diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-30 09:22:48 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-30 09:29:18 +0000 |
| commit | b53e06d83f6743f8a5b6a7bac9893af4033d27be (patch) | |
| tree | 8e42cfa607dabe27bfaa469800673b059309eff4 /main/antiword | |
| parent | 6285fa299ce16c6502150c257935bfdbc3aaf5d9 (diff) | |
| download | aports-b53e06d83f6743f8a5b6a7bac9893af4033d27be.tar.bz2 aports-b53e06d83f6743f8a5b6a7bac9893af4033d27be.tar.xz | |
main/antiword: security fix for CVE-2014-8123
ref #3784
Diffstat (limited to 'main/antiword')
| -rw-r--r-- | main/antiword/APKBUILD | 24 | ||||
| -rw-r--r-- | main/antiword/CVE-2014-8123.patch | 28 |
2 files changed, 47 insertions, 5 deletions
diff --git a/main/antiword/APKBUILD b/main/antiword/APKBUILD index c26f50a3c1..beaf8880a2 100644 --- a/main/antiword/APKBUILD +++ b/main/antiword/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=antiword pkgver=0.37 -pkgrel=2 +pkgrel=3 pkgdesc="A free MS Word reader" url="http://www.winfield.demon.nl" arch="all" @@ -11,9 +11,20 @@ depends="" makedepends="" install="" subpackages="" -source="http://www.winfield.demon.nl/linux/$pkgname-$pkgver.tar.gz" +source="http://www.winfield.demon.nl/linux/$pkgname-$pkgver.tar.gz + CVE-2014-8123.patch + " _builddir="$srcdir"/$pkgname-$pkgver +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$_builddir" make || return 1 @@ -26,6 +37,9 @@ package() { install -m644 -D "$srcdir"/"$pkgname-$pkgver"/Resources/* "$pkgdir"/usr/share/antiword/ } -md5sums="f868e2a269edcbc06bf77e89a55898d1 antiword-0.37.tar.gz" -sha256sums="8e2c000fcbc6d641b0e6ff95e13c846da3ff31097801e86702124a206888f5ac antiword-0.37.tar.gz" -sha512sums="6cd8fb9137238417544cf8754829a2d5296055d730ea62a8a025236baa79516190317d146401ff40cde73e1ee2c3c374a2ea01b2e5d24e149310bcabb8bfdce8 antiword-0.37.tar.gz" +md5sums="f868e2a269edcbc06bf77e89a55898d1 antiword-0.37.tar.gz +aab9daf729111a7737ae1fa117502b51 CVE-2014-8123.patch" +sha256sums="8e2c000fcbc6d641b0e6ff95e13c846da3ff31097801e86702124a206888f5ac antiword-0.37.tar.gz +a8f2472788251dbb441a7985932b804218e6f367f5fc2668c91eec0559213324 CVE-2014-8123.patch" +sha512sums="6cd8fb9137238417544cf8754829a2d5296055d730ea62a8a025236baa79516190317d146401ff40cde73e1ee2c3c374a2ea01b2e5d24e149310bcabb8bfdce8 antiword-0.37.tar.gz +4e0714dc7b21ebd8e232656be576d05f0252bc0d7a7c10ec1511e479ef405a3627d4d14a08aac2c4481573654185492577f3376d3bc5ebf755e661a29c32a37c CVE-2014-8123.patch" diff --git a/main/antiword/CVE-2014-8123.patch b/main/antiword/CVE-2014-8123.patch new file mode 100644 index 0000000000..48a752bb64 --- /dev/null +++ b/main/antiword/CVE-2014-8123.patch @@ -0,0 +1,28 @@ +From a17e48746d7203f91a2c3bb1cdcbe9023c8d37a0 Mon Sep 17 00:00:00 2001 +From: Fabian Keil <fk () fabiankeil de> +Date: Tue, 25 Nov 2014 18:58:52 +0100 +Subject: [PATCH] bGetPPS(): Prevent overflow of atPPSlist[].szName[] + +--- + wordole.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/wordole.c b/wordole.c +index 8a95fb9..7797d1f 100644 +--- a/wordole.c ++++ b/wordole.c +@@ -259,6 +259,11 @@ bGetPPS(FILE *pFile, + } + tNameSize = (size_t)usGetWord(0x40, aucBytes); + tNameSize = (tNameSize + 1) / 2; ++ if (tNameSize >= sizeof(atPPSlist[0].szName)) { ++ werr(0, "PPS %d appears to be invalid.", iIndex); ++ atPPSlist = xfree(atPPSlist); ++ return FALSE; ++ } + vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); + atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); + if (atPPSlist[iIndex].ucType == 5) { +-- +2.1.2 + |