guix/guix
3
5
Fork 0
mirror of git://git.savannah.gnu.org/guix.git synced 2023-12-14 03:33:07 +01:00
Code Issues Releases Wiki Activity

gnu: Remove libwmf.

Browse source 
This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:

https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html

* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
Leo Famulari 2017-06-23 18:00:54 -04:00
parent 68f30310e1
commit d17e085a59
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
17 changed files with 3 additions and 541 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
gnu/local.mk
View file

@ -493,7 +493,6 @@ dist_patch_DATA = \
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
%D%/packages/patches/abiword-explictly-cast-bools.patch \
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
%D%/packages/patches/abiword-black-drawing-with-gtk322.patch \
%D%/packages/patches/acl-hurd-path-max.patch \
%D%/packages/patches/aegis-constness-error.patch \
@ -779,18 +778,6 @@ dist_patch_DATA = \
%D%/packages/patches/libtool-skip-tests2.patch \
%D%/packages/patches/libunwind-CVE-2015-3239.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
%D%/packages/patches/libwmf-CAN-2004-0941.patch \
%D%/packages/patches/libwmf-CVE-2006-3376.patch \
%D%/packages/patches/libwmf-CVE-2007-0455.patch \
%D%/packages/patches/libwmf-CVE-2007-2756.patch \
%D%/packages/patches/libwmf-CVE-2007-3472.patch \
%D%/packages/patches/libwmf-CVE-2007-3473.patch \
%D%/packages/patches/libwmf-CVE-2007-3477.patch \
%D%/packages/patches/libwmf-CVE-2009-1364.patch \
%D%/packages/patches/libwmf-CVE-2009-3546.patch \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
%D%/packages/patches/libxcb-python-3.5-compat.patch \
%D%/packages/patches/libxml2-CVE-2016-4658.patch \
%D%/packages/patches/libxml2-CVE-2016-5131.patch \

5
gnu/packages/abiword.scm
View file

@ -2,6 +2,7 @@
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -55,8 +56,7 @@
(sha256
(base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg"))
(patches
(search-patches "abiword-wmf-version-lookup-fix.patch"
"abiword-explictly-cast-bools.patch"
(search-patches "abiword-explictly-cast-bools.patch"
"abiword-black-drawing-with-gtk322.patch"))))
(build-system glib-or-gtk-build-system)
@ -97,7 +97,6 @@
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("librsvg" ,librsvg)
("libwmf" ,libwmf)
("libxml2" ,libxml2)
("libxslt" ,libxslt)
("ots" ,ots)

46
gnu/packages/image.scm
View file

@ -397,52 +397,6 @@ collection of tools for doing simple manipulations of TIFF images.")
(base32
"0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
(define-public libwmf
(package
(name "libwmf")
(version "0.2.8.4")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/wvware/"
name "/" version
"/" name "-" version ".tar.gz"))
(sha256
(base32 "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v"))
(patches
(search-patches "libwmf-CAN-2004-0941.patch"
"libwmf-CVE-2006-3376.patch"
"libwmf-CVE-2007-0455.patch"
"libwmf-CVE-2007-2756.patch"
"libwmf-CVE-2007-3472.patch"
"libwmf-CVE-2007-3473.patch"
"libwmf-CVE-2007-3477.patch"
"libwmf-CVE-2009-1364.patch"
"libwmf-CVE-2009-3546.patch"
"libwmf-CVE-2015-0848+CVE-2015-4588.patch"
"libwmf-CVE-2015-4695.patch"
"libwmf-CVE-2015-4696.patch"))))
(build-system gnu-build-system)
(inputs
`(("freetype" ,freetype)
("libjpeg" ,libjpeg)
("libpng",libpng)
("libxml2" ,libxml2)
("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(synopsis "Library for reading images in the Microsoft WMF format")
(description
"libwmf is a library for reading vector images in Microsoft's native
Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X
window; or (b) converting them to more standard/free file formats such as, e.g.,
the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
(home-page "http://wvware.sourceforge.net/libwmf.html")
;; 'COPYING' is the GPLv2, but file headers say LGPLv2.0+.
(license license:lgpl2.0+)))
(define-public leptonica
(package
(name "leptonica")

28
gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
View file

@ -1,28 +0,0 @@
The way the configure script determines the version of libwmf is by temporarily
making dots separator characters, but since the file name of the program which
returns the version contains dots in Guix (the version in the store entry name),
doing it this way will always fail.
This is a simple guix-specific fix for the problem.
--- a/configure 2010-06-13 23:17:37.000000000 +0200
+++ b/configure 2014-09-08 17:31:52.102371800 +0200
@@ -21140,13 +21140,11 @@
$as_echo "$as_me: WARNING: wmf plugin: program libwmf-config not found in path" >&2;}
fi
else
- IFS_old="$IFS"
- IFS='.'
- set -- `$libwmfconfig --version`
- libwmf_major_found="${1}"
- libwmf_minor_found="${2}"
- libwmf_micro_found="${3}"
- IFS="$IFS_old"
+ libwmf_fullver_found=`$libwmfconfig --version`
+ libwmf_major_found=$(echo $libwmf_fullver_found | cut -d . -f 1)
+ libwmf_minor_found=$(echo $libwmf_fullver_found | cut -d . -f 2)
+ libwmf_micro_found=$(echo $libwmf_fullver_found | cut -d . -f 3)
+
if test "$libwmf_major_found" -gt "$libwmf_major_req"; then
wmf_deps="yes"
elif test "$libwmf_major_found" -eq "$libwmf_major_req" &&

21
gnu/packages/patches/libwmf-CAN-2004-0941.patch
View file

@ -1,21 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CAN-2004-0941.patch
--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:02:37.407589824 -0500
+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:04:29.672522960 -0500
@@ -188,6 +188,14 @@
png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
&interlace_type, NULL, NULL);
+ if (overflow2(sizeof (int), width))
+ {
+ return NULL;
+ }
+ if (overflow2(sizeof (int) * width, height))
+ {
+ return NULL;
+ }
if ((color_type == PNG_COLOR_TYPE_RGB) ||
(color_type == PNG_COLOR_TYPE_RGB_ALPHA))
{

30
gnu/packages/patches/libwmf-CVE-2006-3376.patch
View file

@ -1,30 +0,0 @@
Copied from Debian.
--- libwmf-0.2.8.4.orig/src/player.c
+++ libwmf-0.2.8.4/src/player.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <math.h>
@@ -132,8 +133,14 @@
}
}
-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+ {
+ API->err = wmf_E_InsMem;
+ WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");

15
gnu/packages/patches/libwmf-CVE-2007-0455.patch
View file

@ -1,15 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch
--- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000
+++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000
@@ -811,7 +811,7 @@
{
ch = c & 0xFF; /* don't extend sign */
}
- next++;
+ if (*next) next++;
}
else
{

20
gnu/packages/patches/libwmf-CVE-2007-2756.patch
View file

@ -1,20 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch
--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1
+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000
@@ -78,8 +78,11 @@
gdPngReadData (png_structp png_ptr,
png_bytep data, png_size_t length)
{
- gdGetBuf (data, length, (gdIOCtx *)
- png_get_io_ptr (png_ptr));
+ int check;
+ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
+ if (check != length) {
+ png_error(png_ptr, "Read Error: truncated data");
+ }
}
static void

63
gnu/packages/patches/libwmf-CVE-2007-3472.patch
View file

@ -1,63 +0,0 @@
Based on a patch from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch
--- libwmf-0.2.8.4/src/extra/gd/gd.c
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
@@ -106,6 +106,18 @@
gdImagePtr im;
unsigned long cpa_size;
+ if (overflow2(sx, sy)) {
+ return NULL;
+ }
+
+ if (overflow2(sizeof (int *), sy)) {
+ return NULL;
+ }
+
+ if (overflow2(sizeof(int), sx)) {
+ return NULL;
+ }
+
im = (gdImage *) gdMalloc (sizeof (gdImage));
if (im == 0) return 0;
memset (im, 0, sizeof (gdImage));
--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000
+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000
@@ -2,6 +2,7 @@
#include "gdhelpers.h"
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
/* TBB: gd_strtok_r is not portable; provide an implementation */
@@ -94,3 +95,18 @@
{
free (ptr);
}
+
+int overflow2(int a, int b)
+{
+ if(a < 0 || b < 0) {
+ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
+ return 1;
+ }
+ if(b == 0)
+ return 0;
+ if(a > INT_MAX / b) {
+ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
+ return 1;
+ }
+ return 0;
+}
--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000
+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000
@@ -15,4 +15,6 @@
void *gdMalloc(size_t size);
void *gdRealloc(void *ptr, size_t size);
+int overflow2(int a, int b);
+
#endif /* GDHELPERS_H */

17
gnu/packages/patches/libwmf-CVE-2007-3473.patch
View file

@ -1,17 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3473.patch
--- libwmf-0.2.8.4/src/extra/gd/gd.c
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd)
}
bytes = (w * h / 8) + 1;
im = gdImageCreate (w, h);
+ if (!im) {
+ return 0;
+ }
+
gdImageColorAllocate (im, 255, 255, 255);
gdImageColorAllocate (im, 0, 0, 0);
x = 0;

42
gnu/packages/patches/libwmf-CVE-2007-3477.patch
View file

@ -1,42 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3477.patch
--- libwmf-0.2.8.4/src/extra/gd/gd.c
+++ libwmf-0.2.8.4/src/extra/gd/gd.c
@@ -1335,10 +1335,31 @@
int w2, h2;
w2 = w / 2;
h2 = h / 2;
- while (e < s)
- {
- e += 360;
- }
+
+ if ((s % 360) == (e % 360)) {
+ s = 0; e = 360;
+ } else {
+ if (s > 360) {
+ s = s % 360;
+ }
+
+ if (e > 360) {
+ e = e % 360;
+ }
+
+ while (s < 0) {
+ s += 360;
+ }
+
+ while (e < s) {
+ e += 360;
+ }
+
+ if (s == e) {
+ s = 0; e = 360;
+ }
+ }
+
for (i = s; (i <= e); i++)
{
int x, y;

13
gnu/packages/patches/libwmf-CVE-2009-1364.patch
View file

@ -1,13 +0,0 @@
Copied from Debian.
--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
@@ -70,6 +70,7 @@
{ more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
if (more == 0) return;
im->clip->max += 8;
+ im->clip->list = more;
}
im->clip->list[im->clip->count] = (*rect);
im->clip->count++;

17
gnu/packages/patches/libwmf-CVE-2009-3546.patch
View file

@ -1,17 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch
--- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000
+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000
@@ -42,6 +42,10 @@
{
goto fail1;
}
+ if (&im->colorsTotal > gdMaxColors)
+ {
+ goto fail1;
+ }
}
/* Int to accommodate truecolor single-color transparency */
if (!gdGetInt (&im->transparent, in))

122
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
View file

@ -1,122 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:24.591876404 +0100
+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:35.345993247 +0100
@@ -859,7 +859,7 @@
%
%
*/
-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
{ int byte;
int count;
int i;
@@ -870,12 +870,14 @@
U32 u;
unsigned char* q;
+ unsigned char* end;
for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
byte = 0;
x = 0;
q = pixels;
+ end = pixels + bmp->width * bmp->height;
for (y = 0; y < bmp->height; )
{ count = ReadBlobByte (src);
@@ -884,7 +886,10 @@
{ /* Encoded mode. */
byte = ReadBlobByte (src);
for (i = 0; i < count; i++)
- { if (compression == 1)
+ {
+ if (q == end)
+ return 0;
+ if (compression == 1)
{ (*(q++)) = (unsigned char) byte;
}
else
@@ -896,13 +901,15 @@
else
{ /* Escape mode. */
count = ReadBlobByte (src);
- if (count == 0x01) return;
+ if (count == 0x01) return 1;
switch (count)
{
case 0x00:
{ /* End of line. */
x = 0;
y++;
+ if (y >= bmp->height)
+ return 0;
q = pixels + y * bmp->width;
break;
}
@@ -910,13 +917,20 @@
{ /* Delta mode. */
x += ReadBlobByte (src);
y += ReadBlobByte (src);
+ if (y >= bmp->height)
+ return 0;
+ if (x >= bmp->width)
+ return 0;
q = pixels + y * bmp->width + x;
break;
}
default:
{ /* Absolute mode. */
for (i = 0; i < count; i++)
- { if (compression == 1)
+ {
+ if (q == end)
+ return 0;
+ if (compression == 1)
{ (*(q++)) = ReadBlobByte (src);
}
else
@@ -943,7 +957,7 @@
byte = ReadBlobByte (src); /* end of line */
byte = ReadBlobByte (src);
- return;
+ return 1;
}
/*
@@ -1143,8 +1157,18 @@
}
}
else
- { /* Convert run-length encoded raster pixels. */
- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
+ {
+ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */
+ {
+ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
+ { WMF_ERROR (API,"corrupt bmp");
+ API->err = wmf_E_BadFormat;
+ }
+ }
+ else
+ { WMF_ERROR (API,"Unexpected pixel depth");
+ API->err = wmf_E_BadFormat;
+ }
}
if (ERR (API))
--- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:24.590876393 +0100
+++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:35.345993247 +0100
@@ -48,7 +48,7 @@
static unsigned short ReadBlobLSBShort (BMPSource*);
static unsigned long ReadBlobLSBLong (BMPSource*);
static long TellBlob (BMPSource*);
-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);

60
gnu/packages/patches/libwmf-CVE-2015-4695.patch
View file

@ -1,60 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4695.patch
--- libwmf-0.2.8.4/src/player/meta.h
+++ libwmf-0.2.8.4/src/player/meta.h
@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");
@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");
@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");
@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");
@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");
@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
objects = P->objects;
i = 0;
- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
if (i == NUM_OBJECTS (API))
{ WMF_ERROR (API,"Object out of range!");

27
gnu/packages/patches/libwmf-CVE-2015-4696.patch
View file

@ -1,27 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4696.patch
--- libwmf-0.2.8.4/src/player/meta.h
+++ libwmf-0.2.8.4/src/player/meta.h
@@ -2585,6 +2585,8 @@
polyrect.BR[i] = clip->rects[i].BR;
}
+ if (FR->region_clip) FR->region_clip (API,&polyrect);
+
wmf_free (API,polyrect.TL);
wmf_free (API,polyrect.BR);
}
@@ -2593,9 +2595,10 @@
polyrect.BR = 0;
polyrect.count = 0;
+
+ if (FR->region_clip) FR->region_clip (API,&polyrect);
}
- if (FR->region_clip) FR->region_clip (API,&polyrect);
return (changed);
}

5
gnu/packages/wv.scm
View file

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -39,16 +40,12 @@
(sha256
(base32
"1mn2ax6qjy3pvixlnvbkn6ymy6y4l2wxrr4brjaczm121s8hjcb7"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-libwmf")))
(inputs
`(("glib" ,glib)
("libgsf" ,libgsf)
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("libwmf" ,libwmf)
("zlib" ,zlib)))
(native-inputs
`(("glib" ,glib "bin")