[gentoo-commits] repo/gentoo:master commit in: app-text/libmwaw/files/, app-text/libmwaw/

Mon, 26 Jun 2017 13:58:35 -0700 

commit:     dfa7924ea685a59ebb1afb94775e8fe9f08b6739
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 26 20:57:36 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Mon Jun 26 20:58:10 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfa7924e

app-text/libmwaw: Fix CVE-2017-9433

Also drop unused RDEPEND.

Gentoo-bug: 621880

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 .../libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch  | 19 +++++++++++++++++++
 .../{libmwaw-9999.ebuild => libmwaw-0.3.11-r1.ebuild} |  3 ++-
 app-text/libmwaw/libmwaw-9999.ebuild                  |  1 -
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch 
b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch
new file mode 100644
index 00000000000..4918fd4b651
--- /dev/null
+++ b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch
@@ -0,0 +1,19 @@
+commit 68b3b74569881248bfb6cbb4266177cc253b292f
+Author: David Tardon <dtar...@redhat.com>
+Date:   Sat Apr 8 14:03:29 2017 +0200
+
+    ofz#1037 resize vector correctly
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i 
limits)
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');

diff --git a/app-text/libmwaw/libmwaw-9999.ebuild 
b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild
similarity index 95%
copy from app-text/libmwaw/libmwaw-9999.ebuild
copy to app-text/libmwaw/libmwaw-0.3.11-r1.ebuild
index ed8c879dc73..8be0198bd0f 100644
--- a/app-text/libmwaw/libmwaw-9999.ebuild
+++ b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild
@@ -20,7 +20,6 @@ IUSE="doc static-libs tools"
 
 RDEPEND="
        dev-libs/librevenge
-       dev-libs/libxml2
        sys-libs/zlib
 "
 DEPEND="${RDEPEND}
@@ -29,6 +28,8 @@ DEPEND="${RDEPEND}
        doc? ( app-doc/doxygen )
 "
 
+PATCHES=( "${FILESDIR}/${P}-CVE-2017-9433.patch" )
+
 src_prepare() {
        default
        [[ ${PV} == 9999 ]] && eautoreconf

diff --git a/app-text/libmwaw/libmwaw-9999.ebuild 
b/app-text/libmwaw/libmwaw-9999.ebuild
index ed8c879dc73..b0434c260bc 100644
--- a/app-text/libmwaw/libmwaw-9999.ebuild
+++ b/app-text/libmwaw/libmwaw-9999.ebuild
@@ -20,7 +20,6 @@ IUSE="doc static-libs tools"
 
 RDEPEND="
        dev-libs/librevenge
-       dev-libs/libxml2
        sys-libs/zlib
 "
 DEPEND="${RDEPEND}

Reply via email to