Wed Dec 3 08:48:58 2014 UTC ()
Pullup ticket #4564 - requested by wiz
textproc/antiword: security patch
Revisions pulled up:
- textproc/antiword/Makefile 1.25
- textproc/antiword/distinfo 1.21
- textproc/antiword/patches/patch-wordole.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 2 23:48:49 UTC 2014
Modified Files:
pkgsrc/textproc/antiword: Makefile distinfo
Added Files:
pkgsrc/textproc/antiword/patches: patch-wordole.c
Log Message:
Add fix for CVE-2014-8123 from Fabian Keil.
Bump PKGREVISION.
(tron)
diff -r1.24 -r1.24.8.1 pkgsrc/textproc/antiword/Makefile
diff -r1.20 -r1.20.40.1 pkgsrc/textproc/antiword/distinfo
diff -r0 -r1.1.2.2 pkgsrc/textproc/antiword/patches/patch-wordole.c
--- pkgsrc/textproc/antiword/Makefile 2013/12/23 11:57:06 1.24
+++ pkgsrc/textproc/antiword/Makefile 2014/12/03 08:48:58 1.24.8.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.24 2013/12/23 11:57:06 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.24.8.1 2014/12/03 08:48:58 tron Exp $ |
2 | | | 2 | |
3 | DISTNAME= antiword-0.37 | | 3 | DISTNAME= antiword-0.37 |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
5 | CATEGORIES= textproc converters print | | 5 | CATEGORIES= textproc converters print |
6 | MASTER_SITES= http://www.winfield.demon.nl/linux/ | | 6 | MASTER_SITES= http://www.winfield.demon.nl/linux/ |
7 | | | 7 | |
8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
9 | HOMEPAGE= http://www.winfield.demon.nl/index.html | | 9 | HOMEPAGE= http://www.winfield.demon.nl/index.html |
10 | COMMENT= Free MS Word to text and PostScript converter | | 10 | COMMENT= Free MS Word to text and PostScript converter |
11 | | | 11 | |
12 | CONFLICTS= siag<3.6.1 | | 12 | CONFLICTS= siag<3.6.1 |
13 | | | 13 | |
14 | USE_TOOLS+= mktemp:run | | 14 | USE_TOOLS+= mktemp:run |
15 | | | 15 | |
16 | CFLAGS.SunOS+= -D__STDC_ISO_10646__ | | 16 | CFLAGS.SunOS+= -D__STDC_ISO_10646__ |
17 | | | 17 | |
--- pkgsrc/textproc/antiword/distinfo 2009/11/12 05:03:47 1.20
+++ pkgsrc/textproc/antiword/distinfo 2014/12/03 08:48:58 1.20.40.1
| @@ -1,7 +1,8 @@ | | | @@ -1,7 +1,8 @@ |
1 | $NetBSD: distinfo,v 1.20 2009/11/12 05:03:47 obache Exp $ | | 1 | $NetBSD: distinfo,v 1.20.40.1 2014/12/03 08:48:58 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e | | 3 | SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e |
4 | RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0 | | 4 | RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0 |
5 | Size (antiword-0.37.tar.gz) = 317884 bytes | | 5 | Size (antiword-0.37.tar.gz) = 317884 bytes |
6 | SHA1 (patch-aa) = 2caa51e3364e7034443ded9fa56cdda4c4b74929 | | 6 | SHA1 (patch-aa) = 2caa51e3364e7034443ded9fa56cdda4c4b74929 |
7 | SHA1 (patch-ab) = d2cb15824b78346a8a5ae301b0618a81437ce971 | | 7 | SHA1 (patch-ab) = d2cb15824b78346a8a5ae301b0618a81437ce971 |
| | | 8 | SHA1 (patch-wordole.c) = f2ab157173e4ff49e7983e836176cbdae537e46e |
$NetBSD: patch-wordole.c,v 1.1.2.2 2014/12/03 08:48:58 tron Exp $
Fix for CVE-2014-8123 from Fabian Keil.
--- wordole.c.orig 2005-08-26 19:49:57.000000000 +0000
+++ wordole.c
@@ -259,6 +259,11 @@ bGetPPS(FILE *pFile,
}
tNameSize = (size_t)usGetWord(0x40, aucBytes);
tNameSize = (tNameSize + 1) / 2;
+ if (tNameSize >= sizeof(atPPSlist[0].szName)) {
+ werr(0, "PPS %d appears to be invalid.", iIndex);
+ atPPSlist = xfree(atPPSlist);
+ return FALSE;
+ }
vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
if (atPPSlist[iIndex].ucType == 5) {