./packages/openofficeorg/3.2/unstable r2000: fix CVE-2010-0395

To: debian-openoffice@lists.debian.org
Subject: ./packages/openofficeorg/3.2/unstable r2000: fix CVE-2010-0395
From: Rene Engelhard <rene@debian.org>
Date: Tue, 01 Jun 2010 17:09:32 +0200
Message-id: <[🔎] E1OKq18-00055g-TV@alioth.debian.org>

------------------------------------------------------------
revno: 2000
committer: Rene Engelhard <rene@debian.org>
branch nick: debian
timestamp: Tue 2010-06-01 17:09:32 +0200
message:
  fix CVE-2010-0395
added:
  patches/avoid-execution-of-python-macros-when-browsing.diff
modified:
  changelog
  patches/series

=== modified file 'changelog'
--- a/changelog	2010-05-27 22:44:58 +0000
+++ b/changelog	2010-06-01 15:09:32 +0000
@@ -1,15 +1,17 @@
-openoffice.org (1:3.2.0-11) UNRELEASED; urgency=low
+openoffice.org (1:3.2.0-11) UNRELEASED; urgency=high
 
   * debian/patches/extensions-mozilla-plugin-pc-if-libxul.diff: remove
     again ..
   * debian/patches/fix-bashisms-in-configure.diff: in favour of the
     correct fix (== vs. = breaking with dash)
+  * debian/patches/avoid-execution-of-python-macros-when-browsing.diff:
+    avoid execution of python code when browsing macros (CVE-2010-0395)
 
   * debian/rules:
     - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
       to actually add it to OOO_MOZILLA_ARCHS 
 
- -- Rene Engelhard <rene@debian.org>  Fri, 28 May 2010 00:19:08 +0200
+ -- Rene Engelhard <rene@debian.org>  Mon, 31 May 2010 22:50:07 +0200
 
 openoffice.org (1:3.2.0-10) unstable; urgency=low
 

=== added file 'patches/avoid-execution-of-python-macros-when-browsing.diff'
--- a/patches/avoid-execution-of-python-macros-when-browsing.diff	1970-01-01 00:00:00 +0000
+++ b/patches/avoid-execution-of-python-macros-when-browsing.diff	2010-06-01 15:09:32 +0000
@@ -0,0 +1,125 @@
+diff --git a/patches/dev300/apply b/patches/dev300/apply
+index a6011bb..38ddf8a 100644
+--- openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
+@@ -18,7 +18,7 @@
+ 	 OOXML, OOXMLExport, SVGImport, FrameworkFeature, UnitTesting, \
+ 	 PopupRemoval, LinkWarningDlg, InternalCairo, Lockdown, \
+ 	 FedoraCommonFixes, InternalMesaHeaders, LayoutDialogs, Fuzz, \
+-	 CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes
++	 CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes, Security
+ 
+ LinuxCommon : Common, Defaults, TangoIcons, FontConfigTemporaryHacks, \
+ 	      FedoraLinuxOnlyFixes, LinuxOnly, SystemBits, \
+@@ -3599,3 +3599,6 @@ stream-read-csv-always-single-line.diff, n#523517, kohei
+ cws-koheiextref01-sc.diff,     kohei
+ cws-koheiextref01-offapi.diff, kohei
+ cws-koheiextref01-oox.diff,    kohei
++
++[ Security ]
++pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff
+--- /dev/null	2010-04-14 03:44:50.008165136 +0200
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff	2010-04-16 21:28:06.000000000 +0200
+@@ -0,0 +1,102 @@
++--- scripting.orig/source/pyprov/pythonscript.py	2010-03-08 15:47:10.000000000 +0000
+++++ scripting/source/pyprov/pythonscript.py	2010-03-08 20:39:32.000000000 +0000
++@@ -5,6 +5,7 @@
++ import os
++ import imp
++ import time
+++import compiler
++ 
++ class LogLevel:
++     NONE = 0
++@@ -340,6 +341,32 @@
++             ret = url[0:pos]+ package.transientPathElement + "/" + url[pos:len(url)]
++         log.isDebugLevel() and log.debug( "getStorageUrlFromPersistentUrl " + url + " -> "+ ret)
++         return ret
+++
+++    def getFuncsByUrl( self, url ):
+++        src = readTextFromStream( self.sfa.openFileRead( url ) )
+++        checkForPythonPathBesideScript( url[0:url.rfind('/')] )
+++        src = ensureSourceState( src )
+++
+++        code = compiler.parse( src )
+++
+++        allFuncs = []
+++
+++        if code == None:
+++            return allFuncs
+++        
+++        g_exportedScripts = []
+++        for node in code.node.nodes:
+++            if node.__class__.__name__ == 'Function':
+++                allFuncs.append(node.name)
+++            elif node.__class__.__name__ == 'Assign':
+++                for assignee in node.nodes:
+++                    if assignee.name == 'g_exportedScripts':
+++                        for item in node.expr:
+++                            if item.__class__.__name__ == 'Name':
+++                                g_exportedScripts.append(item.name)
+++                        return g_exportedScripts
+++
+++        return allFuncs
++     
++     def getModuleByUrl( self, url ):
++         entry =  self.modules.get(url)
++@@ -382,11 +409,10 @@
++     
++ #-------------------------------------------------------
++ class ScriptBrowseNode( unohelper.Base, XBrowseNode , XPropertySet, XInvocation, XActionListener ):
++-    def __init__( self, provCtx, uri, fileName, funcName, func ):
+++    def __init__( self, provCtx, uri, fileName, funcName ):
++         self.fileName = fileName
++         self.funcName = funcName
++         self.provCtx = provCtx
++-        self.func = func
++         self.uri = uri
++         
++     def getName( self ):
++@@ -407,8 +433,6 @@
++             if name == "URI":
++                 ret = self.provCtx.uriHelper.getScriptURI(
++                     self.provCtx.getPersistentUrlFromStorageUrl( self.uri + "$" + self.funcName ) )
++-            elif name == "Description":
++-                ret = getattr( self.func, "__doc__", None )
++             elif name == "Editable" and ENABLE_EDIT_DIALOG:
++                 ret = not self.provCtx.sfa.isReadOnly( self.uri )
++         
++@@ -506,7 +530,7 @@
++         self.provCtx = provCtx
++         self.uri = uri
++         self.name = name
++-        self.module = None
+++        self.funcnames = None
++         
++     def getName( self ):
++         return self.name
++@@ -514,21 +538,14 @@
++     def getChildNodes(self):
++         ret = ()
++         try:
++-            self.module = self.provCtx.getModuleByUrl( self.uri )
++-            values = self.module.__dict__.get( CALLABLE_CONTAINER_NAME , None )
+++            self.funcnames = self.provCtx.getFuncsByUrl( self.uri )
++             
++-            # no g_exportedScripts, export every function
++-            if not isinstance(values, type(())):
++-                values = self.module.__dict__.values()
++-                    
++             scriptNodeList = []
++-            for i in values:
++-                if isScript( i ):
++-                    scriptNodeList.append(
++-                        ScriptBrowseNode(
++-                        self.provCtx, self.uri, self.name, i.__name__, i  ))
+++            for i in self.funcnames:
+++                scriptNodeList.append(
+++                    ScriptBrowseNode(
+++                    self.provCtx, self.uri, self.name, i ))
++             ret = tuple( scriptNodeList )
++-            # must compile  !
++             log.isDebugLevel() and log.debug( "returning " +str(len(ret)) + " ScriptChildNodes on " + self.uri )
++         except Exception, e:
++             text = lastException2String()
++

=== modified file 'patches/series'
--- a/patches/series	2010-05-27 22:44:58 +0000
+++ b/patches/series	2010-06-01 15:09:32 +0000
@@ -15,3 +15,4 @@
 fix-system-mythes-for-mythes-1.2.diff
 kde4-redraw-status-bar.diff
 fix-bashisms-in-configure.diff
+avoid-execution-of-python-macros-when-browsing.diff

Reply to:

Prev by Date: ./packages/openofficeorg/3.2/unstable r2001: re-add $(STAMP_DIR) rm -rf which went to somewhere...
Next by Date: ./packages/openofficeorg/3.2/unstable r2002: -11
Previous by thread: ./packages/openofficeorg/3.2/unstable r2001: re-add $(STAMP_DIR) rm -rf which went to somewhere...
Next by thread: ./packages/openofficeorg/3.2/unstable r2002: -11
Index(es):
- Date
- Thread