From bb8819fcec75985ec510318bfee7513967e23d71 Mon Sep 17 00:00:00 2001 From: Rene Engelhard Date: Tue, 20 Mar 2007 13:19:32 +0000 Subject: 2.0.4.dfsg.2-6 changes --- bin/a2az.pl | 1 + patches/src680/apply | 8 +- patches/src680/cws-obr04-escaping.diff | 344 +++++++++++++++ patches/src680/cws-obr04-quotes.diff | 124 ++++++ patches/src680/libwpd-CVE-2007-0002.diff | 489 +++++++++++++++++++++ patches/src680/sensible-browser.diff | 16 +- .../src680/starcalc-file-format-parser-2.2.diff | 28 ++ 7 files changed, 1001 insertions(+), 9 deletions(-) create mode 100644 patches/src680/cws-obr04-escaping.diff create mode 100644 patches/src680/cws-obr04-quotes.diff create mode 100644 patches/src680/libwpd-CVE-2007-0002.diff create mode 100644 patches/src680/starcalc-file-format-parser-2.2.diff diff --git a/bin/a2az.pl b/bin/a2az.pl index 8b829592e..3a6d696dd 100644 --- a/bin/a2az.pl +++ b/bin/a2az.pl @@ -40,6 +40,7 @@ while( ){ s/([ ~">][Aa]) \$\[officename\]/$1z \$\[officename\]/g; s/([ ~">][Aa]) \\\$\[officename\]/$1z \\\$\[officename\]/g; s/([ ~">][Aa]) \[ProductName\]/$1z \[ProductName\]/g; + s/\\nA %PRODUCTNAME/\\nAz %PRODUCTNAME/g; } }; } diff --git a/patches/src680/apply b/patches/src680/apply index 16e43b94e..720a987c6 100644 --- a/patches/src680/apply +++ b/patches/src680/apply @@ -13,7 +13,7 @@ OLDEST_SUPPORTED=ood680-m5 OOO_2_0_4 Common : BuildBits, ParallelMake, TemporaryHacks, FixesNotForUpstream, \ Fixes, FedoraFixes, Defaults, Features, VCL, Misc, \ Icons, Branding, VBABits, VBAObjects, CalcFixes, Leaks, Egg, \ - QuickStartTray, SpeedImageList, GStreamer + QuickStartTray, SpeedImageList, GStreamer, Security LinuxCommon : Common, BuildBitsLinuxOnly, LinuxOnly, SystemBits, CWSBackports, GCJ, \ QPro, Lwp, cairocanvas, msaccess, KDE, \ 64bitPatches, Fpickers, Mono, AddressBooks, QuickStarter @@ -178,6 +178,8 @@ cws-sixtyfour09.diff cws-cmcfixes28.diff # extract of the sw parts of cmcfixes30 cws-cmcfixes30.diff +cws-obr04-escaping.diff +cws-obr04-quotes.diff # [ LinuxOnly ] @@ -1945,3 +1947,7 @@ scp2-parallel-build-fix.diff SectionOwner => tml novell-win32-odma.diff, i#6885, i#32741, i#63808 + +[ Security ] +starcalc-file-format-parser-2.2.diff +libwpd-CVE-2007-0002.diff diff --git a/patches/src680/cws-obr04-escaping.diff b/patches/src680/cws-obr04-escaping.diff new file mode 100644 index 000000000..125d02a64 --- /dev/null +++ b/patches/src680/cws-obr04-escaping.diff @@ -0,0 +1,344 @@ +Index: shell/source/unix/exec/makefile.mk +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/exec/makefile.mk,v +retrieving revision 1.9 +retrieving revision 1.9.70.2 +diff -u -p -u -p -r1.9 -r1.9.70.2 +--- shell/source/unix/exec/makefile.mk 24 May 2006 14:04:52 -0000 1.9 ++++ shell/source/unix/exec/makefile.mk 11 Jan 2007 09:42:38 -0000 1.9.70.2 +@@ -42,6 +42,8 @@ ENABLE_EXCEPTIONS=TRUE + + COMP1TYPELIST=syssh + ++TESTAPP1=urltest ++ + # --- Settings ----------------------------------------------------- + + .INCLUDE : settings.mk +@@ -68,7 +70,25 @@ SHL1STDLIBS=$(CPPULIB)\ + SHL1LIBS= + SHL1DEPN= + ++.IF "$(test)" != "" ++ ++APP1TARGET=$(TESTAPP1) ++APP1STDLIBS= $(SHL1STDLIBS) ++APP1OBJS= \ ++ $(SLO)$/shellexec.obj \ ++ $(SLO)$/$(APP1TARGET).obj ++ ++.ENDIF # "$(test)" != "" ++ ++ + # --- Targets ------------------------------------------------------ + + .INCLUDE : target.mk + ++run_test : $(BIN)$/$(TESTAPP1).sh ++ dmake test=t ++ $(BIN)$/$(TESTAPP1) urltest.txt ++ ++$(BIN)$/$(TESTAPP1).sh : $$(@:f) ++ $(COPY) $< $@ ++ -chmod +x $@ +Index: shell/source/unix/exec/shellexec.cxx +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/exec/shellexec.cxx,v +retrieving revision 1.15 +retrieving revision 1.15.28.2 +diff -u -p -u -p -r1.15 -r1.15.28.2 +--- shell/source/unix/exec/shellexec.cxx 17 Sep 2006 01:41:54 -0000 1.15 ++++ shell/source/unix/exec/shellexec.cxx 11 Jan 2007 09:42:38 -0000 1.15.28.2 +@@ -52,10 +52,6 @@ + #include + #endif + +-#ifndef _RTL_STRBUF_HXX_ +-#include +-#endif +- + #ifndef _RTL_USTRBUF_HXX_ + #include + #endif +@@ -124,6 +120,20 @@ namespace // private + } + } + ++void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL) ++{ ++ sal_Int32 nmax = rURL.getLength(); ++ for(sal_Int32 n=0; n < nmax; ++n) ++ { ++ // escape every non alpha numeric characters (excluding a few "known good") by prepending a '\' ++ sal_Char c = rURL[n]; ++ if( ( c < 'A' || c > 'Z' ) && ( c < 'a' || c > 'z' ) && ( c < '0' || c > '9' ) && c != '/' && c != '.' ) ++ rBuffer.append( '\\' ); ++ ++ rBuffer.append( c ); ++ } ++} ++ + //----------------------------------------------------------------------------------------- + // + //----------------------------------------------------------------------------------------- +@@ -208,7 +218,7 @@ void SAL_CALL ShellExec::execute( const + OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding()); + nIndex = aTmp.lastIndexOf('/'); + if (nIndex > 0) +- aBuffer.append(aTmp.copy(0, nIndex+1)); ++ escapeForShell(aBuffer, aTmp.copy(0, nIndex+1)); + + // Respect the desktop environment - if there is an executable named + // -open-url, pass the url to this one instead +@@ -236,21 +246,19 @@ void SAL_CALL ShellExec::execute( const + + aBuffer.append("open-url"); + #endif +- aBuffer.append(" \'"); +- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aBuffer.append("\'"); ++ aBuffer.append(" "); ++ escapeForShell(aBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding())); + + if ( pDesktopLaunch && *pDesktopLaunch ) + { + aLaunchBuffer.append( pDesktopLaunch ); +- aLaunchBuffer.append( " \'" ); +- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aLaunchBuffer.append( "\'" ); ++ aLaunchBuffer.append(" "); ++ escapeForShell(aLaunchBuffer, OUStringToOString(aURL, osl_getThreadTextEncoding())); + } + } else { +- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding())); ++ escapeForShell(aBuffer, OUStringToOString(aCommand, osl_getThreadTextEncoding())); + aBuffer.append(" "); +- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding())); ++ escapeForShell(aBuffer, OUStringToOString(aParameter, osl_getThreadTextEncoding())); + } + + // Prefer DESKTOP_LAUNCH when available +Index: shell/source/unix/exec/shellexec.hxx +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/exec/shellexec.hxx,v +retrieving revision 1.4 +retrieving revision 1.4.126.2 +diff -u -p -u -p -r1.4 -r1.4.126.2 +--- shell/source/unix/exec/shellexec.hxx 7 Sep 2005 19:54:18 -0000 1.4 ++++ shell/source/unix/exec/shellexec.hxx 11 Jan 2007 09:42:38 -0000 1.4.126.2 +@@ -44,6 +44,10 @@ + #include + #endif + ++#ifndef _RTL_STRBUF_HXX_ ++#include ++#endif ++ + #ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_ + #include + #endif +@@ -89,5 +93,9 @@ public: + virtual ::com::sun::star::uno::Sequence< ::rtl::OUString > SAL_CALL getSupportedServiceNames( ) + throw(::com::sun::star::uno::RuntimeException); + }; ++ ++ ++// helper function - needed for urltest ++void escapeForShell( rtl::OStringBuffer & rBuffer, const rtl::OString & rURL); + + #endif +Index: shell/source/unix/exec/urltest.cxx +=================================================================== +RCS file: shell/source/unix/exec/urltest.cxx +diff -N shell/source/unix/exec/urltest.cxx +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ shell/source/unix/exec/urltest.cxx 11 Jan 2007 09:42:38 -0000 1.1.2.2 +@@ -0,0 +1,159 @@ ++/************************************************************************* ++ * ++ * OpenOffice.org - a multi-platform office productivity suite ++ * ++ * $RCSfile$ ++ * ++ * $Revision$ ++ * ++ * last change: $Author$ $Date$ ++ * ++ * The Contents of this file are made available subject to ++ * the terms of GNU Lesser General Public License Version 2.1. ++ * ++ * ++ * GNU Lesser General Public License Version 2.1 ++ * ============================================= ++ * Copyright 2005 by Sun Microsystems, Inc. ++ * 901 San Antonio Road, Palo Alto, CA 94303, USA ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License version 2.1, as published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, ++ * MA 02111-1307 USA ++ * ++ ************************************************************************/ ++ ++#include "shellexec.hxx" ++ ++#include ++ ++#include ++#include ++#include ++#include ++ ++// ----------------------------------------------------------------------- ++ ++int main(int argc, const char *argv[]) ++{ ++ int ret = 0; ++ ++ if( argc != 2 ) ++ { ++ fprintf(stderr, "Usage: urltest \n"); ++ return -1; ++ } ++ ++ FILE * fp = fopen( argv[1], "r" ); ++ if( NULL == fp ) ++ { ++ perror( argv[1] ); ++ return -1; ++ } ++ ++ // expect urltest.sh beside this binary ++ char line[LINE_MAX]; ++ size_t len = strlen(argv[0]); ++ strcpy( line, argv[0] ); ++ strcpy( line + len, ".sh " ); ++ len += 4; ++ ++ unsigned int errors = 0; ++ ++ // read url(s) to test from file ++ char url[512]; ++ while( NULL != fgets(url, sizeof(url), fp)) ++ { ++ // remove trailing line break ++ strtok( url, "\r\n" ); ++ ++ printf( "Passing URL: %s\n", url ); ++ ++ // test the encoding functionality from shellexec.cxx ++ rtl::OString aURL( url ); ++ rtl::OStringBuffer aBuffer; ++ escapeForShell(aBuffer, aURL); ++ ++ // append encoded URL as (only) parameter to the script ++ strcpy( line + len, aBuffer.getStr() ); ++ ++ printf( "Command line: %s\n", line ); ++ ++ FILE * pipe = popen( line, "r" ); ++ if( NULL != pipe ) ++ { ++ char buffer[BUFSIZ]; ++ ++ // initialize buffer with '\0' ++ memset(buffer, '\0', BUFSIZ); ++ ++ // read the output of the script ++ if(NULL == fgets( buffer, BUFSIZ, pipe)) ++ { ++ perror("FAILED: output of script could not be read"); ++ printf( "\n"); ++ ++errors; ++ continue; ++ } ++ ++ // remove trailing line break again ++ strtok( buffer, "\r\n" ); ++ ++ int n = pclose(pipe); ++ if( 0 != n ) ++ { ++ printf("FAILED: fclose returned %d\n\n", n ); ++ ++errors; ++ continue; ++ } ++ ++ if( 0 == strcmp( url, buffer ) ) ++ { ++ // strings are identical: good ! ++ printf( "OK\n\n"); ++ } ++ else ++ { ++ // compare failed ++ printf( "FAILED: returned string is %s\n\n", buffer); ++ ++errors; ++ } ++ ++ } ++ else ++ { ++ perror( line ); ++ ret = -2; ++ break; ++ } ++ } ++ ++ if( ferror( fp ) ) ++ { ++ perror( argv[1] ); ++ ret = -1; ++ } ++ ++ fclose( fp ); ++ ++ if( errors ) ++ { ++ printf( "Number of tests failing: %d\n", errors); ++ ret = -3; ++ } ++ else ++ printf( "All tests passed OK.\n" ); ++ ++ ++ return ret; ++} +Index: shell/source/unix/exec/urltest.sh +=================================================================== +RCS file: shell/source/unix/exec/urltest.sh +diff -N shell/source/unix/exec/urltest.sh +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ shell/source/unix/exec/urltest.sh 10 Jan 2007 15:02:16 -0000 1.1.2.1 +@@ -0,0 +1,2 @@ ++#!/bin/sh ++echo "$1" +\ No newline at end of file +Index: shell/source/unix/exec/urltest.txt +=================================================================== +RCS file: shell/source/unix/exec/urltest.txt +diff -N shell/source/unix/exec/urltest.txt +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ shell/source/unix/exec/urltest.txt 10 Jan 2007 15:02:16 -0000 1.1.2.1 +@@ -0,0 +1,11 @@ ++http://www.openoffice.org ++http://en.wiktionary.org/wiki/harmless';CMD=lsx-lx$HOME;IFS=x;$CMD;#' ++http://en.wikipedia.org/wiki/Shell_(computers) ++http://www.google.com/search?hl=$100+bill ++http://unix.t-a-y-l-o-r.com/;clear;ls ++http://www.google.com/;exec mozilla; ++http://www.yahoo.com/<> ++http://www.yahoo.com/\ ++http://www.yahoo.com/" ++http://www.yahoo.com/' ++http://www.yahoo.com/;echo 'this'; +\ No newline at end of file diff --git a/patches/src680/cws-obr04-quotes.diff b/patches/src680/cws-obr04-quotes.diff new file mode 100644 index 000000000..fc1001f56 --- /dev/null +++ b/patches/src680/cws-obr04-quotes.diff @@ -0,0 +1,124 @@ +Index: shell/source/unix/misc/cde-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/cde-open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.120.1 +diff -u -p -u -p -r1.3 -r1.3.120.1 +--- shell/source/unix/misc/cde-open-url.sh 27 Sep 2005 12:54:22 -0000 1.3 ++++ shell/source/unix/misc/cde-open-url.sh 20 Dec 2006 15:03:24 -0000 1.3.120.1 +@@ -58,5 +58,5 @@ else + fi + + if [ -z "$TMPFILE" ]; then exit 1; fi +-( echo $1 > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & ++( echo "$1" > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & + exit 0 +Index: shell/source/unix/misc/gnome-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/gnome-open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.166.1 +diff -u -p -u -p -r1.3 -r1.3.166.1 +--- shell/source/unix/misc/gnome-open-url.sh 13 May 2005 07:31:07 -0000 1.3 ++++ shell/source/unix/misc/gnome-open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.166.1 +@@ -50,6 +50,6 @@ case `uname -s` in + esac + + # use gnome-open utility coming with libgnome if available +-gnome-open $1 2>/dev/null || "$0.bin" $1 ++gnome-open "$1" 2>/dev/null || "$0.bin" $1 + + exit 0 +Index: shell/source/unix/misc/kde-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/kde-open-url.sh,v +retrieving revision 1.2 +retrieving revision 1.2.254.1 +diff -u -p -u -p -r1.2 -r1.2.254.1 +--- shell/source/unix/misc/kde-open-url.sh 10 May 2004 13:08:06 -0000 1.2 ++++ shell/source/unix/misc/kde-open-url.sh 20 Dec 2006 15:03:25 -0000 1.2.254.1 +@@ -51,9 +51,9 @@ esac + + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then +- kmailservice $1 & ++ kmailservice "$1" & + else +- kfmclient openURL $1 & ++ kfmclient openURL "$1" & + fi + + exit 0 +Index: shell/source/unix/misc/open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.120.2 +diff -u -p -u -p -r1.3 -r1.3.120.2 +--- shell/source/unix/misc/open-url.sh 27 Sep 2005 12:54:42 -0000 1.3 ++++ shell/source/unix/misc/open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.120.2 +@@ -96,15 +96,15 @@ esac + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then + # check $MAILER variable +- if [ $MAILER ]; then +- $MAILER $1 & ++ if [ ! -z "$MAILER" ]; then ++ $MAILER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in thunderbird mozilla netscape; do + mailer=`which $i` + if [ ! -z "$mailer" ]; then +- run_mozilla $mailer $1 ++ run_mozilla "$mailer" "$1" + exit 0 + fi + done +@@ -113,15 +113,15 @@ if echo $1 | grep '^mailto:' > /dev/null + fi + else + # check $BROWSER variable +- if [ $BROWSER ]; then +- $BROWSER $1 & ++ if [ ! -z "$BROWSER" ]; then ++ $BROWSER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in firefox mozilla netscape; do + browser=`which $i` + if [ ! -z "$browser" ]; then +- run_mozilla $browser $1 ++ run_mozilla "$browser" "$1" + exit 0 + fi + done +Index: scp2/source/ooo/file_ooo.scp +=================================================================== +RCS file: /cvs/installation/scp2/source/ooo/file_ooo.scp,v +retrieving revision 1.175 +retrieving revision 1.175.10.1 +diff -u -p -u -p -r1.175 -r1.175.10.1 +--- scp2/source/ooo/file_ooo.scp 13 Dec 2006 15:14:08 -0000 1.175 ++++ scp2/source/ooo/file_ooo.scp 12 Jan 2007 08:06:00 -0000 1.175.10.1 +@@ -369,7 +369,7 @@ File gid_File_Bin_Gnome_Open_Url + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "gnome-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Gnome_Open_Url_Bin +@@ -383,7 +383,7 @@ File gid_File_Bin_Kde_Open_Url + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "kde-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Cde_Open_Url + diff --git a/patches/src680/libwpd-CVE-2007-0002.diff b/patches/src680/libwpd-CVE-2007-0002.diff new file mode 100644 index 000000000..693b289c8 --- /dev/null +++ b/patches/src680/libwpd-CVE-2007-0002.diff @@ -0,0 +1,489 @@ +--- libwpd/libwpd-0.8.6.diff-old 2007-03-08 11:59:50.000000000 +0000 ++++ libwpd/libwpd-0.8.6.diff 2007-03-08 12:00:42.000000000 +0000 +@@ -8,3 +8,486 @@ + + .INCLUDE : svpre.mk + .INCLUDE : settings.mk ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP1Part.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP1Part.cpp ++@@ -47,6 +47,13 @@ ++ } ++ else if (WP1_FUNCTION_GROUP_SIZE[readVal-0xC0] == -1) ++ { +++ // Should not happen because the heuristics would not recognize this file as a well-formed WP1 file. +++ // Nonetheless if we ever change the parts using the heuristics, this will be a check useful to have +++ if (!WP1VariableLengthGroup::isGroupConsistent(input, readVal)) +++ { +++ WPD_DEBUG_MSG(("WordPerfect: Consistency Check (variable length) failed; ignoring this byte\n")); +++ return 0; +++ } ++ WPD_DEBUG_MSG(("WordPerfect: constructVariableLengthGroup\n")); ++ return WP1VariableLengthGroup::constructVariableLengthGroup(input, readVal); ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP1SetTabsGroup.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP1SetTabsGroup.cpp ++@@ -39,7 +39,7 @@ ++ void WP1SetTabsGroup::_readContents(WPXInputStream *input) ++ { ++ // Skip first the old condensed tab table ++- while (readU8(input) != 0xff) +++ while (readU8(input) != 0xff && !input->atEOS()) ++ input->seek(2, WPX_SEEK_CUR); ++ ++ // Now read the new condensed tab table ++@@ -47,8 +47,10 @@ ++ float tmpTabPosition = 0.0f; ++ WPXTabStop tmpTabStop = WPXTabStop(); ++ ++- while ((tmpTabType = read8(input)) != (int8_t)0xff) +++ while (((tmpTabType = read8(input)) & 0xff) != 0xff) ++ { +++ if (input->atEOS()) +++ throw FileException(); ++ float tmpTabPosition = (float)((double)readU16(input, true) / 72.0f); ++ ++ if (tmpTabType < 0) ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP1SubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP1SubDocument.cpp ++@@ -26,7 +26,7 @@ ++ #include "WP1Parser.h" ++ #include "libwpd_internal.h" ++ ++-WP1SubDocument::WP1SubDocument(WPXInputStream *input, const int dataSize) : +++WP1SubDocument::WP1SubDocument(WPXInputStream *input, const unsigned dataSize) : ++ WPXSubDocument(input, dataSize) ++ { ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP3PageFormatGroup.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP3PageFormatGroup.cpp ++@@ -90,8 +90,10 @@ ++ ++ m_isRelative = (readU8(input) & 0x01); ++ ++- while ((tmpTabType = read8(input)) != (int8_t)0xff) +++ while (((tmpTabType = read8(input)) & 0xff) != 0xff) ++ { +++ if (input->atEOS()) +++ throw FileException(); ++ float tmpTabPosition = fixedPointToFloat(readU32(input, true)) / 72.0f; ++ ++ if (tmpTabType < 0) ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP3SubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP3SubDocument.cpp ++@@ -26,7 +26,7 @@ ++ #include "WP3Parser.h" ++ #include "libwpd_internal.h" ++ ++-WP3SubDocument::WP3SubDocument(WPXInputStream *input, const int dataSize) : +++WP3SubDocument::WP3SubDocument(WPXInputStream *input, const unsigned dataSize) : ++ WPXSubDocument(input, dataSize) ++ { ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP3TablesGroup.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP3TablesGroup.cpp ++@@ -50,10 +50,12 @@ ++ { ++ // this group can contain different kinds of data, thus we need to read ++ // the contents accordingly ++- uint8_t i; +++ uint8_t i=0; +++ long startPosition = 0; ++ switch (getSubGroup()) ++ { ++ case WP3_TABLES_GROUP_TABLE_FUNCTION: +++ startPosition = input->tell(); ++ input->seek(71, WPX_SEEK_CUR); ++ m_tableMode = readU8(input); ++ m_offsetFromLeftEdge = readU32(input, true); ++@@ -63,8 +65,12 @@ ++ m_rightGutterSpacing = readU32(input, true); ++ input->seek(3, WPX_SEEK_CUR); ++ m_numColumns = readU8(input); +++ if ((m_numColumns > 32) || ((input->tell() - startPosition + m_numColumns*10) > (getSize() - 4))) +++ throw FileException(); ++ for (i=0; iatEOS()) +++ throw FileException(); ++ m_columnMode[i] = readU8(input); ++ m_numberFormat[i] = readU8(input); ++ m_columnWidth[i] = readU32(input, true); ++@@ -120,7 +126,7 @@ ++ { ++ case WP3_TABLES_GROUP_TABLE_FUNCTION: ++ listener->defineTable(m_tableMode, fixedPointToWPUs(m_offsetFromLeftEdge)); ++- for (i=0; iaddTableColumnDefinition(fixedPointToWPUs(m_columnWidth[i]), fixedPointToWPUs(m_leftGutterSpacing), ++ fixedPointToWPUs(m_rightGutterSpacing), 0, LEFT); ++ listener->startTable(); ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP42SubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP42SubDocument.cpp ++@@ -26,12 +26,12 @@ ++ #include "WP42Parser.h" ++ #include "libwpd_internal.h" ++ ++-WP42SubDocument::WP42SubDocument(uint8_t * streamData, const int dataSize) : +++WP42SubDocument::WP42SubDocument(uint8_t * streamData, const unsigned dataSize) : ++ WPXSubDocument(streamData, dataSize) ++ { ++ } ++ ++-WP42SubDocument::WP42SubDocument(WPXInputStream *input, const int dataSize) : +++WP42SubDocument::WP42SubDocument(WPXInputStream *input, const unsigned dataSize) : ++ WPXSubDocument(input, dataSize) ++ { ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP5DefinitionGroup.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP5DefinitionGroup.cpp ++@@ -26,7 +26,7 @@ ++ #include "WPXListener.h" ++ #include "libwpd_internal.h" ++ ++-WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup(WPXInputStream *input) : +++WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup(WPXInputStream *input, uint16_t subGroupSize) : ++ WP5VariableLengthGroup_SubGroup(), ++ m_position(0), ++ m_numColumns(0), ++@@ -34,6 +34,7 @@ ++ m_leftGutter(0), ++ m_rightGutter(0) ++ { +++ long startPosition = input->tell(); ++ // Skip useless old values to read the old column number ++ input->seek(2, WPX_SEEK_CUR); ++ m_numColumns = readU16(input); ++@@ -50,12 +51,26 @@ ++ input->seek(10, WPX_SEEK_CUR); ++ m_leftOffset = readU16(input); ++ int i; +++ if ((m_numColumns > 32) || ((input->tell() - startPosition + m_numColumns*5) > (subGroupSize - 4))) +++ throw FileException(); ++ for (i=0; i < m_numColumns; i++) +++ { +++ if (input->atEOS()) +++ throw FileException(); ++ m_columnWidth[i] = readU16(input); +++ } ++ for (i=0; i < m_numColumns; i++) +++ { +++ if (input->atEOS()) +++ throw FileException(); ++ m_attributeBits[i] = readU16(input); +++ } ++ for (i=0; i < m_numColumns; i++) +++ { +++ if (input->atEOS()) +++ throw FileException(); ++ m_columnAlignment[i] = readU8(input); +++ } ++ } ++ ++ void WP5DefinitionGroup_DefineTablesSubGroup::parse(WP5Listener *listener) ++@@ -88,7 +103,7 @@ ++ switch(getSubGroup()) ++ { ++ case WP5_TOP_DEFINITION_GROUP_DEFINE_TABLES: ++- m_subGroupData = new WP5DefinitionGroup_DefineTablesSubGroup(input); +++ m_subGroupData = new WP5DefinitionGroup_DefineTablesSubGroup(input, getSize()); ++ break; ++ default: ++ break; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP5SubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP5SubDocument.cpp ++@@ -26,7 +26,7 @@ ++ #include "WP5Parser.h" ++ #include "libwpd_internal.h" ++ ++-WP5SubDocument::WP5SubDocument(WPXInputStream *input, const int dataSize) : +++WP5SubDocument::WP5SubDocument(WPXInputStream *input, const unsigned dataSize) : ++ WPXSubDocument(input, dataSize) ++ { ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP6ExtendedDocumentSummaryPacket.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP6ExtendedDocumentSummaryPacket.cpp ++@@ -24,6 +24,7 @@ ++ * Corel Corporation or Corel Corporation Limited." ++ */ ++ #include +++#include ++ ++ #include "WP6ExtendedDocumentSummaryPacket.h" ++ #include "libwpd_internal.h" ++@@ -47,6 +48,8 @@ ++ { ++ if (m_dataSize <= 0) ++ return; +++ if (m_dataSize > ((std::numeric_limits::max)() / 2)) +++ m_dataSize = ((std::numeric_limits::max)() / 2); ++ uint8_t *streamData = new uint8_t[m_dataSize]; ++ for(int i=0; i ++- +++#include ++ #include "WP6FontDescriptorPacket.h" ++ #include "libwpd_internal.h" ++ ++@@ -69,9 +69,8 @@ ++ ++ m_fontNameLength = readU16(input); ++ ++- // TODO: re-do sanity checking ++- //if(m_fontNameLength < WP_FONT_NAME_MAX_LENGTH) ++- //{ +++ if (m_fontNameLength > ((std::numeric_limits::max)() / 2)) +++ m_fontNameLength = ((std::numeric_limits::max)() / 2); ++ if (m_fontNameLength == 0) ++ { ++ m_fontName = new char[1]; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP6GeneralTextPacket.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP6GeneralTextPacket.cpp ++@@ -43,6 +43,7 @@ ++ ++ void WP6GeneralTextPacket::_readContents(WPXInputStream *input) ++ { +++ long startPosition = input->tell(); ++ uint16_t numTextBlocks = readU16(input); ++ uint32_t firstTextBlockOffset = readU32(input); ++ ++@@ -53,13 +54,18 @@ ++ } ++ ++ uint32_t *blockSizes = new uint32_t[numTextBlocks]; ++- int totalSize = 0; +++ unsigned int totalSize = 0; ++ unsigned int i; ++ ++ for(i=0; itell() - startPosition + 4) > getDataSize() || input->atEOS()) +++ throw FileException(); ++ blockSizes[i] = readU32(input); ++- totalSize += blockSizes[i]; +++ unsigned int newTotalSize = totalSize + blockSizes[i]; +++ if (newTotalSize < totalSize) +++ throw FileException(); +++ totalSize += newTotalSize; ++ } ++ ++ // input->seek(firstTextBlockOffset, WPX_SEEK_SET); ++@@ -74,6 +80,8 @@ ++ int streamPos = 0; ++ for(i=0; itell() - startPosition + blockSizes[i]) > getDataSize() || input->atEOS()) +++ throw FileException(); ++ for (unsigned int j=0; jseek(dataOffset, WPX_SEEK_SET); ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP6SubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WP6SubDocument.cpp ++@@ -26,7 +26,7 @@ ++ #include "WP6Parser.h" ++ #include "libwpd_internal.h" ++ ++-WP6SubDocument::WP6SubDocument(uint8_t * streamData, const int dataSize) : +++WP6SubDocument::WP6SubDocument(uint8_t * streamData, const unsigned dataSize) : ++ WPXSubDocument(streamData, dataSize) ++ { ++ } ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WPXSubDocument.cpp +++++ misc/build/libwpd-0.8.7/src/lib/WPXSubDocument.cpp ++@@ -32,18 +32,20 @@ ++ { ++ } ++ ++-WPXSubDocument::WPXSubDocument(WPXInputStream *input, const int dataSize) : +++WPXSubDocument::WPXSubDocument(WPXInputStream *input, const unsigned dataSize) : ++ m_stream(NULL) ++ { ++ uint8_t *streamData = new uint8_t[dataSize]; ++ for (int i=0; iatEOS()) +++ throw FileException(); ++ streamData[i] = readU8(input); ++ } ++ m_stream = new WPXMemoryInputStream(streamData, dataSize); ++ } ++ ++-WPXSubDocument::WPXSubDocument(uint8_t * streamData, const int dataSize) : +++WPXSubDocument::WPXSubDocument(uint8_t * streamData, const unsigned dataSize) : ++ m_stream(NULL) ++ { ++ m_stream = new WPXMemoryInputStream(streamData, dataSize); ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP1SubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WP1SubDocument.h ++@@ -32,7 +32,7 @@ ++ class WP1SubDocument : public WPXSubDocument ++ { ++ public: ++- WP1SubDocument(WPXInputStream *input, const int dataSize); +++ WP1SubDocument(WPXInputStream *input, const unsigned dataSize); ++ void parse(WP1Listener *listener) const; ++ ++ }; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP3SubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WP3SubDocument.h ++@@ -32,7 +32,7 @@ ++ class WP3SubDocument : public WPXSubDocument ++ { ++ public: ++- WP3SubDocument(WPXInputStream *input, const int dataSize); +++ WP3SubDocument(WPXInputStream *input, const unsigned dataSize); ++ void parse(WP3Listener *listener) const; ++ ++ }; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP42SubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WP42SubDocument.h ++@@ -32,8 +32,8 @@ ++ class WP42SubDocument : public WPXSubDocument ++ { ++ public: ++- WP42SubDocument(uint8_t * streamData, const int dataSize); ++- WP42SubDocument(WPXInputStream *input, const int dataSize); +++ WP42SubDocument(uint8_t * streamData, const unsigned dataSize); +++ WP42SubDocument(WPXInputStream *input, const unsigned dataSize); ++ void parse(WP42Listener *listener) const; ++ ++ }; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP5DefinitionGroup.h +++++ misc/build/libwpd-0.8.7/src/lib/WP5DefinitionGroup.h ++@@ -31,7 +31,7 @@ ++ class WP5DefinitionGroup_DefineTablesSubGroup : public WP5VariableLengthGroup_SubGroup ++ { ++ public: ++- WP5DefinitionGroup_DefineTablesSubGroup(WPXInputStream *input); +++ WP5DefinitionGroup_DefineTablesSubGroup(WPXInputStream *input, uint16_t subGroupSize); ++ void parse(WP5Listener *listener); ++ ++ private: ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP5SubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WP5SubDocument.h ++@@ -32,7 +32,7 @@ ++ class WP5SubDocument : public WPXSubDocument ++ { ++ public: ++- WP5SubDocument(WPXInputStream *input, const int dataSize); +++ WP5SubDocument(WPXInputStream *input, const unsigned dataSize); ++ void parse(WP5Listener *listener) const; ++ ++ }; ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP6PrefixDataPacket.h +++++ misc/build/libwpd-0.8.7/src/lib/WP6PrefixDataPacket.h ++@@ -39,12 +39,16 @@ ++ virtual ~WP6PrefixDataPacket() {} ++ virtual void parse(WP6Listener *listener) const {} ++ virtual WP6SubDocument * getSubDocument() const { return NULL; } +++ const uint32_t getDataSize() const { return m_dataSize; } ++ ++ static WP6PrefixDataPacket * constructPrefixDataPacket(WPXInputStream * input, WP6PrefixIndice *prefixIndice); ++ ++ protected: ++ virtual void _readContents(WPXInputStream *input) = 0; ++ void _read(WPXInputStream *input, uint32_t dataOffset, uint32_t dataSize); +++ +++private: +++ uint32_t m_dataSize; ++ }; ++ ++ #endif /* WP6PREFIXDATAPACKET_H */ ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WP6SubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WP6SubDocument.h ++@@ -32,7 +32,7 @@ ++ class WP6SubDocument : public WPXSubDocument ++ { ++ public: ++- WP6SubDocument(uint8_t * streamData, const int dataSize); +++ WP6SubDocument(uint8_t * streamData, const unsigned dataSize); ++ void parse(WP6Listener *listener) const; ++ }; ++ #endif /* WP6SUBDOCUMENT_H */ ++only in patch2: ++unchanged: ++--- misc/build/libwpd-0.8.7.orig/src/lib/WPXSubDocument.h +++++ misc/build/libwpd-0.8.7/src/lib/WPXSubDocument.h ++@@ -33,8 +33,8 @@ ++ { ++ public: ++ WPXSubDocument(); ++- WPXSubDocument(WPXInputStream *input, const int dataSize); ++- WPXSubDocument(uint8_t * streamData, const int dataSize); +++ WPXSubDocument(WPXInputStream *input, const unsigned dataSize); +++ WPXSubDocument(uint8_t * streamData, const unsigned dataSize); ++ virtual ~WPXSubDocument(); ++ WPXMemoryInputStream *getStream() const { return m_stream;} ++ diff --git a/patches/src680/sensible-browser.diff b/patches/src680/sensible-browser.diff index 2e6cc957c..7f232b8d0 100644 --- a/patches/src680/sensible-browser.diff +++ b/patches/src680/sensible-browser.diff @@ -10,12 +10,12 @@ diff -u -u -r1.3 gnome-open-url.sh esac -# use gnome-open utility coming with libgnome if available --gnome-open $1 2>/dev/null || "$0.bin" $1 +-gnome-open "$1" 2>/dev/null || "$0.bin" $1 +if which gnome-open; then + # use gnome-open utility coming with libgnome if available -+ gnome-open $1 2>/dev/null ++ gnome-open "$1" 2>/dev/null +else -+ sensible-browser $1 ++ sensible-browser "$1" +fi exit 0 @@ -30,11 +30,11 @@ diff -u -u -r1.2 kde-open-url.sh # special handling for mailto: uris if echo $1 | grep '^mailto:' > /dev/null; then -- kmailservice $1 & -+ sensible-ooomua $1 & +- kmailservice "$1" & ++ sensible-ooomua "$1" & else -- kfmclient openURL $1 & -+ sensible-browser $1 & +- kfmclient openURL "$1" & ++ sensible-browser "$1" & fi exit 0 @@ -50,7 +50,7 @@ diff -u -u -r1.2 open-url.sh $BROWSER $1 & exit 0 + elif [ -x /usr/bin/sensible-browser ]; then -+ sensible-browser $1 ++ sensible-browser "$1" else # mozilla derivates may need -remote semantics for i in mozilla netscape firefox; do diff --git a/patches/src680/starcalc-file-format-parser-2.2.diff b/patches/src680/starcalc-file-format-parser-2.2.diff new file mode 100644 index 000000000..8b80122ac --- /dev/null +++ b/patches/src680/starcalc-file-format-parser-2.2.diff @@ -0,0 +1,28 @@ +Index: sc/source/filter/starcalc/scflt.cxx +=================================================================== +RCS file: /cvs/sc/sc/source/filter/starcalc/scflt.cxx,v +retrieving revision 1.16 +retrieving revision 1.16.84.1 +diff -u -p -u -p -r1.16 -r1.16.84.1 +--- sc/source/filter/starcalc/scflt.cxx 5 Oct 2006 16:21:16 -0000 1.16 ++++ sc/source/filter/starcalc/scflt.cxx 10 Jan 2007 14:31:00 -0000 1.16.84.1 +@@ -1770,12 +1770,13 @@ void Sc10Import::LoadCol(SCCOL Col, SCTA + rStream >> NoteLen; + if (NoteLen != 0) + { +- sal_Char Note[4096]; +- rStream.Read(Note, NoteLen); +- Note[NoteLen] = 0; +- String aText( SC10TOSTRING(Note)); +- ScPostIt aNote(aText, pDoc); ++ sal_Char* pNote = new sal_Char[NoteLen+1]; ++ rStream.Read(pNote, NoteLen); ++ pNote[NoteLen] = 0; ++ String aText( SC10TOSTRING(pNote)); ++ ScPostIt aNote(aText, pDoc); + pDoc->SetNote(Col, static_cast (Row), Tab, aNote ); ++ delete [] pNote; + } + } + pPrgrsBar->Progress(); + -- cgit v1.2.3