diff options
| author | tron <tron> | 2014-12-03 08:48:58 +0000 |
|---|---|---|
| committer | tron <tron> | 2014-12-03 08:48:58 +0000 |
| commit | 92920684258e634cf48a747bf3cb359482f4ad26 (patch) | |
| tree | d05677ba21f35420d4c099add3124e3fcf48fe47 | |
| parent | 42f8fb353417f0f60aaf227278517b20f56ce147 (diff) | |
| download | pkgsrc-92920684258e634cf48a747bf3cb359482f4ad26.tar.gz | |
Pullup ticket #4564 - requested by wiz
textproc/antiword: security patch
Revisions pulled up:
- textproc/antiword/Makefile 1.25
- textproc/antiword/distinfo 1.21
- textproc/antiword/patches/patch-wordole.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 2 23:48:49 UTC 2014
Modified Files:
pkgsrc/textproc/antiword: Makefile distinfo
Added Files:
pkgsrc/textproc/antiword/patches: patch-wordole.c
Log Message:
Add fix for CVE-2014-8123 from Fabian Keil.
Bump PKGREVISION.
| -rw-r--r-- | textproc/antiword/Makefile | 4 | ||||
| -rw-r--r-- | textproc/antiword/distinfo | 3 | ||||
| -rw-r--r-- | textproc/antiword/patches/patch-wordole.c | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/textproc/antiword/Makefile b/textproc/antiword/Makefile index 2bfb0233ccf..2a6774950ce 100644 --- a/textproc/antiword/Makefile +++ b/textproc/antiword/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.24 2013/12/23 11:57:06 wiz Exp $ +# $NetBSD: Makefile,v 1.24.8.1 2014/12/03 08:48:58 tron Exp $ DISTNAME= antiword-0.37 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc converters print MASTER_SITES= http://www.winfield.demon.nl/linux/ diff --git a/textproc/antiword/distinfo b/textproc/antiword/distinfo index 7d772a126e9..52d162d11dd 100644 --- a/textproc/antiword/distinfo +++ b/textproc/antiword/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.20 2009/11/12 05:03:47 obache Exp $ +$NetBSD: distinfo,v 1.20.40.1 2014/12/03 08:48:58 tron Exp $ SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0 Size (antiword-0.37.tar.gz) = 317884 bytes SHA1 (patch-aa) = 2caa51e3364e7034443ded9fa56cdda4c4b74929 SHA1 (patch-ab) = d2cb15824b78346a8a5ae301b0618a81437ce971 +SHA1 (patch-wordole.c) = f2ab157173e4ff49e7983e836176cbdae537e46e diff --git a/textproc/antiword/patches/patch-wordole.c b/textproc/antiword/patches/patch-wordole.c new file mode 100644 index 00000000000..33228835306 --- /dev/null +++ b/textproc/antiword/patches/patch-wordole.c @@ -0,0 +1,18 @@ +$NetBSD: patch-wordole.c,v 1.1.2.2 2014/12/03 08:48:58 tron Exp $ + +Fix for CVE-2014-8123 from Fabian Keil. + +--- wordole.c.orig 2005-08-26 19:49:57.000000000 +0000 ++++ wordole.c +@@ -259,6 +259,11 @@ bGetPPS(FILE *pFile, + } + tNameSize = (size_t)usGetWord(0x40, aucBytes); + tNameSize = (tNameSize + 1) / 2; ++ if (tNameSize >= sizeof(atPPSlist[0].szName)) { ++ werr(0, "PPS %d appears to be invalid.", iIndex); ++ atPPSlist = xfree(atPPSlist); ++ return FALSE; ++ } + vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); + atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); + if (atPPSlist[iIndex].ucType == 5) { |