Description: "The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure."
New upstream with 0.2.12 release, packaged by several distributions already: https://github.com/caolanm/libwmf/ Those are the patches that would remain (part adapted) for that bump: > "${FILESDIR}"/${PN}-0.2.8.4-build.patch > "${FILESDIR}"/${P}-gdk-pixbuf.patch > "${FILESDIR}"/${PN}-0.2.8.4-libpng-1.5.patch > "${FILESDIR}"/${PN}-0.2.8.4-pngfix.patch > "${FILESDIR}"/${PN}-0.2.8.4-use-freetype2-pkg-config.patch > "${FILESDIR}"/${P}-use-system-fonts.patch > "${FILESDIR}"/${P}-nullptr-crashfix.patch # git master However, build system breaks by running eautoreconf, and I lack the motivation to dig deeper.
Created attachment 640866 [details, diff] libwmf-0.2.12-gdk-pixbuf.patch
Created attachment 640868 [details, diff] libwmf-0.2.12-use-system-fonts.patch
Created attachment 640870 [details, diff] libwmf-0.2.12-nullptr-crashfix.patch
Using a snapshot at b175ff18b5d3a7cec1cf5c14b71c7e9c08076405 actually starts building here, but fails out with: In file included from /usr/include/freetype2/freetype/config/ftstdlib.h:166, from /usr/include/freetype2/freetype/config/ftconfig.h:41: ../../src/ipa/ipa/bmp.h: In function 'ldr_bmp_png': ../../src/ipa/ipa/bmp.h:69:28: error: invalid use of incomplete typedef 'png_struct' {aka 'struct png_struct_def'} 69 | if (setjmp (png_ptr->jmpbuf)) | ^~