diff options
| author | Leo Famulari <leo@famulari.name> | 2017-06-23 18:00:54 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-06-24 23:10:28 -0400 |
| commit | d17e085a59534a333cb8db028579fd0e6ec7f89b (patch) | |
| tree | a14cac3625e0f78c2ca4ac91ae92e8525ced4e23 /gnu/packages/patches/libwmf-CVE-2006-3376.patch | |
| parent | 68f30310e13e77079a55b8db368ead7698cb99dc (diff) | |
| download | guix-d17e085a59534a333cb8db028579fd0e6ec7f89b.tar guix-d17e085a59534a333cb8db028579fd0e6ec7f89b.tar.gz | |
gnu: Remove libwmf.
This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:
https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html
* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches/libwmf-CVE-2006-3376.patch')
| -rw-r--r-- | gnu/packages/patches/libwmf-CVE-2006-3376.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/gnu/packages/patches/libwmf-CVE-2006-3376.patch b/gnu/packages/patches/libwmf-CVE-2006-3376.patch deleted file mode 100644 index 1e0e1ecfa8..0000000000 --- a/gnu/packages/patches/libwmf-CVE-2006-3376.patch +++ /dev/null @@ -1,30 +0,0 @@ -Copied from Debian. - ---- libwmf-0.2.8.4.orig/src/player.c -+++ libwmf-0.2.8.4/src/player.c -@@ -23,6 +23,7 @@ - - #include <stdio.h> - #include <stdlib.h> -+#include <stdint.h> - #include <string.h> - #include <math.h> - -@@ -132,8 +133,14 @@ - } - } - --/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); -- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); -+ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) -+ { -+ API->err = wmf_E_InsMem; -+ WMF_DEBUG (API,"bailing..."); -+ return (API->err); -+ } -+ -+ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); - - if (ERR (API)) - { WMF_DEBUG (API,"bailing..."); - |