summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-06-11 22:18:53 -0400
committerLeo Famulari <leo@famulari.name>2017-06-12 01:20:34 -0400
commit34a0984e57e549ba441997dce474140ef85b5a43 (patch)
treebf0980955675201e3addba6759f2c97c11b93374 /gnu
parente3c9ab5f41c887b341da43db6e5cf75a2a0cc783 (diff)
downloadguix-34a0984e57e549ba441997dce474140ef85b5a43.tar.gz
gnu: libmwaw: Fix CVE-2017-9433.
* gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/libreoffice.scm1
-rw-r--r--gnu/packages/patches/libmwaw-CVE-2017-9433.patch33
3 files changed, 35 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 128cca84e5..c2a7ba761b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -742,6 +742,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
+  %D%/packages/patches/libmwaw-CVE-2017-9433.patch		\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index afaf8002d8..809e28e27b 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -590,6 +590,7 @@ text documents, vector drawings, presentations and spreadsheets.")
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-"
                           version "/" name "-" version ".tar.xz"))
+      (patches (search-patches "libmwaw-CVE-2017-9433.patch"))
       (sha256 (base32
                "16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
new file mode 100644
index 0000000000..502a11d2a8
--- /dev/null
+++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
@@ -0,0 +1,33 @@
+Fix CVE-2017-9433:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f
+
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits)
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
+-- 
+2.13.1
+