[MacPorts] #63152: libreoffice 7.1.4.2_0: Bitdefener reports exploit CVE-2020-9596.5

MacPorts noreply at macports.org
Wed Jun 30 00:30:35 UTC 2021 

#63152: libreoffice 7.1.4.2_0: Bitdefener reports exploit CVE-2020-9596.5
-----------------------------+-----------------------------------
 Reporter:  melbourneboy     |      Owner:  audvare@…
     Type:  defect           |     Status:  assigned
 Priority:  Normal           |  Milestone:
Component:  ports            |    Version:  2.7.1
 Keywords:  catalina x86_64  |       Port:  libreoffice at 7.1.4.2_0
-----------------------------+-----------------------------------
 Yesterday I was working through a problem updating libreoffice.  I had
 uninstalled all versions then installed again.

 {{{
 sudo port uninstall libreoffice
 sudo port install libreoffice
 }}}

 I then left to do other things.  My Antivirus reported a detection
 overnight.  Antivirus report as follows:

 {{{
 An infected file attempted to run on your device.
 Threat name: Exploit.CVE-2020-9596.5
 Path:
 /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_office_libreoffice/libreoffice/work/libreoffice-7.1.4.2/xmlsecurity/qa/unit/signing/data
 /hide-and-replace-shadow-file-signed-2.pdf
 We deleted the file to prevent malicious commands from being executed on
 your device."
 }}}

 I then ran

 {{{
 sudo port uninstall libreoffice
 sudo port clean --all libreoffice
 }}}

 Confirmed
 {{{
 /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_office_libreoffice
 }}}
 was gone.

 I then ran
 {{{
 sudo port install libreoffice
 }}}

 Broken file and ports reported again, selected 'Y' to rebuild.
 BitDefener reports virus detections while rebuild is progressing.  Same
 detection message as above.

 {{{
 (base) mark at 192-168-1-10 ~ % sudo port install libreoffice
 --->  Computing dependencies for libreoffice
 --->  Fetching archive for libreoffice
 --->  Attempting to fetch libreoffice-7.1.4.2_0.darwin_19.x86_64.tbz2 from
 https://packages.macports.org/libreoffice
 --->  Attempting to fetch
 libreoffice-7.1.4.2_0.darwin_19.x86_64.tbz2.rmd160 from
 https://packages.macports.org/libreoffice
 --->  Installing libreoffice @7.1.4.2_0
 --->  Activating libreoffice @7.1.4.2_0
 --->  Cleaning libreoffice
 --->  Updating database of binaries
 --->  Scanning binaries for linking errors
 --->  Found 5 broken files, matching files to ports
 --->  Found 1 broken port, determining rebuild order
 You can always run 'port rev-upgrade' again to fix errors.
 The following ports will be rebuilt: libreoffice @7.1.4.2
 Continue? [Y/n]: Y
 --->  Computing dependencies for libreoffice
 --->  Cleaning libreoffice
 --->  Scanning binaries for linking errors
 --->  Found 5 broken files, matching files to ports
 --->  Found 1 broken port, determining rebuild order
 --->  Rebuilding in order
      libreoffice @7.1.4.2_0
 --->  Computing dependencies for libreoffice
 --->  Fetching distfiles for libreoffice
 --->  Attempting to fetch libreoffice-7.1.4.2.tar.xz from
 http://aarnet.au.distfiles.macports.org/pub/macports/distfiles/libreoffice
 --->  Attempting to fetch libreoffice-dictionaries-7.1.4.2.tar.xz from
 http://aarnet.au.distfiles.macports.org/pub/macports/distfiles/libreoffice
 --->  Attempting to fetch libreoffice-translations-7.1.4.2.tar.xz from
 http://aarnet.au.distfiles.macports.org/pub/macports/distfiles/libreoffice
 --->  Attempting to fetch dtoa-20180411.tgz from
 http://aarnet.au.distfiles.macports.org/pub/macports/distfiles/libreoffice
 --->  Attempting to fetch
 f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
 from
 http://aarnet.au.distfiles.macports.org/pub/macports/distfiles/libreoffice
 --->  Verifying checksums for libreoffice
 --->  Extracting libreoffice
 --->  Applying patches to libreoffice
 --->  Configuring libreoffice
 Error: Failed to configure libreoffice: consult
 /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_office_libreoffice/libreoffice/work/libreoffice-7.1.4.2/config.log
 Error: Failed to configure libreoffice: configure failure: command
 execution failed
 Error: See
 /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_office_libreoffice/libreoffice/main.log
 for details.
 Error: rev-upgrade failed: Error rebuilding libreoffice
 Error: Follow https://guide.macports.org/#project.tickets if you believe
 there is a bug.
 (base) mark at 192-168-1-10 ~ %
 }}}

 My system details are:
 macOS Catalina 10.15.7
 Xcode 12.5.1
 Bitdefener Anitvirus for Mac 8.3.2.4

-- 
Ticket URL: <https://trac.macports.org/ticket/63152>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list