diff options
author | maho <maho@FreeBSD.org> | 2007-01-09 05:32:12 +0800 |
---|---|---|
committer | maho <maho@FreeBSD.org> | 2007-01-09 05:32:12 +0800 |
commit | e8f7f916a3514a6d2b63230546d146a9ec247962 (patch) | |
tree | d48aeb5b22ca9154264e641165a82b0ed0df288c | |
parent | c73160ccb040a4d2299b84bcb96b7270c89726d9 (diff) | |
download | freebsd-ports-gnome-e8f7f916a3514a6d2b63230546d146a9ec247962.tar.gz freebsd-ports-gnome-e8f7f916a3514a6d2b63230546d146a9ec247962.tar.zst freebsd-ports-gnome-e8f7f916a3514a6d2b63230546d146a9ec247962.zip |
Fix two security vulnerability
* http://www.openoffice.org/security/CVE-2006-3117.html
http://www.openoffice.org/issues/show_bug.cgi?id=66866
patch:http://cvs.gnome.org/viewcvs/*checkout*/ooo-build/patches/OOO_1_1/sax%2Bsource%2Bexpatwrap%2Bxml2utf.cxx.diff?rev=1.1.2.1
* http://www.openoffice.org/security/CVE-2006-2198.html
http://www.openoffice.org/issues/show_bug.cgi?id=66863
patch:http://cvs.gnome.org/viewcvs/*checkout*/ooo-build/patches/OOO_1_1/6438334-macros-so7-sfx2.diff?rev=1.1.2.1
Obtained from: security-team@openoffice.org (Rene Engelhard <rene@debian.org>)
3 files changed, 372 insertions, 1 deletions
diff --git a/editors/openoffice.org-1.1/Makefile b/editors/openoffice.org-1.1/Makefile index 0cc1ce17fb87..d11496d21885 100644 --- a/editors/openoffice.org-1.1/Makefile +++ b/editors/openoffice.org-1.1/Makefile @@ -7,7 +7,7 @@ PORTNAME= openoffice.org PORTVERSION= 1.1.5 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES+= editors MASTER_SITES+= ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/stable/1.1.5/&,} \ ftp://ftp.kddlabs.co.jp/office/openoffice/stable/1.1.5/ \ diff --git a/editors/openoffice.org-1.1/files/patch-sax+source+expatwrap+xml2utf.cxx b/editors/openoffice.org-1.1/files/patch-sax+source+expatwrap+xml2utf.cxx new file mode 100644 index 000000000000..0b94ee341b26 --- /dev/null +++ b/editors/openoffice.org-1.1/files/patch-sax+source+expatwrap+xml2utf.cxx @@ -0,0 +1,81 @@ +diff -urN -x CVS -x unxlngi6.pro sax.orig/source/expatwrap/xml2utf.cxx sax/source/expatwrap/xml2utf.cxx +--- sax.orig/source/expatwrap/xml2utf.cxx 2005-09-08 14:05:22.000000000 +0200 ++++ sax/source/expatwrap/xml2utf.cxx 2006-06-22 11:04:22.000000000 +0200 +@@ -78,24 +78,26 @@ + // ensure that enough data is available to parse encoding + if( seqStart.getLength() ) + { +- seq.realloc( seqStart.getLength() + seq.getLength() ); +- memcpy( (sal_Int8*)seq.getConstArray() + seqStart.getLength() , +- seq.getConstArray() , +- seq.getLength() ); +- memcpy( (sal_Int8*)seq.getConstArray() , +- seqStart.getConstArray(), +- seqStart.getLength() ); ++ // prefix with what we had so far. ++ sal_Int32 nLength = seq.getLength(); ++ seq.realloc( seqStart.getLength() + nLength ); ++ ++ memmove (seq.getArray() + seqStart.getLength(), ++ seq.getConstArray(), ++ nLength); ++ memcpy (seq.getArray(), ++ seqStart.getConstArray(), ++ seqStart.getLength()); + } + + // autodetection with the first bytes + if( ! isEncodingRecognizable( seq ) ) + { +- seqStart.realloc( seqStart.getLength() + seq.getLength() ); +- memcpy( (sal_Int8*)seqStart.getConstArray() + seqStart.getLength(), +- seq.getConstArray(), +- seq.getLength()); +- // read more ! +- continue; ++ // remember what we have so far. ++ seqStart = seq; ++ ++ // read more ! ++ continue; + } + if( scanForEncoding( seq ) || m_sEncoding.getLength() ) { + // initialize decoding +@@ -291,7 +293,7 @@ + + // simply add the byte order mark ! + seq.realloc( seq.getLength() + 2 ); +- memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() ); ++ memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() - 2 ); + ((sal_uInt8*)seq.getArray())[0] = 0xFE; + ((sal_uInt8*)seq.getArray())[1] = 0xFF; + +@@ -302,7 +304,7 @@ + // The byte order mark is simply added + + seq.realloc( seq.getLength() + 2 ); +- memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() ); ++ memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() - 2 ); + ((sal_uInt8*)seq.getArray())[0] = 0xFF; + ((sal_uInt8*)seq.getArray())[1] = 0xFE; + +@@ -511,9 +513,7 @@ + // In general when surrogates are used, they should be rarely + // cut off between two convert()-calls. So this code is used + // rarely and the extra copy is acceptable. +- nSourceSize += m_seqSource.getLength(); +- +- puTempMem = new sal_Unicode[ nSourceSize ]; ++ puTempMem = new sal_Unicode[ nSourceSize + m_seqSource.getLength()]; + memcpy( puTempMem , + m_seqSource.getConstArray() , + m_seqSource.getLength() * sizeof( sal_Unicode ) ); +@@ -522,6 +522,7 @@ + puSource , + nSourceSize*sizeof( sal_Unicode ) ); + puSource = puTempMem; ++ nSourceSize += m_seqSource.getLength(); + + m_seqSource = Sequence< sal_Unicode > (); + } + diff --git a/editors/openoffice.org-1.1/files/patch-sfx2-6438334-macros-so7 b/editors/openoffice.org-1.1/files/patch-sfx2-6438334-macros-so7 new file mode 100644 index 000000000000..163952e4486b --- /dev/null +++ b/editors/openoffice.org-1.1/files/patch-sfx2-6438334-macros-so7 @@ -0,0 +1,290 @@ +Index: inc/objsh.hxx +=================================================================== +RCS file: /cvs/framework/sfx2/inc/objsh.hxx,v +retrieving revision 1.32.12.3 +diff -u -p -r1.32.12.3 objsh.hxx +--- sfx2/inc/objsh.hxx 21 Apr 2004 09:42:09 -0000 1.32.12.3 ++++ sfx2/inc/objsh.hxx 13 Jun 2006 12:14:45 -0000 +@@ -569,6 +569,7 @@ public: + #if _SOLAR__PRIVATE + static SEQUENCE< OUSTRING > GetEventNames_Impl(); + void InitBasicManager_Impl( SvStorage *pStor, const String* pName = NULL ); ++ void CheckMacrosOnLoading_Impl(); + SfxObjectShell_Impl* Get_Impl() { return pImp; } + const SfxObjectShell_Impl* Get_Impl() const { return pImp; } + +Index: source/doc/objmisc.cxx +=================================================================== +RCS file: /cvs/framework/sfx2/source/doc/objmisc.cxx,v +retrieving revision 1.33.12.1 +diff -u -p -r1.33.12.1 objmisc.cxx +--- sfx2/source/doc/objmisc.cxx 21 Apr 2004 09:42:21 -0000 1.33.12.1 ++++ sfx2/source/doc/objmisc.cxx 13 Jun 2006 12:16:28 -0000 +@@ -126,6 +126,7 @@ + #include <svtools/securityoptions.hxx> + + ++using namespace ::com::sun::star; + using namespace ::com::sun::star::uno; + using namespace ::com::sun::star::ucb; + using namespace ::com::sun::star::document; +@@ -181,6 +182,8 @@ using namespace ::com::sun::star::docume + #include "helper.hxx" + #include "doc.hrc" + ++#include <scriptcont.hxx> ++ + // class SfxHeaderAttributes_Impl ---------------------------------------- + + class SfxHeaderAttributes_Impl : public SvKeyValueIterator +@@ -1008,6 +1011,80 @@ void SfxObjectShell::SetAutoLoad( + } + } + ++//------------------------------------------------------------------------- ++ ++void SfxObjectShell::CheckMacrosOnLoading_Impl() ++{ ++ const SfxFilter* pFilter = pMedium->GetFilter(); ++ sal_Bool bHasStorage = IsOwnStorageFormat_Impl( *pMedium ); ++ ++ if ( GetError() != ERRCODE_NONE ) ++ return; ++ ++ sal_Bool bHasMacros = sal_False; ++ ++ if ( bHasStorage && ( !pFilter || !( pFilter->GetFilterFlags() & SFX_FILTER_STARONEFILTER ) ) ) ++ { ++ SvStorageRef xStorage( pMedium->GetStorage() ); ++ if ( xStorage.Is() ) ++ { ++ if ( xStorage->IsOLEStorage() ) ++ bHasMacros = BasicManager::HasBasicWithModules( *xStorage ); ++ else ++ bHasMacros = xStorage->IsStorage( String::CreateFromAscii("Basic") ); ++ } ++ else ++ SetError( ERRCODE_IO_GENERAL ); ++ } ++ ++ if ( !bHasMacros && pImp->pBasicLibContainer != 0 ) ++ { ++ // a library container exists; check if it's empty ++ ++ // if there are libraries except "Standard" library ++ // we assume that they are not empty (because they have been created by the user) ++ try ++ { ++ if ( pImp->pBasicLibContainer->hasElements() ) ++ { ++ ::rtl::OUString aStdLibName( RTL_CONSTASCII_USTRINGPARAM( "Standard" ) ); ++ uno::Sequence< ::rtl::OUString > aElements = pImp->pBasicLibContainer->getElementNames(); ++ if ( aElements.getLength() ) ++ { ++ if ( aElements.getLength() > 1 || !aElements[0].equals( aStdLibName ) ) ++ bHasMacros = sal_True; ++ else ++ { ++ // usually a "Standard" library is always present (design) ++ // for this reason we must check if it's empty ++ uno::Reference < container::XNameAccess > xLib; ++ uno::Any aAny = pImp->pBasicLibContainer->getByName( aStdLibName ); ++ aAny >>= xLib; ++ if ( xLib.is() ) ++ bHasMacros = xLib->hasElements(); ++ } ++ } ++ } ++ } ++ catch( uno::Exception& ) ++ {} ++ } ++ ++ if ( GetError() != ERRCODE_NONE ) ++ return; ++ ++ if ( bHasMacros ) ++ { ++ AdjustMacroMode( String() ); // if macros are disabled the message will be shown here ++ } ++ else ++ { ++ // if macros will be added by the user later, the security check is obsolete ++ pImp->nMacroMode = MacroExecMode::ALWAYS_EXECUTE_NO_WARN; ++ } ++} ++//------------------------------------------------------------------------- ++ + void SfxObjectShell::FinishedLoading( sal_uInt16 nFlags ) + { + sal_Bool bSetModifiedTRUE = sal_False; +@@ -1028,6 +1105,8 @@ void SfxObjectShell::FinishedLoading( sa + SfxStringItem, SID_DOC_SALVAGE, sal_False ); + if ( pSalvageItem ) + bSetModifiedTRUE = sal_True; ++ ++ CheckMacrosOnLoading_Impl(); + } + + if( ( nFlags & SFX_LOADED_IMAGES ) && +Index: source/doc/objstor.cxx +=================================================================== +RCS file: /cvs/framework/sfx2/source/doc/objstor.cxx,v +retrieving revision 1.118.16.3 +diff -u -p -r1.118.16.3 objstor.cxx +--- sfx2/source/doc/objstor.cxx 25 Mar 2004 12:07:10 -0000 1.118.16.3 ++++ sfx2/source/doc/objstor.cxx 13 Jun 2006 12:16:34 -0000 +@@ -607,22 +607,6 @@ sal_Bool SfxObjectShell::DoLoad( SfxMedi + xStor->FillInfoList( &aList ); + if ( !aList.Count() && !xStor->IsOLEStorage() ) + SetError( ERRCODE_IO_BROKENPACKAGE ); +- else +- { +- BOOL bHasMacros = FALSE; +- if ( xStor->IsOLEStorage() ) +- bHasMacros = BasicManager::HasBasicWithModules( *xStor ); +- else +- bHasMacros = xStor->IsStorage( String::CreateFromAscii("Basic") ); +- +- if ( bHasMacros ) +- AdjustMacroMode( String() ); +- else +- { +- // if macros will be added by the user later, the security check is obsolete +- pImp->nMacroMode = MacroExecMode::ALWAYS_EXECUTE_NO_WARN; +- } +- } + } + + // Load +Index: source/doc/sfxbasemodel.cxx +=================================================================== +RCS file: /cvs/framework/sfx2/source/doc/sfxbasemodel.cxx,v +retrieving revision 1.51.10.1 +diff -u -p -r1.51.10.1 sfxbasemodel.cxx +--- sfx2/source/doc/sfxbasemodel.cxx 9 Jan 2004 17:44:22 -0000 1.51.10.1 ++++ sfx2/source/doc/sfxbasemodel.cxx 13 Jun 2006 12:16:42 -0000 +@@ -103,6 +103,10 @@ + #include <com/sun/star/view/PaperOrientation.hpp> + #endif + ++#ifndef _COM_SUN_STAR_SCRIPT_XLIBRARYCONTAINER_HPP_ ++#include <com/sun/star/script/XLibraryContainer.hpp> ++#endif ++ + #ifndef _CPPUHELPER_INTERFACECONTAINER_HXX_ + #include <cppuhelper/interfacecontainer.hxx> + #endif +@@ -578,6 +582,7 @@ SEQUENCE< sal_Int8 > SAL_CALL SfxBaseMod + + REFERENCE< XSTARBASICACCESS > implGetStarBasicAccess( SfxObjectShell* pObjectShell ) + { ++ // is not used + REFERENCE< XSTARBASICACCESS > xRet; + if( pObjectShell ) + { +@@ -593,13 +598,20 @@ REFERENCE< XNAMECONTAINER > SAL_CALL Sfx + if ( impl_isDisposed() ) + throw DISPOSEDEXCEPTION(); + +- REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; +- if( !rxAccess.is() ) +- rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); ++// the document library container must be used directly ++// REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; ++// if( !rxAccess.is() ) ++// rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); ++// ++// REFERENCE< XNAMECONTAINER > xRet; ++// if( rxAccess.is() ) ++// xRet = rxAccess->getLibraryContainer(); ++// return xRet; + + REFERENCE< XNAMECONTAINER > xRet; +- if( rxAccess.is() ) +- xRet = rxAccess->getLibraryContainer(); ++ if( m_pData->m_pObjectShell ) ++ xRet = REFERENCE< XNAMECONTAINER >( m_pData->m_pObjectShell->GetBasicContainer(), UNO_QUERY ); ++ + return xRet; + } + +@@ -614,12 +626,32 @@ void SAL_CALL SfxBaseModel::createLibrar + if ( impl_isDisposed() ) + throw DISPOSEDEXCEPTION(); + +- REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; +- if( !rxAccess.is() ) +- rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); +- +- if( rxAccess.is() ) +- rxAccess->createLibrary( LibName, Password, ExternalSourceURL, LinkTargetURL ); ++ if( m_pData->m_pObjectShell ) ++ { ++ Reference< ::com::sun::star::script::XLibraryContainer > xContainer = m_pData->m_pObjectShell->GetBasicContainer(); ++ if ( xContainer.is() ) ++ { ++ // insert a dummy library to let library existance be detected ++ // it is a hack to fix 136937 ++ try ++ { ++ ::rtl::OUString aDummy( RTL_CONSTASCII_USTRINGPARAM( "Dummy" ) ); ++ if ( !xContainer->hasByName( aDummy ) ) ++ xContainer->createLibrary( aDummy ); ++ } ++ catch( uno::Exception& ) ++ { ++ return; ++ } ++ ++ REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; ++ if( !rxAccess.is() ) ++ rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); ++ ++ if( rxAccess.is() ) ++ rxAccess->createLibrary( LibName, Password, ExternalSourceURL, LinkTargetURL ); ++ } ++ } + } + + /**___________________________________________________________________________________________________ +@@ -633,12 +665,32 @@ void SAL_CALL SfxBaseModel::addModule( c + if ( impl_isDisposed() ) + throw DISPOSEDEXCEPTION(); + +- REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; +- if( !rxAccess.is() ) +- rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); +- +- if( rxAccess.is() ) +- rxAccess->addModule( LibraryName, ModuleName, Language, Source ); ++ if( m_pData->m_pObjectShell ) ++ { ++ Reference< ::com::sun::star::script::XLibraryContainer > xContainer = m_pData->m_pObjectShell->GetBasicContainer(); ++ if ( xContainer.is() ) ++ { ++ // insert a dummy library to let library existance be detected ++ // it is a hack to fix 136937 ++ try ++ { ++ ::rtl::OUString aDummy( RTL_CONSTASCII_USTRINGPARAM( "Dummy" ) ); ++ if ( !xContainer->hasByName( aDummy ) ) ++ xContainer->createLibrary( aDummy ); ++ } ++ catch( uno::Exception& ) ++ { ++ return; ++ } ++ ++ REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess; ++ if( !rxAccess.is() ) ++ rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell ); ++ ++ if( rxAccess.is() ) ++ rxAccess->addModule( LibraryName, ModuleName, Language, Source ); ++ } ++ } + } + + /**___________________________________________________________________________________________________ + |