diff --git a/netpbm-10.28-CAN-2005-2471.patch b/netpbm-10.28-CAN-2005-2471.patch new file mode 100644 index 0000000..56e2f34 --- /dev/null +++ b/netpbm-10.28-CAN-2005-2471.patch @@ -0,0 +1,19 @@ +--- netpbm-10.28/converter/other/pstopnm.c.CAN-2005-2471 2004-06-23 04:22:33.000000000 +0200 ++++ netpbm-10.28/converter/other/pstopnm.c 2005-08-09 08:41:42.000000000 +0200 +@@ -702,13 +702,13 @@ + + if (verbose) { + pm_message("execing '%s' with args '%s' (arg 0), " +- "'%s', '%s', '%s', '%s', '%s', '%s', '%s'", ++ "'%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s'", + ghostscriptProg, arg0, +- deviceopt, outfileopt, gopt, ropt, "-q", "-dNOPAUSE", "-"); ++ deviceopt, outfileopt, gopt, ropt, "-q", "-dNOPAUSE", "-dPARANOIDSAFER", "-"); + } + + execl(ghostscriptProg, arg0, deviceopt, outfileopt, gopt, ropt, "-q", +- "-dNOPAUSE", "-", NULL); ++ "-dNOPAUSE", "-dPARANOIDSAFER", "-", NULL); + + pm_error("execl() of Ghostscript ('%s') failed, errno=%d (%s)", + ghostscriptProg, errno, strerror(errno)); diff --git a/netpbm.spec b/netpbm.spec index f16a513..dec47b2 100644 --- a/netpbm.spec +++ b/netpbm.spec @@ -1,7 +1,7 @@ Summary: A library for handling different graphics file formats. Name: netpbm Version: 10.28 -Release: 4 +Release: 5 License: freeware Group: System Environment/Libraries URL: http://netpbm.sourceforge.net/ @@ -21,6 +21,7 @@ Patch10: netpbm-10.27-bmptopnm.patch Patch11: netpbm-10.27-libpm.patch Patch12: netpbm-10.27-pnmtojpeg.patch Patch13: netpbm-10.28-pbmtolj.patch +Patch14: netpbm-10.28-CAN-2005-2471.patch Buildroot: %{_tmppath}/%{name}-root BuildPrereq: libjpeg-devel, libpng-devel, libtiff-devel, perl Obsoletes: libgr @@ -78,6 +79,7 @@ netpbm-progs. You'll also need to install the netpbm package. %patch11 -p1 -b .libpm %patch12 -p1 -b .pnmtojpeg %patch13 -p1 -b .pbmtolj +%patch14 -p1 -b .CAN-2005-2471 ##mv shhopt/shhopt.h shhopt/pbmshhopt.h ##perl -pi -e 's|shhopt.h|pbmshhopt.h|g' `find -name "*.c" -o -name "*.h"` ./GNUmakefile @@ -175,6 +177,9 @@ rm -rf $RPM_BUILD_ROOT/usr/config_template %{_mandir}/man5/* %changelog +* Tue Aug 09 2005 Jindrich Novy 10.28-5 +- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355) + * Thu Jul 21 2005 Jindrich Novy 10.28-4 - fix buffer overflow in pbmtolj (#163596)