From 16302209c287f42b4305d7bd9a660bd5206189bb Mon Sep 17 00:00:00 2001 From: Christian Kauhaus Date: Mon, 22 Mar 2021 18:35:23 +0100 Subject: [PATCH] steghide-0.5.1: remove package This package is considered insecure (week RNG seeding). As it has seen no upstream activity for 18 years, a bug fix is unlikely. See also: * CVE-2021-27211 * https://discourse.nixos.org/t/removal-of-insecure-steghide-package/12071 Fixes #116923 --- pkgs/tools/security/steghide/default.nix | 30 -- .../patches/steghide-0.5.1-gcc34.patch | 42 --- .../patches/steghide-0.5.1-gcc4.patch | 46 --- .../patches/steghide-0.5.1-gcc43.patch | 349 ------------------ pkgs/top-level/all-packages.nix | 2 - 5 files changed, 469 deletions(-) delete mode 100644 pkgs/tools/security/steghide/default.nix delete mode 100644 pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch delete mode 100644 pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch delete mode 100644 pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch diff --git a/pkgs/tools/security/steghide/default.nix b/pkgs/tools/security/steghide/default.nix deleted file mode 100644 index cb2a0473cf15..000000000000 --- a/pkgs/tools/security/steghide/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, stdenv, fetchurl, libjpeg, libmcrypt, zlib, libmhash, gettext, libtool}: - -stdenv.mkDerivation rec { - buildInputs = [ libjpeg libmcrypt zlib libmhash gettext libtool ]; - version = "0.5.1"; - pname = "steghide"; - - src = fetchurl { - url = "mirror://sourceforge/steghide/steghide/${version}/steghide-${version}.tar.gz" ; - sha256 = "78069b7cfe9d1f5348ae43f918f06f91d783c2b3ff25af021e6a312cf541b47b"; - }; - - patches = [ - ./patches/steghide-0.5.1-gcc34.patch - ./patches/steghide-0.5.1-gcc4.patch - ./patches/steghide-0.5.1-gcc43.patch - ]; - - # AM_CXXFLAGS needed for automake - preConfigure = '' - export AM_CXXFLAGS="$CXXFLAGS -std=c++0x" - ''; - - meta = with lib; { - homepage = "http://steghide.sourceforge.net/"; - description = "Steganography program that is able to hide data in various kinds of image- and audio-files"; - license = licenses.gpl2; - platforms = platforms.linux; - }; -} diff --git a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch b/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch deleted file mode 100644 index 373316c78406..000000000000 --- a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- steghide-0.5.1.old/src/Makefile.am -+++ steghide-0.5.1.new/src/Makefile.am 2004-07-16 19:01:39.673947633 +0200 -@@ -33,5 +33,5 @@ - WavPCMSampleValue.cc error.cc main.cc msg.cc SMDConstructionHeuristic.cc - LIBS = @LIBINTL@ @LIBS@ - localedir = $(datadir)/locale --LIBTOOL = $(SHELL) libtool -+LIBTOOL = $(SHELL) libtool --tag=CXX - MAINTAINERCLEANFILES = Makefile.in ---- steghide-0.5.1.old/src/AuSampleValues.cc -+++ steghide-0.5.1.new/src/AuSampleValues.cc 2004-07-16 18:59:18.934578427 +0200 -@@ -17,21 +17,21 @@ - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ -- -+#include "common.h" - #include "AuSampleValues.h" - - // AuMuLawSampleValue --const BYTE AuMuLawSampleValue::MinValue = 0 ; --const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; -+template<> const BYTE AuMuLawSampleValue::MinValue = 0 ; -+template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; - - // AuPCM8SampleValue --const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; --const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; -+template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; -+template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; - - // AuPCM16SampleValue --const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; --const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; -+template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; -+template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; - - // AuPCM32SampleValue --const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; --const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; -+template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; -+template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; diff --git a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch b/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch deleted file mode 100644 index a8df1735e9d4..000000000000 --- a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -Naur steghide-0.5.1-orig/src/AuData.h steghide-0.5.1/src/AuData.h ---- steghide-0.5.1-orig/src/AuData.h 2003-09-28 09:30:29.000000000 -0600 -+++ steghide-0.5.1/src/AuData.h 2007-05-11 22:04:56.000000000 -0600 -@@ -26,22 +26,30 @@ - - // AuMuLawAudioData - typedef AudioDataImpl AuMuLawAudioData ; -+template<> - inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; } -+template<> - inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; } - - // AuPCM8AudioData - typedef AudioDataImpl AuPCM8AudioData ; -+template<> - inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; } -+template<> - inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; } - - // AuPCM16AudioData - typedef AudioDataImpl AuPCM16AudioData ; -+template<> - inline SWORD16 AuPCM16AudioData::readValue (BinaryIO* io) const { return ((SWORD16) io->read16_be()) ; } -+template<> - inline void AuPCM16AudioData::writeValue (BinaryIO* io, SWORD16 v) const { io->write16_be((UWORD16) v) ; } - - // AuPCM32AudioData - typedef AudioDataImpl AuPCM32AudioData ; -+template<> - inline SWORD32 AuPCM32AudioData::readValue (BinaryIO* io) const { return ((SWORD32) io->read32_be()) ; } -+template<> - inline void AuPCM32AudioData::writeValue (BinaryIO* io, SWORD32 v) const { io->write32_be((UWORD32) v) ; } - - #endif // ndef SH_AUDATA_H -diff -Naur steghide-0.5.1-orig/src/MHashPP.cc steghide-0.5.1/src/MHashPP.cc ---- steghide-0.5.1-orig/src/MHashPP.cc 2003-10-05 04:17:50.000000000 -0600 -+++ steghide-0.5.1/src/MHashPP.cc 2007-05-11 22:07:01.000000000 -0600 -@@ -120,7 +120,7 @@ - - std::string MHashPP::getAlgorithmName (hashid id) - { -- char *name = mhash_get_hash_name (id) ; -+ char *name = (char *) mhash_get_hash_name (id) ; - std::string retval ; - if (name == NULL) { - retval = std::string ("") ; diff --git a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch b/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch deleted file mode 100644 index ca66b9c544f5..000000000000 --- a/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch +++ /dev/null @@ -1,349 +0,0 @@ ---- steghide-0.5.1.old/configure.in 2003-10-15 09:48:52.000000000 +0200 -+++ steghide-0.5.1.new/configure.in 2008-05-09 19:04:46.000000000 +0200 -@@ -7,27 +7,26 @@ - dnl checks for programs. - AC_PROG_CXX - AC_PROG_INSTALL - AC_PROG_AWK - AC_PROG_LN_S -+AC_CXX_COMPILE_STDCXX_0X - - dnl GNU gettext - AC_CHECK_FUNCS(strchr) - AM_GNU_GETTEXT - AM_CONDITIONAL(USE_INTLDIR, test "$nls_cv_use_gnu_gettext" = yes) - - dnl check if debugging support is requested --AC_MSG_CHECKING([wether to enable debugging]) -+AC_MSG_CHECKING([whether to enable debugging]) - AC_ARG_ENABLE(debug,[ --enable-debug enable debugging], - if test "$enableval" = yes ; - then - AC_MSG_RESULT([yes]) - AC_DEFINE(DEBUG,1,[enable code used only for debugging]) -- CXXFLAGS="-O2 -Wall -g" - else - AC_MSG_RESULT([no]) -- CXXFLAGS="-O2 -Wall" - fi - , - AC_MSG_RESULT([no]) - CXXFLAGS="-O2 -Wall" - ) -@@ -213,7 +212,18 @@ - echo "libmhash can be downloaded from http://mhash.sourceforge.net/."; - echo "**********"; - AC_MSG_ERROR([[libmhash not found]]) - fi - -+dnl Should we add std=c++0x? -+ -+if test "$ac_cv_cxx_compile_cxx0x_cxx" = yes; -+then -+ CXXFLAGS="${CXXFLAGS} -std=c++0x -Wall -Wextra" -+else -+ CXXFLAGS="${CXXFLAGS} -Wall -Wextra" -+fi -+ -+AC_SUBST(CXXFLAGS) -+ - dnl create Makefiles - AC_OUTPUT([Makefile steghide.spec steghide.doxygen doc/Makefile po/Makefile.in src/Makefile tests/Makefile tests/data/Makefile m4/Makefile intl/Makefile]) ---- steghide-0.5.1.old/m4/ac_cxx_compile_stdcxx_0x.m4 1970-01-01 01:00:00.000000000 +0100 -+++ steghide-0.5.1.new/m4/ac_cxx_compile_stdcxx_0x.m4 2008-05-09 19:04:46.000000000 +0200 -@@ -0,0 +1,107 @@ -+# =========================================================================== -+# http://autoconf-archive.cryp.to/ac_cxx_compile_stdcxx_0x.html -+# =========================================================================== -+# -+# SYNOPSIS -+# -+# AC_CXX_COMPILE_STDCXX_0X -+# -+# DESCRIPTION -+# -+# Check for baseline language coverage in the compiler for the C++0x -+# standard. -+# -+# LAST MODIFICATION -+# -+# 2008-04-17 -+# -+# COPYLEFT -+# -+# Copyright (c) 2008 Benjamin Kosnik -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice -+# and this notice are preserved. -+ -+AC_DEFUN([AC_CXX_COMPILE_STDCXX_0X], [ -+ AC_CACHE_CHECK(if g++ supports C++0x features without additional flags, -+ ac_cv_cxx_compile_cxx0x_native, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ AC_TRY_COMPILE([ -+ template -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_native=yes, ac_cv_cxx_compile_cxx0x_native=no) -+ AC_LANG_RESTORE -+ ]) -+ -+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=c++0x, -+ ac_cv_cxx_compile_cxx0x_cxx, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ ac_save_CXXFLAGS="$CXXFLAGS" -+ CXXFLAGS="$CXXFLAGS -std=c++0x" -+ AC_TRY_COMPILE([ -+ template -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_cxx=yes, ac_cv_cxx_compile_cxx0x_cxx=no) -+ CXXFLAGS="$ac_save_CXXFLAGS" -+ AC_LANG_RESTORE -+ ]) -+ -+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=gnu++0x, -+ ac_cv_cxx_compile_cxx0x_gxx, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ ac_save_CXXFLAGS="$CXXFLAGS" -+ CXXFLAGS="$CXXFLAGS -std=gnu++0x" -+ AC_TRY_COMPILE([ -+ template -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_gxx=yes, ac_cv_cxx_compile_cxx0x_gxx=no) -+ CXXFLAGS="$ac_save_CXXFLAGS" -+ AC_LANG_RESTORE -+ ]) -+ -+ if test "$ac_cv_cxx_compile_cxx0x_native" = yes || -+ test "$ac_cv_cxx_compile_cxx0x_cxx" = yes || -+ test "$ac_cv_cxx_compile_cxx0x_gxx" = yes; then -+ AC_DEFINE(HAVE_STDCXX_0X,,[Define if g++ supports C++0x features. ]) -+ fi -+]) ---- steghide-0.5.1.old/src/Arguments.cc 2003-10-11 23:25:04.000000000 +0200 -+++ steghide-0.5.1.new/src/Arguments.cc 2008-05-09 19:04:44.000000000 +0200 -@@ -26,10 +26,12 @@ - #include "Terminal.h" - #include "common.h" - #include "error.h" - #include "msg.h" - -+float Arguments::Default_Goal = 100.0 ; -+ - // the global Arguments object - Arguments Args ; - - Arguments::Arguments (int argc, char* argv[]) - { ---- steghide-0.5.1.old/src/Arguments.h 2003-10-11 23:23:57.000000000 +0200 -+++ steghide-0.5.1.new/src/Arguments.h 2008-05-09 19:04:44.000000000 +0200 -@@ -98,11 +98,11 @@ - static const bool Default_EmbedEmbFn = true ; - static const bool Default_Force = false ; - static const VERBOSITY Default_Verbosity = NORMAL ; - static const unsigned long Default_Radius = 0 ; // there is no default radius for all file formats - static const unsigned int Max_Algorithm = 3 ; -- static const float Default_Goal = 100.0 ; -+ static float Default_Goal ; - static const DEBUGCOMMAND Default_DebugCommand = NONE ; - static const bool Default_Check = false ; - static const unsigned int Default_DebugLevel = 0 ; - static const unsigned int Default_GmlGraphRecDepth = 0 ; - static const unsigned int Default_GmlStartVertex = 0 ; ---- steghide-0.5.1.old/src/EncryptionMode.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/EncryptionMode.h 2008-05-09 19:04:46.000000000 +0200 -@@ -69,11 +69,11 @@ - static const unsigned int NumValues = 8 ; - IRep Value ; - - typedef struct struct_Translation { - IRep irep ; -- char* srep ; -+ const char* srep ; - } Translation ; - static const Translation Translations[] ; - } ; - - #endif // ndef SH_ENCMODE_H ---- steghide-0.5.1.old/src/Graph.cc 2003-10-11 23:54:26.000000000 +0200 -+++ steghide-0.5.1.new/src/Graph.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -20,10 +20,12 @@ - - #include - #include - #include - #include -+#include -+#include - - #include "BitString.h" - #include "CvrStgFile.h" - #include "Edge.h" - #include "Graph.h" ---- steghide-0.5.1.old/src/Matching.cc 2003-10-11 23:54:30.000000000 +0200 -+++ steghide-0.5.1.new/src/Matching.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -16,10 +16,11 @@ - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -+#include - #include "Edge.h" - #include "Graph.h" - #include "Matching.h" - #include "ProgressOutput.h" - #include "common.h" ---- steghide-0.5.1.old/src/ProgressOutput.cc 2003-10-11 11:20:51.000000000 +0200 -+++ steghide-0.5.1.new/src/ProgressOutput.cc 2008-05-09 19:04:44.000000000 +0200 -@@ -21,10 +21,12 @@ - #include - - #include "ProgressOutput.h" - #include "common.h" - -+float ProgressOutput::NoAvgWeight = 1.0 ; -+ - ProgressOutput::ProgressOutput () - : Message("__nomessage__") - { - LastUpdate = time(NULL) - 1 ; // -1 to ensure that message is written first time - } ---- steghide-0.5.1.old/src/ProgressOutput.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/ProgressOutput.h 2008-05-09 19:04:44.000000000 +0200 -@@ -60,13 +60,13 @@ - /** - * update the output appending rate, [average edge weight], "done" and a newline - * \param rate the rate of matched vertices - * \param avgweight the average edge weight (is not printed if not given) - **/ -- void done (float rate, float avgweight = NoAvgWeight) const ; -+ void done (float rate, float avgweight = 1.0) const ; - -- static const float NoAvgWeight = -1.0 ; -+ static float NoAvgWeight ; - - protected: - std::string vcompose (const char *msgfmt, va_list ap) const ; - - private: ---- steghide-0.5.1.old/src/SMDConstructionHeuristic.cc 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/SMDConstructionHeuristic.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -16,10 +16,12 @@ - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -+#include -+ - #include "Edge.h" - #include "Graph.h" - #include "Matching.h" - #include "SMDConstructionHeuristic.h" - #include "Vertex.h" ---- steghide-0.5.1.old/src/WavFile.cc 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/WavFile.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -19,10 +19,11 @@ - */ - - #include - #include - #include -+#include - - #include "CvrStgFile.h" - #include "DFSAPHeuristic.h" - #include "SampleValueAdjacencyList.h" - #include "SMDConstructionHeuristic.h" ---- steghide-0.5.1.old/src/wrapper_hash_map.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/wrapper_hash_map.h 2008-05-09 19:04:46.000000000 +0200 -@@ -25,17 +25,21 @@ - - #ifdef __GNUC__ - # if __GNUC__ < 3 - # include - namespace sgi { using ::hash ; using ::hash_map ; } ; --# else -+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) - # include --# if __GNUC_MINOR__ == 0 -+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 - namespace sgi = std ; // GCC 3.0 - # else - namespace sgi = __gnu_cxx ; // GCC 3.1 and later - # endif -+# else -+# include -+# define hash_map unordered_map -+ namespace sgi = std ; - # endif - #else - namespace sgi = std ; - #endif - ---- steghide-0.5.1.old/src/wrapper_hash_set.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/wrapper_hash_set.h 2008-05-09 19:04:46.000000000 +0200 -@@ -26,17 +26,21 @@ - - #ifdef __GNUC__ - # if __GNUC__ < 3 - # include - namespace sgi { using ::hash ; using ::hash_set ; } ; --# else -+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) - # include --# if __GNUC_MINOR__ == 0 -+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 - namespace sgi = std ; // GCC 3.0 - # else - namespace sgi = ::__gnu_cxx ; // GCC 3.1 and later - # endif -+# else -+# include -+# define hash_set unordered_set -+ namespace sgi = std ; - # endif - #else - namespace sgi = std ; - #endif - diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3b7831d87960..b46f3fbd0332 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17185,8 +17185,6 @@ in stlink = callPackage ../development/tools/misc/stlink { }; - steghide = callPackage ../tools/security/steghide {}; - stegseek = callPackage ../tools/security/stegseek {}; stlport = callPackage ../development/libraries/stlport { };