diff --git a/camlimages-3.0.2-display-module.patch b/camlimages-3.0.2-display-module.patch deleted file mode 100644 index b204046..0000000 --- a/camlimages-3.0.2-display-module.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- camlimages-3.0.2/examples/liv/liv.ml 2009-10-26 12:42:03.000000000 +0000 -+++ camlimages-3.0.2.display/examples/liv/liv.ml 2010-01-12 15:13:21.414300958 +0000 -@@ -19,7 +19,7 @@ - ;; - *) - --module D = Display -+module D = Livdisplay - open D - - open Gc -diff -ur camlimages-3.0.1.orig/examples/liv/Makefile.am camlimages-3.0.1/examples/liv/Makefile.am ---- camlimages-3.0.1.orig/examples/liv/Makefile.am 2007-05-21 19:54:32.000000000 +0100 -+++ camlimages-3.0.1/examples/liv/Makefile.am 2008-11-03 17:15:54.000000000 +0000 -@@ -23,7 +23,7 @@ - seq.ml \ - tout.ml \ - enhance.ml \ -- display.ml \ -+ livdisplay.ml \ - viewer.ml \ - edge.ml \ - pathfind.ml \ diff --git a/camlimages-3.0.2-ocaml-autoconf.patch b/camlimages-3.0.2-ocaml-autoconf.patch deleted file mode 100644 index d7ed2bd..0000000 --- a/camlimages-3.0.2-ocaml-autoconf.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- camlimages-3.0.2/configure.ac 2009-10-26 12:42:04.000000000 +0000 -+++ camlimages-3.0.2.autoconf/configure.ac 2010-01-12 15:23:49.179300765 +0000 -@@ -4,8 +4,7 @@ - AM_INIT_AUTOMAKE([foreign]) - - # Check ocaml --AC_PROG_OCAML([3.08]) --AC_PROG_OCAML_TOOL(OCAMLMKLIB, ocamlmklib) -+AC_PROG_OCAML - AC_SUBST(OCAMLLIB) - - # Check versions to build diff --git a/camlimages-oversized-png-check-CVE-2009-2295.patch b/camlimages-oversized-png-check-CVE-2009-2295.patch deleted file mode 100644 index 7f2fc00..0000000 --- a/camlimages-oversized-png-check-CVE-2009-2295.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- camlimages-3.0.1.orig/src/pngread.c 2007-01-18 10:29:57.000000000 +0000 -+++ camlimages-3.0.1.oversized/src/pngread.c 2009-07-03 15:51:00.000000000 +0100 -@@ -15,6 +15,8 @@ - #include "config.h" - #endif - -+#include -+ - #include - - #include -@@ -26,6 +28,12 @@ - #define PNG_TAG_INDEX16 2 - #define PNG_TAG_INDEX4 3 - -+/* Test if x or y are negative, or if multiplying x * y would cause an -+ * arithmetic overflow. -+ */ -+#define oversized(x, y) \ -+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) -+ - value read_png_file_as_rgb24( name ) - value name; - { -@@ -81,6 +89,9 @@ - png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, - &interlace_type, NULL, NULL); - -+ if (oversized (width, height)) -+ failwith ("png error: image contains oversized or bogus width and height"); -+ - if ( color_type == PNG_COLOR_TYPE_GRAY || - color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { - png_set_gray_to_rgb(png_ptr); -@@ -102,10 +113,16 @@ - - rowbytes = png_get_rowbytes(png_ptr, info_ptr); - -+ if (oversized (rowbytes, height)) -+ failwith ("png error: image contains oversized or bogus rowbytes and height"); -+ - { - int i; - png_bytep *row_pointers; - -+ if (oversized (sizeof (png_bytep), height)) -+ failwith ("png error: image contains oversized or bogus height"); -+ - row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height); - - res = alloc_tuple(3); -@@ -235,6 +252,9 @@ - png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, - &interlace_type, NULL, NULL); - -+ if (oversized (width, height)) -+ failwith ("png error: image contains oversized or bogus width and height"); -+ - if ( color_type == PNG_COLOR_TYPE_GRAY || - color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { - png_set_gray_to_rgb(png_ptr); -@@ -251,6 +271,9 @@ - - rowbytes = png_get_rowbytes(png_ptr, info_ptr); - -+ if (oversized (rowbytes, height)) -+ failwith ("png error: image contains oversized or bogus rowbytes and height"); -+ - /* - fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr); - */ -@@ -259,6 +282,9 @@ - png_bytep *row_pointers; - char mesg[256]; - -+ if (oversized (sizeof (png_bytep), height)) -+ failwith ("png error: image contains oversized or bogus height"); -+ - row_pointers = (png_bytep*)stat_alloc(sizeof(png_bytep) * height); - res = alloc_tuple(3); - diff --git a/camlimages-oversized-tiff-check-CVE-2009-3296.patch b/camlimages-oversized-tiff-check-CVE-2009-3296.patch deleted file mode 100644 index be59d24..0000000 --- a/camlimages-oversized-tiff-check-CVE-2009-3296.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000 -+++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100 -@@ -21,6 +21,13 @@ - #include - #include - -+#include -+#define oversized(x, y) \ -+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) -+ -+#define failwith_oversized(lib) \ -+ failwith("#lib error: image contains oversized or bogus width and height"); -+ - /* These are defined in caml/config.h */ - #define int16 int16tiff - #define uint16 uint16tiff -@@ -64,6 +71,10 @@ - TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); - TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); - -+ if (oversized (imagewidth, imagelength)) { -+ failwith_oversized("tiff"); -+ } -+ - if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ - if( imagebits != 8 ){ - failwith("Sorry, tiff rgb file must be 24bit-color"); diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..d19fb5a --- /dev/null +++ b/dead.package @@ -0,0 +1,10 @@ + +This package has known security issues, and I got no help from +upstream to solve them. In fact upstream is mostly silent / dead. +Therefore I have removed it from Fedora. + +If you want to add the package back to Fedora, please note that +you are going to need to fix all the security problems and +take an active role in maintaining the package too. + +- Richard W.M. Jones, 2011-02-03 diff --git a/ocaml-camlimages.spec b/ocaml-camlimages.spec deleted file mode 100644 index d7e3094..0000000 --- a/ocaml-camlimages.spec +++ /dev/null @@ -1,240 +0,0 @@ -%global opt %(test -x %{_bindir}/ocamlopt && echo 1 || echo 0) -%global debug_package %{nil} -%global _default_patch_fuzz 2 - -Name: ocaml-camlimages -Version: 3.0.2 -Release: 7%{?dist} -Summary: OCaml image processing library - -Group: Development/Libraries -License: LGPLv2 with exceptions -URL: http://cristal.inria.fr/camlimages/eng.html -Source0: http://cristal.inria.fr/camlimages/camlimages-%{version}.tgz -Source1: camlimages-2.2.0-htmlref.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -ExcludeArch: sparc64 s390 s390x - -Patch0: camlimages-3.0.2-display-module.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 -# Now upstream in 3.0.2. -#Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=528732 -# NOT upstream in 3.0.2. -Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch - -# This is paradoxically only needed because we are rerunning aclocal -# which will use the new ocaml-autoconf that has slightly different -# macros. -Patch3: camlimages-3.0.2-ocaml-autoconf.patch - -BuildRequires: ocaml >= 3.10.1 -BuildRequires: ocaml-lablgtk-devel -BuildRequires: ocaml-x11 -BuildRequires: lablgtk, libpng-devel, libjpeg-devel -BuildRequires: libXpm-devel, ghostscript-devel, freetype-devel -BuildRequires: giflib-devel -BuildRequires: libtiff-devel -BuildRequires: gtk2-devel -BuildRequires: libtool, automake, autoconf -BuildRequires: ocaml-autoconf - -%global __ocaml_requires_opts -i Image_intf - - -%description -CamlImages is an image processing library for Objective CAML, which provides: -basic functions for image processing and loading/saving, various image file -formats (hence providing a translation facility from format to format), -and an interface with the Caml graphics library allows to display images -in the Graphics module screen and to mix them with Caml drawings - -In addition, the library can handle huge images that cannot be (or can hardly -be) stored into the main memory (the library then automatically creates swap -files and escapes them to reduce the memory usage). - - -%package devel -Summary: Development files for camlimages -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - - -%description devel -The camlimages-devel package provides libraries and headers for -developing applications using camlimages - -Includes documentation provided by ocamldoc - - -%prep -%setup -q -n camlimages-%{version} -a 1 - -# Gdk.Display submodule clashes with the Display module in -# the examples/liv directory, so rename it: -%patch0 -p1 -%patch2 -p1 -%patch3 -p1 -aclocal -I . -automake -autoconf -mv examples/liv/display.ml examples/liv/livdisplay.ml - - -%build -%configure - -# Hack to fix RHBZ#564798. It's completely unclear why this fails -# in Koji when it works perfectly well for me locally. -echo image_intf.cmi: image_intf.mli >> src/.depend -echo mylazy.cmi: mylazy.mli >> examples/liv/.depend - -make - - -%install -rm -rf $RPM_BUILD_ROOT -make install ocamlsitelibdir=%{_libdir}/ocaml/camlimages DESTDIR=$RPM_BUILD_ROOT - -strip $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs/dllcamlimages.so \ - $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs/dllcamlimages_core.so - - -%clean -rm -rf $RPM_BUILD_ROOT - - -%files -%defattr(-,root,root,-) -%doc INSTALL README -%{_libdir}/ocaml/camlimages -%{_libdir}/ocaml/stublibs/*.so -%if %opt -%exclude %{_libdir}/ocaml/camlimages/*.a -%exclude %{_libdir}/ocaml/camlimages/*.cmxa -%endif -%exclude %{_libdir}/ocaml/camlimages/*.mli - - -%files devel -%defattr(-,root,root,-) -%doc doc/*.{html,jpg} -%if %opt -%{_libdir}/ocaml/camlimages/*.a -%{_libdir}/ocaml/camlimages/*.cmxa -%endif -%{_libdir}/ocaml/camlimages/*.mli - - -%changelog -* Wed Jan 12 2010 Richard W.M. Jones - 3.0.2-7 -- Fix FTBFS RHBZ#564798. - -* Wed Jan 12 2010 Richard W.M. Jones - 3.0.2-2 -- Ignore broken dependency from submodule (Image_intf). - -* Tue Jan 12 2010 Richard W.M. Jones - 3.0.2-1 -- New upstream version 3.0.2. -- Fix URL and source URL. -- Rebase Display->Livdisplay patch. -- Remove png check CVE patch (now upstream). -- RETAIN tiff check CVE patch (NOT upstream). -- Replace %%define with %%global. -- Use upstream RPM 4.8 OCaml dependency generator. -- Fix configure.ac, also we now BR ocaml-autoconf. -- Recheck package with rpmlint: - . Strip dllcamlimages_core.so - -* Wed Dec 30 2009 Richard W.M. Jones - 3.0.1-15 -- Rebuild for OCaml 3.11.2. - -* Fri Oct 16 2009 Richard W.M. Jones - 3.0.1-14 -- ocaml-camlimages: TIFF reader multiple integer overflows - (CVE 2009-3296 / RHBZ#528732). - -* Tue Sep 29 2009 Richard W.M. Jones - 3.0.1-12 -- Force rebuild against newer lablgtk. - -* Sat Jul 25 2009 Fedora Release Engineering - 3.0.1-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Fri Jul 3 2009 Richard W.M. Jones - 3.0.1-10 -- ocaml-camlimages: PNG reader multiple integer overflows - (CVE 2009-2295 / RHBZ#509531). - -* Sat May 23 2009 Richard W.M. Jones - 3.0.1-8 -- Rebuild for OCaml 3.11.1 - -* Thu Apr 16 2009 S390x secondary arch maintainer -- ExcludeArch sparc64, s390, s390x as we don't have OCaml on those archs - (added sparc64 per request from the sparc maintainer) - -* Wed Feb 25 2009 Fedora Release Engineering - 3.0.1-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Sat Feb 7 2009 Richard W.M. Jones - 3.0.1-6 -- Rebuild against updated lablgtk. - -* Fri Dec 5 2008 Richard W.M. Jones - 3.0.1-5 -- Rebuild. - -* Thu Dec 4 2008 Richard W.M. Jones - 3.0.1-4 -- Rebuild. - -* Mon Nov 3 2008 Richard W.M. Jones - 3.0.1-3 -- +BR gtk2-devel. -- +BR ocaml-x11. - -* Mon Nov 3 2008 Richard W.M. Jones - 3.0.1-1 -- Home page moved (fixes rhbz 468158). -- New upstream version 3.0.1 and multiple build fixes for this. -- License is really LGPLv2 with the OCaml linking exception. -- Removed the DESTDIR patch. -- Build tiff support. -- Run it through rpmlint and fix all problems. - -* Thu Aug 28 2008 Richard W.M. Jones - 2.2.0-13 -- Rebuild with patch fuzz. - -* Mon Aug 11 2008 Tom "spot" Callaway - 2.2.0-12 -- fix license tag - -* Wed Apr 23 2008 Richard W.M. Jones - 2.2.0-11 -- Rebuild for OCaml 3.10.2 - -* Sat Mar 1 2008 Richard W.M. Jones 2.2.0-10 -- Rebuild for ppc64. - -* Wed Feb 13 2008 Richard W.M. Jones 2.2.0-9 -- Rebuild for OCaml 3.10.1 -- Fix paths to conform to packaging policy. - -* Wed May 09 2007 Nigel Jones 2.2.0-8 -- Exclude ppc64 builds due to missing ocaml - -* Fri May 04 2007 Nigel Jones 2.2.0-7 -- Change to Makefile patch to move .so files to stublibs -- Rename to ocaml-camlimages -- Other changes per review - -* Thu May 03 2007 Nigel Jones 2.2.0-6 -- Include .*a files just to make sure - -* Thu May 03 2007 Nigel Jones 2.2.0-5 -- Revert -4 changes -- Remove excludedirs patch, replace with a sed -- Provide html documentation generated from running ocaml-ocamldoc - -* Thu Apr 26 2007 Nigel Jones 2.2.0-4 -- Add Provides: camlimages-static, and LICENSE to -devel docs - -* Thu Apr 12 2007 Nigel Jones 2.2.0-3 -- Remove .a & .o files - -* Wed Apr 11 2007 Nigel Jones 2.2.0-2 -- Add missing dependencies - -* Tue Apr 10 2007 Nigel Jones 2.2.0-1 -- Initial spec file diff --git a/sources b/sources deleted file mode 100644 index d72f7c4..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -fb1633c9c8df0b2b2d0f892d8c4ac2ee camlimages-2.2.0-htmlref.tar.gz -ccb2551232df255f6306941d26d07615 camlimages-3.0.2.tgz