please unblock openoffice.org 1:2.4.1-12
Hi,
please unblock openoffice.org 1:2.4.1-12 which I just uploaded. Fixes two
security issues in addition to some normal bugs and non-reported RC issues.
Diff attached.
Regards,
Rene
diff -u openoffice.org-2.4.1/debian/control openoffice.org-2.4.1/debian/control
--- openoffice.org-2.4.1/debian/control
+++ openoffice.org-2.4.1/debian/control
@@ -3097,7 +3097,8 @@
Section: devel
Priority: extra
Depends: ${shlibs:Depends}, openoffice.org (>> ${base-version}), ${ooo-binfilter-dep}, ${java-common-depends}
-Recommends: openoffice.org-qa-api-tests, openoffice.org-qa-ui-tests
+Recommends: openoffice.org-qa-api-tests, openoffice.org-qa-ui-tests,
+Suggests: ${java-runtime-depends}
Conflicts: openoffice.org-core (<< 1:2.3.0~oog680m2)
Replaces: openoffice.org-common (<< 2.0.4~ood680m2)
Architecture: i386 powerpc sparc mips mipsel armel s390 amd64 ppc64 ia64
@@ -3115,7 +3116,7 @@
Package: openoffice.org-qa-api-tests
Section: devel
Priority: extra
-Depends: openoffice.org-qa-tools
+Depends: openoffice.org-qa-tools, ${java-runtime-depends}
Architecture: all
Description: OpenOffice.org API Test Data
OpenOffice.org is a full-featured office productivity suite that provides
diff -u openoffice.org-2.4.1/debian/README.Debian-source openoffice.org-2.4.1/debian/README.Debian-source
--- openoffice.org-2.4.1/debian/README.Debian-source
+++ openoffice.org-2.4.1/debian/README.Debian-source
@@ -1,16 +1,10 @@
The .orig.tar.gz consists of the 5 seperate tarballs from
-http://ftp.stardiv.de/pub/OpenOffice.org/contrib/rc/2.3.1rc1 (the stable/2.3.1 ones are exactly the same) of which some non-free stuff has been removed:
-http://download.go-oo.org/OOG680
+http://ftp.stardiv.de/pub/OpenOffice.org/contrib/rc/2.4.1rc2 (the stable/2.4.1 ones are exactly the same) of which some non-free stuff has been removed:
* core:
- external/jars/*: Sun proprietary, binary-only jars
- - odk/pack/copying/*.pdf: non-free doc (XML Spec)
- psprint_config/configuration/ppds/.PS (except SGEN*.PS):
PPDs where "all rights [are] reserved"
- - jfreereport/download/*: The "sources" contain binary-only jars used in
- the build and even ending up in the extension. Removed.
* system:
- dictionaries/{da_DK,en_GB,en_US,nl_NL,ru_RU}/hyph_*.dic:
hyphenation patterns violating licenses/having questionable license
- * sdk_oo:
- - sdk_oo/pack/copying/Dev*: Developers Guide (non-free)
diff -u openoffice.org-2.4.1/debian/changelog openoffice.org-2.4.1/debian/changelog
--- openoffice.org-2.4.1/debian/changelog
+++ openoffice.org-2.4.1/debian/changelog
@@ -1,3 +1,23 @@
+openoffice.org (1:2.4.1-12) unstable; urgency=high
+
+ * ooo-build
+ - update
+ - reportdesign-mention-package.diff: Czech translation
+ - no-latex-filter-without-writer2latex.diff: don't include LaTeX stuff
+ in Writers filter list with --without-writer2latex (closes: #502549)
+ - sensible-browser.diff: run kde-open on mailto: URLs in kde-open-url.sh
+ instead of removed sensible-ooomua (closes: #502852)
+ - cws-sjfixes07.diff: fix CVE-2008-2237 (WMF META_ESCAPE Integer
+ Overflow Vulnerability) and CVE-2008-2238 (multiple EMF parser flaws)
+ * debian/rules:
+ - make ootestapi find OOoRunnerLight.jar by setting the necessary symlink
+ * debian/control.qa.in:
+ - make -qa-api-tests depend on Java as it needs OOoRunnerLight.jar to be
+ run to be used. Make -qa-tools suggest it.
+ * debian/copyright, debian/README.Debian-source: fix
+
+ -- Rene Engelhard <rene@debian.org> Sun, 26 Oct 2008 14:52:57 +0100
+
openoffice.org (1:2.4.1-11) unstable; urgency=high
* The "SIGH!" release.
diff -u openoffice.org-2.4.1/debian/control.qa.in openoffice.org-2.4.1/debian/control.qa.in
--- openoffice.org-2.4.1/debian/control.qa.in
+++ openoffice.org-2.4.1/debian/control.qa.in
@@ -6,7 +6,8 @@
${ooo-binfilter-dep},
${java-common-depends}
Recommends: openoffice.orgVER-qa-api-tests,
- openoffice.orgVER-qa-ui-tests
+ openoffice.orgVER-qa-ui-tests,
+Suggests: ${java-runtime-depends}
Conflicts: openoffice.org-core (<< 1:2.3.0~oog680m2)
Replaces: openoffice.org-common (<< 2.0.4~ood680m2)
Architecture: %OOO_ARCHS%
@@ -24,7 +25,7 @@
Package: openoffice.orgVER-qa-api-tests
Section: devel
Priority: extra
-Depends: openoffice.orgVER-qa-tools
+Depends: openoffice.orgVER-qa-tools, ${java-runtime-depends}
Architecture: all
Description: OpenOffice.org API Test Data
OpenOffice.org is a full-featured office productivity suite that provides
diff -u openoffice.org-2.4.1/debian/rules openoffice.org-2.4.1/debian/rules
--- openoffice.org-2.4.1/debian/rules
+++ openoffice.org-2.4.1/debian/rules
@@ -1457,16 +1457,15 @@
ifeq "$(RUN_SMOKETEST)" "y"
# smoketest
cd $(SOURCE_TREE)/smoketestoo_native && \
- mkdir -p $(CURDIR)/oosmoketest && \
. $(CURDIR)/$(SOURCE_TREE)/*.sh; \
export PATH=$(BUILD_PATH); \
- export TEMP=$(CURDIR)/oosmoketest; \
+ export TEMP=`mktemp -q -d`; \
if [ -n "$$DISPLAY" ]; then \
../solenv/bin/build.pl; \
else \
xvfb-run -a ../solenv/bin/build.pl; \
fi && \
- rm -rf $(CURDIR)/oosmoketest
+ rm -rf $$TEMP
endif
endif
@@ -1946,6 +1945,7 @@
$(PKGDIR)-core/usr/share/applications
ifeq "$(PACKAGE_QA_TOOLS)" "y"
+ rm -rf $(PKGDIR)-qa-tools
mkdir -p -m755 $(PKGDIR)-qa-tools/usr/bin
install -m755 $(SOURCE_TREE)/ootestapi $(PKGDIR)-qa-tools/usr/bin
install -m755 $(SOURCE_TREE)/ootesttool $(PKGDIR)-qa-tools/usr/bin
@@ -1957,9 +1957,12 @@
done
ifeq "$(ENABLE_JAVA)" "y"
+ mkdir -p -m755 $(PKGDIR)-qa-tools/$(OODIR)/program/classes
mkdir -p -m755 $(PKGDIR)-qa-tools/usr/share/java/$(OODIRNAME)
cp $(SOURCE_TREE)/qadevOOo/$(shell . $(SOURCE_TREE)/*.sh; echo $$OUTPATH$$PROEXT)/class/OOoRunnerLight.jar \
$(PKGDIR)-qa-tools/usr/share/java/$(OODIRNAME)
+ ln -sf /usr/share/java/$(OODIRNAME)/OOoRunnerLight.jar \
+ $(PKGDIR)-qa-tools/$(OODIR)/program/classes/OOoRunnerLight.jar
endif
mkdir -p -m755 $(PKGDIR)-qa-tools/$(OODIR)/smoketest
diff -u openoffice.org-2.4.1/ooo-build/ChangeLog openoffice.org-2.4.1/ooo-build/ChangeLog
--- openoffice.org-2.4.1/ooo-build/ChangeLog
+++ openoffice.org-2.4.1/ooo-build/ChangeLog
@@ -1,3 +1,22 @@
+2008-10-26 Rene Engelhard <rene@debian.org>
+
+ * patches/dev300/apply,
+ patches/dev300/cws-sjfixes07.diff: add OOo 2.4.2 security fixes
+
+2008-10-21 Rene Engelhard <rene@debian.org>
+
+ * patches/src680/sensible-browser.diff: use kde-open for mailto:
+ URLs
+
+2008-10-19 Rene Engelhard <rene@debian.org>
+
+ * patches/src680/apply,
+ patches/src680/no-latex-filter-without-writer2latex.diff: fix i93520
+
+2008-10-11 Jan Holesovsky <kendy@suse.cz>
+
+ * patches/src680/reportdesign-mention-package.diff: Czech translation.
+
2008-10-07 Rene Engelhard <rene@debian.org>
* patches/src680/i89812.diff: backport fix for issue 89812
diff -u openoffice.org-2.4.1/ooo-build/patches/src680/apply openoffice.org-2.4.1/ooo-build/patches/src680/apply
--- openoffice.org-2.4.1/ooo-build/patches/src680/apply
+++ openoffice.org-2.4.1/ooo-build/patches/src680/apply
@@ -15,7 +15,7 @@
GStreamer, CWSBackports, WPG, Cleanups, WMF, GnomeVFS, \
Layout, VBABits, VBAObjects, CalcErrors, Store, CJK, GCJ, Lwp, \
OOXML, ImpressFixes, SVGImport, AutoCorrectCapsLock, UnitTesting, \
- PopupRemoval
+ PopupRemoval, Security
LinuxCommon : Common, LayoutDialogs, Defaults, TangoIcons, FontConfigTemporaryHacks, \
FedoraFixes, LinuxOnly, SystemBits, \
@@ -133,6 +133,9 @@
# -------- [ Tag [ >= <tag> etc. ], ] patch sets --------
+[ Security < ooh680-m18 ]
+cws-sjfixes07.diff
+
[ LinuxOnly ]
# Don't stat tons of config files we don't need to read on startup
speed-configmgr.diff, i#56783, michael
@@ -325,7 +328,7 @@
cws-cmcfixes47-sw.diff, i#90306
-[ CWSBackports < ooo300-m18 ]
+[ CWSBackports < ooh680-m18 ]
cws-chart28.diff, i#90071
i89812.diff
@@ -2485,0 +2489,4 @@
+
+[ SystemBuildBits ]
+no-latex-filter-without-writer2latex.diff, i#93520
+
diff -u openoffice.org-2.4.1/ooo-build/patches/src680/sensible-browser.diff openoffice.org-2.4.1/ooo-build/patches/src680/sensible-browser.diff
--- openoffice.org-2.4.1/ooo-build/patches/src680/sensible-browser.diff
+++ openoffice.org-2.4.1/ooo-build/patches/src680/sensible-browser.diff
@@ -26,12 +26,16 @@
diff -u -u -r1.2 kde-open-url.sh
--- shell/source/unix/misc/kde-open-url.sh 10 May 2004 13:08:06 -0000 1.2
+++ shell/source/unix/misc/kde-open-url.sh 6 Jun 2005 09:43:06 -0000
-@@ -51,9 +51,9 @@
+@@ -51,9 +51,13 @@
# special handling for mailto: uris
if echo $1 | grep '^mailto:' > /dev/null; then
- kmailservice "$1" &
-+ sensible-ooomua "$1" &
++ if which kde-open; do
++ kde-open "$1" &
++ else
++ kmailservice "$1" &
++ fi
else
- kfmclient openURL "$1" &
+ sensible-browser "$1" &
diff -u openoffice.org-2.4.1/ooo-build/patches/src680/reportdesign-mention-package.diff openoffice.org-2.4.1/ooo-build/patches/src680/reportdesign-mention-package.diff
--- openoffice.org-2.4.1/ooo-build/patches/src680/reportdesign-mention-package.diff
+++ openoffice.org-2.4.1/ooo-build/patches/src680/reportdesign-mention-package.diff
@@ -37,7 +37,7 @@
diff -u -u -r1.37 localize.sdf
--- dbaccess/source/ui/dlg/localize.sdf 12 Nov 2007 13:22:41 -0000 1.37
+++ dbaccess/source/ui/dlg/localize.sdf 24 Nov 2007 13:31:11 -0000
-@@ -6922,42 +6922,8 @@
+@@ -6922,42 +6922,9 @@
dbaccess source\ui\dlg\ExtensionNotPresent.src 0 pushbutton RID_EXTENSION_NOT_PRESENT_DLG PB_DOWNLOAD 0 vi Tải ~về... 2002-02-02 02:02:02
dbaccess source\ui\dlg\ExtensionNotPresent.src 0 pushbutton RID_EXTENSION_NOT_PRESENT_DLG PB_DOWNLOAD 0 zh-CN 下载(~D)... 2002-02-02 02:02:02
dbaccess source\ui\dlg\ExtensionNotPresent.src 0 pushbutton RID_EXTENSION_NOT_PRESENT_DLG PB_DOWNLOAD 0 zh-TW 下載(~D)... 2002-02-02 02:02:02
@@ -47,6 +47,7 @@
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 0 br Evit digeriñ ur marilh ho po ezhomm eus an askouezhad %RPT_EXTENSION_NAME.\n\nKlikañ war 'Pellgargañ...' evit pellgargañ ha staliañ an askouezhad. 2002-02-02 02:02:02
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 0 ca Per a obrir un informe necessiteu l'extensió %RPT_EXTENSION_NAME.\n\nFeu clic a "Baixa..." per a baixar i instal·lar l'extensió. 2002-02-02 02:02:02
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 13691 cs Pro otevření sestavy je potřeba rozšíření %RPT_EXTENSION_NAME.\n\nKlepněte na 'Stáhnout...', pokud chcete rozšíření stáhnout a nainstalovat. 2002-02-02 02:02:02
++dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 13691 cs Pro otevření sestavy je potřeba rozšíření %RPT_EXTENSION_NAME.\n\nProsím nainstalujte si balík 'openoffice.org-report-builder'. 2002-02-02 02:02:02
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 0 da To open a report you require the extension %RPT_EXTENSION_NAME.\n\nClick 'Download...' to download and install the extension. 2002-02-02 02:02:02
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 0 de Zum Öffnen eines Berichts wird die Erweiterung %RPT_EXTENSION_NAME benötigt.\n\nKlicken Sie auf 'Download...', um die Erweiterung herunterzuladen und zu installieren. 2002-02-02 02:02:02
-dbaccess source\ui\dlg\ExtensionNotPresent.src 0 string RID_STR_EXTENSION_NOT_PRESENT 1 eo Por malfermi raporton vi bezonas la etendajxon %RPT_EXTENSION_NAME.\n\nAlklaku 'Elsxuti...' por elsxuti kaj instali la etendajxon. 2002-02-02 02:02:02
only in patch2:
unchanged:
--- openoffice.org-2.4.1.orig/ooo-build/patches/src680/cws-sjfixes07.diff
+++ openoffice.org-2.4.1/ooo-build/patches/src680/cws-sjfixes07.diff
@@ -0,0 +1,504 @@
+Index: source/filter.vcl/wmf/enhwmf.cxx
+===================================================================
+RCS file: /cvs/util/svtools/source/filter.vcl/wmf/enhwmf.cxx,v
+retrieving revision 1.35.130.1
+retrieving revision 1.35.130.1.6.2
+diff -u -r1.35.130.1 -r1.35.130.1.6.2
+--- svtools/source/filter.vcl/wmf/enhwmf.cxx 18 Jan 2008 10:04:18 -0000 1.35.130.1
++++ svtools/source/filter.vcl/wmf/enhwmf.cxx 24 Sep 2008 18:51:05 -0000 1.35.130.1.6.2
+@@ -343,28 +343,34 @@
+ // Anzahl der Polygone:
+ *pWMF >> nPoly >> i;
+
+- // Anzahl der Punkte eines jeden Polygons holen, Gesammtzahl der Punkte ermitteln:
+- pnPoints = new UINT16[ nPoly ];
+-
+- for ( i = 0; i < nPoly; i++ )
++ // taking the amount of points of each polygon, retrieving the total number of points
++ if ( static_cast< sal_uInt32 >(nPoly) < SAL_MAX_UINT32 / sizeof(UINT16) )
+ {
+- *pWMF >> nPoints;
+- pnPoints[ i ] = (UINT16)nPoints;
+- }
++ if ( ( static_cast< sal_uInt32 >( nPoly ) * sizeof(UINT16) ) <= ( nEndPos - pWMF->Tell() ) )
++ {
++ pnPoints = new UINT16[ nPoly ];
+
+- // Polygonpunkte holen:
++ for ( i = 0; i < nPoly; i++ )
++ {
++ *pWMF >> nPoints;
++ pnPoints[ i ] = (UINT16)nPoints;
++ }
+
+- for ( i = 0; i < nPoly; i++ )
+- {
+- Polygon aPoly( pnPoints[ i ] );
+- for( UINT16 k = 0; k < pnPoints[ i ]; k++ )
+- {
+- *pWMF >> nX32 >> nY32;
+- aPoly[ k ] = Point( nX32, nY32 );
++ // Polygonpunkte holen:
++
++ for ( i = 0; ( i < nPoly ) && !pWMF->IsEof(); i++ )
++ {
++ Polygon aPoly( pnPoints[ i ] );
++ for( UINT16 k = 0; k < pnPoints[ i ]; k++ )
++ {
++ *pWMF >> nX32 >> nY32;
++ aPoly[ k ] = Point( nX32, nY32 );
++ }
++ pOut->DrawPolyLine( aPoly, sal_False, bRecordPath );
++ }
++ delete[] pnPoints;
+ }
+- pOut->DrawPolyLine( aPoly, sal_False, bRecordPath );
+ }
+- delete[] pnPoints;
+ }
+ break;
+
+@@ -379,30 +385,35 @@
+ // Anzahl der Polygone:
+ *pWMF >> nPoly >> nGesPoints;
+
+- if (nGesPoints < SAL_MAX_UINT32 / sizeof(Point))
++ if ( ( nGesPoints < SAL_MAX_UINT32 / sizeof(Point) ) && ( nPoly < SAL_MAX_UINT32 / sizeof(UINT16) ) )
+ {
+-
+- // Anzahl der Punkte eines jeden Polygons holen, Gesammtzahl der Punkte ermitteln:
+- pnPoints = new UINT16[ nPoly ];
+-
+- for ( i = 0; i < nPoly; i++ )
+- {
+- *pWMF >> nPoints;
+- pnPoints[ i ] = (UINT16)nPoints;
+- }
+- // Polygonpunkte holen:
+- pPtAry = (Point*) new char[ nGesPoints * sizeof(Point) ];
+-
+- for ( i = 0; i < nGesPoints; i++ )
++ if ( ( nPoly * sizeof(UINT16) ) <= ( nEndPos - pWMF->Tell() ) )
+ {
+- *pWMF >> nX32 >> nY32;
+- pPtAry[ i ] = Point( nX32, nY32 );
++ pnPoints = new UINT16[ nPoly ];
++
++ for ( i = 0; i < nPoly; i++ )
++ {
++ *pWMF >> nPoints;
++ pnPoints[ i ] = (UINT16)nPoints;
++ }
++
++ if ( ( nGesPoints * sizeof(Point) ) <= ( nEndPos - pWMF->Tell() ) )
++ {
++ // Polygonpunkte holen:
++ pPtAry = (Point*) new char[ nGesPoints * sizeof(Point) ];
++
++ for ( i = 0; i < nGesPoints; i++ )
++ {
++ *pWMF >> nX32 >> nY32;
++ pPtAry[ i ] = Point( nX32, nY32 );
++ }
++ // PolyPolygon Actions erzeugen
++ PolyPolygon aPolyPoly( (UINT16)nPoly, pnPoints, pPtAry );
++ pOut->DrawPolyPolygon( aPolyPoly, bRecordPath );
++ delete[] (char*) pPtAry;
++ }
++ delete[] pnPoints;
+ }
+- // PolyPolygon Actions erzeugen
+- PolyPolygon aPolyPoly( (UINT16)nPoly, pnPoints, pPtAry );
+- pOut->DrawPolyPolygon( aPolyPoly, bRecordPath );
+- delete[] (char*) pPtAry;
+- delete[] pnPoints;
+ }
+ }
+ break;
+@@ -839,32 +850,35 @@
+ else
+ {
+ UINT32 nSize = cbBmiSrc + cbBitsSrc + 14;
+- char* pBuf = new char[ nSize ];
+- SvMemoryStream aTmp( pBuf, nSize, STREAM_READ | STREAM_WRITE );
+- aTmp.ObjectOwnsMemory( TRUE );
+- aTmp << (BYTE)'B'
+- << (BYTE)'M'
+- << (UINT32)cbBitsSrc
+- << (UINT16)0
+- << (UINT16)0
+- << (UINT32)cbBmiSrc + 14;
+- pWMF->Seek( nStart + offBmiSrc );
+- pWMF->Read( pBuf + 14, cbBmiSrc );
+- pWMF->Seek( nStart + offBitsSrc );
+- pWMF->Read( pBuf + 14 + cbBmiSrc, cbBitsSrc );
+- aTmp.Seek( 0 );
+- aBitmap.Read( aTmp, TRUE );
+-
+- // test if it is sensible to crop
+- if ( ( cxSrc > 0 ) && ( cySrc > 0 ) &&
+- ( xSrc >= 0 ) && ( ySrc >= 0 ) &&
+- ( xSrc + cxSrc <= aBitmap.GetSizePixel().Width() ) &&
+- ( ySrc + cySrc <= aBitmap.GetSizePixel().Height() ) )
++ if ( nSize <= ( nEndPos - nStartPos ) )
+ {
+- Rectangle aCropRect( Point( xSrc, ySrc ), Size( cxSrc, cySrc ) );
+- aBitmap.Crop( aCropRect );
++ char* pBuf = new char[ nSize ];
++ SvMemoryStream aTmp( pBuf, nSize, STREAM_READ | STREAM_WRITE );
++ aTmp.ObjectOwnsMemory( TRUE );
++ aTmp << (BYTE)'B'
++ << (BYTE)'M'
++ << (UINT32)cbBitsSrc
++ << (UINT16)0
++ << (UINT16)0
++ << (UINT32)cbBmiSrc + 14;
++ pWMF->Seek( nStart + offBmiSrc );
++ pWMF->Read( pBuf + 14, cbBmiSrc );
++ pWMF->Seek( nStart + offBitsSrc );
++ pWMF->Read( pBuf + 14 + cbBmiSrc, cbBitsSrc );
++ aTmp.Seek( 0 );
++ aBitmap.Read( aTmp, TRUE );
++
++ // test if it is sensible to crop
++ if ( ( cxSrc > 0 ) && ( cySrc > 0 ) &&
++ ( xSrc >= 0 ) && ( ySrc >= 0 ) &&
++ ( xSrc + cxSrc <= aBitmap.GetSizePixel().Width() ) &&
++ ( ySrc + cySrc <= aBitmap.GetSizePixel().Height() ) )
++ {
++ Rectangle aCropRect( Point( xSrc, ySrc ), Size( cxSrc, cySrc ) );
++ aBitmap.Crop( aCropRect );
++ }
++ aBmpSaveList.Insert( new BSaveStruct( aBitmap, aRect, dwRop ), LIST_APPEND );
+ }
+- aBmpSaveList.Insert( new BSaveStruct( aBitmap, aRect, dwRop ), LIST_APPEND );
+ }
+ }
+ break;
+@@ -890,32 +904,35 @@
+ else
+ {
+ UINT32 nSize = cbBmiSrc + cbBitsSrc + 14;
+- char* pBuf = new char[ nSize ];
+- SvMemoryStream aTmp( pBuf, nSize, STREAM_READ | STREAM_WRITE );
+- aTmp.ObjectOwnsMemory( TRUE );
+- aTmp << (BYTE)'B'
+- << (BYTE)'M'
+- << (UINT32)cbBitsSrc
+- << (UINT16)0
+- << (UINT16)0
+- << (UINT32)cbBmiSrc + 14;
+- pWMF->Seek( nStart + offBmiSrc );
+- pWMF->Read( pBuf + 14, cbBmiSrc );
+- pWMF->Seek( nStart + offBitsSrc );
+- pWMF->Read( pBuf + 14 + cbBmiSrc, cbBitsSrc );
+- aTmp.Seek( 0 );
+- aBitmap.Read( aTmp, TRUE );
+-
+- // test if it is sensible to crop
+- if ( ( cxSrc > 0 ) && ( cySrc > 0 ) &&
+- ( xSrc >= 0 ) && ( ySrc >= 0 ) &&
+- ( xSrc + cxSrc <= aBitmap.GetSizePixel().Width() ) &&
+- ( ySrc + cySrc <= aBitmap.GetSizePixel().Height() ) )
++ if ( nSize <= ( nEndPos - nStartPos ) )
+ {
+- Rectangle aCropRect( Point( xSrc, ySrc ), Size( cxSrc, cySrc ) );
+- aBitmap.Crop( aCropRect );
++ char* pBuf = new char[ nSize ];
++ SvMemoryStream aTmp( pBuf, nSize, STREAM_READ | STREAM_WRITE );
++ aTmp.ObjectOwnsMemory( TRUE );
++ aTmp << (BYTE)'B'
++ << (BYTE)'M'
++ << (UINT32)cbBitsSrc
++ << (UINT16)0
++ << (UINT16)0
++ << (UINT32)cbBmiSrc + 14;
++ pWMF->Seek( nStart + offBmiSrc );
++ pWMF->Read( pBuf + 14, cbBmiSrc );
++ pWMF->Seek( nStart + offBitsSrc );
++ pWMF->Read( pBuf + 14 + cbBmiSrc, cbBitsSrc );
++ aTmp.Seek( 0 );
++ aBitmap.Read( aTmp, TRUE );
++
++ // test if it is sensible to crop
++ if ( ( cxSrc > 0 ) && ( cySrc > 0 ) &&
++ ( xSrc >= 0 ) && ( ySrc >= 0 ) &&
++ ( xSrc + cxSrc <= aBitmap.GetSizePixel().Width() ) &&
++ ( ySrc + cySrc <= aBitmap.GetSizePixel().Height() ) )
++ {
++ Rectangle aCropRect( Point( xSrc, ySrc ), Size( cxSrc, cySrc ) );
++ aBitmap.Crop( aCropRect );
++ }
++ aBmpSaveList.Insert( new BSaveStruct( aBitmap, aRect, dwRop ), LIST_APPEND );
+ }
+- aBmpSaveList.Insert( new BSaveStruct( aBitmap, aRect, dwRop ), LIST_APPEND );
+ }
+ }
+ break;
+@@ -967,55 +984,64 @@
+ DBG_ASSERT( ( nOptions & ( ETO_PDY | ETO_GLYPH_INDEX ) ) == 0, "SJ: ETO_PDY || ETO_GLYPH_INDEX in EMF" );
+
+ Point aPos( ptlReferenceX, ptlReferenceY );
+- if ( nLen )
++ if ( nLen && ( nLen < SAL_MAX_UINT32 / sizeof(sal_Int32) ) )
+ {
+ if ( offDx && (( nCurPos + offDx + nLen * 4 ) <= nNextPos ) )
+ {
+ pWMF->Seek( nCurPos + offDx );
+- pDX = new sal_Int32[ nLen ];
+- sal_uInt32 i;
+- for ( i = 0; i < nLen; i++ )
+- *pWMF >> pDX[ i ];
++ if ( ( nLen * sizeof(sal_uInt32) ) <= ( nEndPos - pWMF->Tell() ) )
++ {
++ pDX = new sal_Int32[ nLen ];
++ sal_uInt32 i;
++ for ( i = 0; i < nLen; i++ )
++ *pWMF >> pDX[ i ];
++ }
+ }
+ pWMF->Seek( nCurPos + nOffString );
+ String aText;
+ if ( bFlag )
+ {
+- sal_Char* pBuf = new sal_Char[ nLen ];
+- pWMF->Read( pBuf, nLen );
+- aText = String( pBuf, (sal_uInt16)nLen, pOut->GetCharSet() );
+- delete[] pBuf;
+-
+- if ( aText.Len() != nLen )
++ if ( nLen <= ( nEndPos - pWMF->Tell() ) )
+ {
+- sal_uInt16 i, j, k;
+- sal_Int32* pOldDx = pDX;
+- pDX = new sal_Int32[ aText.Len() ];
+- for ( i = 0, j = 0; i < aText.Len(); i++ )
++ sal_Char* pBuf = new sal_Char[ nLen ];
++ pWMF->Read( pBuf, nLen );
++ aText = String( pBuf, (sal_uInt16)nLen, pOut->GetCharSet() );
++ delete[] pBuf;
++
++ if ( aText.Len() != nLen )
+ {
+- ByteString aCharacter( aText.GetChar( i ), pOut->GetCharSet() );
+- pDX[ i ] = 0;
+- for ( k = 0; ( k < aCharacter.Len() ) && ( j < nLen ) && ( i < aText.Len() ); k++ )
+- pDX[ i ] += pOldDx[ j++ ];
++ sal_uInt16 i, j, k;
++ sal_Int32* pOldDx = pDX;
++ pDX = new sal_Int32[ aText.Len() ];
++ for ( i = 0, j = 0; i < aText.Len(); i++ )
++ {
++ ByteString aCharacter( aText.GetChar( i ), pOut->GetCharSet() );
++ pDX[ i ] = 0;
++ for ( k = 0; ( k < aCharacter.Len() ) && ( j < nLen ) && ( i < aText.Len() ); k++ )
++ pDX[ i ] += pOldDx[ j++ ];
++ }
++ delete[] pOldDx;
+ }
+- delete[] pOldDx;
+ }
+ }
+ else
+ {
+- sal_Unicode* pBuf = new sal_Unicode[ nLen ];
+- pWMF->Read( pBuf, nLen << 1 );
+-#ifdef OSL_BIGENDIAN
+- sal_Char nTmp, *pTmp = (sal_Char*)( pBuf + nLen );
+- while ( pTmp-- != (sal_Char*)pBuf )
++ if ( ( nLen * sizeof(sal_Unicode) ) <= ( nEndPos - pWMF->Tell() ) )
+ {
+- nTmp = *pTmp--;
+- pTmp[ 1 ] = *pTmp;
+- *pTmp = nTmp;
+- }
++ sal_Unicode* pBuf = new sal_Unicode[ nLen ];
++ pWMF->Read( pBuf, nLen << 1 );
++#ifdef OSL_BIGENDIAN
++ sal_Char nTmp, *pTmp = (sal_Char*)( pBuf + nLen );
++ while ( pTmp-- != (sal_Char*)pBuf )
++ {
++ nTmp = *pTmp--;
++ pTmp[ 1 ] = *pTmp;
++ *pTmp = nTmp;
++ }
+ #endif
+- aText = String( pBuf, (xub_StrLen)nLen );
+- delete[] pBuf;
++ aText = String( pBuf, (xub_StrLen)nLen );
++ delete[] pBuf;
++ }
+ }
+ pOut->DrawText( aPos, aText, pDX, bRecordPath, nGfxMode );
+ }
+@@ -1090,25 +1116,32 @@
+ pWMF->SeekRel( 0x10 );
+ // Anzahl der Polygone:
+ *pWMF >> nPoly >> nGesPoints;
+- // Anzahl der Punkte eines jeden Polygons holen, Gesammtzahl der Punkte ermitteln:
+- pnPoints = new UINT16[ nPoly ];
+- for ( i = 0; i < nPoly; i++ )
+- {
+- *pWMF >> nPoints;
+- pnPoints[ i ] = (UINT16)nPoints;
+- }
+- // Polygonpunkte holen:
+- for ( i = 0; i < nPoly; i++ )
++
++ // taking the amount of points of each polygon, retrieving the total number of points
++ if ( static_cast< sal_uInt32 >(nPoly) < SAL_MAX_UINT32 / sizeof(UINT16) )
+ {
+- Polygon aPolygon( pnPoints[ i ] );
+- for ( UINT16 k = 0; k < pnPoints[ i ]; k++ )
++ if ( ( static_cast< sal_uInt32 >( nPoly ) * sizeof(UINT16) ) <= ( nEndPos - pWMF->Tell() ) )
+ {
+- *pWMF >> nX16 >> nY16;
+- aPolygon[ k ] = Point( nX16, nY16 );
++ pnPoints = new UINT16[ nPoly ];
++ for ( i = 0; i < nPoly; i++ )
++ {
++ *pWMF >> nPoints;
++ pnPoints[ i ] = (UINT16)nPoints;
++ }
++ // Polygonpunkte holen:
++ for ( i = 0; ( i < nPoly ) && !pWMF->IsEof(); i++ )
++ {
++ Polygon aPolygon( pnPoints[ i ] );
++ for ( UINT16 k = 0; k < pnPoints[ i ]; k++ )
++ {
++ *pWMF >> nX16 >> nY16;
++ aPolygon[ k ] = Point( nX16, nY16 );
++ }
++ pOut->DrawPolyLine( aPolygon, sal_False, bRecordPath );
++ }
++ delete[] pnPoints;
+ }
+- pOut->DrawPolyLine( aPolygon, sal_False, bRecordPath );
+ }
+- delete[] pnPoints;
+ }
+ break;
+
+@@ -1121,28 +1154,33 @@
+ pWMF->SeekRel( 0x10 );
+ // Anzahl der Polygone:
+ *pWMF >> nPoly >> nGesPoints;
+- if (nGesPoints < SAL_MAX_UINT32 / sizeof(Point))
++ if ( ( nGesPoints < SAL_MAX_UINT32 / sizeof(Point) ) && ( nPoly < SAL_MAX_UINT32 / sizeof(UINT16) ) )
+ {
+- // Anzahl der Punkte eines jeden Polygons holen, Gesammtzahl der Punkte ermitteln:
+- pnPoints = new UINT16[ nPoly ];
+- for ( i = 0; i < nPoly; i++ )
++ if ( ( static_cast< sal_uInt32 >( nPoly ) * sizeof( UINT16 ) ) <= ( nEndPos - pWMF->Tell() ) )
+ {
+- *pWMF >> nPoints;
+- pnPoints[ i ] = (UINT16)nPoints;
+- }
+- // Polygonpunkte holen:
+- pPtAry = (Point*) new char[ nGesPoints * sizeof(Point) ];
+- for ( i = 0; i < nGesPoints; i++ )
+- {
+- *pWMF >> nX16 >> nY16;
+- pPtAry[ i ] = Point( nX16, nY16 );
++ pnPoints = new UINT16[ nPoly ];
++ for ( i = 0; i < nPoly; i++ )
++ {
++ *pWMF >> nPoints;
++ pnPoints[ i ] = (UINT16)nPoints;
++ }
++ if ( ( nGesPoints * sizeof(Point) ) <= ( nEndPos - pWMF->Tell() ) )
++ {
++ // Polygonpunkte holen:
++ pPtAry = (Point*) new char[ nGesPoints * sizeof(Point) ];
++ for ( i = 0; i < nGesPoints; i++ )
++ {
++ *pWMF >> nX16 >> nY16;
++ pPtAry[ i ] = Point( nX16, nY16 );
++ }
++
++ // PolyPolygon Actions erzeugen
++ PolyPolygon aPolyPoly( (UINT16)nPoly, pnPoints, pPtAry );
++ pOut->DrawPolyPolygon( aPolyPoly, bRecordPath );
++ delete[] (char*) pPtAry;
++ }
++ delete[] pnPoints;
+ }
+-
+- // PolyPolygon Actions erzeugen
+- PolyPolygon aPolyPoly( (UINT16)nPoly, pnPoints, pPtAry );
+- pOut->DrawPolyPolygon( aPolyPoly, bRecordPath );
+- delete[] (char*) pPtAry;
+- delete[] pnPoints;
+ }
+ }
+ break;
+@@ -1273,6 +1311,13 @@
+ *pWMF >> nUINT32; // nVersion
+ *pWMF >> nEndPos; // size of metafile
+ nEndPos += nStartPos;
++
++ sal_uInt32 nStrmPos = pWMF->Tell(); // checking if nEndPos is valid
++ pWMF->Seek( STREAM_SEEK_TO_END );
++ if ( pWMF->Tell() < nEndPos )
++ nEndPos = pWMF->Tell();
++ pWMF->Seek( nStrmPos );
++
+ *pWMF >> nRecordCount;
+
+ if ( !nRecordCount )
+Index: source/filter.vcl/wmf/winwmf.cxx
+===================================================================
+RCS file: /cvs/util/svtools/source/filter.vcl/wmf/winwmf.cxx,v
+retrieving revision 1.35
+retrieving revision 1.35.6.1
+diff -u -r1.35 -r1.35.6.1
+--- svtools/source/filter.vcl/wmf/winwmf.cxx 3 Aug 2007 12:28:27 -0000 1.35
++++ svtools/source/filter.vcl/wmf/winwmf.cxx 17 Sep 2008 10:29:36 -0000 1.35.6.1
+@@ -827,6 +827,16 @@
+
+ case W_META_ESCAPE :
+ {
++ // nRecSize has been checked previously to be greater than 3
++ sal_uInt64 nMetaRecSize = static_cast< sal_uInt64 >( nRecSize - 2 ) * 2;
++ sal_uInt64 nMetaRecEndPos = pWMF->Tell() + nMetaRecSize;
++
++ // taking care that nRecSize does not exceed the maximal stream position
++ if ( nMetaRecEndPos > nEndPos )
++ {
++ pWMF->SetError( SVSTREAM_FILEFORMAT_ERROR );
++ break;
++ }
+ if ( nRecSize >= 12 ) // minimal escape lenght
+ {
+ sal_uInt16 nMode, nLen, OO;
+@@ -849,7 +859,13 @@
+ sal_uInt32 nCheckSum = rtl_crc32( 0, &nEsc, 4 );
+ #endif
+ sal_Int8* pData = NULL;
+- if ( nEscLen )
++
++ if ( ( static_cast< sal_uInt64 >( nEscLen ) + pWMF->Tell() ) > nMetaRecEndPos )
++ {
++ pWMF->SetError( SVSTREAM_FILEFORMAT_ERROR );
++ break;
++ }
++ if ( nEscLen > 0 )
+ {
+ pData = new sal_Int8[ nEscLen ];
+ pWMF->Read( pData, nEscLen );
+@@ -874,12 +890,14 @@
+ >> aPt.Y()
+ >> nStringLen;
+
+- if (nStringLen < STRING_MAXLEN)
++ if ( ( static_cast< sal_uInt64 >( nStringLen ) * sizeof( sal_Unicode ) ) < ( nEscLen - aMemoryStream.Tell() ) )
+ {
+ sal_Unicode* pBuf = aString.AllocBuffer( (xub_StrLen)nStringLen );
+ for ( i = 0; i < nStringLen; i++ )
+ aMemoryStream >> pBuf[ i ];
+ aMemoryStream >> nDXCount;
++ if ( ( static_cast< sal_uInt64 >( nDXCount ) * sizeof( sal_Int32 ) ) >= ( nEscLen - aMemoryStream.Tell() ) )
++ nDXCount = 0;
+ if ( nDXCount )
+ pDXAry = new sal_Int32[ nDXCount ];
+ for ( i = 0; i < nDXCount; i++ )
only in patch2:
unchanged:
--- openoffice.org-2.4.1.orig/ooo-build/patches/src680/no-latex-filter-without-writer2latex.diff
+++ openoffice.org-2.4.1/ooo-build/patches/src680/no-latex-filter-without-writer2latex.diff
@@ -0,0 +1,37 @@
+Index: source/config/fragments/fcfg_writer.mk
+===================================================================
+RCS file: /cvs/framework/filter/source/config/fragments/fcfg_writer.mk,v
+retrieving revision 1.14.20.1
+diff -u -r1.14.20.1 fcfg_writer.mk
+--- filter/source/config/fragments/fcfg_writer.mk 15 Aug 2008 10:33:45 -0000 1.14.20.1
++++ filter/source/config/fragments/fcfg_writer.mk 3 Sep 2008 14:16:49 -0000
+@@ -33,9 +33,13 @@
+ writer8 \
+ writer_MS_Word_2003_XML \
+ writer_MS_Word_2007_XML \
+- MediaWiki_File \
++ MediaWiki_File
++
++.IF "$(WITH_WRITER2LATEX)" != "NO"
++T4_WRITER += \
+ LaTeX \
+ BibTeX
++.ENDIF
+
+ # -----------------------------------------------
+ # count = 39
+@@ -71,9 +75,13 @@
+ writer_MediaWiki_File \
+ writer_web_MediaWiki_File \
+ MS_Word_2003_XML \
+- MS_Word_2007_XML \
++ MS_Word_2007_XML
++
++.IF "$(WITH_WRITER2LATEX)" != "NO"
++F4_WRITER += \
+ LaTeX_Writer \
+ BibTeX_Writer
++.ENDIF
+
+ # -----------------------------------------------
+ # count = 14
Reply to: