6723 – [Update Request] wine - fix buffer overflow when trying to open document in MSO 2003 apps [mga2]

Bug 6723 - [Update Request] wine - fix buffer overflow when trying to open document in MSO 2003 apps [mga2]

Summary: [Update Request] wine - fix buffer overflow when trying to open document in M...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	2
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA2-32-OK MGA2-64-OK
Keywords:	validated_update

Duplicates (1):	6157 (view as bug list)
Depends on:
Blocks:

Reported:	2012-07-08 17:04 CEST by Oleg Bosis
Modified:	2012-10-20 18:13 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	wine
CVE:
Status comment:

Attachments
Patch to fix Open/Save As dialogs in MSO 2003 (764 bytes, patch) 2012-09-02 10:11 CEST, Oleg Bosis	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Oleg Bosis 2012-07-08 17:04:13 CEST

Description of problem:
I've installed MSO 2003 and I can not open any document from within Word or Excel or any other MSO application due to MSO crash with the following error:

*** buffer overflow detected ***: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x45)[0xf7565b35]
/lib/libc.so.6(+0xedb47)[0xf7563b47]
/usr/lib/wine/shell32.dll.so(+0x3dc14)[0x7dbddc14]
/usr/lib/wine/shell32.dll.so(+0x6de25)[0x7dc0de25]
/usr/lib/wine/shell32.dll.so(+0x8105b)[0x7dc2105b]
/usr/lib/wine/shell32.dll.so(+0x64fd4)[0x7dc04fd4]
[0x30e55387]
[0x30e54dab]
[0x30e55269]
[0x30e51d68]
[0x30e51cb2]
[0x30e51b43]
[0x30e52e74]
[0x30e534e9]
[0x30e507e8]
[0x30e50742]
[0x30e50714]
[0x30155214]
[0x301549b3]
[0x0]
======= Memory map: ======== 

I experience this problem with wine-1.4, 1.4.1 (from updates_testing) in Mageia 2 and with wine-1.5.8 in Cauldron (in virtual machine).

I've tested wine-1.5.8 with MSO 2003 on two other machines with Mandriva 2010.2 i586 and openSUSE 12.1 x86_64 and there were no such problem, opening documents worked fine, so I think it's Mageia specific problem.

The Bug 6157 can be caused by the same problem.

Version-Release number of selected component (if applicable):
wine-1.4, win-1.4.1, wine-1.5.8

How reproducible:
Always

Steps to Reproduce:
1. Install MSO 2003 with current version of wine
2. Start any MSO 2003 application
3. Click on "Open" button on toolbar or on File->Open menu item. MSO will crash.

Comment 1 Manuel Hiebel 2012-07-09 15:58:57 CEST

*** Bug 6157 has been marked as a duplicate of this bug. ***

CC: (none) => marcelfurmie

Comment 2 Manuel Hiebel 2012-07-09 16:02:33 CEST

ok let's close the other bug as duplicate of this one (as more info here) 

Damien, if you have an idea ?

Version: 2 => Cauldron
Assignee: bugsquad => mageia
Source RPM: (none) => wine
Whiteboard: (none) => MGA2TOO

Comment 3 Damien Lallement 2012-08-01 21:32:25 CEST

Hi, can you reproduce with the new wine in cauldron? 1.5.10?
I have no idea for the precise bug but we made a few improvement in our wine in cauldron with Anssi.
Thanks

Status: NEW => ASSIGNED

Comment 4 Oleg Bosis 2012-08-02 11:06:29 CEST

I currently can not test because I can not update my cauldron vm. I have not updated it for about a month and now when I run 'urpmi --auto-update' I get the following on the very first "transaction":

Installation failed:    rpmlib(X-CheckUnifiedSystemdir) is needed by filesystem-2.1.9-18.mga3.x86_64

So we need to wait for this problem to be fixed and cauldron become updateable again.

Comment 5 Manuel Hiebel 2012-08-02 12:13:14 CEST

>Installation failed:    rpmlib(X-CheckUnifiedSystemdir) is needed by
>filesystem-2.1.9-18.mga3.x86_64

know issue you should keep eyes on mageia-dev@ if you are using cauldron (at least on the ANN/Anounce topic)
solution: https://wiki.mageia.org/en/Feature:UsrMove#Release_Notes

Comment 6 Oleg Bosis 2012-08-02 21:03:05 CEST

It'a sad but solution you pointed to doesn't work for me: after performing steps 1-9 I still get the same error message on filesystem package. And the only packages that I was able to install on the step 1 were glibc, locale-en, locale-ru, meta-task and urpmi. All the others are uninstallable due to missing/wrong dependencies.

So I still think we will have to wait for some more system-level updates... And I'm on vacations currently and can not spend more time testing for a couple of weeks :) .

Comment 7 Oleg Bosis 2012-08-06 19:15:26 CEST

Well, using -allow-nodeps I've managed to update my cauldron vm so I was able to test wine.

The bug is still here. Nor "Open" neither "Save As" dialog can be open: Word & Excel 2003 crash on an attempt to use them.

Comment 8 Oleg Bosis 2012-09-02 10:11:08 CEST

Created attachment 2722 [details]
Patch to fix Open/Save As dialogs in MSO 2003

I've found a patch here:
http://www.winehq.org/pipermail/wine-devel/2012-June/095714.html

I've tested it and it works so I think it should be applied to wine package.

Comment 9 Oleg Bosis 2012-09-12 20:02:26 CEST

Seems like the root of the problem is described here:

http://bugs.winehq.org/show_bug.cgi?id=24606#c22

and is mentioned here:

https://bugs.archlinux.org/task/27662

WINE needs to be built without -D_FORTIFY_SOURCE option to provide correct support for MS Office.

Comment 10 Manuel Hiebel 2012-09-12 20:50:34 CEST

great thanks

Keywords: (none) => PATCH

Comment 11 Damien Lallement 2012-09-12 21:25:06 CEST

(In reply to comment #9)
> Seems like the root of the problem is described here:
> 
> http://bugs.winehq.org/show_bug.cgi?id=24606#c22
> 
> and is mentioned here:
> 
> https://bugs.archlinux.org/task/27662
> 
> WINE needs to be built without -D_FORTIFY_SOURCE option to provide correct
> support for MS Office.

Thanks, can you test wine-1.5.12-2.mga3 please?
FYI: http://svnweb.mageia.org/packages?view=revision&revision=293158

Damien Lallement 2012-09-12 21:26:44 CEST

Keywords: PATCH => (none)

Comment 12 Oleg Bosis 2012-09-12 22:26:22 CEST

Wine 1.5.12 (and a couple of previous ones) have another problem with the same functionality that I've reported upstream here: http://bugs.winehq.org/show_bug.cgi?id=31689 (I'm not sure it's an upstream bug but anyway I've reported it upstream). And besides I don't have currently access to cauldron installations.

So it would be better if you rebuild wine 1.4.1 for Mageia 2 or wait untill I'd rebuild it myself and test it. I'll try to do it tomorrow or a day after.

Comment 13 Damien Lallement 2012-09-12 22:53:14 CEST

I can push wine in update_testing if you want. Just let me know Oleg. ;-)

Comment 14 Oleg Bosis 2012-09-13 20:03:46 CEST

I don't know why this bug became the bug against cauldron. Initially I've created it against Mageia 2, so yes, I'd like to see this fix in official updates for Mageia 2.

And I've made some testing today (rebuilt wine 1.4.1 package with excluded -D_FORTYFY_SOURCE=2 option) and it works normally.

Damien Lallement 2012-09-14 15:43:36 CEST

Blocks: (none) => 2501

Damien Lallement 2012-09-14 15:46:40 CEST

Blocks: 2501 => (none)

Damien Lallement 2012-09-14 15:47:08 CEST

Version: Cauldron => 2
Whiteboard: MGA2TOO => (none)

Comment 15 Damien Lallement 2012-09-14 15:47:59 CEST

Please test wine-1.4.1-1.2.mga2 for core/update_testing.
If working, I will ask for an update request.

Comment 16 Damien Lallement 2012-09-14 15:52:57 CEST

Advisory:
-------------
The package wine was having a bad compilation option, resulting crashes with MSO 2003 apps. This update fix this bug and also provide better requires and icons.

Packages:
-------------
wine-1.4.1-1.2.mga1

How to test:
-------------
- Just try to use wine with MSO 2003 apps and check that it works.

Assignee: mageia => qa-bugs
Summary: "buffer overflow detected" error in WINE when trying to open document in MSO 2003 apps => [Update Request] wine - fix buffer overflow when trying to open document in MSO 2003 apps [mga2]

Comment 17 Damien Lallement 2012-09-14 16:02:25 CEST

Oops, package is: wine-1.4.1-1.2.mga2

CC: (none) => mageia

Comment 18 John Rye 2012-09-14 16:18:48 CEST

Advisory Text Revision:

Advisory:
-------------
The wine package wine had a bad compilation option, which resulted in crashes with
MSO 2003 apps. This update fixes this bug and also provides better requires and
icons.

CC: (none) => john

Comment 19 John Rye 2012-09-14 16:24:46 CEST

Advisory Text Revision (further updated):

Advisory:
-------------
The wine package had bad compilation options, which resulted in crashes with
MSO 2003 apps. This update fixes this bug and also provides better requires and
icons.

Comment 20 Eduard Beliaev 2012-09-14 18:08:40 CEST

Testing on Mageia 2 i586.

CC: (none) => ed_rus099

Comment 21 Eduard Beliaev 2012-09-15 20:41:51 CEST

Testing failed because I couldn't install Microsoft Office 2003, I tried with different installation files...

Comment 22 Oleg Bosis 2012-09-16 08:39:40 CEST

Strange. I've just tested installing our company's own "build" of MS Office 2003 (integrated SP3 & post-SP3 fixes) and it was OK.

But I don't have 32-bit system so I've tested on x86_64 without wine64 installed. I've used clean prefix without overrides, selected custom installation, completely disabled Outlook and InfoPath, multilanguage support and "helper" (sorry I don't know how it is correctly called in English). For all other options I've selected to install entire feature to run from my computer (*not* install on demand or run from CD).

Comment 23 Eduard Beliaev 2012-09-16 17:18:25 CEST

I think it is because I am running wine in a VM.

Could somebody with an Mag2 i586 native install, test this package?

Thanks!

Whiteboard: (none) => MGA2-64-OK

Comment 24 Dave Hodgins 2012-09-25 00:25:11 CEST

The following packages will require linking:

libavahi-client3-0.6.30-8.mga2 (Core 32bit Release (distrib31))
libavahi-common3-0.6.30-8.mga2 (Core 32bit Release (distrib31))
libblkid1-2.21.1-1.mga2 (Core 32bit Release (distrib31))
libext2fs2-1.42.2-2.mga2 (Core 32bit Release (distrib31))
libgcrypt11-1.5.0-2.mga2 (Core 32bit Release (distrib31))
libgmp10-5.0.4-1.mga2 (Core 32bit Release (distrib31))
libgnutls28-3.0.18-1.mga2 (Core 32bit Release (distrib31))
libgpg-error0-1.10-2.mga2 (Core 32bit Release (distrib31))
libhogweed2-2.4-1.mga2 (Core 32bit Release (distrib31))
libjbig1-2.0-5.mga1 (Core 32bit Release (distrib31))
libnettle4-2.4-1.mga2 (Core 32bit Release (distrib31))
libpth20-2.0.7-9.mga2 (Core 32bit Release (distrib31))
libtasn1_3-2.12-1.mga2 (Core 32bit Release (distrib31))
libunixODBC2-2.3.1-1.mga2 (Core 32bit Release (distrib31))
libuuid1-2.21.1-1.mga2 (Core 32bit Release (distrib31))
libxcomposite1-0.4.3-2.mga2 (Core 32bit Release (distrib31))
libxcursor1-1.1.13-1.mga2 (Core 32bit Release (distrib31))
libxi6-1.4.5-1.mga2 (Core 32bit Release (distrib31))
libxinerama1-1.1.2-1.mga2 (Core 32bit Release (distrib31))
libxrandr2-1.3.2-2.mga2 (Core 32bit Release (distrib31))

I've tested basic wine functionality on both i586 and
x86-64.  Both are ok, but I don't have a copy of
m$ office, to test that it's working.

CC: (none) => davidwhodgins

Comment 25 Samuel Verschelde 2012-10-18 22:11:50 CEST

I think the testing you did is enough Dave, added to that of Oleg. Let's push it?

Whiteboard: MGA2-64-OK => MGA2-32-OK MGA2-64-OK

Comment 26 Dave Hodgins 2012-10-19 05:35:01 CEST

Validating the update.

Could someone from the sysadmin team push the srpm
wine-1.4.1-1.2.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates, and link
the following package from Core Release to Core Updates ...
libavahi-client3-0.6.30-8.mga2 (Core 32bit Release (distrib31))
libavahi-common3-0.6.30-8.mga2 (Core 32bit Release (distrib31))
libblkid1-2.21.1-1.mga2 (Core 32bit Release (distrib31))
libext2fs2-1.42.2-2.mga2 (Core 32bit Release (distrib31))
libgcrypt11-1.5.0-2.mga2 (Core 32bit Release (distrib31))
libgmp10-5.0.4-1.mga2 (Core 32bit Release (distrib31))
libgnutls28-3.0.18-1.mga2 (Core 32bit Release (distrib31))
libgpg-error0-1.10-2.mga2 (Core 32bit Release (distrib31))
libhogweed2-2.4-1.mga2 (Core 32bit Release (distrib31))
libjbig1-2.0-5.mga1 (Core 32bit Release (distrib31))
libnettle4-2.4-1.mga2 (Core 32bit Release (distrib31))
libpth20-2.0.7-9.mga2 (Core 32bit Release (distrib31))
libtasn1_3-2.12-1.mga2 (Core 32bit Release (distrib31))
libunixODBC2-2.3.1-1.mga2 (Core 32bit Release (distrib31))
libuuid1-2.21.1-1.mga2 (Core 32bit Release (distrib31))
libxcomposite1-0.4.3-2.mga2 (Core 32bit Release (distrib31))
libxcursor1-1.1.13-1.mga2 (Core 32bit Release (distrib31))
libxi6-1.4.5-1.mga2 (Core 32bit Release (distrib31))
libxinerama1-1.1.2-1.mga2 (Core 32bit Release (distrib31))
libxrandr2-1.3.2-2.mga2 (Core 32bit Release (distrib31))

Advisory: The wine package had bad compilation options, which
resulted in crashes with MSO 2003 apps. This update fixes this
bug and also provides better requires and icons.

https://bugs.mageia.org/show_bug.cgi?id=6723

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 27 Thomas Backlund 2012-10-20 18:13:19 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0210

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.