From 39366733c3fe943363566756e2e152c45a1b3cb2 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- .../libwmf/libwmf-0.2.8.4-CVE-2004-0941.patch | 17 + .../libwmf/libwmf-0.2.8.4-CVE-2006-3376.patch | 27 ++ .../libwmf/libwmf-0.2.8.4-CVE-2007-0455.patch | 11 + .../libwmf/libwmf-0.2.8.4-CVE-2007-2756.patch | 16 + .../libwmf/libwmf-0.2.8.4-CVE-2007-3472.patch | 61 +++ .../libwmf/libwmf-0.2.8.4-CVE-2007-3473.patch | 13 + .../libwmf/libwmf-0.2.8.4-CVE-2007-3477.patch | 38 ++ .../libwmf/libwmf-0.2.8.4-CVE-2009-3546.patch | 13 + ...ibwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch | 118 +++++ .../libwmf/libwmf-0.2.8.4-CVE-2015-4695.patch | 56 +++ .../libwmf/libwmf-0.2.8.4-CVE-2015-4696.patch | 23 + .../libwmf/libwmf-0.2.8.4-CVE-2016-10167.patch | 30 ++ .../libwmf/libwmf-0.2.8.4-CVE-2016-10168.patch | 14 + .../libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch | 36 ++ .../libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch | 21 + .../libwmf/libwmf-0.2.8.4-CVE-2017-6362.patch | 32 ++ .../libwmf/libwmf-0.2.8.4-fallbackfont.patch | 18 + .../libwmf/libwmf-0.2.8.4-pixbufloaderdir.patch | 14 + .../libwmf/libwmf-0.2.8.4-reducesymbols.patch | 520 +++++++++++++++++++++ .../libwmf/libwmf-0.2.8.4-useafterfree.patch | 10 + patches/source/libwmf/libwmf.SlackBuild | 142 ++++++ patches/source/libwmf/libwmf.png14.diff | 11 + patches/source/libwmf/slack-desc | 19 + 23 files changed, 1260 insertions(+) create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2004-0941.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2006-3376.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-0455.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-2756.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3472.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3473.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3477.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2009-3546.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4695.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4696.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10167.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10168.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-CVE-2017-6362.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-fallbackfont.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-pixbufloaderdir.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-reducesymbols.patch create mode 100644 patches/source/libwmf/libwmf-0.2.8.4-useafterfree.patch create mode 100755 patches/source/libwmf/libwmf.SlackBuild create mode 100644 patches/source/libwmf/libwmf.png14.diff create mode 100644 patches/source/libwmf/slack-desc (limited to 'patches/source/libwmf') diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2004-0941.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2004-0941.patch new file mode 100644 index 000000000..581e4e091 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2004-0941.patch @@ -0,0 +1,17 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:02:37.407589824 -0500 ++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 2004-11-11 14:04:29.672522960 -0500 +@@ -188,6 +188,14 @@ + + png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, + &interlace_type, NULL, NULL); ++ if (overflow2(sizeof (int), width)) ++ { ++ return NULL; ++ } ++ if (overflow2(sizeof (int) * width, height)) ++ { ++ return NULL; ++ } + if ((color_type == PNG_COLOR_TYPE_RGB) || + (color_type == PNG_COLOR_TYPE_RGB_ALPHA)) + { diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2006-3376.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2006-3376.patch new file mode 100644 index 000000000..507fe6622 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2006-3376.patch @@ -0,0 +1,27 @@ +--- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000 ++++ libwmf-0.2.8.4/src/player.c 2006-07-12 15:12:52.000000000 +0100 +@@ -42,6 +42,7 @@ + #include "player/defaults.h" /* Provides: default settings */ + #include "player/record.h" /* Provides: parameter mechanism */ + #include "player/meta.h" /* Provides: record interpreters */ ++#include + + /** + * @internal +@@ -132,8 +134,14 @@ + } + } + +-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); +- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) ++ { ++ API->err = wmf_E_InsMem; ++ WMF_DEBUG (API,"bailing..."); ++ return (API->err); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-0455.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-0455.patch new file mode 100644 index 000000000..0cc5abc71 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-0455.patch @@ -0,0 +1,11 @@ +--- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000 ++++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000 +@@ -811,7 +811,7 @@ + { + ch = c & 0xFF; /* don't extend sign */ + } +- next++; ++ if (*next) next++; + } + else + { diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-2756.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-2756.patch new file mode 100644 index 000000000..eba8fac25 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-2756.patch @@ -0,0 +1,16 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1 ++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000 +@@ -78,8 +78,11 @@ + gdPngReadData (png_structp png_ptr, + png_bytep data, png_size_t length) + { +- gdGetBuf (data, length, (gdIOCtx *) +- png_get_io_ptr (png_ptr)); ++ int check; ++ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr)); ++ if (check != length) { ++ png_error(png_ptr, "Read Error: truncated data"); ++ } + } + + static void diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3472.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3472.patch new file mode 100644 index 000000000..ac1ead5a8 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3472.patch @@ -0,0 +1,61 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd.c ++++ libwmf-0.2.8.4/src/extra/gd/gd.c +@@ -106,6 +106,18 @@ + gdImagePtr im; + unsigned long cpa_size; + ++ if (overflow2(sx, sy)) { ++ return NULL; ++ } ++ ++ if (overflow2(sizeof (int *), sy)) { ++ return NULL; ++ } ++ ++ if (overflow2(sizeof(int), sx)) { ++ return NULL; ++ } ++ + im = (gdImage *) gdMalloc (sizeof (gdImage)); + if (im == 0) return 0; + memset (im, 0, sizeof (gdImage)); +--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:47:31.000000000 +0000 ++++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c 2010-12-06 11:48:04.000000000 +0000 +@@ -2,6 +2,7 @@ + #include "gdhelpers.h" + #include + #include ++#include + + /* TBB: gd_strtok_r is not portable; provide an implementation */ + +@@ -94,3 +95,18 @@ + { + free (ptr); + } ++ ++int overflow2(int a, int b) ++{ ++ if(a < 0 || b < 0) { ++ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); ++ return 1; ++ } ++ if(b == 0) ++ return 0; ++ if(a > INT_MAX / b) { ++ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); ++ return 1; ++ } ++ return 0; ++} +--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:47:17.000000000 +0000 ++++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2010-12-06 11:48:36.000000000 +0000 +@@ -15,6 +15,8 @@ + void *gdMalloc(size_t size); + void *gdRealloc(void *ptr, size_t size); + ++int overflow2(int a, int b); ++ + #pragma GCC visibility pop + + #endif /* GDHELPERS_H */ diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3473.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3473.patch new file mode 100644 index 000000000..590189969 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3473.patch @@ -0,0 +1,13 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd.c ++++ libwmf-0.2.8.4/src/extra/gd/gd.c +@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd) + } + bytes = (w * h / 8) + 1; + im = gdImageCreate (w, h); ++ if (!im) { ++ return 0; ++ } ++ + gdImageColorAllocate (im, 255, 255, 255); + gdImageColorAllocate (im, 0, 0, 0); + x = 0; diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3477.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3477.patch new file mode 100644 index 000000000..81ac03853 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2007-3477.patch @@ -0,0 +1,38 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd.c ++++ libwmf-0.2.8.4/src/extra/gd/gd.c +@@ -1335,10 +1335,31 @@ + int w2, h2; + w2 = w / 2; + h2 = h / 2; +- while (e < s) +- { +- e += 360; +- } ++ ++ if ((s % 360) == (e % 360)) { ++ s = 0; e = 360; ++ } else { ++ if (s > 360) { ++ s = s % 360; ++ } ++ ++ if (e > 360) { ++ e = e % 360; ++ } ++ ++ while (s < 0) { ++ s += 360; ++ } ++ ++ while (e < s) { ++ e += 360; ++ } ++ ++ if (s == e) { ++ s = 0; e = 360; ++ } ++ } ++ + for (i = s; (i <= e); i++) + { + int x, y; diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2009-3546.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2009-3546.patch new file mode 100644 index 000000000..d718976ad --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2009-3546.patch @@ -0,0 +1,13 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:56:06.000000000 +0000 ++++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2010-12-06 14:57:04.000000000 +0000 +@@ -42,6 +42,10 @@ + { + goto fail1; + } ++ if (&im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in)) diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch new file mode 100644 index 000000000..e8ba8db1e --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch @@ -0,0 +1,118 @@ +--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:24.591876404 +0100 ++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-08 14:46:35.345993247 +0100 +@@ -859,7 +859,7 @@ + % + % + */ +-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) ++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) + { int byte; + int count; + int i; +@@ -870,12 +870,14 @@ + U32 u; + + unsigned char* q; ++ unsigned char* end; + + for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; + + byte = 0; + x = 0; + q = pixels; ++ end = pixels + bmp->width * bmp->height; + + for (y = 0; y < bmp->height; ) + { count = ReadBlobByte (src); +@@ -884,7 +886,10 @@ + { /* Encoded mode. */ + byte = ReadBlobByte (src); + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = (unsigned char) byte; + } + else +@@ -896,13 +901,15 @@ + else + { /* Escape mode. */ + count = ReadBlobByte (src); +- if (count == 0x01) return; ++ if (count == 0x01) return 1; + switch (count) + { + case 0x00: + { /* End of line. */ + x = 0; + y++; ++ if (y >= bmp->height) ++ return 0; + q = pixels + y * bmp->width; + break; + } +@@ -910,13 +917,20 @@ + { /* Delta mode. */ + x += ReadBlobByte (src); + y += ReadBlobByte (src); ++ if (y >= bmp->height) ++ return 0; ++ if (x >= bmp->width) ++ return 0; + q = pixels + y * bmp->width + x; + break; + } + default: + { /* Absolute mode. */ + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = ReadBlobByte (src); + } + else +@@ -943,7 +957,7 @@ + byte = ReadBlobByte (src); /* end of line */ + byte = ReadBlobByte (src); + +- return; ++ return 1; + } + + /* +@@ -1143,8 +1157,18 @@ + } + } + else +- { /* Convert run-length encoded raster pixels. */ +- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); ++ { ++ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ ++ { ++ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) ++ { WMF_ERROR (API,"corrupt bmp"); ++ API->err = wmf_E_BadFormat; ++ } ++ } ++ else ++ { WMF_ERROR (API,"Unexpected pixel depth"); ++ API->err = wmf_E_BadFormat; ++ } + } + + if (ERR (API)) +--- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:24.590876393 +0100 ++++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-08 14:46:35.345993247 +0100 +@@ -48,7 +48,7 @@ + static unsigned short ReadBlobLSBShort (BMPSource*); + static unsigned long ReadBlobLSBLong (BMPSource*); + static long TellBlob (BMPSource*); +-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); ++static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); + static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); + static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); + static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4695.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4695.patch new file mode 100644 index 000000000..b6d499da9 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4695.patch @@ -0,0 +1,56 @@ +--- libwmf-0.2.8.4/src/player/meta.h ++++ libwmf-0.2.8.4/src/player/meta.h +@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API, + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API, + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4696.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4696.patch new file mode 100644 index 000000000..331284125 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2015-4696.patch @@ -0,0 +1,23 @@ +--- libwmf-0.2.8.4/src/player/meta.h ++++ libwmf-0.2.8.4/src/player/meta.h +@@ -2585,6 +2585,8 @@ + polyrect.BR[i] = clip->rects[i].BR; + } + ++ if (FR->region_clip) FR->region_clip (API,&polyrect); ++ + wmf_free (API,polyrect.TL); + wmf_free (API,polyrect.BR); + } +@@ -2593,9 +2595,10 @@ + polyrect.BR = 0; + + polyrect.count = 0; ++ ++ if (FR->region_clip) FR->region_clip (API,&polyrect); + } + +- if (FR->region_clip) FR->region_clip (API,&polyrect); + + return (changed); + } diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10167.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10167.patch new file mode 100644 index 000000000..5e2819743 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10167.patch @@ -0,0 +1,30 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c ++++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c +@@ -362,10 +362,9 @@ + { + if (!gdGetInt (&im->tpixels[y][x], in)) + { +- /*printf("EOF while reading\n"); */ +- /*gdImageDestroy(im); */ +- /*return 0; */ +- im->tpixels[y][x] = 0; ++ fprintf(stderr, "gd2: EOF while reading\n"); ++ gdImageDestroy(im); ++ return NULL; + } + } + else +@@ -373,10 +372,9 @@ + int ch; + if (!gdGetByte (&ch, in)) + { +- /*printf("EOF while reading\n"); */ +- /*gdImageDestroy(im); */ +- /*return 0; */ +- ch = 0; ++ fprintf(stderr, "gd2: EOF while reading\n"); ++ gdImageDestroy(im); ++ return NULL; + } + im->pixels[y][x] = ch; + } diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10168.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10168.patch new file mode 100644 index 000000000..f08b1f1e5 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-10168.patch @@ -0,0 +1,14 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c ++++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c +@@ -145,6 +145,11 @@ + + if ((*fmt) == GD2_FMT_COMPRESSED) + { ++ if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) { ++ GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy)); ++ goto fail1; ++ } ++ + nc = (*ncx) * (*ncy); + GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); + sidx = sizeof (t_chunk_info) * nc; diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch new file mode 100644 index 000000000..c6bd017c2 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch @@ -0,0 +1,36 @@ +--- libwmf-0.2.8.4/src/player.c ++++ libwmf-0.2.8.4/src/player.c +@@ -139,8 +139,31 @@ + WMF_DEBUG (API,"bailing..."); + return (API->err); + } +- +- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ ++ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char); ++ if (nMaxRecordSize) ++ { ++ //before allocating memory do a sanity check on size by seeking ++ //to claimed end to see if its possible. We're constrained here ++ //by the api and existing implementations to not simply seeking ++ //to SEEK_END. So use what we have to skip to the last byte and ++ //try and read it. ++ const long nPos = WMF_TELL (API); ++ WMF_SEEK (API, nPos + nMaxRecordSize - 1); ++ if (ERR (API)) ++ { WMF_DEBUG (API,"bailing..."); ++ return (API->err); ++ } ++ int byte = WMF_READ (API); ++ if (byte == (-1)) ++ { WMF_ERROR (API,"Unexpected EOF!"); ++ API->err = wmf_E_EOF; ++ return (API->err); ++ } ++ WMF_SEEK (API, nPos); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch new file mode 100644 index 000000000..cf57734ed --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2016-9317.patch @@ -0,0 +1,21 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd.c ++++ libwmf-0.2.8.4/src/extra/gd/gd.c +@@ -65,6 +65,18 @@ + { + int i; + gdImagePtr im; ++ ++ if (overflow2(sx, sy)) { ++ return NULL; ++ } ++ ++ if (overflow2(sizeof (unsigned char *), sy)) { ++ return NULL; ++ } ++ if (overflow2(sizeof (unsigned char), sx)) { ++ return NULL; ++ } ++ + im = (gdImage *) gdMalloc (sizeof (gdImage)); + memset (im, 0, sizeof (gdImage)); + /* Row-major ever since gd 1.3 */ diff --git a/patches/source/libwmf/libwmf-0.2.8.4-CVE-2017-6362.patch b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2017-6362.patch new file mode 100644 index 000000000..2ad180d97 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-CVE-2017-6362.patch @@ -0,0 +1,32 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_png.c ++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c +@@ -435,17 +435,6 @@ + out->free (out); + } + +-void * +-gdImagePngPtr (gdImagePtr im, int *size) +-{ +- void *rv; +- gdIOCtx *out = gdNewDynamicCtx (2048, NULL); +- gdImagePngCtx (im, out); +- rv = gdDPExtractData (out, size); +- out->free (out); +- return rv; +-} +- + /* This routine is based in part on code from Dale Lutz (Safe Software Inc.) + * and in part on demo code from Chapter 15 of "PNG: The Definitive Guide" + * (http://www.cdrom.com/pub/png/pngbook.html). +--- libwmf-0.2.8.4/src/extra/gd/gd.h ++++ libwmf-0.2.8.4/src/extra/gd/gd.h +@@ -373,9 +373,6 @@ + void gdImageGd2(gdImagePtr im, FILE *out, int cs, int fmt); + + /* Best to free this memory with gdFree(), not free() */ +-void* gdImagePngPtr(gdImagePtr im, int *size); +- +-/* Best to free this memory with gdFree(), not free() */ + void* gdImageGdPtr(gdImagePtr im, int *size); + + /* Best to free this memory with gdFree(), not free() */ diff --git a/patches/source/libwmf/libwmf-0.2.8.4-fallbackfont.patch b/patches/source/libwmf/libwmf-0.2.8.4-fallbackfont.patch new file mode 100644 index 000000000..83383138a --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-fallbackfont.patch @@ -0,0 +1,18 @@ +diff -ru libwmf-0.2.8.4.orig/src/font.c libwmf-0.2.8.4/src/font.c +--- libwmf-0.2.8.4.orig/src/font.c 2005-07-27 21:35:06.000000000 +0100 ++++ libwmf-0.2.8.4/src/font.c 2006-01-03 12:53:38.000000000 +0000 +@@ -1429,11 +1429,9 @@ + if (GS->len == 0) return (0); + + name = font->lfFaceName; +- if (name == 0) +- { WMF_DEBUG (API,"No font name?"); +- API->err = wmf_E_Glitch; +- return (0); +- } ++ ++ if (name == 0 || name[0] == 0) ++ name = "Times"; + + /* Find first white-space character or eol + */ diff --git a/patches/source/libwmf/libwmf-0.2.8.4-pixbufloaderdir.patch b/patches/source/libwmf/libwmf-0.2.8.4-pixbufloaderdir.patch new file mode 100644 index 000000000..a03578581 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-pixbufloaderdir.patch @@ -0,0 +1,14 @@ +diff -up libwmf-0.2.8.4/configure.in.pixbufloaderdir libwmf-0.2.8.4/configure.in +--- libwmf-0.2.8.4/configure.in.pixbufloaderdir 2010-06-28 23:35:06.227167269 -0400 ++++ libwmf-0.2.8.4/configure.in 2010-06-28 23:36:00.948420306 -0400 +@@ -741,8 +741,8 @@ + + if test $LIBWMF_BUILDSTYLE != lite; then + PKG_CHECK_MODULES(GDK_PIXBUF,gdk-pixbuf-2.0 >= 2.1.2,[ +- GTK_VERSION=`$PKG_CONFIG --variable=gtk_binary_version gtk+-2.0` +- GDK_PIXBUF_DIR="gtk-2.0/$GTK_VERSION/loaders" ++ GDK_PIXBUF_VERSION=`$PKG_CONFIG --variable=gdk_pixbuf_binary_version gdk-pixbuf-2.0` ++ GDK_PIXBUF_DIR="gdk-pixbuf-2.0/$GDK_PIXBUF_VERSION/loaders" + wmf_gdk_pixbuf=yes + ],[ wmf_gdk_pixbuf=no + ]) diff --git a/patches/source/libwmf/libwmf-0.2.8.4-reducesymbols.patch b/patches/source/libwmf/libwmf-0.2.8.4-reducesymbols.patch new file mode 100644 index 000000000..45d82b327 --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-reducesymbols.patch @@ -0,0 +1,520 @@ +diff -ru libwmf-0.2.8.4/src/extra/gd/gd.c libwmf-0.2.8.4.symbols/src/extra/gd/gd.c +--- libwmf-0.2.8.4/src/extra/gd/gd.c 2005-07-27 21:35:05.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd.c 2006-11-16 12:27:05.000000000 +0000 +@@ -249,6 +249,7 @@ + } + HWBType; + ++#if 0 + static HWBType * + RGB_to_HWB (RGBType RGB, HWBType * HWB) + { +@@ -308,7 +309,6 @@ + return diff; + } + +-#if 0 + /* + * This is not actually used, but is here for completeness, in case someone wants to + * use the HWB stuff for anything else... +@@ -355,6 +355,7 @@ + } + #endif + ++#if 0 + int + gdImageColorClosestHWB (gdImagePtr im, int r, int g, int b) + { +@@ -384,6 +385,7 @@ + } + return ct; + } ++#endif + + int + gdImageColorExact (gdImagePtr im, int r, int g, int b) +@@ -677,7 +679,7 @@ + } + } + +-int ++static int + gdImageGetTrueColorPixel (gdImagePtr im, int x, int y) + { + int p = gdImageGetPixel (im, x, y); +@@ -1286,11 +1288,11 @@ + return len; + } + +-#ifndef HAVE_LSQRT ++#if 0 + /* If you don't have a nice square root function for longs, you can use + ** this hack + */ +-long ++static long + lsqrt (long n) + { + long result = (long) sqrt ((double) n); +@@ -2250,7 +2252,7 @@ + } + } + +-int gdCompareInt (const void *a, const void *b); ++static int gdCompareInt (const void *a, const void *b); + + /* THANKS to Kirsten Schulz for the polygon fixes! */ + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdcache.h libwmf-0.2.8.4.symbols/src/extra/gd/gdcache.h +--- libwmf-0.2.8.4/src/extra/gd/gdcache.h 2001-08-21 15:40:33.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdcache.h 2006-11-16 12:13:40.000000000 +0000 +@@ -41,6 +41,9 @@ + /*********************************************************/ + + /* #include */ ++ ++#pragma GCC visibility push(hidden) ++ + #ifndef NULL + #define NULL (void *)0 + #endif +@@ -81,3 +84,5 @@ + + void * + gdCacheGet( gdCache_head_t *head, void *keydata ); ++ ++#pragma GCC visibility pop +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_clip.h libwmf-0.2.8.4.symbols/src/extra/gd/gd_clip.h +--- libwmf-0.2.8.4/src/extra/gd/gd_clip.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_clip.h 2006-11-16 12:11:49.000000000 +0000 +@@ -1,6 +1,8 @@ + #ifndef GD_CLIP_H + #define GD_CLIP_H 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -23,4 +25,6 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif /* GD_CLIP_H */ +diff -ru libwmf-0.2.8.4/src/extra/gd/gdfontg.h libwmf-0.2.8.4.symbols/src/extra/gd/gdfontg.h +--- libwmf-0.2.8.4/src/extra/gd/gdfontg.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdfontg.h 2006-11-16 12:12:03.000000000 +0000 +@@ -2,6 +2,8 @@ + #ifndef _GDFONTG_H_ + #define _GDFONTG_H_ 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -25,5 +27,7 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdfontl.h libwmf-0.2.8.4.symbols/src/extra/gd/gdfontl.h +--- libwmf-0.2.8.4/src/extra/gd/gdfontl.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdfontl.h 2006-11-16 12:12:11.000000000 +0000 +@@ -2,6 +2,8 @@ + #ifndef _GDFONTL_H_ + #define _GDFONTL_H_ 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -26,5 +28,7 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdfontmb.h libwmf-0.2.8.4.symbols/src/extra/gd/gdfontmb.h +--- libwmf-0.2.8.4/src/extra/gd/gdfontmb.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdfontmb.h 2006-11-16 12:12:19.000000000 +0000 +@@ -2,6 +2,8 @@ + #ifndef _GDFONTMB_H_ + #define _GDFONTMB_H_ 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -24,5 +26,7 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdfonts.h libwmf-0.2.8.4.symbols/src/extra/gd/gdfonts.h +--- libwmf-0.2.8.4/src/extra/gd/gdfonts.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdfonts.h 2006-11-16 12:12:28.000000000 +0000 +@@ -2,6 +2,8 @@ + #ifndef _GDFONTS_H_ + #define _GDFONTS_H_ 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -24,5 +26,7 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdfontt.h libwmf-0.2.8.4.symbols/src/extra/gd/gdfontt.h +--- libwmf-0.2.8.4/src/extra/gd/gdfontt.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdfontt.h 2006-11-16 12:12:36.000000000 +0000 +@@ -2,6 +2,8 @@ + #ifndef _GDFONTT_H_ + #define _GDFONTT_H_ 1 + ++#pragma GCC visibility push(hidden) ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -25,5 +27,7 @@ + } + #endif + ++#pragma GCC visibility pop ++ + #endif + +diff -ru libwmf-0.2.8.4/src/extra/gd/gdft.c libwmf-0.2.8.4.symbols/src/extra/gd/gdft.c +--- libwmf-0.2.8.4/src/extra/gd/gdft.c 2005-07-27 21:35:05.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdft.c 2006-11-16 12:24:50.000000000 +0000 +@@ -533,7 +533,7 @@ + } + + /* draw_bitmap - transfers glyph bitmap to GD image */ +-/* static */ char * ++static char * + gdft_draw_bitmap (gdImage * im, int fg, FT_Bitmap bitmap, int pen_x, int pen_y) + { + unsigned char *pixel = 0; +@@ -643,7 +643,7 @@ + return (char *) NULL; + } + +-int ++static int + gdroundupdown (FT_F26Dot6 v1, int updown) + { + return (!updown) +@@ -651,7 +651,9 @@ + : (v1 > 0 ? ((v1 + 63) >> 6) : v1 >> 6); + } + ++#pragma GCC visibility push(hidden) + extern int any2eucjp (char *, char *, unsigned int); ++#pragma GCC visibility pop + + /********************************************************************/ + /* gdImageStringFT - render a utf8 string onto a gd image */ +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_gd2.c libwmf-0.2.8.4.symbols/src/extra/gd/gd_gd2.c +--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c 2005-07-27 21:35:05.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_gd2.c 2006-11-16 12:21:28.000000000 +0000 +@@ -34,8 +34,10 @@ + } + t_chunk_info; + ++#pragma GCC visibility push(hidden) + extern int _gdGetColors (gdIOCtx * in, gdImagePtr im, int gd2xFlag); + extern void _gdPutColors (gdImagePtr im, gdIOCtx * out); ++#pragma GCC visibility pop + + /* */ + /* Read the extra info in the gd2 header. */ +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_gd.c libwmf-0.2.8.4.symbols/src/extra/gd/gd_gd.c +--- libwmf-0.2.8.4/src/extra/gd/gd_gd.c 2005-07-27 21:35:05.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_gd.c 2006-11-16 12:21:43.000000000 +0000 +@@ -11,6 +11,11 @@ + /* Exported functions: */ + extern void gdImageGd (gdImagePtr im, FILE * out); + ++#pragma GCC visibility push(hidden) ++int _gdGetColors (gdIOCtx * in, gdImagePtr im, int gd2xFlag); ++void _gdPutColors (gdImagePtr im, gdIOCtx * out); ++#pragma GCC visibility pop ++ + + /* Use this for commenting out debug-print statements. */ + /* Just use the first '#define' to allow all the prints... */ +diff -ru libwmf-0.2.8.4/src/extra/gd/gd.h libwmf-0.2.8.4.symbols/src/extra/gd/gd.h +--- libwmf-0.2.8.4/src/extra/gd/gd.h 2002-12-05 20:09:11.000000000 +0000 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd.h 2006-11-16 12:14:11.000000000 +0000 +@@ -25,6 +25,8 @@ + #include + #include + ++#pragma GCC visibility push(hidden) ++ + /* The maximum number of palette entries in palette-based images. + In the wonderful new world of gd 2.0, you can of course have + many more colors when using truecolor mode. */ +@@ -497,6 +499,8 @@ + /* resolution affects ttf font rendering, particularly hinting */ + #define GD_RESOLUTION 96 /* pixels per inch */ + ++#pragma GCC visibility pop ++ + #ifdef __cplusplus + } + #endif +diff -ru libwmf-0.2.8.4/src/extra/gd/gdhelpers.h libwmf-0.2.8.4.symbols/src/extra/gd/gdhelpers.h +--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h 2001-03-28 10:37:31.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdhelpers.h 2006-11-16 12:12:55.000000000 +0000 +@@ -1,6 +1,8 @@ + #ifndef GDHELPERS_H + #define GDHELPERS_H 1 + ++#pragma GCC visibility push(hidden) ++ + /* TBB: strtok_r is not universal; provide an implementation of it. */ + + extern char *gd_strtok_r(char *s, char *sep, char **state); +@@ -13,5 +15,7 @@ + void *gdMalloc(size_t size); + void *gdRealloc(void *ptr, size_t size); + ++#pragma GCC visibility pop ++ + #endif /* GDHELPERS_H */ + +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_io.h libwmf-0.2.8.4.symbols/src/extra/gd/gd_io.h +--- libwmf-0.2.8.4/src/extra/gd/gd_io.h 2001-03-28 10:37:30.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_io.h 2006-11-16 12:13:08.000000000 +0000 +@@ -2,6 +2,8 @@ + #define GD_IO_H 1 + + #include ++ ++#pragma GCC visibility push(hidden) + + typedef struct gdIOCtx { + int (*getC)(struct gdIOCtx*); +@@ -36,4 +38,6 @@ + int gdSeek(gdIOCtx *ctx, const int); + long gdTell(gdIOCtx *ctx); + ++#pragma GCC visibility pop ++ + #endif +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_jpeg.c libwmf-0.2.8.4.symbols/src/extra/gd/gd_jpeg.c +--- libwmf-0.2.8.4/src/extra/gd/gd_jpeg.c 2005-07-27 21:35:06.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_jpeg.c 2006-11-16 12:28:13.000000000 +0000 +@@ -99,7 +99,7 @@ + return rv; + } + +-void jpeg_gdIOCtx_dest (j_compress_ptr cinfo, gdIOCtx * outfile); ++static void jpeg_gdIOCtx_dest (j_compress_ptr cinfo, gdIOCtx * outfile); + + void + gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality) +@@ -266,7 +266,7 @@ + return im; + } + +-void ++static void + jpeg_gdIOCtx_src (j_decompress_ptr cinfo, + gdIOCtx * infile); + +@@ -511,7 +511,7 @@ + * before any data is actually read. + */ + +-void ++static void + init_source (j_decompress_ptr cinfo) + { + my_src_ptr src = (my_src_ptr) cinfo->src; +@@ -559,7 +559,7 @@ + + #define END_JPEG_SEQUENCE "\r\n[*]--:END JPEG:--[*]\r\n" + +-safeboolean ++static safeboolean + fill_input_buffer (j_decompress_ptr cinfo) + { + my_src_ptr src = (my_src_ptr) cinfo->src; +@@ -627,7 +627,7 @@ + * buffer is the application writer's problem. + */ + +-void ++static void + skip_input_data (j_decompress_ptr cinfo, long num_bytes) + { + my_src_ptr src = (my_src_ptr) cinfo->src; +@@ -669,7 +669,7 @@ + * for error exit. + */ + +-void ++static void + term_source (j_decompress_ptr cinfo) + { + +@@ -742,7 +742,7 @@ + * before any data is actually written. + */ + +-void ++static void + init_destination (j_compress_ptr cinfo) + { + my_dest_ptr dest = (my_dest_ptr) cinfo->dest; +@@ -780,7 +780,7 @@ + * write it out when emptying the buffer externally. + */ + +-safeboolean ++static safeboolean + empty_output_buffer (j_compress_ptr cinfo) + { + my_dest_ptr dest = (my_dest_ptr) cinfo->dest; +@@ -805,7 +805,7 @@ + * for error exit. + */ + +-void ++static void + term_destination (j_compress_ptr cinfo) + { + my_dest_ptr dest = (my_dest_ptr) cinfo->dest; +diff -ru libwmf-0.2.8.4/src/extra/gd/gdkanji.c libwmf-0.2.8.4.symbols/src/extra/gd/gdkanji.c +--- libwmf-0.2.8.4/src/extra/gd/gdkanji.c 2001-05-19 14:09:34.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdkanji.c 2006-11-16 12:29:42.000000000 +0000 +@@ -555,6 +555,11 @@ + return kanji; + } + ++#pragma GCC visibility push(hidden) ++int ++any2eucjp (unsigned char *dest, unsigned char *src, unsigned int dest_max); ++#pragma GCC visibility pop ++ + int + any2eucjp (unsigned char *dest, unsigned char *src, unsigned int dest_max) + { +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_topal.c libwmf-0.2.8.4.symbols/src/extra/gd/gd_topal.c +--- libwmf-0.2.8.4/src/extra/gd/gd_topal.c 2005-07-27 21:35:06.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_topal.c 2006-11-16 12:25:45.000000000 +0000 +@@ -1129,7 +1129,7 @@ + * Map some rows of pixels to the output colormapped representation. + */ + +-void ++static void + pass2_no_dither (gdImagePtr im, my_cquantize_ptr cquantize) + /* This version performs no dithering */ + { +@@ -1217,7 +1217,7 @@ + #endif + + +-void ++static void + pass2_fs_dither (gdImagePtr im, my_cquantize_ptr cquantize) + + /* This version performs Floyd-Steinberg dithering */ +diff -ru libwmf-0.2.8.4/src/extra/gd/gd_wbmp.c libwmf-0.2.8.4.symbols/src/extra/gd/gd_wbmp.c +--- libwmf-0.2.8.4/src/extra/gd/gd_wbmp.c 2001-05-19 14:09:34.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gd_wbmp.c 2006-11-16 12:28:33.000000000 +0000 +@@ -67,7 +67,7 @@ + ** Wrapper around gdPutC for use with writewbmp + ** + */ +-void ++static void + gd_putout (int i, void *out) + { + gdPutC (i, (gdIOCtx *) out); +@@ -79,7 +79,7 @@ + ** Wrapper around gdGetC for use with readwbmp + ** + */ +-int ++static int + gd_getin (void *in) + { + return (gdGetC ((gdIOCtx *) in)); +diff -ru libwmf-0.2.8.4/src/extra/gd/gdxpm.c libwmf-0.2.8.4.symbols/src/extra/gd/gdxpm.c +--- libwmf-0.2.8.4/src/extra/gd/gdxpm.c 2001-05-19 14:09:34.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/gdxpm.c 2006-11-16 12:18:29.000000000 +0000 +@@ -10,6 +10,7 @@ + #include "gd.h" + #include "gdhelpers.h" + ++#if 0 + #ifndef HAVE_XPM + gdImagePtr + gdImageCreateFromXpm (char *filename) +@@ -146,3 +147,4 @@ + return (im); + } + #endif ++#endif +diff -ru libwmf-0.2.8.4/src/extra/gd/jisx0208.h libwmf-0.2.8.4.symbols/src/extra/gd/jisx0208.h +--- libwmf-0.2.8.4/src/extra/gd/jisx0208.h 2001-03-28 10:37:35.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/jisx0208.h 2006-11-16 12:13:19.000000000 +0000 +@@ -1,5 +1,8 @@ + #ifndef JISX0208_H + #define JISX0208_H ++ ++#pragma GCC visibility push(hidden) ++ + /* This file was derived from "src/VF_Ftype.c" in VFlib2-2.24.2 + by Dr. Kakugawa */ + +@@ -1202,4 +1205,6 @@ + 0x2170, 0x2171, 0x2172, 0x2173, 0x2174, 0x2175, 0x2176, 0x2177, + 0x2178, 0x2179, 0xFFE2, 0xFFE4, 0xFF07, 0xFF02}}; + ++#pragma GCC visibility pop ++ + #endif /* JISX0208_H */ +diff -ru libwmf-0.2.8.4/src/extra/gd/wbmp.h libwmf-0.2.8.4.symbols/src/extra/gd/wbmp.h +--- libwmf-0.2.8.4/src/extra/gd/wbmp.h 2001-03-28 10:37:37.000000000 +0100 ++++ libwmf-0.2.8.4.symbols/src/extra/gd/wbmp.h 2006-11-16 12:14:19.000000000 +0000 +@@ -12,6 +12,8 @@ + #ifndef __WBMP_H + #define __WBMP_H 1 + ++#pragma GCC visibility push(hidden) ++ + + /* WBMP struct + ** ----------- +@@ -44,4 +46,6 @@ + void freewbmp( Wbmp *wbmp ); + void printwbmp( Wbmp *wbmp ); + ++#pragma GCC visibility pop ++ + #endif diff --git a/patches/source/libwmf/libwmf-0.2.8.4-useafterfree.patch b/patches/source/libwmf/libwmf-0.2.8.4-useafterfree.patch new file mode 100644 index 000000000..328c5411f --- /dev/null +++ b/patches/source/libwmf/libwmf-0.2.8.4-useafterfree.patch @@ -0,0 +1,10 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list 2009-04-24 04:06:44.000000000 -0400 ++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c 2009-04-24 04:08:30.000000000 -0400 +@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe + { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); + if (more == 0) return; + im->clip->max += 8; ++ im->clip->list = more; + } + im->clip->list[im->clip->count] = (*rect); + im->clip->count++; diff --git a/patches/source/libwmf/libwmf.SlackBuild b/patches/source/libwmf/libwmf.SlackBuild new file mode 100755 index 000000000..4fd24029b --- /dev/null +++ b/patches/source/libwmf/libwmf.SlackBuild @@ -0,0 +1,142 @@ +#!/bin/bash + +# Copyright 2008, 2009, 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=libwmf +VERSION=0.2.8.4 +BUILD=${BUILD:-7_slack14.2} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} +TMP=${TMP:-/tmp} + +PKG=$TMP/package-libwmf + +rm -rf $PKG +mkdir -p $PKG + +cd $TMP +rm -rf libwmf-$VERSION +tar xvf $CWD/libwmf-$VERSION.tar.?z* || exit 1 +cd libwmf-$VERSION || exit 1 + +zcat $CWD/libwmf.png14.diff.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Miscellaneous patches from Fedora: +zcat $CWD/libwmf-0.2.8.4-fallbackfont.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-pixbufloaderdir.patch.gz | patch -p1 --verbose || exit 1 + +# Don't export the modified embedded GD library symbols, to avoid conflicts with +# the system libgd: +zcat $CWD/libwmf-0.2.8.4-reducesymbols.patch.gz | patch -p1 --verbose || exit 1 + +# Patch security issues: +zcat $CWD/libwmf-0.2.8.4-useafterfree.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2006-3376.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2004-0941.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2007-0455.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2007-2756.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2007-3472.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2007-3473.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2007-3477.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2009-3546.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2015-4695.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2015-4696.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2016-10167.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2016-10168.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2016-9011.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2016-9317.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/libwmf-0.2.8.4-CVE-2017-6362.patch.gz | patch -p1 --verbose || exit 1 + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --enable-static=no \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +mkdir -p $PKG/usr/doc +mv $PKG/usr/share/doc/libwmf $PKG/usr/doc/libwmf-$VERSION +rmdir $PKG/usr/share/doc +cp -a \ + AUTHORS BUILDING COPYING CREDITS NEWS README TODO \ + $PKG/usr/doc/libwmf-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/libwmf-$VERSION-$ARCH-$BUILD.txz diff --git a/patches/source/libwmf/libwmf.png14.diff b/patches/source/libwmf/libwmf.png14.diff new file mode 100644 index 000000000..c55b143c8 --- /dev/null +++ b/patches/source/libwmf/libwmf.png14.diff @@ -0,0 +1,11 @@ +--- ./src/extra/gd/gd_png.c.orig 2005-07-27 15:35:06.000000000 -0500 ++++ ./src/extra/gd/gd_png.c 2010-02-14 18:24:19.000000000 -0600 +@@ -136,7 +136,7 @@ + /* first do a quick check that the file really is a PNG image; could + * have used slightly more general png_sig_cmp() function instead */ + gdGetBuf (sig, 8, infile); +- if (!png_check_sig (sig, 8)) ++ if (!(png_sig_cmp(sig, 0, 8) == 0)) + return NULL; /* bad signature */ + + #ifndef PNG_SETJMP_NOT_SUPPORTED diff --git a/patches/source/libwmf/slack-desc b/patches/source/libwmf/slack-desc new file mode 100644 index 000000000..19f99a7de --- /dev/null +++ b/patches/source/libwmf/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libwmf: libwmf (WMF graphics format library) +libwmf: +libwmf: libwmf is a library for interpreting metafile images and either +libwmf: displaying them using X or converting them to standard formats such +libwmf: as PNG, JPEG, PS, EPS and SVG. +libwmf: +libwmf: +libwmf: +libwmf: +libwmf: +libwmf: -- cgit v1.2.3