From 7d1f2ca58a108031614186873407da0add1e1edc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= Date: Tue, 4 Oct 2022 13:31:13 +0200 Subject: [PATCH] Resolves: #2130384 - new upstream release 11.00.00 --- netpbm-security-code.patch | 364 +++++++++++++++++++------------------ netpbm.spec | 7 +- 2 files changed, 188 insertions(+), 183 deletions(-) diff --git a/netpbm-security-code.patch b/netpbm-security-code.patch index 90ee6f7..75c66e5 100644 --- a/netpbm-security-code.patch +++ b/netpbm-security-code.patch @@ -227,9 +227,31 @@ diff -ruNp a/converter/pbm/mgrtopbm.c b/converter/pbm/mgrtopbm.c *padrightP = ((*colsP + pad - 1) / pad) * pad - *colsP; } -diff -ruNp a/converter/pbm/pbmtogem.c b/converter/pbm/pbmtogem.c ---- a/converter/pbm/pbmtogem.c 2021-06-02 15:53:59.828205592 +0200 -+++ b/converter/pbm/pbmtogem.c 2021-06-02 20:23:21.809634256 +0200 +diff --git a/converter/pbm/pbmto4425.c b/converter/pbm/pbmto4425.c +index 1d97ac6..c4c8cbb 100644 +--- a/converter/pbm/pbmto4425.c ++++ b/converter/pbm/pbmto4425.c +@@ -2,6 +2,7 @@ + + #include "nstring.h" + #include "pbm.h" ++#include + + static char bit_table[2][3] = { + {1, 4, 0x10}, +@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { + xres = vmap_width * 2; + yres = vmap_height * 3; + +- vmap = malloc(vmap_width * vmap_height * sizeof(char)); ++ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); + if(vmap == NULL) + { + pm_error( "Cannot allocate memory" ); +diff --git a/converter/pbm/pbmtogem.c b/converter/pbm/pbmtogem.c +index 4fd30e9..c82757d 100644 +--- a/converter/pbm/pbmtogem.c ++++ b/converter/pbm/pbmtogem.c @@ -79,6 +79,7 @@ putinit (int const rows, int const cols) bitsperitem = 0; bitshift = 7; @@ -351,35 +373,18 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c - } - return retval; -} -- +int make_pbm_stat(pbm_stat* pbm,FILE* fptr) +{ + char line[1024]; -+ + + pbm->fptr=fptr; + pbm->version=none; + pbm->current_line=0; + pbm->unread = 0; -+ + + if (fgets (line, 1024, fptr) == NULL) + return 0; + line[strlen(line)-1] = 0; -+ -+ if(!strcmp(line,"P1")) pbm->version=P1; -+ if(!strcmp(line,"P4")) pbm->version=P4; -+ if(pbm->version == none) -+ { -+ fprintf(stderr,"pbm_readheader(): unknown PBM magic '%s'\n",line); -+ return 0; -+ } -+ -+ do -+ if (fgets (line, 1024, fptr) == NULL) -+ return 0; -+ while (line[0] == '#'); - -+ if (2 != sscanf (line, "%d %d", &pbm->width, &pbm->height)) -+ return 0; -static int -getbytes(FILE * const ifP, @@ -418,11 +423,23 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c - retval = 1; - } - return retval; -+ return 1; - } +-} ++ if(!strcmp(line,"P1")) pbm->version=P1; ++ if(!strcmp(line,"P4")) pbm->version=P4; ++ if(pbm->version == none) ++ { ++ fprintf(stderr,"pbm_readheader(): unknown PBM magic '%s'\n",line); ++ return 0; ++ } + ++ do ++ if (fgets (line, 1024, fptr) == NULL) ++ return 0; ++ while (line[0] == '#'); + ++ if (2 != sscanf (line, "%d %d", &pbm->width, &pbm->height)) ++ return 0; -- -- -int -pbm_readline(pbm_stat * const pbmStatP, - unsigned char * const data) { @@ -469,6 +486,11 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c - retval = 0; - } - } +- } +- return retval; ++ return 1; + } + +static int getbytes(FILE *fptr,int width,unsigned char* data) +{ + unsigned char mask,acc,*place; @@ -493,13 +515,12 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c + acc=0; + mask=0x80; + } - } -- return retval; ++ } + } + if(width%8) + *place=acc; + return 1; - } ++} +/* Reads a single line into data which must be at least (pbm->width+7)/8 + bytes of storage */ @@ -519,16 +540,6 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c + return 1; + } -+ switch(pbm->version) -+ { -+ case P1: -+ if(getbytes(pbm->fptr,pbm->width,data)) -+ { -+ pbm->current_line++; -+ return 1; -+ } -+ return 0; - -void -pbm_unreadline(pbm_stat * const pbmStatP, - void * const data) { @@ -542,6 +553,17 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c - pbmStatP->revdata = malloc ((pbmStatP->width+7)/8); - memcpy(pbmStatP->revdata, data, (pbmStatP->width+7)/8); - --pbmStatP->current_line; ++ switch(pbm->version) ++ { ++ case P1: ++ if(getbytes(pbm->fptr,pbm->width,data)) ++ { ++ pbm->current_line++; ++ return 1; + } +-} ++ return 0; ++ + case P4: + overflow_add(pbm->width, 7); + tmp=(pbm->width+7)/8; @@ -550,8 +572,7 @@ diff -ruNp a/converter/pbm/pbmtoppa/pbm.c b/converter/pbm/pbmtoppa/pbm.c + { + pbm->current_line++; + return 1; - } --} ++ } + fprintf(stderr,"pbm_readline(): error reading line data (%d)\n",tmp2); + return 0; @@ -597,29 +618,10 @@ diff -ruNp a/converter/pbm/pbmtoxbm.c b/converter/pbm/pbmtoxbm.c putinit(xbmVersion); -diff -ruNp a/converter/pbm/pbmto4425.c b/converter/pbm/pbmto4425.c ---- a/converter/pbm/pbmto4425.c 2021-06-02 15:53:59.827205582 +0200 -+++ b/converter/pbm/pbmto4425.c 2021-06-02 20:23:21.808634248 +0200 -@@ -2,6 +2,7 @@ - - #include "nstring.h" - #include "pbm.h" -+#include - - static char bit_table[2][3] = { - {1, 4, 0x10}, -@@ -160,7 +161,7 @@ main(int argc, char * argv[]) { - xres = vmap_width * 2; - yres = vmap_height * 3; - -- vmap = malloc(vmap_width * vmap_height * sizeof(char)); -+ vmap = malloc3(vmap_width, vmap_height, sizeof(char)); - if(vmap == NULL) - { - pm_error( "Cannot allocate memory" ); -diff -ruNp a/converter/pbm/pktopbm.c b/converter/pbm/pktopbm.c ---- a/converter/pbm/pktopbm.c 2021-06-02 15:53:59.828205592 +0200 -+++ b/converter/pbm/pktopbm.c 2021-06-02 20:23:21.813634291 +0200 +diff --git a/converter/pbm/pktopbm.c b/converter/pbm/pktopbm.c +index 712f339..b6fcb02 100644 +--- a/converter/pbm/pktopbm.c ++++ b/converter/pbm/pktopbm.c @@ -280,6 +280,7 @@ main(int argc, char *argv[]) { if (flagbyte == 7) { /* long form preamble */ integer packetlength = get32() ; /* character packet length */ @@ -694,9 +696,23 @@ diff -ruNp a/converter/pgm/psidtopgm.c b/converter/pgm/psidtopgm.c grayrow = pgm_allocrow((cols + 7) / 8 * 8); for (row = 0; row < rows; ++row) { unsigned int col; -diff -ruNp a/converter/ppm/ilbmtoppm.c b/converter/ppm/ilbmtoppm.c ---- a/converter/ppm/ilbmtoppm.c 2021-06-02 15:53:59.846205765 +0200 -+++ b/converter/ppm/ilbmtoppm.c 2021-06-02 20:23:21.817634326 +0200 +diff --git a/converter/ppm/Makefile b/converter/ppm/Makefile +index 003ef8d..b97349d 100644 +--- a/converter/ppm/Makefile ++++ b/converter/ppm/Makefile +@@ -11,7 +11,7 @@ SUBDIRS = hpcdtoppm ppmtompeg + + PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \ + leaftoppm mtvtoppm neotoppm \ +- pcxtoppm pc1toppm pi1toppm picttoppm pjtoppm \ ++ pcxtoppm pc1toppm pi1toppm pjtoppm \ + ppmtoacad ppmtoapplevol ppmtoarbtxt ppmtoascii \ + ppmtobmp ppmtoeyuv ppmtogif ppmtoicr ppmtoilbm \ + ppmtoleaf ppmtolj ppmtomitsu ppmtoneo \ +diff --git a/converter/ppm/ilbmtoppm.c b/converter/ppm/ilbmtoppm.c +index b9b8986..f4fe331 100644 +--- a/converter/ppm/ilbmtoppm.c ++++ b/converter/ppm/ilbmtoppm.c @@ -608,6 +608,7 @@ decode_row(FILE * const ifP, rawtype *chp; @@ -786,22 +802,11 @@ diff -ruNp a/converter/ppm/imgtoppm.c b/converter/ppm/imgtoppm.c if ( len != cols * rows ) pm_message( "pixel data length (%d) does not match image size (%d)", -diff -ruNp a/converter/ppm/Makefile b/converter/ppm/Makefile ---- a/converter/ppm/Makefile 2021-06-02 15:53:59.846205765 +0200 -+++ b/converter/ppm/Makefile 2021-06-02 20:23:21.815634309 +0200 -@@ -11,7 +11,7 @@ SUBDIRS = hpcdtoppm ppmtompeg - - PORTBINARIES = 411toppm eyuvtoppm gouldtoppm ilbmtoppm imgtoppm \ - leaftoppm mtvtoppm neotoppm \ -- pcxtoppm pc1toppm pi1toppm picttoppm pjtoppm \ -+ pcxtoppm pc1toppm pi1toppm pjtoppm \ - ppmtoacad ppmtoapplevol ppmtoarbtxt ppmtoascii \ - ppmtobmp ppmtoeyuv ppmtogif ppmtoicr ppmtoilbm \ - ppmtoleaf ppmtolj ppmtomitsu ppmtoneo \ -diff -ruNp a/converter/ppm/pcxtoppm.c b/converter/ppm/pcxtoppm.c ---- a/converter/ppm/pcxtoppm.c 2021-06-02 15:53:59.846205765 +0200 -+++ b/converter/ppm/pcxtoppm.c 2021-06-02 20:23:21.818634335 +0200 -@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, +diff --git a/converter/ppm/pcxtoppm.c b/converter/ppm/pcxtoppm.c +index e252ba2..270ae3b 100644 +--- a/converter/ppm/pcxtoppm.c ++++ b/converter/ppm/pcxtoppm.c +@@ -409,6 +409,7 @@ pcx_planes_to_pixels(pixels, bitplanes, bytesperline, planes, bitsperpixel) /* * clear the pixel buffer */ @@ -1428,6 +1433,9 @@ diff -ruNp a/converter/ppm/ppmtopcx.c b/converter/ppm/ppmtopcx.c - putword(yPos, ofP); /* y1 - image top */ - putword(xPos+cols-1, ofP); /* x2 - image right */ - putword(yPos+rows-1, ofP); /* y2 - image bottom */ +- +- putword(cols, ofP); /* horizontal resolution */ +- putword(rows, ofP); /* vertical resolution */ +write_header(FILE * const fp, + int const cols, + int const rows, @@ -1448,9 +1456,7 @@ diff -ruNp a/converter/ppm/ppmtopcx.c b/converter/ppm/ppmtopcx.c + Putword(yPos, fp); /* y1 - image top */ + Putword(xPos+cols-1, fp); /* x2 - image right */ + Putword(yPos+rows-1, fp); /* y2 - image bottom */ - -- putword(cols, ofP); /* horizontal resolution */ -- putword(rows, ofP); /* vertical resolution */ ++ + Putword(cols, fp); /* horizontal resolution */ + Putword(rows, fp); /* vertical resolution */ @@ -1635,10 +1641,11 @@ diff -ruNp a/converter/ppm/ppmtopcx.c b/converter/ppm/ppmtopcx.c } } } -@@ -440,142 +453,83 @@ writeRaster16Color(FILE * const ofP, +@@ -439,143 +452,84 @@ writeRaster16Color(FILE * const ofP, - static void + +-static void -ppmTo16ColorPcx(pixel ** const pixels, - unsigned int const cols, - unsigned int const rows, @@ -1679,7 +1686,7 @@ diff -ruNp a/converter/ppm/ppmtopcx.c b/converter/ppm/ppmtopcx.c - - - --static void + static void ppmTo256ColorPcx(pixel ** const pixels, - unsigned int const cols, - unsigned int const rows, @@ -1753,13 +1760,13 @@ diff -ruNp a/converter/ppm/ppmtopcx.c b/converter/ppm/ppmtopcx.c - unsigned char * grnrow; - unsigned char * blurow; - unsigned int row; -- -- MALLOCARRAY(redrow, cols); -- MALLOCARRAY(grnrow, cols); -- MALLOCARRAY(blurow, cols); + unsigned char *redrow, *greenrow, *bluerow; + int col, row; +- MALLOCARRAY(redrow, cols); +- MALLOCARRAY(grnrow, cols); +- MALLOCARRAY(blurow, cols); +- - if (!redrow || !grnrow || !blurow) - pm_error("Unable to allocate buffer for a row of %u pixels", cols); + redrow = (unsigned char *)pm_allocrow(cols, sizeof(unsigned char)); @@ -2623,20 +2630,10 @@ diff -ruNp a/editor/pnmhisteq.c b/editor/pnmhisteq.c MALLOCARRAY(lumahist, maxval + 1); if (lumahist == NULL) pm_error("Out of storage allocating array for %u histogram elements", -diff -ruNp a/editor/pnmindex.csh b/editor/pnmindex.csh ---- a/editor/pnmindex.csh 2021-06-02 15:53:59.801205332 +0200 -+++ b/editor/pnmindex.csh 2021-06-02 20:23:21.829634431 +0200 -@@ -1,5 +1,7 @@ - #!/bin/csh -f - # -+echo "Unsafe code, needs debugging, do not ship" -+exit 1 - # pnmindex - build a visual index of a bunch of anymaps - # - # Copyright (C) 1991 by Jef Poskanzer. -diff -ruNp a/editor/pnmpad.c b/editor/pnmpad.c ---- a/editor/pnmpad.c 2021-06-02 15:53:59.808205400 +0200 -+++ b/editor/pnmpad.c 2021-06-02 20:23:21.829634431 +0200 +diff --git a/editor/pnmpad.c b/editor/pnmpad.c +index 9fa9f9e..6b98204 100644 +--- a/editor/pnmpad.c ++++ b/editor/pnmpad.c @@ -654,6 +654,8 @@ main(int argc, const char ** argv) { computePadSizes(cmdline, cols, rows, &lpad, &rpad, &tpad, &bpad); @@ -2830,21 +2827,32 @@ diff -ruNp a/other/pnmcolormap.c b/other/pnmcolormap.c } { unsigned int const intQuotient = colormap.size / pamP->width; -diff -ruNp a/urt/rle_getrow.c b/urt/rle_getrow.c ---- a/urt/rle_getrow.c 2021-06-02 15:53:59.825205563 +0200 -+++ b/urt/rle_getrow.c 2021-06-02 20:23:21.834634475 +0200 -@@ -164,6 +164,7 @@ rle_get_setup(rle_hdr * const the_hdr) { - char * cp; - - VAXSHORT(comlen, infile); /* get comment length */ -+ overflow_add(comlen, 1); - evenlen = (comlen + 1) & ~1; /* make it even */ - if (evenlen) { - MALLOCARRAY(comment_buf, evenlen); -diff -ruNp a/urt/rle.h b/urt/rle.h ---- a/urt/rle.h 2021-06-02 15:53:59.825205563 +0200 -+++ b/urt/rle.h 2021-06-02 20:23:21.834634475 +0200 -@@ -153,6 +153,17 @@ rle_hdr /* End of typedef. * +diff --git a/urt/Runput.c b/urt/Runput.c +index 1a7f2f7..de2737b 100644 +--- a/urt/Runput.c ++++ b/urt/Runput.c +@@ -202,6 +202,7 @@ RunSetup(rle_hdr * the_hdr) + if ( the_hdr->background != 0 ) + { + int i; ++ overflow_add(the_hdr->ncolors, 1); + rle_pixel *background = + (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) ); + int *bg_color; +@@ -224,7 +225,7 @@ RunSetup(rle_hdr * the_hdr) + /* Big-endian machines are harder */ + int i, nmap = (1 << the_hdr->cmaplen) * + the_hdr->ncmap; +- char *h_cmap = (char *)malloc( nmap * 2 ); ++ char *h_cmap = (char *)malloc2( nmap, 2 ); + if ( h_cmap == NULL ) + { + fprintf( stderr, +diff --git a/urt/rle.h b/urt/rle.h +index 1e7ddd0..df45dd9 100644 +--- a/urt/rle.h ++++ b/urt/rle.h +@@ -152,6 +152,17 @@ rle_hdr /* End of typedef. */ */ extern rle_hdr rle_dflt_hdr; @@ -2862,9 +2870,59 @@ diff -ruNp a/urt/rle.h b/urt/rle.h /* Declare RLE library routines. */ -diff -ruNp a/urt/rle_hdr.c b/urt/rle_hdr.c ---- a/urt/rle_hdr.c 2021-06-02 15:53:59.825205563 +0200 -+++ b/urt/rle_hdr.c 2021-06-02 20:23:21.835634483 +0200 +diff --git a/urt/rle_addhist.c b/urt/rle_addhist.c +index 45c3dbf..ef13973 100644 +--- a/urt/rle_addhist.c ++++ b/urt/rle_addhist.c +@@ -70,13 +70,19 @@ rle_addhist(char * argv[], + return; + + length = 0; +- for (i = 0; argv[i]; ++i) ++ for (i = 0; argv[i]; ++i) { ++ overflow_add(length, strlen(argv[i])); ++ overflow_add(length+1, strlen(argv[i])); + length += strlen(argv[i]) +1; /* length of each arg plus space. */ ++ } + + time(&temp); + timedate = ctime(&temp); + length += strlen(timedate); /* length of date and time in ASCII. */ + ++ overflow_add(strlen(padding), 4); ++ overflow_add(strlen(histoire), strlen(padding) + 4); ++ overflow_add(length, strlen(histoire) + strlen(padding) + 4); + length += strlen(padding) + 3 + strlen(histoire) + 1; + /* length of padding, "on " and length of history name plus "="*/ + if (in_hdr) /* if we are interested in the old comments... */ +@@ -84,8 +90,10 @@ rle_addhist(char * argv[], + else + old = NULL; + +- if (old && *old) ++ if (old && *old) { ++ overflow_add(length, strlen(old)); + length += strlen(old); /* add length if there. */ ++ } + + ++length; /*Cater for the null. */ + +diff --git a/urt/rle_getrow.c b/urt/rle_getrow.c +index a24870a..0ba62c3 100644 +--- a/urt/rle_getrow.c ++++ b/urt/rle_getrow.c +@@ -164,6 +164,7 @@ rle_get_setup(rle_hdr * const the_hdr) { + char * cp; + + VAXSHORT(comlen, infile); /* get comment length */ ++ overflow_add(comlen, 1); + evenlen = (comlen + 1) & ~1; /* make it even */ + if (evenlen) { + MALLOCARRAY(comment_buf, evenlen); +diff --git a/urt/rle_hdr.c b/urt/rle_hdr.c +index 8ceaa9e..4c13037 100644 +--- a/urt/rle_hdr.c ++++ b/urt/rle_hdr.c @@ -148,7 +148,7 @@ rle_hdr_cp(rle_hdr * const fromHdrP, if (toHdrP->cmap) { size_t const size = @@ -2910,59 +2968,3 @@ diff -ruNp a/urt/rle_putcom.c b/urt/rle_putcom.c /* Not found */ /* Can't realloc because somebody else might be pointing to this * comments block. Of course, if this were true, then the -diff -urNp a/urt/rle_addhist.c b/urt/rle_addhist.c ---- a/urt/rle_addhist.c 2022-06-28 08:11:09.204119859 +0200 -+++ b/urt/rle_addhist.c 2022-06-29 09:20:31.573600515 +0200 -@@ -70,13 +70,19 @@ rle_addhist(char * argv[], - return; - - length = 0; -- for (i = 0; argv[i]; ++i) -+ for (i = 0; argv[i]; ++i) { -+ overflow_add(length, strlen(argv[i])); -+ overflow_add(length+1, strlen(argv[i])); - length += strlen(argv[i]) +1; /* length of each arg plus space. */ -+ } - - time(&temp); - timedate = ctime(&temp); - length += strlen(timedate); /* length of date and time in ASCII. */ - -+ overflow_add(strlen(padding), 4); -+ overflow_add(strlen(histoire), strlen(padding) + 4); -+ overflow_add(length, strlen(histoire) + strlen(padding) + 4); - length += strlen(padding) + 3 + strlen(histoire) + 1; - /* length of padding, "on " and length of history name plus "="*/ - if (in_hdr) /* if we are interested in the old comments... */ -@@ -84,8 +90,10 @@ rle_addhist(char * argv[], - else - old = NULL; - -- if (old && *old) -+ if (old && *old) { -+ overflow_add(length, strlen(old)); - length += strlen(old); /* add length if there. */ -+ } - - ++length; /*Cater for the null. */ - -diff -urNp a/urt/Runput.c b/urt/Runput.c ---- a/urt/Runput.c 2022-06-28 08:11:09.204119859 +0200 -+++ b/urt/Runput.c 2022-06-29 09:28:03.951620062 +0200 -@@ -202,6 +202,7 @@ RunSetup(rle_hdr * the_hdr) - if ( the_hdr->background != 0 ) - { - int i; -+ overflow_add(the_hdr->ncolors, 1); - rle_pixel *background = - (rle_pixel *)malloc( (unsigned)(the_hdr->ncolors + 1) ); - int *bg_color; -@@ -224,7 +225,7 @@ RunSetup(rle_hdr * the_hdr) - /* Big-endian machines are harder */ - int i, nmap = (1 << the_hdr->cmaplen) * - the_hdr->ncmap; -- char *h_cmap = (char *)malloc( nmap * 2 ); -+ char *h_cmap = (char *)malloc2( nmap, 2 ); - if ( h_cmap == NULL ) - { - fprintf( stderr, diff --git a/netpbm.spec b/netpbm.spec index ff7e49f..a99239b 100644 --- a/netpbm.spec +++ b/netpbm.spec @@ -1,7 +1,7 @@ Summary: A library for handling different graphics file formats Name: netpbm -Version: 10.99.00 -Release: 2%{?dist} +Version: 11.00.00 +Release: 1%{?dist} # See copyright_summary for details License: BSD and GPLv2 and IJG and MIT and Public Domain URL: http://netpbm.sourceforge.net/ @@ -229,6 +229,9 @@ popd %doc userguide/* %changelog +* Tue Oct 04 2022 Josef Ridky - 11.00.00-1 +- New upstream release 11.00.00 (#2130384) + * Fri Jul 22 2022 Fedora Release Engineering - 10.99.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild