summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-06-23 18:00:54 -0400
committerLeo Famulari <leo@famulari.name>2017-06-24 23:10:28 -0400
commitd17e085a59534a333cb8db028579fd0e6ec7f89b (patch)
treea14cac3625e0f78c2ca4ac91ae92e8525ced4e23
parent68f30310e13e77079a55b8db368ead7698cb99dc (diff)
downloadguix-d17e085a59534a333cb8db028579fd0e6ec7f89b.tar.gz
gnu: Remove libwmf.
This package contains many security vulnerabilities and is no longer maintained
upstream. See this discussion for more information:

https://lists.gnu.org/archive/html/guix-devel/2017-05/msg00478.html

* gnu/packages/image.scm (libwmf): Remove variable.
* gnu/packages/wv.scm (wv)[inputs]: Remove libwmf.
[arguments]: Remove field.
* gnu/packages/abiword.scm (abiword)[inputs]: Remove libwmf.
[source]: Remove patch 'abiword-wmf-version-lookup-fix.patch'.
* gnu/packages/patches/abiword-wmf-version-lookup-fix.patch,
gnu/packages/patches/libwmf-CAN-2004-0941.patch,
gnu/packages/patches/libwmf-CVE-2006-3376.patch,
gnu/packages/patches/libwmf-CVE-2007-0455.patch,
gnu/packages/patches/libwmf-CVE-2007-2756.patch,
gnu/packages/patches/libwmf-CVE-2007-3472.patch,
gnu/packages/patches/libwmf-CVE-2007-3473.patch,
gnu/packages/patches/libwmf-CVE-2007-3477.patch,
gnu/packages/patches/libwmf-CVE-2009-1364.patch,
gnu/packages/patches/libwmf-CVE-2009-3546.patch,
gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch,
gnu/packages/patches/libwmf-CVE-2015-4695.patch,
gnu/packages/patches/libwmf-CVE-2015-4696.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
-rw-r--r--gnu/local.mk13
-rw-r--r--gnu/packages/abiword.scm5
-rw-r--r--gnu/packages/image.scm46
-rw-r--r--gnu/packages/patches/abiword-wmf-version-lookup-fix.patch28
-rw-r--r--gnu/packages/patches/libwmf-CAN-2004-0941.patch21
-rw-r--r--gnu/packages/patches/libwmf-CVE-2006-3376.patch30
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-0455.patch15
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-2756.patch20
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-3472.patch63
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-3473.patch17
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-3477.patch42
-rw-r--r--gnu/packages/patches/libwmf-CVE-2009-1364.patch13
-rw-r--r--gnu/packages/patches/libwmf-CVE-2009-3546.patch17
-rw-r--r--gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch122
-rw-r--r--gnu/packages/patches/libwmf-CVE-2015-4695.patch60
-rw-r--r--gnu/packages/patches/libwmf-CVE-2015-4696.patch27
-rw-r--r--gnu/packages/wv.scm5
17 files changed, 3 insertions, 541 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 9a5558f269..102fe98e60 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -493,7 +493,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/a2ps-CVE-2001-1593.patch	\
   %D%/packages/patches/a2ps-CVE-2014-0466.patch	\
   %D%/packages/patches/abiword-explictly-cast-bools.patch	\
-  %D%/packages/patches/abiword-wmf-version-lookup-fix.patch	\
   %D%/packages/patches/abiword-black-drawing-with-gtk322.patch	\
   %D%/packages/patches/acl-hurd-path-max.patch			\
   %D%/packages/patches/aegis-constness-error.patch         	\
@@ -779,18 +778,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
-  %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
-  %D%/packages/patches/libwmf-CVE-2006-3376.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-0455.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-2756.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3472.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3473.patch		\
-  %D%/packages/patches/libwmf-CVE-2007-3477.patch		\
-  %D%/packages/patches/libwmf-CVE-2009-1364.patch		\
-  %D%/packages/patches/libwmf-CVE-2009-3546.patch		\
-  %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch	\
-  %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
-  %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxml2-CVE-2016-4658.patch		\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
diff --git a/gnu/packages/abiword.scm b/gnu/packages/abiword.scm
index 9a4acdc384..b00dac9a63 100644
--- a/gnu/packages/abiword.scm
+++ b/gnu/packages/abiword.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -55,8 +56,7 @@
         (sha256
          (base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg"))
         (patches
-         (search-patches "abiword-wmf-version-lookup-fix.patch"
-                         "abiword-explictly-cast-bools.patch"
+         (search-patches "abiword-explictly-cast-bools.patch"
                          "abiword-black-drawing-with-gtk322.patch"))))
 
     (build-system glib-or-gtk-build-system)
@@ -97,7 +97,6 @@
         ("libjpeg" ,libjpeg)
         ("libpng" ,libpng)
         ("librsvg" ,librsvg)
-        ("libwmf" ,libwmf)
         ("libxml2" ,libxml2)
         ("libxslt" ,libxslt)
         ("ots" ,ots)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index fdf3497fe6..504df60fb5 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -397,52 +397,6 @@ collection of tools for doing simple manipulations of TIFF images.")
         (base32
          "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
 
-(define-public libwmf
-  (package
-    (name "libwmf")
-    (version "0.2.8.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append "mirror://sourceforge/wvware/"
-                            name "/" version
-                            "/" name "-" version ".tar.gz"))
-        (sha256
-         (base32 "1y3wba4q8pl7kr51212jwrsz1x6nslsx1gsjml1x0i8549lmqd2v"))
-        (patches
-         (search-patches "libwmf-CAN-2004-0941.patch"
-                         "libwmf-CVE-2006-3376.patch"
-                         "libwmf-CVE-2007-0455.patch"
-                         "libwmf-CVE-2007-2756.patch"
-                         "libwmf-CVE-2007-3472.patch"
-                         "libwmf-CVE-2007-3473.patch"
-                         "libwmf-CVE-2007-3477.patch"
-                         "libwmf-CVE-2009-1364.patch"
-                         "libwmf-CVE-2009-3546.patch"
-                         "libwmf-CVE-2015-0848+CVE-2015-4588.patch"
-                         "libwmf-CVE-2015-4695.patch"
-                         "libwmf-CVE-2015-4696.patch"))))
-
-    (build-system gnu-build-system)
-    (inputs
-      `(("freetype" ,freetype)
-        ("libjpeg" ,libjpeg)
-        ("libpng",libpng)
-        ("libxml2" ,libxml2)
-        ("zlib" ,zlib)))
-    (native-inputs
-      `(("pkg-config" ,pkg-config)))
-    (synopsis "Library for reading images in the Microsoft WMF format")
-    (description
-      "libwmf is a library for reading vector images in Microsoft's native
-Windows Metafile Format (WMF) and for either (a) displaying them in, e.g., an X
-window; or (b) converting them to more standard/free file formats such as, e.g.,
-the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
-    (home-page "http://wvware.sourceforge.net/libwmf.html")
-
-    ;; 'COPYING' is the GPLv2, but file headers say LGPLv2.0+.
-    (license license:lgpl2.0+)))
-
 (define-public leptonica
   (package
     (name "leptonica")
diff --git a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch b/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
deleted file mode 100644
index f27f32f30b..0000000000
--- a/gnu/packages/patches/abiword-wmf-version-lookup-fix.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-The way the configure script determines the version of libwmf is by temporarily
-making dots separator characters, but since the file name of the program which
-returns the version contains dots in Guix (the version in the store entry name),
-doing it this way will always fail.
-
-This is a simple guix-specific fix for the problem.
-
---- a/configure	2010-06-13 23:17:37.000000000 +0200
-+++ b/configure	2014-09-08 17:31:52.102371800 +0200
-@@ -21140,13 +21140,11 @@
- $as_echo "$as_me: WARNING: wmf plugin: program libwmf-config not found in path" >&2;}
- 		fi
- 	else
--		IFS_old="$IFS"
--		IFS='.'
--		set -- `$libwmfconfig --version`
--		libwmf_major_found="${1}"
--		libwmf_minor_found="${2}"
--		libwmf_micro_found="${3}"
--		IFS="$IFS_old"
-+		libwmf_fullver_found=`$libwmfconfig --version`
-+		libwmf_major_found=$(echo $libwmf_fullver_found |  cut -d . -f 1)
-+		libwmf_minor_found=$(echo $libwmf_fullver_found |  cut -d . -f 2)
-+		libwmf_micro_found=$(echo $libwmf_fullver_found |  cut -d . -f 3)
-+
- 		if test "$libwmf_major_found" -gt "$libwmf_major_req"; then
- 			wmf_deps="yes"
- 		elif test "$libwmf_major_found" -eq "$libwmf_major_req" &&
diff --git a/gnu/packages/patches/libwmf-CAN-2004-0941.patch b/gnu/packages/patches/libwmf-CAN-2004-0941.patch
deleted file mode 100644
index 84dd9baee6..0000000000
--- a/gnu/packages/patches/libwmf-CAN-2004-0941.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CAN-2004-0941.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:02:37.407589824 -0500
-+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:04:29.672522960 -0500
-@@ -188,6 +188,14 @@
- 
-   png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
- 		&interlace_type, NULL, NULL);
-+  if (overflow2(sizeof (int), width)) 
-+    {
-+      return NULL;
-+    }
-+  if (overflow2(sizeof (int) * width, height)) 
-+    {
-+      return NULL;
-+    }  
-   if ((color_type == PNG_COLOR_TYPE_RGB) ||
-       (color_type == PNG_COLOR_TYPE_RGB_ALPHA))
-     {
diff --git a/gnu/packages/patches/libwmf-CVE-2006-3376.patch b/gnu/packages/patches/libwmf-CVE-2006-3376.patch
deleted file mode 100644
index 1e0e1ecfa8..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2006-3376.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Copied from Debian.
-
---- libwmf-0.2.8.4.orig/src/player.c
-+++ libwmf-0.2.8.4/src/player.c
-@@ -23,6 +23,7 @@
- 
- #include <stdio.h>
- #include <stdlib.h>
-+#include <stdint.h>
- #include <string.h>
- #include <math.h>
- 
-@@ -132,8 +133,14 @@
- 		}
- 	}
- 
--/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
-- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
-+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
-+	{
-+		API->err = wmf_E_InsMem;
-+		WMF_DEBUG (API,"bailing...");
-+		return (API->err);
-+	}
-+
-+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
- 
- 	if (ERR (API))
- 	{	WMF_DEBUG (API,"bailing...");
-
diff --git a/gnu/packages/patches/libwmf-CVE-2007-0455.patch b/gnu/packages/patches/libwmf-CVE-2007-0455.patch
deleted file mode 100644
index ceefc75bf2..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-0455.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:18:26.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:21:09.000000000 +0000
-@@ -811,7 +811,7 @@
- 	    {
- 	      ch = c & 0xFF;	/* don't extend sign */
- 	    }
--	  next++;
-+	  if (*next) next++;
- 	}
-       else
- 	{
diff --git a/gnu/packages/patches/libwmf-CVE-2007-2756.patch b/gnu/packages/patches/libwmf-CVE-2007-2756.patch
deleted file mode 100644
index feafac535a..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-2756.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_png.c	1 Apr 2007 20:41:01 -0000	1.21.2.1
-+++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	16 May 2007 19:06:11 -0000
-@@ -78,8 +78,11 @@
- gdPngReadData (png_structp png_ptr,
- 	       png_bytep data, png_size_t length)
- {
--  gdGetBuf (data, length, (gdIOCtx *)
--	    png_get_io_ptr (png_ptr));
-+  int check;
-+  check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
-+  if (check != length) {
-+    png_error(png_ptr, "Read Error: truncated data");
-+  }
- }
- 
- static void
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3472.patch b/gnu/packages/patches/libwmf-CVE-2007-3472.patch
deleted file mode 100644
index 180bdb5fc2..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3472.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Based on a patch from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3472.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -106,6 +106,18 @@
-   gdImagePtr im;
-   unsigned long cpa_size;
- 
-+  if (overflow2(sx, sy)) {
-+    return NULL;
-+  }
-+
-+  if (overflow2(sizeof (int *), sy)) {
-+    return NULL;
-+  }
-+
-+  if (overflow2(sizeof(int), sx)) {
-+    return NULL;
-+  }
-+
-   im = (gdImage *) gdMalloc (sizeof (gdImage));
-   if (im == 0) return 0;
-   memset (im, 0, sizeof (gdImage));
---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:47:31.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:48:04.000000000 +0000
-@@ -2,6 +2,7 @@
- #include "gdhelpers.h"
- #include <stdlib.h>
- #include <string.h>
-+#include <limits.h>
- 
- /* TBB: gd_strtok_r is not portable; provide an implementation */
- 
-@@ -94,3 +95,18 @@
- {
-   free (ptr);
- }
-+
-+int overflow2(int a, int b)
-+{
-+	if(a < 0 || b < 0) {
-+		fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
-+		return 1;
-+	}
-+	if(b == 0)
-+		return 0;
-+	if(a > INT_MAX / b) {
-+		fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
-+		return 1;
-+	}
-+	return 0;
-+}
---- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:47:17.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:48:36.000000000 +0000
-@@ -15,4 +15,6 @@
- void *gdMalloc(size_t size);
- void *gdRealloc(void *ptr, size_t size);
- 
-+int overflow2(int a, int b);
-+
- #endif /* GDHELPERS_H */
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3473.patch b/gnu/packages/patches/libwmf-CVE-2007-3473.patch
deleted file mode 100644
index cb96c94a47..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3473.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3473.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd)
-     }
-   bytes = (w * h / 8) + 1;
-   im = gdImageCreate (w, h);
-+  if (!im) {
-+    return 0;
-+  }
-+
-   gdImageColorAllocate (im, 255, 255, 255);
-   gdImageColorAllocate (im, 0, 0, 0);
-   x = 0;
diff --git a/gnu/packages/patches/libwmf-CVE-2007-3477.patch b/gnu/packages/patches/libwmf-CVE-2007-3477.patch
deleted file mode 100644
index e9f6f4278b..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2007-3477.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-3477.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd.c
-@@ -1335,10 +1335,31 @@
-   int w2, h2;
-   w2 = w / 2;
-   h2 = h / 2;
--  while (e < s)
--    {
--      e += 360;
--    }
-+
-+  if ((s % 360)  == (e % 360)) {
-+         s = 0; e = 360;
-+  } else {
-+         if (s > 360) {
-+                 s = s % 360;
-+         }
-+
-+         if (e > 360) {
-+                 e = e % 360;
-+         }
-+
-+         while (s < 0) {
-+                 s += 360;
-+         }
-+
-+         while (e < s) {
-+                 e += 360;
-+         }
-+
-+         if (s == e) {
-+                 s = 0; e = 360;
-+         }
-+  }
-+
-   for (i = s; (i <= e); i++)
-     {
-       int x, y;
diff --git a/gnu/packages/patches/libwmf-CVE-2009-1364.patch b/gnu/packages/patches/libwmf-CVE-2009-1364.patch
deleted file mode 100644
index 254b821596..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2009-1364.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Copied from Debian.
-
---- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
-+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
-@@ -70,6 +70,7 @@
- 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
- 		if (more == 0) return;
- 		im->clip->max += 8;
-+		im->clip->list = more;
- 	}
- 	im->clip->list[im->clip->count] = (*rect);
- 	im->clip->count++;
-
diff --git a/gnu/packages/patches/libwmf-CVE-2009-3546.patch b/gnu/packages/patches/libwmf-CVE-2009-3546.patch
deleted file mode 100644
index ef76fe0736..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2009-3546.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2009-3546.patch
-
---- libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:56:06.000000000 +0000
-+++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:57:04.000000000 +0000
-@@ -42,6 +42,10 @@
- 	    {
- 	      goto fail1;
- 	    }
-+	  if (&im->colorsTotal > gdMaxColors)
-+	    {
-+	      goto fail1;
-+	    }
- 	}
-       /* Int to accommodate truecolor single-color transparency */
-       if (!gdGetInt (&im->transparent, in))
diff --git a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch b/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
deleted file mode 100644
index 871be1d267..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-0848+CVE-2015-4588.patch
-
---- libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:24.591876404 +0100
-+++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-08 14:46:35.345993247 +0100
-@@ -859,7 +859,7 @@
- %
- %
- */
--static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
-+static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
- {	int byte;
- 	int count;
- 	int i;
-@@ -870,12 +870,14 @@
- 	U32 u;
- 
- 	unsigned char* q;
-+	unsigned char* end;
- 
- 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
- 
- 	byte = 0;
- 	x = 0;
- 	q = pixels;
-+	end = pixels + bmp->width * bmp->height;
- 
- 	for (y = 0; y < bmp->height; )
- 	{	count = ReadBlobByte (src);
-@@ -884,7 +886,10 @@
- 		{	/* Encoded mode. */
- 			byte = ReadBlobByte (src);
- 			for (i = 0; i < count; i++)
--			{	if (compression == 1)
-+			{	
-+				if (q == end)
-+					return 0;
-+			 	if (compression == 1)
- 				{	(*(q++)) = (unsigned char) byte;
- 				}
- 				else
-@@ -896,13 +901,15 @@
- 		else
- 		{	/* Escape mode. */
- 			count = ReadBlobByte (src);
--			if (count == 0x01) return;
-+			if (count == 0x01) return 1;
- 			switch (count)
- 			{
- 			case 0x00:
- 			 {	/* End of line. */
- 				x = 0;
- 				y++;
-+				if (y >= bmp->height)
-+					return 0;
- 				q = pixels + y * bmp->width;
- 				break;
- 			 }
-@@ -910,13 +917,20 @@
- 			 {	/* Delta mode. */
- 				x += ReadBlobByte (src);
- 				y += ReadBlobByte (src);
-+				if (y >= bmp->height)
-+					return 0;
-+				if (x >= bmp->width)
-+					return 0;
- 				q = pixels + y * bmp->width + x;
- 				break;
- 			 }
- 			default:
- 			 {	/* Absolute mode. */
- 				for (i = 0; i < count; i++)
--				{	if (compression == 1)
-+				{
-+					if (q == end)
-+						return 0;
-+					if (compression == 1)
- 					{	(*(q++)) = ReadBlobByte (src);
- 					}
- 					else
-@@ -943,7 +957,7 @@
- 	byte = ReadBlobByte (src);  /* end of line */
- 	byte = ReadBlobByte (src);
- 
--	return;
-+	return 1;
- }
- 
- /*
-@@ -1143,8 +1157,18 @@
- 		}
- 	}
- 	else
--	{	/* Convert run-length encoded raster pixels. */
--		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
-+	{
-+		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
-+		{
-+			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
-+			{	WMF_ERROR (API,"corrupt bmp");
-+				API->err = wmf_E_BadFormat;
-+			}
-+		}
-+		else
-+		{	WMF_ERROR (API,"Unexpected pixel depth");
-+			API->err = wmf_E_BadFormat;
-+		}
- 	}
- 
- 	if (ERR (API))
---- libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:24.590876393 +0100
-+++ libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-08 14:46:35.345993247 +0100
-@@ -48,7 +48,7 @@
- static unsigned short ReadBlobLSBShort (BMPSource*);
- static unsigned long  ReadBlobLSBLong (BMPSource*);
- static long           TellBlob (BMPSource*);
--static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
-+static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
- static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
- static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
- static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
diff --git a/gnu/packages/patches/libwmf-CVE-2015-4695.patch b/gnu/packages/patches/libwmf-CVE-2015-4695.patch
deleted file mode 100644
index 42c4d55f40..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-4695.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4695.patch
-
---- libwmf-0.2.8.4/src/player/meta.h
-+++ libwmf-0.2.8.4/src/player/meta.h
-@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
-@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
- 	objects = P->objects;
- 
- 	i = 0;
--	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
-+	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
- 
- 	if (i == NUM_OBJECTS (API))
- 	{	WMF_ERROR (API,"Object out of range!");
diff --git a/gnu/packages/patches/libwmf-CVE-2015-4696.patch b/gnu/packages/patches/libwmf-CVE-2015-4696.patch
deleted file mode 100644
index 3674458c98..0000000000
--- a/gnu/packages/patches/libwmf-CVE-2015-4696.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2015-4696.patch
-
---- libwmf-0.2.8.4/src/player/meta.h
-+++ libwmf-0.2.8.4/src/player/meta.h
-@@ -2585,6 +2585,8 @@
- 			polyrect.BR[i] = clip->rects[i].BR;
- 		}
- 
-+		if (FR->region_clip) FR->region_clip (API,&polyrect);
-+
- 		wmf_free (API,polyrect.TL);
- 		wmf_free (API,polyrect.BR);
- 	}
-@@ -2593,9 +2595,10 @@
- 		polyrect.BR = 0;
- 
- 		polyrect.count = 0;
-+	
-+		if (FR->region_clip) FR->region_clip (API,&polyrect);
- 	}
- 
--	if (FR->region_clip) FR->region_clip (API,&polyrect);
- 
- 	return (changed);
- }
diff --git a/gnu/packages/wv.scm b/gnu/packages/wv.scm
index a7f294462b..12201faa3a 100644
--- a/gnu/packages/wv.scm
+++ b/gnu/packages/wv.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,16 +40,12 @@
               (sha256
                (base32
                 "1mn2ax6qjy3pvixlnvbkn6ymy6y4l2wxrr4brjaczm121s8hjcb7"))))
-
     (build-system gnu-build-system)
-    (arguments
-      `(#:configure-flags '("--with-libwmf")))
     (inputs
       `(("glib" ,glib)
         ("libgsf" ,libgsf)
         ("libjpeg" ,libjpeg)
         ("libpng" ,libpng)
-        ("libwmf" ,libwmf)
         ("zlib" ,zlib)))
     (native-inputs
       `(("glib" ,glib "bin")