pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/misc/openoffice2 Fix the following four vulnerabilities.
details: https://anonhg.NetBSD.org/pkgsrc/rev/33b17ca7a1d5
branches: trunk
changeset: 527254:33b17ca7a1d5
user: hira <hira%pkgsrc.org@localhost>
date: Sun Apr 01 23:50:59 2007 +0000
description:
Fix the following four vulnerabilities.
CVE-2007-0002: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
CVE-2007-0238: Manipulated StarCalc files can lead to arbitrary code execution
CVE-2007-0239: Security Vulnerability in StarOffice/StarSuite URL Handler
CVE-2007-1466: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
(splitted from CVE-2007-0002)
Fixes for CVE-2007-0238 and CVE-2007-0239 from OOo 2.2.
Fixes for CVE-2007-0002 and CVE-2007-1466 by external libwpd.
Bump PKGREVISION.
diffstat:
misc/openoffice2/Makefile | 6 +-
misc/openoffice2/distinfo | 10 ++++-
misc/openoffice2/patches/patch-bz | 37 ++++++++++++++++
misc/openoffice2/patches/patch-ca | 13 +++++
misc/openoffice2/patches/patch-cb | 14 ++++++
misc/openoffice2/patches/patch-cc | 18 ++++++++
misc/openoffice2/patches/patch-cd | 44 +++++++++++++++++++
misc/openoffice2/patches/patch-ce | 24 ++++++++++
misc/openoffice2/patches/patch-cf | 38 +++++++++++++++++
misc/openoffice2/patches/patch-cg | 87 +++++++++++++++++++++++++++++++++++++++
10 files changed, 288 insertions(+), 3 deletions(-)
diffs (truncated from 360 to 300 lines):
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/Makefile
--- a/misc/openoffice2/Makefile Sun Apr 01 22:00:19 2007 +0000
+++ b/misc/openoffice2/Makefile Sun Apr 01 23:50:59 2007 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.12 2007/03/23 14:18:51 hira Exp $
+# $NetBSD: Makefile,v 1.13 2007/04/01 23:50:59 hira Exp $
#
OO_VER= 2.1.0
DISTNAME= openoffice-${OO_VER}
PKGNAME= openoffice2-${OO_VER}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= misc
MASTER_SITES= ${MASTER_SITE_OPENOFFICE:=stable/${OO_VER}/}
DIST_SUBDIR= ${DISTNAME}
@@ -56,6 +56,7 @@
CONFIGURE_ARGS+= --enable-cairo
CONFIGURE_ARGS+= --disable-ldap
CONFIGURE_ARGS+= --with-system-freetype
+CONFIGURE_ARGS+= --with-system-libwpd
# `portable' supports all platforms.
CONFIGURE_ARGS+= --enable-epm --with-package-format=portable
@@ -131,6 +132,7 @@
. include "Makefile.${OPSYS}.${ARCH}"
.endif
+.include "../../converters/libwpd/buildlink3.mk"
.include "../../fonts/fontconfig/buildlink3.mk"
.include "../../graphics/MesaLib/buildlink3.mk"
.include "../../graphics/cairo/buildlink3.mk"
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/distinfo
--- a/misc/openoffice2/distinfo Sun Apr 01 22:00:19 2007 +0000
+++ b/misc/openoffice2/distinfo Sun Apr 01 23:50:59 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2007/03/19 16:51:14 hira Exp $
+$NetBSD: distinfo,v 1.9 2007/04/01 23:50:59 hira Exp $
SHA1 (openoffice-2.1.0/OOo_2.1.0_src.tar.bz2) = 9513216ae71267addf3625f5a41c3a43564da3bc
RMD160 (openoffice-2.1.0/OOo_2.1.0_src.tar.bz2) = 11256b125fdc412480d90983b0f80f35d4833e9a
@@ -57,3 +57,11 @@
SHA1 (patch-bw) = aa286260f21820a8c39812fe82ef62e56921a950
SHA1 (patch-bx) = 9d01592c69f0ba734ff488980c475a1b768bc229
SHA1 (patch-by) = 01ee243687c11a63a53f33d6230ad9cc5a5912ba
+SHA1 (patch-bz) = cdedf48e747d8ce4cbc97c3357b8fee86ca6d642
+SHA1 (patch-ca) = 0a037963deba73b3611d28441713ae01b83e6380
+SHA1 (patch-cb) = 219dc174e27b7240eabbeb137b6587e9f6983ea4
+SHA1 (patch-cc) = abe48ee14c5ee74ce9a21a727498b50178bec3a3
+SHA1 (patch-cd) = 9b4078f7837e3d40bcc42b0ea1a6544c390058c1
+SHA1 (patch-ce) = 2ff26e78cad7cf534441cc02d58934e44c534330
+SHA1 (patch-cf) = f1da97c325b1826842ca453bb93f3c2557524678
+SHA1 (patch-cg) = 014197270eced8d78c6fa6cea4002fcab7928f49
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-bz
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-bz Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-bz,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0238. This has been fixed in OOo 2.2.
+
+--- sc/source/filter/starcalc/scflt.cxx.orig 2006-12-02 02:56:27.000000000 +0900
++++ sc/source/filter/starcalc/scflt.cxx 2007-04-02 06:27:54.000000000 +0900
+@@ -4,9 +4,9 @@
+ *
+ * $RCSfile: patch-bz,v $
+ *
+- * $Revision: 1.1 $
++ * $Revision: 1.1 $
+ *
+- * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $
++ * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $
+ *
+ * The Contents of this file are made available subject to
+ * the terms of GNU Lesser General Public License Version 2.1.
+@@ -1770,12 +1770,13 @@
+ rStream >> NoteLen;
+ if (NoteLen != 0)
+ {
+- sal_Char Note[4096];
+- rStream.Read(Note, NoteLen);
+- Note[NoteLen] = 0;
+- String aText( SC10TOSTRING(Note));
+- ScPostIt aNote(aText, pDoc);
++ sal_Char* pNote = new sal_Char[NoteLen+1];
++ rStream.Read(pNote, NoteLen);
++ pNote[NoteLen] = 0;
++ String aText( SC10TOSTRING(pNote));
++ ScPostIt aNote(aText, pDoc);
+ pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote );
++ delete [] pNote;
+ }
+ }
+ pPrgrsBar->Progress();
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-ca
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-ca Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ca,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/misc/cde-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/misc/cde-open-url.sh 2007-01-19 22:07:09.000000000 +0900
+@@ -58,5 +58,5 @@
+ fi
+
+ if [ -z "$TMPFILE" ]; then exit 1; fi
+-( echo $1 > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) &
++( echo "$1" > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) &
+ exit 0
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-cb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-cb Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-cb,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/misc/gnome-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/misc/gnome-open-url.sh 2007-01-19 22:07:22.000000000 +0900
+@@ -50,6 +50,6 @@
+ esac
+
+ # use gnome-open utility coming with libgnome if available
+-gnome-open $1 2>/dev/null || "$0.bin" $1
++gnome-open "$1" 2>/dev/null || "$0.bin" $1
+
+ exit 0
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-cc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-cc Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-cc,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/misc/kde-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/misc/kde-open-url.sh 2007-01-19 22:07:36.000000000 +0900
+@@ -51,9 +51,9 @@
+
+ # special handling for mailto: uris
+ if echo $1 | grep '^mailto:' > /dev/null; then
+- kmailservice $1 &
++ kmailservice "$1" &
+ else
+- kfmclient openURL $1 &
++ kfmclient openURL "$1" &
+ fi
+
+ exit 0
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-cd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-cd Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-cd,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/misc/open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/misc/open-url.sh 2007-01-19 22:07:49.000000000 +0900
+@@ -96,15 +96,15 @@
+ # special handling for mailto: uris
+ if echo $1 | grep '^mailto:' > /dev/null; then
+ # check $MAILER variable
+- if [ $MAILER ]; then
+- $MAILER $1 &
++ if [ ! -z "$MAILER" ]; then
++ $MAILER "$1" &
+ exit 0
+ else
+ # mozilla derivates may need -remote semantics
+ for i in thunderbird mozilla netscape; do
+ mailer=`which $i`
+ if [ ! -z "$mailer" ]; then
+- run_mozilla $mailer $1
++ run_mozilla "$mailer" "$1"
+ exit 0
+ fi
+ done
+@@ -113,15 +113,15 @@
+ fi
+ else
+ # check $BROWSER variable
+- if [ $BROWSER ]; then
+- $BROWSER $1 &
++ if [ ! -z "$BROWSER" ]; then
++ $BROWSER "$1" &
+ exit 0
+ else
+ # mozilla derivates may need -remote semantics
+ for i in firefox mozilla netscape; do
+ browser=`which $i`
+ if [ ! -z "$browser" ]; then
+- run_mozilla $browser $1
++ run_mozilla "$browser" "$1"
+ exit 0
+ fi
+ done
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-ce
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-ce Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-ce,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- scp2/source/ooo/file_ooo.scp.orig 2007-04-02 07:02:55.000000000 +0900
++++ scp2/source/ooo/file_ooo.scp 2007-04-02 07:05:41.000000000 +0900
+@@ -347,7 +347,7 @@
+ BIN_FILE_BODY;
+ Dir = gid_Dir_Program;
+ Name = "gnome-open-url";
+- Styles = (PACKED);
++ Styles = (PACKED, PATCH);
+ End
+
+ File gid_File_Bin_Gnome_Open_Url_Bin
+@@ -361,7 +361,7 @@
+ BIN_FILE_BODY;
+ Dir = gid_Dir_Program;
+ Name = "kde-open-url";
+- Styles = (PACKED);
++ Styles = (PACKED, PATCH);
+ End
+
+ File gid_File_Bin_Cde_Open_Url
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-cf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-cf Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-cf,v 1.1 2007/04/01 23:50:59 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/exec/shellexec.hxx.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/exec/shellexec.hxx 2007-01-19 22:06:24.000000000 +0900
+@@ -4,9 +4,9 @@
+ *
+ * $RCSfile: patch-cf,v $
+ *
+- * $Revision: 1.1 $
++ * $Revision: 1.1 $
+ *
+- * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $
++ * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $
+ *
+ * The Contents of this file are made available subject to
+ * the terms of GNU Lesser General Public License Version 2.1.
+@@ -44,6 +44,10 @@
+ #include <osl/mutex.hxx>
+ #endif
+
++#ifndef _RTL_STRBUF_HXX_
++#include <rtl/strbuf.hxx>
++#endif
++
+ #ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_
+ #include <com/sun/star/lang/XServiceInfo.hpp>
+ #endif
+@@ -90,4 +94,8 @@
+ throw(::com::sun::star::uno::RuntimeException);
+ };
+
++
++// helper function - needed for urltest
++void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL);
++
+ #endif
diff -r 8d4ae5c1b1ab -r 33b17ca7a1d5 misc/openoffice2/patches/patch-cg
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/openoffice2/patches/patch-cg Sun Apr 01 23:50:59 2007 +0000
@@ -0,0 +1,87 @@
+$NetBSD: patch-cg,v 1.1 2007/04/01 23:51:00 hira Exp $
+
+Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2.
+
+--- shell/source/unix/exec/shellexec.cxx.orig 2006-12-02 02:57:03.000000000 +0900
++++ shell/source/unix/exec/shellexec.cxx 2007-01-19 22:06:10.000000000 +0900
+@@ -4,9 +4,9 @@
+ *
+ * $RCSfile: patch-cg,v $
+ *
+- * $Revision: 1.1 $
++ * $Revision: 1.1 $
+ *
+- * last change: $Author: hira $ $Date: 2007/04/01 23:51:00 $
++ * last change: $Author: hira $ $Date: 2007/04/01 23:51:00 $
+ *
+ * The Contents of this file are made available subject to
+ * the terms of GNU Lesser General Public License Version 2.1.
+@@ -52,10 +52,6 @@
+ #include <osl/file.hxx>
+ #endif
+
+-#ifndef _RTL_STRBUF_HXX_
+-#include <rtl/strbuf.hxx>
+-#endif
+-
+ #ifndef _RTL_USTRBUF_HXX_
Home |
Main Index |
Thread Index |
Old Index