diff options
-rw-r--r-- | .SRCINFO | 38 | ||||
-rw-r--r-- | PKGBUILD | 59 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CAN-2004-0941.patch | 17 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2007-0455.patch | 11 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2007-2756.patch | 16 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2007-3472.patch | 59 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2007-3473.patch | 13 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2007-3477.patch | 38 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2009-3546.patch | 13 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch | 118 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2015-4695.patch | 56 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2015-4696.patch | 23 | ||||
-rw-r--r-- | libwmf-0.2.8.4-CVE-2016-9011.patch | 36 | ||||
-rw-r--r-- | libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch | 27 | ||||
-rw-r--r-- | libwmf-0.2.8.4-libpng-1.5.patch | 12 | ||||
-rw-r--r-- | libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch | 10 | ||||
-rw-r--r-- | libwmf-freetype.patch | 65 |
17 files changed, 82 insertions, 529 deletions
@@ -1,7 +1,7 @@ pkgbase = lib32-libwmf pkgdesc = A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) (32-bit) - pkgver = 0.2.8.4 - pkgrel = 2 + pkgver = 0.2.10 + pkgrel = 1 url = http://wvware.sourceforge.net/libwmf.html arch = x86_64 license = LGPL @@ -13,36 +13,10 @@ pkgbase = lib32-libwmf depends = libwmf options = !docs options = !emptydirs - source = http://downloads.sourceforge.net/sourceforge/wvware/libwmf-0.2.8.4.tar.gz - source = libwmf-0.2.8.4-libpng-1.5.patch - source = libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch - source = libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch - source = libwmf-0.2.8.4-CAN-2004-0941.patch - source = libwmf-0.2.8.4-CVE-2007-0455.patch - source = libwmf-0.2.8.4-CVE-2007-2756.patch - source = libwmf-0.2.8.4-CVE-2007-3472.patch - source = libwmf-0.2.8.4-CVE-2007-3473.patch - source = libwmf-0.2.8.4-CVE-2007-3477.patch - source = libwmf-0.2.8.4-CVE-2009-3546.patch - source = libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch - source = libwmf-0.2.8.4-CVE-2015-4695.patch - source = libwmf-0.2.8.4-CVE-2015-4696.patch - source = libwmf-0.2.8.4-CVE-2016-9011.patch - sha1sums = 822ab3bd0f5e8f39ad732f2774a8e9f18fc91e89 - sha1sums = 42aa4c2a82e4e14044c875a7f439baea732a355a - sha1sums = ea6d28880840e86c96f9079bfd591da54dcffa5c - sha1sums = 6f130ea9f639ccf88fef0fda74cf9fa3956f81b5 - sha1sums = 2f8a46698dac6d5f5c3109cb56ad675ff1efaee0 - sha1sums = 380d59744f174e12d4ba4f5cb63f14b6092850fa - sha1sums = 45ae37f79b351fe738212caa3a3c61c9b6fa2d5b - sha1sums = 1836f07750d3a8b4dd6354660875436b0e5c3b07 - sha1sums = c778b89445f621fd5e44b0bbf9d441cceea90d6c - sha1sums = d0a6fefedd327f99c3ca1c2f7f19adddc2cef50a - sha1sums = 83f32dac05c1492eef1e652c553a5ffc80a3e656 - sha1sums = 5608d0565890f2f89435bc13ad57279900ed83b4 - sha1sums = 408cfff29160b037b8baa26b4647e02f373b8b85 - sha1sums = e250f5ecefde4bf5c06f7fbc562566ce64204f2a - sha1sums = 9f8670ef0b4862bb84aecc582bfbec45573a8831 + source = libwmf-0.2.10.tar.gz::https://github.com/caolanm/libwmf/archive/v0.2.10.tar.gz + source = libwmf-freetype.patch + sha1sums = 1cd3044efbdcdcde11ddf79d3428167374ff3283 + sha1sums = ef4d452cd5e7fcb36751771c6f44b4b7a3f8693a pkgname = lib32-libwmf @@ -1,10 +1,10 @@ # Maintainer: Rodrigo Bezerra <rodrigobezerra21 at gmail dot com> -# Contributor:orumin <dev at orum.in> +# Contributor: orumin <dev at orum.in> _basename=libwmf pkgname=lib32-libwmf -pkgver=0.2.8.4 -pkgrel=2 +pkgver=0.2.10 +pkgrel=1 pkgdesc="A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) (32-bit)" arch=('x86_64') url="http://wvware.sourceforge.net/libwmf.html" @@ -12,54 +12,17 @@ license=('LGPL') depends=('lib32-expat' 'lib32-freetype2' 'lib32-gdk-pixbuf2' 'libwmf') makedepends=('lib32-gtk2' 'lib32-libxt') options=('!docs' '!emptydirs') -source=(http://downloads.sourceforge.net/sourceforge/wvware/${_basename}-${pkgver}.tar.gz - libwmf-0.2.8.4-libpng-1.5.patch - libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch - libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch - libwmf-0.2.8.4-CAN-2004-0941.patch - libwmf-0.2.8.4-CVE-2007-0455.patch - libwmf-0.2.8.4-CVE-2007-2756.patch - libwmf-0.2.8.4-CVE-2007-3472.patch - libwmf-0.2.8.4-CVE-2007-3473.patch - libwmf-0.2.8.4-CVE-2007-3477.patch - libwmf-0.2.8.4-CVE-2009-3546.patch - libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch - libwmf-0.2.8.4-CVE-2015-4695.patch - libwmf-0.2.8.4-CVE-2015-4696.patch - libwmf-0.2.8.4-CVE-2016-9011.patch) -sha1sums=('822ab3bd0f5e8f39ad732f2774a8e9f18fc91e89' - '42aa4c2a82e4e14044c875a7f439baea732a355a' - 'ea6d28880840e86c96f9079bfd591da54dcffa5c' - '6f130ea9f639ccf88fef0fda74cf9fa3956f81b5' - '2f8a46698dac6d5f5c3109cb56ad675ff1efaee0' - '380d59744f174e12d4ba4f5cb63f14b6092850fa' - '45ae37f79b351fe738212caa3a3c61c9b6fa2d5b' - '1836f07750d3a8b4dd6354660875436b0e5c3b07' - 'c778b89445f621fd5e44b0bbf9d441cceea90d6c' - 'd0a6fefedd327f99c3ca1c2f7f19adddc2cef50a' - '83f32dac05c1492eef1e652c553a5ffc80a3e656' - '5608d0565890f2f89435bc13ad57279900ed83b4' - '408cfff29160b037b8baa26b4647e02f373b8b85' - 'e250f5ecefde4bf5c06f7fbc562566ce64204f2a' - '9f8670ef0b4862bb84aecc582bfbec45573a8831') +source=($_basename-$pkgver.tar.gz::https://github.com/caolanm/libwmf/archive/v$pkgver.tar.gz + libwmf-freetype.patch) +sha1sums=('1cd3044efbdcdcde11ddf79d3428167374ff3283' + 'ef4d452cd5e7fcb36751771c6f44b4b7a3f8693a') prepare() { cd ${_basename}-${pkgver} - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-libpng-1.5.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CAN-2004-0941.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2007-0455.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2007-2756.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2007-3472.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2007-3473.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2007-3477.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2009-3546.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2015-4695.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2015-4696.patch" - patch -p1 -i "${srcdir}/libwmf-0.2.8.4-CVE-2016-9011.patch" + patch -p1 -i ../libwmf-freetype.patch # Port away from freetype-config, patch from openembedded.org + + autoreconf -vif -Ipatches } build() { @@ -90,5 +53,5 @@ package() { rm -r "${pkgdir}/usr/include" #Remove fonts, these are in gsfonts - rm -rf "${pkgdir}/usr/share/fonts" + rm -rf "${pkgdir}/usr/share" } diff --git a/libwmf-0.2.8.4-CAN-2004-0941.patch b/libwmf-0.2.8.4-CAN-2004-0941.patch deleted file mode 100644 index 581e4e09197e..000000000000 --- a/libwmf-0.2.8.4-CAN-2004-0941.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:02:37.407589824 -0500 -+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:04:29.672522960 -0500 -@@ -188,6 +188,14 @@ - - png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, - &interlace_type, NULL, NULL); -+ if (overflow2(sizeof (int), width)) -+ { -+ return NULL; -+ } -+ if (overflow2(sizeof (int) * width, height)) -+ { -+ return NULL; -+ } - if ((color_type == PNG_COLOR_TYPE_RGB) || - (color_type == PNG_COLOR_TYPE_RGB_ALPHA)) - { diff --git a/libwmf-0.2.8.4-CVE-2007-0455.patch b/libwmf-0.2.8.4-CVE-2007-0455.patch deleted file mode 100644 index 0cc5abc71488..000000000000 --- a/libwmf-0.2.8.4-CVE-2007-0455.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000 -@@ -811,7 +811,7 @@ - { - ch = c & 0xFF; /* don't extend sign */ - } -- next++; -+ if (*next) next++; - } - else - { diff --git a/libwmf-0.2.8.4-CVE-2007-2756.patch b/libwmf-0.2.8.4-CVE-2007-2756.patch deleted file mode 100644 index eba8fac25abe..000000000000 --- a/libwmf-0.2.8.4-CVE-2007-2756.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1 -+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000 -@@ -78,8 +78,11 @@ - gdPngReadData (png_structp png_ptr, - png_bytep data, png_size_t length) - { -- gdGetBuf (data, length, (gdIOCtx *) -- png_get_io_ptr (png_ptr)); -+ int check; -+ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr)); -+ if (check != length) { -+ png_error(png_ptr, "Read Error: truncated data"); -+ } - } - - static void diff --git a/libwmf-0.2.8.4-CVE-2007-3472.patch b/libwmf-0.2.8.4-CVE-2007-3472.patch deleted file mode 100644 index 01b56de5d76c..000000000000 --- a/libwmf-0.2.8.4-CVE-2007-3472.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -106,6 +106,18 @@ - gdImagePtr im; - unsigned long cpa_size; - -+ if (overflow2(sx, sy)) { -+ return NULL; -+ } -+ -+ if (overflow2(sizeof (int *), sy)) { -+ return NULL; -+ } -+ -+ if (overflow2(sizeof(int), sx)) { -+ return NULL; -+ } -+ - im = (gdImage *) gdMalloc (sizeof (gdImage)); - if (im == 0) return 0; - memset (im, 0, sizeof (gdImage)); ---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000 -@@ -2,6 +2,7 @@ - #include "gdhelpers.h" - #include <stdlib.h> - #include <string.h> -+#include <limits.h> - - /* TBB: gd_strtok_r is not portable; provide an implementation */ - -@@ -94,3 +95,18 @@ - { - free (ptr); - } -+ -+int overflow2(int a, int b) -+{ -+ if(a < 0 || b < 0) { -+ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); -+ return 1; -+ } -+ if(b == 0) -+ return 0; -+ if(a > INT_MAX / b) { -+ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); -+ return 1; -+ } -+ return 0; -+} ---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000 -@@ -15,4 +15,6 @@ - void *gdMalloc(size_t size); - void *gdRealloc(void *ptr, size_t size); - -+int overflow2(int a, int b); -+ - #endif /* GDHELPERS_H */ diff --git a/libwmf-0.2.8.4-CVE-2007-3473.patch b/libwmf-0.2.8.4-CVE-2007-3473.patch deleted file mode 100644 index 59018996932e..000000000000 --- a/libwmf-0.2.8.4-CVE-2007-3473.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd) - } - bytes = (w * h / 8) + 1; - im = gdImageCreate (w, h); -+ if (!im) { -+ return 0; -+ } -+ - gdImageColorAllocate (im, 255, 255, 255); - gdImageColorAllocate (im, 0, 0, 0); - x = 0; diff --git a/libwmf-0.2.8.4-CVE-2007-3477.patch b/libwmf-0.2.8.4-CVE-2007-3477.patch deleted file mode 100644 index 81ac0385399a..000000000000 --- a/libwmf-0.2.8.4-CVE-2007-3477.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd.c -+++ libwmf-0.2.8.4/src/extra/gd/gd.c -@@ -1335,10 +1335,31 @@ - int w2, h2; - w2 = w / 2; - h2 = h / 2; -- while (e < s) -- { -- e += 360; -- } -+ -+ if ((s % 360) == (e % 360)) { -+ s = 0; e = 360; -+ } else { -+ if (s > 360) { -+ s = s % 360; -+ } -+ -+ if (e > 360) { -+ e = e % 360; -+ } -+ -+ while (s < 0) { -+ s += 360; -+ } -+ -+ while (e < s) { -+ e += 360; -+ } -+ -+ if (s == e) { -+ s = 0; e = 360; -+ } -+ } -+ - for (i = s; (i <= e); i++) - { - int x, y; diff --git a/libwmf-0.2.8.4-CVE-2009-3546.patch b/libwmf-0.2.8.4-CVE-2009-3546.patch deleted file mode 100644 index d718976adb42..000000000000 --- a/libwmf-0.2.8.4-CVE-2009-3546.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000 -+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000 -@@ -42,6 +42,10 @@ - { - goto fail1; - } -+ if (&im->colorsTotal > gdMaxColors) -+ { -+ goto fail1; -+ } - } - /* Int to accommodate truecolor single-color transparency */ - if (!gdGetInt (&im->transparent, in)) diff --git a/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch b/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch deleted file mode 100644 index e8ba8db1e843..000000000000 --- a/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch +++ /dev/null @@ -1,118 +0,0 @@ ---- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:24.591876404 +0100 -+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:35.345993247 +0100 -@@ -859,7 +859,7 @@ - % - % - */ --static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) -+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) - { int byte; - int count; - int i; -@@ -870,12 +870,14 @@ - U32 u; - - unsigned char* q; -+ unsigned char* end; - - for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; - - byte = 0; - x = 0; - q = pixels; -+ end = pixels + bmp->width * bmp->height; - - for (y = 0; y < bmp->height; ) - { count = ReadBlobByte (src); -@@ -884,7 +886,10 @@ - { /* Encoded mode. */ - byte = ReadBlobByte (src); - for (i = 0; i < count; i++) -- { if (compression == 1) -+ { -+ if (q == end) -+ return 0; -+ if (compression == 1) - { (*(q++)) = (unsigned char) byte; - } - else -@@ -896,13 +901,15 @@ - else - { /* Escape mode. */ - count = ReadBlobByte (src); -- if (count == 0x01) return; -+ if (count == 0x01) return 1; - switch (count) - { - case 0x00: - { /* End of line. */ - x = 0; - y++; -+ if (y >= bmp->height) -+ return 0; - q = pixels + y * bmp->width; - break; - } -@@ -910,13 +917,20 @@ - { /* Delta mode. */ - x += ReadBlobByte (src); - y += ReadBlobByte (src); -+ if (y >= bmp->height) -+ return 0; -+ if (x >= bmp->width) -+ return 0; - q = pixels + y * bmp->width + x; - break; - } - default: - { /* Absolute mode. */ - for (i = 0; i < count; i++) -- { if (compression == 1) -+ { -+ if (q == end) -+ return 0; -+ if (compression == 1) - { (*(q++)) = ReadBlobByte (src); - } - else -@@ -943,7 +957,7 @@ - byte = ReadBlobByte (src); /* end of line */ - byte = ReadBlobByte (src); - -- return; -+ return 1; - } - - /* -@@ -1143,8 +1157,18 @@ - } - } - else -- { /* Convert run-length encoded raster pixels. */ -- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); -+ { -+ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ -+ { -+ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) -+ { WMF_ERROR (API,"corrupt bmp"); -+ API->err = wmf_E_BadFormat; -+ } -+ } -+ else -+ { WMF_ERROR (API,"Unexpected pixel depth"); -+ API->err = wmf_E_BadFormat; -+ } - } - - if (ERR (API)) ---- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:24.590876393 +0100 -+++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:35.345993247 +0100 -@@ -48,7 +48,7 @@ - static unsigned short ReadBlobLSBShort (BMPSource*); - static unsigned long ReadBlobLSBLong (BMPSource*); - static long TellBlob (BMPSource*); --static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); -+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); - static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); - static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); - static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); diff --git a/libwmf-0.2.8.4-CVE-2015-4695.patch b/libwmf-0.2.8.4-CVE-2015-4695.patch deleted file mode 100644 index b6d499da98e1..000000000000 --- a/libwmf-0.2.8.4-CVE-2015-4695.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- libwmf-0.2.8.4/src/player/meta.h -+++ libwmf-0.2.8.4/src/player/meta.h -@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API, - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API, - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); -@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* - objects = P->objects; - - i = 0; -- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; -+ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; - - if (i == NUM_OBJECTS (API)) - { WMF_ERROR (API,"Object out of range!"); diff --git a/libwmf-0.2.8.4-CVE-2015-4696.patch b/libwmf-0.2.8.4-CVE-2015-4696.patch deleted file mode 100644 index 3312841258b0..000000000000 --- a/libwmf-0.2.8.4-CVE-2015-4696.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- libwmf-0.2.8.4/src/player/meta.h -+++ libwmf-0.2.8.4/src/player/meta.h -@@ -2585,6 +2585,8 @@ - polyrect.BR[i] = clip->rects[i].BR; - } - -+ if (FR->region_clip) FR->region_clip (API,&polyrect); -+ - wmf_free (API,polyrect.TL); - wmf_free (API,polyrect.BR); - } -@@ -2593,9 +2595,10 @@ - polyrect.BR = 0; - - polyrect.count = 0; -+ -+ if (FR->region_clip) FR->region_clip (API,&polyrect); - } - -- if (FR->region_clip) FR->region_clip (API,&polyrect); - - return (changed); - } diff --git a/libwmf-0.2.8.4-CVE-2016-9011.patch b/libwmf-0.2.8.4-CVE-2016-9011.patch deleted file mode 100644 index c6bd017c2f8f..000000000000 --- a/libwmf-0.2.8.4-CVE-2016-9011.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- libwmf-0.2.8.4/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -139,8 +139,31 @@ - WMF_DEBUG (API,"bailing..."); - return (API->err); - } -- -- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ -+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char); -+ if (nMaxRecordSize) -+ { -+ //before allocating memory do a sanity check on size by seeking -+ //to claimed end to see if its possible. We're constrained here -+ //by the api and existing implementations to not simply seeking -+ //to SEEK_END. So use what we have to skip to the last byte and -+ //try and read it. -+ const long nPos = WMF_TELL (API); -+ WMF_SEEK (API, nPos + nMaxRecordSize - 1); -+ if (ERR (API)) -+ { WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ int byte = WMF_READ (API); -+ if (byte == (-1)) -+ { WMF_ERROR (API,"Unexpected EOF!"); -+ API->err = wmf_E_EOF; -+ return (API->err); -+ } -+ WMF_SEEK (API, nPos); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); diff --git a/libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch b/libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch deleted file mode 100644 index 507fe66223ce..000000000000 --- a/libwmf-0.2.8.4-intoverflow-CVE-2006-3376.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000 -+++ libwmf-0.2.8.4/src/player.c 2006-07-12 15:12:52.000000000 +0100 -@@ -42,6 +42,7 @@ - #include "player/defaults.h" /* Provides: default settings */ - #include "player/record.h" /* Provides: parameter mechanism */ - #include "player/meta.h" /* Provides: record interpreters */ -+#include <stdint.h> - - /** - * @internal -@@ -132,8 +134,14 @@ - } - } - --/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); -- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) -+ { -+ API->err = wmf_E_InsMem; -+ WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); diff --git a/libwmf-0.2.8.4-libpng-1.5.patch b/libwmf-0.2.8.4-libpng-1.5.patch deleted file mode 100644 index 3528c74ebd8d..000000000000 --- a/libwmf-0.2.8.4-libpng-1.5.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN libwmf-0.2.8.4.old/src/ipa/ipa/bmp.h libwmf-0.2.8.4/src/ipa/ipa/bmp.h ---- libwmf-0.2.8.4.old/src/ipa/ipa/bmp.h 2011-05-23 19:14:23.000000000 +0200 -+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2011-05-23 19:15:11.000000000 +0200 -@@ -66,7 +66,7 @@ - return; - } - -- if (setjmp (png_ptr->jmpbuf)) -+ if (setjmp(png_jmpbuf(png_ptr))) - { WMF_DEBUG (API,"Failed to write bitmap as PNG! (setjmp failed)"); - png_destroy_write_struct (&png_ptr,&info_ptr); - wmf_free (API,buffer); diff --git a/libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch b/libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch deleted file mode 100644 index 328c5411fbbd..000000000000 --- a/libwmf-0.2.8.4-useafterfree-CVE-2009-1364.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list 2009-04-24 04:06:44.000000000 -0400 -+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c 2009-04-24 04:08:30.000000000 -0400 -@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe - { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); - if (more == 0) return; - im->clip->max += 8; -+ im->clip->list = more; - } - im->clip->list[im->clip->count] = (*rect); - im->clip->count++; diff --git a/libwmf-freetype.patch b/libwmf-freetype.patch new file mode 100644 index 000000000000..c16a523bb668 --- /dev/null +++ b/libwmf-freetype.patch @@ -0,0 +1,65 @@ +From 61655f82224cadb261e81f8bae111eaaa7bdf531 Mon Sep 17 00:00:00 2001 +From: Koen Kooi <koen@dominion.thruhere.net> +Date: Wed, 6 Aug 2014 14:53:03 +0200 +Subject: [PATCH] configure: use pkg-config for freetype + +Upstream-status: Pending +Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> +--- + configure.ac | 37 ++++++++----------------------------- + 1 file changed, 8 insertions(+), 29 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 3cfe974..0055a8c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -399,40 +399,19 @@ AC_ARG_WITH(freetype,[ --with-freetype=DIR use freetype2 in DIR],[ + fi + ]) + +-if [ test -n "$FREETYPE_DIR" ]; then +- AC_PATH_PROG(FREETYPE_CONFIG,freetype-config, ,[$FREETYPE_DIR/bin:$PATH]) +-else +- AC_PATH_PROG(FREETYPE_CONFIG,freetype-config) +-fi +- +-if [ test -n "$FREETYPE_CONFIG" ]; then +- if [ test -n "$FREETYPE_DIR" ]; then +- freetype_cflags="`$FREETYPE_CONFIG --cflags` -I$FREETYPE_DIR/include" +- freetype_libs=`$FREETYPE_CONFIG --libs` +- else +- freetype_cflags=`$FREETYPE_CONFIG --cflags` +- freetype_libs=`$FREETYPE_CONFIG --libs` +- fi +-else +- if [ test -n "$FREETYPE_DIR" ]; then +- freetype_cflags="-I$FREETYPE_DIR/include/freetype2 -I$FREETYPE_DIR/include" +- freetype_libs="-L$FREETYPE_DIR/lib -lfreetype" +- else +- freetype_cflags="" +- freetype_libs="-lfreetype" +- fi +-fi +- +-CPPFLAGS="$freetype_cflags $CPPFLAGS" +-LDFLAGS="$LDFLAGS $freetype_libs" ++PKG_CHECK_MODULES(FREETYPE2, freetype2, ++ CFLAGS="$CFLAGS $FREETYPE2_CFLAGS" ++ LDFLAGS="$LDFLAGS $FREETYPE2_LIBS", ++ AC_MSG_ERROR([*** Unable to find FreeType2 library (http://www.freetype.org/)]) ++) + + AC_CHECK_LIB(freetype,FT_Init_FreeType,[ +- WMF_FT_LDFLAGS="$freetype_libs" ++ WMF_FT_LDFLAGS="$FREETYPE2_LIBS" + ],[ AC_MSG_ERROR([* * * freetype(2) is required * * *]) + ]) + AC_CHECK_HEADER(ft2build.h,[ +- WMF_FT_CFLAGS="$freetype_cflags" +- WMF_FT_CONFIG_CFLAGS="$freetype_cflags" ++ WMF_FT_CFLAGS="$FREETYPE2_CFLAGS" ++ WMF_FT_CONFIG_CFLAGS="$FREETYPE2_CFLAGS" + ],[ AC_MSG_ERROR([* * * freetype(2) is required * * *]) + ]) + + |