Red Hat Bugzilla – Bug 61788
netpbm contains multiple unsafe input handling errors
Last modified: 2015-03-04 20:10:22 EST
NetPBM is pretty much in need of a complete from scratch rewrite to fix the
problems it has. Now (before 7.3) would be a very good time to drop it, since
imlib drops requirements/use of it in the 7.2 imlib errata
Is there any other program that can duplicate the commandline functionality of it?
Posting your root password to slashdot is about the equivalent functionality, or
do you mean image processing. On the image handling side ImageMagick does some
of it, and somewhat more safely
Basically netpbm is not supportable, if people install it from Bero's collection
or powerstools or similar things fine, but if we had to fix the mess that netpbm
is then it probably represents multiple man weeks of engineering time.
We have it in the tree solely because in our early days package QA was a bit lax.
You honestly think the typical user uses or even knows what netpbm is - I'd
count you as very atypical. You are extremely brave if you use those tools on
anything that didn't come out of an app you personally trust to process those
image formats correctly.
We are not tslking complex stuff here, we are talking beginning C programmer
errors. I'm also curious what features you use that imagemagick does not have ?
Er.. perhaps we should take out the
/usr/share/printconf/mf_rules/mf50-netpbm_filters file then?
# netpbm magicfilter rules
/p[gbp]m/ pipe/postscript/ /usr/bin/pnmtops -quiet
/gif/ pipe/p[gbp]m/ /usr/bin/giftopnm
/jpeg/ pipe/p[gbp]m/ /usr/bin/djpeg -pnm
/png/ pipe/p[gbp]m/ /usr/bin/pngtopnm
/TIFF image/ fpipe/p[gbp]m/ /usr/bin/tifftopnm $FILE
/PC bitmap data/ pipe/p[gbp]m/ /usr/bin/bmptoppm
/Sun raster image/ pipe/p[gbp]m/ /usr/bin/rasttopnm
/SGI image data/ pipe/p[gbp]m/ /usr/bin/sgitopnm
(These get run by the print spooler)
This was done for 8.0? or 9?
9 it seems. Is it still as horrible as it was? The package seems to have had ten
releases since the 7.2 one at least...