Fix two security vulnerability

* http://www.openoffice.org/security/CVE-2006-3117.html
   http://www.openoffice.org/issues/show_bug.cgi?id=66866
   patch:http://cvs.gnome.org/viewcvs/*checkout*/ooo-build/patches/OOO_1_1/sax%2Bsource%2Bexpatwrap%2Bxml2utf.cxx.diff?rev=1.1.2.1

* http://www.openoffice.org/security/CVE-2006-2198.html
  http://www.openoffice.org/issues/show_bug.cgi?id=66863
  patch:http://cvs.gnome.org/viewcvs/*checkout*/ooo-build/patches/OOO_1_1/6438334-macros-so7-sfx2.diff?rev=1.1.2.1

Obtained from:	security-team@openoffice.org (Rene Engelhard <rene@debian.org>)

editors/openoffice.org-1.1/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	openoffice.org
 PORTVERSION=	1.1.5
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES+=	editors
 MASTER_SITES+=	${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/stable/1.1.5/&,} \
 		ftp://ftp.kddlabs.co.jp/office/openoffice/stable/1.1.5/ \

editors/openoffice.org-1.1/files/patch-sax+source+expatwrap+xml2utf.cxx

@@ -0,0 +1,81 @@
+diff -urN -x CVS -x unxlngi6.pro sax.orig/source/expatwrap/xml2utf.cxx sax/source/expatwrap/xml2utf.cxx
+--- sax.orig/source/expatwrap/xml2utf.cxx	2005-09-08 14:05:22.000000000 +0200
++++ sax/source/expatwrap/xml2utf.cxx	2006-06-22 11:04:22.000000000 +0200
+@@ -78,24 +78,26 @@
+ 				// ensure that enough data is available to parse encoding
+ 				if( seqStart.getLength() )
+ 				{
+-					seq.realloc( seqStart.getLength() + seq.getLength() );
+-					memcpy( (sal_Int8*)seq.getConstArray() + seqStart.getLength() ,
+-							seq.getConstArray() ,
+-							seq.getLength() );
+-					memcpy( (sal_Int8*)seq.getConstArray() ,
+-							seqStart.getConstArray(),
+-							seqStart.getLength() );
++				  // prefix with what we had so far.
++				  sal_Int32 nLength = seq.getLength();
++				  seq.realloc( seqStart.getLength() + nLength );
++
++				  memmove (seq.getArray() + seqStart.getLength(),
++					   seq.getConstArray(),
++					   nLength);
++				  memcpy  (seq.getArray(),
++					   seqStart.getConstArray(),
++					   seqStart.getLength());
+ 				}
+ 
+ 				// autodetection with the first bytes
+ 				if( ! isEncodingRecognizable( seq ) )
+ 				{
+-					seqStart.realloc( seqStart.getLength() + seq.getLength() );
+-					memcpy( (sal_Int8*)seqStart.getConstArray() + seqStart.getLength(),
+-							seq.getConstArray(),
+-							seq.getLength());
+-					// read more !
+-					continue;
++				  // remember what we have so far.
++				  seqStart = seq;
++
++				  // read more !
++				  continue;
+ 				}
+ 				if( scanForEncoding( seq ) || m_sEncoding.getLength() ) {
+ 					// initialize decoding
+@@ -291,7 +293,7 @@
+ 
+ 		// simply add the byte order mark !
+ 		seq.realloc( seq.getLength() + 2 );
+-		memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() );
++		memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() - 2 );
+ 		((sal_uInt8*)seq.getArray())[0] = 0xFE;
+ 		((sal_uInt8*)seq.getArray())[1] = 0xFF;
+ 
+@@ -302,7 +304,7 @@
+ 		// The byte order mark is simply added
+ 
+ 		seq.realloc( seq.getLength() + 2 );
+-		memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() );
++		memmove( &( seq.getArray()[2] ) , seq.getArray() , seq.getLength() - 2 );
+ 		((sal_uInt8*)seq.getArray())[0] = 0xFF;
+ 		((sal_uInt8*)seq.getArray())[1] = 0xFE;
+ 
+@@ -511,9 +513,7 @@
+ 		// In general when surrogates are used, they should be rarely
+ 		// cut off between two convert()-calls. So this code is used
+ 		// rarely and the extra copy is acceptable.
+-		nSourceSize += m_seqSource.getLength();
+-
+-		puTempMem = new sal_Unicode[ nSourceSize ];
++		puTempMem = new sal_Unicode[ nSourceSize + m_seqSource.getLength()];
+ 		memcpy( puTempMem ,
+ 				m_seqSource.getConstArray() ,
+ 				m_seqSource.getLength() * sizeof( sal_Unicode ) );
+@@ -522,6 +522,7 @@
+ 			puSource ,
+ 			nSourceSize*sizeof( sal_Unicode ) );
+ 		puSource = puTempMem;
++		nSourceSize += m_seqSource.getLength();
+ 
+ 		m_seqSource = Sequence< sal_Unicode > ();
+ 	}
+

editors/openoffice.org-1.1/files/patch-sfx2-6438334-macros-so7

@@ -0,0 +1,290 @@
+Index: inc/objsh.hxx
+===================================================================
+RCS file: /cvs/framework/sfx2/inc/objsh.hxx,v
+retrieving revision 1.32.12.3
+diff -u -p -r1.32.12.3 objsh.hxx
+--- sfx2/inc/objsh.hxx	21 Apr 2004 09:42:09 -0000	1.32.12.3
++++ sfx2/inc/objsh.hxx	13 Jun 2006 12:14:45 -0000
+@@ -569,6 +569,7 @@ public:
+ #if _SOLAR__PRIVATE
+ 	static SEQUENCE< OUSTRING >	GetEventNames_Impl();
+     void                        InitBasicManager_Impl( SvStorage *pStor, const String* pName = NULL );
++	void						CheckMacrosOnLoading_Impl();
+ 	SfxObjectShell_Impl*        Get_Impl() { return pImp; }
+ 	const SfxObjectShell_Impl*  Get_Impl() const { return pImp; }
+ 
+Index: source/doc/objmisc.cxx
+===================================================================
+RCS file: /cvs/framework/sfx2/source/doc/objmisc.cxx,v
+retrieving revision 1.33.12.1
+diff -u -p -r1.33.12.1 objmisc.cxx
+--- sfx2/source/doc/objmisc.cxx	21 Apr 2004 09:42:21 -0000	1.33.12.1
++++ sfx2/source/doc/objmisc.cxx	13 Jun 2006 12:16:28 -0000
+@@ -126,6 +126,7 @@
+ #include <svtools/securityoptions.hxx>
+ 
+ 
++using namespace ::com::sun::star;
+ using namespace ::com::sun::star::uno;
+ using namespace ::com::sun::star::ucb;
+ using namespace ::com::sun::star::document;
+@@ -181,6 +182,8 @@ using namespace ::com::sun::star::docume
+ #include "helper.hxx"
+ #include "doc.hrc"
+ 
++#include <scriptcont.hxx>
++
+ // class SfxHeaderAttributes_Impl ----------------------------------------
+ 
+ class SfxHeaderAttributes_Impl : public SvKeyValueIterator
+@@ -1008,6 +1011,80 @@ void SfxObjectShell::SetAutoLoad(
+ 	}
+ }
+ 
++//-------------------------------------------------------------------------
++
++void SfxObjectShell::CheckMacrosOnLoading_Impl()
++{
++	const SfxFilter* pFilter = pMedium->GetFilter();
++	sal_Bool bHasStorage = IsOwnStorageFormat_Impl( *pMedium );
++
++	if ( GetError() != ERRCODE_NONE )
++		return;
++
++	sal_Bool bHasMacros = sal_False;
++
++	if ( bHasStorage && ( !pFilter || !( pFilter->GetFilterFlags() & SFX_FILTER_STARONEFILTER ) ) )
++	{
++		SvStorageRef xStorage( pMedium->GetStorage() );
++		if ( xStorage.Is() )
++		{
++			if ( xStorage->IsOLEStorage() )
++				bHasMacros = BasicManager::HasBasicWithModules( *xStorage );
++			else
++				bHasMacros = xStorage->IsStorage( String::CreateFromAscii("Basic") );
++		}
++		else
++			SetError( ERRCODE_IO_GENERAL );
++	}
++
++	if ( !bHasMacros && pImp->pBasicLibContainer != 0 )
++	{
++		// a library container exists; check if it's empty
++
++		// if there are libraries except "Standard" library
++		// we assume that they are not empty (because they have been created by the user)
++		try
++		{
++			if ( pImp->pBasicLibContainer->hasElements() )
++			{
++				::rtl::OUString aStdLibName( RTL_CONSTASCII_USTRINGPARAM( "Standard" ) );
++				uno::Sequence< ::rtl::OUString > aElements = pImp->pBasicLibContainer->getElementNames();
++				if ( aElements.getLength() )
++				{
++					if ( aElements.getLength() > 1 || !aElements[0].equals( aStdLibName ) )
++						bHasMacros = sal_True;
++					else	
++					{
++						// usually a "Standard" library is always present (design)
++						// for this reason we must check if it's empty
++						uno::Reference < container::XNameAccess > xLib;
++						uno::Any aAny = pImp->pBasicLibContainer->getByName( aStdLibName );
++						aAny >>= xLib;
++						if ( xLib.is() )
++							bHasMacros = xLib->hasElements();
++					}
++				}
++			}
++		}
++		catch( uno::Exception& )
++		{}
++	}
++
++	if ( GetError() != ERRCODE_NONE )
++		return;
++
++	if ( bHasMacros )
++	{
++		AdjustMacroMode( String() ); // if macros are disabled the message will be shown here
++	}
++	else
++	{
++		// if macros will be added by the user later, the security check is obsolete
++		pImp->nMacroMode = MacroExecMode::ALWAYS_EXECUTE_NO_WARN;
++	}
++}
++//-------------------------------------------------------------------------
++
+ void SfxObjectShell::FinishedLoading( sal_uInt16 nFlags )
+ {
+ 	sal_Bool bSetModifiedTRUE = sal_False;
+@@ -1028,6 +1105,8 @@ void SfxObjectShell::FinishedLoading( sa
+ 						 SfxStringItem, SID_DOC_SALVAGE, sal_False );
+ 		if ( pSalvageItem )
+ 			bSetModifiedTRUE = sal_True;
++
++		CheckMacrosOnLoading_Impl();
+ 	}
+ 
+ 	if( ( nFlags & SFX_LOADED_IMAGES ) &&
+Index: source/doc/objstor.cxx
+===================================================================
+RCS file: /cvs/framework/sfx2/source/doc/objstor.cxx,v
+retrieving revision 1.118.16.3
+diff -u -p -r1.118.16.3 objstor.cxx
+--- sfx2/source/doc/objstor.cxx	25 Mar 2004 12:07:10 -0000	1.118.16.3
++++ sfx2/source/doc/objstor.cxx	13 Jun 2006 12:16:34 -0000
+@@ -607,22 +607,6 @@ sal_Bool SfxObjectShell::DoLoad( SfxMedi
+             	xStor->FillInfoList( &aList );
+             	if ( !aList.Count() && !xStor->IsOLEStorage() )
+                 	SetError( ERRCODE_IO_BROKENPACKAGE );
+-            	else
+-            	{
+-                	BOOL bHasMacros = FALSE;
+-                	if ( xStor->IsOLEStorage() )
+-                    	bHasMacros = BasicManager::HasBasicWithModules( *xStor );
+-                	else
+-                    	bHasMacros = xStor->IsStorage( String::CreateFromAscii("Basic") );
+-
+-                	if ( bHasMacros )
+-                    	AdjustMacroMode( String() );
+-					else
+-					{
+-						// if macros will be added by the user later, the security check is obsolete
+-						pImp->nMacroMode = MacroExecMode::ALWAYS_EXECUTE_NO_WARN;
+-					}
+-            	}
+         	}
+ 
+         	// Load
+Index: source/doc/sfxbasemodel.cxx
+===================================================================
+RCS file: /cvs/framework/sfx2/source/doc/sfxbasemodel.cxx,v
+retrieving revision 1.51.10.1
+diff -u -p -r1.51.10.1 sfxbasemodel.cxx
+--- sfx2/source/doc/sfxbasemodel.cxx	9 Jan 2004 17:44:22 -0000	1.51.10.1
++++ sfx2/source/doc/sfxbasemodel.cxx	13 Jun 2006 12:16:42 -0000
+@@ -103,6 +103,10 @@
+ #include <com/sun/star/view/PaperOrientation.hpp>
+ #endif
+ 
++#ifndef _COM_SUN_STAR_SCRIPT_XLIBRARYCONTAINER_HPP_
++#include <com/sun/star/script/XLibraryContainer.hpp>
++#endif
++
+ #ifndef _CPPUHELPER_INTERFACECONTAINER_HXX_
+ #include <cppuhelper/interfacecontainer.hxx>
+ #endif
+@@ -578,6 +582,7 @@ SEQUENCE< sal_Int8 > SAL_CALL SfxBaseMod
+ 
+ REFERENCE< XSTARBASICACCESS > implGetStarBasicAccess( SfxObjectShell* pObjectShell )
+ {
++	// is not used
+ 	REFERENCE< XSTARBASICACCESS > xRet;
+ 	if( pObjectShell )
+ 	{
+@@ -593,13 +598,20 @@ REFERENCE< XNAMECONTAINER > SAL_CALL Sfx
+ 	if ( impl_isDisposed() )
+ 		throw DISPOSEDEXCEPTION();
+ 
+-	REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
+-	if( !rxAccess.is() )
+-		rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
++//  the document library container must be used directly
++//	REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
++//	if( !rxAccess.is() )
++//		rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
++//
++//	REFERENCE< XNAMECONTAINER > xRet;
++//	if( rxAccess.is() )
++//		xRet = rxAccess->getLibraryContainer();
++//	return xRet;
+ 
+ 	REFERENCE< XNAMECONTAINER > xRet;
+-	if( rxAccess.is() )
+-		xRet = rxAccess->getLibraryContainer();
++	if( m_pData->m_pObjectShell )
++		xRet = REFERENCE< XNAMECONTAINER >( m_pData->m_pObjectShell->GetBasicContainer(), UNO_QUERY );
++
+ 	return xRet;
+ }
+ 
+@@ -614,12 +626,32 @@ void SAL_CALL SfxBaseModel::createLibrar
+ 	if ( impl_isDisposed() )
+ 		throw DISPOSEDEXCEPTION();
+ 
+-	REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
+-	if( !rxAccess.is() )
+-		rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
+-
+-	if( rxAccess.is() )
+-		rxAccess->createLibrary( LibName, Password, ExternalSourceURL, LinkTargetURL );
++	if( m_pData->m_pObjectShell )
++	{
++		Reference< ::com::sun::star::script::XLibraryContainer > xContainer = m_pData->m_pObjectShell->GetBasicContainer();
++		if ( xContainer.is() )
++		{
++			// insert a dummy library to let library existance be detected
++			// it is a hack to fix 136937
++			try
++			{
++				::rtl::OUString aDummy( RTL_CONSTASCII_USTRINGPARAM( "Dummy" ) );
++				if ( !xContainer->hasByName( aDummy ) )
++					xContainer->createLibrary( aDummy );
++			}
++			catch( uno::Exception& )
++			{
++				return;
++			}
++
++			REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
++			if( !rxAccess.is() )
++				rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
++		
++			if( rxAccess.is() )
++				rxAccess->createLibrary( LibName, Password, ExternalSourceURL, LinkTargetURL );
++		}
++	}
+ }
+ 
+ /**___________________________________________________________________________________________________
+@@ -633,12 +665,32 @@ void SAL_CALL SfxBaseModel::addModule( c
+ 	if ( impl_isDisposed() )
+ 		throw DISPOSEDEXCEPTION();
+ 
+-	REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
+-	if( !rxAccess.is() )
+-		rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
+-
+-	if( rxAccess.is() )
+-		rxAccess->addModule( LibraryName, ModuleName, Language, Source );
++	if( m_pData->m_pObjectShell )
++	{
++		Reference< ::com::sun::star::script::XLibraryContainer > xContainer = m_pData->m_pObjectShell->GetBasicContainer();
++		if ( xContainer.is() )
++		{
++			// insert a dummy library to let library existance be detected
++			// it is a hack to fix 136937
++			try
++			{
++				::rtl::OUString aDummy( RTL_CONSTASCII_USTRINGPARAM( "Dummy" ) );
++				if ( !xContainer->hasByName( aDummy ) )
++					xContainer->createLibrary( aDummy );
++			}
++			catch( uno::Exception& )
++			{
++				return;
++			}
++
++			REFERENCE< XSTARBASICACCESS >& rxAccess = m_pData->m_xStarBasicAccess;
++			if( !rxAccess.is() )
++				rxAccess = implGetStarBasicAccess( m_pData->m_pObjectShell );
++			
++			if( rxAccess.is() )
++				rxAccess->addModule( LibraryName, ModuleName, Language, Source );
++		}
++	}
+ }
+ 
+ /**___________________________________________________________________________________________________
+