Paul Howarth wrote:
I was going to raise a bug about the missing picttoppm binary in the netpbm-progs package but when I looked at the spec file and the patches for netpbm, I discovered that picttoppm was deliberately removed, apparently for security reasons. The patch netpbm-10.23-security.patch removes picttoppm from the list of programs to build in the Makefile, and adds the following line to the start of the picttoppm code:
#error "Unfixable. Don't ship me"
So instead I have raised a bug about the package containing a manpage for a program that is not shipped:
https://bugzilla.redhat.com/beta/show_bug.cgi?id=146863
Thanks Paul!
The usage of picttoppm is a bit uncommon # picttoppm file.pict > file.ppm but I don't think this is what the folks at redhat meant.
No, this is the normal way of using the netpbm tools. You use a program to convert whatever input file format you have (e.g. pict) into something portable (e.g. ppm) and then pipe the output into a converter that converts the portable format into whatever output format you want (e.g. gif):
$ picttoppm file.pict | ppmtogif > file.gif
There are also a bunch of filters you can apply in the middle of the pipeline to change the image in various ways, thus providing a powerful set of command-line tools for manipulating images of various formats. See the netpbm documentation for further details.
I suspect the security issue with picttoppm was probably to do with insecure temporary files but I'm not sure about that. You may want to consider disabling the program (chmod 0 `which picttoppm`) if you have security concerns about it.
I'll look at the bugzilla entry every now and then.
Good idea.
Paul.
