head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.6 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.4 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.2 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.1.0.28 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.26 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.24 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.22 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.20 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.18 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.16 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.14 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.12 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.10 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2011.10.02.14.11.57; author wiz; state dead; branches; next 1.1; 1.1 date 2008.08.29.08.08.11; author hira; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.08.29.08.08.11; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.08.30.18.46.33; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove packages scheduled to be deleted according to the pkgsrc-2011Q2 release notes. @ text @$NetBSD: patch-de,v 1.1 2008/08/29 08:08:11 hira Exp $ Fix CVE-2008-3282. --- sal/rtl/source/alloc_global.c.orig 2008-05-21 21:53:26.000000000 +0900 +++ sal/rtl/source/alloc_global.c 2008-08-29 08:18:14.000000000 +0900 @@@@ -214,9 +214,7 @@@@ char * addr; sal_Size size = RTL_MEMORY_ALIGN(n + RTL_MEMALIGN, RTL_MEMALIGN); - int index = (size - 1) >> RTL_MEMALIGN_SHIFT; OSL_ASSERT(RTL_MEMALIGN >= sizeof(sal_Size)); - if (n >= SAL_MAX_SIZE - (RTL_MEMALIGN + RTL_MEMALIGN - 1)) { /* requested size too large for roundup alignment */ @@@@ -224,8 +222,8 @@@@ } try_alloc: - if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) - addr = (char*)rtl_cache_alloc (g_alloc_table[index]); + if (size <= RTL_MEMORY_CACHED_LIMIT) + addr = (char*)rtl_cache_alloc(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT]); else addr = (char*)rtl_arena_alloc (gp_alloc_arena, &size); @@@@ -255,9 +253,8 @@@@ char * addr = (char*)(p) - RTL_MEMALIGN; sal_Size size = ((sal_Size*)(addr))[0]; - int index = (size - 1) >> RTL_MEMALIGN_SHIFT; - if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) - rtl_cache_free (g_alloc_table[index], addr); + if (size <= RTL_MEMORY_CACHED_LIMIT) + rtl_cache_free(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT], addr); else rtl_arena_free (gp_alloc_arena, addr, size); } @ 1.1 log @Fix CVE-2008-3282 (OpenOffice.org "rtl_allocateMemory()" Truncation Vulnerability). Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-de was added on branch pkgsrc-2008Q2 on 2008-08-30 18:46:33 +0000 @ text @d1 39 @ 1.1.2.2 log @Pullup ticket #2508 - requested by hira openoffice2: security patch Revisions pulled up: - misc/openoffice2/Makefile 1.48 - misc/openoffice2/distinfo 1.41 - misc/openoffice2/patches/patch-de 1.1 --- Module Name: pkgsrc Committed By: hira Date: Fri Aug 29 08:08:11 UTC 2008 Modified Files: pkgsrc/misc/openoffice2: Makefile distinfo Added Files: pkgsrc/misc/openoffice2/patches: patch-de Log Message: Fix CVE-2008-3282 (OpenOffice.org "rtl_allocateMemory()" Truncation Vulnerability). Bump PKGREVISION. @ text @a0 39 $NetBSD: patch-de,v 1.1 2008/08/29 08:08:11 hira Exp $ Fix CVE-2008-3282. --- sal/rtl/source/alloc_global.c.orig 2008-05-21 21:53:26.000000000 +0900 +++ sal/rtl/source/alloc_global.c 2008-08-29 08:18:14.000000000 +0900 @@@@ -214,9 +214,7 @@@@ char * addr; sal_Size size = RTL_MEMORY_ALIGN(n + RTL_MEMALIGN, RTL_MEMALIGN); - int index = (size - 1) >> RTL_MEMALIGN_SHIFT; OSL_ASSERT(RTL_MEMALIGN >= sizeof(sal_Size)); - if (n >= SAL_MAX_SIZE - (RTL_MEMALIGN + RTL_MEMALIGN - 1)) { /* requested size too large for roundup alignment */ @@@@ -224,8 +222,8 @@@@ } try_alloc: - if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) - addr = (char*)rtl_cache_alloc (g_alloc_table[index]); + if (size <= RTL_MEMORY_CACHED_LIMIT) + addr = (char*)rtl_cache_alloc(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT]); else addr = (char*)rtl_arena_alloc (gp_alloc_arena, &size); @@@@ -255,9 +253,8 @@@@ char * addr = (char*)(p) - RTL_MEMALIGN; sal_Size size = ((sal_Size*)(addr))[0]; - int index = (size - 1) >> RTL_MEMALIGN_SHIFT; - if (index < RTL_MEMORY_CACHED_LIMIT >> RTL_MEMALIGN_SHIFT) - rtl_cache_free (g_alloc_table[index], addr); + if (size <= RTL_MEMORY_CACHED_LIMIT) + rtl_cache_free(g_alloc_table[(size - 1) >> RTL_MEMALIGN_SHIFT], addr); else rtl_arena_free (gp_alloc_arena, addr, size); } @