.gitignore

@@ -1 +1 @@
-SOURCES/v0.2.12.tar.gz
+SOURCES/v0.2.9.tar.gz

.libwmf.metadata

@@ -1 +1 @@
-490a26175ad667fbc0c009d390bf56644919bed6 SOURCES/v0.2.12.tar.gz
+b63f95da60db128f53ca61c2941f1c07c820d02f SOURCES/v0.2.9.tar.gz

SOURCES/0001-merge-in-fixes-for-libgd-CVE-2019-6978.patch

@@ -0,0 +1,148 @@
+From f58c813f8afcd08acdd630f378cff1a5009655cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Thu, 31 Jan 2019 16:02:19 +0000
+Subject: [PATCH] merge in fixes for libgd CVE-2019-6978
+
+---
+ README                 |  5 +++++
+ configure.ac           |  2 +-
+ src/extra/gd/gd_jpeg.c | 21 +++++++++++++++++----
+ src/extra/gd/gd_wbmp.c | 24 ++++++++++++++++++++++--
+ 4 files changed, 45 insertions(+), 7 deletions(-)
+
+diff --git a/src/extra/gd/gd_jpeg.c b/src/extra/gd/gd_jpeg.c
+index 7e6dfbb..b270186 100644
+--- a/src/extra/gd/gd_jpeg.c
++++ b/src/extra/gd/gd_jpeg.c
+@@ -72,6 +72,8 @@ fatal_jpeg_error (j_common_ptr cinfo)
+   exit (99);
+ }
+ 
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
++
+ /*
+  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
+  * QUALITY.  If QUALITY is in the range 0-100, increasing values
+@@ -93,8 +95,12 @@ gdImageJpegPtr (gdImagePtr im, int *size, int quality)
+ {
+   void *rv;
+   gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+-  gdImageJpegCtx (im, out, quality);
+-  rv = gdDPExtractData (out, size);
++  if (out == NULL) return NULL;
++  if (!_gdImageJpegCtx(im, out, quality)) {
++    rv = gdDPExtractData(out, size);
++  } else {
++    rv = NULL;
++  }
+   out->free (out);
+   return rv;
+ }
+@@ -103,6 +109,12 @@ static void jpeg_gdIOCtx_dest (j_compress_ptr cinfo, gdIOCtx * outfile);
+ 
+ void
+ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
++{
++  _gdImageJpegCtx(im, outfile, quality);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ {
+   struct jpeg_compress_struct cinfo;
+   struct jpeg_error_mgr jerr;
+@@ -139,7 +151,7 @@ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+       /* we're here courtesy of longjmp */
+       if (row)
+ 	gdFree (row);
+-      return;
++      return 1;
+     }
+ 
+   cinfo.err->error_exit = fatal_jpeg_error;
+@@ -173,7 +185,7 @@ gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+       fprintf (stderr, "gd-jpeg: error: unable to allocate JPEG row "
+ 	       "structure: gdCalloc returns NULL\n");
+       jpeg_destroy_compress (&cinfo);
+-      return;
++      return 1;
+     }
+ 
+   rowptr[0] = row;
+@@ -254,6 +266,7 @@ error:
+ #endif
+   jpeg_destroy_compress (&cinfo);
+   gdFree (row);
++  return 0;
+ }
+ 
+ gdImagePtr
+diff --git a/src/extra/gd/gd_wbmp.c b/src/extra/gd/gd_wbmp.c
+index f1258da..4b27043 100644
+--- a/src/extra/gd/gd_wbmp.c
++++ b/src/extra/gd/gd_wbmp.c
+@@ -85,6 +85,7 @@ gd_getin (void *in)
+   return (gdGetC ((gdIOCtx *) in));
+ }
+ 
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
+ 
+ /*      gdImageWBMPCtx
+    **  --------------
+@@ -97,6 +98,12 @@ gd_getin (void *in)
+  */
+ void
+ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
++{
++  _gdImageWBMPCtx(image, fg, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ {
+ 
+   int x, y, pos;
+@@ -107,7 +114,7 @@ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
+   if ((wbmp = createwbmp (gdImageSX (image), gdImageSY (image), WBMP_WHITE)) == NULL)
+     {
+       fprintf (stderr, "Could not create WBMP\n");
+-      return;
++      return 1;
+     }
+ 
+   /* fill up the WBMP structure */
+@@ -126,9 +133,16 @@ gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
+ 
+   /* write the WBMP to a gd file descriptor */
+   if (writewbmp (wbmp, &gd_putout, out))
++  {
+     fprintf (stderr, "Could not save WBMP\n");
++    freewbmp (wbmp);
++    return 1;
++  }
++
+   /* des submitted this bugfix: gdFree the memory. */
+   freewbmp (wbmp);
++
++  return 0;
+ }
+ 
+ 
+@@ -214,8 +228,12 @@ gdImageWBMPPtr (gdImagePtr im, int *size, int fg)
+ {
+   void *rv;
+   gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+-  gdImageWBMPCtx (im, fg, out);
+-  rv = gdDPExtractData (out, size);
++  if (out == NULL) return NULL;
++  if (!_gdImageWBMPCtx(im, fg, out)) {
++    rv = gdDPExtractData(out, size);
++  } else {
++    rv = NULL;
++  }
+   out->free (out);
+   return rv;
+ }
+-- 
+2.20.1
+

SPECS/libwmf.spec

@@ -1,7 +1,8 @@
 Summary: Windows MetaFile Library
 Name: libwmf
-Version: 0.2.12
-Release: 10%{?dist}
+Version: 0.2.9
+Release: 8%{?dist}
+Group: System Environment/Libraries
 #libwmf is under the LGPLv2+, however...
 #1. The tarball contains an old version of the urw-fonts under GPL+.
 #   Those fonts are not installed
@@ -11,7 +12,8 @@ License: LGPLv2+ and GPLv2+ and GPL+
 Source: https://github.com/caolanm/libwmf/archive/v%{version}.tar.gz
 URL: https://github.com/caolanm/libwmf
 
-Provides: bundled(gd) = 2.0.0
+Patch0: covscan.patch
+Patch1: 0001-merge-in-fixes-for-libgd-CVE-2019-6978.patch
 
 Requires: urw-fonts
 Requires: %{name}-lite = %{version}-%{release}
@@ -21,19 +23,20 @@ Requires: gdk-pixbuf2%{?_isa} >= 2.31.5-2.fc24
 
 BuildRequires: gtk2-devel, libtool, libxml2-devel, libpng-devel
 BuildRequires: libjpeg-devel, libXt-devel, libX11-devel, dos2unix, libtool
-BuildRequires: make
 
 %description
 A library for reading and converting Windows MetaFile vector graphics (WMF).
 
 %package lite
 Summary: Windows Metafile parser library
+Group: System Environment/Libraries
 
 %description lite
 A library for parsing Windows MetaFile vector graphics (WMF).
 
 %package devel
 Summary: Support files necessary to compile applications with libwmf
+Group: Development/Libraries
 Requires: libwmf = %{version}-%{release}
 Requires: gtk2-devel, libxml2-devel, libjpeg-devel
 
@@ -43,15 +46,17 @@ using libwmf.
 
 %prep
 %setup -q
+%patch0  -p1 -b .covscan
+%patch1  -p1 -b .CVE-2019-6978
 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
 
 %build
 autoreconf -i -f -Ipatches
 %configure --with-libxml2 --disable-static --disable-dependency-tracking --with-gsfontdir=/usr/share/fonts/urw-base35
-%make_build
+make %{?_smp_mflags}
 
 %install
-%make_install
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
 find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 
 rm -rf $RPM_BUILD_ROOT%{_includedir}/libwmf/gd
@@ -62,11 +67,16 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/*afm
 rm -rf $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/*t1
 sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/urw-base35#g'
 
-%ldconfig_scriptlets
-%ldconfig_scriptlets lite
+%post -p /sbin/ldconfig
+
+%post lite -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%postun lite -p /sbin/ldconfig
 
 %files
-%{_libdir}/libwmf-0.2.so.7*
+%{_libdir}/libwmf-*.so.*
 %{_libdir}/gdk-pixbuf-2.0/*/loaders/*.so
 %{_bindir}/wmf2svg
 %{_bindir}/wmf2gd
@@ -77,9 +87,8 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 %{_datadir}/libwmf/
 
 %files lite
-%doc AUTHORS README
-%license COPYING
-%{_libdir}/libwmflite-0.2.so.7*
+%doc AUTHORS COPYING README
+%{_libdir}/libwmflite-*.so.*
 
 %files devel
 %doc doc/*.html
@@ -87,60 +96,31 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 %doc doc/*.gif
 %doc doc/html
 %doc doc/caolan
-%{_libdir}/libwmf*.so
+%{_libdir}/*.so
 %{_libdir}/pkgconfig/libwmf.pc
-%{_includedir}/libwmf/
+%{_includedir}/libwmf
 %{_bindir}/libwmf-config
 
 
 %changelog
-* Mon Aug 15 2022 Josef Ridky <jridky@redhat.com> - 0.2.12-10
-- ship libwmf-devel in CRB
-
-* Wed Feb 09 2022 Josef Ridky <jridky@redhat.com> - 0.2.12-9
-- add gating.yaml file
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Tue May 18 2021 Caolán McNamara <caolanm@redhat.com> - 0.2.12-6
-- document that libwmf bundles a modified old copy of gd 2.0.1
-  https://fedoraproject.org/wiki/Bundled_Libraries#Requirement_if_you_bundle
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.2.9-8
+- Rebuilt for MSVSphere 8.8
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Wed Aug 14 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-8
+- Related: rhbz1717799 fix clang warning
 
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+* Wed Aug 14 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-7
+- Related: rhbz1717799 bump n-v-r
 
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.12-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Wed Mar 06 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-6
+- Related: rhbz1679006 bump n-v-r
 
-* Fri Feb 01 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.12-1
-- Related: rhbz#1671392/rhbz#1671621 unwanted soname bump
+* Tue Feb 26 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.9-5
+- Resolves: rhbz1679006 libgd CVE-2019-6978
 
-* Fri Feb 01 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.2.11-2
-- track library sonames so bumps aren't a surprise
-- use %%make_build %%make_install macros
-
-* Thu Jan 31 2019 Caolán McNamara <caolanm@redhat.com> - 0.2.11-1
-- Resolves: rhbz#1671392 CVE-2019-6978 latest version
-
-* Fri Aug 10 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.10-1
-- latest version
-
-* Fri Aug 10 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.9-5
+* Fri Aug 10 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.9-4
 - Related: rhbz#1602602 fix more clang warnings
 
-* Fri Aug 10 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.2.9-4
-- Switch to %%ldconfig_scriptlets
-
 * Fri Aug 10 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.9-3
 - Related: rhbz#1602602 fix more clang warnings
 
@@ -151,15 +131,6 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 - Resolves: rhbz#1602602 new version with covscan warnings fixed
 - all cve fixes merged to that new upstream
 
-* Wed Aug 08 2018 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-56
-- Resolves: rhbz#1595490 make libwmf work again with recent urw-fonts
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.8.4-55
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.8.4-54
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
 * Tue Sep 12 2017 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-53
 - Resolves: rhbz#1489844 CVE-2017-6362 remove afflicted but unused function