scripts from bash to sh, to limit exposure to any still-unfixed or
still-undiscovered bash vulnerabilities.
A quick review of the shell scripts did not turn up any obvious
bashishms. Hopefully they have all been fixed already, but if not,
I'd still rather have one or two scripts be broken (and volunteer to
fix any breakage reported) than have all of them be vulnerable to bash
bugs.
Approved by agc.
Add a second tarball consisting of the html-to-man converted documenation,
and overwrite dummy man pages with those.
Changes in 10.67.04:
14.09.04 BJH Release 10.67.04
pcdovtoppm: Fix crash due to invalid operator == on some
systems. Always broken (pcdovtoppm was new sometime between
Netpbm 9.25 (March 2002) and Netpbm 10.11 (Februrary 2010)).
Build: fix compile failure due to use of reserved word
'stdout'.
Build with 'installosf': Fix crash due to invalid operator ==
on some systems.
Build: fix undefined symbols in fiasco converters with
static libraries.
Build: provide means of setting the default search path for
rgb.txt color database via config.mk.
14.06.29 BJH Release 10.35.93
pamsharpness: put primary output on Standard Output instead of
on Standard Error as a Netpbm message.
jpegtopnm -dumpexif: fix incorrect display of resolution.
Always broken. (-dumpexif was new in Netpbm 9.18 September
2001).
jpegtopnm -dumpexif: fix truncated make, model, or datetime.
Always broken. (-dumpexif was new in Netpbm 9.18 September
2001).
jpegtopnm -dumpexif: fix wild pointer with invalid EXIF data.
Always broken. (-dumpexif was new in Netpbm 9.18 September
2001).
Build: fix dependencies in .deb package so they work with Debian
6 at least. Always broken (.deb capability was new in 10.35.92).
14.03.29 BJH Release 10.35.92
ppmrelief: fix out-of-bound values in output. Always broken.
Thanks Prophet of the Way <afu@wta.att.ne.jp>.
ppmrelief: fix crash when input image is too small. Always
broken. Thanks Prophet of the Way <afu@wta.att.ne.jp>.
pgmtexture: fix buffer overflow. Always broken. (Program
was added in primordial Netpbm in 1991).
pamdeinterlace: fix incorrect output with -takeodd and image has
only one row. Always broken (pamdeinterlace was introduced in
Netpbm 9.21 (January 2001)). Thanks Prophet of the Way
<afu@wta.att.ne.jp>.
13.12.24 BJH Release 10.35.91
pbmtoepsi: fix handling of all-white image. Always broken.
Thanks Prophet of the Way <afu@wta.att.ne.jp>.
pbmtoepsi: fix excessively long raster line. Always broken.
Thanks Prophet of the Way <afu@wta.att.ne.jp>.
pnmshear: fix incorrect determination of background color.
Always broken.
ppmpat: fix crash with -squig with aspect ratio < 1:25 or
> 25:1. Thanks Prophet of the Way <afu@wta.att.ne.jp>.
Always broken.
pamgauss: Fix typo in message.
13.09.26 BJH Release 10.35.90
ppmtoxpm: fix bug: ignores inability to open the specified color
dictionary file (-rgb) and just doesn't use color names.
Introduced in Netpbm 10.15 (April 2003).
ppmforge. fix crash when -mesh is 1 or less. Always broken
(program was added in Pbmplus (October 1991). Thanks Prophet of
the Way <afu@wta.att.ne.jp>.
ppmforge: fix array bounds violation. Always broken (program
was added in Pbmplus (October 1991). Thanks Prophet of the Way
<afu@wta.att.ne.jp>.
13.05.03 BJH Release 10.35.89
ppmtowinicon: fix bug: sometimes creates image truncated in the
middle of the AND mask. Always broken (program was new in
Netpbm 9.3 (June 2000)).
pamtilt: fix bug: incorrect output or invalid memory access
crash. Always broken (program was new in Neptbm 10.30
(October 2005)).
13.02.20 BJH Release 10.35.88
ppmpat: fix wrong output with -poles.
Windows build: fix compile error on urt/rle_open_f.c due to
Unix process management stuff.
leaftoppm: fix incorrect determination of whether input is
Interleaf on 64 bit systems. Always broken.
cmuwmtopbm: fix incorrect determination of whether input is
a CMU window manager bitmap on 64 bit systems. Always broken.
12.12.05 BJH Release 10.35.87
pamtotiff: fix bug: XRESOLUTION, YRESOLUTION, and RESOLUTIONUNIT
not allowed in -tags. Broken at least since 10.35.00.
pnmmontage: fix random stuff placed in unoccupied space in the
output image. Always broken (program was new in 9.10 (January
2001).
pnmpsnr: fix crash when invoked (invalidly) with only one
argument. Always broken.
pampick: fix wild pointer in command line parsing. Bug has
always been there.
pamgauss: Fix bug: erroneously says -maxval is too big.
Always broken (Pamgauss was added in 10.23 (July 2004).
12.07.23 BJH Release 10.35.86
ppmtobmp: fix failure with "internal error" message on all
uses. Broken in 10.35.78.
Build: rename getline() in xpmtoppm.c to avoid collision
with some libc. Always broken.
12.06.21 BJH Release 10.35.85
configure: work around Perl bug that causes 'configure' to
falsely conclude Svgalib is installed.
Build: move -lm to end of -l's. Broken at least since 10.35.
12.02.14 BJH Release 10.35.84
pamscale: fix all black output with resampling. Always broken.
pgmtexture: fix integer overflow in difference variance.
Always broken.
pgmtexture: fix array bounds violations in various calculations.
Always broken.
Build: always put Netpbm header files before external library
header files in search path.
11.11.25 BJH Release 10.35.83
pngtopnm: fix crash with invalid tIME chunk. Always broken.
11.09.25 BJH Release 10.35.82
pnmtopng: fix bug: with -alpha specifying a mask which contains
no fully transparent area, output PNG is fully opaque.
Introduced in 10.29.
pnmquant: work with older Perl that doesn't have 3-argument open.
pnmtops: fix message: says "from top edge" where it means
"from bottom edge."
11.07.10 BJH Release 10.35.81
pgmtexture: fix wrong sum variance result. Wrong since the
beginning. Thanks Francois P. S. Luus <fpsluus@gmail.com>.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
- bmptopnm: Don't crash on invalid zero value of image height in
the BMP header of a compressed file. Always broken.
- bmptopnm: don't crash on large invalid value of 'colorsused' in
the BMP header.
- ilbmtoppm: Don't crash on image that has a transparent color
index, but no color map.
"pkgsrc" changes:
- Add a lot of patches written by Thomas Klausner and me to make this
compile with PNG 1.5.
Changes since version 10.35.76:
- ppmtompeg: fix crash with free of unallocated memory.
- Build: don't expect snprintf() to exist.
- Build: don't use <strings.h> or bzero().
* Pnmtopng: -libversion doesn't report level of linked libz.
It was a modularity violation and caused build failures on
Mac OS X, because Pnmtopng per se doesn't know about libz --
it's used by libpng.
* Build: don't fail due to SIGRTMIN, SIGRTMAX being undefined.
Changes 10.35.75:
* palmtopnm: fix for pixel size 16.
* pamscale: fix -reduce. Introduced in 10.27.
* configure: default to 'none' for Svgalib if it doesn't appear to
be installed (per 'ldconfig'). Ported from 10.38, released March 2007.
Changes 10.35.74:
* pbmtext: don't crash when font file contains a blank line.
Fail cleanly.
* ppmtoilbm: fix arithmetic overflow with image dimension
represented as 16 bit integer.
* pbmpage: fix garbage output.
* pnmhistmap: Fix crash with -width. Always broken.
* Build: don't fail due to SIGPWR being undefined.
is asking for trouble. On solaris these options are mutually exclusive
because 600 needs C99 and 500 is not allowed to use C99.
I lowered the requirement to _XOPEN_SOURCE=500 and the build succeeded.
While here I'll note that PR pkg/42897 (netbpm link error on Solaris 10)
should now be fixed by libpng-1.2.41nb1.
changes: many bugfixes, especially:
xpmtoppm: fix wild pointer with color index > 127.
which fixes a stack-based buffer overflow (CVE-2009-4274)
pkgsrc change: use a fixed PLIST instead of generating on install,
helps to detect problems
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
