pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/netpbm This is a security update, which fixes...
details: https://anonhg.NetBSD.org/pkgsrc/rev/359581ffcac7
branches: trunk
changeset: 515099:359581ffcac7
user: adam <adam%pkgsrc.org@localhost>
date: Sun Jun 25 06:35:58 2006 +0000
description:
This is a security update, which fixes a buffer overflow vulnerability.
Changes 10.34:
* Add pamthreshold, pamx, pamtoxvmini.
* pammasksharpen: Add -threshold.
* pnmtopng: make "N colors found" message verbose-only.
* pnmtopng: make "no room in palette" message non-verbose.
* picttoppm: Tolerate various PICT file corruptions.
* picttoppm: Don't issue warning message when file named
'fontdir' doesn't exist.
* libnetpbm: Add ppmd_fill_path().
* ppmtobmp: Fix for PBM input.
* bmptopnm: Don't crash on BMP with no color map.
* bmptopnm: Fix wrong file name in error messages.
* ppmtogif: fix bug: always produces garbage output.
* ppmtompeg: fix input from Standard Input.
* pnmflip: fix bug: -rotate90, -rotate180, and -rotate270
(and synonyms) don't work when followed by other rotation options.
* ppmtoilbm: Fig bug: generates more planes than necessary.
* pamtofits: fix buffer overflow in asembling header.
* picttoppm: fix bug - interprets some images wrong because of
bogus "rowBytes" value.
* Redo asprintfN(), etc. so as not to use va_list in a way
that doesn't work on some machines.
* cameratopam: remove definition of memmem() so it doesn't collide
with same in some C libraries. Add memmemN() and MEMEQ to libnetpbm.
* Fix build of filename.o.
diffstat:
graphics/netpbm/Makefile | 6 +++---
graphics/netpbm/distinfo | 16 ++++++----------
graphics/netpbm/patches/patch-aa | 26 +++++++++++++-------------
graphics/netpbm/patches/patch-ab | 6 +++---
graphics/netpbm/patches/patch-ac | 18 ------------------
graphics/netpbm/patches/patch-ag | 19 -------------------
graphics/netpbm/patches/patch-ai | 18 ------------------
graphics/netpbm/patches/patch-aj | 13 -------------
8 files changed, 25 insertions(+), 97 deletions(-)
diffs (257 lines):
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/Makefile
--- a/graphics/netpbm/Makefile Sun Jun 25 03:32:23 2006 +0000
+++ b/graphics/netpbm/Makefile Sun Jun 25 06:35:58 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.142 2006/06/18 16:18:11 minskim Exp $
+# $NetBSD: Makefile,v 1.143 2006/06/25 06:35:58 adam Exp $
-DISTNAME= netpbm-10.33
-PKGREVISION= 4
+DISTNAME= netpbm-10.34
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=netpbm/}
EXTRACT_SUFX= .tgz
@@ -61,6 +60,7 @@
.include "../../graphics/jasper/buildlink3.mk"
.include "../../graphics/png/buildlink3.mk"
.include "../../graphics/tiff/buildlink3.mk"
+.include "../../textproc/libxml2/buildlink3.mk"
pre-configure:
${CP} ${WRKSRC}/Makefile.config.in ${WRKSRC}/Makefile.config
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/distinfo
--- a/graphics/netpbm/distinfo Sun Jun 25 03:32:23 2006 +0000
+++ b/graphics/netpbm/distinfo Sun Jun 25 06:35:58 2006 +0000
@@ -1,16 +1,12 @@
-$NetBSD: distinfo,v 1.58 2006/06/18 16:18:11 minskim Exp $
+$NetBSD: distinfo,v 1.59 2006/06/25 06:35:58 adam Exp $
-SHA1 (netpbm-10.33.tgz) = ed1023fc8b5e15db274495b860f2f80df309454e
-RMD160 (netpbm-10.33.tgz) = 7721314f9ef27f22a6bb034ca9e3577cff2984e5
-Size (netpbm-10.33.tgz) = 2456707 bytes
-SHA1 (patch-aa) = 1ae80f9e1b1c9041dfe79870e8827157c0d0874a
-SHA1 (patch-ab) = 894da433f184ead77e09d1d50b97a0096deb8b99
-SHA1 (patch-ac) = 07f109139bf30da22b05d00189cbb7b4a5f8f05a
+SHA1 (netpbm-10.34.tgz) = 530458871f9d3dc763a1bf82f227eeb79098c601
+RMD160 (netpbm-10.34.tgz) = 57a596efa6cacb981135d554a72cbaffc4cfe72c
+Size (netpbm-10.34.tgz) = 2507007 bytes
+SHA1 (patch-aa) = dbb17588aa8f8628ad98af43935adc710f870d0f
+SHA1 (patch-ab) = 7781c51e9a8cc9de953540a04e19303244ef8d57
SHA1 (patch-ad) = b4a5833e18afd5a991aad897674386a3f00c3ee1
SHA1 (patch-ae) = 33a5be2843dd85b530f5e6ba496cd0380cd5edd1
SHA1 (patch-af) = 41c3506dcd267ce15d5b7e5ff9b0c1ee97b54e26
-SHA1 (patch-ag) = 9565c0e777cbbbd4974000695c05044a2433f0c8
SHA1 (patch-ah) = f2a542983932edebee2110868e631b394f380b26
-SHA1 (patch-ai) = ef03877b12769ccf624454b29539ae8b5fab550f
-SHA1 (patch-aj) = 771b2de6e9b32ad3c5d305411533cec5ac7c74c4
SHA1 (patch-ca) = b63be9bd38dd182949edf3b892608b72d13c1fa0
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-aa
--- a/graphics/netpbm/patches/patch-aa Sun Jun 25 03:32:23 2006 +0000
+++ b/graphics/netpbm/patches/patch-aa Sun Jun 25 06:35:58 2006 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
+$NetBSD: patch-aa,v 1.38 2006/06/25 06:35:58 adam Exp $
---- Makefile.config.in.orig 2006-01-02 16:15:17.000000000 -0800
+--- Makefile.config.in.orig 2006-06-18 21:23:40.000000000 +0200
+++ Makefile.config.in
@@ -24,7 +24,7 @@ DEFAULT_TARGET = nonmerge
# and skip it on those systems unless you want to debug it and fix it.
@@ -51,7 +51,7 @@
# Solaris:
# LEX = flex -e
# Or just skip parts that need Lex:
-@@ -219,7 +221,7 @@ EXE =
+@@ -220,7 +222,7 @@ EXE =
# Here, $(SONAME) resolves to the soname for the shared library being created.
# The following are gcc options. This works on GNU libc systems.
@@ -60,7 +60,7 @@
# You need -nostart instead of -shared on BeOS. Though the BeOS compiler is
# ostensibly gcc, it has the -nostart option, which is not mentioned in gcc
# documentation and doesn't exist in at least one non-BeOS installation.
-@@ -252,6 +254,19 @@ LDRELOC = NONE
+@@ -253,6 +255,19 @@ LDRELOC = NONE
#LDRELOC = ld --reloc
#LDRELOC = ld -r
@@ -80,7 +80,7 @@
# On older systems, you have to make shared libraries out of position
# independent code, so you need -fpic or fPIC here. (The rule is: if
-@@ -274,11 +289,23 @@ LDRELOC = NONE
+@@ -275,11 +290,23 @@ LDRELOC = NONE
CFLAGS_SHLIB =
# Solaris or SunOS with gcc, and NetBSD:
#CFLAGS_SHLIB = -fpic
@@ -105,7 +105,7 @@
# SHLIB_CLIB is the link option to include the C library in a shared library,
# normally "-lc". On typical systems, this serves no purpose. On some,
# though, it causes information about which C library to use to be recorded
-@@ -347,8 +374,8 @@ TIFFHDR_DIR =
+@@ -348,8 +375,8 @@ TIFFHDR_DIR =
#TIFFLIB = libtiff.so
#TIFFHDR_DIR = /usr/include/libtiff
#NetBSD:
@@ -116,7 +116,7 @@
# OSF, Tru64:
#TIFFLIB = /usr/local1/DEC/lib/libtiff.so
#TIFFHDR_DIR = /usr/local1/DEC/include
-@@ -378,8 +405,8 @@ JPEGHDR_DIR =
+@@ -379,8 +406,8 @@ JPEGHDR_DIR =
#JPEGLIB = libjpeg.so
#JPEGHDR_DIR = /usr/include/jpeg
# Netbsd:
@@ -127,7 +127,7 @@
# OSF, Tru64:
#JPEGLIB = /usr/local1/DEC/libjpeg.so
#JPEGHDR_DIR = /usr/local1/DEC/include
-@@ -399,12 +426,12 @@ JPEGHDR_DIR =
+@@ -400,12 +427,12 @@ JPEGHDR_DIR =
# option.
PNGLIB = NONE
PNGHDR_DIR =
@@ -143,7 +143,7 @@
# OSF/Tru64:
#PNGLIB = /usr/local1/DEC/lib/libpng$(PNGVER).so
#PNGHDR_DIR = /usr/local1/DEC/include
-@@ -414,8 +441,8 @@ PNGVER =
+@@ -415,8 +442,8 @@ PNGVER =
# NONE for the PNG library, it doesn't matter what you specify here --
# it won't get used.
@@ -154,7 +154,7 @@
#ZLIB = libz.so
# The JBIG lossless image compression library (aka JBIG-KIT):
-@@ -424,8 +451,8 @@ JBIGLIB = $(BUILDDIR)/converter/other/jb
+@@ -425,8 +452,8 @@ JBIGLIB = $(BUILDDIR)/converter/other/jb
JBIGHDR_DIR = $(SRCDIR)/converter/other/jbig
# The Jasper JPEG-2000 image compression library (aka JasPer):
@@ -165,7 +165,7 @@
# JASPERDEPLIBS is the libraries (-l options or file names) on which
# The Jasper library depends -- i.e. what you have to link into any
# executable that links in the Jasper library.
-@@ -461,7 +488,7 @@ OMIT_NETWORK =
+@@ -471,7 +498,7 @@ OMIT_NETWORK =
# built into the standard C library, so this can be null. This is irrelevant
# if OMIT_NETWORK is "y".
@@ -174,7 +174,7 @@
# Solaris, SunOS:
#NETWORKLD = -lsocket -lnsl
# SCO:
-@@ -510,7 +537,7 @@ SUFFIXMANUALS5 = 5
+@@ -525,7 +552,7 @@ SUFFIXMANUALS5 = 5
#Netpbm library functions. The value is used only in make file tests.
# "unixshared" means a unix-style shared library, typically named like
# libxyz.so.2.3
@@ -183,7 +183,7 @@
# "unixstatic" means a unix-style static library, (like libxyz.a)
#NETPBMLIBTYPE = unixstatic
# "dll" means a Windows DLL shared library
-@@ -521,7 +548,7 @@ NETPBMLIBTYPE = unixshared
+@@ -536,7 +563,7 @@ NETPBMLIBTYPE = unixshared
#NETPBMLIBSUFFIX is the suffix used on whatever kind of library is
#selected above. All this is used for is to construct library names.
#The make files never examine the actual value.
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-ab
--- a/graphics/netpbm/patches/patch-ab Sun Jun 25 03:32:23 2006 +0000
+++ b/graphics/netpbm/patches/patch-ab Sun Jun 25 06:35:58 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.19 2006/02/27 22:01:16 adam Exp $
+$NetBSD: patch-ab,v 1.20 2006/06/25 06:35:58 adam Exp $
---- converter/other/Makefile.orig 2006-02-25 20:15:20.000000000 +0100
+--- converter/other/Makefile.orig 2006-05-28 01:16:09.000000000 +0200
+++ converter/other/Makefile
-@@ -108,6 +108,13 @@ all: $(BINARIES) $(SUBDIRS:%=%/all)
+@@ -126,6 +126,13 @@ all: $(BINARIES) $(SUBDIRS:%=%/all)
include $(SRCDIR)/Makefile.common
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-ac
--- a/graphics/netpbm/patches/patch-ac Sun Jun 25 03:32:23 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-ac,v 1.14 2005/01/18 14:16:20 adam Exp $
-
---- converter/ppm/ppmtompeg/param.c.orig 2004-12-03 05:05:39.000000000 +0000
-+++ converter/ppm/ppmtompeg/param.c
-@@ -7,13 +7,6 @@
-
- /* COPYRIGHT INFORMATION IS AT THE END OF THIS FILE */
-
--#define _XOPEN_SOURCE 1
-- /* This makes sure popen() is in stdio.h. In GNU libc 2.1.3,
-- _POSIX_C_SOURCE = 2 is sufficient, but on AIX 4.3, the higher level
-- _XOPEN_SOURCE is required. 2000.09.09
-- */
--
--
- /*==============*
- * HEADER FILES *
- *==============*/
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-ag
--- a/graphics/netpbm/patches/patch-ag Sun Jun 25 03:32:23 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-$NetBSD: patch-ag,v 1.16 2006/05/14 16:39:05 wiz Exp $
-
---- converter/ppm/picttoppm.c.orig 2005-12-22 08:51:46.000000000 +0000
-+++ converter/ppm/picttoppm.c
-@@ -1715,12 +1715,12 @@ unpackbits(struct Rect* const bounds,
- rowBytes = rowBytesArg & 0x7fff;
- else
- rowBytes = rowBytesArg;
-- if (rowBytes == 0)
-- rowBytes = pixwidth;
-
- stage = "unpacking packbits";
-
- pixwidth = bounds->right - bounds->left;
-+ if (rowBytes == 0)
-+ rowBytes = pixwidth;
-
- pkpixsize = 1;
- if (pixelSize == 16) {
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-ai
--- a/graphics/netpbm/patches/patch-ai Sun Jun 25 03:32:23 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-ai,v 1.9 2006/05/14 16:39:05 wiz Exp $
-
---- converter/ppm/ppmtogif.c.orig 2006-02-15 19:46:41.000000000 +0000
-+++ converter/ppm/ppmtogif.c
-@@ -705,11 +705,9 @@ output(code_int const code) {
- if we want to use the compressor more than once per invocation
- (e.g. we want to create a multi-image gif).
- */
-- static unsigned long curAccum;
-- static int curBits;
-+ static unsigned long curAccum = 0;
-+ static int curBits = 0;
-
-- curBits = 0; /* initial value */
-- curAccum = 0; /* initial value */
- curAccum &= masks[curBits];
-
- if (curBits > 0)
diff -r d789a5319898 -r 359581ffcac7 graphics/netpbm/patches/patch-aj
--- a/graphics/netpbm/patches/patch-aj Sun Jun 25 03:32:23 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-aj,v 1.9 2006/05/14 16:39:05 wiz Exp $
-
---- lib/Makefile.orig 2006-03-18 20:17:20.000000000 +0000
-+++ lib/Makefile
-@@ -184,7 +184,7 @@ standardppmdfont.c:standard.ppmdfont
- compile.h:
- $(SRCDIR)/buildtools/stamp-date >$@ || rm $@
-
--util/shhopt.o util/nstring.o: FORCE
-+util/shhopt.o util/nstring.o util/filename.o: FORCE
- @if [ ! -d $(dir $@) ] ; then mkdir $(dir $@) ; fi
- $(MAKE) -C $(dir $@) -f $(SRCDIR)/$(SUBDIR)/$(dir $@)Makefile \
- SRCDIR=$(SRCDIR) BUILDDIR=$(BUILDDIR) $(notdir $@)
Home |
Main Index |
Thread Index |
Old Index