--- ooo-build/patches/src680/cws-obr04-quotes.diff.0239 2007-03-30 22:03:58.000000000 +0200
+++ ooo-build/patches/src680/cws-obr04-quotes.diff 2007-03-30 22:03:58.000000000 +0200
@@ -0,0 +1,123 @@
+Index: shell/source/unix/misc/cde-open-url.sh
+===================================================================
+RCS file: /cvs/gsl/shell/source/unix/misc/cde-open-url.sh,v
+retrieving revision 1.3
+retrieving revision 1.3.120.1
+diff -u -p -u -p -r1.3 -r1.3.120.1
+--- shell/source/unix/misc/cde-open-url.sh 27 Sep 2005 12:54:22 -0000 1.3
++++ shell/source/unix/misc/cde-open-url.sh 20 Dec 2006 15:03:24 -0000 1.3.120.1
+@@ -58,5 +58,5 @@ else
+ fi
+
+ if [ -z "$TMPFILE" ]; then exit 1; fi
+-( echo $1 > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) &
++( echo "$1" > "$TMPFILE"; dtaction Open "$TMPFILE"; rm -f "$TMPFILE" ) &
+ exit 0
+Index: shell/source/unix/misc/gnome-open-url.sh
+===================================================================
+RCS file: /cvs/gsl/shell/source/unix/misc/gnome-open-url.sh,v
+retrieving revision 1.3
+retrieving revision 1.3.166.1
+diff -u -p -u -p -r1.3 -r1.3.166.1
+--- shell/source/unix/misc/gnome-open-url.sh 13 May 2005 07:31:07 -0000 1.3
++++ shell/source/unix/misc/gnome-open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.166.1
+@@ -50,6 +50,6 @@ case `uname -s` in
+ esac
+
+ # use gnome-open utility coming with libgnome if available
+-gnome-open $1 2>/dev/null || "$0.bin" $1
++gnome-open "$1" 2>/dev/null || "$0.bin" $1
+
+ exit 0
+Index: shell/source/unix/misc/kde-open-url.sh
+===================================================================
+RCS file: /cvs/gsl/shell/source/unix/misc/kde-open-url.sh,v
+retrieving revision 1.2
+retrieving revision 1.2.254.1
+diff -u -p -u -p -r1.2 -r1.2.254.1
+--- shell/source/unix/misc/kde-open-url.sh 10 May 2004 13:08:06 -0000 1.2
++++ shell/source/unix/misc/kde-open-url.sh 20 Dec 2006 15:03:25 -0000 1.2.254.1
+@@ -51,9 +51,9 @@ esac
+
+ # special handling for mailto: uris
+ if echo $1 | grep '^mailto:' > /dev/null; then
+- kmailservice $1 &
++ kmailservice "$1" &
+ else
+- kfmclient openURL $1 &
++ kfmclient openURL "$1" &
+ fi
+
+ exit 0
+Index: shell/source/unix/misc/open-url.sh
+===================================================================
+RCS file: /cvs/gsl/shell/source/unix/misc/open-url.sh,v
+retrieving revision 1.3
+retrieving revision 1.3.120.2
+diff -u -p -u -p -r1.3 -r1.3.120.2
+--- shell/source/unix/misc/open-url.sh 27 Sep 2005 12:54:42 -0000 1.3
++++ shell/source/unix/misc/open-url.sh 20 Dec 2006 15:03:25 -0000 1.3.120.2
+@@ -96,15 +96,15 @@ esac
+ # special handling for mailto: uris
+ if echo $1 | grep '^mailto:' > /dev/null; then
+ # check $MAILER variable
+- if [ $MAILER ]; then
+- $MAILER $1 &
++ if [ ! -z "$MAILER" ]; then
++ $MAILER "$1" &
+ exit 0
+ else
+ # mozilla derivates may need -remote semantics
+ for i in thunderbird mozilla netscape; do
+ mailer=`which $i`
+ if [ ! -z "$mailer" ]; then
+- run_mozilla $mailer $1
++ run_mozilla "$mailer" "$1"
+ exit 0
+ fi
+ done
+@@ -113,15 +113,15 @@ if echo $1 | grep '^mailto:' > /dev/null
+ fi
+ else
+ # check $BROWSER variable
+- if [ $BROWSER ]; then
+- $BROWSER $1 &
++ if [ ! -z "$BROWSER" ]; then
++ $BROWSER "$1" &
+ exit 0
+ else
+ # mozilla derivates may need -remote semantics
+ for i in firefox mozilla netscape; do
+ browser=`which $i`
+ if [ ! -z "$browser" ]; then
+- run_mozilla $browser $1
++ run_mozilla "$browser" "$1"
+ exit 0
+ fi
+ done
+Index: scp2/source/ooo/file_ooo.scp
+===================================================================
+RCS file: /cvs/installation/scp2/source/ooo/file_ooo.scp,v
+retrieving revision 1.175
+retrieving revision 1.175.10.1
+diff -u -p -u -p -r1.175 -r1.175.10.1
+--- scp2/source/ooo/file_ooo.scp 13 Dec 2006 15:14:08 -0000 1.175
++++ scp2/source/ooo/file_ooo.scp 12 Jan 2007 08:06:00 -0000 1.175.10.1
+@@ -369,7 +369,7 @@ File gid_File_Bin_Gnome_Open_Url
+ BIN_FILE_BODY;
+ Dir = gid_Dir_Program;
+ Name = "gnome-open-url";
+- Styles = (PACKED);
++ Styles = (PACKED, PATCH);
+ End
+
+ File gid_File_Bin_Gnome_Open_Url_Bin
+@@ -383,7 +383,7 @@ File gid_File_Bin_Kde_Open_Url
+ BIN_FILE_BODY;
+ Dir = gid_Dir_Program;
+ Name = "kde-open-url";
+- Styles = (PACKED);
++ Styles = (PACKED, PATCH);
+ End
+
+ File gid_File_Bin_Cde_Open_Url
--- ooo-build/patches/src680/hyperlinks-2.1.diff.0239 2007-03-30 22:03:58.000000000 +0200
+++ ooo-build/patches/src680/hyperlinks-2.1.diff 2007-03-30 22:03:58.000000000 +0200
@@ -0,0 +1,240 @@
+--- shell/source/unix/exec/shellexec.hxx.old 2005-09-07 21:54:18.000000000 +0200
++++ shell/source/unix/exec/shellexec.hxx 2007-02-01 18:41:49.000000000 +0100
+@@ -44,6 +44,10 @@
+ #include <osl/mutex.hxx>
+ #endif
+
++#ifndef _RTL_USTRBUF_HXX_
++#include <rtl/ustrbuf.hxx>
++#endif
++
+ #ifndef _COM_SUN_STAR_LANG_XSERVICEINFO_HPP_
+ #include <com/sun/star/lang/XServiceInfo.hpp>
+ #endif
+@@ -65,6 +69,8 @@
+ ::rtl::OString m_aDesktopEnvironment;
+ ::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext >
+ m_xContext;
++
++ sal_Int32 SAL_CALL tryExecuteProcess( const rtl::OUString& aCommand, const rtl::OUString& aParameter );
+
+ public:
+ ShellExec(const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XComponentContext >& xContext);
+--- shell/source/unix/exec/shellexec.cxx.old 2006-09-17 03:41:54.000000000 +0200
++++ shell/source/unix/exec/shellexec.cxx 2007-02-02 16:03:56.000000000 +0100
+@@ -56,10 +56,6 @@
+ #include <rtl/strbuf.hxx>
+ #endif
+
+-#ifndef _RTL_USTRBUF_HXX_
+-#include <rtl/ustrbuf.hxx>
+-#endif
+-
+ #ifndef _RTL_URI_H_
+ #include <rtl/uri.hxx>
+ #endif
+@@ -124,6 +120,47 @@
+ }
+ }
+
++//------------------------------------------------------------------------
++// helper method
++//------------------------------------------------------------------------
++
++sal_Int32 SAL_CALL ShellExec::tryExecuteProcess( const OUString& aCommand, const OUString& aParameter )
++{
++ OUString aCommandURL;
++ osl::FileBase::getFileURLFromSystemPath(aCommand, aCommandURL);
++
++ rtl_uString *args[] = { aCommandURL.pData, aParameter.pData };
++ oslProcess pProcess = NULL;
++ sal_Int32 rc = 1;
++
++ oslProcessError error = osl_executeProcess(
++ args[0], /* ustrImageName */
++ args+1, /* ustrArguments[] */
++ 1, /* nArguments */
++ osl_Process_WAIT | osl_Process_SEARCHPATH | osl_Process_NORMAL, /* Options */
++ NULL, /* Security */
++ NULL, /* ustrDirectory */
++ NULL, /* ustrEnvironments[] */
++ 0, /* nEnvironmentVars */
++ &pProcess); /* pProcess*/
++
++ if (error == osl_Process_E_None)
++ {
++ error = osl_joinProcess( pProcess );
++ if (error==osl_Process_E_None)
++ {
++ oslProcessInfo aProcessInfo;
++ aProcessInfo.Size = sizeof(aProcessInfo);
++ error = osl_getProcessInfo( pProcess, osl_Process_EXITCODE, &aProcessInfo );
++ if (error==osl_Process_E_None)
++ rc = aProcessInfo.Code;
++ }
++ }
++ osl_freeProcessHandle(pProcess);
++
++ return rc;
++}
++
+ //-----------------------------------------------------------------------------------------
+ //
+ //-----------------------------------------------------------------------------------------
+@@ -157,23 +194,28 @@
+ void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aParameter, sal_Int32 /*nFlags*/ )
+ throw (IllegalArgumentException, SystemShellExecuteException, RuntimeException)
+ {
+- OStringBuffer aBuffer, aLaunchBuffer;
++ OStringBuffer aOfficeLauncher;
++ OUString aURL;
++
++ sal_Bool bTryDesktopLauncher = sal_False;
+
+ // DESKTOP_LAUNCH, see http://freedesktop.org/pipermail/xdg/2004-August/004489.html
+- static const char *pDesktopLaunch = getenv( "DESKTOP_LAUNCH" );
++ static const char *pDesktopLauncher = getenv( "DESKTOP_LAUNCH" );
+
+ // Check wether aCommand contains a document url or not
+ sal_Int32 nIndex = aCommand.indexOf( OUString( RTL_CONSTASCII_USTRINGPARAM(":/") ) );
+
+ if( nIndex > 0 || 0 == aCommand.compareToAscii("mailto:", 7) )
+ {
+- // It seems to be a url ..
++ // It seems to be an url ..
++ if ( pDesktopLauncher && *pDesktopLauncher )
++ bTryDesktopLauncher = sal_True;
++
+ // We need to re-encode file urls because osl_getFileURLFromSystemPath converts
+ // to UTF-8 before encoding non ascii characters, which is not what other apps
+ // expect.
+- OUString aURL(
+- com::sun::star::uri::ExternalUriReferenceTranslator::create(
+- m_xContext)->translateToExternal(aCommand));
++ aURL = com::sun::star::uri::ExternalUriReferenceTranslator::create(
++ m_xContext)->translateToExternal(aCommand);
+ if ( aURL.getLength() == 0 && aCommand.getLength() != 0 )
+ {
+ throw RuntimeException(
+@@ -183,15 +225,17 @@
+ + aCommand),
+ static_cast< cppu::OWeakObject * >(this));
+ }
+-
++
++ // URL needs furher changes depending on the launcher
++ // FIXME: Should we try pDesktopLauncher before we modify the URL?
+ #ifdef MACOSX
+- aBuffer.append("open");
++ aOfficeLauncher.append("open");
+ #else
+ OUString aProgramURL;
+ if ( osl_Process_E_None != osl_getExecutableFile(&aProgramURL.pData) )
+ {
+ throw SystemShellExecuteException(
+- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")),
++ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not determine executable path")),
+ static_cast < XSystemShellExecute * > (this), ENOENT );
+ }
+
+@@ -199,7 +243,7 @@
+ if ( FileBase::E_None != FileBase::getSystemPathFromFileURL(aProgramURL, aProgram))
+ {
+ throw SystemShellExecuteException(
+- OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")),
++ OUString(RTL_CONSTASCII_USTRINGPARAM("Cound not convert executable path")),
+ static_cast < XSystemShellExecute * > (this), ENOENT );
+ }
+
+@@ -208,7 +252,7 @@
+ OString aTmp = OUStringToOString(aProgram, osl_getThreadTextEncoding());
+ nIndex = aTmp.lastIndexOf('/');
+ if (nIndex > 0)
+- aBuffer.append(aTmp.copy(0, nIndex+1));
++ aOfficeLauncher.append(aTmp.copy(0, nIndex+1));
+
+ // Respect the desktop environment - if there is an executable named
+ // <desktop-environement-is>-open-url, pass the url to this one instead
+@@ -216,17 +260,17 @@
+ if ( m_aDesktopEnvironment.getLength() > 0 )
+ {
+ OString aDesktopEnvironment(m_aDesktopEnvironment.toAsciiLowerCase());
+- OStringBuffer aCopy(aBuffer);
++ OStringBuffer aCopy(aOfficeLauncher);
+
+ aCopy.append(aDesktopEnvironment);
+ aCopy.append("-open-url");
+
+ if ( 0 == access( aCopy.getStr(), X_OK) )
+ {
+- aBuffer.append(aDesktopEnvironment);
+- aBuffer.append("-");
++ aOfficeLauncher.append(aDesktopEnvironment);
++ aOfficeLauncher.append("-");
+
+- /* CDE requires file urls to be decoded */
++ /* CDE requires file urls to be decoded */
+ if ( m_aDesktopEnvironment.equals("CDE") && 0 == aURL.compareToAscii("file://", 7) )
+ {
+ aURL = rtl::Uri::decode(aURL, rtl_UriDecodeWithCharset, osl_getThreadTextEncoding());
+@@ -234,44 +278,30 @@
+ }
+ }
+
+- aBuffer.append("open-url");
++ aOfficeLauncher.append("open-url");
+ #endif
+- aBuffer.append(" \'");
+- aBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
+- aBuffer.append("\'");
+-
+- if ( pDesktopLaunch && *pDesktopLaunch )
+- {
+- aLaunchBuffer.append( pDesktopLaunch );
+- aLaunchBuffer.append( " \'" );
+- aLaunchBuffer.append(OUStringToOString(aURL, osl_getThreadTextEncoding()));
+- aLaunchBuffer.append( "\'" );
+- }
+ } else {
+- aBuffer.append(OUStringToOString(aCommand, osl_getThreadTextEncoding()));
+- aBuffer.append(" ");
+- aBuffer.append(OUStringToOString(aParameter, osl_getThreadTextEncoding()));
++ aOfficeLauncher.append(OUStringToOString(aCommand, osl_getThreadTextEncoding()));
++ aURL = aParameter;
+ }
+
+- // Prefer DESKTOP_LAUNCH when available
+- if ( aLaunchBuffer.getLength() > 0 )
++ if ( bTryDesktopLauncher )
+ {
+- FILE *pLaunch = popen( aLaunchBuffer.makeStringAndClear().getStr(), "w" );
+- if ( pLaunch != NULL )
+- {
+- if ( 0 == pclose( pLaunch ) )
+- return;
+- }
+- // Failed, do not try DESKTOP_LAUNCH any more
+- pDesktopLaunch = NULL;
++ sal_Int32 nErr = tryExecuteProcess( OUString::createFromAscii(pDesktopLauncher), aURL);
++ if ( nErr )
++ // Failed, do not try DESKTOP_LAUNCH any more
++ pDesktopLauncher = NULL;
++ else
++ return;
+ }
+
+- OString cmd = aBuffer.makeStringAndClear();
+- if ( 0 != pclose(popen(cmd.getStr(), "w")) )
++ OUString aOfficeLauncherOUStr = ::rtl::OStringToOUString(aOfficeLauncher.makeStringAndClear(), osl_getThreadTextEncoding());
++ sal_Int32 nErr = tryExecuteProcess( aOfficeLauncherOUStr, aURL);
++ if ( nErr )
+ {
+- int nerr = errno;
+- throw SystemShellExecuteException(OUString::createFromAscii( strerror( nerr ) ),
+- static_cast < XSystemShellExecute * > (this), nerr );
++ OUString msg = OUString::createFromAscii( "Failed to execute ") + aOfficeLauncherOUStr;
++ throw SystemShellExecuteException(msg,
++ static_cast < XSystemShellExecute * > (this), nErr );
+ }
+ }
+
--- ooo-build/patches/src680/apply.0239 2007-03-30 22:02:43.000000000 +0200
+++ ooo-build/patches/src680/apply 2007-03-30 22:03:58.000000000 +0200
@@ -396,6 +396,10 @@
# Added support for "application/octet-stream" mime type in package manager
desktop-application-octet-stream-mime-type.diff, i#73301, flr
+[ Fixes ]
+# Security issue with hyper links, CVE-2007-0239 (also mdv#29975, n#241636)
+hyperlinks-2.1.diff
+cws-obr04-quotes.diff
# extrusion depth fix
svx-extrusion-depth-fix.diff, n#229874, rodo
distrib
>
Mandriva
>
2007.1
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
b3c414f748b0545573f927085335bbd2
>
files
>
32
