Hello community, here is the log from the commit of package calligra for openSUSE:Factory checked in at 2012-08-07 21:27:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/calligra (Old) and /work/SRC/openSUSE:Factory/.calligra.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "calligra", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/calligra/calligra-doc.changes 2012-08-04 09:07:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.calligra.new/calligra-doc.changes 2012-08-07 21:27:38.000000000 +0200 @@ -1,0 +2,5 @@ +Sat Aug 4 12:49:48 UTC 2012 - [email protected] + +- Fix buffer overflow in MS Word ODF filter (bnc#774534) + +------------------------------------------------------------------- calligra.changes: same change New: ---- bnc733534-calligra-msword-overflow-fix.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ calligra-doc.spec ++++++ --- /var/tmp/diff_new_pack.DNbclx/_old 2012-08-07 21:27:42.000000000 +0200 +++ /var/tmp/diff_new_pack.DNbclx/_new 2012-08-07 21:27:42.000000000 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: calligra-doc Version: 2.4.3 Release: 0 ++++++ calligra.spec ++++++ --- /var/tmp/diff_new_pack.DNbclx/_old 2012-08-07 21:27:42.000000000 +0200 +++ /var/tmp/diff_new_pack.DNbclx/_new 2012-08-07 21:27:42.000000000 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: calligra Version: 2.4.3 Release: 0 @@ -31,6 +32,7 @@ Source5: hisc-app-kexi.svgz # PATCH-FIX-OPENSUSE remove_python_shebangs.patch [email protected] -- Remove python shebangs from various scripts (fixes rpmlint warning "non-executable-script") Patch0: remove_python_shebangs.patch +Patch1: bnc733534-calligra-msword-overflow-fix.diff BuildRequires: Mesa-devel BuildRequires: OpenEXR-devel %if 0%{?suse_version} > 1210 @@ -316,6 +318,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %cmake_kde4 -d build -- -DBUILD_mobile=false -DBUILD_active=false -DIHAVEPATCHEDQT=TRUE ++++++ bnc733534-calligra-msword-overflow-fix.diff ++++++ commit 8652ab672eaaa145dfb3782f5011de58aa4cc046 Author: Thorsten Zachmann <[email protected]> Date: Sat Aug 4 06:42:14 2012 +0200 Make sure not to write behind the allocated memory Validate the input data to not write behind the allocated memory. This fixes a buffer overflow found by Charlie Miller. diff --git a/filters/words/msword-odf/wv2/src/styles.cpp b/filters/words/msword-odf/wv2/src/styles.cpp index 02a82a0..78ac31d 100644 --- a/filters/words/msword-odf/wv2/src/styles.cpp +++ b/filters/words/msword-odf/wv2/src/styles.cpp @@ -248,6 +248,11 @@ throw(InvalidFormatException) #ifdef WV2_DEBUG_STYLESHEET wvlog << "cbUPX: " << cbUPX << endl; #endif + // do not overflow the allocated buffer grupx + if (offset + cbUPX > grupxLen) { + wvlog << "====> Error: grupx would overflow!" << endl; + return false; + } for ( U16 j = 0; j < cbUPX; ++j ) { grupx[ offset + j ] = stream->readU8(); // read the whole UPX #ifdef WV2_DEBUG_STYLESHEET -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
