libwpd is vulnerable to a heap overflow which can cause a denial of service (crash) in programs using the library (such as openoffice, koffice, or abiword). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002 https://issues.rpath.com/browse/RPL-1115 Reproducible: Always Steps to Reproduce:
Created attachment 112328 [details, diff] patch to fix the issue two patches pulled from upstream cvs to fix the issue
gnome herd, please verify and provide a new ebuild
Okay, I've added 0.8.4-r1 with what I believe to be the fix; I needed an additional hunk on top of the patch above, presumably because our version was so old. Unfortuantely, without any information about the actual vulnerability, I can't verify that this actually fixes the problem. The CVE is restricted from me, and the rpath issue doesn't list an exploit I can test.
Thanks Daniel, hi arches, please test & mark stable app-text/libwpd-0.8.4-r1, thanks
Stable for HPPA (and many thanks to the Maryland Courts Watcher[1] for providing links to .wpd files). [1] http://marylandcourts.blogspot.com/
(In reply to comment #4) > Thanks Daniel, > > hi arches, please test & mark stable app-text/libwpd-0.8.4-r1, thanks When doing so, please also mark stable app-text/wpd2sxw-0.7*, as the current won't build with libwpd 0.8 (goes out to ppc). x86 stable
Sparc stable. app-text/wpd2sxw has no sparc keyword, so nothing to do there.
0.8.9 has (finally!) been released upstream to fix this release - we're probably better off just bumping versions at this point
Smithj if you'd rather want to bump, just remove arches from CC until you commit the fixed ebuild.
Well, I'm not on the gnome herd - want to ensure it doesn't break anything first... input from the gnome folks?
Back to ebuild for now.
*** Bug 138233 has been marked as a duplicate of this bug. ***
Okay, I've bumped to 0.8.9. I tested abiword-plugins, in addition to wpd2*, and all work fine, so no apparent regressions.
openoffice has vulnerable libwpd 0.8.8 bundled, so it's probably also affected?
libwpd-0.8.9 fails to compile for me: ibxml2 -DNDEBUG -I../../src/lib/ -O2 -march=pentium-m -fomit-frame-pointer -pipe -MT test.o -MD -MP -MF ".deps/test.Tpo" -c -o test.o test.cpp; \ then mv -f ".deps/test.Tpo" ".deps/test.Po"; else rm -f ".deps/test.Tpo"; exit 1; fi test.cpp:24:32: error: cppunit/TestRunner.h: No such file or directory test.cpp:25:32: error: cppunit/TestResult.h: No such file or directory test.cpp:26:41: error: cppunit/TestResultCollector.h: No such file or directory test.cpp:27:45: error: cppunit/extensions/HelperMacros.h: No such file or directory test.cpp:28:47: error: cppunit/BriefTestProgressListener.h: No such file or directory test.cpp:29:52: error: cppunit/extensions/TestFactoryRegistry.h: No such file or directory test.cpp:30:39: error: cppunit/CompilerOutputter.h: No such file or directory test.cpp:41: error: 'CPPUNIT_NS' has not been declared test.cpp:41: error: expected `{' before 'TestFixture' test.cpp:41: error: invalid function declaration test.cpp:56: error: invalid use of undefined type 'class Test' test.cpp:41: error: forward declaration of 'class Test' test.cpp:64: error: invalid use of undefined type 'class Test' test.cpp:41: error: forward declaration of 'class Test' test.cpp:69: error: invalid use of undefined type 'class Test' test.cpp:41: error: forward declaration of 'class Test' test.cpp: In member function 'void Test::testStream()': test.cpp:92: error: 'CPPUNIT_ASSERT_EQUAL' was not declared in this scope test.cpp:97: error: 'CPPUNIT_ASSERT' was not declared in this scope test.cpp:139: error: expected primary-expression before ')' token test.cpp:139: error: 'CPPUNIT_ASSERT_THROW' was not declared in this scope test.cpp:208: error: expected primary-expression before ')' token test.cpp: At global scope: test.cpp:225: error: expected constructor, destructor, or type conversion before ';' token test.cpp: In function 'int main(int, char**)': test.cpp:230: error: 'CPPUNIT_NS' has not been declared test.cpp:230: error: expected `;' before 'controller' test.cpp:233: error: 'CPPUNIT_NS' has not been declared test.cpp:233: error: expected `;' before 'result' test.cpp:234: error: 'controller' was not declared in this scope test.cpp:234: error: 'result' was not declared in this scope test.cpp:237: error: 'CPPUNIT_NS' has not been declared test.cpp:237: error: expected `;' before 'progress' test.cpp:238: error: 'progress' was not declared in this scope test.cpp:241: error: 'CPPUNIT_NS' has not been declared test.cpp:241: error: expected `;' before 'runner' test.cpp:242: error: 'runner' was not declared in this scope test.cpp:242: error: 'CPPUNIT_NS' has not been declared test.cpp:246: error: 'CPPUNIT_NS' has not been declared test.cpp:246: error: expected `;' before 'outputter' test.cpp:247: error: 'outputter' was not declared in this scope make[1]: *** [test.o] Error 1 make[1]: Leaving directory `/var/tmp/paludis/app-text/libwpd-0.8.9/work/libwpd-0.8.9/src/test' make: *** [check] Error 2
(In reply to comment #14) > openoffice has vulnerable libwpd 0.8.8 bundled, so it's probably also affected? > Yes. In fact, the first public mention of this was a Novell security announce of OOo (they apparently broke embargo).
(In reply to comment #14) > openoffice has vulnerable libwpd 0.8.8 bundled, so it's probably also affected? > Yes, but this is already part of another bug (and handled there): https://bugs.gentoo.org/show_bug.cgi?id=170828
(In reply to comment #17) > Yes, but this is already part of another bug (and handled there): > > https://bugs.gentoo.org/show_bug.cgi?id=170828 That bug is not public, even though the security issue is (ref the novell advisory), so it was hard to tell for those of us without special access :-) Perhaps its time to open that one up too?
hanno: Apparently, cppunit is needed for FEATURES=test. Since cppunit doesn't have enough keywords, I've masked FEATURES=test for now, even though the unit tests pass here.
Finally calling arches. Please test and mark stable. Target keywords are: libwpd-0.8.9.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ~ppc-macos ppc64 sparc x86 ~x86-fbsd"
ppc64 stable
ppc stable
app-text/libwpd-0.8.9 USE="doc" 1. emerges on x86 2. passes collision test 3. app-text/wpd2sxw-0.7.1 emerges with it Portage 2.1.2.2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19.5 i686) ================================================================= System uname: 2.6.19.5 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 25 Mar 2007 09:30:01 +0000 dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde kdeenablefinal ldap libg++ mad midi mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts unicode vcd vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
x86 done
Stable for HPPA (0.8.9 this time).
sparc stable.
amd64 done.
alpha stable
ia64 done...
Thx everyone. This one is ready for GLSA decision. I vote NO.
I tend to vote yes
as for me its a B2 so I vovte Yes and i'm filing a GLSA request at the same time.
You're correct Falco.
adding CVE-2007-1466
GLSA 200704-07, thanks everybody