fixing CVE-2010-0395 for testing
Hi,
same procesdure like last time. A few dasys (here: 2) before security
disclosure something happens[1] which blocks sid->testing migration
(and thus the security fix) for unknown time.
I could have uploaded 1:3.2.1-11 to sid just it won't go into testing
due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584545 and even
if that would be fixed we'd wait behind gcc-defaults which waits for
gcc-4.4 which waits for eglibc. And OOo 3.2.1 also has important fixes,
so I decided to upload that to sid directly.
As said, I am fixing sid using 1:3.2.1-1 (currently uploading) and would
like to upload the following changes (diff attached) to t-p-u or t-s
(whatever is more appropriate) to get the security fix (and the other
important stuff there) fixed asap in testing, too.
openoffice.org (1:3.2.0-11) unstable; urgency=high
* debian/patches/extensions-mozilla-plugin-pc-if-libxul.diff: remove
again ..
* debian/patches/fix-bashisms-in-configure.diff: in favour of the
correct fix (== vs. = breaking with dash)
* debian/patches/avoid-execution-of-python-macros-when-browsing.diff:
avoid execution of python code when browsing macros (CVE-2010-0395)
* debian/rules:
- fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
to actually add it to OOO_MOZILLA_ARCHS
-- Rene Engelhard <rene@debian.org> Mon, 31 May 2010 22:50:07 +0200
(I of course will fix the .changes to contain testing or testing-security)
The 1:3.2.0-11~bpo50+1 upload to lenny-backports (which was created
together with this one as -11 to sid sttill sounded feasibly) is basing
on that changes, too. [ formorer allowed me to upload it today
nevertheless as an exception ]
Note that -10 added a build-dep on the external mythes lib, so we'd
need mythes migrated to testing.
Comments?
Gr??e/Regards,
Ren?
--
.''`. Ren? Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' rene@debian.org | GnuPG-Key ID: D03E3E70
`- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70
diff -urN debian-10/changelog debian-11//changelog
--- debian-10/changelog 2010-05-25 19:32:59.000000000 +0200
+++ debian-11//changelog 2010-05-31 22:51:07.000000000 +0200
@@ -1,3 +1,18 @@
+openoffice.org (1:3.2.0-11) unstable; urgency=high
+
+ * debian/patches/extensions-mozilla-plugin-pc-if-libxul.diff: remove
+ again ..
+ * debian/patches/fix-bashisms-in-configure.diff: in favour of the
+ correct fix (== vs. = breaking with dash)
+ * debian/patches/avoid-execution-of-python-macros-when-browsing.diff:
+ avoid execution of python code when browsing macros (CVE-2010-0395)
+
+ * debian/rules:
+ - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
+ to actually add it to OOO_MOZILLA_ARCHS
+
+ -- Rene Engelhard <rene@debian.org> Mon, 31 May 2010 22:50:07 +0200
+
openoffice.org (1:3.2.0-10) unstable; urgency=low
* debian/patches/cws-kfreebsdport01v2.diff: update to fix SDK for
diff -urN debian-10/control debian-11//control
--- debian-10/control 2010-05-25 17:30:35.000000000 +0200
+++ debian-11//control 2010-05-31 22:50:30.000000000 +0200
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian OpenOffice Team <debian-openoffice@lists.debian.org>
Uploaders: Chris Halls <halls@debian.org>, Rene Engelhard <rene@debian.org>
-Build-Depends: lsb-release, bzip2, bison (>= 1:1.875a), flex | flex-old, libpam0g-dev, libxaw7-dev, unzip, zip, autoconf, sharutils, pkg-config, libfontconfig1-dev, binutils (>= 2.14.90.0.6-3) [sparc], libc6 (>= 2.3.2) [powerpc], libc0.1 (>= 2.10.2-7) [kfreebsd-i386 kfreebsd-amd64], zlib1g-dev, libfreetype6-dev, libx11-dev, libsm-dev, libxt-dev, libxext-dev, libxtst-dev, libice-dev, libsane-dev, libxrender-dev, libcups2-dev, libarchive-zip-perl, libpng12-dev, libjpeg-dev, libxml2-dev, libexpat1-dev, fastjar, xsltproc, imagemagick, libxkbfile-dev, libxinerama-dev, x11proto-render-dev, unixodbc-dev (>= 2.2.11), libxml-parser-perl, gperf, libpq-dev, po-debconf, , g++ (>> 4.3.0) [s390], gcc (>> 4.3.0) [s390] , g++-4.4 (>= 4.4.2-5) [armel] , dpkg-dev (>= 1.15.1) , libgl1-mesa-dev [i386 powerpc s390 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 ppc64 s390x sparc], libglu1-mesa-dev [i386 powerpc s390 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 ppc64 s390x sparc] , libpoppler-dev (>= 0.8.0) , libgraphite-dev [i386 m68k mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcurl4-gnutls-dev , libssl-dev , libdb-dev , python-central (>= 0.5) , python-dev, python-all , debhelper (>= 7.2.3~) , openjdk-6-jdk [i386 powerpc s390 alpha amd64 armel ppc64 s390x sparc] , gcj-jdk [i386 mips mipsel s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 s390x sparc], libgcj-common (>= 1:4.4.1) [i386 mips mipsel s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 s390x sparc] , ant (>= 1.7.0) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], ant-optional (>= 1.7.0) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , gcc-mingw32 [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], mingw32-runtime [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcommons-codec-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-httpclient-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-lang-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-logging-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libservlet2.5-java , libbase-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libsac-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libxml-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libflute-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libpentaho-reporting-flow-engine-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], liblayout-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libloader-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libformula-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], librepository-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libfonts-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libserializer-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcommons-logging-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libservlet2.5-java , xulrunner-dev [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , dmake (>= 1:4.11) , mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386], libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386], mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386], cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386] , libhunspell-dev (>= 1.1.5-2) , libhyphen-dev (>= 2.4) , libstlport4.6-dev (>= 4.6.2-3) [i386] , libboost-dev (>= 1.38) , libvigraimpex-dev , libwpd8-dev (>= 0.8.3-3) , libmythes-dev (>= 2:1.2) , libwps-dev , libwpg-dev , libicu-dev (>= 4.0) , libxslt1-dev , libcairo2-dev , kdelibs5-dev (>= 4:4.3.4) , libqt4-dev (>= 4.5) , libmysqlclient-dev , libmysqlcppconn-dev (>= 1.1.0~r791) [i386 m68k mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libebook1.2-dev , libxrandr-dev , liblucene2-java (>= 2.3.2) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libhsqldb-java (>> 1.8.0.10) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , bsh (>= 2.0b4) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , liblpsolve55-dev (>= 5.5.0.13-5+b1), lp-solve (>= 5.5.0.13-5+b1) , libsuitesparse-dev (>= 1:3.4.0) , libdbus-glib-1-dev (>= 0.60) , libgstreamer-plugins-base0.10-dev , libneon27-gnutls-dev , librdf0-dev (>= 1.0.8) , libgtk2.0-dev (>= 2.10) , libgnomevfs2-dev , libgconf2-dev , libldap2-dev
+Build-Depends: lsb-release, bzip2, bison (>= 1:1.875a), flex | flex-old, libpam0g-dev, libxaw7-dev, unzip, zip, autoconf, sharutils, pkg-config, libfontconfig1-dev, binutils (>= 2.14.90.0.6-3) [sparc], libc6 (>= 2.3.2) [powerpc], libc0.1 (>= 2.10.2-7) [kfreebsd-i386 kfreebsd-amd64], zlib1g-dev, libfreetype6-dev, libx11-dev, libsm-dev, libxt-dev, libxext-dev, libxtst-dev, libice-dev, libsane-dev, libxrender-dev, libcups2-dev, libarchive-zip-perl, libpng12-dev, libjpeg-dev, libxml2-dev, libexpat1-dev, fastjar, xsltproc, imagemagick, libxkbfile-dev, libxinerama-dev, x11proto-render-dev, unixodbc-dev (>= 2.2.11), libxml-parser-perl, gperf, libpq-dev, po-debconf, , g++ (>> 4.3.0) [s390], gcc (>> 4.3.0) [s390] , g++-4.4 (>= 4.4.2-5) [armel] , dpkg-dev (>= 1.15.1) , libgl1-mesa-dev [i386 powerpc s390 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 ppc64 s390x sparc], libglu1-mesa-dev [i386 powerpc s390 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 ppc64 s390x sparc] , libpoppler-dev (>= 0.8.0) , libgraphite-dev [i386 m68k mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcurl4-gnutls-dev , libssl-dev , libdb-dev , python-central (>= 0.5) , python-dev, python-all , debhelper (>= 7.2.3~) , openjdk-6-jdk [i386 powerpc s390 alpha amd64 armel ppc64 s390x sparc] , gcj-jdk [i386 mips mipsel s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 s390x sparc], libgcj-common (>= 1:4.4.1) [i386 mips mipsel s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 s390x sparc] , ant (>= 1.7.0) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], ant-optional (>= 1.7.0) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , gcc-mingw32 [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], mingw32-runtime [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcommons-codec-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-httpclient-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-lang-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libcommons-logging-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libservlet2.5-java , libbase-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libsac-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libxml-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libflute-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libpentaho-reporting-flow-engine-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], liblayout-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libloader-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libformula-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], librepository-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libfonts-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libserializer-java-openoffice.org [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libcommons-logging-java [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libservlet2.5-java , xulrunner-dev [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc], libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , dmake (>= 1:4.11) , mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64], libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64], mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64], cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64] , libhunspell-dev (>= 1.1.5-2) , libhyphen-dev (>= 2.4) , libstlport4.6-dev (>= 4.6.2-3) [i386] , libboost-dev (>= 1.38) , libvigraimpex-dev , libwpd8-dev (>= 0.8.3-3) , libmythes-dev (>= 2:1.2) , libwps-dev , libwpg-dev , libicu-dev (>= 4.0) , libxslt1-dev , libcairo2-dev , kdelibs5-dev (>= 4:4.3.4) , libqt4-dev (>= 4.5) , libmysqlclient-dev , libmysqlcppconn-dev (>= 1.1.0~r791) [i386 m68k mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libebook1.2-dev , libxrandr-dev , liblucene2-java (>= 2.3.2) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , libhsqldb-java (>> 1.8.0.10) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , bsh (>= 2.0b4) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc] , liblpsolve55-dev (>= 5.5.0.13-5+b1), lp-solve (>= 5.5.0.13-5+b1) , libsuitesparse-dev (>= 1:3.4.0) , libdbus-glib-1-dev (>= 0.60) , libgstreamer-plugins-base0.10-dev , libneon27-gnutls-dev , librdf0-dev (>= 1.0.8) , libgtk2.0-dev (>= 2.10) , libgnomevfs2-dev , libgconf2-dev , libldap2-dev
Build-Depends-Indep: fdupes, xml-core, netpbm, , libtextcat-data-utf8
Build-Conflicts: libcairo2 (= 1.4.8-1), libxul-dev (= 1.8.0.13~pre070720-0etch1), gjdoc (= 0.7.8-2), libc6-dev (= 2.6.1-3) [i386 amd64], libc6-dev (= 2.6.1-4) [i386 amd64], nvidia-glx-dev, nvidia-glx-legacy-dev, libmono-dev (= 1.2.6+dfsg-1), libmono-dev (= 1.2.6+dfsg-2), libmono-dev (= 1.2.6+dfsg-3), libmono-dev (= 1.2.6+dfsg-4), libmono-dev (= 2.4+dfsg-2) [sparc], gcj-4.2 (= 4.2.2-6), flex (= 2.5.34-1) [amd64], libboost1.39-dev (<< 1.39.0-2), graphicsmagick-imagemagick-compat (<< 1.3.9~), ant (= 1.8.0-1) [hppa ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel], ant (= 1.8.0-2) [hppa ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel], ant (= 1.8.0-3) [hppa ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel], base-files (= 5)
Standards-Version: 3.8.4
@@ -3362,7 +3362,7 @@
Package: cli-uno-bridge
Section: cli-mono
-Architecture: i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386
+Architecture: i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64
Depends: ${shlibs:Depends}, openoffice.org-core (>> ${base-version}), libuno-cli-basetypes1.0-cil, libuno-cli-uretypes1.0-cil, libuno-cli-oootypes1.0-cil, libuno-cli-cppuhelper1.0-cil, libuno-cli-ure1.0-cil, ${cli:Depends}, ${misc:Depends}
Conflicts: libuno-cil, libuno-cli-types1.1-cil
Provides: libuno-cil
diff -urN debian-10/patches/avoid-execution-of-python-macros-when-browsing.diff debian-11//patches/avoid-execution-of-python-macros-when-browsing.diff
--- debian-10/patches/avoid-execution-of-python-macros-when-browsing.diff 1970-01-01 01:00:00.000000000 +0100
+++ debian-11//patches/avoid-execution-of-python-macros-when-browsing.diff 2010-05-31 22:52:41.000000000 +0200
@@ -0,0 +1,125 @@
+diff --git a/patches/dev300/apply b/patches/dev300/apply
+index a6011bb..38ddf8a 100644
+--- openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
+@@ -18,7 +18,7 @@
+ OOXML, OOXMLExport, SVGImport, FrameworkFeature, UnitTesting, \
+ PopupRemoval, LinkWarningDlg, InternalCairo, Lockdown, \
+ FedoraCommonFixes, InternalMesaHeaders, LayoutDialogs, Fuzz, \
+- CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes
++ CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes, Security
+
+ LinuxCommon : Common, Defaults, TangoIcons, FontConfigTemporaryHacks, \
+ FedoraLinuxOnlyFixes, LinuxOnly, SystemBits, \
+@@ -3599,3 +3599,6 @@ stream-read-csv-always-single-line.diff, n#523517, kohei
+ cws-koheiextref01-sc.diff, kohei
+ cws-koheiextref01-offapi.diff, kohei
+ cws-koheiextref01-oox.diff, kohei
++
++[ Security ]
++pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff
+--- /dev/null 2010-04-14 03:44:50.008165136 +0200
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff 2010-04-16 21:28:06.000000000 +0200
+@@ -0,0 +1,102 @@
++--- scripting.orig/source/pyprov/pythonscript.py 2010-03-08 15:47:10.000000000 +0000
+++++ scripting/source/pyprov/pythonscript.py 2010-03-08 20:39:32.000000000 +0000
++@@ -5,6 +5,7 @@
++ import os
++ import imp
++ import time
+++import compiler
++
++ class LogLevel:
++ NONE = 0
++@@ -340,6 +341,32 @@
++ ret = url[0:pos]+ package.transientPathElement + "/" + url[pos:len(url)]
++ log.isDebugLevel() and log.debug( "getStorageUrlFromPersistentUrl " + url + " -> "+ ret)
++ return ret
+++
+++ def getFuncsByUrl( self, url ):
+++ src = readTextFromStream( self.sfa.openFileRead( url ) )
+++ checkForPythonPathBesideScript( url[0:url.rfind('/')] )
+++ src = ensureSourceState( src )
+++
+++ code = compiler.parse( src )
+++
+++ allFuncs = []
+++
+++ if code == None:
+++ return allFuncs
+++
+++ g_exportedScripts = []
+++ for node in code.node.nodes:
+++ if node.__class__.__name__ == 'Function':
+++ allFuncs.append(node.name)
+++ elif node.__class__.__name__ == 'Assign':
+++ for assignee in node.nodes:
+++ if assignee.name == 'g_exportedScripts':
+++ for item in node.expr:
+++ if item.__class__.__name__ == 'Name':
+++ g_exportedScripts.append(item.name)
+++ return g_exportedScripts
+++
+++ return allFuncs
++
++ def getModuleByUrl( self, url ):
++ entry = self.modules.get(url)
++@@ -382,11 +409,10 @@
++
++ #-------------------------------------------------------
++ class ScriptBrowseNode( unohelper.Base, XBrowseNode , XPropertySet, XInvocation, XActionListener ):
++- def __init__( self, provCtx, uri, fileName, funcName, func ):
+++ def __init__( self, provCtx, uri, fileName, funcName ):
++ self.fileName = fileName
++ self.funcName = funcName
++ self.provCtx = provCtx
++- self.func = func
++ self.uri = uri
++
++ def getName( self ):
++@@ -407,8 +433,6 @@
++ if name == "URI":
++ ret = self.provCtx.uriHelper.getScriptURI(
++ self.provCtx.getPersistentUrlFromStorageUrl( self.uri + "$" + self.funcName ) )
++- elif name == "Description":
++- ret = getattr( self.func, "__doc__", None )
++ elif name == "Editable" and ENABLE_EDIT_DIALOG:
++ ret = not self.provCtx.sfa.isReadOnly( self.uri )
++
++@@ -506,7 +530,7 @@
++ self.provCtx = provCtx
++ self.uri = uri
++ self.name = name
++- self.module = None
+++ self.funcnames = None
++
++ def getName( self ):
++ return self.name
++@@ -514,21 +538,14 @@
++ def getChildNodes(self):
++ ret = ()
++ try:
++- self.module = self.provCtx.getModuleByUrl( self.uri )
++- values = self.module.__dict__.get( CALLABLE_CONTAINER_NAME , None )
+++ self.funcnames = self.provCtx.getFuncsByUrl( self.uri )
++
++- # no g_exportedScripts, export every function
++- if not isinstance(values, type(())):
++- values = self.module.__dict__.values()
++-
++ scriptNodeList = []
++- for i in values:
++- if isScript( i ):
++- scriptNodeList.append(
++- ScriptBrowseNode(
++- self.provCtx, self.uri, self.name, i.__name__, i ))
+++ for i in self.funcnames:
+++ scriptNodeList.append(
+++ ScriptBrowseNode(
+++ self.provCtx, self.uri, self.name, i ))
++ ret = tuple( scriptNodeList )
++- # must compile !
++ log.isDebugLevel() and log.debug( "returning " +str(len(ret)) + " ScriptChildNodes on " + self.uri )
++ except Exception, e:
++ text = lastException2String()
++
diff -urN debian-10/patches/extensions-mozilla-plugin-pc-if-libxul.diff debian-11//patches/extensions-mozilla-plugin-pc-if-libxul.diff
--- debian-10/patches/extensions-mozilla-plugin-pc-if-libxul.diff 2010-05-20 19:33:14.000000000 +0200
+++ debian-11//patches/extensions-mozilla-plugin-pc-if-libxul.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,36 +0,0 @@
-diff --git a/patches/dev300/apply b/patches/dev300/apply
-index 916afff..1d3731c 100644
---- openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
-+++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply
-@@ -427,6 +427,10 @@
- # .. and fix 64bit archs
- plugin.long.diff, i#110747, cmc
-
-+[ DebianBaseOnly and TemporaryHacks ]
-+extensions-mozilla-plugin-pc-if-libxul.diff
-+
-+[ Fixes ]
- # sd printing fixes
- printing-bugfix-254573.diff, n#254573, rodo
-
---- /dev/null 2010-05-02 17:01:50.016998199 +0200
-+++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/extensions-mozilla-plugin-pc-if-libxul.diff 2010-05-13 19:02:36.000000000 +0200
-@@ -0,0 +1,18 @@
-+diff --git a/extensions/source/plugin/util/makefile.pmk b/extensions/source/plugin/util/makefile.pmk
-+--- extensions/source/plugin/util/makefile.pmk
-++++ extensions/source/plugin/util/makefile.pmk
-+@@ -30,8 +30,14 @@
-+
-+ .IF "$(SYSTEM_MOZILLA)" == "YES"
-+ CFLAGS+=-DSYSTEM_MOZILLA
-++# for libxul (newer xulrunners) the .pc file is mozilla-plugin, libxul-plugin
-++# doesn't exist
-++.IF "$(MOZ_FLAVOUR)" == "libxul"
-++PKGCONFIG_MODULES+=mozilla-plugin
-++.ELSE
-+ PKGCONFIG_MODULES+=$(MOZ_FLAVOUR)-plugin
-+ .ENDIF
-++.ENDIF
-+
-+ .IF "$(GUIBASE)" == "unx" && "$(ENABLE_GTK)" == "TRUE"
-+ CDEFS+=-DENABLE_GTK
diff -urN debian-10/patches/fix-bashisms-in-configure.diff debian-11//patches/fix-bashisms-in-configure.diff
--- debian-10/patches/fix-bashisms-in-configure.diff 1970-01-01 01:00:00.000000000 +0100
+++ debian-11//patches/fix-bashisms-in-configure.diff 2010-05-28 00:38:49.000000000 +0200
@@ -0,0 +1,112 @@
+--- openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply 2010-05-28 00:37:41.000000000 +0200
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/apply 2010-05-28 00:37:54.000000000 +0200
+@@ -3393,6 +3393,8 @@
+ # fixes crasher in xml parser
+ unoxml-fix-empty-xmlns.diff, rodo
+ configure-fix-lpsolve-depends.diff, janneke
++# fix bashisms in configure.in (== vs. =)
++configure-test-operator.diff, i#107645, rengelha
+ build-fix-xulrunner-npapi-inc.diff, janneke
+ toolkit-proper-erase-fix.diff, i#106575, thorsten
+
+--- /dev/null 2010-05-24 16:58:35.275686347 +0200
++++ openoffice.org-3.2.0/ooo-build-3-2-0-10/patches/dev300/configure-test-operator.diff 2010-05-28 00:27:55.000000000 +0200
+@@ -0,0 +1,98 @@
++diff --git a/configure.in b/configure.in
++--- configure.in
+++++ configure.in
++@@ -3049,7 +3049,7 @@
++
++ if test "$SOLAR_JAVA" != ""; then
++ dnl first check if we have been asked to autodetect JAVA_HOME with a recent gij
++- if test "$JDK" == "gcj" -a -z "$JAVA_HOME"; then
+++ if test "$JDK" = "gcj" -a -z "$JAVA_HOME"; then
++ if test "x$with_jdk_home" = "x" -a "$_gij_longver" -ge "50000"; then
++ cat > findhome.java <<_ACEOF
++ [import java.io.File;
++@@ -3137,7 +3137,7 @@
++ echo "JAVA_HOME was not explicitly informed with --with-jdk-home. the configure script" >> warn
++ echo "attempted to find JAVA_HOME automatically, but apparently it failed" >> warn
++ echo "in case JAVA_HOME is incorrectly set, some projects with not be built correctly" >> warn
++-# if test "$JDK" == "gcj"; then
+++# if test "$JDK" = "gcj"; then
++ # echo "e.g. install java-1.4.2-gcj-compat-devel and use --with-jdk-home=/usr/lib/jvm/java-1.4.2-gcj" >> warn
++ # fi
++ fi
++@@ -3731,7 +3731,7 @@
++ if test -n "$with_system_libxslt" -o -n "$with_system_libs" && \
++ test "$with_system_libxslt" != "no"; then
++ if test -z "$with_system_libxml" -a -z "$with_system_libs" || \
++- test "$with_system_libxml" == "no"; then
+++ test "$with_system_libxml" = "no"; then
++ # somehow AC_MSG_WARN won't work...
++ echo "to prevent incompatibilities between internal libxml2 and libxslt, the office will be build with system-libxml"
++ echo "to prevent incompatibilities between internal libxml2 and libxslt, the office will be build with system-libxml" >> warn
++@@ -3741,7 +3741,7 @@
++ if test -n "$with_system_libxml" -o -n "$with_system_libs" && \
++ test "$with_system_libxml" != "no"; then
++ if test -z "$with_system_libxslt" -a -z "$with_system_libs" || \
++- test "$with_system_libxslt" == "no"; then
+++ test "$with_system_libxslt" = "no"; then
++ # somehow AC_MSG_WARN won't work...
++ echo "to prevent incompatibilities between internal libxslt and libxml2, the office will be build with system-libxslt"
++ echo "to prevent incompatibilities between internal libxslt and libxml2, the office will be build with system-libxslt" >> warn
++@@ -4443,7 +4443,7 @@
++
++ #e.g. http://fedoraproject.org/wiki/Releases/FeatureXULRunnerAPIChanges
++ #the plugin pkg-config etc. reverts to "mozilla-plugin" with libxul
++- if test "$MOZ_FLAVOUR" == "libxul"; then
+++ if test "$MOZ_FLAVOUR" = "libxul"; then
++ MOZ_FLAVOUR="mozilla"
++ fi
++
++@@ -4696,7 +4696,7 @@
++ dnl ===================================================================
++
++ AC_MSG_CHECKING([whether to enable graphite support])
++-if test "$_os" = "WINNT" -o "$_os" = "Linux" && test "z$enable_graphite" == "z" -o "$enable_graphite" != "no" ; then
+++if test "$_os" = "WINNT" -o "$_os" = "Linux" && test "z$enable_graphite" = "z" -o "$enable_graphite" != "no" ; then
++ AC_MSG_RESULT([yes])
++ ENABLE_GRAPHITE="TRUE"
++ AC_MSG_CHECKING([which graphite to use])
++@@ -5851,7 +5851,7 @@
++ fi
++ AC_SUBST(ENABLE_MEDIAWIKI)
++
++-if test "$ENABLE_MEDIAWIKI" == "YES"; then
+++if test "$ENABLE_MEDIAWIKI" = "YES"; then
++ AC_MSG_CHECKING([which Servlet API Jar to use])
++ if test -n "$with_system_servlet_api"; then
++ AC_MSG_RESULT([external])
++@@ -5881,7 +5881,7 @@
++ AC_MSG_ERROR([not existing. get it (did you get the -extensions tarball?)])
++ fi
++ AC_MSG_CHECKING([which jfreereport libs to use])
++- if test "$with_system_jfreereport" == "yes"; then
+++ if test "$with_system_jfreereport" = "yes"; then
++ SYSTEM_JFREEREPORT=YES
++ AC_MSG_RESULT([external])
++ if test -z $SAC_JAR; then
++@@ -6251,7 +6251,7 @@
++ kde_incdirs="/usr/include $x_includes"
++ kde_libdirs="/usr/lib $x_libraries"
++
++- if test "$build_cpu" == "x86_64" ; then
+++ if test "$build_cpu" = "x86_64" ; then
++ qt_libdirs="$qt_libdirs /usr/lib64/qt4 /usr/lib64/qt /usr/lib64"
++ kde_libdirs="$kde_libdirs /usr/lib64 /usr/lib64/kde4"
++ fi
++@@ -6809,11 +6809,11 @@
++ # ===================================================================
++ AC_MSG_CHECKING([build verbosity])
++ if test -n "$enable_verbose"; then
++- if test "$enable_verbose" == "yes"; then
+++ if test "$enable_verbose" = "yes"; then
++ VERBOSE="TRUE"
++ AC_MSG_RESULT([high])
++ fi
++- if test "$enable_verbose" == "no"; then
+++ if test "$enable_verbose" = "no"; then
++ VERBOSE="FALSE"
++ AC_MSG_RESULT([low])
++ fi
diff -urN debian-10/patches/series debian-11//patches/series
--- debian-10/patches/series 2010-05-25 18:57:50.000000000 +0200
+++ debian-11//patches/series 2010-05-31 18:13:42.000000000 +0200
@@ -12,6 +12,7 @@
do-not-delete-dbumiscres.src-resources.diff
sw-64bit-Size-mismatch.diff
file-locking-conditional-cifs.diff
-extensions-mozilla-plugin-pc-if-libxul.diff
fix-system-mythes-for-mythes-1.2.diff
kde4-redraw-status-bar.diff
+fix-bashisms-in-configure.diff
+avoid-execution-of-python-macros-when-browsing.diff
diff -urN debian-10/rules debian-11//rules
--- debian-10/rules 2010-05-25 17:18:55.000000000 +0200
+++ debian-11//rules 2010-05-28 00:15:51.000000000 +0200
@@ -573,7 +573,7 @@
# change the OOO_NPSOPLUGIN_ARCHS
OOO_MOZILLA_ARCHS=i386 mips mipsel powerpc s390
ifeq "$(BUILD_KFREEBSD)" "y"
- OOO_MONO_ARCHS += kfreebsd-i386
+ OOO_MOZILLA_ARCHS += kfreebsd-i386
endif
ifeq "$(BUILD_ALPHA)" "y"
OOO_MOZILLA_ARCHS += alpha
Reply to: