[libreoffice] 01/01: add add 1:4.3.3-2+deb8u7 (jessie-security) changes
Rene Engelhard
rene at moszumanska.debian.org
Fri May 26 21:50:14 UTC 2017
This is an automated email from the git hooks/post-receive script.
rene pushed a commit to branch debian-jessie-4.3.3
in repository libreoffice.
commit 838f99455e82174d35669097a1aa03b5b4c17971
Author: Rene Engelhard <rene at rene-engelhard.de>
Date: Fri May 26 23:49:00 2017 +0200
add add 1:4.3.3-2+deb8u7 (jessie-security) changes
---
changelog | 6 +++++
patches/CVE-2017-7870.diff | 56 ++++++++++++++++++++++++++++++++++++++++++++++
patches/series | 1 +
3 files changed, 63 insertions(+)
diff --git a/changelog b/changelog
index 693b109..66f1fc5 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,9 @@
+libreoffice (1:4.3.3-2+deb8u7) jessie-security; urgency=high
+
+ * debian/patches/CVE-2017-7870.diff: fix CVE-2017-7870
+
+ -- Rene Engelhard <rene at debian.org> Mon, 24 Apr 2017 19:43:52 +0200
+
libreoffice (1:4.3.3-2+deb8u6) jessie-security; urgency=high
* debian/patches/olefix.diff: fix CVE-2017-3157
diff --git a/patches/CVE-2017-7870.diff b/patches/CVE-2017-7870.diff
new file mode 100644
index 0000000..14881e9
--- /dev/null
+++ b/patches/CVE-2017-7870.diff
@@ -0,0 +1,56 @@
+diff --git a/tools/inc/poly.h b/tools/inc/poly.h
+index d677bcd8b0ac..c614401f122c 100644
+--- a/tools/inc/poly.h
++++ b/tools/inc/poly.h
+@@ -42,7 +42,7 @@ public:
+
+ void ImplSetSize( sal_uInt16 nSize, bool bResize = true );
+ void ImplCreateFlagArray();
+- void ImplSplit( sal_uInt16 nPos, sal_uInt16 nSpace, ImplPolygon* pInitPoly = NULL );
++ bool ImplSplit( sal_uInt16 nPos, sal_uInt16 nSpace, ImplPolygon* pInitPoly = NULL );
+ };
+
+ #define MAX_POLYGONS ((sal_uInt16)0x3FF0)
+diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
+index 244727169571..c8221793ba53 100644
+--- a/tools/source/generic/poly.cxx
++++ b/tools/source/generic/poly.cxx
+@@ -205,13 +205,16 @@ void ImplPolygon::ImplSetSize( sal_uInt16 nNewSize, bool bResize )
+ mnPoints = nNewSize;
+ }
+
+-void ImplPolygon::ImplSplit( sal_uInt16 nPos, sal_uInt16 nSpace, ImplPolygon* pInitPoly )
++bool ImplPolygon::ImplSplit( sal_uInt16 nPos, sal_uInt16 nSpace, ImplPolygon* pInitPoly )
+ {
+ const sal_uIntPtr nSpaceSize = nSpace * sizeof( Point );
+
+ //Can't fit this in :-(, throw ?
+ if (mnPoints + nSpace > USHRT_MAX)
+- return;
++ {
++ SAL_WARN("tools", "Polygon needs " << mnPoints + nSpace << " points, but only " << USHRT_MAX << " possible");
++ return false;
++ }
+
+ const sal_uInt16 nNewSize = mnPoints + nSpace;
+
+@@ -266,6 +269,8 @@ void ImplPolygon::ImplSplit( sal_uInt16 nPos, sal_uInt16 nSpace, ImplPolygon* pI
+ mpPointAry = pNewAry;
+ mnPoints = nNewSize;
+ }
++
++ return true;
+ }
+
+ void ImplPolygon::ImplCreateFlagArray()
+@@ -1439,8 +1444,8 @@ void Polygon::Insert( sal_uInt16 nPos, const Point& rPt, PolyFlags eFlags )
+ if( nPos >= mpImplPolygon->mnPoints )
+ nPos = mpImplPolygon->mnPoints;
+
+- mpImplPolygon->ImplSplit( nPos, 1 );
+- mpImplPolygon->mpPointAry[ nPos ] = rPt;
++ if (mpImplPolygon->ImplSplit( nPos, 1 ))
++ mpImplPolygon->mpPointAry[ nPos ] = rPt;
+
+ if( POLY_NORMAL != eFlags )
+ {
diff --git a/patches/series b/patches/series
index bde4189..cf0328b 100644
--- a/patches/series
+++ b/patches/series
@@ -48,3 +48,4 @@ V-pxk0pgyk9d.diff
ppc64el-jdk-paths.diff
CVE-2016-4324.diff
olefix.diff
+CVE-2017-7870.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openoffice/libreoffice.git
More information about the Pkg-openoffice-commits
mailing list