head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.24 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.22 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.20 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.18 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.16 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.14 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.12 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.10 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.8 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.6 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.4 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.2 pkgsrc-2007Q3-base:1.3; locks; strict; comment @# @; 1.3 date 2007.10.06.20.02.24; author hira; state dead; branches; next 1.2; 1.2 date 2007.10.04.12.16.26; author abs; state Exp; branches; next 1.1; 1.1 date 2007.09.30.12.27.40; author hira; state Exp; branches; next ; desc @@ 1.3 log @Update to 2.3.0. Security fix: - Fix CVE-2007-2834 (it has already fixed in 2.2.1nb3). New features: - separated UI/configuration for database forms and database reports. - keyboard shortcuts for database record navigation. - Show filter options dialog before file dialog in case of pdf-export. - Selection of stylist filter now persistent. - The title for the broken signature dialog has been changed. - Extension Identifiers, unopkg, pkgchk. - Export COT, ACOT, COTH, and ACOTH to MS Excel files. - Centered document view. - separated UI/configuration for XML Form Documents. - New locale data: Hausa_Ghana (ha_GH) Ewe_Ghana (ee_GH) Frisian_Netherlands (fy_NL) Uzbek_Uzbekistan (uz_UZ) Occitan_France (oc_FR) Lingala_Congo (ln_CD) Sango _ Central African Republic (sg_CF) English_Ghana (en_GH), Ganda_Uganda (lg_UG) Armenian_Armenia (hy_AM) - Tagalog_Philippines (tl_PH) added to language list box. - Jewish calendar dates for en_US locale. - Uzbek (Cyrillic) removed from language list box. - Currency Bolivar Fuerte, VEF, for Spanish_Venezuela (es_VE) locale. - Default currency Ghana Cedi, GHS, for *_Ghana (ak_GH, ee_GH, en_GH, ha_GH) locales. - com.sun.star.io.SequenceInputStream service. - Insert/Title Dialog Layout Changed. - offer to switch to a Simple 3d look in charts. - exploded 3D pies and donuts. - more easy creation of charts / new wizard. - Strings for Undo in Charts. - enhanced logarithmic scales. - Automatic axis scaling. - Flexible Source-Range Selection. - enhanced selection handling. - Export donut charts according to spec. - Export manual scales for percent charts correctly. - Menu for Charts. - Chart Data Editor improved. - Right-angled axes for 3D Charts. - New Default Colors for Charts - Chart-Specific Toolbars. - Terms for Chart Elements. - simplified 3D dialog for charts. - Right-angled axes for 3D Charts. - Show formula and R^2 for regression curves in Status Bar and Extended Tip Help. - keyboard shortcuts for task pane entries. - / in database object names not allowed anymore. - New Report Designer. - HTML export for draw and presentation documents now supports png. - Alternative text for non-text image map. - Alternative text for layers in drawings. - Alternative text for layers in drawings (now with issue number). - Preview Document in Web Browser. - Extension can integrate options pages in the options dialog. - New option: Load printer settings with the document. - Single dialog export in dialog editor. - Link to extensions.services.openoffice.org in Extension Manager. - Editing of path animations is possible again. - testtool: new commands to request webpages. - testtool: new implementation for typekeys and mouse*. - testtool: new methods to access EditBrowseBox. - testtool: config tabpage for Crashreport configuration. - testtool: New option in options dialog to set OOo program path. - testtool: method to get state of menu entry if expandable. - testtool: add new methods for ORoadmap e.g. in wizards. - testtool: new method to get slot execution status. - Default print options in Calc. - Support of inline matrix/array constants in formulas. - Keyboard shortcut "Ctrl-1" is now "Format Cells". - Keyboard shortcuts Ctrl-Plus and Ctrl-Minus for Insert/Delete Cells. - GETPIVOTDATA formula function. - Division by zero #DIV/0! error displayed for certain functions, #NUM! displayed for illegal floating-point operation errors. - Cell context menu entry changed. - Renamed checkbox in Paste Special dialog. - Checkbox in Delete Contents dialog renamed. - Extend AutoSum Capabilities in Calc. - Renamed "Set Input Mode" to "Toggle Edit Mode". - Shortcut for Format->Cells menu entry changed. - Ctrl + ~ (Ctrl + `) toggles formula view. - Dynamic ranges as formula results in validation lists. - Drawing objects support Basic macro calls. - JIS and ASC Spreadsheet Functions. - "Form Objects" toolbar removed. - Toolbars "Insert" and "Insert Object" merged. - Changed menu entry Data->Outline. - Default print options in Calc. - Intro and about bitmap location changed, configure script extended. - Selectable FixedTexts.Changed shortcut for "Object" in the Edit menu. - Standard Color Palette Extended by new Chart Default Colors. - Automatic update for charts in Writer. - Language Guessing. - Ctrl-click to execute hyperlinks. - New Smart Tag API and UI. - 'Old' mail merge dialog now supports output to single file. - Soft page break. - Shortcut for "Repeat". - New writer compatibility option. - Password of a document is asked untill the correct one is entered or the dialog is cancelled. - Menu and toolbar merging support for extensions. - Default Macro Security Level changed. - First word in a Calc cell will no longer be capitalized by auto-correction. - Customize Keyboard tabpage. - Compatibility option "Expand word space..." added. - New export filter: MediaWiki. - Spell checking one letter words. Please see the following URL for more detail of changes. http://development.openoffice.org/releases/2.3.0.html @ text @$NetBSD: patch-co,v 1.2 2007/10/04 12:16:26 abs Exp $ NOTE: This patch fixes CVE-2007-2834. It's already fixed in OOo 2.3.0. --- goodies/source/filter.vcl/itiff/itiff.cxx.orig 2006-11-14 16:17:15.000000000 +0000 +++ goodies/source/filter.vcl/itiff/itiff.cxx @@@@ -132,7 +132,7 @@@@ private: double ReadDoubleData(); void ReadHeader(); - void ReadTagData( USHORT nTagType, ULONG nDataLen ); + void ReadTagData( USHORT nTagType, sal_uInt32 nDataLen ); BOOL ReadMap( ULONG nMinPercent, ULONG nMaxPercent ); // Liesst/dekomprimert die Bitmap-Daten, und fuellt pMap @@@@ -290,7 +290,7 @@@@ double TIFFReader::ReadDoubleData() // --------------------------------------------------------------------------------- -void TIFFReader::ReadTagData( USHORT nTagType, ULONG nDataLen) +void TIFFReader::ReadTagData( USHORT nTagType, sal_uInt32 nDataLen) { if ( bStatus == FALSE ) return; @@@@ -353,16 +353,25 @@@@ void TIFFReader::ReadTagData( USHORT nTa case 0x0111: { // Strip Offset(s) ULONG nOldNumSO, i, * pOldSO; pOldSO = pStripOffsets; - if ( pOldSO == NULL ) nNumStripOffsets = 0; // Sicherheitshalber + if ( pOldSO == NULL ) + nNumStripOffsets = 0; nOldNumSO = nNumStripOffsets; - nNumStripOffsets += nDataLen; - pStripOffsets = new ULONG[ nNumStripOffsets ]; - for ( i = 0; i < nOldNumSO; i++ ) - pStripOffsets[ i ] = pOldSO[ i ] + nOrigPos; - for ( i = nOldNumSO; i < nNumStripOffsets; i++ ) - pStripOffsets[ i ] = ReadIntData() + nOrigPos; - if ( pOldSO != NULL ) + nDataLen += nOldNumSO; + if ( ( nDataLen > nOldNumSO ) && ( nDataLen < SAL_MAX_UINT32 / sizeof( sal_uInt32 ) ) ) + { + nNumStripOffsets = nDataLen; + pStripOffsets = new ULONG[ nNumStripOffsets ]; + if ( !pStripOffsets ) + nNumStripOffsets = 0; + else + { + for ( i = 0; i < nOldNumSO; i++ ) + pStripOffsets[ i ] = pOldSO[ i ] + nOrigPos; + for ( i = nOldNumSO; i < nNumStripOffsets; i++ ) + pStripOffsets[ i ] = ReadIntData() + nOrigPos; + } delete[] pOldSO; + } OOODEBUG("StripOffsets (Anzahl:)",nDataLen); break; } @@@@ -384,16 +393,25 @@@@ void TIFFReader::ReadTagData( USHORT nTa case 0x0117: { // Strip Byte Counts ULONG nOldNumSBC, i, * pOldSBC; pOldSBC = pStripByteCounts; - if ( pOldSBC == NULL ) nNumStripByteCounts = 0; // Sicherheitshalber + if ( pOldSBC == NULL ) + nNumStripByteCounts = 0; // Sicherheitshalber nOldNumSBC = nNumStripByteCounts; - nNumStripByteCounts += nDataLen; - pStripByteCounts = new ULONG[ nNumStripByteCounts ]; - for ( i = 0; i < nOldNumSBC; i++ ) - pStripByteCounts[ i ] = pOldSBC[ i ]; - for ( i = nOldNumSBC; i < nNumStripByteCounts; i++) - pStripByteCounts[ i ] = ReadIntData(); - if ( pOldSBC != NULL ) + nDataLen += nOldNumSBC; + if ( ( nDataLen > nOldNumSBC ) && ( nDataLen < SAL_MAX_UINT32 / sizeof( sal_uInt32 ) ) ) + { + nNumStripByteCounts = nDataLen; + pStripByteCounts = new ULONG[ nNumStripByteCounts ]; + if ( !nNumStripByteCounts ) + nNumStripByteCounts = 0; + else + { + for ( i = 0; i < nOldNumSBC; i++ ) + pStripByteCounts[ i ] = pOldSBC[ i ]; + for ( i = nOldNumSBC; i < nNumStripByteCounts; i++) + pStripByteCounts[ i ] = ReadIntData(); + } delete[] pOldSBC; + } OOODEBUG("StripByteCounts (Anzahl:)",nDataLen); break; } @ 1.2 log @remove section of patch which (only) contains CVS tokens @ text @d1 1 a1 1 $NetBSD: patch-co,v 1.1 2007/09/30 12:27:40 hira Exp $ @ 1.1 log @ - Fix CVE-2007-2834 (Manipulated TIFF files can lead to heap overflows and arbitrary code execution). - Use internal libwpd (fix buildlink error of gnome-vfs). Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d5 3 a7 15 --- goodies/source/filter.vcl/itiff/itiff.cxx.orig 2006-11-15 01:17:15.000000000 +0900 +++ goodies/source/filter.vcl/itiff/itiff.cxx 2007-09-30 18:12:19.000000000 +0900 @@@@ -4,9 +4,9 @@@@ * * $RCSfile: itiff.cxx,v $ * - * $Revision: 1.13 $ + * $Revision: 1.14 $ * - * last change: $Author: ihi $ $Date: 2006/11/14 16:17:15 $ + * last change: $Author: hr $ $Date: 2007/08/01 12:39:29 $ * * The Contents of this file are made available subject to * the terms of GNU Lesser General Public License Version 2.1. @@@@ -132,7 +132,7 @@@@ d16 1 a16 1 @@@@ -290,7 +290,7 @@@@ d25 1 a25 1 @@@@ -353,16 +353,25 @@@@ d59 1 a59 1 @@@@ -384,16 +393,25 @@@@ @