rpms/openoffice.org/F-7 openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch, NONE, 1.1 openoffice.org.spec, 1.1177, 1.1178

Caolan McNamara (caolanm) fedora-extras-commits at redhat.com
Fri Jun 1 11:41:26 UTC 2007 

Author: caolanm

Update of /cvs/pkgs/rpms/openoffice.org/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14693

Modified Files:
	openoffice.org.spec 
Added Files:
	openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch 
Log Message:
Resolves: CVE-2007-0245

openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch:

--- NEW FILE openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch ---
Index: source/filter/rtf/swparrtf.cxx
===================================================================
RCS file: /cvs/sw/sw/source/filter/rtf/swparrtf.cxx,v
retrieving revision 1.64.36.1
diff -u -r1.64.36.1 swparrtf.cxx
--- openoffice.org.orig/sw/source/filter/rtf/swparrtf.cxx	1 Feb 2007 18:23:13 -0000	1.64.36.1
+++ openoffice.org/sw/source/filter/rtf/swparrtf.cxx	7 Apr 2007 11:03:07 -0000
@@ -3684,25 +3684,12 @@
 
 void SwRTFParser::ReadPrtData()
 {
-	// der Eingabe Stream steht auf der aktuellen Position
-	USHORT nLen = USHORT( nTokenValue ), nCnt = 0;
-	BYTE * pData = new BYTE[ nLen ];
-
-	while( IsParserWorking() ) 			// lese bis zur schliessenden Klammer
-	{
-		int nToken = GetNextToken();
-		if( RTF_TEXTTOKEN == nToken )
-		{
-			xub_StrLen nTknLen = HexToBin( aToken );
-			if( STRING_NOTFOUND != nTknLen )
-			{
-				memcpy( pData + nCnt, (sal_Char*)aToken.GetBuffer(), nTknLen );
-				nCnt += nTknLen;
-			}
-		}
-		else if( '}' == nToken )
-			break;
-	}
+	while( IsParserWorking() )
+    {
+        int nToken = GetNextToken();
+        if( (RTF_TEXTTOKEN != nToken) && ('}' == nToken) )
+            break;
+    }
 
     SkipToken( -1 );        // schliessende Klammer wieder zurueck!!
 }



Index: openoffice.org.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openoffice.org/F-7/openoffice.org.spec,v
retrieving revision 1.1177
retrieving revision 1.1178
diff -u -r1.1177 -r1.1178
--- openoffice.org.spec	31 May 2007 16:14:00 -0000	1.1177
+++ openoffice.org.spec	1 Jun 2007 11:40:49 -0000	1.1178
@@ -134,6 +134,7 @@
 Patch75: openoffice.org-2.2.0.ooo76424.nonatnum.bn_IN.18npool.patch
 Patch76: workspace.cmcfixes34.patch
 Patch77: openoffice.org-2.2.0.ooo77470.docexport.liberation.to.ms.patch
+Patch78: openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch
 
 %define instdir %{_libdir}/openoffice.org
 
@@ -1061,6 +1062,7 @@
 %patch75 -p1 -b .ooo76424.nonatnum.bn_IN.18npool.patch
 %patch76 -p1 -b .workspace.cmcfixes34.patch
 %patch77 -p1 -b .ooo77470.docexport.liberation.to.ms.patch
+%patch78 -p1 -b .ooo77214.rtfprtdata.sw.patch
 
 cp %{SOURCE1} extras/source/database/evolocal.odb
 
@@ -2638,7 +2640,8 @@
 %{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu
 
 %changelog
-* Thu May 31 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.0-14.10
+* Fri Jun 01 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.0-14.10
+- Resolves: CVE-2007-0245
 - add workspace.cmcfixes34.patch for int(0) not being promoted to long
   NULL in ellipsed methods
 - Resolves: rhbz#241875 get script detection right for range vs point

More information about the fedora-extras-commits mailing list