rpms/openoffice.org/FC-5 openoffice.org-2.2.0.rh226966.scoverflow.sc.patch, NONE, 1.1 openoffice.org-2.2.0.rh228008.escape.shell.patch, NONE, 1.1 openoffice.org.spec, 1.684, 1.685
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Feb 20 11:59:23 UTC 2007
Author: caolanm
Update of /cvs/dist/rpms/openoffice.org/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv8273
Modified Files:
openoffice.org.spec
Added Files:
openoffice.org-2.2.0.rh226966.scoverflow.sc.patch
openoffice.org-2.2.0.rh228008.escape.shell.patch
Log Message:
no 21
openoffice.org-2.2.0.rh226966.scoverflow.sc.patch:
scflt.cxx | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
--- NEW FILE openoffice.org-2.2.0.rh226966.scoverflow.sc.patch ---
Index: source/filter/starcalc/scflt.cxx
===================================================================
RCS file: /cvs/sc/sc/source/filter/starcalc/scflt.cxx,v
retrieving revision 1.16
retrieving revision 1.16.80.1
diff -u -r1.16 -r1.16.80.1
--- openoffice.org.orig/sc/source/filter/starcalc/scflt.cxx 5 Oct 2006 16:21:16 -0000 1.16
+++ openoffice.org/sc/source/filter/starcalc/scflt.cxx 24 Jan 2007 13:35:23 -0000 1.16.80.1
@@ -1770,12 +1770,13 @@
rStream >> NoteLen;
if (NoteLen != 0)
{
- sal_Char Note[4096];
- rStream.Read(Note, NoteLen);
- Note[NoteLen] = 0;
- String aText( SC10TOSTRING(Note));
- ScPostIt aNote(aText, pDoc);
+ sal_Char* pNote = new sal_Char[NoteLen+1];
+ rStream.Read(pNote, NoteLen);
+ pNote[NoteLen] = 0;
+ String aText( SC10TOSTRING(pNote));
+ ScPostIt aNote(aText, pDoc);
pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote );
+ delete [] pNote;
}
}
pPrgrsBar->Progress();
openoffice.org-2.2.0.rh228008.escape.shell.patch:
shellexec.cxx | 128 +++++++++++++++++++++++++++++++++++-----------------------
shellexec.hxx | 6 ++
2 files changed, 85 insertions(+), 49 deletions(-)
--- NEW FILE openoffice.org-2.2.0.rh228008.escape.shell.patch ---
--- openoffice.org.orig/shell/source/unix/exec/shellexec.hxx.old 2005-09-07 21:54:18.000000000 +0200
+++ openoffice.org/shell/source/unix/exec/shellexec.hxx 2007-02-01 18:41:49.000000000 +0100
@@ -44,6 +44,10 @@
#include <osl/mutex.hxx>
#endif
+#ifndef _RTL_USTRBUF_HXX_
+#include <rtl/ustrbuf.hxx>
+#endif
+
#ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_
#include <com/sun/star/lang/XServiceInfo.hpp>
#endif
@@ -65,6 +69,8 @@
::rtl::OString m_aDesktopEnvironment;
::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext >
m_xContext;
+
+ sal_Int32 SAL_CALL tryExecuteProcess( const rtl::OUString& aCommand, const rtl::OUString& aParameter );
public:
ShellExec(const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext >& xContext);
--- openoffice.org.orig/shell/source/unix/exec/shellexec.cxx.old 2006-09-17 03:41:54.000000000 +0200
+++ openoffice.org/shell/source/unix/exec/shellexec.cxx 2007-02-02 16:03:56.000000000 +0100
@@ -56,10 +56,6 @@
#include <rtl/strbuf.hxx>
#endif
-#ifndef _RTL_USTRBUF_HXX_
-#include <rtl/ustrbuf.hxx>
-#endif
-
#ifndef _RTL_URI_H_
#include <rtl/uri.hxx>
#endif
@@ -124,6 +120,47 @@
}
}
+//------------------------------------------------------------------------
+// helper method
+//------------------------------------------------------------------------
+
+sal_Int32 SAL_CALL ShellExec::tryExecuteProcess( const OUString& aCommand, const OUString& aParameter )
+{
+ OUString aCommandURL;
+ osl::FileBase::getFileURLFromSystemPath(aCommand, aCommandURL);
+
+ rtl_uString *args[] = { aCommandURL.pData, aParameter.pData };
+ oslProcess pProcess = NULL;
+ sal_Int32 rc = 1;
+
+ oslProcessError error = osl_executeProcess(
+ args[0], /* ustrImageName */
+ args+1, /* ustrArguments[] */
+ 1, /* nArguments */
+ osl_Process_WAIT | osl_Process_SEARCHPATH | osl_Process_NORMAL, /* Options */
+ NULL, /* Security */
+ NULL, /* ustrDirectory */
+ NULL, /* ustrEnvironments[] */
+ 0, /* nEnvironmentVars */
+ &pProcess); /* pProcess*/
+
+ if (error == osl_Process_E_None)
+ {
+ error = osl_joinProcess( pProcess );
+ if (error==osl_Process_E_None)
+ {
+ oslProcessInfo aProcessInfo;
+ aProcessInfo.Size = sizeof(aProcessInfo);
+ error = osl_getProcessInfo( pProcess, osl_Process_EXITCODE, &aProcessInfo );
+ if (error==osl_Process_E_None)
+ rc = aProcessInfo.Code;
+ }
+ }
+ osl_freeProcessHandle(pProcess);
+
+ return rc;
+}
+
//-----------------------------------------------------------------------------------------
//
//-----------------------------------------------------------------------------------------
@@ -157,23 +194,28 @@
void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aParameter, sal_Int32 /*nFlags*/ )
throw (IllegalArgumentException, SystemShellExecuteException, RuntimeException)
{
- OStringBuffer aBuffer, aLaunchBuffer;
+ OStringBuffer aOfficeLauncher;
+ OUString aURL;
+
+ sal_Bool bTryDesktopLauncher = sal_False;
// DESKTOP_LAUNCH, see http://freedesktop.org/pipermail/xdg/2004-August/004489.html
- static const char *pDesktopLaunch = getenv( "DESKTOP_LAUNCH" );
+ static const char *pDesktopLauncher = getenv( "DESKTOP_LAUNCH" );
// Check wether aCommand contains a document url or not
sal_Int32 nIndex = aCommand.indexOf( OUString( RTL_CONSTASCII_USTRINGPARAM(":/") ) );
if( nIndex > 0 || 0 == aCommand.compareToAscii("mailto:", 7) )
{
- // It seems to be a url ..
+ // It seems to be an url ..
+ if ( pDesktopLauncher && *pDesktopLauncher )
+ bTryDesktopLauncher = sal_True;
+
// We need to re-encode file urls because osl_getFileURLFromSystemPath converts
// to UTF-8 before encoding non ascii characters, which is not what other apps
// expect.
- OUString aURL(
- com::sun::star::uri::ExternalUriReferenceTranslator::create(
- m_xContext)->translateToExternal(aCommand));
+ aURL = com::sun::star::uri::ExternalUriReferenceTranslator::create(
+ m_xContext)->translateToExternal(aCommand);
if ( aURL.getLength() == 0 && aCommand.getLength() != 0 )
{
throw RuntimeException(
@@ -183,15 +225,17 @@
+ aCommand),
static_cast< cppu::OWeakObject * >(this));
}
-
+
+ // URL needs furher changes depending on the launcher
+ // FIXME: Should we try pDesktopLauncher before we modify the URL?
#ifdef MACOSX
- aBuffer.append("open");
+ aOfficeLauncher.append("open");
#else
OUString aProgramURL;
if ( osl_Process_E_None != osl_getExecutableFile(&aProgramURL.pData) )
{
throw SystemShellExecuteException(
- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")),
+ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")),
static_cast < XSystemShellExecute * > (this), ENOENT );
}
@@ -199,7 +243,7 @@
if ( FileBase::E_None != FileBase::getSystemPathFromFileURL(aProgramURL, aProgram))
{
throw SystemShellExecuteException(
- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")),
+ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")),
static_cast < XSystemShellExecute * > (this), ENOENT );
}
@@ -208,7 +252,7 @@
OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding());
nIndex = aTmp.lastIndexOf('/');
if (nIndex > 0)
- aBuffer.append(aTmp.copy(0, nIndex+1));
+ aOfficeLauncher.append(aTmp.copy(0, nIndex+1));
// Respect the desktop environment - if there is an executable named
// <desktop-environement-is>-open-url, pass the url to this one instead
@@ -216,17 +260,17 @@
if ( m_aDesktopEnvironment.getLength() > 0 )
{
OString aDesktopEnvironment(m_aDesktopEnvironment.toAsciiLowerCase());
- OStringBuffer aCopy(aBuffer);
+ OStringBuffer aCopy(aOfficeLauncher);
aCopy.append(aDesktopEnvironment);
aCopy.append("-open-url");
if ( 0 == access( aCopy.getStr(), X_OK) )
{
- aBuffer.append(aDesktopEnvironment);
- aBuffer.append("-");
+ aOfficeLauncher.append(aDesktopEnvironment);
+ aOfficeLauncher.append("-");
- /* CDE requires file urls to be decoded */
+ /* CDE requires file urls to be decoded */
if ( m_aDesktopEnvironment.equals("CDE") && 0 == aURL.compareToAscii("file://", 7) )
{
aURL = rtl::Uri::decode(aURL, rtl_UriDecodeWithCharset, osl_getThreadTextEncoding());
@@ -234,44 +278,30 @@
}
}
- aBuffer.append("open-url");
+ aOfficeLauncher.append("open-url");
#endif
- aBuffer.append(" \'");
- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
- aBuffer.append("\'");
-
- if ( pDesktopLaunch && *pDesktopLaunch )
- {
- aLaunchBuffer.append( pDesktopLaunch );
- aLaunchBuffer.append( " \'" );
- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
- aLaunchBuffer.append( "\'" );
- }
} else {
- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding()));
- aBuffer.append(" ");
- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding()));
+ aOfficeLauncher.append(OUStringToOString(aCommand, osl_getThreadTextEncoding()));
+ aURL = aParameter;
}
- // Prefer DESKTOP_LAUNCH when available
- if ( aLaunchBuffer.getLength() > 0 )
+ if ( bTryDesktopLauncher )
{
- FILE *pLaunch = popen( aLaunchBuffer.makeStringAndClear().getStr(), "w" );
- if ( pLaunch != NULL )
- {
- if ( 0 == pclose( pLaunch ) )
- return;
- }
- // Failed, do not try DESKTOP_LAUNCH any more
- pDesktopLaunch = NULL;
+ sal_Int32 nErr = tryExecuteProcess( OUString::createFromAscii(pDesktopLauncher), aURL);
+ if ( nErr )
+ // Failed, do not try DESKTOP_LAUNCH any more
+ pDesktopLauncher = NULL;
+ else
+ return;
}
- OString cmd = aBuffer.makeStringAndClear();
- if ( 0 != pclose(popen(cmd.getStr(), "w")) )
+ OUString aOfficeLauncherOUStr = ::rtl::OStringToOUString(aOfficeLauncher.makeStringAndClear(), osl_getThreadTextEncoding());
+ sal_Int32 nErr = tryExecuteProcess( aOfficeLauncherOUStr, aURL);
+ if ( nErr )
{
- int nerr = errno;
- throw SystemShellExecuteException(OUString::createFromAscii( strerror( nerr ) ),
- static_cast < XSystemShellExecute * > (this), nerr );
+ OUString msg = OUString::createFromAscii( "Failed to execute ") + aOfficeLauncherOUStr;
+ throw SystemShellExecuteException(msg,
+ static_cast < XSystemShellExecute * > (this), nErr );
}
}
Index: openoffice.org.spec
===================================================================
RCS file: /cvs/dist/rpms/openoffice.org/FC-5/openoffice.org.spec,v
retrieving revision 1.684
retrieving revision 1.685
diff -u -r1.684 -r1.685
--- openoffice.org.spec 4 Dec 2006 11:11:05 -0000 1.684
+++ openoffice.org.spec 20 Feb 2007 11:59:20 -0000 1.685
@@ -1,6 +1,6 @@
%define oootag OOB680
%define ooomilestone 5
-%define rh_rpm_release 20
+%define rh_rpm_release 21
%define build_fc5 1
@@ -187,6 +187,8 @@
Patch59: openoffice.org-2.0.4.ooo69236.slideshow.esccrash.patch
Patch60: openoffice.org-2.0.4.ooo63086.vcl.focusfollowsmouse.patch
Patch61: openoffice.org-2.1.0.ooo70042.wmfoverflow.svtools.patch
+Patch62: openoffice.org-2.2.0.rh228008.escape.shell.patch
+Patch63: openoffice.org-2.2.0.rh226966.scoverflow.sc.patch
%define instdir %{_libdir}/openoffice.org2.0
@@ -857,6 +859,8 @@
%patch59 -p1 -b .ooo69236.slideshow.esccrash.patch
%patch60 -p1 -b .ooo63086.vcl.focusfollowsmouse.patch
%patch61 -p1 -b .ooo70042.wmfoverflow.svtools.patch
+%patch62 -p1 -b .rh228008.escape.shell.patch
+%patch63 -p1 -b .rh226966.scoverflow.sc.patch
%if %{includingexternals}
#start ludicrous workaround
@@ -3302,6 +3306,10 @@
%{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu
%changelog
+* Tue Fri 20 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.0.2-5.21
+- Resolves: CVE-2007-0239 rhbz#228008 shell escape
+- Resolves: CVE-2007-0238 rhbz#226966 buffer overflows
+
* Mon Dec 04 2006 Caolan McNamara <caolanm at redhat.com> - 1:2.0.2-5.20
- Resolves: rhbz#217347 openoffice.org-2.1.0.ooo70042.wmfoverflow.svtools.patch
More information about the fedora-cvs-commits
mailing list