From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 11 17:52:34 2017 Received: (at submit) by debbugs.gnu.org; 11 Aug 2017 21:52:34 +0000 Received: from localhost ([127.0.0.1]:56074 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dgHr2-00032x-Hr for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:34 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42341) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dgHqw-00032h-Tc for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dgHqo-00027a-Us for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:17 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_05, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54231) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dgHqo-00027T-RE for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:14 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33257) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dgHqn-0005si-0Q for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dgHql-00026D-Ia for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:13 -0400 Received: from mail-pf0-x236.google.com ([2607:f8b0:400e:c00::236]:35989) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dgHqf-0001yd-9L; Fri, 11 Aug 2017 17:52:05 -0400 Received: by mail-pf0-x236.google.com with SMTP id c28so20478155pfe.3; Fri, 11 Aug 2017 14:52:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:user-agent:mime-version; bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=; b=Wvod0fMXZiAy3kU7YTc8h3uA9fbbFeLt2qHgMDIsrsqG4OMlKpCZEa4zTw3kqgalpT 5fikRlTRjEvRJAZKzne5RS7jSLUoZWkxK9MXbURIR+OJj2u047qZfFKGUO5lY5Uvo9Hu kfSMX6Fa0KOv5ZBd7gj7mEwP2U7SI2cBMxWj0Kth8NtU6+hI45uxEuEgHnygspLoW9Sf YqJd23lFCRAvinvQEEwbUg2Pk76BE6t4UdFEQg+dg6oFNdknzq+WB3hdsLRzmJ0qgD1B IUhyrlx5pPbGUEhbvF7yMGb8t61nu5IXRyEWkOjZp4OBBhlc0aqx8Xze/6V6BCngwOBP 8SNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version; bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=; b=NsyE/YQwwroMlPVVtLhVtYlVk6CmObv8yjLLeNEY4aMU1nbLPsyf2uBKOV9eL+2u9C 4NlULuvw/jf4Vwfjq7wAaiuv0Q58PosLN0Ldf/G543ox5x7OZEaqF/lEXZM2A3A2aU3P JzfVx7X8NEk9lx03u1t8VtukhGSDWaTTGVvpm3SjmKdTjo9Wk6l0MUXR/z1MUsPjEsGv q0XZV8sxY4zWopcVc1P/TyULEqXKYVc2RoC2wbA4yPAHVr50WT4/vbJTs1ZhzEbPG492 tmfDmKg4wG+LpO1wusCq4b/75Pc+g4nOhT001GxLfC8+Z7ANIImLwWXildlxj3ORlXnE F7gg== X-Gm-Message-State: AHYfb5jYXarLgt4lnzBpdyYiWBR2LlVIPvp4YRLGtvfm5mQcFPR6VnOB bWANe9/OS3KHQw== X-Received: by 10.99.39.135 with SMTP id n129mr4051167pgn.36.1502488322560; Fri, 11 Aug 2017 14:52:02 -0700 (PDT) Received: from debian (pcd372024.netvigator.com. [203.218.162.24]) by smtp.gmail.com with ESMTPSA id c7sm3479876pfa.174.2017.08.11.14.51.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 11 Aug 2017 14:52:00 -0700 (PDT) From: Alex Vong To: guix-patches@gnu.org, guix-devel@gnu.org Subject: [PATCH] gnu: catdoc: Fix CVE-2017-11110. Date: Sat, 12 Aug 2017 05:51:45 +0800 Message-ID: <87zib5pyby.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.8 (---) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Severity: important Tags: patch security Hello, This patch fixes the latest CVE of catdoc. The upstream repo[0] is not updated for more than a year, so I grab the patch from openSUSE instead (which is also used by Debian). [...] Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (alexvong1995[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (alexvong1995[at]gmail.com) 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Severity: important Tags: patch security Hello, This patch fixes the latest CVE of catdoc. The upstream repo[0] is not updated for more than a year, so I grab the patch from openSUSE instead (which is also used by Debian). --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-catdoc-Fix-CVE-2017-11110.patch Content-Transfer-Encoding: quoted-printable From=2069b2b0ca3b43409e86bd5d01fe72823ef84ee391 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 10 Aug 2017 21:02:14 +0800 Subject: [PATCH] gnu: catdoc: Fix CVE-2017-11110. * gnu/packages/patches/catdoc-CVE-2017-11110.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/textutils.scm (catdoc)[source]: Use it. =2D-- gnu/local.mk | 1 + gnu/packages/patches/catdoc-CVE-2017-11110.patch | 45 ++++++++++++++++++++= ++++ gnu/packages/textutils.scm | 2 ++ 3 files changed, 48 insertions(+) create mode 100644 gnu/packages/patches/catdoc-CVE-2017-11110.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3d79d5d22..57c346921 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -534,6 +534,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-use-packaged-feedparser.patch \ + %D%/packages/patches/catdoc-CVE-2017-11110.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch \ %D%/packages/patches/ceph-disable-cpu-optimizations.patch \ diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/package= s/patches/catdoc-CVE-2017-11110.patch new file mode 100644 index 000000000..71c44f60f =2D-- /dev/null +++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-11110: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-11110 +https://bugzilla.redhat.com/show_bug.cgi?id=3D1468471 +https://security-tracker.debian.org/tracker/CVE-2017-11110 + +Patch copied from openSUSE: + +https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/cat= doc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=3D1 + +From: Andreas Stieger +Date: Mon, 10 Jul 2017 15:37:58 +0000 +References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=3D1047= 877 + +All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <= 4. + +--- + src/ole.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: catdoc-0.95/src/ole.c +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +--- catdoc-0.95.orig/src/ole.c 2016-05-25 06:37:12.000000000 +0200 ++++ catdoc-0.95/src/ole.c 2017-07-10 17:42:33.578308107 +0200 +@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si + return NULL; + } + sectorSize =3D 1<=3D 4 for CVE-2017= -11110 */ + 1, sectorSize, newfile) !=3D sectorSize) { + fprintf(stderr, "Error read MSAT!\n"); + ole_finish(); diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm index e8ae30cd6..537d01334 100644 =2D-- a/gnu/packages/textutils.scm +++ b/gnu/packages/textutils.scm @@ -12,6 +12,7 @@ ;;; Copyright =C2=A9 2017 Rene Saavedra ;;; Copyright =C2=A9 2017 Hartmut Goebel ;;; Copyright =C2=A9 2017 Kei Kebreau +;;; Copyright =C2=A9 2017 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -409,6 +410,7 @@ runs Word\".") (method url-fetch) (uri (string-append "http://ftp.wagner.pp.ru/pub/catdoc/" "catdoc-" version ".tar.gz")) + (patches (search-patches "catdoc-CVE-2017-11110.patch")) (sha256 (base32 "15h7v3bmwfk4z8r78xs5ih6vd0pskn0rj90xghvbzdjj0cc88jji")))) =2D-=20 2.14.0 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable (I am re-sending this mail for the 3rd time since I didn't receive a reply from debbugs. This time I decide to mail to guix-devel as well just in case it doesn't work again.)=20 Cheers, Alex [0]: http://www.wagner.pp.ru/gitweb/?p=3Doss/catdoc.git;a=3Dsummary --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmOJvIACgkQxYq4eRf1 Ea7j9Q/9EKSmn1t9t0uCGujOAri5pORqXv2BdOdrte6Q3IfMnuOpsjzG7YjQJCgQ d0+laYjpHL2kV9/QI5U6FKowPAksiCW2Amgj2x/5eDTVjFSV7emRynLaT4leTMBE uXpdmhLTmO2rI1Fu4OTIfNGgYFDrqesZAg0njKzlKSSqA2XoLNUGG+DOxUvZQIb5 8tFeS6THe+Qq397btQlRXUhYHWM8fqcGY4QE999PjZt5jULCPXkxLfqbOdiNP6wa xxgTpj8BfOv2P8cOWNnkvxjauLNq0cpdrB41JUM8NdvOavUpZ2uQFhfMa6BHkuxd /FTZOUQQO8cCpN7h81exbdhr6doov0MjBpLQZ3MXte2m6l1zpUrSNUetMNDAFn2d wKhzASgKqdk67zUT2CR3sOAXwxKc6hRbJ7cNxQfPK7/PhY0CqQSVtTCdYbu4Le+Y AZG6DurLC3joO3N6XLt1fPg+zcwg2mO9SsBWCCycG3s7iT1LOa54pbJp/xtxCDc1 UZNnbRDcvQn2G5f0CcmJffEO0flZBiL8AJwNL6BAhtTLY4MV5Mu5ZMi6Vfqi24sN lQtgsjgTGAqwwPnl0NkLRmo9xVSKZ26W3em5HqzwVnoSf/zvq/30vUgIW73D+PZY kQExGMC5hFUbf9GPY0x91c1veyCkTbSDKNNPpKCJ8Wdi6h97bQ4= =pyeT -----END PGP SIGNATURE----- --==-=-=--