Fedora has issued an advisory today (February 10): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L32G56HKBVCM2HEZASWDWDWEXQTBWNZP/ This is a libgd issue (Bug 24336) due to the bundled gd code in libwmf. The libgd patch (adjusted for file paths) doesn't apply, so perhaps we should just update it (as I've done in Cauldron) to 0.2.12, which fixes this.
CC: (none) => nicolas.salguero
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L32G56HKBVCM2HEZASWDWDWEXQTBWNZP/ ======================== Updated packages in core/updates_testing: ======================== libwmf-0.2.12-1.mga6 lib(64)wmf0.2_7-0.2.12-1.mga6 lib(64)wmf-devel-0.2.12-1.mga6 from SRPMS: libwmf-0.2.12-1.mga6.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2019-6978Assignee: pkg-bugs => qa-bugs
Re comment #0 Checked libwmf using 'urpmq --requires-recursive' to confirm David's statement regarding the libgd patch. No dependency on libgd so a clean update should suffice. However, since it is an update there is no harm in trying out graphicsmagick or imagemagick with the new libwmf. Need to find an operation that exercizes it. Later.
CC: (none) => tarazed25
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Found a wmf sample file at https://www.armsandbadges.com/sample.htm (I will upload it here). This file opens nicely in LibreOffice Draw. libwmf has executables wmf2eps wmf2fig wmf2gd wmf2svg wmf2x Tried a few of them on the sample file, but all fail the same: ]$ wmf2svg sample.wmf ERROR: font.c (1339): wmf_ipa_font_map: failed to load *any* font! I will try to find some info on this.
CC: (none) => herman.viaene
Created attachment 10739 [details] sample wmf file
Found ref to this error in https://github.com/kakwa/libvisio2svg/issues/25 and it points to a debian package gsfonts, which does not seem to exist in our rpm-family. Googling on "gsfonts fedora" gave me refs to packages ghostscript-fonts and urw-fonts, but both are installed already on this laptop. Giving up for now. If Len decides to let go on clean install, I won't object.
Thanks Herman. Just found some sample WMF files in my qa directories - don't know where they came from but they look OK with ImageMagick display. $ wmf2svg 30MMGUN.WMF > gun.svg That worked and the output file looks fine as an image. Tried your sample file and that did not complain. $ wmf2eps sample.wmf > sample.ps In gs sample.ps displays as a somewhat sketchy version of the crown image displayed by libreoffice draw. It certainly looks like encapsulated postscript. $ head sample.ps %!PS-Adobe-2.0 EPSF-2.0 %%BoundingBox: 0 0 1025 1025 save gsave 0 1025 translate 1 -1 scale 0.038000 0.038000 translate 1.000902 1.000902 scale gsave % begin clip gsave % wmf_[eps_]draw_polygon The reference to fonts with respect to sample.wmf is puzzling - it is hard to see how font rendering can be involved with a pictorial image like that. Not even the postscript file refers to any fonts. $ cat sample.ps | grep -i font Ghostscript fonts are installed here also, close to 100 of them. $ locate -i fontmap | grep ghostscript /usr/share/fonts/default/ghostscript/Fontmap /usr/share/fonts/default/ghostscript/Fontmap.bak /usr/share/ghostscript/9.26/Resource/Init/FAPIfontmap /usr/share/ghostscript/9.26/Resource/Init/FCOfontmap-PCLPS2 /usr/share/ghostscript/9.26/Resource/Init/Fontmap /usr/share/ghostscript/9.26/Resource/Init/Fontmap.GS One of life's little mysteries. Thanks for trying. It would be good to find an explanation though. Anyway, my various sample files behave when processed by the WMF utiliies so it deserves a 64-bit pass. Attaching one of my samples.
Whiteboard: (none) => MGA6-64-OK
Created attachment 10744 [details] December calendar display $ file D20862.WMF D20862.WMF: ms-windows metafont .wmf
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0085.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED