Fix CVE-2017-11110:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
https://bugzilla.redhat.com/show_bug.cgi?id=1468471
https://security-tracker.debian.org/tracker/CVE-2017-11110

Patch copied from openSUSE:

https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1

From: Andreas Stieger <astieger@suse.com>
Date: Mon, 10 Jul 2017 15:37:58 +0000
References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877

All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4.

---
 src/ole.c |    5 +++++
 1 file changed, 5 insertions(+)

Index: catdoc-0.95/src/ole.c
===================================================================
--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
+++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
 		return NULL;
 	}
  	sectorSize = 1<<getshort(oleBuf,0x1e);
+	/* CVE-2017-11110) */
+ 	if (sectorSize < 4) {
+		fprintf(stderr,"sectorSize < 4 not supported\n");
+		return NULL;
+	}
 	shortSectorSize=1<<getshort(oleBuf,0x20);
 
 /* Read BBD into memory */
@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
 		}
 
 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
+		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */
 						 1, sectorSize, newfile) != sectorSize) {
 			fprintf(stderr, "Error read MSAT!\n");
 			ole_finish();
td class='form'><form class='right' method='get' action='/guix/log/tests/store-deduplication.scm'>
<input type='hidden' name='id' value='aef51732226c38a919c8845d649e9bb05433ed03'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=aef51732226c38a919c8845d649e9bb05433ed03'>root</a>/<a href='/guix/log/tests?id=aef51732226c38a919c8845d649e9bb05433ed03'>tests</a>/<a href='/guix/log/tests/store-deduplication.scm?id=aef51732226c38a919c8845d649e9bb05433ed03'>store-deduplication.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/store-deduplication.scm?id=aef51732226c38a919c8845d649e9bb05433ed03&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-12-15 17:32:12 +0100'>2020-12-15</span></td><td><a href='/guix/commit/tests/store-deduplication.scm?id=7530e491b517497b7b8166b5ccecdc3d4cdb468d'>deduplicate: Create the '.links' directory lazily.</a><span class='msg-avail'>...<span class='msg-tooltip'>This avoids repeated (mkdir-p "/gnu/store/.links") calls when
deduplicating lots of files.

* guix/store/deduplication.scm (deduplicate): Remove initial call to
'mkdir-p'.  Add ENOENT case in 'link' exception handler.  Reindent.
* tests/store-deduplication.scm ("deduplicate, ENOSPC"): Check
for (&lt;= links 4) to account for the initial 'link' call.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-15 17:32:10 +0100'>2020-12-15</span></td><td><a href='/guix/commit/tests/store-deduplication.scm?id=6a060ff27ff68384d7c90076baa36c349fff689d'>store-copy: 'populate-store' can optionally deduplicate files.</a><span class='msg-avail'>...<span class='msg-tooltip'>Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.

* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp-&gt;derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'.  Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
 #:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression-&gt;initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure.  Pass it to 'source-module-closure'.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2020-12-15	deduplicate: Create the '.links' directory lazily....This avoids repeated (mkdir-p "/gnu/store/.links") calls when deduplicating lots of files. * guix/store/deduplication.scm (deduplicate): Remove initial call to 'mkdir-p'. Add ENOENT case in 'link' exception handler. Reindent. * tests/store-deduplication.scm ("deduplicate, ENOSPC"): Check for (<= links 4) to account for the initial 'link' call.	Ludovic Courtès
2020-12-15	store-copy: 'populate-store' can optionally deduplicate files....Until now deduplication was performed as an additional pass after copying files, which involve re-traversing all the files that had just been copied. * guix/store/deduplication.scm (copy-file/deduplicate): New procedure. * tests/store-deduplication.scm ("copy-file/deduplicate"): New test. * guix/build/store-copy.scm (populate-store): Add #:deduplicate? parameter and honor it. * tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate? to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'. * gnu/build/vm.scm (root-partition-initializer): Likewise. * gnu/build/install.scm (populate-single-profile-directory): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/linux-initrd.scm (build-initrd): Likewise. * guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New procedure. [build]: Pass it as an argument to 'source-module-closure'. * guix/scripts/pack.scm (squashfs-image)[build]: Wrap in 'with-extensions'. * gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New procedure. [builder]: Pass it to 'source-module-closure'. * gnu/system/install.scm (cow-store-service-type)[import-module?]: New procedure. Pass it to 'source-module-closure'.	Ludovic Courtès