steghide-0.5.1: remove package

This package is considered insecure (week RNG seeding). As it has seen
no upstream activity for 18 years, a bug fix is unlikely.

See also:
* CVE-2021-27211
* https://discourse.nixos.org/t/removal-of-insecure-steghide-package/12071

Fixes #116923
This commit is contained in:
Christian Kauhaus 2021-03-22 18:35:23 +01:00
parent f5e8bdd07d
commit 16302209c2
5 changed files with 0 additions and 469 deletions

View file

@ -1,30 +0,0 @@
{ lib, stdenv, fetchurl, libjpeg, libmcrypt, zlib, libmhash, gettext, libtool}:
stdenv.mkDerivation rec {
buildInputs = [ libjpeg libmcrypt zlib libmhash gettext libtool ];
version = "0.5.1";
pname = "steghide";
src = fetchurl {
url = "mirror://sourceforge/steghide/steghide/${version}/steghide-${version}.tar.gz" ;
sha256 = "78069b7cfe9d1f5348ae43f918f06f91d783c2b3ff25af021e6a312cf541b47b";
};
patches = [
./patches/steghide-0.5.1-gcc34.patch
./patches/steghide-0.5.1-gcc4.patch
./patches/steghide-0.5.1-gcc43.patch
];
# AM_CXXFLAGS needed for automake
preConfigure = ''
export AM_CXXFLAGS="$CXXFLAGS -std=c++0x"
'';
meta = with lib; {
homepage = "http://steghide.sourceforge.net/";
description = "Steganography program that is able to hide data in various kinds of image- and audio-files";
license = licenses.gpl2;
platforms = platforms.linux;
};
}

View file

@ -1,42 +0,0 @@
--- steghide-0.5.1.old/src/Makefile.am
+++ steghide-0.5.1.new/src/Makefile.am 2004-07-16 19:01:39.673947633 +0200
@@ -33,5 +33,5 @@
WavPCMSampleValue.cc error.cc main.cc msg.cc SMDConstructionHeuristic.cc
LIBS = @LIBINTL@ @LIBS@
localedir = $(datadir)/locale
-LIBTOOL = $(SHELL) libtool
+LIBTOOL = $(SHELL) libtool --tag=CXX
MAINTAINERCLEANFILES = Makefile.in
--- steghide-0.5.1.old/src/AuSampleValues.cc
+++ steghide-0.5.1.new/src/AuSampleValues.cc 2004-07-16 18:59:18.934578427 +0200
@@ -17,21 +17,21 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
-
+#include "common.h"
#include "AuSampleValues.h"
// AuMuLawSampleValue
-const BYTE AuMuLawSampleValue::MinValue = 0 ;
-const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ;
+template<> const BYTE AuMuLawSampleValue::MinValue = 0 ;
+template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ;
// AuPCM8SampleValue
-const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ;
-const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ;
+template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ;
+template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ;
// AuPCM16SampleValue
-const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ;
-const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ;
+template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ;
+template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ;
// AuPCM32SampleValue
-const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ;
-const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ;
+template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ;
+template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ;

View file

@ -1,46 +0,0 @@
diff -Naur steghide-0.5.1-orig/src/AuData.h steghide-0.5.1/src/AuData.h
--- steghide-0.5.1-orig/src/AuData.h 2003-09-28 09:30:29.000000000 -0600
+++ steghide-0.5.1/src/AuData.h 2007-05-11 22:04:56.000000000 -0600
@@ -26,22 +26,30 @@
// AuMuLawAudioData
typedef AudioDataImpl<AuMuLaw,BYTE> AuMuLawAudioData ;
+template<>
inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; }
+template<>
inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; }
// AuPCM8AudioData
typedef AudioDataImpl<AuPCM8,SBYTE> AuPCM8AudioData ;
+template<>
inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; }
+template<>
inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; }
// AuPCM16AudioData
typedef AudioDataImpl<AuPCM16,SWORD16> AuPCM16AudioData ;
+template<>
inline SWORD16 AuPCM16AudioData::readValue (BinaryIO* io) const { return ((SWORD16) io->read16_be()) ; }
+template<>
inline void AuPCM16AudioData::writeValue (BinaryIO* io, SWORD16 v) const { io->write16_be((UWORD16) v) ; }
// AuPCM32AudioData
typedef AudioDataImpl<AuPCM32,SWORD32> AuPCM32AudioData ;
+template<>
inline SWORD32 AuPCM32AudioData::readValue (BinaryIO* io) const { return ((SWORD32) io->read32_be()) ; }
+template<>
inline void AuPCM32AudioData::writeValue (BinaryIO* io, SWORD32 v) const { io->write32_be((UWORD32) v) ; }
#endif // ndef SH_AUDATA_H
diff -Naur steghide-0.5.1-orig/src/MHashPP.cc steghide-0.5.1/src/MHashPP.cc
--- steghide-0.5.1-orig/src/MHashPP.cc 2003-10-05 04:17:50.000000000 -0600
+++ steghide-0.5.1/src/MHashPP.cc 2007-05-11 22:07:01.000000000 -0600
@@ -120,7 +120,7 @@
std::string MHashPP::getAlgorithmName (hashid id)
{
- char *name = mhash_get_hash_name (id) ;
+ char *name = (char *) mhash_get_hash_name (id) ;
std::string retval ;
if (name == NULL) {
retval = std::string ("<algorithm not found>") ;

View file

@ -1,349 +0,0 @@
--- steghide-0.5.1.old/configure.in 2003-10-15 09:48:52.000000000 +0200
+++ steghide-0.5.1.new/configure.in 2008-05-09 19:04:46.000000000 +0200
@@ -7,27 +7,26 @@
dnl checks for programs.
AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_AWK
AC_PROG_LN_S
+AC_CXX_COMPILE_STDCXX_0X
dnl GNU gettext
AC_CHECK_FUNCS(strchr)
AM_GNU_GETTEXT
AM_CONDITIONAL(USE_INTLDIR, test "$nls_cv_use_gnu_gettext" = yes)
dnl check if debugging support is requested
-AC_MSG_CHECKING([wether to enable debugging])
+AC_MSG_CHECKING([whether to enable debugging])
AC_ARG_ENABLE(debug,[ --enable-debug enable debugging],
if test "$enableval" = yes ;
then
AC_MSG_RESULT([yes])
AC_DEFINE(DEBUG,1,[enable code used only for debugging])
- CXXFLAGS="-O2 -Wall -g"
else
AC_MSG_RESULT([no])
- CXXFLAGS="-O2 -Wall"
fi
,
AC_MSG_RESULT([no])
CXXFLAGS="-O2 -Wall"
)
@@ -213,7 +212,18 @@
echo "libmhash can be downloaded from http://mhash.sourceforge.net/.";
echo "**********";
AC_MSG_ERROR([[libmhash not found]])
fi
+dnl Should we add std=c++0x?
+
+if test "$ac_cv_cxx_compile_cxx0x_cxx" = yes;
+then
+ CXXFLAGS="${CXXFLAGS} -std=c++0x -Wall -Wextra"
+else
+ CXXFLAGS="${CXXFLAGS} -Wall -Wextra"
+fi
+
+AC_SUBST(CXXFLAGS)
+
dnl create Makefiles
AC_OUTPUT([Makefile steghide.spec steghide.doxygen doc/Makefile po/Makefile.in src/Makefile tests/Makefile tests/data/Makefile m4/Makefile intl/Makefile])
--- steghide-0.5.1.old/m4/ac_cxx_compile_stdcxx_0x.m4 1970-01-01 01:00:00.000000000 +0100
+++ steghide-0.5.1.new/m4/ac_cxx_compile_stdcxx_0x.m4 2008-05-09 19:04:46.000000000 +0200
@@ -0,0 +1,107 @@
+# ===========================================================================
+# http://autoconf-archive.cryp.to/ac_cxx_compile_stdcxx_0x.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AC_CXX_COMPILE_STDCXX_0X
+#
+# DESCRIPTION
+#
+# Check for baseline language coverage in the compiler for the C++0x
+# standard.
+#
+# LAST MODIFICATION
+#
+# 2008-04-17
+#
+# COPYLEFT
+#
+# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved.
+
+AC_DEFUN([AC_CXX_COMPILE_STDCXX_0X], [
+ AC_CACHE_CHECK(if g++ supports C++0x features without additional flags,
+ ac_cv_cxx_compile_cxx0x_native,
+ [AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ AC_TRY_COMPILE([
+ template <typename T>
+ struct check
+ {
+ static_assert(sizeof(int) <= sizeof(T), "not big enough");
+ };
+
+ typedef check<check<bool>> right_angle_brackets;
+
+ int a;
+ decltype(a) b;
+
+ typedef check<int> check_type;
+ check_type c;
+ check_type&& cr = c;],,
+ ac_cv_cxx_compile_cxx0x_native=yes, ac_cv_cxx_compile_cxx0x_native=no)
+ AC_LANG_RESTORE
+ ])
+
+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=c++0x,
+ ac_cv_cxx_compile_cxx0x_cxx,
+ [AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ ac_save_CXXFLAGS="$CXXFLAGS"
+ CXXFLAGS="$CXXFLAGS -std=c++0x"
+ AC_TRY_COMPILE([
+ template <typename T>
+ struct check
+ {
+ static_assert(sizeof(int) <= sizeof(T), "not big enough");
+ };
+
+ typedef check<check<bool>> right_angle_brackets;
+
+ int a;
+ decltype(a) b;
+
+ typedef check<int> check_type;
+ check_type c;
+ check_type&& cr = c;],,
+ ac_cv_cxx_compile_cxx0x_cxx=yes, ac_cv_cxx_compile_cxx0x_cxx=no)
+ CXXFLAGS="$ac_save_CXXFLAGS"
+ AC_LANG_RESTORE
+ ])
+
+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=gnu++0x,
+ ac_cv_cxx_compile_cxx0x_gxx,
+ [AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ ac_save_CXXFLAGS="$CXXFLAGS"
+ CXXFLAGS="$CXXFLAGS -std=gnu++0x"
+ AC_TRY_COMPILE([
+ template <typename T>
+ struct check
+ {
+ static_assert(sizeof(int) <= sizeof(T), "not big enough");
+ };
+
+ typedef check<check<bool>> right_angle_brackets;
+
+ int a;
+ decltype(a) b;
+
+ typedef check<int> check_type;
+ check_type c;
+ check_type&& cr = c;],,
+ ac_cv_cxx_compile_cxx0x_gxx=yes, ac_cv_cxx_compile_cxx0x_gxx=no)
+ CXXFLAGS="$ac_save_CXXFLAGS"
+ AC_LANG_RESTORE
+ ])
+
+ if test "$ac_cv_cxx_compile_cxx0x_native" = yes ||
+ test "$ac_cv_cxx_compile_cxx0x_cxx" = yes ||
+ test "$ac_cv_cxx_compile_cxx0x_gxx" = yes; then
+ AC_DEFINE(HAVE_STDCXX_0X,,[Define if g++ supports C++0x features. ])
+ fi
+])
--- steghide-0.5.1.old/src/Arguments.cc 2003-10-11 23:25:04.000000000 +0200
+++ steghide-0.5.1.new/src/Arguments.cc 2008-05-09 19:04:44.000000000 +0200
@@ -26,10 +26,12 @@
#include "Terminal.h"
#include "common.h"
#include "error.h"
#include "msg.h"
+float Arguments::Default_Goal = 100.0 ;
+
// the global Arguments object
Arguments Args ;
Arguments::Arguments (int argc, char* argv[])
{
--- steghide-0.5.1.old/src/Arguments.h 2003-10-11 23:23:57.000000000 +0200
+++ steghide-0.5.1.new/src/Arguments.h 2008-05-09 19:04:44.000000000 +0200
@@ -98,11 +98,11 @@
static const bool Default_EmbedEmbFn = true ;
static const bool Default_Force = false ;
static const VERBOSITY Default_Verbosity = NORMAL ;
static const unsigned long Default_Radius = 0 ; // there is no default radius for all file formats
static const unsigned int Max_Algorithm = 3 ;
- static const float Default_Goal = 100.0 ;
+ static float Default_Goal ;
static const DEBUGCOMMAND Default_DebugCommand = NONE ;
static const bool Default_Check = false ;
static const unsigned int Default_DebugLevel = 0 ;
static const unsigned int Default_GmlGraphRecDepth = 0 ;
static const unsigned int Default_GmlStartVertex = 0 ;
--- steghide-0.5.1.old/src/EncryptionMode.h 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/EncryptionMode.h 2008-05-09 19:04:46.000000000 +0200
@@ -69,11 +69,11 @@
static const unsigned int NumValues = 8 ;
IRep Value ;
typedef struct struct_Translation {
IRep irep ;
- char* srep ;
+ const char* srep ;
} Translation ;
static const Translation Translations[] ;
} ;
#endif // ndef SH_ENCMODE_H
--- steghide-0.5.1.old/src/Graph.cc 2003-10-11 23:54:26.000000000 +0200
+++ steghide-0.5.1.new/src/Graph.cc 2008-05-09 19:04:46.000000000 +0200
@@ -20,10 +20,12 @@
#include <ctime>
#include <list>
#include <map>
#include <vector>
+#include <algorithm>
+#include <climits>
#include "BitString.h"
#include "CvrStgFile.h"
#include "Edge.h"
#include "Graph.h"
--- steghide-0.5.1.old/src/Matching.cc 2003-10-11 23:54:30.000000000 +0200
+++ steghide-0.5.1.new/src/Matching.cc 2008-05-09 19:04:46.000000000 +0200
@@ -16,10 +16,11 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
+#include <algorithm>
#include "Edge.h"
#include "Graph.h"
#include "Matching.h"
#include "ProgressOutput.h"
#include "common.h"
--- steghide-0.5.1.old/src/ProgressOutput.cc 2003-10-11 11:20:51.000000000 +0200
+++ steghide-0.5.1.new/src/ProgressOutput.cc 2008-05-09 19:04:44.000000000 +0200
@@ -21,10 +21,12 @@
#include <cmath>
#include "ProgressOutput.h"
#include "common.h"
+float ProgressOutput::NoAvgWeight = 1.0 ;
+
ProgressOutput::ProgressOutput ()
: Message("__nomessage__")
{
LastUpdate = time(NULL) - 1 ; // -1 to ensure that message is written first time
}
--- steghide-0.5.1.old/src/ProgressOutput.h 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/ProgressOutput.h 2008-05-09 19:04:44.000000000 +0200
@@ -60,13 +60,13 @@
/**
* update the output appending rate, [average edge weight], "done" and a newline
* \param rate the rate of matched vertices
* \param avgweight the average edge weight (is not printed if not given)
**/
- void done (float rate, float avgweight = NoAvgWeight) const ;
+ void done (float rate, float avgweight = 1.0) const ;
- static const float NoAvgWeight = -1.0 ;
+ static float NoAvgWeight ;
protected:
std::string vcompose (const char *msgfmt, va_list ap) const ;
private:
--- steghide-0.5.1.old/src/SMDConstructionHeuristic.cc 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/SMDConstructionHeuristic.cc 2008-05-09 19:04:46.000000000 +0200
@@ -16,10 +16,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
+#include <algorithm>
+
#include "Edge.h"
#include "Graph.h"
#include "Matching.h"
#include "SMDConstructionHeuristic.h"
#include "Vertex.h"
--- steghide-0.5.1.old/src/WavFile.cc 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/WavFile.cc 2008-05-09 19:04:46.000000000 +0200
@@ -19,10 +19,11 @@
*/
#include <cstdio>
#include <cstdlib>
#include <cstring>
+#include <algorithm>
#include "CvrStgFile.h"
#include "DFSAPHeuristic.h"
#include "SampleValueAdjacencyList.h"
#include "SMDConstructionHeuristic.h"
--- steghide-0.5.1.old/src/wrapper_hash_map.h 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/wrapper_hash_map.h 2008-05-09 19:04:46.000000000 +0200
@@ -25,17 +25,21 @@
#ifdef __GNUC__
# if __GNUC__ < 3
# include <hash_map.h>
namespace sgi { using ::hash ; using ::hash_map ; } ;
-# else
+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 )
# include <ext/hash_map>
-# if __GNUC_MINOR__ == 0
+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0
namespace sgi = std ; // GCC 3.0
# else
namespace sgi = __gnu_cxx ; // GCC 3.1 and later
# endif
+# else
+# include <unordered_map>
+# define hash_map unordered_map
+ namespace sgi = std ;
# endif
#else
namespace sgi = std ;
#endif
--- steghide-0.5.1.old/src/wrapper_hash_set.h 2003-09-28 17:30:30.000000000 +0200
+++ steghide-0.5.1.new/src/wrapper_hash_set.h 2008-05-09 19:04:46.000000000 +0200
@@ -26,17 +26,21 @@
#ifdef __GNUC__
# if __GNUC__ < 3
# include <hash_set.h>
namespace sgi { using ::hash ; using ::hash_set ; } ;
-# else
+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 )
# include <ext/hash_set>
-# if __GNUC_MINOR__ == 0
+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0
namespace sgi = std ; // GCC 3.0
# else
namespace sgi = ::__gnu_cxx ; // GCC 3.1 and later
# endif
+# else
+# include <unordered_set>
+# define hash_set unordered_set
+ namespace sgi = std ;
# endif
#else
namespace sgi = std ;
#endif

View file

@ -17185,8 +17185,6 @@ in
stlink = callPackage ../development/tools/misc/stlink { };
steghide = callPackage ../tools/security/steghide {};
stegseek = callPackage ../tools/security/stegseek {};
stlport = callPackage ../development/libraries/stlport { };