diff --git a/libwmf-0.2.8.4-CVE-2017-6362.patch b/libwmf-0.2.8.4-CVE-2017-6362.patch new file mode 100644 index 0000000..2ad180d --- /dev/null +++ b/libwmf-0.2.8.4-CVE-2017-6362.patch @@ -0,0 +1,32 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd_png.c ++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c +@@ -435,17 +435,6 @@ + out->free (out); + } + +-void * +-gdImagePngPtr (gdImagePtr im, int *size) +-{ +- void *rv; +- gdIOCtx *out = gdNewDynamicCtx (2048, NULL); +- gdImagePngCtx (im, out); +- rv = gdDPExtractData (out, size); +- out->free (out); +- return rv; +-} +- + /* This routine is based in part on code from Dale Lutz (Safe Software Inc.) + * and in part on demo code from Chapter 15 of "PNG: The Definitive Guide" + * (http://www.cdrom.com/pub/png/pngbook.html). +--- libwmf-0.2.8.4/src/extra/gd/gd.h ++++ libwmf-0.2.8.4/src/extra/gd/gd.h +@@ -373,9 +373,6 @@ + void gdImageGd2(gdImagePtr im, FILE *out, int cs, int fmt); + + /* Best to free this memory with gdFree(), not free() */ +-void* gdImagePngPtr(gdImagePtr im, int *size); +- +-/* Best to free this memory with gdFree(), not free() */ + void* gdImageGdPtr(gdImagePtr im, int *size); + + /* Best to free this memory with gdFree(), not free() */ diff --git a/libwmf.spec b/libwmf.spec index 2d2665f..0791ec0 100644 --- a/libwmf.spec +++ b/libwmf.spec @@ -1,7 +1,7 @@ Summary: Windows MetaFile Library Name: libwmf Version: 0.2.8.4 -Release: 52%{?dist} +Release: 53%{?dist} Group: System Environment/Libraries #libwmf is under the LGPLv2+, however... #1. The tarball contains an old version of the urw-fonts under GPL+. @@ -71,6 +71,8 @@ Patch22: libwmf-0.2.8.4-CVE-2016-9317.patch Patch23: libwmf-0.2.8.4-CVE-2016-10167.patch # CVE-2016-10168 Patch24: libwmf-0.2.8.4-CVE-2016-10168.patch +# CVE-2017-6362 +Patch25: libwmf-0.2.8.4-CVE-2017-6362.patch Requires: urw-fonts Requires: %{name}-lite = %{version}-%{release} @@ -128,6 +130,7 @@ using libwmf. %patch22 -p1 -b .CVE-2016-9317 %patch23 -p1 -b .CVE-2016-10167 %patch24 -p1 -b .CVE-2016-10168 +%patch25 -p1 -b .CVE-2017-6362 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f %build @@ -189,6 +192,9 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/ %changelog +* Tue Sep 12 2017 Caolán McNamara - 0.2.8.4-53 +- Resolves: rhbz#1489844 CVE-2017-6362 remove afflicted but unused function + * Thu Aug 03 2017 Fedora Release Engineering - 0.2.8.4-52 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild