diff options
author | Rene Engelhard <rene@debian.org> | 2010-06-06 23:57:26 +0200 |
---|---|---|
committer | Rene Engelhard <rene@debian.org> | 2010-06-06 23:57:26 +0200 |
commit | 32d4197d5f70aaddd04563f5109f1dc289c5f94f (patch) | |
tree | 12f3fc0bf289deb912459022db4176a360308af1 | |
parent | 6363bebdaec24d2b81ab18028192981e26538ae4 (diff) |
add fix for CVE-2010-0395ooo-build-3-2
* patches/dev300/apply:
* patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff:
-rw-r--r-- | patches/dev300/apply | 5 | ||||
-rw-r--r-- | patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff | 102 |
2 files changed, 106 insertions, 1 deletions
diff --git a/patches/dev300/apply b/patches/dev300/apply index ddb7cb9b6..750567f4d 100644 --- a/patches/dev300/apply +++ b/patches/dev300/apply @@ -18,7 +18,7 @@ Common : PreprocessPatches, BuildBits, TemporaryHacks, FixesNotForUpstream, \ OOXML, OOXMLExport, SVGImport, FrameworkFeature, UnitTesting, \ PopupRemoval, LinkWarningDlg, InternalCairo, Lockdown, \ FedoraCommonFixes, InternalMesaHeaders, LayoutDialogs, Fuzz, \ - CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes + CalcRowLimit, Gcc44, BuildFix, OptionalIconThemes, Security LinuxCommon : Common, Defaults, TangoIcons, FontConfigTemporaryHacks, \ FedoraLinuxOnlyFixes, LinuxOnly, SystemBits, \ @@ -3606,3 +3606,6 @@ stream-read-csv-always-single-line.diff, n#523517, kohei cws-koheiextref01-sc.diff, kohei cws-koheiextref01-offapi.diff, kohei cws-koheiextref01-oox.diff, kohei + +[ Security ] +pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff diff --git a/patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff b/patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff new file mode 100644 index 000000000..0f35a5522 --- /dev/null +++ b/patches/dev300/pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff @@ -0,0 +1,102 @@ +--- scripting.orig/source/pyprov/pythonscript.py 2010-03-08 15:47:10.000000000 +0000 ++++ scripting/source/pyprov/pythonscript.py 2010-03-08 20:39:32.000000000 +0000 +@@ -5,6 +5,7 @@ + import os + import imp + import time ++import compiler + + class LogLevel: + NONE = 0 +@@ -340,6 +341,32 @@ + ret = url[0:pos]+ package.transientPathElement + "/" + url[pos:len(url)] + log.isDebugLevel() and log.debug( "getStorageUrlFromPersistentUrl " + url + " -> "+ ret) + return ret ++ ++ def getFuncsByUrl( self, url ): ++ src = readTextFromStream( self.sfa.openFileRead( url ) ) ++ checkForPythonPathBesideScript( url[0:url.rfind('/')] ) ++ src = ensureSourceState( src ) ++ ++ code = compiler.parse( src ) ++ ++ allFuncs = [] ++ ++ if code == None: ++ return allFuncs ++ ++ g_exportedScripts = [] ++ for node in code.node.nodes: ++ if node.__class__.__name__ == 'Function': ++ allFuncs.append(node.name) ++ elif node.__class__.__name__ == 'Assign': ++ for assignee in node.nodes: ++ if assignee.name == 'g_exportedScripts': ++ for item in node.expr: ++ if item.__class__.__name__ == 'Name': ++ g_exportedScripts.append(item.name) ++ return g_exportedScripts ++ ++ return allFuncs + + def getModuleByUrl( self, url ): + entry = self.modules.get(url) +@@ -382,11 +409,10 @@ + + #------------------------------------------------------- + class ScriptBrowseNode( unohelper.Base, XBrowseNode , XPropertySet, XInvocation, XActionListener ): +- def __init__( self, provCtx, uri, fileName, funcName, func ): ++ def __init__( self, provCtx, uri, fileName, funcName ): + self.fileName = fileName + self.funcName = funcName + self.provCtx = provCtx +- self.func = func + self.uri = uri + + def getName( self ): +@@ -407,8 +433,6 @@ + if name == "URI": + ret = self.provCtx.uriHelper.getScriptURI( + self.provCtx.getPersistentUrlFromStorageUrl( self.uri + "$" + self.funcName ) ) +- elif name == "Description": +- ret = getattr( self.func, "__doc__", None ) + elif name == "Editable" and ENABLE_EDIT_DIALOG: + ret = not self.provCtx.sfa.isReadOnly( self.uri ) + +@@ -506,7 +530,7 @@ + self.provCtx = provCtx + self.uri = uri + self.name = name +- self.module = None ++ self.funcnames = None + + def getName( self ): + return self.name +@@ -514,21 +538,14 @@ + def getChildNodes(self): + ret = () + try: +- self.module = self.provCtx.getModuleByUrl( self.uri ) +- values = self.module.__dict__.get( CALLABLE_CONTAINER_NAME , None ) ++ self.funcnames = self.provCtx.getFuncsByUrl( self.uri ) + +- # no g_exportedScripts, export every function +- if not isinstance(values, type(())): +- values = self.module.__dict__.values() +- + scriptNodeList = [] +- for i in values: +- if isScript( i ): +- scriptNodeList.append( +- ScriptBrowseNode( +- self.provCtx, self.uri, self.name, i.__name__, i )) ++ for i in self.funcnames: ++ scriptNodeList.append( ++ ScriptBrowseNode( ++ self.provCtx, self.uri, self.name, i )) + ret = tuple( scriptNodeList ) +- # must compile ! + log.isDebugLevel() and log.debug( "returning " +str(len(ret)) + " ScriptChildNodes on " + self.uri ) + except Exception, e: + text = lastException2String() + |