Hello community, here is the log from the commit of package libwmf.3885 for openSUSE:13.2:Update checked in at 2015-07-09 10:35:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/libwmf.3885 (Old) and /work/SRC/openSUSE:13.2:Update/.libwmf.3885.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libwmf.3885" Changes: -------- New Changes file: --- /dev/null 2015-06-25 09:04:34.320025005 +0200 +++ /work/SRC/openSUSE:13.2:Update/.libwmf.3885.new/libwmf.changes 2015-07-09 10:35:11.000000000 +0200 @@ -0,0 +1,247 @@ +------------------------------------------------------------------- +Tue Jun 30 08:51:41 UTC 2015 - [email protected] + +- Added patches: + * libwmf-0.2.8.4-CVE-2015-4695.patch + - Fix CVE-2015-4695: meta_pen_create heap buffer over read + (bsc#936058) + * libwmf-0.2.8.4-CVE-2015-4696.patch + - Fix CVE-2015-4696: wmf2gd/wmf2eps use after free (bsc#936062) + +------------------------------------------------------------------- +Thu Jun 11 07:11:53 UTC 2015 - [email protected] + +- Added patches: + * libwmf-0.2.8.4-CVE-2015-0848.patch + - Fix CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109) + * libwmf-0.2.8.4-badrle.patch + - Fix CVE-2015-4588: DecodeImage() does not check that the + run-length "count" fits into the total size of the image, + which can lead to a heap-based buffer overflow (bsc#933109) + +------------------------------------------------------------------- +Wed Aug 20 13:09:41 UTC 2014 - [email protected] + +- dropped libwmf-devel -> libwmf-tools dependency (bnc#892356) + +------------------------------------------------------------------- +Wed May 28 09:41:12 UTC 2014 - [email protected] + +- Clean spec file with spec-cleaner +- Do not distribute *.la files + +------------------------------------------------------------------- +Wed Mar 5 15:37:30 UTC 2014 - [email protected] + +- Add libwmf-0.2.8.4-bnc495842.patch to fix realloc return value + usage (bnc#495842, bnc#831299) + +------------------------------------------------------------------- +Tue Apr 16 06:54:24 UTC 2013 - [email protected] + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Mon Jun 18 10:24:18 UTC 2012 - [email protected] + +- Add libwmf-0_2-7 to baselibs.conf. + +------------------------------------------------------------------- +Sat Mar 3 09:50:58 UTC 2012 - [email protected] + +- Add libjpeg-devel as BuildRequires, needed to resolve build error +- Add selected Xorg packages to BR to have wmf2x be built again + +------------------------------------------------------------------- +Mon Jan 30 00:19:40 UTC 2012 - [email protected] + +- Remove further redundant sections + +------------------------------------------------------------------- +Tue Nov 29 15:23:14 UTC 2011 - [email protected] + +- Actually use "libwmf-tools" instead of wmf-utils, this goes much + more in line with the preexisting libwpd-tools and libwps-tools. + +------------------------------------------------------------------- +Tue Nov 15 20:15:43 UTC 2011 - [email protected] + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) +- Apply shlib packaging (-> new libwmf-0_2-7 subpackage), + create "wmf-utils" subpackage as suggested by namtrac + +------------------------------------------------------------------- +Fri Dec 17 10:45:17 UTC 2010 - [email protected] + +- fix file list + +------------------------------------------------------------------- +Sun Apr 4 19:03:37 CEST 2010 - [email protected] + +- fix build of in-tree copy of gd to build with new libpng14 + (long deprecated function has been removed) + +------------------------------------------------------------------- +Thu Dec 24 14:39:28 CET 2009 - [email protected] + +- package baselibs.conf +- enable parallel build + +------------------------------------------------------------------- +Mon Dec 21 18:29:22 UTC 2009 - [email protected] + +- rediff another patch + +------------------------------------------------------------------- +Tue Dec 8 13:48:03 CET 2009 - [email protected] + +- rediffed without fuzz, some spec cleanups + +------------------------------------------------------------------- +Tue Nov 25 17:22:20 CET 2008 - [email protected] + +- Supplement gtk2-32bit/gtk2-64bit in baselibs.conf (bnc#354164). + +------------------------------------------------------------------- +Tue Jan 16 12:21:43 CET 2007 - [email protected] + +- changed gnome prefix to /usr + +------------------------------------------------------------------- +Thu Aug 24 12:07:24 CEST 2006 - [email protected] + +- fix build + +------------------------------------------------------------------- +Tue Aug 22 16:49:22 CEST 2006 - [email protected] + +- branched libwmf-gnome subpackage [#195613] + +------------------------------------------------------------------- +Wed Jul 12 17:31:29 CEST 2006 - [email protected] + +- fixed integer overflow [CVE-2006-3376. #189924] + +------------------------------------------------------------------- +Tue Jun 27 18:32:40 CEST 2006 - [email protected] + +- updated to bugfix release 0.2.8.4 + * fixes various compiler warnings [#185398] + +------------------------------------------------------------------- +Thu Jan 26 19:06:05 CET 2006 - [email protected] + +- fixed undefined code [#136822] + +------------------------------------------------------------------- +Wed Jan 25 21:37:48 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 12 16:30:43 CET 2006 - [email protected] + +- compile with -fstack-protector + +------------------------------------------------------------------- +Tue Sep 20 17:37:54 CEST 2005 - [email protected] + +- fixed uninitialized variables and missing includes + +------------------------------------------------------------------- +Tue Jul 26 17:31:52 CEST 2005 - [email protected] + +- fixed devel requirements [#98131] + +------------------------------------------------------------------- +Mon Apr 4 11:17:02 CEST 2005 - [email protected] + +- fixed more missing return values + +------------------------------------------------------------------- +Mon Apr 19 15:48:02 CEST 2004 - [email protected] + +- fixed missing return values + +------------------------------------------------------------------- +Sat Jan 10 17:10:15 CET 2004 - [email protected] + +- add %defattr and %run_ldconfig + +------------------------------------------------------------------- +Wed Jan 07 14:50:41 CET 2004 - [email protected] + +- updated to 0.2.8.2 to build with new freetype + +------------------------------------------------------------------- +Thu Jul 31 14:37:21 CEST 2003 - [email protected] + +- move gtk-stuff to /opt/gnome + +------------------------------------------------------------------- +Mon Jul 14 16:41:43 CEST 2003 - [email protected] + +- GNOME prefix change to /opt/gnome. + +------------------------------------------------------------------- +Mon Jun 16 14:39:48 CEST 2003 - [email protected] + +- Updated to version 0.2.8. +- Updated neededforbuild and %files. + +------------------------------------------------------------------- +Thu May 29 14:11:38 CEST 2003 - [email protected] + +- packaged html documentation + ++++ 50 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.libwmf.3885.new/libwmf.changes New: ---- baselibs.conf libwmf-0.2.8.4-CVE-2015-0848.patch libwmf-0.2.8.4-CVE-2015-4695.patch libwmf-0.2.8.4-CVE-2015-4696.patch libwmf-0.2.8.4-badrle.patch libwmf-0.2.8.4-bnc495842.patch libwmf-0.2.8.4-config.patch libwmf-0.2.8.4-fix.patch libwmf-0.2.8.4-gd_libpng.patch libwmf-0.2.8.4-ia64.patch libwmf-0.2.8.4-overflow-CVE-2006-3376.patch libwmf-0.2.8.4.tar.gz libwmf.changes libwmf.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libwmf.spec ++++++ # # spec file for package libwmf # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define lname libwmf-0_2-7 Name: libwmf Version: 0.2.8.4 Release: 0 Summary: Utilities for Displaying and Converting Metafile Images License: LGPL-2.1+ Group: Productivity/Graphics/Other Url: http://wvWare.sourceforge.net/ Source: http://downloads.sourceforge.net/project/wvware/%{name}/%{version}/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch0: libwmf-0.2.8.4-ia64.patch Patch1: libwmf-0.2.8.4-fix.patch Patch2: libwmf-0.2.8.4-config.patch Patch3: libwmf-0.2.8.4-overflow-CVE-2006-3376.patch Patch4: libwmf-0.2.8.4-gd_libpng.patch Patch5: libwmf-0.2.8.4-bnc495842.patch Patch6: libwmf-0.2.8.4-CVE-2015-0848.patch Patch7: libwmf-0.2.8.4-badrle.patch Patch8: libwmf-0.2.8.4-CVE-2015-4696.patch Patch9: libwmf-0.2.8.4-CVE-2015-4695.patch BuildRequires: gd-devel BuildRequires: gtk2-devel BuildRequires: libjpeg-devel BuildRequires: libtiff-devel BuildRequires: libxml2-devel BuildRequires: update-desktop-files BuildRequires: xorg-x11-proto-devel BuildRequires: xorg-x11-util-devel BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xt) Provides: mswordvw:%{_bindir}/wmftopng Provides: wv:%{_bindir}/wmftopng BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This library interprets metafile images and can either display them using the X Window System or convert them to standard formats such as PNG, JPEG, PS, EPS, and more. %package tools Summary: Utilities for Displaying and Converting Metafile Images Group: Productivity/Graphics/Other # Prov/Obs added on 2011-11-22 (post openSUSE 12.1) Provides: libwmf = %{version}-%{release} Provides: wmf-utils = %{version}-%{release} Obsoletes: libwmf < %{version}-%{release} Obsoletes: wmf-utils < %{version}-%{release} %description tools These utilities read metafile images and can either display them using the X Window System or convert them to standard formats such as PNG, JPEG, PS, EPS, and more. %package -n %{lname} Summary: Library for reading Metafile Images Group: System/Libraries %description -n %{lname} This library reads metafile images. %package devel Summary: Static libraries, header files and documentation for libwmf Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: libjpeg-devel Requires: libpng-devel Requires: libwmf-gnome = %{version} Requires: xorg-x11-devel Provides: mswordvd:%{_libexecdir}/libwmf.a Provides: wv-devel:%{_libexecdir}/libwmf.a %description devel The libwmf-devel package contains the header files and static libraries necessary for developing programs using libwmf. %package gnome Summary: GNOME plugin for displaying and Converting Metafile Images Group: System/Libraries %description gnome This library interprets metafile images and can either display them using the X Window System or convert them to standard formats such as PNG, JPEG, PS, EPS, and more. %prep %setup -q %patch0 %patch1 %patch2 %patch3 %patch4 %patch5 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %build %configure --prefix=%{_prefix} $RPM_ARCH-suse-linux --enable-magick --libdir=%{_libdir} make %{?_smp_mflags} %install mkdir -p %{buildroot}%{_includedir}/libwmf make DESTDIR=%{buildroot} \ wmfdocdir=%{_defaultdocdir}/libwmf \ wmfonedocdir=%{_defaultdocdir}/libwmf/caolan \ install find %{buildroot} -type f -name "*.la" -delete -print cp AUTHORS COPYING CREDITS ChangeLog README TODO %{buildroot}/%{_defaultdocdir}/libwmf %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig %files tools %defattr(-,root,root) %{_bindir}/libwmf-fontmap %{_bindir}/wmf2eps %{_bindir}/wmf2fig %{_bindir}/wmf2gd #/usr/bin/wmf2magick #/usr/bin/wmf2plot %{_bindir}/wmf2svg %{_bindir}/wmf2x # # %{_datadir}/libwmf # %dir %{_defaultdocdir}/libwmf %doc %{_defaultdocdir}/libwmf/AUTHORS %doc %{_defaultdocdir}/libwmf/COPYING %doc %{_defaultdocdir}/libwmf/CREDITS %doc %{_defaultdocdir}/libwmf/ChangeLog %doc %{_defaultdocdir}/libwmf/README %doc %{_defaultdocdir}/libwmf/TODO %files -n %{lname} %defattr(-,root,root) %{_libdir}/libwmf*-0.2.so.7* %files gnome %defattr(-,root,root) %dir %{_libdir}/gtk-*/*/loaders %{_libdir}/gtk-*/*/loaders/*.so %files devel %defattr(-,root,root) %{_bindir}/libwmf-config %{_includedir}/libwmf %{_libdir}/libwmf*.so %{_libdir}/libwmf*.a %dir %{_libdir}/gtk-*/*/loaders %{_libdir}/gtk-*/*/loaders/*.*a # %doc %{_defaultdocdir}/libwmf/*.html %doc %{_defaultdocdir}/libwmf/*.png %doc %{_defaultdocdir}/libwmf/*.gif %doc %{_defaultdocdir}/libwmf/caolan %doc %{_defaultdocdir}/libwmf/html %changelog ++++++ baselibs.conf ++++++ libwmf libwmf-0_2-7 libwmf-gnome supplements "packageand(libwmf-gnome:gtk2-<targettype>)" ++++++ libwmf-0.2.8.4-CVE-2015-0848.patch ++++++ --- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:04.072201795 +0100 +++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:20.647406414 +0100 @@ -1145,8 +1143,15 @@ } } else - { /* Convert run-length encoded raster pixels. */ - DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); + { + if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ + { + DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); + } + else + { WMF_ERROR (API,"Unexpected pixel depth"); + API->err = wmf_E_BadFormat; + } } if (ERR (API)) ++++++ libwmf-0.2.8.4-CVE-2015-4695.patch ++++++ Index: libwmf-0.2.8.4/src/player/meta.h =================================================================== --- libwmf-0.2.8.4.orig/src/player/meta.h +++ libwmf-0.2.8.4/src/player/meta.h @@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API, objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); @@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); @@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API, objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); @@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); @@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); @@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* objects = P->objects; i = 0; - while (objects[i].type && (i < NUM_OBJECTS (API))) i++; + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; if (i == NUM_OBJECTS (API)) { WMF_ERROR (API,"Object out of range!"); ++++++ libwmf-0.2.8.4-CVE-2015-4696.patch ++++++ --- libwmf-0.2.8.4/src/player/meta.h +++ libwmf-0.2.8.4/src/player/meta.h + if (FR->region_clip) FR->region_clip (API,&polyrect); + wmf_free (API,polyrect.TL); wmf_free (API,polyrect.BR); } @@ -2593,9 +2595,10 @@ polyrect.BR = 0; polyrect.count = 0; + + if (FR->region_clip) FR->region_clip (API,&polyrect); } - if (FR->region_clip) FR->region_clip (API,&polyrect); return (changed); } ++++++ libwmf-0.2.8.4-badrle.patch ++++++ diff -ru libwmf-0.2.8.4/src/ipa/ipa/bmp.h libwmf-0.2.8.4/src/ipa/ipa/bmp.h --- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-03 09:30:59.410501271 +0100 +++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-03 09:31:05.775572630 +0100 @@ -859,7 +859,7 @@ % % */ -static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) +static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) { int byte; int count; int i; @@ -870,12 +870,14 @@ U32 u; unsigned char* q; + unsigned char* end; for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; byte = 0; x = 0; q = pixels; + end = pixels + bmp->width * bmp->height; for (y = 0; y < bmp->height; ) { count = ReadBlobByte (src); @@ -884,7 +886,10 @@ { /* Encoded mode. */ byte = ReadBlobByte (src); for (i = 0; i < count; i++) - { if (compression == 1) + { + if (q == end) + return 0; + if (compression == 1) { (*(q++)) = (unsigned char) byte; } else @@ -896,13 +901,15 @@ else { /* Escape mode. */ count = ReadBlobByte (src); - if (count == 0x01) return; + if (count == 0x01) return 1; switch (count) { case 0x00: { /* End of line. */ x = 0; y++; + if (y >= bmp->height) + return 0; q = pixels + y * bmp->width; break; } @@ -910,13 +917,20 @@ { /* Delta mode. */ x += ReadBlobByte (src); y += ReadBlobByte (src); + if (y >= bmp->height) + return 0; + if (x >= bmp->width) + return 0; q = pixels + y * bmp->width + x; break; } default: { /* Absolute mode. */ for (i = 0; i < count; i++) - { if (compression == 1) + { + if (q == end) + return 0; + if (compression == 1) { (*(q++)) = ReadBlobByte (src); } else @@ -943,7 +957,7 @@ byte = ReadBlobByte (src); /* end of line */ byte = ReadBlobByte (src); - return; + return 1; } /* @@ -1146,7 +1160,10 @@ { if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ { - DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); + if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) + { WMF_ERROR (API,"corrupt bmp"); + API->err = wmf_E_BadFormat; + } } else { WMF_ERROR (API,"Unexpected pixel depth"); diff -ru libwmf-0.2.8.4/src/ipa/ipa.h libwmf-0.2.8.4/src/ipa/ipa.h --- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-03 09:30:59.410501271 +0100 +++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-03 09:31:08.687605277 +0100 @@ -48,7 +48,7 @@ static unsigned short ReadBlobLSBShort (BMPSource*); static unsigned long ReadBlobLSBLong (BMPSource*); static long TellBlob (BMPSource*); -static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); +static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); ++++++ libwmf-0.2.8.4-bnc495842.patch ++++++ --- src/extra/gd/gd_clip.c +++ src/extra/gd/gd_clip.c @@ -69,6 +69,7 @@ if (im->clip->count == im->clip->max) { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); if (more == 0) return; + im->clip->list = more; im->clip->max += 8; } im->clip->list[im->clip->count] = (*rect); ++++++ libwmf-0.2.8.4-config.patch ++++++ --- libwmf-config.in +++ libwmf-config.in @@ -95,14 +95,14 @@ if test "$lib_gd" = "yes"; then includes="$includes -I@includedir@/libwmf/gd" fi - if test "$lib_wmf" = "yes"; then + if test "$lib_wmf" = "yes" && test "${prefix}" != "/usr/include" ; then includes="$includes -I@includedir@" fi echo $includes fi if test "$echo_libs" = "yes"; then - libdirs=-L@libdir@ + test "@libdir@" != "/usr/lib" && libdirs=-L@libdir@ my_wmf_libs= for i in $wmf_libs ; do if test "x$i" != "x-L@libdir@" ; then ++++++ libwmf-0.2.8.4-fix.patch ++++++ --- src/api.c +++ src/api.c @@ -156,6 +156,12 @@ } API->write_data = 0; + + API->user_data = 0; + API->store.attrlist = 0; + API->store.count = 0; + API->store.max = 0; + API->MetaHeader.pmh = &(API->PlaceableMetaHeader); API->MetaHeader.wmfheader = &(API->Head); --- src/extra/gd/gd.c +++ src/extra/gd/gd.c @@ -784,6 +784,7 @@ } else { + p = gdImageGetPixel (im->tile, srcx, srcy); /* Allow for transparency */ if (p != gdImageGetTransparent (im->tile)) { --- src/extra/gd/gd.h +++ src/extra/gd/gd.h @@ -21,6 +21,7 @@ * documentation. */ #include <stdlib.h> +#include <string.h> /* stdio is needed for file I/O. */ #include <stdio.h> --- src/player/record.h +++ src/player/record.h @@ -96,6 +96,7 @@ new_record.function = record->function; new_record.size = 0; new_record.parameter = 0; + new_record.position = 0; if (index > record->size) { WMF_ERROR (API,"Bad record - unexpectedly short!"); ++++++ libwmf-0.2.8.4-gd_libpng.patch ++++++ --- src/extra/gd/gd_png.c +++ src/extra/gd/gd_png.c @@ -136,7 +136,7 @@ /* first do a quick check that the file really is a PNG image; could * have used slightly more general png_sig_cmp() function instead */ gdGetBuf (sig, 8, infile); - if (!png_check_sig (sig, 8)) + if (png_sig_cmp (sig, 0, 8)) return NULL; /* bad signature */ #ifndef PNG_SETJMP_NOT_SUPPORTED ++++++ libwmf-0.2.8.4-ia64.patch ++++++ Index: src/extra/gd/gd.h =================================================================== --- src/extra/gd/gd.h.orig 2002-12-05 21:09:11.000000000 +0100 +++ src/extra/gd/gd.h 2009-12-21 19:28:54.000000000 +0100 @@ -20,6 +20,8 @@ extern "C" { * fitness for a particular purpose, with respect to this code and accompanying * documentation. */ +#include <stdlib.h> + /* stdio is needed for file I/O. */ #include <stdio.h> #include <gd_io.h> ++++++ libwmf-0.2.8.4-overflow-CVE-2006-3376.patch ++++++ --- src/player.c +++ src/player.c @@ -132,6 +132,13 @@ } } + if (MAX_REC_SIZE(API) * 2 / 2 != MAX_REC_SIZE(API)) + { + WMF_ERROR (API,"wmf_scan: max_rec_size too big!"); + API->err = wmf_E_BadFormat; + return (API->err); + } + /* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
