From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 9 Oct 2017 18:53:29 +0100
Subject: reinit the tree, so we can have metadata

---
 ...ibwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch | 118 +++++++++++++++++++++
 .../files/libwmf-0.2.8.4-CVE-2015-4695.patch       |  56 ++++++++++
 .../files/libwmf-0.2.8.4-CVE-2015-4696.patch       |  23 ++++
 media-libs/libwmf/files/libwmf-0.2.8.4-build.patch |  54 ++++++++++
 .../libwmf/files/libwmf-0.2.8.4-gdk-pixbuf.patch   |  25 +++++
 .../libwmf/files/libwmf-0.2.8.4-intoverflow.patch  |  27 +++++
 .../libwmf/files/libwmf-0.2.8.4-libpng-1.5.patch   |  12 +++
 .../libwmf/files/libwmf-0.2.8.4-pngfix.patch       |  20 ++++
 .../files/libwmf-0.2.8.4-use-system-fonts.patch    |  39 +++++++
 9 files changed, 374 insertions(+)
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4695.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4696.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-build.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-gdk-pixbuf.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-intoverflow.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-libpng-1.5.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-pngfix.patch
 create mode 100644 media-libs/libwmf/files/libwmf-0.2.8.4-use-system-fonts.patch

(limited to 'media-libs/libwmf/files')

diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
new file mode 100644
index 000000000000..e8ba8db1e843
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
@@ -0,0 +1,118 @@
+--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:24.591876404 +0100
++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:35.345993247 +0100
+@@ -859,7 +859,7 @@
+ %
+ %
+ */
+-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
+ {	int byte;
+ 	int count;
+ 	int i;
+@@ -870,12 +870,14 @@
+ 	U32 u;
+ 
+ 	unsigned char* q;
++	unsigned char* end;
+ 
+ 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
+ 
+ 	byte = 0;
+ 	x = 0;
+ 	q = pixels;
++	end = pixels + bmp->width * bmp->height;
+ 
+ 	for (y = 0; y < bmp->height; )
+ 	{	count = ReadBlobByte (src);
+@@ -884,7 +886,10 @@
+ 		{	/* Encoded mode. */
+ 			byte = ReadBlobByte (src);
+ 			for (i = 0; i < count; i++)
+-			{	if (compression == 1)
++			{	
++				if (q == end)
++					return 0;
++			 	if (compression == 1)
+ 				{	(*(q++)) = (unsigned char) byte;
+ 				}
+ 				else
+@@ -896,13 +901,15 @@
+ 		else
+ 		{	/* Escape mode. */
+ 			count = ReadBlobByte (src);
+-			if (count == 0x01) return;
++			if (count == 0x01) return 1;
+ 			switch (count)
+ 			{
+ 			case 0x00:
+ 			 {	/* End of line. */
+ 				x = 0;
+ 				y++;
++				if (y >= bmp->height)
++					return 0;
+ 				q = pixels + y * bmp->width;
+ 				break;
+ 			 }
+@@ -910,13 +917,20 @@
+ 			 {	/* Delta mode. */
+ 				x += ReadBlobByte (src);
+ 				y += ReadBlobByte (src);
++				if (y >= bmp->height)
++					return 0;
++				if (x >= bmp->width)
++					return 0;
+ 				q = pixels + y * bmp->width + x;
+ 				break;
+ 			 }
+ 			default:
+ 			 {	/* Absolute mode. */
+ 				for (i = 0; i < count; i++)
+-				{	if (compression == 1)
++				{
++					if (q == end)
++						return 0;
++					if (compression == 1)
+ 					{	(*(q++)) = ReadBlobByte (src);
+ 					}
+ 					else
+@@ -943,7 +957,7 @@
+ 	byte = ReadBlobByte (src);  /* end of line */
+ 	byte = ReadBlobByte (src);
+ 
+-	return;
++	return 1;
+ }
+ 
+ /*
+@@ -1143,8 +1157,18 @@
+ 		}
+ 	}
+ 	else
+-	{	/* Convert run-length encoded raster pixels. */
+-		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
++	{
++		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
++		{
++			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
++			{	WMF_ERROR (API,"corrupt bmp");
++				API->err = wmf_E_BadFormat;
++			}
++		}
++		else
++		{	WMF_ERROR (API,"Unexpected pixel depth");
++			API->err = wmf_E_BadFormat;
++		}
+ 	}
+ 
+ 	if (ERR (API))
+--- libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:24.590876393 +0100
++++ libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:35.345993247 +0100
+@@ -48,7 +48,7 @@
+ static unsigned short ReadBlobLSBShort (BMPSource*);
+ static unsigned long  ReadBlobLSBLong (BMPSource*);
+ static long           TellBlob (BMPSource*);
+-static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
++static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
+ static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
+ static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
+ static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4695.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4695.patch
new file mode 100644
index 000000000000..b6d499da98e1
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4695.patch
@@ -0,0 +1,56 @@
+--- libwmf-0.2.8.4/src/player/meta.h
++++ libwmf-0.2.8.4/src/player/meta.h
+@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4696.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4696.patch
new file mode 100644
index 000000000000..3312841258b0
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-CVE-2015-4696.patch
@@ -0,0 +1,23 @@
+--- libwmf-0.2.8.4/src/player/meta.h
++++ libwmf-0.2.8.4/src/player/meta.h
+@@ -2585,6 +2585,8 @@
+ 			polyrect.BR[i] = clip->rects[i].BR;
+ 		}
+ 
++		if (FR->region_clip) FR->region_clip (API,&polyrect);
++
+ 		wmf_free (API,polyrect.TL);
+ 		wmf_free (API,polyrect.BR);
+ 	}
+@@ -2593,9 +2595,10 @@
+ 		polyrect.BR = 0;
+ 
+ 		polyrect.count = 0;
++	
++		if (FR->region_clip) FR->region_clip (API,&polyrect);
+ 	}
+ 
+-	if (FR->region_clip) FR->region_clip (API,&polyrect);
+ 
+ 	return (changed);
+ }
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-build.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-build.patch
new file mode 100644
index 000000000000..8814046e889c
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-build.patch
@@ -0,0 +1,54 @@
+--- libwmf-0.2.8.4/src/convert/Makefile.am
++++ libwmf-0.2.8.4/src/convert/Makefile.am
+@@ -1,6 +1,6 @@
+-CFLAGS = @CFLAGS@ @WMF_CFLAGS@
++AM_CFLAGS = @WMF_CFLAGS@
+ 
+-LDFLAGS = -L$(top_builddir)/src/.libs @WMF_LIBFLAGS@ @LDFLAGS@
++LDADD = -L$(top_builddir)/src/.libs @WMF_LIBFLAGS@ @LDFLAGS@
+ 
+ DEFS = @DEFS@ @WMF_DEFS@ \
+ 	-DPACKAGE=\"@PACKAGE@\" \
+--- libwmf-0.2.8.4/src/extra/gd/Makefile.am
++++ libwmf-0.2.8.4/src/extra/gd/Makefile.am
+@@ -1,8 +1,6 @@
+ INCLUDES = -I$(srcdir)
+ 
+-CFLAGS = @CFLAGS@ @WMF_CFLAGS@
+-
+-LDFLAGS = @LDFLAGS@
++AM_CFLAGS = @WMF_CFLAGS@
+ 
+ DEFS = @DEFS@ @GD_DEFS@
+ 
+--- libwmf-0.2.8.4/src/extra/trio/Makefile.am
++++ libwmf-0.2.8.4/src/extra/trio/Makefile.am
+@@ -1,6 +1,4 @@
+-CFLAGS = @CFLAGS@ @WMF_CFLAGS@
+-
+-LDFLAGS = @LDFLAGS@
++AM_CFLAGS = @WMF_CFLAGS@
+ 
+ DEFS = @DEFS@ @WMF_DEFS@
+ 
+--- libwmf-0.2.8.4/src/ipa/Makefile.am
++++ libwmf-0.2.8.4/src/ipa/Makefile.am
+@@ -1,6 +1,4 @@
+-CFLAGS = @CFLAGS@ @WMF_CFLAGS@
+-
+-LDFLAGS = @LDFLAGS@
++AM_CFLAGS = @WMF_CFLAGS@
+ 
+ DEFS = @DEFS@ @WMF_DEFS@ \
+ 	-DPACKAGE=\"@PACKAGE@\" \
+--- libwmf-0.2.8.4/src/Makefile.am
++++ libwmf-0.2.8.4/src/Makefile.am
+@@ -20,7 +20,7 @@
+ 
+ SUBDIRS = $(DIRHEAVY)
+ 
+-CFLAGS = @CFLAGS@ @WMF_CFLAGS@ @GDK_PIXBUF_CFLAGS@
++AM_CFLAGS = @WMF_CFLAGS@ @GDK_PIXBUF_CFLAGS@
+ 
+ DEFS = @DEFS@ @WMF_DEFS@ $(DEFHEAVY) $(GDK_PIXBUF_DEFS) \
+ 	-DPACKAGE=\"@PACKAGE@\" \
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-gdk-pixbuf.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-gdk-pixbuf.patch
new file mode 100644
index 000000000000..83a9ce7f3635
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-gdk-pixbuf.patch
@@ -0,0 +1,25 @@
+diff -urN libwmf-0.2.8.4.old/configure.ac libwmf-0.2.8.4/configure.ac
+--- libwmf-0.2.8.4.old/configure.ac	2011-07-01 22:37:57.000000000 +0200
++++ libwmf-0.2.8.4/configure.ac	2011-07-01 22:41:38.000000000 +0200
+@@ -744,8 +744,7 @@
+ 
+ if test $LIBWMF_BUILDSTYLE != lite; then
+ 	PKG_CHECK_MODULES(GDK_PIXBUF,gdk-pixbuf-2.0 >= 2.1.2,[
+-		GTK_VERSION=`$PKG_CONFIG --variable=gtk_binary_version gtk+-2.0`
+-		GDK_PIXBUF_DIR="gtk-2.0/$GTK_VERSION/loaders"
++		GDK_PIXBUF_DIR=`$PKG_CONFIG --variable=gdk_pixbuf_moduledir gdk-pixbuf-2.0`
+ 		wmf_gdk_pixbuf=yes
+ 	],[	wmf_gdk_pixbuf=no
+ 	])
+diff -urN libwmf-0.2.8.4.old/src/Makefile.am libwmf-0.2.8.4/src/Makefile.am
+--- libwmf-0.2.8.4.old/src/Makefile.am	2011-07-01 22:37:57.000000000 +0200
++++ libwmf-0.2.8.4/src/Makefile.am	2011-07-01 22:40:41.000000000 +0200
+@@ -63,7 +63,7 @@
+ 	-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
+ 	-release $(LT_RELEASE) -export-dynamic
+ 
+-loaderdir = $(libdir)/$(GDK_PIXBUF_DIR)
++loaderdir = $(GDK_PIXBUF_DIR)
+ 
+ loader_LTLIBRARIES = $(GDK_PIXBUF_PLUGIN)
+ 
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-intoverflow.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-intoverflow.patch
new file mode 100644
index 000000000000..507fe66223ce
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-intoverflow.patch
@@ -0,0 +1,27 @@
+--- libwmf-0.2.8.4.orig/src/player.c	2002-12-10 19:30:26.000000000 +0000
++++ libwmf-0.2.8.4/src/player.c	2006-07-12 15:12:52.000000000 +0100
+@@ -42,6 +42,7 @@
+ #include "player/defaults.h" /* Provides: default settings               */
+ #include "player/record.h"   /* Provides: parameter mechanism            */
+ #include "player/meta.h"     /* Provides: record interpreters            */
++#include <stdint.h>
+ 
+ /**
+  * @internal
+@@ -132,8 +134,14 @@
+ 		}
+ 	}
+ 
+-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
+- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
++	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
++	{
++		API->err = wmf_E_InsMem;
++		WMF_DEBUG (API,"bailing...");
++		return (API->err);
++	}
++	
++ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+ 
+ 	if (ERR (API))
+ 	{	WMF_DEBUG (API,"bailing...");
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-libpng-1.5.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-libpng-1.5.patch
new file mode 100644
index 000000000000..3528c74ebd8d
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-libpng-1.5.patch
@@ -0,0 +1,12 @@
+diff -urN libwmf-0.2.8.4.old/src/ipa/ipa/bmp.h libwmf-0.2.8.4/src/ipa/ipa/bmp.h
+--- libwmf-0.2.8.4.old/src/ipa/ipa/bmp.h	2011-05-23 19:14:23.000000000 +0200
++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2011-05-23 19:15:11.000000000 +0200
+@@ -66,7 +66,7 @@
+ 		return;
+ 	}
+ 
+-	if (setjmp (png_ptr->jmpbuf))
++	if (setjmp(png_jmpbuf(png_ptr)))
+ 	{	WMF_DEBUG (API,"Failed to write bitmap as PNG! (setjmp failed)");
+ 		png_destroy_write_struct (&png_ptr,&info_ptr);
+ 		wmf_free (API,buffer);
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-pngfix.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-pngfix.patch
new file mode 100644
index 000000000000..52717735a26e
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-pngfix.patch
@@ -0,0 +1,20 @@
+diff -NrU5 libwmf-0.2.8.4.orig/src/ipa/ipa.c libwmf-0.2.8.4/src/ipa/ipa.c
+--- libwmf-0.2.8.4.orig/src/ipa/ipa.c	2009-05-10 23:41:17.000000000 +0200
++++ libwmf-0.2.8.4/src/ipa/ipa.c	2009-05-11 00:07:43.000000000 +0200
+@@ -33,10 +33,16 @@
+ 
+ /* Define WMF_API if this is module so that ipa headers are included via "wmfdefs.h" first
+  */
+ #define WMF_IPA 1
+ 
++#ifndef HAVE_GD
++#ifdef HAVE_LIBPNG
++#include <png.h>
++#endif /* HAVE_LIBPNG */
++#endif /* HAVE_GD */
++
+ #include "wmfdefs.h"
+ 
+ #include "ipa/ipa.h"
+ #include "ipa/ipa/bmp.h"   /* Provides default bitmap functionality */
+ 
diff --git a/media-libs/libwmf/files/libwmf-0.2.8.4-use-system-fonts.patch b/media-libs/libwmf/files/libwmf-0.2.8.4-use-system-fonts.patch
new file mode 100644
index 000000000000..2f7465c33cd0
--- /dev/null
+++ b/media-libs/libwmf/files/libwmf-0.2.8.4-use-system-fonts.patch
@@ -0,0 +1,39 @@
+diff -urN libwmf-0.2.8.4.old/fonts/Makefile.am libwmf-0.2.8.4/fonts/Makefile.am
+--- libwmf-0.2.8.4.old/fonts/Makefile.am	2011-07-01 22:37:57.000000000 +0200
++++ libwmf-0.2.8.4/fonts/Makefile.am	2011-07-01 22:38:37.000000000 +0200
+@@ -1,35 +1,3 @@
+ fontdir = @WMF_FONTDIR@
+ 
+ bin_SCRIPTS = libwmf-fontmap
+-
+-FONTS = \
+-	n019003l.afm \
+-	n019003l.pfb \
+-	n019004l.afm \
+-	n019004l.pfb \
+-	n019023l.afm \
+-	n019023l.pfb \
+-	n019024l.afm \
+-	n019024l.pfb \
+-	n021003l.afm \
+-	n021003l.pfb \
+-	n021004l.afm \
+-	n021004l.pfb \
+-	n021023l.afm \
+-	n021023l.pfb \
+-	n021024l.afm \
+-	n021024l.pfb \
+-	n022003l.afm \
+-	n022003l.pfb \
+-	n022004l.afm \
+-	n022004l.pfb \
+-	n022023l.afm \
+-	n022023l.pfb \
+-	n022024l.afm \
+-	n022024l.pfb \
+-	s050000l.afm \
+-	s050000l.pfb
+-
+-font_DATA = $(FONTS) fontmap
+-
+-EXTRA_DIST = libwmf-fontmap.in LICENSE $(FONTS)
-- 
cgit v1.2.3