summaryrefslogtreecommitdiff
path: root/misc/openoffice2
diff options
context:
space:
mode:
authorhira <hira@pkgsrc.org>2008-08-29 08:08:11 +0000
committerhira <hira@pkgsrc.org>2008-08-29 08:08:11 +0000
commit6e76b74ad1274f560efffa02306974409f301414 (patch)
treed3bd07a6c7c93fce3c2d93c2a6826937f0bea4c8 /misc/openoffice2
parent04c883553a1e5730acf52ffa9c15d7118d6016a0 (diff)
downloadpkgsrc-6e76b74ad1274f560efffa02306974409f301414.tar.gz
Fix CVE-2008-3282 (OpenOffice.org "rtl_allocateMemory()" Truncation
Vulnerability). Bump PKGREVISION.
Diffstat (limited to 'misc/openoffice2')
-rw-r--r--misc/openoffice2/Makefile3
-rw-r--r--misc/openoffice2/distinfo3
-rw-r--r--misc/openoffice2/patches/patch-de39
3 files changed, 43 insertions, 2 deletions
diff --git a/misc/openoffice2/Makefile b/misc/openoffice2/Makefile
index fab285745ae..bf4f5adb5f5 100644
--- a/misc/openoffice2/Makefile
+++ b/misc/openoffice2/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.47 2008/06/13 11:20:14 hira Exp $
+# $NetBSD: Makefile,v 1.48 2008/08/29 08:08:11 hira Exp $
#
OO_VER= 2.4.1
+PKGREVISION= 1
DISTNAME= openoffice-${OO_VER}
PKGNAME= openoffice2-${OO_VER}
CATEGORIES= misc
diff --git a/misc/openoffice2/distinfo b/misc/openoffice2/distinfo
index c71d68a2f63..b8b1afbdfed 100644
--- a/misc/openoffice2/distinfo
+++ b/misc/openoffice2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.40 2008/06/13 11:20:14 hira Exp $
+$NetBSD: distinfo,v 1.41 2008/08/29 08:08:11 hira Exp $
SHA1 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = a50c7f317643b756c2b0e8937fa9d64b99f05ed9
RMD160 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = 04ffce167f94a250f94f05923a70af0b0744c417
@@ -66,3 +66,4 @@ SHA1 (patch-cy) = 8d47bcf1da6f351f4f0cbf6a8355903094b0baee
SHA1 (patch-da) = c2c9332dcf22d2d201215813ac9fc7e7ac401c6d
SHA1 (patch-dc) = 125ae2e943946cb96c6f7513dccced0c9d8797af
SHA1 (patch-dd) = 6f791b6be13e37a59b3115ab338587489079b89d
+SHA1 (patch-de) = 138fbea73fec80c744c3eede57dfe5f1cddef573
diff --git a/misc/openoffice2/patches/patch-de b/misc/openoffice2/patches/patch-de
new file mode 100644
index 00000000000..21fc650ceb3
--- /dev/null
+++ b/misc/openoffice2/patches/patch-de
@@ -0,0 +1,39 @@
+$NetBSD: patch-de,v 1.1 2008/08/29 08:08:11 hira Exp $
+
+Fix CVE-2008-3282.
+
+--- sal/rtl/source/alloc_global.c.orig 2008-05-21 21:53:26.000000000 +0900
++++ sal/rtl/source/alloc_global.c 2008-08-29 08:18:14.000000000 +0900
+@@ -214,9 +214,7 @@
+ char * addr;
+ sal_Size size = RTL_MEMORY_ALIGN(n + RTL_MEMALIGN, RTL_MEMALIGN);
+
+- int index = (size - 1) >> RTL_MEMALIGN_SHIFT;
+ OSL_ASSERT(RTL_MEMALIGN >= sizeof(sal_Size));
+-
+ if (n >= SAL_MAX_SIZE - (RTL_MEMALIGN + RTL_MEMALIGN - 1))
+ {
+ /* requested size too large for roundup alignment */
+@@ -224,8 +222,8 @@
+ }
+
+ try_alloc:
+- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT)
+- addr = (char*)rtl_cache_alloc (g_alloc_table[index]);
++ if (size <= RTL_MEMORY_CACHED_LIMIT)
++ addr = (char*)rtl_cache_alloc(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT]);
+ else
+ addr = (char*)rtl_arena_alloc (gp_alloc_arena, &size);
+
+@@ -255,9 +253,8 @@
+ char * addr = (char*)(p) - RTL_MEMALIGN;
+ sal_Size size = ((sal_Size*)(addr))[0];
+
+- int index = (size - 1) >> RTL_MEMALIGN_SHIFT;
+- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT)
+- rtl_cache_free (g_alloc_table[index], addr);
++ if (size <= RTL_MEMORY_CACHED_LIMIT)
++ rtl_cache_free(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT], addr);
+ else
+ rtl_arena_free (gp_alloc_arena, addr, size);
+ }