From dfa7924ea685a59ebb1afb94775e8fe9f08b6739 Mon Sep 17 00:00:00 2001 From: Andreas Sturmlechner Date: Mon, 26 Jun 2017 22:57:36 +0200 Subject: app-text/libmwaw: Fix CVE-2017-9433 Also drop unused RDEPEND. Gentoo-bug: 621880 Package-Manager: Portage-2.3.6, Repoman-2.3.1 --- .../files/libmwaw-0.3.11-CVE-2017-9433.patch | 19 ++++++++ app-text/libmwaw/libmwaw-0.3.11-r1.ebuild | 52 ++++++++++++++++++++++ app-text/libmwaw/libmwaw-9999.ebuild | 1 - 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch create mode 100644 app-text/libmwaw/libmwaw-0.3.11-r1.ebuild (limited to 'app-text/libmwaw') diff --git a/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch new file mode 100644 index 000000000000..4918fd4b6516 --- /dev/null +++ b/app-text/libmwaw/files/libmwaw-0.3.11-CVE-2017-9433.patch @@ -0,0 +1,19 @@ +commit 68b3b74569881248bfb6cbb4266177cc253b292f +Author: David Tardon +Date: Sat Apr 8 14:03:29 2017 +0200 + + ofz#1037 resize vector correctly + +diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx +index 63547e6..3626064 100644 +--- a/src/lib/MsWrd1Parser.cxx ++++ b/src/lib/MsWrd1Parser.cxx +@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits) + int id = fIt++->second; + fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first; + if (id >= int(m_state->m_footnotesList.size())) +- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0)); ++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0)); + m_state->m_footnotesList[size_t(id)]=fPos; + } + ascii().addDelimiter(input->tell(),'|'); diff --git a/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild new file mode 100644 index 000000000000..8be0198bd0f6 --- /dev/null +++ b/app-text/libmwaw/libmwaw-0.3.11-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +EGIT_REPO_URI="git://git.code.sf.net/p/libmwaw/libmwaw" +[[ ${PV} == 9999 ]] && inherit autotools git-r3 + +DESCRIPTION="Library parsing many pre-OSX MAC text formats" +HOMEPAGE="https://sourceforge.net/p/libmwaw/wiki/Home/" +[[ ${PV} == 9999 ]] || SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" + +LICENSE="LGPL-2.1" +SLOT="0" + +[[ ${PV} == 9999 ]] || \ +KEYWORDS="~amd64 ~arm ~x86" + +IUSE="doc static-libs tools" + +RDEPEND=" + dev-libs/librevenge + sys-libs/zlib +" +DEPEND="${RDEPEND} + sys-devel/libtool + virtual/pkgconfig + doc? ( app-doc/doxygen ) +" + +PATCHES=( "${FILESDIR}/${P}-CVE-2017-9433.patch" ) + +src_prepare() { + default + [[ ${PV} == 9999 ]] && eautoreconf +} + +src_configure() { + # zip is hard enabled as the zlib is dep on the rdeps anyway + econf \ + --enable-zip \ + --disable-werror \ + --with-sharedptr=c++11 \ + $(use_with doc docs) \ + $(use_enable static-libs static) \ + $(use_enable tools) +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die +} diff --git a/app-text/libmwaw/libmwaw-9999.ebuild b/app-text/libmwaw/libmwaw-9999.ebuild index ed8c879dc73f..b0434c260bc2 100644 --- a/app-text/libmwaw/libmwaw-9999.ebuild +++ b/app-text/libmwaw/libmwaw-9999.ebuild @@ -20,7 +20,6 @@ IUSE="doc static-libs tools" RDEPEND=" dev-libs/librevenge - dev-libs/libxml2 sys-libs/zlib " DEPEND="${RDEPEND} -- cgit v1.2.3-65-gdbad