gnu: Remove libwmf.
This package contains many security vulnerabilities and is no longer maintained upstream. See this discussion for more information: https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html * gnu/packages/image.scm (libwmf): Remove variable. * gnu/packages/wv.scm (wv)[inputs]: Remove libwmf. [arguments]: Remove field. * gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf. [source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'. * gnu/packages/patches/abiword-wmf-version-lookup-fix.patch, gnu/packages/patches/libwmf-CAN-2004-0941.patch, gnu/packages/patches/libwmf-CVE-2006-3376.patch, gnu/packages/patches/libwmf-CVE-2007-0455.patch, gnu/packages/patches/libwmf-CVE-2007-2756.patch, gnu/packages/patches/libwmf-CVE-2007-3472.patch, gnu/packages/patches/libwmf-CVE-2007-3473.patch, gnu/packages/patches/libwmf-CVE-2007-3477.patch, gnu/packages/patches/libwmf-CVE-2009-1364.patch, gnu/packages/patches/libwmf-CVE-2009-3546.patch, gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch, gnu/packages/patches/libwmf-CVE-2015-4695.patch, gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
parent
68f30310e1
commit
d17e085a59
13
gnu/local.mk
13
gnu/local.mk
|
@ -493,7 +493,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
|
||||
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
|
||||
%D%/packages/patches/abiword-explictly-cast-bools.patch \
|
||||
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
|
||||
%D%/packages/patches/abiword-black-drawing-with-gtk322.patch \
|
||||
%D%/packages/patches/acl-hurd-path-max.patch \
|
||||
%D%/packages/patches/aegis-constness-error.patch \
|
||||
|
@ -779,18 +778,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libtool-skip-tests2.patch \
|
||||
%D%/packages/patches/libunwind-CVE-2015-3239.patch \
|
||||
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
|
||||
%D%/packages/patches/libwmf-CAN-2004-0941.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2006-3376.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2007-0455.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2007-2756.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2007-3472.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2007-3473.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2007-3477.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2009-1364.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2009-3546.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
|
||||
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
|
||||
%D%/packages/patches/libxcb-python-3.5-compat.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
|
||||
%D%/packages/patches/libxml2-CVE-2016-5131.patch \
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
|
||||
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -55,8 +56,7 @@
|
|||
(sha256
|
||||
(base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg"))
|
||||
(patches
|
||||
(search-patches "abiword-wmf-version-lookup-fix.patch"
|
||||
"abiword-explictly-cast-bools.patch"
|
||||
(search-patches "abiword-explictly-cast-bools.patch"
|
||||
"abiword-black-drawing-with-gtk322.patch"))))
|
||||
|
||||
(build-system glib-or-gtk-build-system)
|
||||
|
@ -97,7 +97,6 @@
|
|||
("libjpeg" ,libjpeg)
|
||||
("libpng" ,libpng)
|
||||
("librsvg" ,librsvg)
|
||||
("libwmf" ,libwmf)
|
||||
("libxml2" ,libxml2)
|
||||
("libxslt" ,libxslt)
|
||||
("ots" ,ots)
|
||||
|
|
|
@ -397,52 +397,6 @@ collection of tools for doing simple manipulations of TIFF images.")
|
|||
(base32
|
||||
"0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
|
||||
|
||||
(define-public libwmf
|
||||
(package
|
||||
(name "libwmf")
|
||||
(version "0.2.8.4")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/wvware/"
|
||||
name "/" version
|
||||
"/" name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32 "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v"))
|
||||
(patches
|
||||
(search-patches "libwmf-CAN-2004-0941.patch"
|
||||
"libwmf-CVE-2006-3376.patch"
|
||||
"libwmf-CVE-2007-0455.patch"
|
||||
"libwmf-CVE-2007-2756.patch"
|
||||
"libwmf-CVE-2007-3472.patch"
|
||||
"libwmf-CVE-2007-3473.patch"
|
||||
"libwmf-CVE-2007-3477.patch"
|
||||
"libwmf-CVE-2009-1364.patch"
|
||||
"libwmf-CVE-2009-3546.patch"
|
||||
"libwmf-CVE-2015-0848+CVE-2015-4588.patch"
|
||||
"libwmf-CVE-2015-4695.patch"
|
||||
"libwmf-CVE-2015-4696.patch"))))
|
||||
|
||||
(build-system gnu-build-system)
|
||||
(inputs
|
||||
`(("freetype" ,freetype)
|
||||
("libjpeg" ,libjpeg)
|
||||
("libpng",libpng)
|
||||
("libxml2" ,libxml2)
|
||||
("zlib" ,zlib)))
|
||||
(native-inputs
|
||||
`(("pkg-config" ,pkg-config)))
|
||||
(synopsis "Library for reading images in the Microsoft WMF format")
|
||||
(description
|
||||
"libwmf is a library for reading vector images in Microsoft's native
|
||||
Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X
|
||||
window; or (b) converting them to more standard/free file formats such as, e.g.,
|
||||
the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
|
||||
(home-page "http://wvware.sourceforge.net/libwmf.html")
|
||||
|
||||
;; 'COPYING' is the GPLv2, but file headers say LGPLv2.0+.
|
||||
(license license:lgpl2.0+)))
|
||||
|
||||
(define-public leptonica
|
||||
(package
|
||||
(name "leptonica")
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
The way the configure script determines the version of libwmf is by temporarily
|
||||
making dots separator characters, but since the file name of the program which
|
||||
returns the version contains dots in Guix (the version in the store entry name),
|
||||
doing it this way will always fail.
|
||||
|
||||
This is a simple guix-specific fix for the problem.
|
||||
|
||||
--- a/configure 2010-06-13 23:17:37.000000000 +0200
|
||||
+++ b/configure 2014-09-08 17:31:52.102371800 +0200
|
||||
@@ -21140,13 +21140,11 @@
|
||||
$as_echo "$as_me: WARNING: wmf plugin: program libwmf-config not found in path" >&2;}
|
||||
fi
|
||||
else
|
||||
- IFS_old="$IFS"
|
||||
- IFS='.'
|
||||
- set -- `$libwmfconfig --version`
|
||||
- libwmf_major_found="${1}"
|
||||
- libwmf_minor_found="${2}"
|
||||
- libwmf_micro_found="${3}"
|
||||
- IFS="$IFS_old"
|
||||
+ libwmf_fullver_found=`$libwmfconfig --version`
|
||||
+ libwmf_major_found=$(echo $libwmf_fullver_found | cut -d . -f 1)
|
||||
+ libwmf_minor_found=$(echo $libwmf_fullver_found | cut -d . -f 2)
|
||||
+ libwmf_micro_found=$(echo $libwmf_fullver_found | cut -d . -f 3)
|
||||
+
|
||||
if test "$libwmf_major_found" -gt "$libwmf_major_req"; then
|
||||
wmf_deps="yes"
|
||||
elif test "$libwmf_major_found" -eq "$libwmf_major_req" &&
|
|
@ -1,21 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CAN-2004-0941.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:02:37.407589824 -0500
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:04:29.672522960 -0500
|
||||
@@ -188,6 +188,14 @@
|
||||
|
||||
png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
|
||||
&interlace_type, NULL, NULL);
|
||||
+ if (overflow2(sizeof (int), width))
|
||||
+ {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ if (overflow2(sizeof (int) * width, height))
|
||||
+ {
|
||||
+ return NULL;
|
||||
+ }
|
||||
if ((color_type == PNG_COLOR_TYPE_RGB) ||
|
||||
(color_type == PNG_COLOR_TYPE_RGB_ALPHA))
|
||||
{
|
|
@ -1,30 +0,0 @@
|
|||
Copied from Debian.
|
||||
|
||||
--- libwmf-0.2.8.4.orig/src/player.c
|
||||
+++ libwmf-0.2.8.4/src/player.c
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <math.h>
|
||||
|
||||
@@ -132,8 +133,14 @@
|
||||
}
|
||||
}
|
||||
|
||||
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
|
||||
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
|
||||
+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
|
||||
+ {
|
||||
+ API->err = wmf_E_InsMem;
|
||||
+ WMF_DEBUG (API,"bailing...");
|
||||
+ return (API->err);
|
||||
+ }
|
||||
+
|
||||
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
|
||||
|
||||
if (ERR (API))
|
||||
{ WMF_DEBUG (API,"bailing...");
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000
|
||||
@@ -811,7 +811,7 @@
|
||||
{
|
||||
ch = c & 0xFF; /* don't extend sign */
|
||||
}
|
||||
- next++;
|
||||
+ if (*next) next++;
|
||||
}
|
||||
else
|
||||
{
|
|
@ -1,20 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000
|
||||
@@ -78,8 +78,11 @@
|
||||
gdPngReadData (png_structp png_ptr,
|
||||
png_bytep data, png_size_t length)
|
||||
{
|
||||
- gdGetBuf (data, length, (gdIOCtx *)
|
||||
- png_get_io_ptr (png_ptr));
|
||||
+ int check;
|
||||
+ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
|
||||
+ if (check != length) {
|
||||
+ png_error(png_ptr, "Read Error: truncated data");
|
||||
+ }
|
||||
}
|
||||
|
||||
static void
|
|
@ -1,63 +0,0 @@
|
|||
Based on a patch from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
@@ -106,6 +106,18 @@
|
||||
gdImagePtr im;
|
||||
unsigned long cpa_size;
|
||||
|
||||
+ if (overflow2(sx, sy)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (overflow2(sizeof (int *), sy)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (overflow2(sizeof(int), sx)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
im = (gdImage *) gdMalloc (sizeof (gdImage));
|
||||
if (im == 0) return 0;
|
||||
memset (im, 0, sizeof (gdImage));
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000
|
||||
@@ -2,6 +2,7 @@
|
||||
#include "gdhelpers.h"
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
+#include <limits.h>
|
||||
|
||||
/* TBB: gd_strtok_r is not portable; provide an implementation */
|
||||
|
||||
@@ -94,3 +95,18 @@
|
||||
{
|
||||
free (ptr);
|
||||
}
|
||||
+
|
||||
+int overflow2(int a, int b)
|
||||
+{
|
||||
+ if(a < 0 || b < 0) {
|
||||
+ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
|
||||
+ return 1;
|
||||
+ }
|
||||
+ if(b == 0)
|
||||
+ return 0;
|
||||
+ if(a > INT_MAX / b) {
|
||||
+ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
|
||||
+ return 1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000
|
||||
@@ -15,4 +15,6 @@
|
||||
void *gdMalloc(size_t size);
|
||||
void *gdRealloc(void *ptr, size_t size);
|
||||
|
||||
+int overflow2(int a, int b);
|
||||
+
|
||||
#endif /* GDHELPERS_H */
|
|
@ -1,17 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3473.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd)
|
||||
}
|
||||
bytes = (w * h / 8) + 1;
|
||||
im = gdImageCreate (w, h);
|
||||
+ if (!im) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
gdImageColorAllocate (im, 255, 255, 255);
|
||||
gdImageColorAllocate (im, 0, 0, 0);
|
||||
x = 0;
|
|
@ -1,42 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3477.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
|
||||
@@ -1335,10 +1335,31 @@
|
||||
int w2, h2;
|
||||
w2 = w / 2;
|
||||
h2 = h / 2;
|
||||
- while (e < s)
|
||||
- {
|
||||
- e += 360;
|
||||
- }
|
||||
+
|
||||
+ if ((s % 360) == (e % 360)) {
|
||||
+ s = 0; e = 360;
|
||||
+ } else {
|
||||
+ if (s > 360) {
|
||||
+ s = s % 360;
|
||||
+ }
|
||||
+
|
||||
+ if (e > 360) {
|
||||
+ e = e % 360;
|
||||
+ }
|
||||
+
|
||||
+ while (s < 0) {
|
||||
+ s += 360;
|
||||
+ }
|
||||
+
|
||||
+ while (e < s) {
|
||||
+ e += 360;
|
||||
+ }
|
||||
+
|
||||
+ if (s == e) {
|
||||
+ s = 0; e = 360;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (i = s; (i <= e); i++)
|
||||
{
|
||||
int x, y;
|
|
@ -1,13 +0,0 @@
|
|||
Copied from Debian.
|
||||
|
||||
--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
|
||||
@@ -70,6 +70,7 @@
|
||||
{ more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
|
||||
if (more == 0) return;
|
||||
im->clip->max += 8;
|
||||
+ im->clip->list = more;
|
||||
}
|
||||
im->clip->list[im->clip->count] = (*rect);
|
||||
im->clip->count++;
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000
|
||||
+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000
|
||||
@@ -42,6 +42,10 @@
|
||||
{
|
||||
goto fail1;
|
||||
}
|
||||
+ if (&im->colorsTotal > gdMaxColors)
|
||||
+ {
|
||||
+ goto fail1;
|
||||
+ }
|
||||
}
|
||||
/* Int to accommodate truecolor single-color transparency */
|
||||
if (!gdGetInt (&im->transparent, in))
|
|
@ -1,122 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:24.591876404 +0100
|
||||
+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:35.345993247 +0100
|
||||
@@ -859,7 +859,7 @@
|
||||
%
|
||||
%
|
||||
*/
|
||||
-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
|
||||
+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
|
||||
{ int byte;
|
||||
int count;
|
||||
int i;
|
||||
@@ -870,12 +870,14 @@
|
||||
U32 u;
|
||||
|
||||
unsigned char* q;
|
||||
+ unsigned char* end;
|
||||
|
||||
for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
|
||||
|
||||
byte = 0;
|
||||
x = 0;
|
||||
q = pixels;
|
||||
+ end = pixels + bmp->width * bmp->height;
|
||||
|
||||
for (y = 0; y < bmp->height; )
|
||||
{ count = ReadBlobByte (src);
|
||||
@@ -884,7 +886,10 @@
|
||||
{ /* Encoded mode. */
|
||||
byte = ReadBlobByte (src);
|
||||
for (i = 0; i < count; i++)
|
||||
- { if (compression == 1)
|
||||
+ {
|
||||
+ if (q == end)
|
||||
+ return 0;
|
||||
+ if (compression == 1)
|
||||
{ (*(q++)) = (unsigned char) byte;
|
||||
}
|
||||
else
|
||||
@@ -896,13 +901,15 @@
|
||||
else
|
||||
{ /* Escape mode. */
|
||||
count = ReadBlobByte (src);
|
||||
- if (count == 0x01) return;
|
||||
+ if (count == 0x01) return 1;
|
||||
switch (count)
|
||||
{
|
||||
case 0x00:
|
||||
{ /* End of line. */
|
||||
x = 0;
|
||||
y++;
|
||||
+ if (y >= bmp->height)
|
||||
+ return 0;
|
||||
q = pixels + y * bmp->width;
|
||||
break;
|
||||
}
|
||||
@@ -910,13 +917,20 @@
|
||||
{ /* Delta mode. */
|
||||
x += ReadBlobByte (src);
|
||||
y += ReadBlobByte (src);
|
||||
+ if (y >= bmp->height)
|
||||
+ return 0;
|
||||
+ if (x >= bmp->width)
|
||||
+ return 0;
|
||||
q = pixels + y * bmp->width + x;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{ /* Absolute mode. */
|
||||
for (i = 0; i < count; i++)
|
||||
- { if (compression == 1)
|
||||
+ {
|
||||
+ if (q == end)
|
||||
+ return 0;
|
||||
+ if (compression == 1)
|
||||
{ (*(q++)) = ReadBlobByte (src);
|
||||
}
|
||||
else
|
||||
@@ -943,7 +957,7 @@
|
||||
byte = ReadBlobByte (src); /* end of line */
|
||||
byte = ReadBlobByte (src);
|
||||
|
||||
- return;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1143,8 +1157,18 @@
|
||||
}
|
||||
}
|
||||
else
|
||||
- { /* Convert run-length encoded raster pixels. */
|
||||
- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
|
||||
+ {
|
||||
+ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */
|
||||
+ {
|
||||
+ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
|
||||
+ { WMF_ERROR (API,"corrupt bmp");
|
||||
+ API->err = wmf_E_BadFormat;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ { WMF_ERROR (API,"Unexpected pixel depth");
|
||||
+ API->err = wmf_E_BadFormat;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (ERR (API))
|
||||
--- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:24.590876393 +0100
|
||||
+++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:35.345993247 +0100
|
||||
@@ -48,7 +48,7 @@
|
||||
static unsigned short ReadBlobLSBShort (BMPSource*);
|
||||
static unsigned long ReadBlobLSBLong (BMPSource*);
|
||||
static long TellBlob (BMPSource*);
|
||||
-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
|
||||
+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
|
||||
static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
|
||||
static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
|
||||
static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
|
|
@ -1,60 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4695.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/player/meta.h
|
||||
+++ libwmf-0.2.8.4/src/player/meta.h
|
||||
@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
||||
@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
||||
@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
||||
@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
||||
@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
||||
@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
|
||||
objects = P->objects;
|
||||
|
||||
i = 0;
|
||||
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
|
||||
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
|
||||
|
||||
if (i == NUM_OBJECTS (API))
|
||||
{ WMF_ERROR (API,"Object out of range!");
|
|
@ -1,27 +0,0 @@
|
|||
Copied from Fedora.
|
||||
|
||||
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4696.patch
|
||||
|
||||
--- libwmf-0.2.8.4/src/player/meta.h
|
||||
+++ libwmf-0.2.8.4/src/player/meta.h
|
||||
@@ -2585,6 +2585,8 @@
|
||||
polyrect.BR[i] = clip->rects[i].BR;
|
||||
}
|
||||
|
||||
+ if (FR->region_clip) FR->region_clip (API,&polyrect);
|
||||
+
|
||||
wmf_free (API,polyrect.TL);
|
||||
wmf_free (API,polyrect.BR);
|
||||
}
|
||||
@@ -2593,9 +2595,10 @@
|
||||
polyrect.BR = 0;
|
||||
|
||||
polyrect.count = 0;
|
||||
+
|
||||
+ if (FR->region_clip) FR->region_clip (API,&polyrect);
|
||||
}
|
||||
|
||||
- if (FR->region_clip) FR->region_clip (API,&polyrect);
|
||||
|
||||
return (changed);
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
|
||||
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -39,16 +40,12 @@
|
|||
(sha256
|
||||
(base32
|
||||
"1mn2ax6qjy3pvixlnvbkn6ymy6y4l2wxrr4brjaczm121s8hjcb7"))))
|
||||
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:configure-flags '("--with-libwmf")))
|
||||
(inputs
|
||||
`(("glib" ,glib)
|
||||
("libgsf" ,libgsf)
|
||||
("libjpeg" ,libjpeg)
|
||||
("libpng" ,libpng)
|
||||
("libwmf" ,libwmf)
|
||||
("zlib" ,zlib)))
|
||||
(native-inputs
|
||||
`(("glib" ,glib "bin")
|
||||
|
|
Loading…
Reference in New Issue