commit: dfa7924ea685a59ebb1afb94775e8fe9f08b6739 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Mon Jun 26 20:57:36 2017 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Mon Jun 26 20:58:10 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfa7924e
app-text/libmwaw: Fix CVE-2017-9433 Also drop unused RDEPEND. Gentoo-bug: 621880 Package-Manager: Portage-2.3.6, Repoman-2.3.1 .../libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch | 19 +++++++++++++++++++ .../{libmwaw-9999.ebuild => libmwaw-0.3.11-r1.ebuild} | 3 ++- app-text/libmwaw/libmwaw-9999.ebuild | 1 - 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch new file mode 100644 index 00000000000..4918fd4b651 --- /dev/null +++ b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch @@ -0,0 +1,19 @@ +commit 68b3b74569881248bfb6cbb4266177cc253b292f +Author: David Tardon <dtar...@redhat.com> +Date: Sat Apr 8 14:03:29 2017 +0200 + + ofz#1037 resize vector correctly + +diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx +index 63547e6..3626064 100644 +--- a/src/lib/MsWrd1Parser.cxx ++++ b/src/lib/MsWrd1Parser.cxx +@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits) + int id = fIt++->second; + fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first; + if (id >= int(m_state->m_footnotesList.size())) +- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0)); ++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0)); + m_state->m_footnotesList[size_t(id)]=fPos; + } + ascii().addDelimiter(input->tell(),'|'); diff --git a/app-text/libmwaw/libmwaw-9999.ebuild b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild similarity index 95% copy from app-text/libmwaw/libmwaw-9999.ebuild copy to app-text/libmwaw/libmwaw-0.3.11-r1.ebuild index ed8c879dc73..8be0198bd0f 100644 --- a/app-text/libmwaw/libmwaw-9999.ebuild +++ b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild @@ -20,7 +20,6 @@ IUSE="doc static-libs tools" RDEPEND=" dev-libs/librevenge - dev-libs/libxml2 sys-libs/zlib " DEPEND="${RDEPEND} @@ -29,6 +28,8 @@ DEPEND="${RDEPEND} doc? ( app-doc/doxygen ) " +PATCHES=( "${FILESDIR}/${P}-CVE-2017-9433.patch" ) + src_prepare() { default [[ ${PV} == 9999 ]] && eautoreconf diff --git a/app-text/libmwaw/libmwaw-9999.ebuild b/app-text/libmwaw/libmwaw-9999.ebuild index ed8c879dc73..b0434c260bc 100644 --- a/app-text/libmwaw/libmwaw-9999.ebuild +++ b/app-text/libmwaw/libmwaw-9999.ebuild @@ -20,7 +20,6 @@ IUSE="doc static-libs tools" RDEPEND=" dev-libs/librevenge - dev-libs/libxml2 sys-libs/zlib " DEPEND="${RDEPEND}