rpms/netpbm/devel .cvsignore, 1.39, 1.40 netpbm-10.23-security.patch, 1.18, 1.19 netpbm.spec, 1.113, 1.114 sources, 1.43, 1.44
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Tue Jun 24 09:39:12 UTC 2008
Author: jnovy
Update of /cvs/extras/rpms/netpbm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4039
Modified Files:
.cvsignore netpbm-10.23-security.patch netpbm.spec sources
Log Message:
* Tue Jun 24 2008 Jindrich Novy <jnovy at rehdat.com> 10.35.46-1
- update to 10.35.46
- fixes pbmtext, pamtotga, pamtouil and pnmtopclxl
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/netpbm/devel/.cvsignore,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- .cvsignore 9 Jun 2008 07:04:18 -0000 1.39
+++ .cvsignore 24 Jun 2008 09:38:25 -0000 1.40
@@ -1 +1 @@
-netpbm-10.35.45.tar.bz2
+netpbm-10.35.46.tar.bz2
netpbm-10.23-security.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.18 -r 1.19 netpbm-10.23-security.patch
Index: netpbm-10.23-security.patch
===================================================================
RCS file: /cvs/extras/rpms/netpbm/devel/netpbm-10.23-security.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- netpbm-10.23-security.patch 26 Nov 2007 13:47:53 -0000 1.18
+++ netpbm-10.23-security.patch 24 Jun 2008 09:38:25 -0000 1.19
@@ -1,515 +1,216 @@
---- netpbm-10.34/generator/pbmtext.c.security 2005-07-18 03:14:10.000000000 +0200
-+++ netpbm-10.34/generator/pbmtext.c 2006-06-22 12:45:18.000000000 +0200
-@@ -89,12 +89,14 @@
-
- for (i = 1; i < argc; i++) {
- if (i > 1) {
-+ overflow_add(totaltextsize, 1);
- totaltextsize += 1;
- text = realloc(text, totaltextsize);
- if (text == NULL)
- pm_error("out of memory allocating space for input text");
- strcat(text, " ");
- }
-+ overflow_add(totaltextsize, strlen(argv[i]));
- totaltextsize += strlen(argv[i]);
- text = realloc(text, totaltextsize);
- if (text == NULL)
-@@ -581,6 +583,7 @@
- struct text input_text;
-
- if (cmdline_text) {
-+ overflow_add(strlen(cmdline_text), 1);
- allocTextArray(&input_text, 1, strlen(cmdline_text));
- strcpy(input_text.textArray[0], cmdline_text);
- fix_control_chars(input_text.textArray[0], fn);
-@@ -603,7 +606,9 @@
- while (fgets(buf, sizeof(buf), stdin) != NULL) {
- fix_control_chars(buf, fn);
- if (lineCount >= maxlines) {
-+ overflow2(maxlines, 2);
- maxlines *= 2;
-+ overflow2(maxlines, sizeof(char *));
- text_array = (char**) realloc((char*) text_array,
- maxlines * sizeof(char*));
- if (text_array == NULL)
-@@ -689,6 +694,7 @@
- hmargin = fontP->maxwidth;
- } else {
- vmargin = fontP->maxheight;
-+ overflow2(2, fontP->maxwidth);
- hmargin = 2 * fontP->maxwidth;
- }
- }
-@@ -705,6 +711,12 @@
- } else
- formattedText = inputText;
-
-+ overflow2(2, vmargin);
-+ overflow2(formattedText.lineCount, fontP->maxheight);
-+ overflow2(formattedText.lineCount-1, cmdline.lspace);
-+ overflow_add(vmargin * 2, formattedText.lineCount * fontP->maxheight);
-+ overflow_add(vmargin * 2 + formattedText.lineCount * fontP->maxheight, (formattedText.lineCount-1) * cmdline.lspace);
-+
- rows = 2 * vmargin +
- formattedText.lineCount * fontP->maxheight +
- (formattedText.lineCount-1) * cmdline.lspace;
-@@ -712,6 +724,9 @@
- compute_image_width(formattedText, fontP, cmdline.space,
- &maxwidth, &maxleftb);
-
-+ overflow2(2, hmargin);
-+ overflow_add(2*hmargin, maxwidth);
-+
- cols = 2 * hmargin + maxwidth;
- bits = pbm_allocarray(cols, rows);
+diff -up netpbm-10.35.46/analyzer/pgmhist.c.security netpbm-10.35.46/analyzer/pgmhist.c
+--- netpbm-10.35.46/analyzer/pgmhist.c.security 2008-06-24 08:58:57.000000000 +0200
++++ netpbm-10.35.46/analyzer/pgmhist.c 2008-06-24 09:04:21.000000000 +0200
+@@ -45,6 +45,7 @@ main( argc, argv )
+ grayrow = pgm_allocrow( cols );
---- netpbm-10.34/generator/pgmkernel.c.security 2003-07-06 22:03:29.000000000 +0200
-+++ netpbm-10.34/generator/pgmkernel.c 2006-06-22 12:45:18.000000000 +0200
-@@ -68,7 +68,7 @@
- kycenter = (fysize - 1) / 2.0;
- ixsize = fxsize + 0.999;
- iysize = fysize + 0.999;
-- MALLOCARRAY(fkernel, ixsize * iysize);
-+ fkernel = (double *) malloc3 (ixsize, iysize, sizeof(double));
- for (i = 0; i < iysize; i++)
- for (j = 0; j < ixsize; j++) {
- fkernel[i*ixsize+j] = 1.0 / (1.0 + w * sqrt((double)
---- netpbm-10.34/generator/pgmcrater.c.security 2005-12-22 10:28:49.000000000 +0100
-+++ netpbm-10.34/generator/pgmcrater.c 2006-06-22 12:45:18.000000000 +0200
-@@ -131,7 +131,7 @@
- /* Acquire the elevation array and initialize it to mean
- surface elevation. */
+ /* Build histogram. */
++ overflow_add(maxval, 1);
+ MALLOCARRAY(hist, maxval + 1);
+ MALLOCARRAY(rcount, maxval + 1);
+ if ( hist == NULL || rcount == NULL )
+diff -up netpbm-10.35.46/analyzer/pgmtexture.c.security netpbm-10.35.46/analyzer/pgmtexture.c
+--- netpbm-10.35.46/analyzer/pgmtexture.c.security 2008-06-24 08:58:57.000000000 +0200
++++ netpbm-10.35.46/analyzer/pgmtexture.c 2008-06-24 09:04:21.000000000 +0200
+@@ -79,6 +79,9 @@ vector (int nl, int nh)
+ {
+ float *v;
-- MALLOCARRAY(aux, SCRX * SCRY);
-+ aux = (unsigned short *) malloc3(SCRX, SCRY, sizeof(short));
- if (aux == NULL)
- pm_error("out of memory allocating elevation array");
++ if(nh < nl)
++ pm_error("assert: h < l");
++ overflow_add(nh - nl, 1);
+ MALLOCARRAY(v, (unsigned) (nh - nl + 1));
+ if (v == NULL)
+ pm_error("Unable to allocate memory for a vector.");
+@@ -95,6 +98,9 @@ matrix (int nrl, int nrh, int ncl, int n
+ float **m;
---- netpbm-10.34/generator/pbmpage.c.security 2005-08-27 19:27:19.000000000 +0200
-+++ netpbm-10.34/generator/pbmpage.c 2006-06-22 12:45:18.000000000 +0200
-@@ -170,6 +170,9 @@
- /* We round the allocated row space up to a multiple of 8 so the ugly
- fast code below can work.
- */
-+
-+ overflow_add(bitmap.Width, 7);
-+
- pbmrow = pbm_allocrow(((bitmap.Width+7)/8)*8);
-
- bitmap_cursor = 0;
---- netpbm-10.34/generator/ppmrainbow.security 2003-01-04 01:40:56.000000000 +0100
-+++ netpbm-10.34/generator/ppmrainbow 2006-06-22 12:45:18.000000000 +0200
-@@ -11,7 +11,7 @@
- # set defaults
- $Twid = 600;
- $Thgt = 8;
--$tmpdir = $ENV{"TMPDIR"} || "/tmp";
-+$tmpdir = $ENV{"TMPDIR"} || ".tmp";
- $norepeat = $FALSE;
- $verbose = $FALSE;
+ /* allocate pointers to rows */
++ if(nrh < nrl)
++ pm_error("assert: h < l");
++ overflow_add(nrh - nrl, 1);
+ MALLOCARRAY(m, (unsigned) (nrh - nrl + 1));
+ if (m == NULL)
+ pm_error("Unable to allocate memory for a matrix.");
+@@ -102,6 +108,9 @@ matrix (int nrl, int nrh, int ncl, int n
+ m -= ncl;
---- netpbm-10.34/other/pnmcolormap.c.security 2005-12-21 05:35:06.000000000 +0100
-+++ netpbm-10.34/other/pnmcolormap.c 2006-06-22 12:45:18.000000000 +0200
-@@ -836,6 +836,7 @@
- pamP->width = intsqrt;
- else
- pamP->width = intsqrt + 1;
-+ overflow_add(intsqrt, 1);
- }
+ /* allocate rows and set pointers to them */
++ if(nch < ncl)
++ pm_error("assert: h < l");
++ overflow_add(nch - ncl, 1);
+ for (i = nrl; i <= nrh; i++)
{
- unsigned int const intQuotient = colormap.size / pamP->width;
---- netpbm-10.34/converter/pgm/psidtopgm.c.security 2005-08-27 20:38:40.000000000 +0200
-+++ netpbm-10.34/converter/pgm/psidtopgm.c 2006-06-22 12:45:18.000000000 +0200
-@@ -78,6 +78,7 @@
- pm_error("bits/sample (%d) is too large.", bitspersample);
-
- pgm_writepgminit(stdout, cols, rows, maxval, 0);
-+ overflow_add(cols, 7);
- grayrow = pgm_allocrow((cols + 7) / 8 * 8);
- for (row = 0; row < rows; ++row) {
- unsigned int col;
---- netpbm-10.34/converter/pgm/lispmtopgm.c.security 2005-10-07 09:03:29.000000000 +0200
-+++ netpbm-10.34/converter/pgm/lispmtopgm.c 2006-06-22 12:45:18.000000000 +0200
-@@ -58,6 +58,7 @@
- pm_error( "depth (%d bits) is too large", depth);
-
- pgm_writepgminit( stdout, cols, rows, (gray) maxval, 0 );
-+ overflow_add(cols, 7);
- grayrow = pgm_allocrow( ( cols + 7 ) / 8 * 8 );
-
- for ( row = 0; row < rows; ++row )
-@@ -102,7 +103,9 @@
-
- if ( *depthP == 0 )
- *depthP = 1; /* very old file */
--
-+
-+ overflow_add((int)colsP, 31);
-+
- *padrightP = ( ( *colsP + 31 ) / 32 ) * 32 - *colsP;
-
- if ( *colsP != (cols_32 - *padrightP) ) {
---- netpbm-10.34/converter/ppm/pjtoppm.c.security 2003-07-06 23:45:36.000000000 +0200
[...3278 lines suppressed...]
for ( cp=to_hdr->comments; *cp; cp++ )
@@ -1915,19 +1959,102 @@
size *= sizeof(char *);
to_hdr->comments = (CONST_DECL char **)malloc( size );
RLE_CHECK_ALLOC( to_hdr->cmd, to_hdr->comments, "comments" );
---- netpbm-10.34/urt/README.security 2000-06-02 22:53:04.000000000 +0200
-+++ netpbm-10.34/urt/README 2006-06-22 12:45:18.000000000 +0200
-@@ -18,3 +18,8 @@
- defines stdout as a variable, so that wouldn't compile. So I changed
- it to NULL and added a line to rle_hdr_init to set that field to
- 'stdout' dynamically. 2000.06.02 BJH.
-+
-+Redid the code to check for maths overflows and other crawly horrors.
-+Removed pipe through and compress support (unsafe)
-+
-+Alan Cox <alan at redhat.com>
---- netpbm-10.34/urt/Runput.c.security 2005-10-16 23:36:29.000000000 +0200
-+++ netpbm-10.34/urt/Runput.c 2006-06-22 12:45:18.000000000 +0200
+diff -up netpbm-10.35.46/urt/rle.h.security netpbm-10.35.46/urt/rle.h
+--- netpbm-10.35.46/urt/rle.h.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle.h 2008-06-24 09:04:21.000000000 +0200
+@@ -14,6 +14,9 @@
+ * If you modify this software, you should include a notice giving the
+ * name of the person performing the modification, the date of modification,
+ * and the reason for such modification.
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
++ * Header declarations needed
+ */
+ /*
+ * rle.h - Global declarations for Utah Raster Toolkit RLE programs.
+@@ -166,6 +169,17 @@ rle_hdr /* End of typedef. *
+ */
+ extern rle_hdr rle_dflt_hdr;
+
++/*
++ * Provided by pm library
++ */
++
++extern void overflow_add(int, int);
++#define overflow2(a,b) __overflow2(a,b)
++extern void __overflow2(int, int);
++extern void overflow3(int, int, int);
++extern void *malloc2(int, int);
++extern void *malloc3(int, int, int);
++extern void *realloc2(void *, int, int);
+
+ /* Declare RLE library routines. */
+
+diff -up netpbm-10.35.46/urt/rle_open_f.c.security netpbm-10.35.46/urt/rle_open_f.c
+--- netpbm-10.35.46/urt/rle_open_f.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle_open_f.c 2008-06-24 09:04:21.000000000 +0200
+@@ -6,6 +6,9 @@
+ * University of Michigan
+ * Date: 11/14/89
+ * Copyright (c) 1990, University of Michigan
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
++ * Killed of crazy unsafe pipe/compress stuff
+ */
+
+ #define _XOPEN_SOURCE /* Make sure fdopen() is in stdio.h */
+@@ -188,7 +191,7 @@ rle_open_f_noexit(const char * const pro
+
+ cp = file_name + strlen( (char*) file_name ) - 2;
+ /* Pipe case. */
+- if ( *file_name == '|' )
++ if ( *file_name == '|' && 0 /* BOLLOCKS ARE WE DOING THIS ANY MORE */)
+ {
+ int thepid; /* PID from my_popen */
+ if ( (fp = my_popen( file_name + 1, mode, &thepid )) == NULL )
+@@ -203,9 +206,10 @@ rle_open_f_noexit(const char * const pro
+ }
+
+ /* Compress case. */
+- else if ( cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
++ else if ( /* SMOKING SOMETHING */ 0 && cp > file_name && *cp == '.' && *(cp + 1) == 'Z' )
+ {
+ int thepid; /* PID from my_popen. */
++ overflow_add(20, strlen(file_name));
+ combuf = (char *)malloc( 20 + strlen( file_name ) );
+ if ( combuf == NULL )
+ {
+diff -up netpbm-10.35.46/urt/rle_putcom.c.security netpbm-10.35.46/urt/rle_putcom.c
+--- netpbm-10.35.46/urt/rle_putcom.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/rle_putcom.c 2008-06-24 09:04:21.000000000 +0200
+@@ -14,6 +14,8 @@
+ * If you modify this software, you should include a notice giving the
+ * name of the person performing the modification, the date of modification,
+ * and the reason for such modification.
++ *
++ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
+ */
+ /*
+ * rle_putcom.c - Add a picture comment to the header struct.
+@@ -98,12 +100,14 @@ rle_putcom(const char * const value,
+ const char * v;
+ const char ** old_comments;
+ int i;
+- for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp)
++ for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp) {
++ overflow_add(i, 1);
+ if (match(value, *cp) != NULL) {
+ v = *cp;
+ *cp = value;
+ return v;
+ }
++ }
+ /* Not found */
+ /* Can't realloc because somebody else might be pointing to this
+ * comments block. Of course, if this were true, then the
+diff -up netpbm-10.35.46/urt/Runput.c.security netpbm-10.35.46/urt/Runput.c
+--- netpbm-10.35.46/urt/Runput.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/Runput.c 2008-06-24 09:04:21.000000000 +0200
@@ -17,6 +17,8 @@
*
* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
@@ -1937,7 +2064,7 @@
*/
/*
* Runput.c - General purpose Run Length Encoding.
-@@ -202,9 +204,11 @@
+@@ -202,9 +204,11 @@ RunSetup(rle_hdr * the_hdr)
if ( the_hdr->background != 0 )
{
register int i;
@@ -1951,7 +2078,7 @@
/*
* If even number of bg color bytes, put out one more to get to
* 16 bit boundary.
-@@ -224,7 +228,7 @@
+@@ -224,7 +228,7 @@ RunSetup(rle_hdr * the_hdr)
/* Big-endian machines are harder */
register int i, nmap = (1 << the_hdr->cmaplen) *
the_hdr->ncmap;
@@ -1960,49 +2087,26 @@
if ( h_cmap == NULL )
{
fprintf( stderr,
---- netpbm-10.34/urt/rle_getrow.c.security 2005-10-16 23:47:53.000000000 +0200
-+++ netpbm-10.34/urt/rle_getrow.c 2006-06-22 12:45:18.000000000 +0200
-@@ -17,6 +17,8 @@
+diff -up netpbm-10.35.46/urt/scanargs.c.security netpbm-10.35.46/urt/scanargs.c
+--- netpbm-10.35.46/urt/scanargs.c.security 2008-06-24 08:59:24.000000000 +0200
++++ netpbm-10.35.46/urt/scanargs.c 2008-06-24 09:04:21.000000000 +0200
+@@ -38,6 +38,8 @@
*
* Modified at BRL 16-May-88 by Mike Muuss to avoid Alliant STDC desire
* to have all "void" functions so declared.
+ *
+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
*/
- /*
- * rle_getrow.c - Read an RLE file in.
-@@ -168,6 +170,7 @@
- register char * cp;
- VAXSHORT( comlen, infile ); /* get comment length */
-+ overflow_add(comlen, 1);
- evenlen = (comlen + 1) & ~1; /* make it even */
- if ( evenlen )
- {
---- netpbm-10.34/urt/rle_putcom.c.security 2005-10-07 18:01:42.000000000 +0200
-+++ netpbm-10.34/urt/rle_putcom.c 2006-06-22 12:45:18.000000000 +0200
-@@ -14,6 +14,8 @@
- * If you modify this software, you should include a notice giving the
- * name of the person performing the modification, the date of modification,
- * and the reason for such modification.
-+ *
-+ * 2002-12-19: Fix maths wrapping bugs. Alan Cox <alan at redhat.com>
- */
+ #include "rle.h"
+@@ -65,8 +67,8 @@ typedef int *ptr;
/*
- * rle_putcom.c - Add a picture comment to the header struct.
-@@ -98,12 +100,14 @@
- const char * v;
- const char ** old_comments;
- int i;
-- for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp)
-+ for (i = 2, cp = the_hdr->comments; *cp != NULL; ++i, ++cp) {
-+ overflow_add(i, 1);
- if (match(value, *cp) != NULL) {
- v = *cp;
- *cp = value;
- return v;
- }
-+ }
- /* Not found */
- /* Can't realloc because somebody else might be pointing to this
- * comments block. Of course, if this were true, then the
+ * Storage allocation macros
+ */
+-#define NEW( type, cnt ) (type *) malloc( (cnt) * sizeof( type ) )
+-#define RENEW( type, ptr, cnt ) (type *) realloc( ptr, (cnt) * sizeof( type ) )
++#define NEW( type, cnt ) (type *) malloc2( (cnt) , sizeof( type ) )
++#define RENEW( type, ptr, cnt ) (type *) realloc2( ptr, (cnt), sizeof( type ) )
+
+ #if defined(c_plusplus) && !defined(USE_PROTOTYPES)
+ #define USE_PROTOTYPES
Index: netpbm.spec
===================================================================
RCS file: /cvs/extras/rpms/netpbm/devel/netpbm.spec,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- netpbm.spec 9 Jun 2008 07:04:18 -0000 1.113
+++ netpbm.spec 24 Jun 2008 09:38:25 -0000 1.114
@@ -1,6 +1,6 @@
Summary: A library for handling different graphics file formats
Name: netpbm
-Version: 10.35.45
+Version: 10.35.46
Release: 1%{?dist}
License: Assorted licenses, see %{_docdir}/%{name}-%{version}/copyright_summary
Group: System Environment/Libraries
@@ -214,6 +214,10 @@
%{_datadir}/netpbm/
%changelog
+* Tue Jun 24 2008 Jindrich Novy <jnovy at rehdat.com> 10.35.46-1
+- update to 10.35.46
+- fixes pbmtext, pamtotga, pamtouil and pnmtopclxl
+
* Mon Jun 9 2008 Jindrich Novy <jnovy at redhat.com> 10.35.45-1
- update to 10.35.45
- fixes anytopnm, pamtohtmltbl, xvminitoppm, pbmtogo, tgatoppm
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/netpbm/devel/sources,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- sources 9 Jun 2008 07:04:18 -0000 1.43
+++ sources 24 Jun 2008 09:38:25 -0000 1.44
@@ -1 +1 @@
-e4f3a911b8e4e90196aefe5209523cda netpbm-10.35.45.tar.bz2
+8050c65551edc55e622f486c10273afe netpbm-10.35.46.tar.bz2
More information about the fedora-extras-commits
mailing list