pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/misc/openoffice2 Fix CVE-2008-3282 (OpenOffice.org "rt...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e8d8a839cfa4
branches: trunk
changeset: 546351:e8d8a839cfa4
user: hira <hira%pkgsrc.org@localhost>
date: Fri Aug 29 08:08:11 2008 +0000
description:
Fix CVE-2008-3282 (OpenOffice.org "rtl_allocateMemory()" Truncation
Vulnerability).
Bump PKGREVISION.
diffstat:
misc/openoffice2/Makefile | 3 ++-
misc/openoffice2/distinfo | 3 ++-
misc/openoffice2/patches/patch-de | 39 +++++++++++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+), 2 deletions(-)
diffs (70 lines):
diff -r ae39b7c28d14 -r e8d8a839cfa4 misc/openoffice2/Makefile
--- a/misc/openoffice2/Makefile Fri Aug 29 06:14:22 2008 +0000
+++ b/misc/openoffice2/Makefile Fri Aug 29 08:08:11 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.47 2008/06/13 11:20:14 hira Exp $
+# $NetBSD: Makefile,v 1.48 2008/08/29 08:08:11 hira Exp $
#
OO_VER= 2.4.1
+PKGREVISION= 1
DISTNAME= openoffice-${OO_VER}
PKGNAME= openoffice2-${OO_VER}
CATEGORIES= misc
diff -r ae39b7c28d14 -r e8d8a839cfa4 misc/openoffice2/distinfo
--- a/misc/openoffice2/distinfo Fri Aug 29 06:14:22 2008 +0000
+++ b/misc/openoffice2/distinfo Fri Aug 29 08:08:11 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.40 2008/06/13 11:20:14 hira Exp $
+$NetBSD: distinfo,v 1.41 2008/08/29 08:08:11 hira Exp $
SHA1 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = a50c7f317643b756c2b0e8937fa9d64b99f05ed9
RMD160 (openoffice-2.4.1/OOo_2.4.1_src_binfilter.tar.bz2) = 04ffce167f94a250f94f05923a70af0b0744c417
@@ -66,3 +66,4 @@
SHA1 (patch-da) = c2c9332dcf22d2d201215813ac9fc7e7ac401c6d
SHA1 (patch-dc) = 125ae2e943946cb96c6f7513dccced0c9d8797af
SHA1 (patch-dd) = 6f791b6be13e37a59b3115ab338587489079b89d
+SHA1 (patch-de) = 138fbea73fec80c744c3eede57dfe5f1cddef573
diff -r ae39b7c28d14 -r e8d8a839cfa4 misc/openoffice2/patches/patch-de
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-de Fri Aug 29 08:08:11 2008 +0000
@@ -0,0 +1,39 @@
+$NetBSD: patch-de,v 1.1 2008/08/29 08:08:11 hira Exp $
+
+Fix CVE-2008-3282.
+
+--- sal/rtl/source/alloc_global.c.orig 2008-05-21 21:53:26.000000000 +0900
++++ sal/rtl/source/alloc_global.c 2008-08-29 08:18:14.000000000 +0900
+@@ -214,9 +214,7 @@
+ char * addr;
+ sal_Size size = RTL_MEMORY_ALIGN(n + RTL_MEMALIGN, RTL_MEMALIGN);
+
+- int index = (size - 1) >> RTL_MEMALIGN_SHIFT;
+ OSL_ASSERT(RTL_MEMALIGN >= sizeof(sal_Size));
+-
+ if (n >= SAL_MAX_SIZE - (RTL_MEMALIGN + RTL_MEMALIGN - 1))
+ {
+ /* requested size too large for roundup alignment */
+@@ -224,8 +222,8 @@
+ }
+
+ try_alloc:
+- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT)
+- addr = (char*)rtl_cache_alloc (g_alloc_table[index]);
++ if (size <= RTL_MEMORY_CACHED_LIMIT)
++ addr = (char*)rtl_cache_alloc(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT]);
+ else
+ addr = (char*)rtl_arena_alloc (gp_alloc_arena, &size);
+
+@@ -255,9 +253,8 @@
+ char * addr = (char*)(p) - RTL_MEMALIGN;
+ sal_Size size = ((sal_Size*)(addr))[0];
+
+- int index = (size - 1) >> RTL_MEMALIGN_SHIFT;
+- if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT)
+- rtl_cache_free (g_alloc_table[index], addr);
++ if (size <= RTL_MEMORY_CACHED_LIMIT)
++ rtl_cache_free(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT], addr);
+ else
+ rtl_arena_free (gp_alloc_arena, addr, size);
+ }
Home |
Main Index |
Thread Index |
Old Index