( type, cnt ) (type *) malloc2( (cnt) , sizeof( type ) )
++#define RENEW( type, ptr, cnt ) (type *) realloc2( ptr, (cnt), sizeof( type ) )
+
+ #if defined(c_plusplus) && !defined(USE_PROTOTYPES)
+ #define USE_PROTOTYPES
Index: netpbm.spec
===================================================================
RCS file: /cvs/extras/rpms/netpbm/F-9/netpbm.spec,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- netpbm.spec 9 Jun 2008 11:09:58 -0000 1.111
+++ netpbm.spec 4 Aug 2008 13:02:36 -0000 1.112
@@ -1,6 +1,6 @@
Summary: A library for handling different graphics file formats
Name: netpbm
-Version: 10.35.45
+Version: 10.35.48
Release: 1%{?dist}
License: Assorted licenses, see %{_docdir}/%{name}-%{version}/copyright_summary
Group: System Environment/Libraries
@@ -214,6 +214,12 @@
%{_datadir}/netpbm/
%changelog
+* Mon Aug 4 2008 Jindrich Novy <jnovy at redhat.com> 10.35.48-1
+- update to 10.35.48
+- fixes buffer overrun in pamperspective and pngtopnm output format
+- fixes pbmtext, pamtotga, pamtouil and pnmtopclxl
+- update .security2 patch so that it applies with fuzz==0
+
* Mon Jun 9 2008 Jindrich Novy <jnovy at redhat.com> 10.35.45-1
- update to 10.35.45
- fixes anytopnm, pamtohtmltbl, xvminitoppm, pbmtogo, tgatoppm,
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/netpbm/F-9/sources,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- sources 9 Jun 2008 11:09:58 -0000 1.41
+++ sources 4 Aug 2008 13:02:36 -0000 1.42
@@ -1 +1 @@
-e4f3a911b8e4e90196aefe5209523cda netpbm-10.35.45.tar.bz2
+c49e34643a1d353e74877d4abe5fdb63 netpbm-10.35.48.tar.bz2
More information about the fedora-extras-commits
mailing list