diff options
| author | hira <hira@pkgsrc.org> | 2008-08-29 08:08:11 +0000 |
|---|---|---|
| committer | hira <hira@pkgsrc.org> | 2008-08-29 08:08:11 +0000 |
| commit | 6e76b74ad1274f560efffa02306974409f301414 (patch) | |
| tree | d3bd07a6c7c93fce3c2d93c2a6826937f0bea4c8 /misc/openoffice2 | |
| parent | 04c883553a1e5730acf52ffa9c15d7118d6016a0 (diff) | |
| download | pkgsrc-6e76b74ad1274f560efffa02306974409f301414.tar.gz | |
Fix CVE-2008-3282 (OpenOffice.org "rtl_allocateMemory()" Truncation
Vulnerability).
Bump PKGREVISION.
Diffstat (limited to 'misc/openoffice2')
| -rw-r--r-- | misc/openoffice2/Makefile | 3 | ||||
| -rw-r--r-- | misc/openoffice2/distinfo | 3 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-de | 39 |
3 files changed, 43 insertions, 2 deletions
diff --git a/misc/openoffice2/Makefile b/misc/openoffice2/Makefile index fab285745ae..bf4f5adb5f5 100644 --- a/misc/openoffice2/Makefile +++ b/misc/openoffice2/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.47 2008/06/13 11:20:14 hira Exp $ +# $NetBSD: Makefile,v 1.48 2008/08/29 08:08:11 hira Exp $ # OO_VER= 2.4.1 +PKGREVISION= 1 DISTNAME= openoffice-${OO_VER} PKGNAME= openoffice2-${OO_VER} CATEGORIES= misc diff --git a/misc/openoffice2/distinfo b/misc/openoffice2/distinfo index c71d68a2f63..b8b1afbdfed 100644 --- a/misc/openoffice2/distinfo +++ b/misc/openoffice2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.40 2008/06/13 11:20:14 hira Exp $ +$NetBSD: distinfo,v 1.41 2008/08/29 08:08:11 hira Exp $ SHA1 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = a50c7f317643b756c2b0e8937fa9d64b99f05ed9 RMD160 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = 04ffce167f94a250f94f05923a70af0b0744c417 @@ -66,3 +66,4 @@ SHA1 (patch-cy) = 8d47bcf1da6f351f4f0cbf6a8355903094b0baee SHA1 (patch-da) = c2c9332dcf22d2d201215813ac9fc7e7ac401c6d SHA1 (patch-dc) = 125ae2e943946cb96c6f7513dccced0c9d8797af SHA1 (patch-dd) = 6f791b6be13e37a59b3115ab338587489079b89d +SHA1 (patch-de) = 138fbea73fec80c744c3eede57dfe5f1cddef573 diff --git a/misc/openoffice2/patches/patch-de b/misc/openoffice2/patches/patch-de new file mode 100644 index 00000000000..21fc650ceb3 --- /dev/null +++ b/misc/openoffice2/patches/patch-de @@ -0,0 +1,39 @@ +$NetBSD: patch-de,v 1.1 2008/08/29 08:08:11 hira Exp $ + +Fix CVE-2008-3282. + +--- sal/rtl/source/alloc_global.c.orig 2008-05-21 21:53:26.000000000 +0900 ++++ sal/rtl/source/alloc_global.c 2008-08-29 08:18:14.000000000 +0900 +@@ -214,9 +214,7 @@ + char * addr; + sal_Size size = RTL_MEMORY_ALIGN(n + RTL_MEMALIGN, RTL_MEMALIGN); + +- int index = (size - 1) >> RTL_MEMALIGN_SHIFT; + OSL_ASSERT(RTL_MEMALIGN >= sizeof(sal_Size)); +- + if (n >= SAL_MAX_SIZE - (RTL_MEMALIGN + RTL_MEMALIGN - 1)) + { + /* requested size too large for roundup alignment */ +@@ -224,8 +222,8 @@ + } + + try_alloc: +- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) +- addr = (char*)rtl_cache_alloc (g_alloc_table[index]); ++ if (size <= RTL_MEMORY_CACHED_LIMIT) ++ addr = (char*)rtl_cache_alloc(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT]); + else + addr = (char*)rtl_arena_alloc (gp_alloc_arena, &size); + +@@ -255,9 +253,8 @@ + char * addr = (char*)(p) - RTL_MEMALIGN; + sal_Size size = ((sal_Size*)(addr))[0]; + +- int index = (size - 1) >> RTL_MEMALIGN_SHIFT; +- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) +- rtl_cache_free (g_alloc_table[index], addr); ++ if (size <= RTL_MEMORY_CACHED_LIMIT) ++ rtl_cache_free(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT], addr); + else + rtl_arena_free (gp_alloc_arena, addr, size); + } |