"A vulnerability in libwmf can be potentially exploited by malicious
people to compromise an application using the vulnerable library.
The vulnerability is caused due to an integer overflow error when
allocating memory based on a value taken directly from a WMF file
without performing any checks. This can be exploited to cause a
heap-based buffer overflow when a specially crafted WMF file is
processed.
Successful exploitation may allow execution of arbitrary code."
http://secunia.com/advisories/20921/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Patch from Red Hat. Bump PKGREVISION.
* 3 patches from Caolan at RedHat: remove unnecessary extra linked
libs; remove some warnings; rh154813 which (same redhat issuzilla
bug id) I theorize fixes some upsidedown wmfs.
CygWin changes mostly (all thanks to Tor Lillqvist), though build-tools
updates may make it build better on various systems. Has been tested by
various people since February; thought it was well-past time to release
this properly...
ChangeLog says:
* configure.ac: Don't use -lm on Windows. mingw has an (empty)
dummy libm, but it confuses libtool.) [Tor Lillqvist <tml@iki.fi>]
* libwm-config.in: Make installation-location-independent when run
in a Cygwin shell. [Tor Lillqvist <tml@iki.fi>]
* src/Makefile.am: Don't use -lm on Windows. Add libwmflite.la to
io_wmf_la_LIBADD. [Tor Lillqvist <tml@iki.fi>]
* src/wmf.c: Don't use hardcoded path for WMF_FONTDIR on Windows.
Instead, assume being built as a DLL, and look up the DLL
location in a DllMain routine, and use that to build the font
directory path at run-time. [Tor Lillqvist <tml@iki.fi>]
* src/font.c: Don't use hardcoded path for WMF_XTRA_FONTMAP either.
(remap_font_file_name): On Windows, if a font file name starts
with the build-time prefix, replace that with the run-time
installation prefix. [Tor Lillqvist <tml@iki.fi>]
I have been using this in my pkgsrc one a few systems for maybe two
months.
changes:
* update wmf2x & wmf2gd to use wmf_display_size() (fjf)
* ditch wmf_gd_image_free(); api_destroy takes care of the image (fjf)
* add new wmf_display_size() function which returns integer
size of image for display; io-wmf loader update (dom)
* add two convenience functions to xgd device layer for
manipulating GD image post-conversion (fjf)
* give libwmflite its own interface/binary numbers (fjf)
* change gd.c (add _tpixels member to gdImageStruct)
- now allocates contiguous array for truecolor pixels (fjf)
* gdk-pixbuf plugin added (dom); config update (fjf)
(needed for gimageview)
* update Fontmap[.GS] detection (guesswork, really) (fjf)
* don't include trio.h when --disable-heavy is used (fjf)
* remember to update both version numbers in configure.ac!
* move player.h's defs into metadefs.h for recorder.c (fjf)
* add some missing "extern"s (c. Jeremy Shane Sanders)
* added recorder.h & libwmf/canvas.h; call it Canvas now (fjf)
Changes:
Split libwmf in two, libwmflite (with the parser) and libwmf (utility
functions, device layers, etc.). Should also better support ImageMagick.
Other changes unknown.
Changes from 0.2.1 are here:
v. 0.2.2
* fix wmf2x arg detection bug (Bob Friesenhahn)
* added --with-layers option (fjf)
* de-necessitate GD, add libpng support (highly experimental);
rename config.h* to wmfconfig.h*; libxml2 fix (fjf)
* release builds: configure-time Darwin-detection & lt-patching;
make magick device layer optional; rewrite xml2 detection (wv);
make secondary IPA functions static (fjf)
* change copyright on include/libwmf/magick.h
* add paranoid check for xmlChar**attributes==NULL
* add one of many missing consts (Bob Friesenhahn)
* add check for vsnprintf in libdb (David C Sterratt)
* add 'foreign' device layer for non-wmf stuff
* x,gd: better placement of text
* x,gd: beginnings of a ROP implementation
* change gd-layer source file names to 'xgd' root
* use X-layer style text drawing in gd-layer
* yet more config updates (fun, fun, fun!)
* update other config stuff to handle autoconf-2.52
* update config.sub/guess to libtool-1.4.1
* make building/inclusion of GD library optional (fjf)
* acinclude fix (Tomasz K^3oczko)
* up the version number (fjf)
series is no longer in active development.
Please take a look at release note for more info of this version.
http://www.alinameridon.com/libwmf/Readme.html
converters/wv package will also be updated to latest version soon.
