rpms/netpbm/devel .cvsignore, 1.71, 1.72 netpbm-security-code.patch, 1.2, 1.3 netpbm.spec, 1.167, 1.168 sources, 1.75, 1.76
Jindrich Novy
jnovy at fedoraproject.org
Mon Jul 12 07:16:22 UTC 2010
Author: jnovy
Update of /cvs/pkgs/rpms/netpbm/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv2448
Modified Files:
.cvsignore netpbm-security-code.patch netpbm.spec sources
Log Message:
* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 10.47.17-1
- update to 10.47.17
- add couple of missign overflow checks
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/netpbm/devel/.cvsignore,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -p -r1.71 -r1.72
--- .cvsignore 18 Jun 2010 09:30:36 -0000 1.71
+++ .cvsignore 12 Jul 2010 07:16:20 -0000 1.72
@@ -1 +1 @@
-netpbm-10.47.16.tar.xz
+netpbm-10.47.17.tar.xz
netpbm-security-code.patch:
analyzer/pgmtexture.c | 9 +++++
converter/other/gemtopnm.c | 1
converter/other/jpegtopnm.c | 2 +
converter/other/pbmtopgm.c | 1
converter/other/pnmtoddif.c | 2 +
converter/other/pnmtojpeg.c | 9 +++++
converter/other/pnmtops.c | 12 +++++--
converter/other/pnmtorle.c | 2 +
converter/other/pnmtosgi.c | 19 ++++++++++++
converter/other/rletopnm.c | 2 +
converter/other/sgitopnm.c | 6 +++
converter/other/sirtopnm.c | 1
converter/other/tifftopnm.c | 4 +-
converter/other/xwdtopnm.c | 5 +++
converter/pbm/icontopbm.c | 6 +++
converter/pbm/mdatopbm.c | 5 ++-
converter/pbm/mgrtopbm.c | 2 +
converter/pbm/pbmto10x.c | 2 -
converter/pbm/pbmto4425.c | 3 +
converter/pbm/pbmtoascii.c | 2 +
converter/pbm/pbmtogem.c | 1
converter/pbm/pbmtogo.c | 1
converter/pbm/pbmtoicon.c | 1
converter/pbm/pbmtolj.c | 4 ++
converter/pbm/pbmtomacp.c | 3 +
converter/pbm/pbmtomda.c | 1
converter/pbm/pbmtoppa/pbm.c | 4 +-
converter/pbm/pbmtoppa/pbmtoppa.c | 1
converter/pbm/pbmtoxbm.c | 2 +
converter/pbm/pbmtoybm.c | 1
converter/pbm/pbmtozinc.c | 1
converter/pbm/pktopbm.c | 1
converter/pbm/thinkjettopbm.l | 4 ++
converter/pbm/ybmtopbm.c | 1
converter/pgm/lispmtopgm.c | 5 ++-
converter/pgm/psidtopgm.c | 1
converter/ppm/Makefile | 2 -
converter/ppm/ilbmtoppm.c | 27 +++++++++++++++++
converter/ppm/imgtoppm.c | 2 +
converter/ppm/pcxtoppm.c | 2 +
converter/ppm/picttoppm.c | 2 +
converter/ppm/pjtoppm.c | 21 ++++++++-----
converter/ppm/ppmtoeyuv.c | 1
converter/ppm/ppmtoicr.c | 2 -
converter/ppm/ppmtoilbm.c | 8 ++++-
converter/ppm/ppmtolj.c | 3 +
converter/ppm/ppmtomitsu.c | 2 +
converter/ppm/ppmtompeg/iframe.c | 4 +-
converter/ppm/ppmtompeg/parallel.c | 4 +-
converter/ppm/ppmtompeg/psearch.c | 18 +++++++++++
converter/ppm/ppmtompeg/rgbtoycc.c | 2 +
converter/ppm/ppmtopcx.c | 2 +
converter/ppm/ppmtopict.c | 2 +
converter/ppm/ppmtopj.c | 1
converter/ppm/ppmtopjxl.c | 8 +++++
converter/ppm/ppmtowinicon.c | 8 +++++
converter/ppm/ppmtoxpm.c | 2 +
converter/ppm/qrttoppm.c | 2 -
converter/ppm/sldtoppm.c | 2 +
converter/ppm/ximtoppm.c | 4 ++
converter/ppm/xpmtoppm.c | 1
converter/ppm/yuvtoppm.c | 1
editor/pamcut.c | 2 +
editor/pbmpscale.c | 1
editor/pbmreduce.c | 1
editor/pnmgamma.c | 1
editor/pnmhisteq.c | 1
editor/pnmindex.csh | 3 +
editor/pnmpad.c | 2 +
editor/pnmremap.c | 3 +
editor/pnmscalefixed.c | 7 ++++
editor/pnmshear.c | 6 +++
editor/ppmdither.c | 6 +++
editor/specialty/pamoil.c | 1
generator/pbmpage.c | 3 +
generator/pbmtext.c | 4 ++
generator/pgmcrater.c | 2 -
generator/pgmkernel.c | 2 -
lib/libpam.c | 3 +
lib/libpammap.c | 2 +
lib/libpbm1.c | 1
lib/libpbmvms.c | 2 +
lib/libpm.c | 49 +++++++++++++++++++++++++++++++
lib/pm.h | 7 ++++
other/pnmcolormap.c | 1
urt/README | 5 +++
urt/Runput.c | 10 ++++--
urt/rle.h | 14 +++++++++
urt/rle_addhist.c | 15 ++++++++-
urt/rle_getrow.c | 3 +
urt/rle_hdr.c | 19 ++++++++++--
urt/rle_open_f.c | 57 -------------------------------------
urt/rle_putcom.c | 6 +++
urt/scanargs.c | 6 ++-
94 files changed, 404 insertions(+), 101 deletions(-)
Index: netpbm-security-code.patch
===================================================================
RCS file: /cvs/pkgs/rpms/netpbm/devel/netpbm-security-code.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- netpbm-security-code.patch 27 Apr 2010 14:39:05 -0000 1.2
+++ netpbm-security-code.patch 12 Jul 2010 07:16:20 -0000 1.3
@@ -878,6 +878,102 @@ diff -up netpbm-10.47.04/converter/ppm/p
medias.maxcols *= 2;
medias.maxrows *= 2;
}
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security 2009-10-21 13:39:09.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c 2009-10-21 15:09:33.000000000 +0200
+@@ -800,7 +800,8 @@ BlockComputeSNR(MpegFrame * const curren
+ if (needs_init) {
+ int ysz = (Fsize_y>>3) * sizeof(int32 *);
+ int xsz = (Fsize_x>>3);
+-
++
++ overflow2((Fsize_y>>3), sizeof(int32 *));
+ needs_init = FALSE;
+ for (y=0; y<3; y++) {
+ varDiff[y] = ratio[y] = total[y] = 0.0;
+@@ -819,6 +820,7 @@ BlockComputeSNR(MpegFrame * const curren
+ fprintf(stderr, "Out of memory in BlockComputeSNR\n");
+ exit(-1);
+ }
++ overflow2(xsz,4);
+ for (y = 0; y < ySize[0]>>3; y++) {
+ SignalY[y] = (int32 *) calloc(xsz,4);
+ SignalCr[y] = (int32 *) calloc(xsz,4);
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security 2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c 2009-10-21 15:09:33.000000000 +0200
+@@ -2161,7 +2161,9 @@ DecodeServer(int const numInput
+ const char * error;
+
+ /* should keep list of port numbers to notify when frames become ready */
+-
++
++ overflow2(numInputFiles, sizeof(int));
++ overflow2(numInputFiles, sizeof(boolean));
+ ready = (boolean *) calloc(numInputFiles, sizeof(boolean));
+ waitMachine = (int *) calloc(numInputFiles, sizeof(int));
+ waitPort = (int *) malloc(numMachines*sizeof(int));
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security 2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c 2009-10-21 15:09:33.000000000 +0200
+@@ -216,7 +216,14 @@ SetSearchRange(int const pixelsP, int co
+ int const max_search = max(searchRangeP, searchRangeB);
+
+ int index;
+-
++
++ overflow2(searchRangeP, 2);
++ overflow2(searchRangeB, 2);
++ overflow_add(searchRangeP*2, 3);
++ overflow_add(searchRangeB*2, 3);
++ overflow2(2*searchRangeB+3, sizeof(int));
++ overflow2(2*searchRangeP+3, sizeof(int));
++
+ pmvHistogram = (int **) malloc((2*searchRangeP+3)*sizeof(int *));
+ bbmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
+ bfmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
+@@ -800,6 +807,9 @@ ShowPMVHistogram(fpointer)
+ int *columnTotals;
+ int rowTotal;
+
++ overflow2(searchRangeP, 2);
++ overflow_add(searchRangeP*2, 3);
++ overflow2(searchRangeP*2+3, sizeof(int));
+ columnTotals = (int *) calloc(2*searchRangeP+3, sizeof(int));
+
+ #ifdef COMPLETE_DISPLAY
+@@ -847,6 +857,9 @@ ShowBBMVHistogram(fpointer)
+
+ fprintf(fpointer, "B-frame Backwards:\n");
+
++ overflow2(searchRangeB, 2);
++ overflow_add(searchRangeB*2, 3);
++ overflow2(searchRangeB*2+3, sizeof(int));
+ columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
+
+ #ifdef COMPLETE_DISPLAY
+@@ -894,6 +907,9 @@ ShowBFMVHistogram(fpointer)
+
+ fprintf(fpointer, "B-frame Forwards:\n");
+
++ overflow2(searchRangeB, 2);
++ overflow_add(searchRangeB*2, 3);
++ overflow2(searchRangeB*2+3, sizeof(int));
+ columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
+
+ #ifdef COMPLETE_DISPLAY
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security 2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c 2009-10-21 15:09:33.000000000 +0200
+@@ -72,6 +72,8 @@ compute_mult_tables(const pixval maxval)
+ }
+ table_maxval = maxval;
+
++ overflow_add(table_maxval, 1);
++ overflow2(table_maxval+1, sizeof(float));
+ mult299 = malloc((table_maxval+1)*sizeof(float));
+ mult587 = malloc((table_maxval+1)*sizeof(float));
+ mult114 = malloc((table_maxval+1)*sizeof(float));
diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/converter/ppm/ppmtopcx.c
--- netpbm-10.47.04/converter/ppm/ppmtopcx.c.security 2009-10-21 13:39:10.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtopcx.c 2009-10-21 15:09:33.000000000 +0200
Index: netpbm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/netpbm/devel/netpbm.spec,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -p -r1.167 -r1.168
--- netpbm.spec 18 Jun 2010 09:30:36 -0000 1.167
+++ netpbm.spec 12 Jul 2010 07:16:20 -0000 1.168
@@ -1,6 +1,6 @@
Summary: A library for handling different graphics file formats
Name: netpbm
-Version: 10.47.16
+Version: 10.47.17
Release: 1%{?dist}
# See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain
@@ -251,6 +251,10 @@ rm -rf $RPM_BUILD_ROOT
%doc userguide/*
%changelog
+* Mon Jul 12 2010 Jindrich Novy <jnovy at redhat.com> 10.47.17-1
+- update to 10.47.17
+- add couple of missign overflow checks
+
* Fri Jun 18 2010 Jindrich Novy <jnovy at redhat.com> 10.47.16-1
- update to 10.47.16
- fixes pbmtext
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/netpbm/devel/sources,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -p -r1.75 -r1.76
--- sources 18 Jun 2010 09:30:36 -0000 1.75
+++ sources 12 Jul 2010 07:16:21 -0000 1.76
@@ -1 +1 @@
-41be70b9506fcb414821850732be7909 netpbm-10.47.16.tar.xz
+993ad1befc3b2f2ba8c80d78f9323707 netpbm-10.47.17.tar.xz
More information about the scm-commits
mailing list