From 2520b90f18ab408818b967f77ef38c1be85de634 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 13 Nov 2018 05:15:29 +0000 Subject: Tue Nov 13 05:15:29 UTC 2018 d/python-setuptools-40.6.1-x86_64-1.txz: Upgraded. l/M2Crypto-0.31.0-x86_64-1.txz: Upgraded. l/SDL2-2.0.9-x86_64-2.txz: Rebuilt. Fixed use of SDL_syswm.h with SDL_PROTOTYPES_ONLY in C++ mode. Thanks to orbea. l/libtiff-4.0.10-x86_64-1.txz: Upgraded. This update fixes some denial of service security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661 (* Security fix *) l/netpbm-10.84.02-x86_64-1.txz: Upgraded. n/net-snmp-5.8-x86_64-2.txz: Rebuilt. Recompiled to link the perl modules to the new libraries. Thanks to th_r. --- source/l/netpbm/netpbm-security-scripts.patch | 267 ++++++++++++++++++++++++++ 1 file changed, 267 insertions(+) create mode 100644 source/l/netpbm/netpbm-security-scripts.patch (limited to 'source/l/netpbm/netpbm-security-scripts.patch') diff --git a/source/l/netpbm/netpbm-security-scripts.patch b/source/l/netpbm/netpbm-security-scripts.patch new file mode 100644 index 000000000..0ba822ad1 --- /dev/null +++ b/source/l/netpbm/netpbm-security-scripts.patch @@ -0,0 +1,267 @@ +diff --git a/editor/ppmfade b/editor/ppmfade +index dcd7bf2..5091651 100755 +--- a/editor/ppmfade ++++ b/editor/ppmfade +@@ -40,6 +40,7 @@ exec perl -w -x -S -- "$0" "$@" + # + ############################################################################## + use strict; ++use File::Temp "tempdir"; + + sub doVersionHack($) { + my ($argvR) = @_; +@@ -149,20 +150,26 @@ if ($first_file ne "undefined") { + + print("Frames are " . $width . "W x " . $height . "H\n"); + ++# ++# We create a tmp-directory right here ++# ++my $tmpdir = tempdir("ppmfade.XXXXXX", CLEANUP => 1); ++ ++ + if ($first_file eq "undefined") { + print "Fading from black to "; +- system("ppmmake \\#000 $width $height >junk1$$.ppm"); ++ system("ppmmake \\#000 $width $height >$tmpdir/junk1$$.ppm"); + } else { + print "Fading from $first_file to "; +- system("cp", $first_file, "junk1$$.ppm"); ++ system("cp", $first_file, "$tmpdir/junk1$$.ppm"); + } + + if ($last_file eq "undefined") { + print "black.\n"; +- system("ppmmake \\#000 $width $height >junk2$$.ppm"); ++ system("ppmmake \\#000 $width $height >$tmpdir/junk2$$.ppm"); + } else { + print "$last_file\n"; +- system("cp", $last_file, "junk2$$.ppm"); ++ system("cp", $last_file, "$tmpdir/junk2$$.ppm"); + } + + # +@@ -170,14 +177,14 @@ if ($last_file eq "undefined") { + # + + # Here's what our temporary files are: +-# junk1$$.ppm: The original (fade-from) image +-# junk2$$.ppm: The target (fade-from) image +-# junk3$$.ppm: The frame of the fade for the current iteration of the +-# the for loop. +-# junk1a$$.ppm: If the fade involves a ppmmix sequence from one intermediate +-# image to another, this is the first frame of that +-# sequence. +-# junk2a$$.ppm: This is the last frame of the above-mentioned ppmmix sequence ++# $tmpdir/junk1$$.ppm: The original (fade-from) image ++# $tmpdir/junk2$$.ppm: The target (fade-from) image ++# $tmpdir/junk3$$.ppm: The frame of the fade for the current iteration of the ++# the for loop. ++# $tmpdir/junk1a$$.ppm: If the fade involves a ppmmix sequence from one intermediate ++# image to another, this is the first frame of that ++# sequence. ++# $tmpdir/junk2a$$.ppm: This is the last frame of the above-mentioned ppmmix sequence + + my $i; # Frame number + for ($i = 1; $i <= $nframes; $i++) { +@@ -185,147 +192,147 @@ for ($i = 1; $i <= $nframes; $i++) { + if ($mode eq $SPREAD) { + if ($i <= 10) { + my $n = $spline20[$i] * 100; +- system("ppmspread $n junk1$$.ppm >junk3$$.ppm"); ++ system("ppmspread $n $tmpdir/junk1$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n; + $n = $spline20[$i] * 100; +- system("ppmspread $n junk1$$.ppm >junk1a$$.ppm"); ++ system("ppmspread $n $tmpdir/junk1$$.ppm >$tmpdir/junk1a$$.ppm"); + $n = (1-$spline20[$i-10]) * 100; +- system("ppmspread $n junk2$$.ppm >junk2a$$.ppm"); ++ system("ppmspread $n $tmpdir/junk2$$.ppm >$tmpdir/junk2a$$.ppm"); + $n = $spline10[$i-10]; +- system("ppmmix $n junk1a$$.ppm junk2a$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1a$$.ppm $tmpdir/junk2a$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = (1-$spline20[$i-10])*100; +- system("ppmspread $n junk2$$.ppm >junk3$$.ppm"); ++ system("ppmspread $n $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + } elsif ($mode eq $SHIFT) { + if ($i <= 10) { + my $n = $spline20[$i] * 100; +- system("ppmshift $n junk1$$.ppm >junk3$$.ppm"); ++ system("ppmshift $n $tmpdir/junk1$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n; + $n = $spline20[$i] * 100; +- system("ppmshift $n junk1$$.ppm >junk1a$$.ppm"); ++ system("ppmshift $n $tmpdir/junk1$$.ppm >$tmpdir/junk1a$$.ppm"); + $n = (1-$spline20[$i-10])*100; +- system("ppmshift $n junk2$$.ppm >junk2a$$.ppm"); ++ system("ppmshift $n $tmpdir/junk2$$.ppm >$tmpdir/junk2a$$.ppm"); + $n = $spline10[$i-10]; +- system("ppmmix $n junk1a$$.ppm junk2a$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1a$$.ppm $tmpdir/junk2a$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = (1-$spline20[$i-10]) * 100; +- system("ppmshift $n junk2$$.ppm >junk3$$.ppm"); ++ system("ppmshift $n $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + } elsif ($mode eq $RELIEF) { + if ($i == 1) { +- system("ppmrelief junk1$$.ppm >junk1r$$.ppm"); ++ system("ppmrelief $tmpdir/junk1$$.ppm >$tmpdir/junk1r$$.ppm"); + } + if ($i <= 10) { + my $n = $spline10[$i]; +- system("ppmmix $n junk1$$.ppm junk1r$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1$$.ppm $tmpdir/junk1r$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n = $spline10[$i-10]; +- system("ppmmix $n junk1r$$.ppm junk2r$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1r$$.ppm $tmpdir/junk2r$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = $spline10[$i-20]; +- system("ppmmix $n junk2r$$.ppm junk2$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk2r$$.ppm $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + if ($i == 10) { +- system("ppmrelief junk2$$.ppm >junk2r$$.ppm"); ++ system("ppmrelief $tmpdir/junk2$$.ppm >$tmpdir/junk2r$$.ppm"); + } + } elsif ($mode eq $OIL) { + if ($i == 1) { +- system("ppmtopgm junk1$$.ppm | pgmoil >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk1o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk1$$.ppm | pgmoil >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk1o$$.ppm"); + } + if ($i <= 10) { + my $n = $spline10[$i]; +- system("ppmmix $n junk1$$.ppm junk1o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1$$.ppm $tmpdir/junk1o$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n = $spline10[$i-10]; +- system("ppmmix $n junk1o$$.ppm junk2o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1o$$.ppm $tmpdir/junk2o$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = $spline10[$i-20]; +- system("ppmmix $n junk2o$$.ppm junk2$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk2o$$.ppm $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + if ($i == 10) { +- system("ppmtopgm junk2$$.ppm | pgmoil >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk2o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk2$$.ppm | pgmoil >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk2o$$.ppm"); + } + } elsif ($mode eq $EDGE) { + if ($i == 1) { +- system("ppmtopgm junk1$$.ppm | pgmedge >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk1o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk1$$.ppm | pgmedge >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk1o$$.ppm"); + } + if ($i <= 10) { + my $n = $spline10[$i]; +- system("ppmmix $n junk1$$.ppm junk1o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1$$.ppm $tmpdir/junk1o$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n = $spline10[$i-10]; +- system("ppmmix $n junk1o$$.ppm junk2o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1o$$.ppm $tmpdir/junk2o$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = $spline10[$i-20]; +- system("ppmmix $n junk2o$$.ppm junk2$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk2o$$.ppm $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + if ($i == 10) { +- system("ppmtopgm junk2$$.ppm | pgmedge >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk2o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk2$$.ppm | pgmedge >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk2o$$.ppm"); + } + } elsif ($mode eq $BENTLEY) { + if ($i == 1) { +- system("ppmtopgm junk1$$.ppm | pgmbentley >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk1o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk1$$.ppm | pgmbentley >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk1o$$.ppm"); + } + if ($i <= 10) { + my $n = $spline10[$i]; +- system("ppmmix $n junk1$$.ppm junk1o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1$$.ppm $tmpdir/junk1o$$.ppm >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n = $spline10[$i-10]; +- system("ppmmix $n junk1o$$.ppm junk2o$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1o$$.ppm $tmpdir/junk2o$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = $spline10[$i-20]; +- system("ppmmix $n junk2o$$.ppm junk2$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk2o$$.ppm $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } + if ($i == 10) { +- system("ppmtopgm junk2$$.ppm | pgmbentley >junko$$.ppm"); +- system("rgb3toppm junko$$.ppm junko$$.ppm junko$$.ppm " . +- ">junk2o$$.ppm"); ++ system("ppmtopgm $tmpdir/junk2$$.ppm | pgmbentley >$tmpdir/junko$$.ppm"); ++ system("rgb3toppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm $tmpdir/junko$$.ppm " . ++ ">$tmpdir/junk2o$$.ppm"); + } + } elsif ($mode eq $BLOCK) { + if ($i <= 10) { + my $n = 1 - 1.9*$spline20[$i]; +- system("pamscale $n junk1$$.ppm | " . +- "pamscale -width $width -height $height >junk3$$.ppm"); ++ system("pamscale $n $tmpdir/junk1$$.ppm | " . ++ "pamscale -width $width -height $height >$tmpdir/junk3$$.ppm"); + } elsif ($i <= 20) { + my $n = $spline10[$i-10]; +- system("ppmmix $n junk1a$$.ppm junk2a$$.ppm >junk3$$.ppm"); ++ system("ppmmix $n $tmpdir/junk1a$$.ppm $tmpdir/junk2a$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + my $n = 1 - 1.9*$spline20[31-$i]; +- system("pamscale $n junk2$$.ppm | " . +- "pamscale -width $width -height $height >junk3$$.ppm"); ++ system("pamscale $n $tmpdir/junk2$$.ppm | " . ++ "pamscale -width $width -height $height >$tmpdir/junk3$$.ppm"); + } + if ($i == 10) { +- system("cp", "junk3$$.ppm", "junk1a$$.ppm"); +- system("pamscale $n junk2$$.ppm | " . +- "pamscale -width $width -height $height >junk2a$$.ppm"); ++ system("cp", "$tmpdir/junk3$$.ppm", "$tmpdir/junk1a$$.ppm"); ++ system("pamscale $n $tmpdir/junk2$$.ppm | " . ++ "pamscale -width $width -height $height >$tmpdir/junk2a$$.ppm"); + } + } elsif ($mode eq $MIX) { + my $fade_factor = sqrt(1/($nframes-$i+1)); +- system("ppmmix $fade_factor junk1$$.ppm junk2$$.ppm >junk3$$.ppm"); ++ system("ppmmix $fade_factor $tmpdir/junk1$$.ppm $tmpdir/junk2$$.ppm >$tmpdir/junk3$$.ppm"); + } else { + print("Internal error: impossible mode value '$mode'\n"); + } + + my $outfile = sprintf("%s.%04d.ppm", $base_name, $i); +- system("cp", "junk3$$.ppm", $outfile); ++ system("cp", "$tmpdir/junk3$$.ppm", $outfile); + } + + # + # Clean up shop. + # +-system("rm junk*$$.ppm"); ++system("rm $tmpdir/junk*$$.ppm"); + + exit(0); -- cgit v1.2.3