Building AbiWord without libwmf and removing libwmf from Guix

Building AbiWord without libwmf and removing libwmf from Guix

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 758 bytes --]

The last update to libwmf was twelve years ago, in 2005. In the
meantime, a large number of security issues have been discovered in this
library. These bugs are fixed somewhat haphazardly by the distributions.

While working on patching CVE-2016-9011 in libwmf, and backporting fixes
for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
myself wondering if we need this library at all. The patches from this
12 year span of 3rd party fixes begin to conflict with each other...

Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
configured to build without it.

Otherwise, someone needs to overhaul and update our libwmf patch series.

I've included a WIP patch that includes the fixes. Not all of the new
patches apply.

WDYT?

[-- Attachment #1.2: 0001-WIP-libwmf-Fix-CVE-2016-9011-9317-10167-10168.patch --]
[-- Type: text/plain, Size: 6986 bytes --]

From 7149e16c9e6890fa914b0a49f363439ab5627f3a Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 27 May 2017 12:56:54 -0400
Subject: [PATCH] WIP: libwmf: Fix CVE-2016-{9011,9317,10167,10168}.

XXX: Not all of these patches apply.

* gnu/packages/patches/libwmf-CVE-2016-9011.patch,
gnu/packages/patches/libwmf-fixes-for-bundled-gd.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libwmf)[source]: Use them.
---
 gnu/local.mk                                       |  2 +
 gnu/packages/image.scm                             |  4 +-
 gnu/packages/patches/libwmf-CVE-2016-9011.patch    | 45 ++++++++++++
 .../patches/libwmf-fixes-for-bundled-gd.patch      | 80 ++++++++++++++++++++++
 4 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libwmf-CVE-2016-9011.patch
 create mode 100644 gnu/packages/patches/libwmf-fixes-for-bundled-gd.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index d0117be85..f60b66948 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -781,6 +781,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch	\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
+  %D%/packages/patches/libwmf-CVE-2016-9011.patch		\
+  %D%/packages/patches/libwmf-fixes-for-bundled-gd.patch	\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxml2-CVE-2016-4658.patch		\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 86902d568..f33396968 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -421,7 +421,9 @@ collection of tools for doing simple manipulations of TIFF images.")
                          "libwmf-CVE-2009-3546.patch"
                          "libwmf-CVE-2015-0848+CVE-2015-4588.patch"
                          "libwmf-CVE-2015-4695.patch"
-                         "libwmf-CVE-2015-4696.patch"))))
+                         "libwmf-CVE-2015-4696.patch"
+                         "libwmf-CVE-2016-9011.patch"
+                         "libwmf-fixes-for-bundled-gd.patch"))))
 
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/patches/libwmf-CVE-2016-9011.patch b/gnu/packages/patches/libwmf-CVE-2016-9011.patch
new file mode 100644
index 000000000..a74120c15
--- /dev/null
+++ b/gnu/packages/patches/libwmf-CVE-2016-9011.patch
@@ -0,0 +1,45 @@
+Fix CVE-2016-9011:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9011
+https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c/
+
+Patch copied from Fedora:
+
+https://src.fedoraproject.org/cgit/rpms/libwmf.git/commit/?id=9a43f910abce9940f07843e7186646ad46b686d6
+
+--- libwmf-0.2.8.4/src/player.c
++++ libwmf-0.2.8.4/src/player.c
+@@ -139,8 +139,31 @@
+ 		WMF_DEBUG (API,"bailing...");
+ 		return (API->err);
+ 	}
+-	
+- 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
++
++	U32 nMaxRecordSize = (MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char);
++	if (nMaxRecordSize)
++	{
++		//before allocating memory do a sanity check on size by seeking
++		//to claimed end to see if its possible. We're constrained here
++		//by the api and existing implementations to not simply seeking
++		//to SEEK_END. So use what we have to skip to the last byte and
++		//try and read it.
++		const long nPos = WMF_TELL (API);
++		WMF_SEEK (API, nPos + nMaxRecordSize - 1);
++		if (ERR (API))
++		{	WMF_DEBUG (API,"bailing...");
++			return (API->err);
++		}
++		int byte = WMF_READ (API);
++		if (byte == (-1))
++		{	WMF_ERROR (API,"Unexpected EOF!");
++		       	API->err = wmf_E_EOF;
++		       	return (API->err);
++		}
++		WMF_SEEK (API, nPos);
++	}
++
++ 	P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
+ 
+ 	if (ERR (API))
+ 	{	WMF_DEBUG (API,"bailing...");
diff --git a/gnu/packages/patches/libwmf-fixes-for-bundled-gd.patch b/gnu/packages/patches/libwmf-fixes-for-bundled-gd.patch
new file mode 100644
index 000000000..92a3f7cdb
--- /dev/null
+++ b/gnu/packages/patches/libwmf-fixes-for-bundled-gd.patch
@@ -0,0 +1,80 @@
+Fix CVE-2016-{9317,10167,10168} in bundled libgd:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
+
+Patches copied from Fedora:
+
+CVE-2016-9317:
+https://src.fedoraproject.org/cgit/rpms/libwmf.git/commit/?id=d851798416d005977d9409babf710c050124cfda
+CVE-2016-10167:
+https://src.fedoraproject.org/cgit/rpms/libwmf.git/commit/?id=b439c6f363d3f9c7b22e7f3b2211d423abd7d612
+CVE-2016-10168:
+https://src.fedoraproject.org/cgit/rpms/libwmf.git/commit/?id=d8c724ed484d01f3535bd1f317d6c5aa6d33aa80
+
+--- libwmf-0.2.8.4/src/extra/gd/gd.c
++++ libwmf-0.2.8.4/src/extra/gd/gd.c
+@@ -65,6 +65,18 @@
+ {
+   int i;
+   gdImagePtr im;
++
++  if (overflow2(sx, sy)) {
++    return NULL;
++  }
++
++  if (overflow2(sizeof (unsigned char *), sy)) {
++    return NULL;
++  }
++  if (overflow2(sizeof (unsigned char), sx)) {
++    return NULL;
++  }
++
+   im = (gdImage *) gdMalloc (sizeof (gdImage));
+   memset (im, 0, sizeof (gdImage));
+   /* Row-major ever since gd 1.3 */
+--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
++++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
+@@ -362,10 +362,9 @@
+ 			{
+ 			  if (!gdGetInt (&im->tpixels[y][x], in))
+ 			    {
+-			      /*printf("EOF while reading\n"); */
+-			      /*gdImageDestroy(im); */
+-			      /*return 0; */
+-			      im->tpixels[y][x] = 0;
++                               fprintf(stderr, "gd2: EOF while reading\n");
++                               gdImageDestroy(im);
++                               return NULL;
+ 			    }
+ 			}
+ 		      else
+@@ -373,10 +372,9 @@
+ 			  int ch;
+ 			  if (!gdGetByte (&ch, in))
+ 			    {
+-			      /*printf("EOF while reading\n"); */
+-			      /*gdImageDestroy(im); */
+-			      /*return 0; */
+-			      ch = 0;
++                              fprintf(stderr, "gd2: EOF while reading\n");
++                              gdImageDestroy(im);
++                              return NULL;
+ 			    }
+ 			  im->pixels[y][x] = ch;
+ 			}
+--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
++++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
+@@ -145,6 +145,11 @@
+ 
+   if ((*fmt) == GD2_FMT_COMPRESSED)
+     {
++      if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) {
++              GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy));
++              goto fail1;
++      }
++
+       nc = (*ncx) * (*ncy);
+       GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
+       sidx = sizeof (t_chunk_info) * nc;
-- 
2.13.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Mark H Weaver]

Leo Famulari <leo@famulari.name> writes:

> The last update to libwmf was twelve years ago, in 2005. In the
> meantime, a large number of security issues have been discovered in this
> library. These bugs are fixed somewhat haphazardly by the distributions.
>
> While working on patching CVE-2016-9011 in libwmf, and backporting fixes
> for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
> myself wondering if we need this library at all. The patches from this
> 12 year span of 3rd party fixes begin to conflict with each other...
>
> Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
> configured to build without it.

What functionality would be lost?  I guess that AbiWord would lose the
ability to open some kinds of files, but it would be good to know
whether or not such files are still in common use.

      Mark

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Ricardo Wurmus]

Mark H Weaver <mhw@netris.org> writes:

> Leo Famulari <leo@famulari.name> writes:
>
>> The last update to libwmf was twelve years ago, in 2005. In the
>> meantime, a large number of security issues have been discovered in this
>> library. These bugs are fixed somewhat haphazardly by the distributions.
>>
>> While working on patching CVE-2016-9011 in libwmf, and backporting fixes
>> for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
>> myself wondering if we need this library at all. The patches from this
>> 12 year span of 3rd party fixes begin to conflict with each other...
>>
>> Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
>> configured to build without it.
>
> What functionality would be lost?  I guess that AbiWord would lose the
> ability to open some kinds of files, but it would be good to know
> whether or not such files are still in common use.

WMF is the native vector format for Microsoft Office applications,
according to Wikipedia, so this would probably affect the rendering of
some images in Word documents that are opened with Abiword.

The format has continuously been developed, so it’s possible that libwmf
(with a last release in 2005) isn’t even able to handle recent versions
of WMF.

I think it would be better to remove libwmf.

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Hartmut Goebel]

Am 27.05.2017 um 23:13 schrieb Ricardo Wurmus:
> I think it would be better to remove libwmf.
+1

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 338 bytes --]

On Sun, May 28, 2017 at 03:06:35PM +0200, Hartmut Goebel wrote:
> Am 27.05.2017 um 23:13 schrieb Ricardo Wurmus:
> > I think it would be better to remove libwmf.
> +1

Something to consider is that many of our packages can be described as
unmaintained and full of bugs. And even the packages that are maintained
may be full of bugs, too.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> On Sun, May 28, 2017 at 03:06:35PM +0200, Hartmut Goebel wrote:
>> Am 27.05.2017 um 23:13 schrieb Ricardo Wurmus:
>> > I think it would be better to remove libwmf.
>> +1
>
> Something to consider is that many of our packages can be described as
> unmaintained and full of bugs. And even the packages that are maintained
> may be full of bugs, too.

True.  The best solution would be for our OS to run every program in an
isolated environment, like Plash or like Qubes.  That would allow us to
live with these bugs somewhat more peacefully.  We should work in that
direction, maybe using containers, which are imperfect but readily
available and an improvement over the status quo.

In the meantime, we probably need to take care of our packages though,
and provide security fixes or remove them.

Given what you and Ricardo wrote about libwmf, it seems to me that
removing it would be wise.

Thoughts?

Ludo’.

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 1124 bytes --]

On Sun, May 28, 2017 at 10:57:49PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Sun, May 28, 2017 at 03:06:35PM +0200, Hartmut Goebel wrote:
> >> Am 27.05.2017 um 23:13 schrieb Ricardo Wurmus:
> >> > I think it would be better to remove libwmf.
> >> +1
> >
> > Something to consider is that many of our packages can be described as
> > unmaintained and full of bugs. And even the packages that are maintained
> > may be full of bugs, too.
> 
> True.  The best solution would be for our OS to run every program in an
> isolated environment, like Plash or like Qubes.  That would allow us to
> live with these bugs somewhat more peacefully.  We should work in that
> direction, maybe using containers, which are imperfect but readily
> available and an improvement over the status quo.
> 
> In the meantime, we probably need to take care of our packages though,
> and provide security fixes or remove them.
> 
> Given what you and Ricardo wrote about libwmf, it seems to me that
> removing it would be wise.
> 
> Thoughts?

I've attached a patch to remove it.

[-- Attachment #1.2: 0001-gnu-Remove-libwmf.patch --]
[-- Type: text/plain, Size: 27022 bytes --]

From 7c9e08d8854246f6f50ff643ecac87be3d20d8e6 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 23 Jun 2017 18:00:54 -0400
Subject: [PATCH] gnu: Remove libwmf.

This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:

https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html

* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/local.mk                                       |  13 ---
 gnu/packages/abiword.scm                           |   5 +-
 gnu/packages/image.scm                             |  46 --------
 .../patches/abiword-wmf-version-lookup-fix.patch   |  28 -----
 gnu/packages/patches/libwmf-CAN-2004-0941.patch    |  21 ----
 gnu/packages/patches/libwmf-CVE-2006-3376.patch    |  30 -----
 gnu/packages/patches/libwmf-CVE-2007-0455.patch    |  15 ---
 gnu/packages/patches/libwmf-CVE-2007-2756.patch    |  20 ----
 gnu/packages/patches/libwmf-CVE-2007-3472.patch    |  63 -----------
 gnu/packages/patches/libwmf-CVE-2007-3473.patch    |  17 ---
 gnu/packages/patches/libwmf-CVE-2007-3477.patch    |  42 -------
 gnu/packages/patches/libwmf-CVE-2009-1364.patch    |  13 ---
 gnu/packages/patches/libwmf-CVE-2009-3546.patch    |  17 ---
 .../libwmf-CVE-2015-0848+CVE-2015-4588.patch       | 122 ---------------------
 gnu/packages/patches/libwmf-CVE-2015-4695.patch    |  60 ----------
 gnu/packages/patches/libwmf-CVE-2015-4696.patch    |  27 -----
 gnu/packages/wv.scm                                |   5 +-
 17 files changed, 3 insertions(+), 541 deletions(-)
 delete mode 100644 gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
 delete mode 100644 gnu/packages/patches/libwmf-CAN-2004-0941.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2006-3376.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2007-0455.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2007-2756.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2007-3472.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2007-3473.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2007-3477.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2009-1364.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2009-3546.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2015-4695.patch
 delete mode 100644 gnu/packages/patches/libwmf-CVE-2015-4696.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a4b29d5fd..14151b495 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -492,7 +492,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/a2ps-CVE-2001-1593.patch	\
   %D%/packages/patches/a2ps-CVE-2014-0466.patch	\
   %D%/packages/patches/abiword-explictly-cast-bools.patch	\
-  %D%/packages/patches/abiword-wmf-version-lookup-fix.patch	\
   %D%/packages/patches/abiword-black-drawing-with-gtk322.patch	\
   %D%/packages/patches/acl-hurd-path-max.patch			\
   %D%/packages/patches/aegis-constness-error.patch         	\
@@ -775,18 +774,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
-  %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
-  %D%/packages/patches/libwmf-CVE-2006-3376.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-0455.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-2756.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3472.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3473.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3477.patch		\
-  %D%/packages/patches/libwmf-CVE-2009-1364.patch		\
-  %D%/packages/patches/libwmf-CVE-2009-3546.patch		\
-  %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch	\
-  %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
-  %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxml2-CVE-2016-4658.patch		\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
diff --git a/gnu/packages/abiword.scm b/gnu/packages/abiword.scm
index 9a4acdc38..b00dac9a6 100644
--- a/gnu/packages/abiword.scm
+++ b/gnu/packages/abiword.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -55,8 +56,7 @@
         (sha256
          (base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg"))
         (patches
-         (search-patches "abiword-wmf-version-lookup-fix.patch"
-                         "abiword-explictly-cast-bools.patch"
+         (search-patches "abiword-explictly-cast-bools.patch"
                          "abiword-black-drawing-with-gtk322.patch"))))
 
     (build-system glib-or-gtk-build-system)
@@ -97,7 +97,6 @@
         ("libjpeg" ,libjpeg)
         ("libpng" ,libpng)
         ("librsvg" ,librsvg)
-        ("libwmf" ,libwmf)
         ("libxml2" ,libxml2)
         ("libxslt" ,libxslt)
         ("ots" ,ots)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index fdf3497fe..504df60fb 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -397,52 +397,6 @@ collection of tools for doing simple manipulations of TIFF images.")
         (base32
          "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
 
-(define-public libwmf
-  (package
-    (name "libwmf")
-    (version "0.2.8.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append "mirror://sourceforge/wvware/"
-                            name "/" version
-                            "/" name "-" version ".tar.gz"))
-        (sha256
-         (base32 "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v"))
-        (patches
-         (search-patches "libwmf-CAN-2004-0941.patch"
-                         "libwmf-CVE-2006-3376.patch"
-                         "libwmf-CVE-2007-0455.patch"
-                         "libwmf-CVE-2007-2756.patch"
-                         "libwmf-CVE-2007-3472.patch"
-                         "libwmf-CVE-2007-3473.patch"
-                         "libwmf-CVE-2007-3477.patch"
-                         "libwmf-CVE-2009-1364.patch"
-                         "libwmf-CVE-2009-3546.patch"
-                         "libwmf-CVE-2015-0848+CVE-2015-4588.patch"
-                         "libwmf-CVE-2015-4695.patch"
-                         "libwmf-CVE-2015-4696.patch"))))
-
-    (build-system gnu-build-system)
-    (inputs
-      `(("freetype" ,freetype)
-        ("libjpeg" ,libjpeg)
-        ("libpng",libpng)
-        ("libxml2" ,libxml2)
-        ("zlib" ,zlib)))
-    (native-inputs
-      `(("pkg-config" ,pkg-config)))
-    (synopsis "Library for reading images in the Microsoft WMF format")
-    (description
-      "libwmf is a library for reading vector images in Microsoft's native
-Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X
-window; or (b) converting them to more standard/free file formats such as, e.g.,
-the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
-    (home-page "http://wvware.sourceforge.net/libwmf.html")
-
-    ;; 'COPYING' is the GPLv2, but file headers say LGPLv2.0+.
-    (license license:lgpl2.0+)))
-
 (define-public leptonica
   (package
     (name "leptonica")
diff --git a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch b/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
deleted file mode 100644
index f27f32f30..000000000
--- a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-The way the configure script determines the version of libwmf is by temporarily
-making dots separator characters, but since the file name of the program which
-returns the version contains dots in Guix (the version in the store entry name),
-doing it this way will always fail.
-
-This is a simple guix-specific fix for the problem.
-
---- a/configure	2010-06-13 23:17:37.000000000 +0200
-+++ b/configure	2014-09-08 17:31:52.102371800 +0200
-@@ -21140,13 +21140,11 @@
- $as_echo "$as_me: WARNING: wmf plugin: program libwmf-config not found in path" >&2;}
- 		fi
- 	else
--		IFS_old="$IFS"
--		IFS='.'
--		set -- `$libwmfconfig --version`
--		libwmf_major_found="${1}"
--		libwmf_minor_found="${2}"
--		libwmf_micro_found="${3}"
--		IFS="$IFS_old"
-+		libwmf_fullver_found=`$libwmfconfig --version`
-+		libwmf_major_found=$(echo $libwmf_fullver_found |  cut -d . -f 1)
-+		libwmf_minor_found=$(echo $libwmf_fullver_found |  cut -d . -f 2)
-+		libwmf_micro_found=$(echo $libwmf_fullver_found |  cut -d . -f 3)
-+
- 		if test "$libwmf_major_found" -gt "$libwmf_major_req"; then
- 			wmf_deps="yes"
- 		elif test "$libwmf_major_found" -eq "$libwmf_major_req" &&
diff --git a/gnu/packages/patches/libwmf-CAN-2004-0941.patch b/gnu/packages/patches/libwmf-CAN-2004-0941.patch
deleted file mode 100644
index 84dd9baee..000000000
--- a/gnu/packages/patches/libwmf-CAN-2004-0941.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CAN-2004-0941.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:02:37.407589824 -0500
-+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:04:29.672522960 -0500
-@@ -188,6 +188,14 @@
- 
-   png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
- 		&interlace_type, NULL, NULL);
-+  if (overflow2(sizeof (int), width)) 
-+    {
-+      return NULL;
-+    }
-+  if (overflow2(sizeof (int) * width, height)) 
-+    {
-+      return NULL;
-+    }  
-   if ((color_type == PNG_COLOR_TYPE_RGB) ||
-       (color_type == PNG_COLOR_TYPE_RGB_ALPHA))
-     {
diff --git a/gnu/packages/patches/libwmf-CVE-2006-3376.patch b/gnu/packages/patches/libwmf-CVE-2006-3376.patch
deleted file mode 100644
index 1e0e1ecfa..000000000
--- a/gnu/packages/patches/libwmf-CVE-2006-3376.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Copied from Debian.
-
---- libwmf-0.2.8.4.orig/src/player.c
-+++ libwmf-0.2.8.4/src/player.c
-@@ -23,6 +23,7 @@
- 
- #include <stdio.h>
- #include <stdlib.h>
-+#include <stdint.h>
- #include <string.h>
- #include <math.h>
- 
-@@ -132,8 +133,14 @@
- 		}
- 	}
- 
--/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
-- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
-+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
-+	{
-+		API->err = wmf_E_InsMem;
-+		WMF_DEBUG (API,"bailing...");
-+		return (API->err);
-+	}
-+
-+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
- 
- 	if (ERR (API))
- 	{	WMF_DEBUG (API,"bailing...");
-
diff --git a/gnu/packages/patches/libwmf-CVE-2007-0455.patch b/gnu/packages/patches/libwmf-CVE-2007-0455.patch
deleted file mode 100644
index ceefc75bf..000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-0455.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:18:26.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:21:09.000000000 +0000
-@@ -811,7 +811,7 @@
- 	    {
- 	      ch = c & 0xFF;	/* don't extend sign */
- 	    }
--	  next++;
-+	  if (*next) next++;
- 	}
-       else
- 	{
diff --git a/gnu/packages/patches/libwmf-CVE-2007-2756.patch b/gnu/packages/patches/libwmf-CVE-2007-2756.patch
deleted file mode 100644
index feafac535..000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-2756.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_png.c	1 Apr 2007 20:41:01 -0000	1.21.2.1
-+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	16 May 2007 19:06:11 -0000
-@@ -78,8 +78,11 @@
- gdPngReadData (png_structp png_ptr,
- 	       png_bytep data, png_size_t length)
- {
--  gdGetBuf (data, length, (gdIOCtx *)
--	    png_get_io_ptr (png_ptr));
-+  int check;
-+  check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
-+  if (check != length) {
-+    png_error(png_ptr, "Read Error: truncated data");
-+  }
- }
- 
- static void
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3472.patch b/gnu/packages/patches/libwmf-CVE-2007-3472.patch
deleted file mode 100644
index 180bdb5fc..000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3472.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Based on a patch from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -106,6 +106,18 @@
-   gdImagePtr im;
-   unsigned long cpa_size;
- 
-+  if (overflow2(sx, sy)) {
-+    return NULL;
-+  }
-+
-+  if (overflow2(sizeof (int *), sy)) {
-+    return NULL;
-+  }
-+
-+  if (overflow2(sizeof(int), sx)) {
-+    return NULL;
-+  }
-+
-   im = (gdImage *) gdMalloc (sizeof (gdImage));
-   if (im == 0) return 0;
-   memset (im, 0, sizeof (gdImage));
---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:47:31.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:48:04.000000000 +0000
-@@ -2,6 +2,7 @@
- #include "gdhelpers.h"
- #include <stdlib.h>
- #include <string.h>
-+#include <limits.h>
- 
- /* TBB: gd_strtok_r is not portable; provide an implementation */
- 
-@@ -94,3 +95,18 @@
- {
-   free (ptr);
- }
-+
-+int overflow2(int a, int b)
-+{
-+	if(a < 0 || b < 0) {
-+		fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
-+		return 1;
-+	}
-+	if(b == 0)
-+		return 0;
-+	if(a > INT_MAX / b) {
-+		fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
-+		return 1;
-+	}
-+	return 0;
-+}
---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:47:17.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:48:36.000000000 +0000
-@@ -15,4 +15,6 @@
- void *gdMalloc(size_t size);
- void *gdRealloc(void *ptr, size_t size);
- 
-+int overflow2(int a, int b);
-+
- #endif /* GDHELPERS_H */
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3473.patch b/gnu/packages/patches/libwmf-CVE-2007-3473.patch
deleted file mode 100644
index cb96c94a4..000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3473.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3473.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd)
-     }
-   bytes = (w * h / 8) + 1;
-   im = gdImageCreate (w, h);
-+  if (!im) {
-+    return 0;
-+  }
-+
-   gdImageColorAllocate (im, 255, 255, 255);
-   gdImageColorAllocate (im, 0, 0, 0);
-   x = 0;
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3477.patch b/gnu/packages/patches/libwmf-CVE-2007-3477.patch
deleted file mode 100644
index e9f6f4278..000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3477.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3477.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -1335,10 +1335,31 @@
-   int w2, h2;
-   w2 = w / 2;
-   h2 = h / 2;
--  while (e < s)
--    {
--      e += 360;
--    }
-+
-+  if ((s % 360)  == (e % 360)) {
-+         s = 0; e = 360;
-+  } else {
-+         if (s > 360) {
-+                 s = s % 360;
-+         }
-+
-+         if (e > 360) {
-+                 e = e % 360;
-+         }
-+
-+         while (s < 0) {
-+                 s += 360;
-+         }
-+
-+         while (e < s) {
-+                 e += 360;
-+         }
-+
-+         if (s == e) {
-+                 s = 0; e = 360;
-+         }
-+  }
-+
-   for (i = s; (i <= e); i++)
-     {
-       int x, y;
diff --git a/gnu/packages/patches/libwmf-CVE-2009-1364.patch b/gnu/packages/patches/libwmf-CVE-2009-1364.patch
deleted file mode 100644
index 254b82159..000000000
--- a/gnu/packages/patches/libwmf-CVE-2009-1364.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Copied from Debian.
-
---- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
-@@ -70,6 +70,7 @@
- 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
- 		if (more == 0) return;
- 		im->clip->max += 8;
-+		im->clip->list = more;
- 	}
- 	im->clip->list[im->clip->count] = (*rect);
- 	im->clip->count++;
-
diff --git a/gnu/packages/patches/libwmf-CVE-2009-3546.patch b/gnu/packages/patches/libwmf-CVE-2009-3546.patch
deleted file mode 100644
index ef76fe073..000000000
--- a/gnu/packages/patches/libwmf-CVE-2009-3546.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:56:06.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:57:04.000000000 +0000
-@@ -42,6 +42,10 @@
- 	    {
- 	      goto fail1;
- 	    }
-+	  if (&im->colorsTotal > gdMaxColors)
-+	    {
-+	      goto fail1;
-+	    }
- 	}
-       /* Int to accommodate truecolor single-color transparency */
-       if (!gdGetInt (&im->transparent, in))
diff --git a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch b/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
deleted file mode 100644
index 871be1d26..000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
-
---- libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:24.591876404 +0100
-+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:35.345993247 +0100
-@@ -859,7 +859,7 @@
- %
- %
- */
--static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
-+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
- {	int byte;
- 	int count;
- 	int i;
-@@ -870,12 +870,14 @@
- 	U32 u;
- 
- 	unsigned char* q;
-+	unsigned char* end;
- 
- 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
- 
- 	byte = 0;
- 	x = 0;
- 	q = pixels;
-+	end = pixels + bmp->width * bmp->height;
- 
- 	for (y = 0; y < bmp->height; )
- 	{	count = ReadBlobByte (src);
-@@ -884,7 +886,10 @@
- 		{	/* Encoded mode. */
- 			byte = ReadBlobByte (src);
- 			for (i = 0; i < count; i++)
--			{	if (compression == 1)
-+			{	
-+				if (q == end)
-+					return 0;
-+			 	if (compression == 1)
- 				{	(*(q++)) = (unsigned char) byte;
- 				}
- 				else
-@@ -896,13 +901,15 @@
- 		else
- 		{	/* Escape mode. */
- 			count = ReadBlobByte (src);
--			if (count == 0x01) return;
-+			if (count == 0x01) return 1;
- 			switch (count)
- 			{
- 			case 0x00:
- 			 {	/* End of line. */
- 				x = 0;
- 				y++;
-+				if (y >= bmp->height)
-+					return 0;
- 				q = pixels + y * bmp->width;
- 				break;
- 			 }
-@@ -910,13 +917,20 @@
- 			 {	/* Delta mode. */
- 				x += ReadBlobByte (src);
- 				y += ReadBlobByte (src);
-+				if (y >= bmp->height)
-+					return 0;
-+				if (x >= bmp->width)
-+					return 0;
- 				q = pixels + y * bmp->width + x;
- 				break;
- 			 }
- 			default:
- 			 {	/* Absolute mode. */
- 				for (i = 0; i < count; i++)
--				{	if (compression == 1)
-+				{
-+					if (q == end)
-+						return 0;
-+					if (compression == 1)
- 					{	(*(q++)) = ReadBlobByte (src);
- 					}
- 					else
-@@ -943,7 +957,7 @@
- 	byte = ReadBlobByte (src);  /* end of line */
- 	byte = ReadBlobByte (src);
- 
--	return;
-+	return 1;
- }
- 
- /*
-@@ -1143,8 +1157,18 @@
- 		}
- 	}
- 	else
--	{	/* Convert run-length encoded raster pixels. */
--		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
-+	{
-+		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
-+		{
-+			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
-+			{	WMF_ERROR (API,"corrupt bmp");
-+				API->err = wmf_E_BadFormat;
-+			}
-+		}
-+		else
-+		{	WMF_ERROR (API,"Unexpected pixel depth");
-+			API->err = wmf_E_BadFormat;
-+		}
- 	}
- 
- 	if (ERR (API))
---- libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:24.590876393 +0100
-+++ libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:35.345993247 +0100
-@@ -48,7 +48,7 @@
- static unsigned short ReadBlobLSBShort (BMPSource*);
- static unsigned long  ReadBlobLSBLong (BMPSource*);
- static long           TellBlob (BMPSource*);
--static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
-+static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
- static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
- static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
- static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
diff --git a/gnu/packages/patches/libwmf-CVE-2015-4695.patch b/gnu/packages/patches/libwmf-CVE-2015-4695.patch
deleted file mode 100644
index 42c4d55f4..000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-4695.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4695.patch
-
---- libwmf-0.2.8.4/src/player/meta.h
-+++ libwmf-0.2.8.4/src/player/meta.h
-@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
diff --git a/gnu/packages/patches/libwmf-CVE-2015-4696.patch b/gnu/packages/patches/libwmf-CVE-2015-4696.patch
deleted file mode 100644
index 3674458c9..000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-4696.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4696.patch
-
---- libwmf-0.2.8.4/src/player/meta.h
-+++ libwmf-0.2.8.4/src/player/meta.h
-@@ -2585,6 +2585,8 @@
- 			polyrect.BR[i] = clip->rects[i].BR;
- 		}
- 
-+		if (FR->region_clip) FR->region_clip (API,&polyrect);
-+
- 		wmf_free (API,polyrect.TL);
- 		wmf_free (API,polyrect.BR);
- 	}
-@@ -2593,9 +2595,10 @@
- 		polyrect.BR = 0;
- 
- 		polyrect.count = 0;
-+	
-+		if (FR->region_clip) FR->region_clip (API,&polyrect);
- 	}
- 
--	if (FR->region_clip) FR->region_clip (API,&polyrect);
- 
- 	return (changed);
- }
diff --git a/gnu/packages/wv.scm b/gnu/packages/wv.scm
index a7f294462..12201faa3 100644
--- a/gnu/packages/wv.scm
+++ b/gnu/packages/wv.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,16 +40,12 @@
               (sha256
                (base32
                 "1mn2ax6qjy3pvixlnvbkn6ymy6y4l2wxrr4brjaczm121s8hjcb7"))))
-
     (build-system gnu-build-system)
-    (arguments
-      `(#:configure-flags '("--with-libwmf")))
     (inputs
       `(("glib" ,glib)
         ("libgsf" ,libgsf)
         ("libjpeg" ,libjpeg)
         ("libpng" ,libpng)
-        ("libwmf" ,libwmf)
         ("zlib" ,zlib)))
     (native-inputs
       `(("glib" ,glib "bin")
-- 
2.13.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Building AbiWord without libwmf and removing libwmf from Guix

[ng0]

Ricardo Wurmus transcribed 1.4K bytes:
> 
> Mark H Weaver <mhw@netris.org> writes:
> 
> > Leo Famulari <leo@famulari.name> writes:
> >
> >> The last update to libwmf was twelve years ago, in 2005. In the
> >> meantime, a large number of security issues have been discovered in this
> >> library. These bugs are fixed somewhat haphazardly by the distributions.
> >>
> >> While working on patching CVE-2016-9011 in libwmf, and backporting fixes
> >> for CVE-2016-{9317,10167,10168} in the ancient bundled libgd, I find
> >> myself wondering if we need this library at all. The patches from this
> >> 12 year span of 3rd party fixes begin to conflict with each other...
> >>
> >> Libwmf is only used as a "plugin" by AbiWord, and AbiWord can be
> >> configured to build without it.
> >
> > What functionality would be lost?  I guess that AbiWord would lose the
> > ability to open some kinds of files, but it would be good to know
> > whether or not such files are still in common use.
> 
> WMF is the native vector format for Microsoft Office applications,
> according to Wikipedia, so this would probably affect the rendering of
> some images in Word documents that are opened with Abiword.
> 
> The format has continuously been developed, so it’s possible that libwmf
> (with a last release in 2005) isn’t even able to handle recent versions
> of WMF.
> 
> I think it would be better to remove libwmf.
> 
> -- 
> Ricardo
> 
> GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
> https://elephly.net
> 
> 
> 

Libreoffice is able to do that aswell. It doesn't use libwmf, right?
-- 
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
infotropique OS: https://www.infotropique.org
personal: https://ng-0.github.io https://krosos.org/~/ng0/

Re: Building AbiWord without libwmf and removing libwmf from Guix

[ng0]

Ludovic Courtès transcribed 0.9K bytes:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Sun, May 28, 2017 at 03:06:35PM +0200, Hartmut Goebel wrote:
> >> Am 27.05.2017 um 23:13 schrieb Ricardo Wurmus:
> >> > I think it would be better to remove libwmf.
> >> +1
> >
> > Something to consider is that many of our packages can be described as
> > unmaintained and full of bugs. And even the packages that are maintained
> > may be full of bugs, too.
> 
> True.  The best solution would be for our OS to run every program in an
> isolated environment, like Plash or like Qubes.  That would allow us to
> live with these bugs somewhat more peacefully.  We should work in that
> direction, maybe using containers, which are imperfect but readily
> available and an improvement over the status quo.

Speaking of Qubes, Joanna and the team around her picked Xen as a kernel
for a reason. There are multiple approaches in all the projects, most being
present and exchanging on the secure-os mailinglist: https://secure-os.org/

The solution for Guix might only apply to Guix, but for discussion of the
concept Guix wants to use beyond current containers we have or even the
improvement of them it could help to discuss this topic on the list.

>
[…]
> 
> Ludo’.
> 
> 

-- 
ng0
OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
infotropique OS: https://www.infotropique.org
personal: https://ng-0.github.io https://krosos.org/~/ng0/

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 202 bytes --]

On Sat, Jun 24, 2017 at 08:02:08AM +0000, ng0 wrote:
> Libreoffice is able to do that aswell. It doesn't use libwmf, right?

It looks like libreoffice has its own implementation for handling WMF
files.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Mark H Weaver]

Leo Famulari <leo@famulari.name> writes:

> On Sat, Jun 24, 2017 at 08:02:08AM +0000, ng0 wrote:
>> Libreoffice is able to do that aswell. It doesn't use libwmf, right?
>
> It looks like libreoffice has its own implementation for handling WMF
> files.

I'm okay with removing libwmf from Guix.

      Mark

Re: Building AbiWord without libwmf and removing libwmf from Guix

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 437 bytes --]

On Sat, Jun 24, 2017 at 06:52:54PM -0400, Mark H Weaver wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Sat, Jun 24, 2017 at 08:02:08AM +0000, ng0 wrote:
> >> Libreoffice is able to do that aswell. It doesn't use libwmf, right?
> >
> > It looks like libreoffice has its own implementation for handling WMF
> > files.
> 
> I'm okay with removing libwmf from Guix.

Done in d17e085a59534a333cb8db028579fd0e6ec7f89b

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]