From ef1dbf957b7d471006eedff47388cece564bb34d Mon Sep 17 00:00:00 2001
From: truckman <truckman@FreeBSD.org>
Date: Thu, 21 Jul 2016 18:09:59 +0000
Subject: Fix CVE-2016-1513 - Memory Corruption Vulnerability (Impress
 Presentations).

Regenerate distinfo to add TIMESTAMP.

Obtained from:	<https://bz.apache.org/ooo/show_bug.cgi?id=127045>
MFH:		2016Q3
Security:	72f71e26-4f69-11e6-ac37-ac9e174be3af
---
 editors/openoffice-4/Makefile                  |  2 +-
 editors/openoffice-4/distinfo                  |  5 +++--
 editors/openoffice-4/files/patch-CVE-2016-1513 | 26 ++++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 editors/openoffice-4/files/patch-CVE-2016-1513

(limited to 'editors')

diff --git a/editors/openoffice-4/Makefile b/editors/openoffice-4/Makefile
index d7230f0cbcf..9d250d0b6f7 100644
--- a/editors/openoffice-4/Makefile
+++ b/editors/openoffice-4/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	apache-openoffice
 PORTVERSION=	${AOOVERSION}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	editors java
 MASTER_SITES=	APACHE/openoffice/${PORTVERSION}/source \
 		http://tools.openoffice.org/unowinreg_prebuild/680/:unoreg \
diff --git a/editors/openoffice-4/distinfo b/editors/openoffice-4/distinfo
index d92be10d32f..dd2b668d62e 100644
--- a/editors/openoffice-4/distinfo
+++ b/editors/openoffice-4/distinfo
@@ -1,6 +1,7 @@
+TIMESTAMP = 1469002349
 SHA256 (openoffice/apache-openoffice-4.1.2-r1709696-src.tar.bz2) = 2e06774424eb564559f9e6d63ff79aa00522b210067717c5a8cfb54b3b7f1812
 SIZE (openoffice/apache-openoffice-4.1.2-r1709696-src.tar.bz2) = 219041975
-SHA256 (openoffice/ApacheOpenOffice.ext_sources.4.x.x.20150707.tar.gz) = 966a8333c83a18ddd84401389006d6e0b52b8175924b808b54b88211669985fa
-SIZE (openoffice/ApacheOpenOffice.ext_sources.4.x.x.20150707.tar.gz) = 28957004
 SHA256 (openoffice/unowinreg.dll) = f563e522922133db9340b0306711c2d8767cc3481dd9e7d9b0d059906d12653c
 SIZE (openoffice/unowinreg.dll) = 6144
+SHA256 (openoffice/ApacheOpenOffice.ext_sources.4.x.x.20150707.tar.gz) = 966a8333c83a18ddd84401389006d6e0b52b8175924b808b54b88211669985fa
+SIZE (openoffice/ApacheOpenOffice.ext_sources.4.x.x.20150707.tar.gz) = 28957004
diff --git a/editors/openoffice-4/files/patch-CVE-2016-1513 b/editors/openoffice-4/files/patch-CVE-2016-1513
new file mode 100644
index 00000000000..5d5370810c1
--- /dev/null
+++ b/editors/openoffice-4/files/patch-CVE-2016-1513
@@ -0,0 +1,26 @@
+--- tools/source/generic/poly2.cxx.orig	2014-02-25 08:20:50 UTC
++++ tools/source/generic/poly2.cxx
+@@ -196,8 +196,9 @@ void PolyPolygon::Insert( const Polygon&
+ 
+ void PolyPolygon::Remove( sal_uInt16 nPos )
+ {
+-	DBG_CHKTHIS( PolyPolygon, NULL );
+-	DBG_ASSERT( nPos < Count(), "PolyPolygon::Remove(): nPos >= nSize" );
++    DBG_CHKTHIS( PolyPolygon, NULL );
++    DBG_ASSERT( nPos < Count(), "PolyPolygon::Remove(): nPos >= nSize" );
++    if ( nPos >= Count() ) return; // not removable
+ 
+ 	if ( mpImplPolyPolygon->mnRefCount > 1 )
+ 	{
+@@ -216,8 +217,9 @@ void PolyPolygon::Remove( sal_uInt16 nPo
+ 
+ void PolyPolygon::Replace( const Polygon& rPoly, sal_uInt16 nPos )
+ {
+-	DBG_CHKTHIS( PolyPolygon, NULL );
+-	DBG_ASSERT( nPos < Count(), "PolyPolygon::Replace(): nPos >= nSize" );
++    DBG_CHKTHIS( PolyPolygon, NULL );
++    DBG_ASSERT( nPos < Count(), "PolyPolygon::Replace(): nPos >= nSize" );
++    if ( nPos >= Count() ) return; // not replaceable	
+ 
+ 	if ( mpImplPolyPolygon->mnRefCount > 1 )
+ 	{
-- 
cgit