automatic rebuild by autodist [release 0.2.8.4-7mamba;Thu Oct 28 2010]

2024-01-06 06:08:36 +01:00 · 2024-01-06 06:08:36 +01:00 · af6197a8f3
commit af6197a8f3
parent f036f531df
5 changed files with 358 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,10 @@
 # libwmf
 A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format.
 Currently bindings exist for conversion to the following vector image formats:
 * (Encapsulated) PostScript (EPS & PS)
 * Facility for Interactive Generation of graphics (FIG)
 * Scaleable Vector Graphic (SVG) and to the following raster image formats:
 * Portable Network Graphics (PNG)
 * Joint Photographic Experts Group (JPEG)
--- a/libwmf-0.2.8.3-gd-CAN-2004-0990.patch
+++ b/libwmf-0.2.8.3-gd-CAN-2004-0990.patch
@ -0,0 +1,60 @@
 --- libwmf-0.2.8.3/src/extra/gd/gd_security.c.can-2004-0941	2006-06-27 10:50:03.759375715 -0600
 +++ libwmf-0.2.8.3/src/extra/gd/gd_security.c	2006-06-27 10:50:03.758375891 -0600
@@ -0,0 +1,29 @@
 +/*
 +   * gd_security.c
 +   *
 +   * Implements buffer overflow check routines.
 +   *
 +   * Written 2004, Phil Knirsch.
 +   * Based on netpbm fixes by Alan Cox.
 +   *
 + */
 +
 +#include <stdio.h>
 +#include <stdlib.h>
 +#include <limits.h>
 +#include "gd.h"
 +
 +int overflow2(int a, int b)
 +{
 +	if(a < 0 || b < 0) {
 +		fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
 +		return 1;
 +	}
 +	if(b == 0)
 +		return 0;
 +	if(a > INT_MAX / b) {
 +		fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
 +		return 1;
 +	}
 +	return 0;
 +}
 --- libwmf-0.2.8.3/src/extra/gd/gd_png.c.can-2004-0941	2001-05-19 07:09:34.000000000 -0600
 +++ libwmf-0.2.8.3/src/extra/gd/gd_png.c	2006-06-27 10:50:03.759375715 -0600
@@ -181,6 +181,14 @@ gdImageCreateFromPngCtx (gdIOCtx * infil
   png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
 		&interlace_type, NULL, NULL);
 +  if (overflow2(sizeof (int), width)) 
 +    {
 +      return NULL;
 +    }
 +  if (overflow2(sizeof (int) * width, height)) 
 +    {
 +      return NULL;
 +    }  
   if ((color_type == PNG_COLOR_TYPE_RGB) ||
       (color_type == PNG_COLOR_TYPE_RGB_ALPHA))
     {
 --- libwmf-0.2.8.3/src/extra/gd/Makefile.am.can-2004-0941	2006-06-27 11:17:53.989958700 -0600
 +++ libwmf-0.2.8.3/src/extra/gd/Makefile.am	2006-06-27 11:18:22.549314009 -0600
@@ -22,7 +22,7 @@ libgd_la_SOURCES = gd.c gd_gd.c gd_gd2.c
 		gd_io_file.c gd_ss.c gd_io_ss.c gd_png.c gd_jpeg.c gdxpm.c \
 		gdfontt.c gdfonts.c gdfontmb.c gdfontl.c gdfontg.c \
 		gdtables.c gdft.c gdcache.c gdkanji.c wbmp.c \
 -		gd_wbmp.c gdhelpers.c gd_topal.c gd_clip.c
 +		gd_wbmp.c gdhelpers.c gd_topal.c gd_clip.c gd_security.c
 gddir = $(includedir)/libwmf/gd
--- a/libwmf-0.2.8.4-CAN-2004-0941.patch
+++ b/libwmf-0.2.8.4-CAN-2004-0941.patch
@ -0,0 +1,105 @@
 diff -pur libwmf-0.2.8.4/src/extra/gd/gd.c libwmf-0.2.8.4-fix/src/extra/gd/gd.c
 --- libwmf-0.2.8.4/src/extra/gd/gd.c	2005-07-27 22:35:05.000000000 +0200
 +++ libwmf-0.2.8.4-fix/src/extra/gd/gd.c	2006-06-30 09:23:28.000000000 +0200
@@ -1866,6 +1866,12 @@ gdImageCopyResized (gdImagePtr dst, gdIm
   int *sty;
   /* We only need to use floating point to determine the correct
      stretch vector for one line's worth. */
 +  if (overflow2(sizeof (int), srcW)) {
 +    return;
 +  }
 +  if (overflow2(sizeof (int), srcH)) {
 +    return;
 +  }
   double accum;
   stx = (int *) gdMalloc (sizeof (int) * srcW);
   sty = (int *) gdMalloc (sizeof (int) * srcH);
@@ -2275,6 +2281,9 @@ gdImageFilledPolygon (gdImagePtr im, gdP
     }
   if (!im->polyAllocated)
     {
 +      if (overflow2(sizeof (int), n)) {
 +        return;
 +      }
       im->polyInts = (int *) gdMalloc (sizeof (int) * n);
       im->polyAllocated = n;
     }
@@ -2369,6 +2378,9 @@ gdImageSetStyle (gdImagePtr im, int *sty
     {
       gdFree (im->style);
     }
 +  if (overflow2(sizeof (int), noOfPixels)) {
 +    return;
 +  }
   im->style = (int *)
     gdMalloc (sizeof (int) * noOfPixels);
   memcpy (im->style, style, sizeof (int) * noOfPixels);
 diff -pur libwmf-0.2.8.4/src/extra/gd/gd_io_dp.c libwmf-0.2.8.4-fix/src/extra/gd/gd_io_dp.c
 --- libwmf-0.2.8.4/src/extra/gd/gd_io_dp.c	2001-05-19 15:09:34.000000000 +0200
 +++ libwmf-0.2.8.4-fix/src/extra/gd/gd_io_dp.c	2006-06-30 09:21:43.000000000 +0200
@@ -185,6 +185,9 @@ dynamicSeek (struct gdIOCtx *ctx, const 
   bytesNeeded = pos;
   if (bytesNeeded > dp->realSize)
     {
 +      if (overflow2(dp->realSize, 2)) {
 +        return FALSE;
 +      }
       if (!gdReallocDynamic (dp, dp->realSize * 2))
 	{
 	  dp->dataGood = FALSE;
@@ -356,6 +359,9 @@ appendDynamic (dynamicPtr * dp, const vo
   if (bytesNeeded > dp->realSize)
     {
 +      if (overflow2(dp->realSize, 2)) {
 +        return FALSE;
 +      }
       if (!gdReallocDynamic (dp, bytesNeeded * 2))
 	{
 	  dp->dataGood = FALSE;
 Only in libwmf-0.2.8.4/src/extra/gd: gd_security.c.CAN-2004-0990
 diff -pur libwmf-0.2.8.4/src/extra/gd/gd_topal.c libwmf-0.2.8.4-fix/src/extra/gd/gd_topal.c
 --- libwmf-0.2.8.4/src/extra/gd/gd_topal.c	2005-07-27 22:35:06.000000000 +0200
 +++ libwmf-0.2.8.4-fix/src/extra/gd/gd_topal.c	2006-06-30 09:19:29.000000000 +0200
@@ -670,6 +670,9 @@ select_colors (gdImagePtr im, my_cquanti
   int i;
   /* Allocate workspace for box list */
 +  if (overflow2(desired_colors, sizeof (box))) {
 +    return;
 +  }
   boxlist = (boxptr) gdMalloc (desired_colors * sizeof (box));
   /* Initialize one box containing whole space */
   numboxes = 1;
 diff -pur libwmf-0.2.8.4/src/extra/gd/wbmp.c libwmf-0.2.8.4-fix/src/extra/gd/wbmp.c
 --- libwmf-0.2.8.4/src/extra/gd/wbmp.c	2005-07-27 22:35:06.000000000 +0200
 +++ libwmf-0.2.8.4-fix/src/extra/gd/wbmp.c	2006-06-30 09:18:53.000000000 +0200
@@ -116,6 +116,14 @@ createwbmp (int width, int height, int c
   if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL)
     return (NULL);
 +  if (overflow2(sizeof (int), width)) {
 +     gdFree(wbmp);
 +     return (NULL);
 +  }
 +  if (overflow2(sizeof (int) * width, height)) {
 +     gdFree(wbmp);
 +     return (NULL);
 +  }
   if ((wbmp->bitmap = (int *) gdMalloc (sizeof (int) * width * height)) == NULL)
     {
       gdFree (wbmp);
@@ -176,6 +184,13 @@ readwbmp (int (*getin) (void *in), void 
   printf ("W: %d, H: %d\n", wbmp->width, wbmp->height);
 #endif
 +  if (overflow2(sizeof (int), wbmp->width) ||
 +    overflow2(sizeof (int) * wbmp->width, wbmp->height))
 +    {
 +      gdFree(wbmp);
 +      return (-1);
 +    }
 +
   if ((wbmp->bitmap = (int *) gdMalloc (sizeof (int) * wbmp->width * wbmp->height)) == NULL)
     {
       gdFree (wbmp);
--- a/libwmf-0.2.8.4-cve_2006_3376.patch
+++ b/libwmf-0.2.8.4-cve_2006_3376.patch
@ -0,0 +1,43 @@
 diff -ru libwmf-0.2.8.4.orig/src/player.c libwmf-0.2.8.4/src/player.c
 --- libwmf-0.2.8.4.orig/src/player.c	2002-12-10 19:30:26.000000000 +0000
 +++ libwmf-0.2.8.4/src/player.c	2006-07-11 10:27:19.000000000 +0100
@@ -42,6 +42,7 @@
 #include "player/defaults.h" /* Provides: default settings               */
 #include "player/record.h"   /* Provides: parameter mechanism            */
 #include "player/meta.h"     /* Provides: record interpreters            */
 +#include <stdint.h>
 /**
  * @internal
@@ -124,7 +125,14 @@
 	}
 	if (API->File->wmfheader->NumOfObjects > 0)
 -	{	P->objects = (wmfObject*) wmf_malloc (API,NUM_OBJECTS (API) * sizeof (wmfObject));
 +	{	
 +		if (NUM_OBJECTS(API) > SIZE_MAX / sizeof (wmfObject))
 +		{
 +			WMF_DEBUG (API,"bailing...");
 +			return (wmf_E_InsMem);
 +		}
 +
 +		P->objects = (wmfObject*) wmf_malloc (API,NUM_OBJECTS (API) * sizeof (wmfObject));
 		if (ERR (API))
 		{	WMF_DEBUG (API,"bailing...");
@@ -132,8 +140,13 @@
 		}
 	}
 -/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
 - */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
 +	if (MAX_REC_SIZE(API) > SIZE_MAX / 2)
 +	{
 +		WMF_DEBUG (API,"bailing...");
 +		return (wmf_E_InsMem);
 +	}
 +		
 + 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2);
 	if (ERR (API))
 	{	WMF_DEBUG (API,"bailing...");
--- a/libwmf.spec
+++ b/libwmf.spec
@ -0,0 +1,142 @@
 Name:          libwmf
 Version:       0.2.8.4
 Release:       7mamba
 Summary:       A library for reading vector images in native Windows Metafile Format
 Group:         System/Libraries
 Vendor:        openmamba
 Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           http://wvware.sourceforge.net/libwmf.html
 Source:        http://heanet.dl.sourceforge.net/sourceforge/wvware/libwmf-%{version}.tar.gz
 Patch0:        %{name}-0.2.8.3-gd-CAN-2004-0990.patch
 Patch1:        %{name}-0.2.8.4-CAN-2004-0941.patch
 Patch2:        %{name}-0.2.8.4-cve_2006_3376.patch
 License:       MIT
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
 BuildRequires: libexpat-devel
 BuildRequires: libfreetype-devel
 BuildRequires: libglib-devel
 BuildRequires: libgtk-devel
 BuildRequires: libjpeg-devel
 BuildRequires: libpng-devel
 BuildRequires: libX11-devel
 BuildRequires: libXau-devel
 BuildRequires: libxcb-devel
 BuildRequires: libXdmcp-devel
 BuildRequires: libz-devel
 ## AUTOBUILDREQ-END
 BuildRequires: libgd-devel >= 2.0.17
 BuildRequires: libgdk-pixbuf-devel >= 0.22.0
 BuildRequires: pkgconfig
 BuildRoot:     %{_tmppath}/%{name}-%{version}-root
 %description
 A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format.
 Currently bindings exist for conversion to the following vector image formats:
 * (Encapsulated) PostScript (EPS & PS)
 * Facility for Interactive Generation of graphics (FIG)
 * Scaleable Vector Graphic (SVG) and to the following raster image formats:
 * Portable Network Graphics (PNG)
 * Joint Photographic Experts Group (JPEG)
 %package devel
 Summary:       Devel package for libwmf
 Group:         Development/Libraries
 Requires:      %{name} = %{version}-%{release}
 %description devel
 A library for reading vector images in Microsoft's native Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X window; or (b) converting them to more standard/open file formats such as, e.g., the W3C's XML-based Scaleable Vector Graphic (SVG) format.
 Currently bindings exist for conversion to the following vector image formats:
 * (Encapsulated) PostScript (EPS & PS)
 * Facility for Interactive Generation of graphics (FIG)
 * Scaleable Vector Graphic (SVG) and to the following raster image formats:
 * Portable Network Graphics (PNG)
 * Joint Photographic Experts Group (JPEG)
 This package contains static libraries and header files need for development.
 %prep
 %setup -q
 %patch0 -p1 -b .CAN-2004-0990
 %patch1 -p1 -b .CAN-2004-0941
 %patch2 -p1 -b .cve_2006_3376
 %build
 aclocal
 libtoolize --copy --force
 autoconf
 automake
 %configure
 %make
 %install
 [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
 %makeinstall
 %clean
 [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
 %post
 /sbin/ldconfig
 %{_bindir}/gdk-pixbuf-query-loaders \
   > %{_sysconfdir}/gtk-2.0/gdk-pixbuf.loaders 2>/dev/null
 exit 0
 %postun
 /sbin/ldconfig
 %{_bindir}/gdk-pixbuf-query-loaders \
   > %{_sysconfdir}/gtk-2.0/gdk-pixbuf.loaders 2>/dev/null
 exit 0
 %files
 %defattr(-,root,root)
 %{_bindir}/wmf2*
 %{_bindir}/libwmf-fontmap
 %{_libdir}/*.so.*
 %dir %{_datadir}/libwmf
 %{_datadir}/libwmf/fonts/*
 %{_libdir}/gtk-2.0/*
 %files devel
 %defattr(-,root,root)
 %{_bindir}/libwmf-config
 %{_libdir}/*.a
 %{_libdir}/*.la
 %{_libdir}/*.so
 %dir %{_includedir}/libwmf
 %{_includedir}/libwmf/*
 %dir %{_datadir}/doc/libwmf
 %{_datadir}/doc/libwmf/*
 %changelog
 * Thu Oct 28 2010 Automatic Build System <autodist@mambasoft.it> 0.2.8.4-7mamba
 - automatic rebuild by autodist
 * Wed May 20 2009 Automatic Build System <autodist@mambasoft.it> 0.2.8.4-6mamba
 - automatic rebuild by autodist
 * Thu Jun 05 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.2.8.4-5mamba
 - specfile updated
 * Thu Jul 27 2006 Davide Madrisan <davide.madrisan@qilinux.it> 0.2.8.4-4qilnx
 - security update: CVE-2006-3376 (bugzilla 207)
 * Wed Jul 19 2006 Davide Madrisan <davide.madrisan@qilinux.it> 0.2.8.4-3qilnx
 - fixed %%post and %%postun scriplets
 * Fri Jun 30 2006 Davide Madrisan <davide.madrisan@qilinux.it> 0.2.8.4-2qilnx
 - run gdk-pixbuf-query-loaders in post and postun scripts
 * Thu Jun 29 2006 Davide Madrisan <davide.madrisan@qilinux.it> 0.2.8.4-1qilnx
 - update to version 0.2.8.4 by autospec
 - specfile updated and fixed
 - security fix: CAN-2004-0941 (qibug:192)
 * Mon Dec 13 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 0.2.8.3-1qilnx
 - new version build
 - documentation moved to devel package
 * Tue Dec 30 2003 Silvan Calarco <silvan.calarco@mambasoft.it> 0.2.8.2-1qilnx
 - first build