head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.108 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.106 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.104 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.102 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.100 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.98 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.96 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.94 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.92 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.90 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.88 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.86 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.84 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.82 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.80 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.78 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.76 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.74 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.72 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.70 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.68 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.66 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.64 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.60 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.40 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.62 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.58 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.56 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.54 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.52 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.50 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.48 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.46 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.44 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.42 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.38 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.36 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.34 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.32 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.30 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.28 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.26 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.24 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.22 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.20 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.18 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.16 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.14 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.12 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.10 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.8 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.6 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.4 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.2 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.2.0.46 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.44 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.42 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.40 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.38 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.36 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.34 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.32 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.30 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.28 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.26 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.24 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.22 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.20 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.18 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.16 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.14 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.12 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.10 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.8 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.3 date 2012.11.01.19.40.08; author joerg; state Exp; branches; next 1.2; 1.2 date 2007.07.30.10.25.42; author joerg; state Exp; branches; next 1.1; 1.1 date 2005.10.05.11.45.46; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.10.05.11.45.46; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.10.08.05.56.40; author snj; state Exp; branches; next ; desc @@ 1.3 log @ISO says that main shall not be void. @ text @$NetBSD: patch-ah,v 1.2 2007/07/30 10:25:42 joerg Exp $ --- ../convert/eyuvtojpeg.c.orig 1995-04-14 21:16:52.000000000 +0000 +++ ../convert/eyuvtojpeg.c @@@@ -24,7 +24,7 @@@@ *==============*/ #include #include -#include +#include typedef unsigned char uint8; @@@@ -43,11 +43,12 @@@@ void ReadYUV(FILE *fp); void AllocYCC(void); -void main(int argc, char **argv) +int main(int argc, char **argv) { FILE *fpointer; - char command[256]; - char src[256], dest[256]; + char command[4096]; + char src[4096], dest[4096], tempfile[4096]; + int ret; if ((strcmp(argv[1],"-?") == 0) || (strcmp(argv[1],"-h") == 0) || @@@@ -98,13 +99,16 @@@@ void main(int argc, char **argv) YUVtoPPM(); fprintf(stdout, "Writing PPM\n"); - fpointer = fopen("/tmp/foobar", "w"); + sprintf(tempfile, "%s.tmp", dest); + fpointer = fopen(tempfile, "w"); WritePPM(fpointer); fclose(fpointer); fprintf(stdout, "Converting to JPEG %s\n", dest); - sprintf(command, "cjpeg /tmp/foobar > %s", dest); - system(command); + sprintf(command, "cjpeg %s > %s", tempfile, dest); + ret = system(command); + unlink(tempfile); + return ret; } @ 1.2 log @malloc.h --> stdlib.h @ text @d1 1 a1 1 $NetBSD$ d14 6 a19 2 @@@@ -46,8 +46,9 @@@@ void AllocYCC(void); void main(int argc, char **argv) @ 1.1 log @Security fixes for SA17008: "Vulnerabilities in Berkeley MPEG Tools can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerabilities are caused due to temporary files being created insecurely in "/tmp." http://secunia.com/advisories/17008/ http://www.gentoo.org/security/en/glsa/glsa-200510-02.xml Patches from Gentoo. @ text @d3 3 a5 5 Fix for SA17008, from Gentoo. --- ../convert/eyuvtojpeg.c.orig 1995-04-14 23:16:52.000000000 +0200 +++ ../convert/eyuvtojpeg.c 2005-10-05 13:20:02.000000000 +0200 @@@@ -24,6 +24,7 @@@@ d9 1 a10 1 #include d13 2 a14 1 @@@@ -46,8 +47,9 @@@@ d26 1 a26 1 @@@@ -98,13 +100,16 @@@@ @ 1.1.2.1 log @file patch-ah was added on branch pkgsrc-2005Q3 on 2005-10-05 11:45:46 +0000 @ text @d1 46 @ 1.1.2.2 log @Pullup ticket 802 - requested by Lubomir Sedlacik security fix for mpeg_encode Revisions pulled up: - pkgsrc/multimedia/mpeg_encode/Makefile 1.9 - pkgsrc/multimedia/mpeg_encode/distinfo 1.4 - pkgsrc/multimedia/mpeg_encode/patches/patch-ae 1.2 - pkgsrc/multimedia/mpeg_encode/patches/patch-ah 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-ai 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-aj 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-ak 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-al 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-am 1.1 - pkgsrc/multimedia/mpeg_encode/patches/patch-an 1.1 Module Name: pkgsrc Committed By: salo Date: Wed Oct 5 11:45:46 UTC 2005 Modified Files: pkgsrc/multimedia/mpeg_encode: Makefile distinfo pkgsrc/multimedia/mpeg_encode/patches: patch-ae Added Files: pkgsrc/multimedia/mpeg_encode/patches: patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an Log Message: Security fixes for SA17008: "Vulnerabilities in Berkeley MPEG Tools can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerabilities are caused due to temporary files being created insecurely in "/tmp." http://secunia.com/advisories/17008/ http://www.gentoo.org/security/en/glsa/glsa-200510-02.xml Patches from Gentoo. @ text @a0 46 $NetBSD: patch-ah,v 1.1.2.1 2005/10/08 05:56:40 snj Exp $ Fix for SA17008, from Gentoo. --- ../convert/eyuvtojpeg.c.orig 1995-04-14 23:16:52.000000000 +0200 +++ ../convert/eyuvtojpeg.c 2005-10-05 13:20:02.000000000 +0200 @@@@ -24,6 +24,7 @@@@ *==============*/ #include #include +#include #include typedef unsigned char uint8; @@@@ -46,8 +47,9 @@@@ void main(int argc, char **argv) { FILE *fpointer; - char command[256]; - char src[256], dest[256]; + char command[4096]; + char src[4096], dest[4096], tempfile[4096]; + int ret; if ((strcmp(argv[1],"-?") == 0) || (strcmp(argv[1],"-h") == 0) || @@@@ -98,13 +100,16 @@@@ YUVtoPPM(); fprintf(stdout, "Writing PPM\n"); - fpointer = fopen("/tmp/foobar", "w"); + sprintf(tempfile, "%s.tmp", dest); + fpointer = fopen(tempfile, "w"); WritePPM(fpointer); fclose(fpointer); fprintf(stdout, "Converting to JPEG %s\n", dest); - sprintf(command, "cjpeg /tmp/foobar > %s", dest); - system(command); + sprintf(command, "cjpeg %s > %s", tempfile, dest); + ret = system(command); + unlink(tempfile); + return ret; } @