diff --git a/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch b/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch new file mode 100644 index 0000000..e9d68db --- /dev/null +++ b/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch @@ -0,0 +1,29 @@ +diff -ru libwpd-0.10.2/src/lib/WP6ContentListener.cpp libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp +--- libwpd-0.10.2/src/lib/WP6ContentListener.cpp 2017-09-08 18:04:25.000000000 +0100 ++++ libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp 2018-10-30 10:54:22.326697162 +0000 +@@ -1311,7 +1311,10 @@ + m_ps->m_tableDefinition.m_columnsProperties.clear(); + + // pull a table definition off of our stack +- m_parseState->m_currentTable = m_parseState->m_tableList[m_parseState->m_nextTableIndice++]; ++ auto index = m_parseState->m_nextTableIndice++; ++ if (index >= m_parseState->m_tableList.size()) ++ throw ParseException(); ++ m_parseState->m_currentTable = m_parseState->m_tableList[index]; + if (!m_parseState->m_currentTable) + throw ParseException(); + m_parseState->m_currentTable->makeBordersConsistent(); +diff -ru libwpd-0.10.2/src/lib/WPXTable.h libwpd-0.10.2.new/src/lib/WPXTable.h +--- libwpd-0.10.2/src/lib/WPXTable.h 2015-12-30 08:27:30.000000000 +0000 ++++ libwpd-0.10.2.new/src/lib/WPXTable.h 2018-10-30 10:55:41.264362182 +0000 +@@ -92,6 +92,10 @@ + { + m_tableList->push_back(table); + } ++ size_t size() const ++ { ++ return m_tableList->size(); ++ } + + private: + void release(); diff --git a/libwpd.changes b/libwpd.changes index 6fe09c3..5cf0862 100644 --- a/libwpd.changes +++ b/libwpd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 13 09:07:55 UTC 2018 - Tomáš Chvátal + +- Add patch to fix rh#1643752 bsc#1115713 CVE-2018-19208: + * 0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch + ------------------------------------------------------------------- Wed Sep 13 10:49:05 UTC 2017 - tchvatal@suse.com diff --git a/libwpd.spec b/libwpd.spec index 12d0e22..09d7344 100644 --- a/libwpd.spec +++ b/libwpd.spec @@ -1,7 +1,7 @@ # # spec file for package libwpd # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,10 +21,11 @@ Name: libwpd Version: 0.10.2 Release: 0 Summary: Library for Importing WordPerfect (tm) Documents -License: LGPL-2.1+ AND MPL-2.0+ +License: LGPL-2.1-or-later AND MPL-2.0+ Group: Productivity/Publishing/Word -Url: http://libwpd.sourceforge.net +URL: http://libwpd.sourceforge.net Source: http://downloads.sourceforge.net/project/%{name}/%{name}/%{name}-%{version}/%{name}-%{version}.tar.xz +Patch0: 0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: gcc-c++ @@ -70,9 +71,7 @@ an in-process component. %package devel-doc Summary: Documentation for the libwpd API Group: Documentation/Other -%if 0%{?suse_version} > 1200 BuildArch: noarch -%endif %description devel-doc This package contains documentation for the libwpd API. @@ -87,6 +86,7 @@ supported: html, raw, text %prep %setup -q +%patch0 -p1 %build export CXXFLAGS="%{optflags} -fvisibility-inlines-hidden" @@ -110,6 +110,8 @@ done %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} +%license COPYING.LGPL +%license COPYING.MPL %{_libdir}/*.so.* %files devel @@ -124,12 +126,7 @@ done %files tools %{_bindir}/* -%{_mandir}/man1/*.1* -%doc ChangeLog -%doc COPYING.LGPL -%doc COPYING.MPL -%doc CREDITS -%doc NEWS -%doc TODO +%{_mandir}/man1/*.1%{?ext_man} +%doc ChangeLog CREDITS NEWS %changelog