Hello community,
here is the log from the commit of package libwmf.3846 for openSUSE:13.2:Update checked in at 2015-06-24 14:41:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/libwmf.3846 (Old)
and /work/SRC/openSUSE:13.2:Update/.libwmf.3846.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libwmf.3846"
Changes:
--------
New Changes file:
--- /dev/null 2015-05-15 19:41:08.266053825 +0200
+++ /work/SRC/openSUSE:13.2:Update/.libwmf.3846.new/libwmf.changes 2015-06-24 14:41:01.000000000 +0200
@@ -0,0 +1,237 @@
+-------------------------------------------------------------------
+Thu Jun 11 07:11:53 UTC 2015 - fstrba@suse.com
+
+- Added patches:
+ * libwmf-0.2.8.4-CVE-2015-0848.patch
+ - Fix CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109)
+ * libwmf-0.2.8.4-badrle.patch
+ - Fix: DecodeImage() does not check that the run-length "count"
+ fits into the total size of the image, which can lead to a
+ heap-based buffer overflow (bsc#933109) CVE-2015-4588
+
+-------------------------------------------------------------------
+Tue Aug 26 11:59:16 UTC 2014 - nadvornik@suse.com
+
+- dropped libwmf-devel -> libwmf-tools dependency (bnc#892356)
+
+-------------------------------------------------------------------
+Wed May 28 09:41:12 UTC 2014 - fstrba@suse.com
+
+- Clean spec file with spec-cleaner
+- Do not distribute *.la files
+
+-------------------------------------------------------------------
+Wed Mar 5 15:37:30 UTC 2014 - nadvornik@suse.com
+
+- Add libwmf-0.2.8.4-bnc495842.patch to fix realloc return value
+ usage (bnc#495842, bnc#831299)
+
+-------------------------------------------------------------------
+Tue Apr 16 06:54:24 UTC 2013 - mmeister@suse.com
+
+- Added url as source.
+ Please see http://en.opensuse.org/SourceUrls
+
+-------------------------------------------------------------------
+Mon Jun 18 10:24:18 UTC 2012 - dimstar@opensuse.org
+
+- Add libwmf-0_2-7 to baselibs.conf.
+
+-------------------------------------------------------------------
+Sat Mar 3 09:50:58 UTC 2012 - jengelh@medozas.de
+
+- Add libjpeg-devel as BuildRequires, needed to resolve build error
+- Add selected Xorg packages to BR to have wmf2x be built again
+
+-------------------------------------------------------------------
+Mon Jan 30 00:19:40 UTC 2012 - jengelh@medozas.de
+
+- Remove further redundant sections
+
+-------------------------------------------------------------------
+Tue Nov 29 15:23:14 UTC 2011 - jengelh@medozas.de
+
+- Actually use "libwmf-tools" instead of wmf-utils, this goes much
+ more in line with the preexisting libwpd-tools and libwps-tools.
+
+-------------------------------------------------------------------
+Tue Nov 15 20:15:43 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+- Apply shlib packaging (-> new libwmf-0_2-7 subpackage),
+ create "wmf-utils" subpackage as suggested by namtrac
+
+-------------------------------------------------------------------
+Fri Dec 17 10:45:17 UTC 2010 - coolo@novell.com
+
+- fix file list
+
+-------------------------------------------------------------------
+Sun Apr 4 19:03:37 CEST 2010 - ro@suse.de
+
+- fix build of in-tree copy of gd to build with new libpng14
+ (long deprecated function has been removed)
+
+-------------------------------------------------------------------
+Thu Dec 24 14:39:28 CET 2009 - jengelh@medozas.de
+
+- package baselibs.conf
+- enable parallel build
+
+-------------------------------------------------------------------
+Mon Dec 21 18:29:22 UTC 2009 - coolo@novell.com
+
+- rediff another patch
+
+-------------------------------------------------------------------
+Tue Dec 8 13:48:03 CET 2009 - meissner@suse.de
+
+- rediffed without fuzz, some spec cleanups
+
+-------------------------------------------------------------------
+Tue Nov 25 17:22:20 CET 2008 - sbrabec@suse.cz
+
+- Supplement gtk2-32bit/gtk2-64bit in baselibs.conf (bnc#354164).
+
+-------------------------------------------------------------------
+Tue Jan 16 12:21:43 CET 2007 - nadvornik@suse.cz
+
+- changed gnome prefix to /usr
+
+-------------------------------------------------------------------
+Thu Aug 24 12:07:24 CEST 2006 - cthiel@suse.de
+
+- fix build
+
+-------------------------------------------------------------------
+Tue Aug 22 16:49:22 CEST 2006 - nadvornik@suse.cz
+
+- branched libwmf-gnome subpackage [#195613]
+
+-------------------------------------------------------------------
+Wed Jul 12 17:31:29 CEST 2006 - nadvornik@suse.cz
+
+- fixed integer overflow [CVE-2006-3376. #189924]
+
+-------------------------------------------------------------------
+Tue Jun 27 18:32:40 CEST 2006 - nadvornik@suse.cz
+
+- updated to bugfix release 0.2.8.4
+ * fixes various compiler warnings [#185398]
+
+-------------------------------------------------------------------
+Thu Jan 26 19:06:05 CET 2006 - nadvornik@suse.cz
+
+- fixed undefined code [#136822]
+
+-------------------------------------------------------------------
+Wed Jan 25 21:37:48 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Thu Jan 12 16:30:43 CET 2006 - nadvornik@suse.cz
+
+- compile with -fstack-protector
+
+-------------------------------------------------------------------
+Tue Sep 20 17:37:54 CEST 2005 - nadvornik@suse.cz
+
+- fixed uninitialized variables and missing includes
+
+-------------------------------------------------------------------
+Tue Jul 26 17:31:52 CEST 2005 - nadvornik@suse.cz
+
+- fixed devel requirements [#98131]
+
+-------------------------------------------------------------------
+Mon Apr 4 11:17:02 CEST 2005 - nadvornik@suse.cz
+
+- fixed more missing return values
+
+-------------------------------------------------------------------
+Mon Apr 19 15:48:02 CEST 2004 - nadvornik@suse.cz
+
+- fixed missing return values
+
+-------------------------------------------------------------------
+Sat Jan 10 17:10:15 CET 2004 - adrian@suse.de
+
+- add %defattr and %run_ldconfig
+
+-------------------------------------------------------------------
+Wed Jan 07 14:50:41 CET 2004 - nadvornik@suse.cz
+
+- updated to 0.2.8.2 to build with new freetype
+
+-------------------------------------------------------------------
+Thu Jul 31 14:37:21 CEST 2003 - ro@suse.de
+
+- move gtk-stuff to /opt/gnome
+
+-------------------------------------------------------------------
+Mon Jul 14 16:41:43 CEST 2003 - sbrabec@suse.cz
+
+- GNOME prefix change to /opt/gnome.
+
+-------------------------------------------------------------------
+Mon Jun 16 14:39:48 CEST 2003 - sbrabec@suse.cz
+
+- Updated to version 0.2.8.
+- Updated neededforbuild and %files.
+
+-------------------------------------------------------------------
+Thu May 29 14:11:38 CEST 2003 - nadvornik@suse.cz
+
+- packaged html documentation
+
+-------------------------------------------------------------------
+Tue Sep 10 21:16:33 CEST 2002 - pthomas@suse.de
+
+- Change libwmf-config to omit /usr/include from output.
+
+-------------------------------------------------------------------
+Tue Sep 03 11:37:59 CEST 2002 - nadvornik@suse.cz
+
+- fixed crash with ImageMagick
+
++++ 40 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.2:Update/.libwmf.3846.new/libwmf.changes
New:
----
baselibs.conf
libwmf-0.2.8.4-CVE-2015-0848.patch
libwmf-0.2.8.4-badrle.patch
libwmf-0.2.8.4-bnc495842.patch
libwmf-0.2.8.4-config.patch
libwmf-0.2.8.4-fix.patch
libwmf-0.2.8.4-gd_libpng.patch
libwmf-0.2.8.4-ia64.patch
libwmf-0.2.8.4-overflow-CVE-2006-3376.patch
libwmf-0.2.8.4.tar.gz
libwmf.changes
libwmf.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libwmf.spec ++++++
#
# spec file for package libwmf
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define lname libwmf-0_2-7
Name: libwmf
Version: 0.2.8.4
Release: 0
Summary: Utilities for Displaying and Converting Metafile Images
License: LGPL-2.1+
Group: Productivity/Graphics/Other
Url: http://wvWare.sourceforge.net/
Source: http://downloads.sourceforge.net/project/wvware/%{name}/%{version}/%{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch0: libwmf-0.2.8.4-ia64.patch
Patch1: libwmf-0.2.8.4-fix.patch
Patch2: libwmf-0.2.8.4-config.patch
Patch3: libwmf-0.2.8.4-overflow-CVE-2006-3376.patch
Patch4: libwmf-0.2.8.4-gd_libpng.patch
Patch5: libwmf-0.2.8.4-bnc495842.patch
Patch6: libwmf-0.2.8.4-CVE-2015-0848.patch
Patch7: libwmf-0.2.8.4-badrle.patch
BuildRequires: gd-devel
BuildRequires: gtk2-devel
BuildRequires: libjpeg-devel
BuildRequires: libtiff-devel
BuildRequires: libxml2-devel
BuildRequires: update-desktop-files
BuildRequires: xorg-x11-proto-devel
BuildRequires: xorg-x11-util-devel
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(xt)
Provides: mswordvw:%{_bindir}/wmftopng
Provides: wv:%{_bindir}/wmftopng
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This library interprets metafile images and can either display them
using the X Window System or convert them to standard formats such as
PNG, JPEG, PS, EPS, and more.
%package tools
Summary: Utilities for Displaying and Converting Metafile Images
Group: Productivity/Graphics/Other
# Prov/Obs added on 2011-11-22 (post openSUSE 12.1)
Provides: libwmf = %{version}-%{release}
Provides: wmf-utils = %{version}-%{release}
Obsoletes: libwmf < %{version}-%{release}
Obsoletes: wmf-utils < %{version}-%{release}
%description tools
These utilities read metafile images and can either display them
using the X Window System or convert them to standard formats such as
PNG, JPEG, PS, EPS, and more.
%package -n %{lname}
Summary: Library for reading Metafile Images
Group: System/Libraries
%description -n %{lname}
This library reads metafile images.
%package devel
Summary: Static libraries, header files and documentation for libwmf
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Requires: libjpeg-devel
Requires: libpng-devel
Requires: libwmf-gnome = %{version}
Requires: xorg-x11-devel
Provides: mswordvd:%{_libexecdir}/libwmf.a
Provides: wv-devel:%{_libexecdir}/libwmf.a
%description devel
The libwmf-devel package contains the header files and static libraries
necessary for developing programs using libwmf.
%package gnome
Summary: GNOME plugin for displaying and Converting Metafile Images
Group: System/Libraries
%description gnome
This library interprets metafile images and can either display them
using the X Window System or convert them to standard formats such as
PNG, JPEG, PS, EPS, and more.
%prep
%setup -q
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6 -p1
%patch7 -p1
%build
%configure --prefix=%{_prefix} $RPM_ARCH-suse-linux --enable-magick --libdir=%{_libdir}
make %{?_smp_mflags}
%install
mkdir -p %{buildroot}%{_includedir}/libwmf
make DESTDIR=%{buildroot} \
wmfdocdir=%{_defaultdocdir}/libwmf \
wmfonedocdir=%{_defaultdocdir}/libwmf/caolan \
install
find %{buildroot} -type f -name "*.la" -delete -print
cp AUTHORS COPYING CREDITS ChangeLog README TODO %{buildroot}/%{_defaultdocdir}/libwmf
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%files tools
%defattr(-,root,root)
%{_bindir}/libwmf-fontmap
%{_bindir}/wmf2eps
%{_bindir}/wmf2fig
%{_bindir}/wmf2gd
#/usr/bin/wmf2magick
#/usr/bin/wmf2plot
%{_bindir}/wmf2svg
%{_bindir}/wmf2x
#
#
%{_datadir}/libwmf
#
%dir %{_defaultdocdir}/libwmf
%doc %{_defaultdocdir}/libwmf/AUTHORS
%doc %{_defaultdocdir}/libwmf/COPYING
%doc %{_defaultdocdir}/libwmf/CREDITS
%doc %{_defaultdocdir}/libwmf/ChangeLog
%doc %{_defaultdocdir}/libwmf/README
%doc %{_defaultdocdir}/libwmf/TODO
%files -n %{lname}
%defattr(-,root,root)
%{_libdir}/libwmf*-0.2.so.7*
%files gnome
%defattr(-,root,root)
%dir %{_libdir}/gtk-*/*/loaders
%{_libdir}/gtk-*/*/loaders/*.so
%files devel
%defattr(-,root,root)
%{_bindir}/libwmf-config
%{_includedir}/libwmf
%{_libdir}/libwmf*.so
%{_libdir}/libwmf*.a
%dir %{_libdir}/gtk-*/*/loaders
%{_libdir}/gtk-*/*/loaders/*.*a
#
%doc %{_defaultdocdir}/libwmf/*.html
%doc %{_defaultdocdir}/libwmf/*.png
%doc %{_defaultdocdir}/libwmf/*.gif
%doc %{_defaultdocdir}/libwmf/caolan
%doc %{_defaultdocdir}/libwmf/html
%changelog
++++++ baselibs.conf ++++++
libwmf
libwmf-0_2-7
libwmf-gnome
supplements "packageand(libwmf-gnome:gtk2-<targettype>)"
++++++ libwmf-0.2.8.4-CVE-2015-0848.patch ++++++
--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:04.072201795 +0100
+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:20.647406414 +0100
@@ -1145,8 +1143,15 @@
}
}
else
- { /* Convert run-length encoded raster pixels. */
- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
+ {
+ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */
+ {
+ DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
+ }
+ else
+ { WMF_ERROR (API,"Unexpected pixel depth");
+ API->err = wmf_E_BadFormat;
+ }
}
if (ERR (API))
++++++ libwmf-0.2.8.4-badrle.patch ++++++
diff -ru libwmf-0.2.8.4/src/ipa/ipa/bmp.h libwmf-0.2.8.4/src/ipa/ipa/bmp.h
--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-03 09:30:59.410501271 +0100
+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-03 09:31:05.775572630 +0100
@@ -859,7 +859,7 @@
%
%
*/
-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
{ int byte;
int count;
int i;
@@ -870,12 +870,14 @@
U32 u;
unsigned char* q;
+ unsigned char* end;
for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
byte = 0;
x = 0;
q = pixels;
+ end = pixels + bmp->width * bmp->height;
for (y = 0; y < bmp->height; )
{ count = ReadBlobByte (src);
@@ -884,7 +886,10 @@
{ /* Encoded mode. */
byte = ReadBlobByte (src);
for (i = 0; i < count; i++)
- { if (compression == 1)
+ {
+ if (q == end)
+ return 0;
+ if (compression == 1)
{ (*(q++)) = (unsigned char) byte;
}
else
@@ -896,13 +901,15 @@
else
{ /* Escape mode. */
count = ReadBlobByte (src);
- if (count == 0x01) return;
+ if (count == 0x01) return 1;
switch (count)
{
case 0x00:
{ /* End of line. */
x = 0;
y++;
+ if (y >= bmp->height)
+ return 0;
q = pixels + y * bmp->width;
break;
}
@@ -910,13 +917,20 @@
{ /* Delta mode. */
x += ReadBlobByte (src);
y += ReadBlobByte (src);
+ if (y >= bmp->height)
+ return 0;
+ if (x >= bmp->width)
+ return 0;
q = pixels + y * bmp->width + x;
break;
}
default:
{ /* Absolute mode. */
for (i = 0; i < count; i++)
- { if (compression == 1)
+ {
+ if (q == end)
+ return 0;
+ if (compression == 1)
{ (*(q++)) = ReadBlobByte (src);
}
else
@@ -943,7 +957,7 @@
byte = ReadBlobByte (src); /* end of line */
byte = ReadBlobByte (src);
- return;
+ return 1;
}
/*
@@ -1146,7 +1160,10 @@
{
if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */
{
- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
+ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
+ { WMF_ERROR (API,"corrupt bmp");
+ API->err = wmf_E_BadFormat;
+ }
}
else
{ WMF_ERROR (API,"Unexpected pixel depth");
diff -ru libwmf-0.2.8.4/src/ipa/ipa.h libwmf-0.2.8.4/src/ipa/ipa.h
--- libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-03 09:30:59.410501271 +0100
+++ libwmf-0.2.8.4/src/ipa/ipa.h 2015-06-03 09:31:08.687605277 +0100
@@ -48,7 +48,7 @@
static unsigned short ReadBlobLSBShort (BMPSource*);
static unsigned long ReadBlobLSBLong (BMPSource*);
static long TellBlob (BMPSource*);
-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
++++++ libwmf-0.2.8.4-bnc495842.patch ++++++
--- src/extra/gd/gd_clip.c
+++ src/extra/gd/gd_clip.c
@@ -69,6 +69,7 @@
if (im->clip->count == im->clip->max)
{ more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
if (more == 0) return;
+ im->clip->list = more;
im->clip->max += 8;
}
im->clip->list[im->clip->count] = (*rect);
++++++ libwmf-0.2.8.4-config.patch ++++++
--- libwmf-config.in
+++ libwmf-config.in
@@ -95,14 +95,14 @@
if test "$lib_gd" = "yes"; then
includes="$includes -I@includedir@/libwmf/gd"
fi
- if test "$lib_wmf" = "yes"; then
+ if test "$lib_wmf" = "yes" && test "${prefix}" != "/usr/include" ; then
includes="$includes -I@includedir@"
fi
echo $includes
fi
if test "$echo_libs" = "yes"; then
- libdirs=-L@libdir@
+ test "@libdir@" != "/usr/lib" && libdirs=-L@libdir@
my_wmf_libs=
for i in $wmf_libs ; do
if test "x$i" != "x-L@libdir@" ; then
++++++ libwmf-0.2.8.4-fix.patch ++++++
--- src/api.c
+++ src/api.c
@@ -156,6 +156,12 @@
}
API->write_data = 0;
+
+ API->user_data = 0;
+ API->store.attrlist = 0;
+ API->store.count = 0;
+ API->store.max = 0;
+
API->MetaHeader.pmh = &(API->PlaceableMetaHeader);
API->MetaHeader.wmfheader = &(API->Head);
--- src/extra/gd/gd.c
+++ src/extra/gd/gd.c
@@ -784,6 +784,7 @@
}
else
{
+ p = gdImageGetPixel (im->tile, srcx, srcy);
/* Allow for transparency */
if (p != gdImageGetTransparent (im->tile))
{
--- src/extra/gd/gd.h
+++ src/extra/gd/gd.h
@@ -21,6 +21,7 @@
* documentation. */
#include