summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-06-11 22:18:53 -0400
committerLeo Famulari <leo@famulari.name>2017-06-12 01:20:34 -0400
commit34a0984e57e549ba441997dce474140ef85b5a43 (patch)
treebf0980955675201e3addba6759f2c97c11b93374
parente3c9ab5f41c887b341da43db6e5cf75a2a0cc783 (diff)
gnu: libmwaw: Fix CVE-2017-9433.
* gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/libreoffice.scm1
-rw-r--r--gnu/packages/patches/libmwaw-CVE-2017-9433.patch33
3 files changed, 35 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 128cca84e5..c2a7ba761b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -742,6 +742,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmad-armv7-thumb-pt2.patch \
%D%/packages/patches/libmad-frame-length.patch \
%D%/packages/patches/libmad-mips-newgcc.patch \
+ %D%/packages/patches/libmwaw-CVE-2017-9433.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index afaf8002d8..809e28e27b 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -590,6 +590,7 @@ text documents, vector drawings, presentations and spreadsheets.")
(method url-fetch)
(uri (string-append "mirror://sourceforge/" name "/" name "/" name "-"
version "/" name "-" version ".tar.xz"))
+ (patches (search-patches "libmwaw-CVE-2017-9433.patch"))
(sha256 (base32
"16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b"))))
(build-system gnu-build-system)
diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
new file mode 100644
index 0000000000..502a11d2a8
--- /dev/null
+++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
@@ -0,0 +1,33 @@
+Fix CVE-2017-9433:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f
+
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits)
+ int id = fIt++->second;
+ fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+ if (id >= int(m_state->m_footnotesList.size()))
+- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+ m_state->m_footnotesList[size_t(id)]=fPos;
+ }
+ ascii().addDelimiter(input->tell(),'|');
+--
+2.13.1
+