rpms/netpbm
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fixing format-security flaws (#1037217)

Browse Source
This commit is contained in:
Jaromir Capik 2014-04-14 17:21:57 +02:00
parent 1cf1e99cf7
commit 21d8a22512
2 changed files with 87 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
netpbm-format-security.patch Normal file
View File

@ -0,0 +1,81 @@
diff -Naur netpbm-10.61.02.orig/converter/pbm/cmuwmtopbm.c netpbm-10.61.02/converter/pbm/cmuwmtopbm.c
--- netpbm-10.61.02.orig/converter/pbm/cmuwmtopbm.c 2014-04-14 16:25:31.000000000 +0200
+++ netpbm-10.61.02/converter/pbm/cmuwmtopbm.c 2014-04-14 17:05:23.049000000 +0200
@@ -48,20 +48,20 @@
rc = pm_readbiglong(ifP, &l);
if (rc == -1 )
- pm_error(initReadError);
+ pm_error("%s", initReadError);
if ((uint32_t)l != cmuwmMagic)
pm_error("bad magic number in CMU window manager file");
rc = pm_readbiglong(ifP, &l);
if (rc == -1)
- pm_error(initReadError);
+ pm_error("%s", initReadError);
*colsP = l;
rc = pm_readbiglong(ifP, &l);
if (rc == -1 )
- pm_error(initReadError);
+ pm_error("%s", initReadError);
*rowsP = l;
rc = pm_readbigshort(ifP, &s);
if (rc == -1)
- pm_error(initReadError);
+ pm_error("%s", initReadError);
*depthP = s;
}
diff -Naur netpbm-10.61.02.orig/converter/other/tifftopnm.c netpbm-10.61.02/converter/other/tifftopnm.c
--- netpbm-10.61.02.orig/converter/other/tifftopnm.c 2014-04-14 17:06:26.000000000 +0200
+++ netpbm-10.61.02/converter/other/tifftopnm.c 2014-04-14 17:09:55.731000000 +0200
@@ -1459,7 +1459,7 @@
int ok;
ok = TIFFRGBAImageOK(tif, emsg);
if (!ok) {
- pm_message(emsg);
+ pm_message("%s", emsg);
*statusP = CONV_UNABLE;
} else {
uint32 * raster;
@@ -1479,14 +1479,14 @@
ok = TIFFRGBAImageBegin(&img, tif, stopOnErrorFalse, emsg);
if (!ok) {
- pm_message(emsg);
+ pm_message("%s", emsg);
*statusP = CONV_FAILED;
} else {
int ok;
ok = TIFFRGBAImageGet(&img, raster, cols, rows);
TIFFRGBAImageEnd(&img) ;
if (!ok) {
- pm_message(emsg);
+ pm_message("%s", emsg);
*statusP = CONV_FAILED;
} else {
*statusP = CONV_DONE;
diff -Naur netpbm-10.61.02.orig/converter/other/fiasco/pnmtofiasco.c netpbm-10.61.02/converter/other/fiasco/pnmtofiasco.c
--- netpbm-10.61.02.orig/converter/other/fiasco/pnmtofiasco.c 2013-02-20 07:31:32.000000000 +0100
+++ netpbm-10.61.02/converter/other/fiasco/pnmtofiasco.c 2014-04-14 17:12:14.995000000 +0200
@@ -170,7 +170,7 @@
return 0;
else
{
- fprintf (stderr, fiasco_get_error_message ());
+ fprintf (stderr, "%s", fiasco_get_error_message ());
fprintf (stderr, "\n");
return 1;
}
diff -Naur netpbm-10.61.02.orig/converter/other/fiasco/params.c netpbm-10.61.02/converter/other/fiasco/params.c
--- netpbm-10.61.02.orig/converter/other/fiasco/params.c 2013-02-20 07:31:32.000000000 +0100
+++ netpbm-10.61.02/converter/other/fiasco/params.c 2014-04-14 17:15:00.067000000 +0200
@@ -656,7 +656,7 @@
fprintf (stderr, "Usage: %s [OPTION]...%s\n", progname,
non_opt_string ? non_opt_string : " ");
if (synopsis != NULL)
- fprintf (stderr, synopsis);
+ fprintf (stderr, "%s", synopsis);
fprintf (stderr, "\n\n");
fprintf (stderr, "Mandatory or optional arguments to long options "
"are mandatory or optional\nfor short options too. "

7
netpbm.spec
View File

@ -1,7 +1,7 @@
Summary: A library for handling different graphics file formats Summary: A library for handling different graphics file formats
Name: netpbm Name: netpbm
Version: 10.61.02 Version: 10.61.02
Release: 7%{?dist} Release: 8%{?dist}
# See copyright_summary for details # See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain License: BSD and GPLv2 and IJG and MIT and Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
@ -38,6 +38,7 @@ Patch27: netpbm-multipage-pam.patch
Patch28: netpbm-compare-same-images.patch Patch28: netpbm-compare-same-images.patch
#Patch29: netpbm-man-corrections.patch #Patch29: netpbm-man-corrections.patch
Patch29: netpbm-manual-pages.patch Patch29: netpbm-manual-pages.patch
Patch30: netpbm-format-security.patch
BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
@ -116,6 +117,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch28 -p1 -b .compare-same-images %patch28 -p1 -b .compare-same-images
#%patch29 -p1 -b .man-corrections #%patch29 -p1 -b .man-corrections
%patch29 -p1 -b .manual-pages %patch29 -p1 -b .manual-pages
%patch30 -p1 -b .fmt-sec
exit 0 exit 0
sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
@ -271,6 +273,9 @@ rm -rf $RPM_BUILD_ROOT
%doc userguide/* %doc userguide/*
%changelog %changelog
* Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 10.61.02-8
- Fixing format-security flaws (#1037217)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.61.02-7 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.61.02-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild