Hello community, here is the log from the commit of package OpenOffice_org checked in at Thu Mar 1 20:22:02 CET 2007. -------- --- arch/i386/OpenOffice_org/OpenOffice_org.changes 2007-02-16 12:05:07.000000000 +0100 +++ /mounts/work_src_done/STABLE/OpenOffice_org/OpenOffice_org.changes 2007-03-01 14:28:28.000000000 +0100 @@ -1,0 +2,24 @@ +Wed Feb 28 19:43:05 CET 2007 - pmladek@suse.cz + +- updated ooo-build to 2.1.7: + * corruption when saving ppt files [n#229874] + * WordPerfect type detection [i#74194] + * missing en-GB strings [n#231678] + * searching for JREs [n#203830, n#222708] + * temporary prefer gij on x86_64 [n#219982] + * search also gij32 [n#222708] + * better Hungarian help font setting [n#244488] + * VBA bits: + * warn only about real macros [n#146994] + * access to hardcoded paths [n#245152] + * critical warnings on PPC [n#244339] + * another bridges cleanup for 64-bit +- fixed security issue with hyper links, CVE-2007-0239, n#241636 +- fixed critical vulnerability in OpenOffice StarCalc file format parser, + CVE-2007-0238, n#241652 +- removed obsolete stuff from /opt/gnome for openSUSE > 10.2 [n#246588] +- added extra localization source: Hungarian [n#243518] +- added support to simply use parallel build of modules; disable by default + now [n#244581] + +------------------------------------------------------------------- Old: ---- minmem ooo-build-2.1.6.tar.gz New: ---- ooo-build-2.1.6-hyperlinks-quotes.diff ooo-build-2.1.6-starcalc-file-format-parser-2.2.diff ooo-build-2.1.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ OpenOffice_org.spec ++++++ --- /var/tmp/diff_new_pack.a19978/_old 2007-03-01 20:14:06.000000000 +0100 +++ /var/tmp/diff_new_pack.a19978/_new 2007-03-01 20:14:06.000000000 +0100 @@ -43,9 +43,14 @@ # test_build_SDK: 0 = no # 1 = yes (if possible, see below the definition of ooo_build_sdk) %define test_build_sdk 1 +# build_module_in_parallel 0 = no +# 1 = yes (the number is defined be the number of cpus) +# 2,3,4... = yes (force the number of modules to be built in parallel) +%define build_module_in_parallel 0 # prepare_build: 0 = no # 1 = yes (just build, install and create packages; without %%prep section and configure) %define prepare_build 1 +# %if %test_build_langs == 0 %define ooo_langs "en-US" %else @@ -82,14 +87,14 @@ %endif # %define ooo_prefix %_libdir -%define ooo_home ooo-2.1 +%define ooo_home ooo-2.0 %define ooo_build_dir build -%define ooo_build_version 2.1.6 +%define ooo_build_version 2.1.7 %define ooo_build_tag ooe680-m6 License: Artistic License, BSD License and BSD-like Group: Productivity/Office/Suite Version: 2.1 -Release: 6 +Release: 8 Autoreqprov: on PreReq: coreutils /usr/bin/update-mime-database Prereq: %{?suseconfig_fonts_prereq:%suseconfig_fonts_prereq} @@ -179,7 +184,10 @@ Source600: OOo-wrapper %endif # FIXME: Reverted the only new feature in ooo-build trunk -Patch: ooo-build-2.1.1b-no-libwfs.diff +Patch0: ooo-build-2.1.1b-no-libwfs.diff +# sec. fixes +Patch1: ooo-build-2.1.6-hyperlinks-quotes.diff +Patch2: ooo-build-2.1.6-starcalc-file-format-parser-2.2.diff Patch100: extra_localizations_sources-about.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -1140,7 +1148,9 @@ %setup -D -T -q -n ooo-build-%ooo_build_version %else %setup -q -n ooo-build-%ooo_build_version -%patch +%patch0 +%patch1 +%patch2 install -m 644 %{S:1} %{S:2} %{S:3} %{S:6} %{S:7} %{S:8} %{S:9} %{S:10} %{S:11} %{S:12} %{S:13} %{S:14} %{S:15} %{S:16} %{S:17} src/ %if %suse_version <= 930 # some more libraries for older distributions where the system versions are @@ -1167,6 +1177,13 @@ PARALLEL_BUILD="--with-gcc-speedup=icecream --with-icecream-max-jobs=%jobs" fi +# parallel build of modules; it makes sense on machines with more CPUs +if test "%build_module_in_parallel" = "1" ; then + PARALLEL_BUILD="$PARALLEL_BUILD --with-num-cpus=`grep ^processor /proc/cpuinfo | wc -l`" +fi +if test "%build_module_in_parallel" -gt "1" ; then + PARALLEL_BUILD="$PARALLEL_BUILD --with-num-cpus=%build_module_in_parallel" +fi # # Distro settings ... %ifarch ppc @@ -1276,11 +1293,6 @@ install -m 755 -d $RPM_BUILD_ROOT/%{_prefix}/sbin ln -sf %ooo_prefix/%ooo_home/install-dict \ $RPM_BUILD_ROOT/%{_prefix}/sbin/ooinstdict -# a compat symlink; the old icon was accessed from a desktop file that was -# installed into the user HOME directory on NLD9 by default, n#173140 -install -m 755 -d $RPM_BUILD_ROOT/opt/gnome/share/pixmaps -ln -sf /usr/share/pixmaps/ooo-writer.png \ - $RPM_BUILD_ROOT/opt/gnome/share/pixmaps/ximian-openoffice-writer.png %else # fix SUSE's desktop files for non-conflicting OOo2 package for desktop in base calc draw impress math template web writer ; do @@ -1301,6 +1313,28 @@ # # hacks needed when building for older products # +# gnome moved to /usr/lib in openSUSE-10.3, high time to remove the obsolete +# stuff, n#246588 +%if %suse_version <= 1020 +%if %name == OpenOffice_org +# a compat symlink; the old icon was accessed from a desktop file that was +# installed into the user HOME directory on NLD9 by default, n#173140 +# finally removed in openSUSE-10.3, n#246588 +install -m 755 -d $RPM_BUILD_ROOT/opt/gnome/share/pixmaps +ln -sf /usr/share/pixmaps/ooo-writer.png \ + $RPM_BUILD_ROOT/opt/gnome/share/pixmaps/ximian-openoffice-writer.png +%endif +%else +# these files were really used only on NLD9 and SL < 9.3 +rm $RPM_BUILD_ROOT/opt/gnome/share/application-registry/openoffice*.applications +rm $RPM_BUILD_ROOT/opt/gnome/share/mime-info/openoffice*.keys +rm $RPM_BUILD_ROOT/opt/gnome/share/mime-info/openoffice*.mime +rmdir $RPM_BUILD_ROOT/opt/gnome/share/application-registry/ +rmdir $RPM_BUILD_ROOT/opt/gnome/share/mime-info/ +rmdir $RPM_BUILD_ROOT/opt/gnome/share/ +rmdir $RPM_BUILD_ROOT/opt/gnome/ +%endif +# # install obsolete wrappers, removed in openSUSE 10.2 %if %suse_version <= 1010 %if %name == OpenOffice_org @@ -1809,17 +1843,21 @@ /usr/share/mime/packages/* /usr/share/pixmaps/* /usr/share/icons/* +/opt/kde3/share/templates +# +# files needed when building for older products +# +# gnome moved to /usr/lib in openSUSE-10.3, high time to remove the obsolete +# stuff, n#246588 +%if %suse_version <= 1020 # extra old GNOME MIME info and application registry (especially necessary on NLD9) /opt/gnome/share/application-registry/* /opt/gnome/share/mime-info/* -/opt/kde3/share/templates %if %name == OpenOffice_org # a compat symlink with NLD9 /opt/gnome/share/pixmaps/ximian-openoffice-writer.png %endif -# -# files needed when building for older products -# +%endif # obsolete wrappers, removed in openSUSE 10.2 %if %suse_version <= 1010 %if %name == OpenOffice_org @@ -2078,7 +2116,28 @@ %defattr(-,root,root) %endif -%changelog -n OpenOffice_org +%changelog +* Wed Feb 28 2007 - pmladek@suse.cz +- updated ooo-build to 2.1.7: + * corruption when saving ppt files [n#229874] + * WordPerfect type detection [i#74194] + * missing en-GB strings [n#231678] + * searching for JREs [n#203830, n#222708] + * temporary prefer gij on x86_64 [n#219982] + * search also gij32 [n#222708] + * better Hungarian help font setting [n#244488] + * VBA bits: + * warn only about real macros [n#146994] + * access to hardcoded paths [n#245152] + * critical warnings on PPC [n#244339] + * another bridges cleanup for 64-bit +- fixed security issue with hyper links, CVE-2007-0239, n#241636 +- fixed critical vulnerability in OpenOffice StarCalc file format parser, + CVE-2007-0238, n#241652 +- removed obsolete stuff from /opt/gnome for openSUSE > 10.2 [n#246588] +- added extra localization source: Hungarian [n#243518] +- added support to simply use parallel build of modules; disable by default + now [n#244581] * Thu Feb 15 2007 - pmladek@suse.cz - updated ooo-build to 2.1.6: * crash when opening files up over sftp connection [n#243805] ++++++ extra_localizations_sources.tar.bz2 ++++++ arch/i386/OpenOffice_org/extra_localizations_sources.tar.bz2 /mounts/work_src_done/STABLE/OpenOffice_org/extra_localizations_sources.tar.bz2 differ: byte 15630098, line 66173 ++++++ ooo-build-2.1.1b-no-libwfs.diff ++++++ --- /var/tmp/diff_new_pack.a19978/_old 2007-03-01 20:14:50.000000000 +0100 +++ /var/tmp/diff_new_pack.a19978/_new 2007-03-01 20:14:50.000000000 +0100 @@ -26,12 +26,13 @@ my $distro = '@DISTRO@'; --- patches/src680/apply +++ patches/src680/apply -@@ -210,9 +210,7 @@ +@@ -210,10 +210,8 @@ # 64bit stuff cws-sixtyfour09.diff cws-cmcfixes30.diff -# MS Works import filter (following patches depend on each other) Fridrich cws-fs08.diff + cws-fsfixes06.diff -cws-wpsimport01.diff [ GCJ ] ++++++ ooo-build-2.1.6-hyperlinks-quotes.diff ++++++ --- patches/src680/apply +++ patches/src680/apply @@ -400,6 +400,10 @@ # silly leaks around the place leak-sal-file.diff, i#49510, michael +[ Fixes ] +# Security issue with hyper links, CVE-2007-0239, n#241636 +hyperlinks-2.1.diff +cws-obr04-quotes.diff [ QuickStarter ] # External splash screen implementation / 2nd time accelerator --- patches/src680/cws-obr04-quotes.diff +++ patches/src680/cws-obr04-quotes.diff @@ -0,0 +1,123 @@ +Index: shell/source/unix/misc/cde-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/cde-open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.120.1 +diff -u -p -u -p -r1.3 -r1.3.120.1 +--- shell/source/unix/misc/cde-open-url.sh 27 Sep 2005 12:54:22 -0000 1.3 ++++ shell/source/unix/misc/cde-open-url.sh 20 Dec 2006 15:03:24 -0000 1.3.120.1 +@@ -58,5 +58,5 @@ else + fi + + if [ -z "$TMPFILE" ]; then exit 1; fi +-( echo $1 > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & ++( echo "$1" > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) & + exit 0 +Index: shell/source/unix/misc/gnome-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/gnome-open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.166.1 +diff -u -p -u -p -r1.3 -r1.3.166.1 +--- shell/source/unix/misc/gnome-open-url.sh 13 May 2005 07:31:07 -0000 1.3 ++++ shell/source/unix/misc/gnome-open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.166.1 +@@ -50,6 +50,6 @@ case `uname -s` in + esac + + # use gnome-open utility coming with libgnome if available +-gnome-open $1 2>/dev/null || "$0.bin" $1 ++gnome-open "$1" 2>/dev/null || "$0.bin" $1 + + exit 0 +Index: shell/source/unix/misc/kde-open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/kde-open-url.sh,v +retrieving revision 1.2 +retrieving revision 1.2.254.1 +diff -u -p -u -p -r1.2 -r1.2.254.1 +--- shell/source/unix/misc/kde-open-url.sh 10 May 2004 13:08:06 -0000 1.2 ++++ shell/source/unix/misc/kde-open-url.sh 20 Dec 2006 15:03:25 -0000 1.2.254.1 +@@ -51,9 +51,9 @@ esac + + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then +- kmailservice $1 & ++ kmailservice "$1" & + else +- kfmclient openURL $1 & ++ kfmclient openURL "$1" & + fi + + exit 0 +Index: shell/source/unix/misc/open-url.sh +=================================================================== +RCS file: /cvs/gsl/shell/source/unix/misc/open-url.sh,v +retrieving revision 1.3 +retrieving revision 1.3.120.2 +diff -u -p -u -p -r1.3 -r1.3.120.2 +--- shell/source/unix/misc/open-url.sh 27 Sep 2005 12:54:42 -0000 1.3 ++++ shell/source/unix/misc/open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.120.2 +@@ -96,15 +96,15 @@ esac + # special handling for mailto: uris + if echo $1 | grep '^mailto:' > /dev/null; then + # check $MAILER variable +- if [ $MAILER ]; then +- $MAILER $1 & ++ if [ ! -z "$MAILER" ]; then ++ $MAILER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in thunderbird mozilla netscape; do + mailer=`which $i` + if [ ! -z "$mailer" ]; then +- run_mozilla $mailer $1 ++ run_mozilla "$mailer" "$1" + exit 0 + fi + done +@@ -113,15 +113,15 @@ if echo $1 | grep '^mailto:' > /dev/null + fi + else + # check $BROWSER variable +- if [ $BROWSER ]; then +- $BROWSER $1 & ++ if [ ! -z "$BROWSER" ]; then ++ $BROWSER "$1" & + exit 0 + else + # mozilla derivates may need -remote semantics + for i in firefox mozilla netscape; do + browser=`which $i` + if [ ! -z "$browser" ]; then +- run_mozilla $browser $1 ++ run_mozilla "$browser" "$1" + exit 0 + fi + done +Index: scp2/source/ooo/file_ooo.scp +=================================================================== +RCS file: /cvs/installation/scp2/source/ooo/file_ooo.scp,v +retrieving revision 1.175 +retrieving revision 1.175.10.1 +diff -u -p -u -p -r1.175 -r1.175.10.1 +--- scp2/source/ooo/file_ooo.scp 13 Dec 2006 15:14:08 -0000 1.175 ++++ scp2/source/ooo/file_ooo.scp 12 Jan 2007 08:06:00 -0000 1.175.10.1 +@@ -369,7 +369,7 @@ File gid_File_Bin_Gnome_Open_Url + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "gnome-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Gnome_Open_Url_Bin +@@ -383,7 +383,7 @@ File gid_File_Bin_Kde_Open_Url + BIN_FILE_BODY; + Dir = gid_Dir_Program; + Name = "kde-open-url"; +- Styles = (PACKED); ++ Styles = (PACKED, PATCH); + End + + File gid_File_Bin_Cde_Open_Url --- patches/src680/hyperlinks-2.1.diff +++ patches/src680/hyperlinks-2.1.diff @@ -0,0 +1,240 @@ +--- shell/source/unix/exec/shellexec.hxx.old 2005-09-07 21:54:18.000000000 +0200 ++++ shell/source/unix/exec/shellexec.hxx 2007-02-01 18:41:49.000000000 +0100 +@@ -44,6 +44,10 @@ + #include <osl/mutex.hxx> + #endif + ++#ifndef _RTL_USTRBUF_HXX_ ++#include <rtl/ustrbuf.hxx> ++#endif ++ + #ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_ + #include <com/sun/star/lang/XServiceInfo.hpp> + #endif +@@ -65,6 +69,8 @@ + ::rtl::OString m_aDesktopEnvironment; + ::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext > + m_xContext; ++ ++ sal_Int32 SAL_CALL tryExecuteProcess( const rtl::OUString& aCommand, const rtl::OUString& aParameter ); + + public: + ShellExec(const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext >& xContext); +--- shell/source/unix/exec/shellexec.cxx.old 2006-09-17 03:41:54.000000000 +0200 ++++ shell/source/unix/exec/shellexec.cxx 2007-02-02 16:03:56.000000000 +0100 +@@ -56,10 +56,6 @@ + #include <rtl/strbuf.hxx> + #endif + +-#ifndef _RTL_USTRBUF_HXX_ +-#include <rtl/ustrbuf.hxx> +-#endif +- + #ifndef _RTL_URI_H_ + #include <rtl/uri.hxx> + #endif +@@ -124,6 +120,47 @@ + } + } + ++//------------------------------------------------------------------------ ++// helper method ++//------------------------------------------------------------------------ ++ ++sal_Int32 SAL_CALL ShellExec::tryExecuteProcess( const OUString& aCommand, const OUString& aParameter ) ++{ ++ OUString aCommandURL; ++ osl::FileBase::getFileURLFromSystemPath(aCommand, aCommandURL); ++ ++ rtl_uString *args[] = { aCommandURL.pData, aParameter.pData }; ++ oslProcess pProcess = NULL; ++ sal_Int32 rc = 1; ++ ++ oslProcessError error = osl_executeProcess( ++ args[0], /* ustrImageName */ ++ args+1, /* ustrArguments[] */ ++ 1, /* nArguments */ ++ osl_Process_WAIT | osl_Process_SEARCHPATH | osl_Process_NORMAL, /* Options */ ++ NULL, /* Security */ ++ NULL, /* ustrDirectory */ ++ NULL, /* ustrEnvironments[] */ ++ 0, /* nEnvironmentVars */ ++ &pProcess); /* pProcess*/ ++ ++ if (error == osl_Process_E_None) ++ { ++ error = osl_joinProcess( pProcess ); ++ if (error==osl_Process_E_None) ++ { ++ oslProcessInfo aProcessInfo; ++ aProcessInfo.Size = sizeof(aProcessInfo); ++ error = osl_getProcessInfo( pProcess, osl_Process_EXITCODE, &aProcessInfo ); ++ if (error==osl_Process_E_None) ++ rc = aProcessInfo.Code; ++ } ++ } ++ osl_freeProcessHandle(pProcess); ++ ++ return rc; ++} ++ + //----------------------------------------------------------------------------------------- + // + //----------------------------------------------------------------------------------------- +@@ -157,23 +194,28 @@ + void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aParameter, sal_Int32 /*nFlags*/ ) + throw (IllegalArgumentException, SystemShellExecuteException, RuntimeException) + { +- OStringBuffer aBuffer, aLaunchBuffer; ++ OStringBuffer aOfficeLauncher; ++ OUString aURL; ++ ++ sal_Bool bTryDesktopLauncher = sal_False; + + // DESKTOP_LAUNCH, see http://freedesktop.org/pipermail/xdg/2004-August/004489.html +- static const char *pDesktopLaunch = getenv( "DESKTOP_LAUNCH" ); ++ static const char *pDesktopLauncher = getenv( "DESKTOP_LAUNCH" ); + + // Check wether aCommand contains a document url or not + sal_Int32 nIndex = aCommand.indexOf( OUString( RTL_CONSTASCII_USTRINGPARAM(":/") ) ); + + if( nIndex > 0 || 0 == aCommand.compareToAscii("mailto:", 7) ) + { +- // It seems to be a url .. ++ // It seems to be an url .. ++ if ( pDesktopLauncher && *pDesktopLauncher ) ++ bTryDesktopLauncher = sal_True; ++ + // We need to re-encode file urls because osl_getFileURLFromSystemPath converts + // to UTF-8 before encoding non ascii characters, which is not what other apps + // expect. +- OUString aURL( +- com::sun::star::uri::ExternalUriReferenceTranslator::create( +- m_xContext)->translateToExternal(aCommand)); ++ aURL = com::sun::star::uri::ExternalUriReferenceTranslator::create( ++ m_xContext)->translateToExternal(aCommand); + if ( aURL.getLength() == 0 && aCommand.getLength() != 0 ) + { + throw RuntimeException( +@@ -183,15 +225,17 @@ + + aCommand), + static_cast< cppu::OWeakObject * >(this)); + } +- ++ ++ // URL needs furher changes depending on the launcher ++ // FIXME: Should we try pDesktopLauncher before we modify the URL? + #ifdef MACOSX +- aBuffer.append("open"); ++ aOfficeLauncher.append("open"); + #else + OUString aProgramURL; + if ( osl_Process_E_None != osl_getExecutableFile(&aProgramURL.pData) ) + { + throw SystemShellExecuteException( +- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")), ++ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")), + static_cast < XSystemShellExecute * > (this), ENOENT ); + } + +@@ -199,7 +243,7 @@ + if ( FileBase::E_None != FileBase::getSystemPathFromFileURL(aProgramURL, aProgram)) + { + throw SystemShellExecuteException( +- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")), ++ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")), + static_cast < XSystemShellExecute * > (this), ENOENT ); + } + +@@ -208,7 +252,7 @@ + OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding()); + nIndex = aTmp.lastIndexOf('/'); + if (nIndex > 0) +- aBuffer.append(aTmp.copy(0, nIndex+1)); ++ aOfficeLauncher.append(aTmp.copy(0, nIndex+1)); + + // Respect the desktop environment - if there is an executable named + // <desktop-environement-is>-open-url, pass the url to this one instead +@@ -216,17 +260,17 @@ + if ( m_aDesktopEnvironment.getLength() > 0 ) + { + OString aDesktopEnvironment(m_aDesktopEnvironment.toAsciiLowerCase()); +- OStringBuffer aCopy(aBuffer); ++ OStringBuffer aCopy(aOfficeLauncher); + + aCopy.append(aDesktopEnvironment); + aCopy.append("-open-url"); + + if ( 0 == access( aCopy.getStr(), X_OK) ) + { +- aBuffer.append(aDesktopEnvironment); +- aBuffer.append("-"); ++ aOfficeLauncher.append(aDesktopEnvironment); ++ aOfficeLauncher.append("-"); + +- /* CDE requires file urls to be decoded */ ++ /* CDE requires file urls to be decoded */ + if ( m_aDesktopEnvironment.equals("CDE") && 0 == aURL.compareToAscii("file://", 7) ) + { + aURL = rtl::Uri::decode(aURL, rtl_UriDecodeWithCharset, osl_getThreadTextEncoding()); +@@ -234,44 +278,30 @@ + } + } + +- aBuffer.append("open-url"); ++ aOfficeLauncher.append("open-url"); + #endif +- aBuffer.append(" \'"); +- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aBuffer.append("\'"); +- +- if ( pDesktopLaunch && *pDesktopLaunch ) +- { +- aLaunchBuffer.append( pDesktopLaunch ); +- aLaunchBuffer.append( " \'" ); +- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding())); +- aLaunchBuffer.append( "\'" ); +- } + } else { +- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding())); +- aBuffer.append(" "); +- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding())); ++ aOfficeLauncher.append(OUStringToOString(aCommand, osl_getThreadTextEncoding())); ++ aURL = aParameter; + } + +- // Prefer DESKTOP_LAUNCH when available +- if ( aLaunchBuffer.getLength() > 0 ) ++ if ( bTryDesktopLauncher ) + { +- FILE *pLaunch = popen( aLaunchBuffer.makeStringAndClear().getStr(), "w" ); +- if ( pLaunch != NULL ) +- { +- if ( 0 == pclose( pLaunch ) ) +- return; +- } +- // Failed, do not try DESKTOP_LAUNCH any more +- pDesktopLaunch = NULL; ++ sal_Int32 nErr = tryExecuteProcess( OUString::createFromAscii(pDesktopLauncher), aURL); ++ if ( nErr ) ++ // Failed, do not try DESKTOP_LAUNCH any more ++ pDesktopLauncher = NULL; ++ else ++ return; + } + +- OString cmd = aBuffer.makeStringAndClear(); +- if ( 0 != pclose(popen(cmd.getStr(), "w")) ) ++ OUString aOfficeLauncherOUStr = ::rtl::OStringToOUString(aOfficeLauncher.makeStringAndClear(), osl_getThreadTextEncoding()); ++ sal_Int32 nErr = tryExecuteProcess( aOfficeLauncherOUStr, aURL); ++ if ( nErr ) + { +- int nerr = errno; +- throw SystemShellExecuteException(OUString::createFromAscii( strerror( nerr ) ), +- static_cast < XSystemShellExecute * > (this), nerr ); ++ OUString msg = OUString::createFromAscii( "Failed to execute ") + aOfficeLauncherOUStr; ++ throw SystemShellExecuteException(msg, ++ static_cast < XSystemShellExecute * > (this), nErr ); + } + } + ++++++ ooo-build-2.1.6-starcalc-file-format-parser-2.2.diff ++++++ --- patches/src680/apply +++ patches/src680/apply @@ -405,6 +405,9 @@ hyperlinks-2.1.diff cws-obr04-quotes.diff +# Critical vulnerability in OpenOffice StarCalc file format parser, CVE-2007-0238, n#241652 +starcalc-file-format-parser-2.2.diff + [ QuickStarter ] # External splash screen implementation / 2nd time accelerator # (Old version of these is in CWS unxsplash) --- patches/src680/starcalc-file-format-parser-2.2.diff +++ patches/src680/starcalc-file-format-parser-2.2.diff @@ -0,0 +1,28 @@ +Index: sc/source/filter/starcalc/scflt.cxx +=================================================================== +RCS file: /cvs/sc/sc/source/filter/starcalc/scflt.cxx,v +retrieving revision 1.16 +retrieving revision 1.16.84.1 +diff -u -p -u -p -r1.16 -r1.16.84.1 +--- sc/source/filter/starcalc/scflt.cxx 5 Oct 2006 16:21:16 -0000 1.16 ++++ sc/source/filter/starcalc/scflt.cxx 10 Jan 2007 14:31:00 -0000 1.16.84.1 +@@ -1770,12 +1770,13 @@ void Sc10Import::LoadCol(SCCOL Col, SCTA + rStream >> NoteLen; + if (NoteLen != 0) + { +- sal_Char Note[4096]; +- rStream.Read(Note, NoteLen); +- Note[NoteLen] = 0; +- String aText( SC10TOSTRING(Note)); +- ScPostIt aNote(aText, pDoc); ++ sal_Char* pNote = new sal_Char[NoteLen+1]; ++ rStream.Read(pNote, NoteLen); ++ pNote[NoteLen] = 0; ++ String aText( SC10TOSTRING(pNote)); ++ ScPostIt aNote(aText, pDoc); + pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote ); ++ delete [] pNote; + } + } + pPrgrsBar->Progress(); + ++++++ ooo-build-2.1.6.tar.gz -> ooo-build-2.1.7.tar.gz ++++++ ++++ 3444 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org