rpms/openoffice.org/F-11 openoffice.org-3.2.1.pyuno.patch, NONE, 1.1 openoffice.org.spec, 1.1958, 1.1959
Caolan McNamara
caolanm at fedoraproject.org
Sat Jun 5 09:16:08 UTC 2010
Author: caolanm
Update of /cvs/pkgs/rpms/openoffice.org/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv2332/F-11
Modified Files:
openoffice.org.spec
Added Files:
openoffice.org-3.2.1.pyuno.patch
Log Message:
Resolves: CVE-2010-0395
openoffice.org-3.2.1.pyuno.patch:
pythonscript.py | 51 ++++++++++++++++++++++++++++++++++-----------------
1 file changed, 34 insertions(+), 17 deletions(-)
--- NEW FILE openoffice.org-3.2.1.pyuno.patch ---
--- scripting/source/pyprov/pythonscript.py 2010-03-08 15:47:10.000000000 +0000
+++ scripting/source/pyprov/pythonscript.py 2010-03-08 20:39:32.000000000 +0000
@@ -5,6 +5,7 @@
import os
import imp
import time
+import compiler
class LogLevel:
NONE = 0
@@ -340,6 +341,32 @@
ret = url[0:pos]+ package.transientPathElement + "/" + url[pos:len(url)]
log.isDebugLevel() and log.debug( "getStorageUrlFromPersistentUrl " + url + " -> "+ ret)
return ret
+
+ def getFuncsByUrl( self, url ):
+ src = readTextFromStream( self.sfa.openFileRead( url ) )
+ checkForPythonPathBesideScript( url[0:url.rfind('/')] )
+ src = ensureSourceState( src )
+
+ code = compiler.parse( src )
+
+ allFuncs = []
+
+ if code == None:
+ return allFuncs
+
+ g_exportedScripts = []
+ for node in code.node.nodes:
+ if node.__class__.__name__ == 'Function':
+ allFuncs.append(node.name)
+ elif node.__class__.__name__ == 'Assign':
+ for assignee in node.nodes:
+ if assignee.name == 'g_exportedScripts':
+ for item in node.expr:
+ if item.__class__.__name__ == 'Name':
+ g_exportedScripts.append(item.name)
+ return g_exportedScripts
+
+ return allFuncs
def getModuleByUrl( self, url ):
entry = self.modules.get(url)
@@ -382,11 +409,10 @@
#-------------------------------------------------------
class ScriptBrowseNode( unohelper.Base, XBrowseNode , XPropertySet, XInvocation, XActionListener ):
- def __init__( self, provCtx, uri, fileName, funcName, func ):
+ def __init__( self, provCtx, uri, fileName, funcName ):
self.fileName = fileName
self.funcName = funcName
self.provCtx = provCtx
- self.func = func
self.uri = uri
def getName( self ):
@@ -407,8 +433,6 @@
if name == "URI":
ret = self.provCtx.uriHelper.getScriptURI(
self.provCtx.getPersistentUrlFromStorageUrl( self.uri + "$" + self.funcName ) )
- elif name == "Description":
- ret = getattr( self.func, "__doc__", None )
elif name == "Editable" and ENABLE_EDIT_DIALOG:
ret = not self.provCtx.sfa.isReadOnly( self.uri )
@@ -506,7 +530,7 @@
self.provCtx = provCtx
self.uri = uri
self.name = name
- self.module = None
+ self.funcnames = None
def getName( self ):
return self.name
@@ -514,21 +538,14 @@
def getChildNodes(self):
ret = ()
try:
- self.module = self.provCtx.getModuleByUrl( self.uri )
- values = self.module.__dict__.get( CALLABLE_CONTAINER_NAME , None )
+ self.funcnames = self.provCtx.getFuncsByUrl( self.uri )
- # no g_exportedScripts, export every function
- if not isinstance(values, type(())):
- values = self.module.__dict__.values()
-
scriptNodeList = []
- for i in values:
- if isScript( i ):
- scriptNodeList.append(
- ScriptBrowseNode(
- self.provCtx, self.uri, self.name, i.__name__, i ))
+ for i in self.funcnames:
+ scriptNodeList.append(
+ ScriptBrowseNode(
+ self.provCtx, self.uri, self.name, i ))
ret = tuple( scriptNodeList )
- # must compile !
log.isDebugLevel() and log.debug( "returning " +str(len(ret)) + " ScriptChildNodes on " + self.uri )
except Exception, e:
text = lastException2String()
Index: openoffice.org.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openoffice.org/F-11/openoffice.org.spec,v
retrieving revision 1.1958
retrieving revision 1.1959
diff -u -p -r1.1958 -r1.1959
--- openoffice.org.spec 9 Apr 2010 19:21:32 -0000 1.1958
+++ openoffice.org.spec 5 Jun 2010 09:16:08 -0000 1.1959
@@ -174,6 +174,7 @@ Patch98: workspace.impress182.patch
Patch99: workspace.impress178.patch
Patch100: workspace.hb32showstoppers3.patch
Patch101: openoffice.org-3.3.0.rh580596.gcc.OsConstBug.patch
+Patch102: openoffice.org-3.2.1.pyuno.patch
%define python_py_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(0)")
%define instdir %{_libdir}
@@ -1706,6 +1707,7 @@ cat %{PATCH11} >> svtools/source/dialogs
%patch99 -p0 -b .workspace.impress178.patch
%patch100 -p0 -b .workspace.hb32showstoppers3.patch
%patch101 -p0 -b .rh580596.gcc.OsConstBug.patch
+%patch102 -p0 -b .pyuno.patch
%build
echo build start time is `date`, diskspace: `df -h . | tail -n 1`
@@ -4209,7 +4211,8 @@ fi
unopkg list --shared > /dev/null 2>&1 || :
%changelog
-* Fri Apr 09 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.13-UNBUILT
+* Sat Jun 05 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.13
+- Resolves: CVE-2010-0395 openoffice.org-3.2.1.pyuno.patch
- Resolves: rhbz#566099 fix modal dialog exit in qstarter
- Resolves: rhbz#580596 OOo crashes running basic macros that calls osl_systemPathRemoveSeparator
More information about the scm-commits
mailing list