From af6197a8f31c840193c1da054b0cb1de06c975e9 Mon Sep 17 00:00:00 2001 From: Automatic Build System Date: Sat, 6 Jan 2024 06:08:36 +0100 Subject: [PATCH] automatic rebuild by autodist [release 0.2.8.4-7mamba;Thu Oct 28 2010] --- README.md | 8 ++ libwmf-0.2.8.3-gd-CAN-2004-0990.patch | 60 +++++++++++ libwmf-0.2.8.4-CAN-2004-0941.patch | 105 +++++++++++++++++++ libwmf-0.2.8.4-cve_2006_3376.patch | 43 ++++++++ libwmf.spec | 142 ++++++++++++++++++++++++++ 5 files changed, 358 insertions(+) create mode 100644 libwmf-0.2.8.3-gd-CAN-2004-0990.patch create mode 100644 libwmf-0.2.8.4-CAN-2004-0941.patch create mode 100644 libwmf-0.2.8.4-cve_2006_3376.patch create mode 100644 libwmf.spec diff --git a/README.md b/README.md index 1915a79..22df349 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,10 @@ # libwmf +A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format. +Currently bindings exist for conversion to the following vector image formats: +* (Encapsulated) PostScript (EPS & PS) +* Facility for Interactive Generation of graphics (FIG) +* Scaleable Vector Graphic (SVG) and to the following raster image formats: +* Portable Network Graphics (PNG) +* Joint Photographic Experts Group (JPEG) + diff --git a/libwmf-0.2.8.3-gd-CAN-2004-0990.patch b/libwmf-0.2.8.3-gd-CAN-2004-0990.patch new file mode 100644 index 0000000..bcfe125 --- /dev/null +++ b/libwmf-0.2.8.3-gd-CAN-2004-0990.patch @@ -0,0 +1,60 @@ +--- libwmf-0.2.8.3/src/extra/gd/gd_security.c.can-2004-0941 2006-06-27 10:50:03.759375715 -0600 ++++ libwmf-0.2.8.3/src/extra/gd/gd_security.c 2006-06-27 10:50:03.758375891 -0600 +@@ -0,0 +1,29 @@ ++/* ++ * gd_security.c ++ * ++ * Implements buffer overflow check routines. ++ * ++ * Written 2004, Phil Knirsch. ++ * Based on netpbm fixes by Alan Cox. ++ * ++ */ ++ ++#include ++#include ++#include ++#include "gd.h" ++ ++int overflow2(int a, int b) ++{ ++ if(a < 0 || b < 0) { ++ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); ++ return 1; ++ } ++ if(b == 0) ++ return 0; ++ if(a > INT_MAX / b) { ++ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); ++ return 1; ++ } ++ return 0; ++} +--- libwmf-0.2.8.3/src/extra/gd/gd_png.c.can-2004-0941 2001-05-19 07:09:34.000000000 -0600 ++++ libwmf-0.2.8.3/src/extra/gd/gd_png.c 2006-06-27 10:50:03.759375715 -0600 +@@ -181,6 +181,14 @@ gdImageCreateFromPngCtx (gdIOCtx * infil + + png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, + &interlace_type, NULL, NULL); ++ if (overflow2(sizeof (int), width)) ++ { ++ return NULL; ++ } ++ if (overflow2(sizeof (int) * width, height)) ++ { ++ return NULL; ++ } + if ((color_type == PNG_COLOR_TYPE_RGB) || + (color_type == PNG_COLOR_TYPE_RGB_ALPHA)) + { +--- libwmf-0.2.8.3/src/extra/gd/Makefile.am.can-2004-0941 2006-06-27 11:17:53.989958700 -0600 ++++ libwmf-0.2.8.3/src/extra/gd/Makefile.am 2006-06-27 11:18:22.549314009 -0600 +@@ -22,7 +22,7 @@ libgd_la_SOURCES = gd.c gd_gd.c gd_gd2.c + gd_io_file.c gd_ss.c gd_io_ss.c gd_png.c gd_jpeg.c gdxpm.c \ + gdfontt.c gdfonts.c gdfontmb.c gdfontl.c gdfontg.c \ + gdtables.c gdft.c gdcache.c gdkanji.c wbmp.c \ +- gd_wbmp.c gdhelpers.c gd_topal.c gd_clip.c ++ gd_wbmp.c gdhelpers.c gd_topal.c gd_clip.c gd_security.c + + gddir = $(includedir)/libwmf/gd + diff --git a/libwmf-0.2.8.4-CAN-2004-0941.patch b/libwmf-0.2.8.4-CAN-2004-0941.patch new file mode 100644 index 0000000..98ce3ac --- /dev/null +++ b/libwmf-0.2.8.4-CAN-2004-0941.patch @@ -0,0 +1,105 @@ +diff -pur libwmf-0.2.8.4/src/extra/gd/gd.c libwmf-0.2.8.4-fix/src/extra/gd/gd.c +--- libwmf-0.2.8.4/src/extra/gd/gd.c 2005-07-27 22:35:05.000000000 +0200 ++++ libwmf-0.2.8.4-fix/src/extra/gd/gd.c 2006-06-30 09:23:28.000000000 +0200 +@@ -1866,6 +1866,12 @@ gdImageCopyResized (gdImagePtr dst, gdIm + int *sty; + /* We only need to use floating point to determine the correct + stretch vector for one line's worth. */ ++ if (overflow2(sizeof (int), srcW)) { ++ return; ++ } ++ if (overflow2(sizeof (int), srcH)) { ++ return; ++ } + double accum; + stx = (int *) gdMalloc (sizeof (int) * srcW); + sty = (int *) gdMalloc (sizeof (int) * srcH); +@@ -2275,6 +2281,9 @@ gdImageFilledPolygon (gdImagePtr im, gdP + } + if (!im->polyAllocated) + { ++ if (overflow2(sizeof (int), n)) { ++ return; ++ } + im->polyInts = (int *) gdMalloc (sizeof (int) * n); + im->polyAllocated = n; + } +@@ -2369,6 +2378,9 @@ gdImageSetStyle (gdImagePtr im, int *sty + { + gdFree (im->style); + } ++ if (overflow2(sizeof (int), noOfPixels)) { ++ return; ++ } + im->style = (int *) + gdMalloc (sizeof (int) * noOfPixels); + memcpy (im->style, style, sizeof (int) * noOfPixels); +diff -pur libwmf-0.2.8.4/src/extra/gd/gd_io_dp.c libwmf-0.2.8.4-fix/src/extra/gd/gd_io_dp.c +--- libwmf-0.2.8.4/src/extra/gd/gd_io_dp.c 2001-05-19 15:09:34.000000000 +0200 ++++ libwmf-0.2.8.4-fix/src/extra/gd/gd_io_dp.c 2006-06-30 09:21:43.000000000 +0200 +@@ -185,6 +185,9 @@ dynamicSeek (struct gdIOCtx *ctx, const + bytesNeeded = pos; + if (bytesNeeded > dp->realSize) + { ++ if (overflow2(dp->realSize, 2)) { ++ return FALSE; ++ } + if (!gdReallocDynamic (dp, dp->realSize * 2)) + { + dp->dataGood = FALSE; +@@ -356,6 +359,9 @@ appendDynamic (dynamicPtr * dp, const vo + + if (bytesNeeded > dp->realSize) + { ++ if (overflow2(dp->realSize, 2)) { ++ return FALSE; ++ } + if (!gdReallocDynamic (dp, bytesNeeded * 2)) + { + dp->dataGood = FALSE; +Only in libwmf-0.2.8.4/src/extra/gd: gd_security.c.CAN-2004-0990 +diff -pur libwmf-0.2.8.4/src/extra/gd/gd_topal.c libwmf-0.2.8.4-fix/src/extra/gd/gd_topal.c +--- libwmf-0.2.8.4/src/extra/gd/gd_topal.c 2005-07-27 22:35:06.000000000 +0200 ++++ libwmf-0.2.8.4-fix/src/extra/gd/gd_topal.c 2006-06-30 09:19:29.000000000 +0200 +@@ -670,6 +670,9 @@ select_colors (gdImagePtr im, my_cquanti + int i; + + /* Allocate workspace for box list */ ++ if (overflow2(desired_colors, sizeof (box))) { ++ return; ++ } + boxlist = (boxptr) gdMalloc (desired_colors * sizeof (box)); + /* Initialize one box containing whole space */ + numboxes = 1; +diff -pur libwmf-0.2.8.4/src/extra/gd/wbmp.c libwmf-0.2.8.4-fix/src/extra/gd/wbmp.c +--- libwmf-0.2.8.4/src/extra/gd/wbmp.c 2005-07-27 22:35:06.000000000 +0200 ++++ libwmf-0.2.8.4-fix/src/extra/gd/wbmp.c 2006-06-30 09:18:53.000000000 +0200 +@@ -116,6 +116,14 @@ createwbmp (int width, int height, int c + if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL) + return (NULL); + ++ if (overflow2(sizeof (int), width)) { ++ gdFree(wbmp); ++ return (NULL); ++ } ++ if (overflow2(sizeof (int) * width, height)) { ++ gdFree(wbmp); ++ return (NULL); ++ } + if ((wbmp->bitmap = (int *) gdMalloc (sizeof (int) * width * height)) == NULL) + { + gdFree (wbmp); +@@ -176,6 +184,13 @@ readwbmp (int (*getin) (void *in), void + printf ("W: %d, H: %d\n", wbmp->width, wbmp->height); + #endif + ++ if (overflow2(sizeof (int), wbmp->width) || ++ overflow2(sizeof (int) * wbmp->width, wbmp->height)) ++ { ++ gdFree(wbmp); ++ return (-1); ++ } ++ + if ((wbmp->bitmap = (int *) gdMalloc (sizeof (int) * wbmp->width * wbmp->height)) == NULL) + { + gdFree (wbmp); diff --git a/libwmf-0.2.8.4-cve_2006_3376.patch b/libwmf-0.2.8.4-cve_2006_3376.patch new file mode 100644 index 0000000..dccdb37 --- /dev/null +++ b/libwmf-0.2.8.4-cve_2006_3376.patch @@ -0,0 +1,43 @@ +diff -ru libwmf-0.2.8.4.orig/src/player.c libwmf-0.2.8.4/src/player.c +--- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000 ++++ libwmf-0.2.8.4/src/player.c 2006-07-11 10:27:19.000000000 +0100 +@@ -42,6 +42,7 @@ + #include "player/defaults.h" /* Provides: default settings */ + #include "player/record.h" /* Provides: parameter mechanism */ + #include "player/meta.h" /* Provides: record interpreters */ ++#include + + /** + * @internal +@@ -124,7 +125,14 @@ + } + + if (API->File->wmfheader->NumOfObjects > 0) +- { P->objects = (wmfObject*) wmf_malloc (API,NUM_OBJECTS (API) * sizeof (wmfObject)); ++ { ++ if (NUM_OBJECTS(API) > SIZE_MAX / sizeof (wmfObject)) ++ { ++ WMF_DEBUG (API,"bailing..."); ++ return (wmf_E_InsMem); ++ } ++ ++ P->objects = (wmfObject*) wmf_malloc (API,NUM_OBJECTS (API) * sizeof (wmfObject)); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); +@@ -132,8 +140,13 @@ + } + } + +-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); +- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ if (MAX_REC_SIZE(API) > SIZE_MAX / 2) ++ { ++ WMF_DEBUG (API,"bailing..."); ++ return (wmf_E_InsMem); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); diff --git a/libwmf.spec b/libwmf.spec new file mode 100644 index 0000000..711f1a3 --- /dev/null +++ b/libwmf.spec @@ -0,0 +1,142 @@ +Name: libwmf +Version: 0.2.8.4 +Release: 7mamba +Summary: A library for reading vector images in native Windows Metafile Format +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://wvware.sourceforge.net/libwmf.html +Source: http://heanet.dl.sourceforge.net/sourceforge/wvware/libwmf-%{version}.tar.gz +Patch0: %{name}-0.2.8.3-gd-CAN-2004-0990.patch +Patch1: %{name}-0.2.8.4-CAN-2004-0941.patch +Patch2: %{name}-0.2.8.4-cve_2006_3376.patch +License: MIT +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libexpat-devel +BuildRequires: libfreetype-devel +BuildRequires: libglib-devel +BuildRequires: libgtk-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: libX11-devel +BuildRequires: libXau-devel +BuildRequires: libxcb-devel +BuildRequires: libXdmcp-devel +BuildRequires: libz-devel +## AUTOBUILDREQ-END +BuildRequires: libgd-devel >= 2.0.17 +BuildRequires: libgdk-pixbuf-devel >= 0.22.0 +BuildRequires: pkgconfig +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format. +Currently bindings exist for conversion to the following vector image formats: +* (Encapsulated) PostScript (EPS & PS) +* Facility for Interactive Generation of graphics (FIG) +* Scaleable Vector Graphic (SVG) and to the following raster image formats: +* Portable Network Graphics (PNG) +* Joint Photographic Experts Group (JPEG) + +%package devel +Summary: Devel package for libwmf +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format. +Currently bindings exist for conversion to the following vector image formats: +* (Encapsulated) PostScript (EPS & PS) +* Facility for Interactive Generation of graphics (FIG) +* Scaleable Vector Graphic (SVG) and to the following raster image formats: +* Portable Network Graphics (PNG) +* Joint Photographic Experts Group (JPEG) + +This package contains static libraries and header files need for development. + +%prep +%setup -q +%patch0 -p1 -b .CAN-2004-0990 +%patch1 -p1 -b .CAN-2004-0941 +%patch2 -p1 -b .cve_2006_3376 + +%build +aclocal +libtoolize --copy --force +autoconf +automake + +%configure +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post +/sbin/ldconfig +%{_bindir}/gdk-pixbuf-query-loaders \ + > %{_sysconfdir}/gtk-2.0/gdk-pixbuf.loaders 2>/dev/null +exit 0 + +%postun +/sbin/ldconfig +%{_bindir}/gdk-pixbuf-query-loaders \ + > %{_sysconfdir}/gtk-2.0/gdk-pixbuf.loaders 2>/dev/null +exit 0 + +%files +%defattr(-,root,root) +%{_bindir}/wmf2* +%{_bindir}/libwmf-fontmap +%{_libdir}/*.so.* +%dir %{_datadir}/libwmf +%{_datadir}/libwmf/fonts/* +%{_libdir}/gtk-2.0/* + +%files devel +%defattr(-,root,root) +%{_bindir}/libwmf-config +%{_libdir}/*.a +%{_libdir}/*.la +%{_libdir}/*.so +%dir %{_includedir}/libwmf +%{_includedir}/libwmf/* +%dir %{_datadir}/doc/libwmf +%{_datadir}/doc/libwmf/* + +%changelog +* Thu Oct 28 2010 Automatic Build System 0.2.8.4-7mamba +- automatic rebuild by autodist + +* Wed May 20 2009 Automatic Build System 0.2.8.4-6mamba +- automatic rebuild by autodist + +* Thu Jun 05 2008 Silvan Calarco 0.2.8.4-5mamba +- specfile updated + +* Thu Jul 27 2006 Davide Madrisan 0.2.8.4-4qilnx +- security update: CVE-2006-3376 (bugzilla 207) + +* Wed Jul 19 2006 Davide Madrisan 0.2.8.4-3qilnx +- fixed %%post and %%postun scriplets + +* Fri Jun 30 2006 Davide Madrisan 0.2.8.4-2qilnx +- run gdk-pixbuf-query-loaders in post and postun scripts + +* Thu Jun 29 2006 Davide Madrisan 0.2.8.4-1qilnx +- update to version 0.2.8.4 by autospec +- specfile updated and fixed +- security fix: CAN-2004-0941 (qibug:192) + +* Mon Dec 13 2004 Silvan Calarco 0.2.8.3-1qilnx +- new version build +- documentation moved to devel package + +* Tue Dec 30 2003 Silvan Calarco 0.2.8.2-1qilnx +- first build