summary refs log tree commit diff
path: root/pkgs/development/libraries/libwmf
diff options
context:
space:
mode:
authorc0bw3b <c0bw3b@users.noreply.github.com>2019-05-05 17:14:14 +0200
committerc0bw3b <c0bw3b@users.noreply.github.com>2019-05-05 17:14:14 +0200
commite82c74be5e137a91d54306e43110d7d7adbf1c0f (patch)
treef1764c5cc8d700e4e1d5f73b17c4ec2d22d25a79 /pkgs/development/libraries/libwmf
parent75d1439f8f1400a8ae3ece260693b90d99daf6d0 (diff)
downloadnixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar.gz
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar.bz2
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar.lz
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar.xz
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.tar.zst
nixpkgs-e82c74be5e137a91d54306e43110d7d7adbf1c0f.zip
libwmf: 0.2.8.4 -> 0.2.12
Includes the previous security fixes:
- CVE-2006-3376
- CVE-2009-1364
- CVE-2015-0848+4588+4695+4696

+ fixes CVE-2019-6978 (in libgd)
Diffstat (limited to 'pkgs/development/libraries/libwmf')
-rw-r--r--pkgs/development/libraries/libwmf/CVE-2006-3376.patch28
-rw-r--r--pkgs/development/libraries/libwmf/CVE-2009-1364.patch11
-rw-r--r--pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch186
-rw-r--r--pkgs/development/libraries/libwmf/default.nix34
4 files changed, 15 insertions, 244 deletions
diff --git a/pkgs/development/libraries/libwmf/CVE-2006-3376.patch b/pkgs/development/libraries/libwmf/CVE-2006-3376.patch
deleted file mode 100644
index 4c7519d9c10..00000000000
--- a/pkgs/development/libraries/libwmf/CVE-2006-3376.patch
+++ /dev/null
@@ -1,28 +0,0 @@
---- libwmf-0.2.8.4.orig/src/player.c
-+++ libwmf-0.2.8.4/src/player.c
-@@ -23,6 +23,7 @@
- 
- #include <stdio.h>
- #include <stdlib.h>
-+#include <stdint.h>
- #include <string.h>
- #include <math.h>
- 
-@@ -132,8 +133,14 @@
- 		}
- 	}
- 
--/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
-- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
-+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
-+	{
-+		API->err = wmf_E_InsMem;
-+		WMF_DEBUG (API,"bailing...");
-+		return (API->err);
-+	}
-+
-+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
- 
- 	if (ERR (API))
- 	{	WMF_DEBUG (API,"bailing...");
-
diff --git a/pkgs/development/libraries/libwmf/CVE-2009-1364.patch b/pkgs/development/libraries/libwmf/CVE-2009-1364.patch
deleted file mode 100644
index e2a4501662c..00000000000
--- a/pkgs/development/libraries/libwmf/CVE-2009-1364.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
-@@ -70,6 +70,7 @@
- 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
- 		if (more == 0) return;
- 		im->clip->max += 8;
-+		im->clip->list = more;
- 	}
- 	im->clip->list[im->clip->count] = (*rect);
- 	im->clip->count++;
-
diff --git a/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch b/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch
deleted file mode 100644
index 54d47800298..00000000000
--- a/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch
+++ /dev/null
@@ -1,186 +0,0 @@
---- libwmf-0.2.8.4.orig/src/player/meta.h
-+++ libwmf-0.2.8.4/src/player/meta.h
-@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -2593,9 +2593,10 @@ static int meta_dc_restore (wmfAPI* API,
- 		polyrect.BR = 0;
- 
- 		polyrect.count = 0;
-+	
-+		if (FR->region_clip) FR->region_clip (API,&polyrect);
- 	}
- 
--	if (FR->region_clip) FR->region_clip (API,&polyrect);
- 
- 	return (changed);
- }
-@@ -3067,7 +3068,7 @@ static int meta_pen_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3181,7 +3182,7 @@ static int meta_brush_create (wmfAPI* AP
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3288,7 +3289,7 @@ static int meta_font_create (wmfAPI* API
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3396,7 +3397,7 @@ static int meta_palette_create (wmfAPI*
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
---- libwmf-0.2.8.4.orig/src/ipa/ipa.h
-+++ libwmf-0.2.8.4/src/ipa/ipa.h
-@@ -48,7 +48,7 @@ static int            ReadBlobByte (BMPS
- static unsigned short ReadBlobLSBShort (BMPSource*);
- static unsigned long  ReadBlobLSBLong (BMPSource*);
- static long           TellBlob (BMPSource*);
--static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
-+static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
- static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
- static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
- static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
---- libwmf-0.2.8.4.orig/src/ipa/ipa/bmp.h
-+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h
-@@ -859,7 +859,7 @@ static long TellBlob (BMPSource* src)
- %
- %
- */
--static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
-+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
- {	int byte;
- 	int count;
- 	int i;
-@@ -870,12 +870,14 @@ static void DecodeImage (wmfAPI* API,wmf
- 	U32 u;
- 
- 	unsigned char* q;
-+	unsigned char* end;
- 
- 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
- 
- 	byte = 0;
- 	x = 0;
- 	q = pixels;
-+	end = pixels + bmp->width * bmp->height;
- 
- 	for (y = 0; y < bmp->height; )
- 	{	count = ReadBlobByte (src);
-@@ -884,7 +886,10 @@ static void DecodeImage (wmfAPI* API,wmf
- 		{	/* Encoded mode. */
- 			byte = ReadBlobByte (src);
- 			for (i = 0; i < count; i++)
--			{	if (compression == 1)
-+			{	
-+				if (q == end)
-+					return 0;
-+			 	if (compression == 1)
- 				{	(*(q++)) = (unsigned char) byte;
- 				}
- 				else
-@@ -896,13 +901,15 @@ static void DecodeImage (wmfAPI* API,wmf
- 		else
- 		{	/* Escape mode. */
- 			count = ReadBlobByte (src);
--			if (count == 0x01) return;
-+			if (count == 0x01) return 1;
- 			switch (count)
- 			{
- 			case 0x00:
- 			 {	/* End of line. */
- 				x = 0;
- 				y++;
-+				if (y >= bmp->height)
-+					return 0;
- 				q = pixels + y * bmp->width;
- 				break;
- 			 }
-@@ -910,13 +917,20 @@ static void DecodeImage (wmfAPI* API,wmf
- 			 {	/* Delta mode. */
- 				x += ReadBlobByte (src);
- 				y += ReadBlobByte (src);
-+				if (y >= bmp->height)
-+					return 0;
-+				if (x >= bmp->width)
-+					return 0;
- 				q = pixels + y * bmp->width + x;
- 				break;
- 			 }
- 			default:
- 			 {	/* Absolute mode. */
- 				for (i = 0; i < count; i++)
--				{	if (compression == 1)
-+				{
-+					if (q == end)
-+						return 0;
-+					if (compression == 1)
- 					{	(*(q++)) = ReadBlobByte (src);
- 					}
- 					else
-@@ -943,7 +957,7 @@ static void DecodeImage (wmfAPI* API,wmf
- 	byte = ReadBlobByte (src);  /* end of line */
- 	byte = ReadBlobByte (src);
- 
--	return;
-+	return 1;
- }
- 
- /*
-@@ -1143,8 +1157,18 @@ static void ReadBMPImage (wmfAPI* API,wm
- 		}
- 	}
- 	else
--	{	/* Convert run-length encoded raster pixels. */
--		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
-+	{
-+		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
-+		{
-+			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
-+			{	WMF_ERROR (API,"corrupt bmp");
-+				API->err = wmf_E_BadFormat;
-+			}
-+		}
-+		else
-+		{	WMF_ERROR (API,"Unexpected pixel depth");
-+			API->err = wmf_E_BadFormat;
-+		}
- 	}
- 
- 	if (ERR (API))
diff --git a/pkgs/development/libraries/libwmf/default.nix b/pkgs/development/libraries/libwmf/default.nix
index bf685862adf..e7aa5f7ecc9 100644
--- a/pkgs/development/libraries/libwmf/default.nix
+++ b/pkgs/development/libraries/libwmf/default.nix
@@ -1,31 +1,27 @@
-{ stdenv, fetchurl, fetchpatch, zlib, imagemagick, libpng, pkgconfig, glib
-, freetype, libjpeg, libxml2 }:
+{ stdenv, fetchFromGitHub, pkgconfig
+, freetype, glib, imagemagick, libjpeg, libpng, libxml2, zlib
+}:
 
-stdenv.mkDerivation {
-  name = "libwmf-0.2.8.4";
+stdenv.mkDerivation rec {
+  pname = "libwmf";
+  version = "0.2.12";
 
-  src = fetchurl {
-    url = mirror://sourceforge/wvware/libwmf-0.2.8.4.tar.gz;
-    sha256 = "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v";
+  src = fetchFromGitHub {
+    owner = "caolanm";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0i2w5hg8mbgmgabxyd48qp1gx2mhk33hgr3jqvg72k0nhkd2jhf6";
   };
 
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ zlib imagemagick libpng glib freetype libjpeg libxml2 ];
-
-  patches = [
-    ./CVE-2006-3376.patch ./CVE-2009-1364.patch
-    ./CVE-2015-0848+4588+4695+4696.patch
-    (fetchpatch {
-      name = "libwmf-0.2.8.4-CVE-2016-9011-debian.patch";
-      url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10";
-      sha256 = "15vnqrj1dlvn0g8ccrxj2r2cyb1rv0qf0kfangxfgsi5h8is0c2b";
-    })
-  ];
+  enableParallelBuilding = true;
 
   meta = with stdenv.lib; {
     description = "WMF library from wvWare";
-    homepage = http://wvware.sourceforge.net/libwmf.html;
-    license = licenses.gpl2;
+    homepage = "http://wvware.sourceforge.net/libwmf.html";
+    downloadPage = "https://github.com/caolanm/libwmf/releases";
+    license = licenses.gpl2Plus;
     platforms = platforms.unix;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-02 22:04:50 +0000