diff options
author | Leo Famulari <leo@famulari.name> | 2017-06-23 18:00:54 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-06-24 23:10:28 -0400 |
commit | d17e085a59534a333cb8db028579fd0e6ec7f89b (patch) | |
tree | a14cac3625e0f78c2ca4ac91ae92e8525ced4e23 | |
parent | 68f30310e13e77079a55b8db368ead7698cb99dc (diff) |
gnu: Remove libwmf.
This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:
https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html
* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
-rw-r--r-- | gnu/local.mk | 13 | ||||
-rw-r--r-- | gnu/packages/abiword.scm | 5 | ||||
-rw-r--r-- | gnu/packages/image.scm | 46 | ||||
-rw-r--r-- | gnu/packages/patches/abiword-wmf-version-lookup-fix.patch | 28 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CAN-2004-0941.patch | 21 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2006-3376.patch | 30 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-0455.patch | 15 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-2756.patch | 20 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-3472.patch | 63 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-3473.patch | 17 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-3477.patch | 42 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2009-1364.patch | 13 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2009-3546.patch | 17 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch | 122 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2015-4695.patch | 60 | ||||
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2015-4696.patch | 27 | ||||
-rw-r--r-- | gnu/packages/wv.scm | 5 |
17 files changed, 3 insertions, 541 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9a5558f269..102fe98e60 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -493,7 +493,6 @@ dist_patch_DATA = \ %D%/packages/patches/a2ps-CVE-2001-1593.patch \ %D%/packages/patches/a2ps-CVE-2014-0466.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ - %D%/packages/patches/abiword-wmf-version-lookup-fix.patch \ %D%/packages/patches/abiword-black-drawing-with-gtk322.patch \ %D%/packages/patches/acl-hurd-path-max.patch \ %D%/packages/patches/aegis-constness-error.patch \ @@ -779,18 +778,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ - %D%/packages/patches/libwmf-CAN-2004-0941.patch \ - %D%/packages/patches/libwmf-CVE-2006-3376.patch \ - %D%/packages/patches/libwmf-CVE-2007-0455.patch \ - %D%/packages/patches/libwmf-CVE-2007-2756.patch \ - %D%/packages/patches/libwmf-CVE-2007-3472.patch \ - %D%/packages/patches/libwmf-CVE-2007-3473.patch \ - %D%/packages/patches/libwmf-CVE-2007-3477.patch \ - %D%/packages/patches/libwmf-CVE-2009-1364.patch \ - %D%/packages/patches/libwmf-CVE-2009-3546.patch \ - %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ - %D%/packages/patches/libwmf-CVE-2015-4695.patch \ - %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ %D%/packages/patches/libxml2-CVE-2016-5131.patch \ diff --git a/gnu/packages/abiword.scm b/gnu/packages/abiword.scm index 9a4acdc384..b00dac9a63 100644 --- a/gnu/packages/abiword.scm +++ b/gnu/packages/abiword.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -55,8 +56,7 @@ (sha256 (base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg")) (patches - (search-patches "abiword-wmf-version-lookup-fix.patch" - "abiword-explictly-cast-bools.patch" + (search-patches "abiword-explictly-cast-bools.patch" "abiword-black-drawing-with-gtk322.patch")))) (build-system glib-or-gtk-build-system) @@ -97,7 +97,6 @@ ("libjpeg" ,libjpeg) ("libpng" ,libpng) ("librsvg" ,librsvg) - ("libwmf" ,libwmf) ("libxml2" ,libxml2) ("libxslt" ,libxslt) ("ots" ,ots) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index fdf3497fe6..504df60fb5 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -397,52 +397,6 @@ collection of tools for doing simple manipulations of TIFF images.") (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) -(define-public libwmf - (package - (name "libwmf") - (version "0.2.8.4") - (source - (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/wvware/" - name "/" version - "/" name "-" version ".tar.gz")) - (sha256 - (base32 "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v")) - (patches - (search-patches "libwmf-CAN-2004-0941.patch" - "libwmf-CVE-2006-3376.patch" - "libwmf-CVE-2007-0455.patch" - "libwmf-CVE-2007-2756.patch" - "libwmf-CVE-2007-3472.patch" - "libwmf-CVE-2007-3473.patch" - "libwmf-CVE-2007-3477.patch" - "libwmf-CVE-2009-1364.patch" - "libwmf-CVE-2009-3546.patch" - "libwmf-CVE-2015-0848+CVE-2015-4588.patch" - "libwmf-CVE-2015-4695.patch" - "libwmf-CVE-2015-4696.patch")))) - - (build-system gnu-build-system) - (inputs - `(("freetype" ,freetype) - ("libjpeg" ,libjpeg) - ("libpng",libpng) - ("libxml2" ,libxml2) - ("zlib" ,zlib))) - (native-inputs - `(("pkg-config" ,pkg-config))) - (synopsis "Library for reading images in the Microsoft WMF format") - (description - "libwmf is a library for reading vector images in Microsoft's native -Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X -window; or (b) converting them to more standard/free file formats such as, e.g., -the W3C's XML-based Scaleable Vector Graphic (SVG) format.") - (home-page "http://wvware.sourceforge.net/libwmf.html") - - ;; 'COPYING' is the GPLv2, but file headers say LGPLv2.0+. - (license license:lgpl2.0+))) - (define-public leptonica (package (name "leptonica") diff --git a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch b/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch deleted file mode 100644 index f27f32f30b..0000000000 --- a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -The way the configure script determines the version of libwmf is by temporarily -making dots separator characters, but since the file name of the program which -returns the version contains dots in Guix (the version in the store entry name), -doing it this way will always fail. - -This is a simple guix-specific fix for the problem. - ---- a/configure 2010-06-13 23:17:37.000000000 +0200 -+++ b/configure 2014-09-08 17:31:52.102371800 +0200 -@@ -21140,13 +21140,11 @@ - $as_echo "$as_me: WARNING: wmf plugin: program libwmf-config not found in path" >&2;} - fi - else -- IFS_old="$IFS" -- IFS='.' -- set -- `$libwmfconfig --version` -- libwmf_major_found="${1}" -- libwmf_minor_found="${2}" -- libwmf_micro_found="${3}" -- IFS="$IFS_old" -+ libwmf_fullver_found=`$libwmfconfig --version` -+ libwmf_major_found=$(echo $libwmf_fullver_found | cut -d . -f 1) -+ libwmf_minor_found=$(echo $libwmf_fullver_found | cut -d . -f 2) -+ libwmf_micro_found=$(echo $libwmf_fullver_found | cut -d . -f 3) -+ - if test "$libwmf_major_found" -gt "$libwmf_major_req"; then - wmf_deps="yes" - elif test "$libwmf_major_found" -eq "$libwmf_major_req" && diff --git a/gnu/packages/patches/libwmf-CAN-2004-0941.patch b/gnu/packages/patches/libwmf-CAN-2004-0941.patch deleted file mode 100644 index 84dd9baee6..0000000000 --- a/gnu/packages/patches/libwmf-CAN-2004-0941.patch +++ /dev/null @@ -1,21 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CAN-2004-0941.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:02:37.407589824 -0500 -+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:04:29.672522960 -0500 -@@ -188,6 +188,14 @@ - - png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, - &interlace_type, NULL, NULL); -+ if (overflow2(sizeof (int), width)) -+ { -+ return NULL; -+ } -+ if (overflow2(sizeof (int) * width, height)) -+ { -+ return NULL; -+ } - if ((color_type == PNG_COLOR_TYPE_RGB) || - (color_type == PNG_COLOR_TYPE_RGB_ALPHA)) - { diff --git a/gnu/packages/patches/libwmf-CVE-2006-3376.patch b/gnu/packages/patches/libwmf-CVE-2006-3376.patch deleted file mode 100644 index 1e0e1ecfa8..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2006-3376.patch +++ /dev/null @@ -1,30 +0,0 @@ -Copied from Debian. - ---- libwmf-0.2.8.4.orig/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -23,6 +23,7 @@ - - #include <stdio.h> - #include <stdlib.h> -+#include <stdint.h> - #include <string.h> - #include <math.h> - -@@ -132,8 +133,14 @@ - } - } - --/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); -- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) -+ { -+ API->err = wmf_E_InsMem; -+ WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); - diff --git a/gnu/packages/patches/libwmf-CVE-2007-0455.patch b/gnu/packages/patches/libwmf-CVE-2007-0455.patch deleted file mode 100644 index ceefc75bf2..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2007-0455.patch +++ /dev/null @@ -1,15 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch - ---- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000 -@@ -811,7 +811,7 @@ - { - ch = c & 0xFF; /* don't extend sign */ - } -- next++; -+ if (*next) next++; - } - else - { diff --git a/gnu/packages/patches/libwmf-CVE-2007-2756.patch b/gnu/packages/patches/libwmf-CVE-2007-2756.patch deleted file mode 100644 index feafac535a..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2007-2756.patch +++ /dev/null @@ -1,20 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1 -+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000 -@@ -78,8 +78,11 @@ - gdPngReadData (png_structp png_ptr, - png_bytep data, png_size_t length) - { -- gdGetBuf (data, length, (gdIOCtx *) -- png_get_io_ptr (png_ptr)); -+ int check; -+ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr)); -+ if (check != length) { -+ png_error(png_ptr, "Read Error: truncated data"); -+ } - } - - static void diff --git a/gnu/packages/patches/libwmf-CVE-2007-3472.patch b/gnu/packages/patches/libwmf-CVE-2007-3472.patch deleted file mode 100644 index 180bdb5fc2..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2007-3472.patch +++ /dev/null @@ -1,63 +0,0 @@ -Based on a patch from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -106,6 +106,18 @@ - gdImagePtr im; - unsigned long cpa_size; - -+ if (overflow2(sx, sy)) { -+ return NULL; -+ } -+ -+ if (overflow2(sizeof (int *), sy)) { -+ return NULL; -+ } -+ -+ if (overflow2(sizeof(int), sx)) { -+ return NULL; -+ } -+ - im = (gdImage *) gdMalloc (sizeof (gdImage)); - if (im == 0) return 0; - memset (im, 0, sizeof (gdImage)); ---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000 -@@ -2,6 +2,7 @@ - #include "gdhelpers.h" - #include <stdlib.h> - #include <string.h> -+#include <limits.h> - - /* TBB: gd_strtok_r is not portable; provide an implementation */ - -@@ -94,3 +95,18 @@ - { - free (ptr); - } -+ -+int overflow2(int a, int b) -+{ -+ if(a < 0 || b < 0) { -+ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); -+ return 1; -+ } -+ if(b == 0) -+ return 0; -+ if(a > INT_MAX / b) { -+ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); -+ return 1; -+ } -+ return 0; -+} ---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000 -@@ -15,4 +15,6 @@ - void *gdMalloc(size_t size); - void *gdRealloc(void *ptr, size_t size); - -+int overflow2(int a, int b); -+ - #endif /* GDHELPERS_H */ diff --git a/gnu/packages/patches/libwmf-CVE-2007-3473.patch b/gnu/packages/patches/libwmf-CVE-2007-3473.patch deleted file mode 100644 index cb96c94a47..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2007-3473.patch +++ /dev/null @@ -1,17 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3473.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd) - } - bytes = (w * h / 8) + 1; - im = gdImageCreate (w, h); -+ if (!im) { -+ return 0; -+ } -+ - gdImageColorAllocate (im, 255, 255, 255); - gdImageColorAllocate (im, 0, 0, 0); - x = 0; diff --git a/gnu/packages/patches/libwmf-CVE-2007-3477.patch b/gnu/packages/patches/libwmf-CVE-2007-3477.patch deleted file mode 100644 index e9f6f4278b..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2007-3477.patch +++ /dev/null @@ -1,42 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3477.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -1335,10 +1335,31 @@ - int w2, h2; - w2 = w / 2; - h2 = h / 2; -- while (e < s) -- { -- e += 360; -- } -+ -+ if ((s % 360) == (e % 360)) { -+ s = 0; e = 360; -+ } else { -+ if (s > 360) { -+ s = s % 360; -+ } -+ -+ if (e > 360) { -+ e = e % 360; -+ } -+ -+ while (s < 0) { -+ s += 360; -+ } -+ -+ while (e < s) { -+ e += 360; -+ } -+ -+ if (s == e) { -+ s = 0; e = 360; -+ } -+ } -+ - for (i = s; (i <= e); i++) - { - int x, y; diff --git a/gnu/packages/patches/libwmf-CVE-2009-1364.patch b/gnu/packages/patches/libwmf-CVE-2009-1364.patch deleted file mode 100644 index 254b821596..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2009-1364.patch +++ /dev/null @@ -1,13 +0,0 @@ -Copied from Debian. - ---- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c -+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c -@@ -70,6 +70,7 @@ - { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); - if (more == 0) return; - im->clip->max += 8; -+ im->clip->list = more; - } - im->clip->list[im->clip->count] = (*rect); - im->clip->count++; - diff --git a/gnu/packages/patches/libwmf-CVE-2009-3546.patch b/gnu/packages/patches/libwmf-CVE-2009-3546.patch deleted file mode 100644 index ef76fe0736..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2009-3546.patch +++ /dev/null @@ -1,17 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch - ---- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000 -@@ -42,6 +42,10 @@ - { - goto fail1; - } -+ if (&im->colorsTotal > gdMaxColors) -+ { -+ goto fail1; -+ } - } - /* Int to accommodate truecolor single-color transparency */ - if (!gdGetInt (&im->transparent, in)) diff --git a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch b/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch deleted file mode 100644 index 871be1d267..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch +++ /dev/null @@ -1,122 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch - ---- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:24.591876404 +0100 -+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:35.345993247 +0100 -@@ -859,7 +859,7 @@ - % - % - */ --static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) -+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) - { int byte; - int count; - int i; -@@ -870,12 +870,14 @@ - U32 u; - - unsigned char* q; -+ unsigned char* end; - - for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; - - byte = 0; - x = 0; - q = pixels; -+ end = pixels + bmp->width * bmp->height; - - for (y = 0; y < bmp->height; ) - { count = ReadBlobByte (src); -@@ -884,7 +886,10 @@ - { /* Encoded mode. */ - byte = ReadBlobByte (src); - for (i = 0; i < count; i++) -- { if (compression == 1) -+ { -+ if (q == end) -+ return 0; -+ if (compression == 1) - { (*(q++)) = (unsigned char) byte; - } - else -@@ -896,13 +901,15 @@ - else - { /* Escape mode. */ - count = ReadBlobByte (src); -- if (count == 0x01) return; -+ if (count == 0x01) return 1; - switch (count) - { - case 0x00: - { /* End of line. */ - x = 0; - y++; -+ if (y >= bmp->height) -+ return 0; - q = pixels + y * bmp->width; - break; - } -@@ -910,13 +917,20 @@ - { /* Delta mode. */ - x += ReadBlobByte (src); - y += ReadBlobByte (src); -+ if (y >= bmp->height) -+ return 0; -+ if (x >= bmp->width) -+ return 0; - q = pixels + y * bmp->width + x; - break; - } - default: - { /* Absolute mode. */ - for (i = 0; i < count; i++) -- { if (compression == 1) -+ { -+ if (q == end) -+ return 0; -+ if (compression == 1) - { (*(q++)) = ReadBlobByte (src); - } - else -@@ -943,7 +957,7 @@ - byte = ReadBlobByte (src); /* end of line */ - byte = ReadBlobByte (src); - -- return; -+ return 1; - } - - /* -@@ -1143,8 +1157,18 @@ - } - } - else -- { /* Convert run-length encoded raster pixels. */ -- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); -+ { -+ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ -+ { -+ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) -+ { WMF_ERROR (API,"corrupt bmp"); -+ API->err = wmf_E_BadFormat; -+ } -+ } -+ else -+ { WMF_ERROR (API,"Unexpected pixel depth"); -+ API->err = wmf_E_BadFormat; -+ } - } - - if (ERR (API)) ---- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:24.590876393 +0100 -+++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:35.345993247 +0100 -@@ -48,7 +48,7 @@ - static unsigned short ReadBlobLSBShort (BMPSource*); - static unsigned long ReadBlobLSBLong (BMPSource*); - static long TellBlob (BMPSource*); --static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); -+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); - static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); - static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); - static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); diff --git a/gnu/packages/patches/libwmf-CVE-2015-4695.patch b/gnu/packages/patches/libwmf-CVE-2015-4695.patch deleted file mode 100644 index 42c4d55f40..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2015-4695.patch +++ /dev/null @@ -1,60 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4695.patch - ---- libwmf-0.2.8.4/src/player/meta.h -+++ libwmf-0.2.8.4/src/player/meta.h -@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API, - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API, - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); diff --git a/gnu/packages/patches/libwmf-CVE-2015-4696.patch b/gnu/packages/patches/libwmf-CVE-2015-4696.patch deleted file mode 100644 index 3674458c98..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2015-4696.patch +++ /dev/null @@ -1,27 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4696.patch - ---- libwmf-0.2.8.4/src/player/meta.h -+++ libwmf-0.2.8.4/src/player/meta.h -@@ -2585,6 +2585,8 @@ - polyrect.BR[i] = clip->rects[i].BR; - } - -+ if (FR->region_clip) FR->region_clip (API,&polyrect); -+ - wmf_free (API,polyrect.TL); - wmf_free (API,polyrect.BR); - } -@@ -2593,9 +2595,10 @@ - polyrect.BR = 0; - - polyrect.count = 0; -+ -+ if (FR->region_clip) FR->region_clip (API,&polyrect); - } - -- if (FR->region_clip) FR->region_clip (API,&polyrect); - - return (changed); - } diff --git a/gnu/packages/wv.scm b/gnu/packages/wv.scm index a7f294462b..12201faa3a 100644 --- a/gnu/packages/wv.scm +++ b/gnu/packages/wv.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com> +;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -39,16 +40,12 @@ (sha256 (base32 "1mn2ax6qjy3pvixlnvbkn6ymy6y4l2wxrr4brjaczm121s8hjcb7")))) - (build-system gnu-build-system) - (arguments - `(#:configure-flags '("--with-libwmf"))) (inputs `(("glib" ,glib) ("libgsf" ,libgsf) ("libjpeg" ,libjpeg) ("libpng" ,libpng) - ("libwmf" ,libwmf) ("zlib" ,zlib))) (native-inputs `(("glib" ,glib "bin") |