diff options
| author | hira <hira> | 2007-04-01 23:50:59 +0000 |
|---|---|---|
| committer | hira <hira> | 2007-04-01 23:50:59 +0000 |
| commit | 67dbf12bfc7dee7d2f1486575425a8e251108a4b (patch) | |
| tree | 88f1529c5d9c456e1b43b80965d248331524c0dd /misc | |
| parent | 01a95649b3c236c18f3b69fb6824efe1cd572992 (diff) | |
| download | pkgsrc-67dbf12bfc7dee7d2f1486575425a8e251108a4b.tar.gz | |
Fix the following four vulnerabilities.
CVE-2007-0002: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
CVE-2007-0238: Manipulated StarCalc files can lead to arbitrary code execution
CVE-2007-0239: Security Vulnerability in StarOffice/StarSuite URL Handler
CVE-2007-1466: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
(splitted from CVE-2007-0002)
Fixes for CVE-2007-0238 and CVE-2007-0239 from OOo 2.2.
Fixes for CVE-2007-0002 and CVE-2007-1466 by external libwpd.
Bump PKGREVISION.
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/openoffice2/Makefile | 6 | ||||
| -rw-r--r-- | misc/openoffice2/distinfo | 10 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-bz | 37 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-ca | 13 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-cb | 14 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-cc | 18 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-cd | 44 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-ce | 24 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-cf | 38 | ||||
| -rw-r--r-- | misc/openoffice2/patches/patch-cg | 87 |
10 files changed, 288 insertions, 3 deletions
diff --git a/misc/openoffice2/Makefile b/misc/openoffice2/Makefile index c2ca7445b20..28d46de70e3 100644 --- a/misc/openoffice2/Makefile +++ b/misc/openoffice2/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.12 2007/03/23 14:18:51 hira Exp $ +# $NetBSD: Makefile,v 1.13 2007/04/01 23:50:59 hira Exp $ # OO_VER= 2.1.0 DISTNAME= openoffice-${OO_VER} PKGNAME= openoffice2-${OO_VER} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= misc MASTER_SITES= ${MASTER_SITE_OPENOFFICE:=stable/${OO_VER}/} DIST_SUBDIR= ${DISTNAME} @@ -56,6 +56,7 @@ CONFIGURE_ARGS+= --enable-binfilter CONFIGURE_ARGS+= --enable-cairo CONFIGURE_ARGS+= --disable-ldap CONFIGURE_ARGS+= --with-system-freetype +CONFIGURE_ARGS+= --with-system-libwpd # `portable' supports all platforms. CONFIGURE_ARGS+= --enable-epm --with-package-format=portable @@ -131,6 +132,7 @@ ARCH= ${MACHINE_ARCH:C/i[3-6]86/i386/g} . include "Makefile.${OPSYS}.${ARCH}" .endif +.include "../../converters/libwpd/buildlink3.mk" .include "../../fonts/fontconfig/buildlink3.mk" .include "../../graphics/MesaLib/buildlink3.mk" .include "../../graphics/cairo/buildlink3.mk" diff --git a/misc/openoffice2/distinfo b/misc/openoffice2/distinfo index 4b20fd34d5c..6bb01cb428c 100644 --- a/misc/openoffice2/distinfo +++ b/misc/openoffice2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2007/03/19 16:51:14 hira Exp $ +$NetBSD: distinfo,v 1.9 2007/04/01 23:50:59 hira Exp $ SHA1 (openoffice-2.1.0/OOo_2.1.0_src.tar.bz2) = 9513216ae71267addf3625f5a41c3a43564da3bc RMD160 (openoffice-2.1.0/OOo_2.1.0_src.tar.bz2) = 11256b125fdc412480d90983b0f80f35d4833e9a @@ -57,3 +57,11 @@ SHA1 (patch-bv) = bc035bdbc8420666a52417f2226e3e687d199e33 SHA1 (patch-bw) = aa286260f21820a8c39812fe82ef62e56921a950 SHA1 (patch-bx) = 9d01592c69f0ba734ff488980c475a1b768bc229 SHA1 (patch-by) = 01ee243687c11a63a53f33d6230ad9cc5a5912ba +SHA1 (patch-bz) = cdedf48e747d8ce4cbc97c3357b8fee86ca6d642 +SHA1 (patch-ca) = 0a037963deba73b3611d28441713ae01b83e6380 +SHA1 (patch-cb) = 219dc174e27b7240eabbeb137b6587e9f6983ea4 +SHA1 (patch-cc) = abe48ee14c5ee74ce9a21a727498b50178bec3a3 +SHA1 (patch-cd) = 9b4078f7837e3d40bcc42b0ea1a6544c390058c1 +SHA1 (patch-ce) = 2ff26e78cad7cf534441cc02d58934e44c534330 +SHA1 (patch-cf) = f1da97c325b1826842ca453bb93f3c2557524678 +SHA1 (patch-cg) = 014197270eced8d78c6fa6cea4002fcab7928f49 diff --git a/misc/openoffice2/patches/patch-bz b/misc/openoffice2/patches/patch-bz new file mode 100644 index 00000000000..83108428937 --- /dev/null +++ b/misc/openoffice2/patches/patch-bz @@ -0,0 +1,37 @@ +$NetBSD: patch-bz,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0238. This has been fixed in OOo 2.2. + +--- sc/source/filter/starcalc/scflt.cxx.orig 2006-12-02 02:56:27.000000000 +0900 ++++ sc/source/filter/starcalc/scflt.cxx 2007-04-02 06:27:54.000000000 +0900 +@@ -4,9 +4,9 @@ + * + * $RCSfile: patch-bz,v $ + * +- * $Revision: 1.1 $ ++ * $Revision: 1.1 $ + * +- * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $ ++ * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $ + * + * The Contents of this file are made available subject to + * the terms of GNU Lesser General Public License Version 2.1. +@@ -1770,12 +1770,13 @@ + rStream >> NoteLen; + if (NoteLen != 0) + { +- sal_Char Note[4096]; +- rStream.Read(Note, NoteLen); +- Note[NoteLen] = 0; +- String aText( SC10TOSTRING(Note)); +- ScPostIt aNote(aText, pDoc); ++ sal_Char* pNote = new sal_Char[NoteLen+1]; ++ rStream.Read(pNote, NoteLen); ++ pNote[NoteLen] = 0; ++ String aText( SC10TOSTRING(pNote)); ++ ScPostIt aNote(aText, pDoc); + pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote ); ++ delete [] pNote; + } + } + pPrgrsBar->Progress(); diff --git a/misc/openoffice2/patches/patch-ca b/misc/openoffice2/patches/patch-ca new file mode 100644 index 00000000000..2fb04fbf0c4 --- /dev/null +++ b/misc/openoffice2/patches/patch-ca @@ -0,0 +1,13 @@ +$NetBSD: patch-ca,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/misc/cde-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/misc/cde-open-url.sh 2007-01-19 22:07:09.000000000 +0900 +@@ -58,5 +58,5 @@ + fi + + if [ -z "$TMPFILE" ]; then exit 1; fi +-( echo $1 > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & ++( echo "$1" > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & + exit 0 diff --git a/misc/openoffice2/patches/patch-cb b/misc/openoffice2/patches/patch-cb new file mode 100644 index 00000000000..8aad04ea9b6 --- /dev/null +++ b/misc/openoffice2/patches/patch-cb @@ -0,0 +1,14 @@ +$NetBSD: patch-cb,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/misc/gnome-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/misc/gnome-open-url.sh 2007-01-19 22:07:22.000000000 +0900 +@@ -50,6 +50,6 @@ + esac + + # use gnome-open utility coming with libgnome if available +-gnome-open $1 2>/dev/null || "$0.bin" $1 ++gnome-open "$1" 2>/dev/null || "$0.bin" $1 + + exit 0 diff --git a/misc/openoffice2/patches/patch-cc b/misc/openoffice2/patches/patch-cc new file mode 100644 index 00000000000..9c98d421895 --- /dev/null +++ b/misc/openoffice2/patches/patch-cc @@ -0,0 +1,18 @@ +$NetBSD: patch-cc,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/misc/kde-open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/misc/kde-open-url.sh 2007-01-19 22:07:36.000000000 +0900 +@@ -51,9 +51,9 @@ + + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then +- kmailservice $1 & ++ kmailservice "$1" & + else +- kfmclient openURL $1 & ++ kfmclient openURL "$1" & + fi + + exit 0 diff --git a/misc/openoffice2/patches/patch-cd b/misc/openoffice2/patches/patch-cd new file mode 100644 index 00000000000..94e0b57bd5b --- /dev/null +++ b/misc/openoffice2/patches/patch-cd @@ -0,0 +1,44 @@ +$NetBSD: patch-cd,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/misc/open-url.sh.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/misc/open-url.sh 2007-01-19 22:07:49.000000000 +0900 +@@ -96,15 +96,15 @@ + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then + # check $MAILER variable +- if [ $MAILER ]; then +- $MAILER $1 & ++ if [ ! -z "$MAILER" ]; then ++ $MAILER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in thunderbird mozilla netscape; do + mailer=`which $i` + if [ ! -z "$mailer" ]; then +- run_mozilla $mailer $1 ++ run_mozilla "$mailer" "$1" + exit 0 + fi + done +@@ -113,15 +113,15 @@ + fi + else + # check $BROWSER variable +- if [ $BROWSER ]; then +- $BROWSER $1 & ++ if [ ! -z "$BROWSER" ]; then ++ $BROWSER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in firefox mozilla netscape; do + browser=`which $i` + if [ ! -z "$browser" ]; then +- run_mozilla $browser $1 ++ run_mozilla "$browser" "$1" + exit 0 + fi + done diff --git a/misc/openoffice2/patches/patch-ce b/misc/openoffice2/patches/patch-ce new file mode 100644 index 00000000000..084dbfdc197 --- /dev/null +++ b/misc/openoffice2/patches/patch-ce @@ -0,0 +1,24 @@ +$NetBSD: patch-ce,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- scp2/source/ooo/file_ooo.scp.orig 2007-04-02 07:02:55.000000000 +0900 ++++ scp2/source/ooo/file_ooo.scp 2007-04-02 07:05:41.000000000 +0900 +@@ -347,7 +347,7 @@ + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "gnome-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Gnome_Open_Url_Bin +@@ -361,7 +361,7 @@ + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "kde-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Cde_Open_Url diff --git a/misc/openoffice2/patches/patch-cf b/misc/openoffice2/patches/patch-cf new file mode 100644 index 00000000000..06989446876 --- /dev/null +++ b/misc/openoffice2/patches/patch-cf @@ -0,0 +1,38 @@ +$NetBSD: patch-cf,v 1.1 2007/04/01 23:50:59 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/exec/shellexec.hxx.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/exec/shellexec.hxx 2007-01-19 22:06:24.000000000 +0900 +@@ -4,9 +4,9 @@ + * + * $RCSfile: patch-cf,v $ + * +- * $Revision: 1.1 $ ++ * $Revision: 1.1 $ + * +- * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $ ++ * last change: $Author: hira $ $Date: 2007/04/01 23:50:59 $ + * + * The Contents of this file are made available subject to + * the terms of GNU Lesser General Public License Version 2.1. +@@ -44,6 +44,10 @@ + #include <osl/mutex.hxx> + #endif + ++#ifndef _RTL_STRBUF_HXX_ ++#include <rtl/strbuf.hxx> ++#endif ++ + #ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_ + #include <com/sun/star/lang/XServiceInfo.hpp> + #endif +@@ -90,4 +94,8 @@ + throw(::com::sun::star::uno::RuntimeException); + }; + ++ ++// helper function - needed for urltest ++void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL); ++ + #endif diff --git a/misc/openoffice2/patches/patch-cg b/misc/openoffice2/patches/patch-cg new file mode 100644 index 00000000000..5fb69a6eb04 --- /dev/null +++ b/misc/openoffice2/patches/patch-cg @@ -0,0 +1,87 @@ +$NetBSD: patch-cg,v 1.1 2007/04/01 23:51:00 hira Exp $ + +Security fixes for CVE-2007-0239. This has been fixed in OOo 2.2. + +--- shell/source/unix/exec/shellexec.cxx.orig 2006-12-02 02:57:03.000000000 +0900 ++++ shell/source/unix/exec/shellexec.cxx 2007-01-19 22:06:10.000000000 +0900 +@@ -4,9 +4,9 @@ + * + * $RCSfile: patch-cg,v $ + * +- * $Revision: 1.1 $ ++ * $Revision: 1.1 $ + * +- * last change: $Author: hira $ $Date: 2007/04/01 23:51:00 $ ++ * last change: $Author: hira $ $Date: 2007/04/01 23:51:00 $ + * + * The Contents of this file are made available subject to + * the terms of GNU Lesser General Public License Version 2.1. +@@ -52,10 +52,6 @@ + #include <osl/file.hxx> + #endif + +-#ifndef _RTL_STRBUF_HXX_ +-#include <rtl/strbuf.hxx> +-#endif +- + #ifndef _RTL_USTRBUF_HXX_ + #include <rtl/ustrbuf.hxx> + #endif +@@ -124,6 +120,20 @@ + } + } + ++void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL) ++{ ++ sal_Int32 nmax = rURL.getLength(); ++ for(sal_Int32 n=0; n < nmax; ++n) ++ { ++ // escape every non alpha numeric characters (excluding a few "known good") by prepending a '\' ++ sal_Char c = rURL[n]; ++ if( ( c < 'A' || c > 'Z' ) && ( c < 'a' || c > 'z' ) && ( c < '0' || c > '9' ) && c != '/' && c != '.' ) ++ rBuffer.append( '\\' ); ++ ++ rBuffer.append( c ); ++ } ++} ++ + //----------------------------------------------------------------------------------------- + // + //----------------------------------------------------------------------------------------- +@@ -208,7 +218,7 @@ + OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding()); + nIndex = aTmp.lastIndexOf('/'); + if (nIndex > 0) +- aBuffer.append(aTmp.copy(0, nIndex+1)); ++ escapeForShell(aBuffer, aTmp.copy(0, nIndex+1)); + + // Respect the desktop environment - if there is an executable named + // <desktop-environement-is>-open-url, pass the url to this one instead +@@ -236,21 +246,19 @@ + + aBuffer.append("open-url"); + #endif +- aBuffer.append(" \'"); +- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aBuffer.append("\'"); ++ aBuffer.append(" "); ++ escapeForShell(aBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding())); + + if ( pDesktopLaunch && *pDesktopLaunch ) + { + aLaunchBuffer.append( pDesktopLaunch ); +- aLaunchBuffer.append( " \'" ); +- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aLaunchBuffer.append( "\'" ); ++ aLaunchBuffer.append(" "); ++ escapeForShell(aLaunchBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding())); + } + } else { +- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding())); ++ escapeForShell(aBuffer, OUStringToOString(aCommand, osl_getThreadTextEncoding())); + aBuffer.append(" "); +- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding())); ++ escapeForShell(aBuffer, OUStringToOString(aParameter, osl_getThreadTextEncoding())); + } + + // Prefer DESKTOP_LAUNCH when available |