Fix CVE-2023-6185 CVE-2023-6186
Resolves: RHEL-28591 RHEL-28595 Also RHEL-28592 RHEL-28596
This commit is contained in:
parent
1f362be408
commit
15f0103f76
69
0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Normal file
69
0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
From 6167f5815aefa78a70517c8e2acbdd7b9c9be27d Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <6167f5815aefa78a70517c8e2acbdd7b9c9be27d.1703003067.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Fri, 3 Nov 2023 14:20:07 +0000
|
||||||
|
Subject: [PATCH] escape url passed to gstreamer
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159583
|
||||||
|
|
||||||
|
erAck: backported to 7.1.8.1
|
||||||
|
|
||||||
|
---
|
||||||
|
avmedia/source/gstreamer/gstframegrabber.cxx | 14 +++++++++-----
|
||||||
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0001-escape-url-passed-to-gstreamer.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0001-escape-url-passed-to-gstreamer.patch"
|
||||||
|
|
||||||
|
diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
|
||||||
|
index ece799d87530..25170a296e66 100644
|
||||||
|
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
|
||||||
|
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
|
||||||
|
@@ -51,11 +51,9 @@ void FrameGrabber::disposePipeline()
|
||||||
|
FrameGrabber::FrameGrabber( const OUString &rURL ) :
|
||||||
|
FrameGrabber_BASE()
|
||||||
|
{
|
||||||
|
- gchar *pPipelineStr;
|
||||||
|
- pPipelineStr = g_strdup_printf(
|
||||||
|
- "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
|
||||||
|
- "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
|
||||||
|
- OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
|
||||||
|
+ const char pPipelineStr[] =
|
||||||
|
+ "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
|
||||||
|
+ "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
|
||||||
|
|
||||||
|
GError *pError = nullptr;
|
||||||
|
mpPipeline = gst_parse_launch( pPipelineStr, &pError );
|
||||||
|
@@ -66,6 +64,12 @@ FrameGrabber::FrameGrabber( const OUString &rURL ) :
|
||||||
|
}
|
||||||
|
|
||||||
|
if( mpPipeline ) {
|
||||||
|
+
|
||||||
|
+ if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
|
||||||
|
+ g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
|
||||||
|
+ else
|
||||||
|
+ g_warning("Missing 'source' element in gstreamer pipeline");
|
||||||
|
+
|
||||||
|
// pre-roll
|
||||||
|
switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
|
||||||
|
case GST_STATE_CHANGE_FAILURE:
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
@ -0,0 +1,93 @@
|
|||||||
|
From 37d73a1ab94b43e03866d5a910cb58331543b8c3 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <37d73a1ab94b43e03866d5a910cb58331543b8c3.1703086247.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Fri, 3 Nov 2023 17:14:26 +0000
|
||||||
|
Subject: [PATCH] add some protocols that don't make sense as floating frame
|
||||||
|
targets
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159582
|
||||||
|
|
||||||
|
erAck: backported to 7.1.8.1
|
||||||
|
|
||||||
|
---
|
||||||
|
include/tools/urlobj.hxx | 5 +++++
|
||||||
|
sfx2/source/doc/iframe.cxx | 5 ++++-
|
||||||
|
tools/source/fsys/urlobj.cxx | 8 ++++++++
|
||||||
|
3 files changed, 17 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
|
||||||
|
|
||||||
|
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
|
||||||
|
index 9d6820ddf241..dfd658722826 100644
|
||||||
|
--- a/include/tools/urlobj.hxx
|
||||||
|
+++ b/include/tools/urlobj.hxx
|
||||||
|
@@ -915,6 +915,11 @@ public:
|
||||||
|
|
||||||
|
void changeScheme(INetProtocol eTargetScheme);
|
||||||
|
|
||||||
|
+ // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
|
||||||
|
+ // vnd.sun.star.script, etc. All the types of URLs which shouldn't
|
||||||
|
+ // be accepted from an outside controlled source
|
||||||
|
+ bool IsExoticProtocol() const;
|
||||||
|
+
|
||||||
|
private:
|
||||||
|
// General Structure:
|
||||||
|
|
||||||
|
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
|
||||||
|
index 150218b436e9..b81ce82fd32e 100644
|
||||||
|
--- a/sfx2/source/doc/iframe.cxx
|
||||||
|
+++ b/sfx2/source/doc/iframe.cxx
|
||||||
|
@@ -168,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
|
||||||
|
xTrans->parseStrict( aTargetURL );
|
||||||
|
|
||||||
|
INetURLObject aURLObject(aTargetURL.Complete);
|
||||||
|
- if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
|
||||||
|
+ if (aURLObject.IsExoticProtocol())
|
||||||
|
+ {
|
||||||
|
+ //SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete);
|
||||||
|
return false;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
|
||||||
|
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
|
||||||
|
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
|
||||||
|
index 764bb28ef623..2a9f7bc3d7dc 100644
|
||||||
|
--- a/tools/source/fsys/urlobj.cxx
|
||||||
|
+++ b/tools/source/fsys/urlobj.cxx
|
||||||
|
@@ -4829,4 +4829,12 @@ OUString INetURLObject::CutExtension()
|
||||||
|
? aTheExtension : OUString();
|
||||||
|
}
|
||||||
|
|
||||||
|
+bool INetURLObject::IsExoticProtocol() const
|
||||||
|
+{
|
||||||
|
+ return m_eScheme == INetProtocol::Slot ||
|
||||||
|
+ m_eScheme == INetProtocol::Macro ||
|
||||||
|
+ m_eScheme == INetProtocol::Uno ||
|
||||||
|
+ isSchemeEqualTo(u"vnd.sun.star.script");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
100
0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
Normal file
100
0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
From 82752ccba78ecdbf94908377ec022f68ba7d9d59 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Sat, 4 Nov 2023 19:57:51 +0000
|
||||||
|
Subject: [PATCH 1/4] warn about exotic protocols as well
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
|
||||||
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159881
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159911
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
|
||||||
|
erAck: backported to 7.1.8.1
|
||||||
|
|
||||||
|
---
|
||||||
|
sw/source/filter/html/htmlplug.cxx | 2 +-
|
||||||
|
sw/source/filter/xml/xmltexti.cxx | 2 +-
|
||||||
|
tools/source/fsys/urlobj.cxx | 3 ++-
|
||||||
|
xmloff/source/draw/ximpshap.cxx | 2 +-
|
||||||
|
4 files changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0001-warn-about-exotic-protocols-as-well.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0001-warn-about-exotic-protocols-as-well.patch"
|
||||||
|
|
||||||
|
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
|
||||||
|
index 1aec184d8a6c..1c1f5f49f13e 100644
|
||||||
|
--- a/sw/source/filter/html/htmlplug.cxx
|
||||||
|
+++ b/sw/source/filter/html/htmlplug.cxx
|
||||||
|
@@ -1092,7 +1092,7 @@ void SwHTMLParser::InsertFloatingFrame()
|
||||||
|
|
||||||
|
OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
|
||||||
|
|
||||||
|
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ if (INetURLObject(sHRef).IsExoticProtocol())
|
||||||
|
NotifyMacroEventRead();
|
||||||
|
|
||||||
|
xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
|
||||||
|
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
index 7ec4616f76dd..4bbed6bb8ff8 100644
|
||||||
|
--- a/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
+++ b/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
@@ -860,7 +860,7 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
|
||||||
|
OUString sHRef = URIHelper::SmartRel2Abs(
|
||||||
|
INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
|
||||||
|
|
||||||
|
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ if (INetURLObject(sHRef).IsExoticProtocol())
|
||||||
|
GetXMLImport().NotifyMacroEventRead();
|
||||||
|
|
||||||
|
xSet->setPropertyValue("FrameURL",
|
||||||
|
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
|
||||||
|
index 2a9f7bc3d7dc..36a8af31a0fb 100644
|
||||||
|
--- a/tools/source/fsys/urlobj.cxx
|
||||||
|
+++ b/tools/source/fsys/urlobj.cxx
|
||||||
|
@@ -4767,7 +4767,8 @@ bool INetURLObject::IsExoticProtocol() const
|
||||||
|
return m_eScheme == INetProtocol::Slot ||
|
||||||
|
m_eScheme == INetProtocol::Macro ||
|
||||||
|
m_eScheme == INetProtocol::Uno ||
|
||||||
|
- isSchemeEqualTo(u"vnd.sun.star.script");
|
||||||
|
+ isSchemeEqualTo(u"vnd.sun.star.script") ||
|
||||||
|
+ isSchemeEqualTo(u"service");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||||
|
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
|
||||||
|
index 113f3a3ffc2a..263b4b937608 100644
|
||||||
|
--- a/xmloff/source/draw/ximpshap.cxx
|
||||||
|
+++ b/xmloff/source/draw/ximpshap.cxx
|
||||||
|
@@ -3257,7 +3257,7 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
|
||||||
|
|
||||||
|
if( !maHref.isEmpty() )
|
||||||
|
{
|
||||||
|
- if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ if (INetURLObject(maHref).IsExoticProtocol())
|
||||||
|
GetImport().NotifyMacroEventRead();
|
||||||
|
|
||||||
|
xProps->setPropertyValue("FrameURL", Any(maHref) );
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
@ -0,0 +1,239 @@
|
|||||||
|
From b74078dd27a8d9e7151bc0466ca231a06f555459 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <b74078dd27a8d9e7151bc0466ca231a06f555459.1703086328.git.erack@redhat.com>
|
||||||
|
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Fri, 3 Nov 2023 17:26:25 +0000
|
||||||
|
Subject: [PATCH 2/4] default to ignoring libreoffice special-purpose protocols
|
||||||
|
in calc hyperlink
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
|
||||||
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159882
|
||||||
|
Tested-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159912
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
|
||||||
|
erAck: backported to 7.1.8.1
|
||||||
|
|
||||||
|
---
|
||||||
|
dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 +-
|
||||||
|
include/sfx2/docmacromode.hxx | 4 ++-
|
||||||
|
include/sfx2/objsh.hxx | 3 ++
|
||||||
|
sc/source/core/data/global.cxx | 33 ++++++++++++++++++-
|
||||||
|
sfx2/source/doc/docmacromode.cxx | 8 +++--
|
||||||
|
sfx2/source/doc/objmisc.cxx | 8 ++++-
|
||||||
|
sfx2/source/doc/objxtor.cxx | 1 +
|
||||||
|
sfx2/source/inc/objshimp.hxx | 3 +-
|
||||||
|
8 files changed, 56 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0002-default-to-ignoring-libreoffice-special-purpose-prot.patch"
|
||||||
|
|
||||||
|
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
||||||
|
index 3e21289dbe9a..e399d5da7067 100644
|
||||||
|
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
||||||
|
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
|
||||||
|
@@ -1133,7 +1133,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
|
||||||
|
{
|
||||||
|
Reference< XInteractionHandler > xInteraction;
|
||||||
|
xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
|
||||||
|
- return m_aMacroMode.checkMacrosOnLoading( xInteraction );
|
||||||
|
+ const bool bHasMacros = m_aMacroMode.hasMacros();
|
||||||
|
+ return m_aMacroMode.checkMacrosOnLoading(xInteraction, false /*HasValidContentSignature*/, bHasMacros);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ODatabaseModelImpl::resetMacroExecutionMode()
|
||||||
|
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
|
||||||
|
index 7ed42f6a14dd..0acb44cbfbb1 100644
|
||||||
|
--- a/include/sfx2/docmacromode.hxx
|
||||||
|
+++ b/include/sfx2/docmacromode.hxx
|
||||||
|
@@ -261,6 +261,8 @@ namespace sfx2
|
||||||
|
*/
|
||||||
|
static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
|
||||||
|
|
||||||
|
+ bool hasMacros() const;
|
||||||
|
+
|
||||||
|
static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainer );
|
||||||
|
/** checks the macro execution mode while loading the document.
|
||||||
|
|
||||||
|
@@ -288,7 +290,7 @@ namespace sfx2
|
||||||
|
bool
|
||||||
|
checkMacrosOnLoading(
|
||||||
|
const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
|
||||||
|
- bool bHasValidContentSignature = false
|
||||||
|
+ bool bHasValidContentSignature, bool bHasMacros
|
||||||
|
);
|
||||||
|
|
||||||
|
private:
|
||||||
|
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
|
||||||
|
index ef1a0a33e1dc..fde0dba3d7c9 100644
|
||||||
|
--- a/include/sfx2/objsh.hxx
|
||||||
|
+++ b/include/sfx2/objsh.hxx
|
||||||
|
@@ -433,6 +433,9 @@ public:
|
||||||
|
void SetMacroCallsSeenWhileLoading();
|
||||||
|
bool GetMacroCallsSeenWhileLoading() const;
|
||||||
|
|
||||||
|
+ // true if the document had macros (or similar) on load to trigger warning user
|
||||||
|
+ bool GetHadCheckedMacrosOnLoad() const;
|
||||||
|
+
|
||||||
|
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
|
||||||
|
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
|
||||||
|
|
||||||
|
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
|
||||||
|
index b0a91cb397d8..92caea1ea459 100644
|
||||||
|
--- a/sc/source/core/data/global.cxx
|
||||||
|
+++ b/sc/source/core/data/global.cxx
|
||||||
|
@@ -26,7 +26,9 @@
|
||||||
|
#include <sfx2/docfile.hxx>
|
||||||
|
#include <sfx2/dispatch.hxx>
|
||||||
|
#include <sfx2/objsh.hxx>
|
||||||
|
+#include <sfx2/sfxresid.hxx>
|
||||||
|
#include <sfx2/sfxsids.hrc>
|
||||||
|
+#include <sfx2/strings.hrc>
|
||||||
|
#include <sfx2/viewfrm.hxx>
|
||||||
|
#include <sfx2/viewsh.hxx>
|
||||||
|
#include <svl/intitem.hxx>
|
||||||
|
@@ -772,7 +774,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
||||||
|
|
||||||
|
OUString aUrlName( rURL );
|
||||||
|
SfxViewFrame* pFrame = nullptr;
|
||||||
|
- const SfxObjectShell* pObjShell = nullptr;
|
||||||
|
+ SfxObjectShell* pObjShell = nullptr;
|
||||||
|
OUString aReferName;
|
||||||
|
if ( pScActiveViewShell )
|
||||||
|
{
|
||||||
|
@@ -806,6 +808,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
||||||
|
aUrlName = aNewUrlName;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (INetURLObject(aUrlName).IsExoticProtocol())
|
||||||
|
+ {
|
||||||
|
+ // Default to ignoring exotic protocols
|
||||||
|
+ bool bAllow = false;
|
||||||
|
+ if (pObjShell)
|
||||||
|
+ {
|
||||||
|
+ // If the document had macros when loaded then follow the allowed macro-mode
|
||||||
|
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
|
||||||
|
+ bAllow = pObjShell->AdjustMacroMode();
|
||||||
|
+ else // otherwise ask the user, defaulting to cancel
|
||||||
|
+ {
|
||||||
|
+ assert(pFrame && "if we have pObjShell we have pFrame");
|
||||||
|
+ //Reuse URITools::onOpenURI warning string
|
||||||
|
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
|
||||||
|
+ VclMessageType::Warning, VclButtonsType::YesNo,
|
||||||
|
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
|
||||||
|
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
||||||
|
+ INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
|
||||||
|
+ xQueryBox->set_default_response(RET_NO);
|
||||||
|
+ bAllow = xQueryBox->run() == RET_YES;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (!bAllow)
|
||||||
|
+ {
|
||||||
|
+ SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
|
||||||
|
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
|
||||||
|
if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window
|
||||||
|
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
|
||||||
|
index bdae350b22f5..d8757c7a505d 100644
|
||||||
|
--- a/sfx2/source/doc/docmacromode.cxx
|
||||||
|
+++ b/sfx2/source/doc/docmacromode.cxx
|
||||||
|
@@ -403,8 +403,12 @@ namespace sfx2
|
||||||
|
return bHasMacros;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ bool DocumentMacroMode::hasMacros() const
|
||||||
|
+ {
|
||||||
|
+ return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature )
|
||||||
|
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasValidContentSignature, bool bHasMacros )
|
||||||
|
{
|
||||||
|
bool bAllow = false;
|
||||||
|
if ( SvtSecurityOptions().IsMacroDisabled() )
|
||||||
|
@@ -414,7 +418,7 @@ namespace sfx2
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
|
||||||
|
+ if (bHasMacros)
|
||||||
|
{
|
||||||
|
if (m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
|
||||||
|
m_bNeedsContentSigned = true;
|
||||||
|
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
|
||||||
|
index 6b86e2163ccb..ddf95eeafe5e 100644
|
||||||
|
--- a/sfx2/source/doc/objmisc.cxx
|
||||||
|
+++ b/sfx2/source/doc/objmisc.cxx
|
||||||
|
@@ -944,9 +944,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
|
||||||
|
|
||||||
|
// check macro security
|
||||||
|
const bool bHasValidContentSignature = HasValidSignatures();
|
||||||
|
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature );
|
||||||
|
+ const bool bHasMacros = pImpl->aMacroMode.hasMacros();
|
||||||
|
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasValidContentSignature, bHasMacros );
|
||||||
|
+ pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
|
||||||
|
}
|
||||||
|
|
||||||
|
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
|
||||||
|
+{
|
||||||
|
+ return pImpl->m_bHadCheckedMacrosOnLoad;
|
||||||
|
+}
|
||||||
|
|
||||||
|
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
|
||||||
|
{
|
||||||
|
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
|
||||||
|
index c7f34aeadc31..ae6f713251ea 100644
|
||||||
|
--- a/sfx2/source/doc/objxtor.cxx
|
||||||
|
+++ b/sfx2/source/doc/objxtor.cxx
|
||||||
|
@@ -211,6 +211,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
|
||||||
|
,m_bAllowShareControlFileClean( true )
|
||||||
|
,m_bConfigOptionsChecked( false )
|
||||||
|
,m_bMacroCallsSeenWhileLoading( false )
|
||||||
|
+ ,m_bHadCheckedMacrosOnLoad( false )
|
||||||
|
,lErr(ERRCODE_NONE)
|
||||||
|
,nEventId ( SfxEventHintId::NONE )
|
||||||
|
,nLoadedFlags ( SfxLoadedFlags::ALL )
|
||||||
|
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
|
||||||
|
index 192470e5542d..b011b3737d66 100644
|
||||||
|
--- a/sfx2/source/inc/objshimp.hxx
|
||||||
|
+++ b/sfx2/source/inc/objshimp.hxx
|
||||||
|
@@ -90,7 +90,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
|
||||||
|
m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
|
||||||
|
m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
|
||||||
|
m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
|
||||||
|
- m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
|
||||||
|
+ m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
|
||||||
|
+ m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
|
||||||
|
|
||||||
|
IndexBitSet aBitSet;
|
||||||
|
ErrCode lErr;
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
@ -0,0 +1,281 @@
|
|||||||
|
From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
|
||||||
|
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Wed, 15 Nov 2023 11:39:24 +0000
|
||||||
|
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
reorg calc hyperlink check to reuse elsewhere
|
||||||
|
|
||||||
|
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
|
||||||
|
|
||||||
|
reuse AllowedLinkProtocolFromDocument in writer
|
||||||
|
|
||||||
|
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
|
||||||
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
|
||||||
|
|
||||||
|
combine these hyperlink dispatchers into one call
|
||||||
|
|
||||||
|
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
|
||||||
|
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
|
||||||
|
|
||||||
|
we can have just one LoadURL for writer
|
||||||
|
|
||||||
|
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
|
||||||
|
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
||||||
|
---
|
||||||
|
include/sfx2/objsh.hxx | 7 +++--
|
||||||
|
sc/source/core/data/global.cxx | 32 ++---------------------
|
||||||
|
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
|
||||||
|
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
|
||||||
|
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
|
||||||
|
5 files changed, 60 insertions(+), 52 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
|
||||||
|
|
||||||
|
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
|
||||||
|
index fde0dba3d7c9..79f22c978dcb 100644
|
||||||
|
--- a/include/sfx2/objsh.hxx
|
||||||
|
+++ b/include/sfx2/objsh.hxx
|
||||||
|
@@ -200,6 +200,9 @@ private:
|
||||||
|
|
||||||
|
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
|
||||||
|
|
||||||
|
+ // true if the document had macros (or similar) on load to trigger warning user
|
||||||
|
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
|
||||||
|
+
|
||||||
|
protected:
|
||||||
|
SfxObjectShell(SfxObjectCreateMode);
|
||||||
|
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
|
||||||
|
@@ -427,8 +430,8 @@ public:
|
||||||
|
void SetMacroCallsSeenWhileLoading();
|
||||||
|
bool GetMacroCallsSeenWhileLoading() const;
|
||||||
|
|
||||||
|
- // true if the document had macros (or similar) on load to trigger warning user
|
||||||
|
- bool GetHadCheckedMacrosOnLoad() const;
|
||||||
|
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
|
||||||
|
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
|
||||||
|
|
||||||
|
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
|
||||||
|
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
|
||||||
|
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
|
||||||
|
index 92caea1ea459..27c5a51a46c1 100644
|
||||||
|
--- a/sc/source/core/data/global.cxx
|
||||||
|
+++ b/sc/source/core/data/global.cxx
|
||||||
|
@@ -29,9 +29,7 @@
|
||||||
|
#include <sfx2/docfile.hxx>
|
||||||
|
#include <sfx2/dispatch.hxx>
|
||||||
|
#include <sfx2/objsh.hxx>
|
||||||
|
-#include <sfx2/sfxresid.hxx>
|
||||||
|
#include <sfx2/sfxsids.hrc>
|
||||||
|
-#include <sfx2/strings.hrc>
|
||||||
|
#include <sfx2/viewfrm.hxx>
|
||||||
|
#include <sfx2/viewsh.hxx>
|
||||||
|
#include <svl/intitem.hxx>
|
||||||
|
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
||||||
|
aUrlName = aNewUrlName;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (INetURLObject(aUrlName).IsExoticProtocol())
|
||||||
|
- {
|
||||||
|
- // Default to ignoring exotic protocols
|
||||||
|
- bool bAllow = false;
|
||||||
|
- if (pObjShell)
|
||||||
|
- {
|
||||||
|
- // If the document had macros when loaded then follow the allowed macro-mode
|
||||||
|
- if (pObjShell->GetHadCheckedMacrosOnLoad())
|
||||||
|
- bAllow = pObjShell->AdjustMacroMode();
|
||||||
|
- else // otherwise ask the user, defaulting to cancel
|
||||||
|
- {
|
||||||
|
- assert(pFrame && "if we have pObjShell we have pFrame");
|
||||||
|
- //Reuse URITools::onOpenURI warning string
|
||||||
|
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
|
||||||
|
- VclMessageType::Warning, VclButtonsType::YesNo,
|
||||||
|
- SfxResId(STR_DANGEROUS_TO_OPEN)));
|
||||||
|
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
||||||
|
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
|
||||||
|
- xQueryBox->set_default_response(RET_NO);
|
||||||
|
- bAllow = xQueryBox->run() == RET_YES;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if (!bAllow)
|
||||||
|
- {
|
||||||
|
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
|
||||||
|
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
|
||||||
|
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
|
||||||
|
index ddf95eeafe5e..8c76c3f0f4d6 100644
|
||||||
|
--- a/sfx2/source/doc/objmisc.cxx
|
||||||
|
+++ b/sfx2/source/doc/objmisc.cxx
|
||||||
|
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
|
||||||
|
return pImpl->m_bHadCheckedMacrosOnLoad;
|
||||||
|
}
|
||||||
|
|
||||||
|
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
|
||||||
|
+{
|
||||||
|
+ if (!INetURLObject(rUrl).IsExoticProtocol())
|
||||||
|
+ return true;
|
||||||
|
+ // Default to ignoring exotic protocols
|
||||||
|
+ bool bAllow = false;
|
||||||
|
+ if (pObjShell)
|
||||||
|
+ {
|
||||||
|
+ // If the document had macros when loaded then follow the allowed macro-mode
|
||||||
|
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
|
||||||
|
+ bAllow = pObjShell->AdjustMacroMode();
|
||||||
|
+ else // otherwise ask the user, defaulting to cancel
|
||||||
|
+ {
|
||||||
|
+ //Reuse URITools::onOpenURI warning string
|
||||||
|
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
|
||||||
|
+ VclMessageType::Warning, VclButtonsType::YesNo,
|
||||||
|
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
|
||||||
|
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
|
||||||
|
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
|
||||||
|
+ xQueryBox->set_default_response(RET_NO);
|
||||||
|
+ bAllow = xQueryBox->run() == RET_YES;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
|
||||||
|
+ return bAllow;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
|
||||||
|
{
|
||||||
|
OUString aVersion;
|
||||||
|
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
|
||||||
|
index c84ee7bd9af4..c51f501841ad 100644
|
||||||
|
--- a/sw/source/uibase/shells/drwtxtex.cxx
|
||||||
|
+++ b/sw/source/uibase/shells/drwtxtex.cxx
|
||||||
|
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
|
||||||
|
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
|
||||||
|
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
|
||||||
|
{
|
||||||
|
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
|
||||||
|
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
|
||||||
|
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
|
||||||
|
- SfxBoolItem aBrowsing(SID_BROWSE, true);
|
||||||
|
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
|
||||||
|
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
|
||||||
|
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
|
||||||
|
+ pURLField->GetTargetFrame());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
index 1995e7133c4a..d781823e82ec 100644
|
||||||
|
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
|
||||||
|
return bRet;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
- const OUString& rTargetFrameName )
|
||||||
|
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
+ const OUString& rTargetFrameName)
|
||||||
|
{
|
||||||
|
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
|
||||||
|
- if( rURL.isEmpty() )
|
||||||
|
- return ;
|
||||||
|
+ SwDocShell* pDShell = rView.GetDocShell();
|
||||||
|
+ OSL_ENSURE( pDShell, "No DocShell?!");
|
||||||
|
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
|
||||||
|
|
||||||
|
- // The shell could be 0 also!!!!!
|
||||||
|
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
|
||||||
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
|
||||||
|
return;
|
||||||
|
|
||||||
|
// We are doing tiledRendering, let the client handles the URL loading,
|
||||||
|
// unless we are jumping to a TOC mark.
|
||||||
|
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
|
||||||
|
{
|
||||||
|
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
|
||||||
|
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- //A CursorShell is always a WrtShell
|
||||||
|
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
|
||||||
|
-
|
||||||
|
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
|
||||||
|
- OSL_ENSURE( pDShell, "No DocShell?!");
|
||||||
|
OUString sTargetFrame(rTargetFrameName);
|
||||||
|
if (sTargetFrame.isEmpty() && pDShell)
|
||||||
|
{
|
||||||
|
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
OUString sReferer;
|
||||||
|
if( pDShell && pDShell->GetMedium() )
|
||||||
|
sReferer = pDShell->GetMedium()->GetName();
|
||||||
|
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
|
||||||
|
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
|
||||||
|
SfxStringItem aName( SID_FILE_NAME, rURL );
|
||||||
|
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
|
||||||
|
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
|
||||||
|
}
|
||||||
|
|
||||||
|
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
+ const OUString& rTargetFrameName )
|
||||||
|
+{
|
||||||
|
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
|
||||||
|
+ if( rURL.isEmpty() )
|
||||||
|
+ return ;
|
||||||
|
+
|
||||||
|
+ // The shell could be 0 also!!!!!
|
||||||
|
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ //A CursorShell is always a WrtShell
|
||||||
|
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
|
||||||
|
+
|
||||||
|
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
|
||||||
|
const sal_uInt16 nAction )
|
||||||
|
{
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
@ -0,0 +1,99 @@
|
|||||||
|
From 2b72aefb0ad620b4c5431a87f6493edba2563f27 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <2b72aefb0ad620b4c5431a87f6493edba2563f27.1703086328.git.erack@redhat.com>
|
||||||
|
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||||
|
Date: Wed, 22 Nov 2023 21:14:41 +0000
|
||||||
|
Subject: [PATCH 4/4] reuse AllowedLinkProtocolFromDocument in impress/draw
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
|
||||||
|
|
||||||
|
This is a multi-part message in MIME format.
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/plain; charset=UTF-8; format=fixed
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
|
||||||
|
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||||
|
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159914
|
||||||
|
Reviewed-by: Eike Rathke <erack@redhat.com>
|
||||||
|
---
|
||||||
|
sd/source/ui/app/sdmod1.cxx | 29 ++++++++++++++++++-----------
|
||||||
|
1 file changed, 18 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
--------------erAck-patch-parts
|
||||||
|
Content-Type: text/x-patch; name="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-Disposition: attachment; filename="0004-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch"
|
||||||
|
|
||||||
|
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
|
||||||
|
index 573ee853069b..b22feb2d1f21 100644
|
||||||
|
--- a/sd/source/ui/app/sdmod1.cxx
|
||||||
|
+++ b/sd/source/ui/app/sdmod1.cxx
|
||||||
|
@@ -33,6 +33,7 @@
|
||||||
|
#include <sfx2/docfile.hxx>
|
||||||
|
#include <sfx2/request.hxx>
|
||||||
|
#include <sfx2/templatedlg.hxx>
|
||||||
|
+#include <svl/stritem.hxx>
|
||||||
|
#include <editeng/eeitem.hxx>
|
||||||
|
|
||||||
|
#include <svx/svxids.hrc>
|
||||||
|
@@ -192,26 +193,32 @@ void SdModule::Execute(SfxRequest& rReq)
|
||||||
|
{
|
||||||
|
bool bIntercept = false;
|
||||||
|
::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
|
||||||
|
- if (pDocShell)
|
||||||
|
+ ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
|
||||||
|
+ if (pViewShell)
|
||||||
|
{
|
||||||
|
- ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
|
||||||
|
- if (pViewShell)
|
||||||
|
+ if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
|
||||||
|
{
|
||||||
|
- if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
|
||||||
|
+ // Prevent documents from opening while the slide
|
||||||
|
+ // show is running, except when this request comes
|
||||||
|
+ // from a shape interaction.
|
||||||
|
+ if (rReq.GetArgs() == nullptr)
|
||||||
|
{
|
||||||
|
- // Prevent documents from opening while the slide
|
||||||
|
- // show is running, except when this request comes
|
||||||
|
- // from a shape interaction.
|
||||||
|
- if (rReq.GetArgs() == nullptr)
|
||||||
|
- {
|
||||||
|
- bIntercept = true;
|
||||||
|
- }
|
||||||
|
+ bIntercept = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!bIntercept)
|
||||||
|
{
|
||||||
|
+ if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
|
||||||
|
+ {
|
||||||
|
+ if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
|
||||||
|
+ pViewShell->GetObjectShell(),
|
||||||
|
+ pViewShell->GetFrameWeld()))
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
|
||||||
|
}
|
||||||
|
else
|
||||||
|
|
||||||
|
--------------erAck-patch-parts--
|
||||||
|
|
||||||
|
|
65
0006-CVE-2023-6186-backporting.patch
Normal file
65
0006-CVE-2023-6186-backporting.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
From 762ed044e9c696a58e2ab41bd16b57003717a6ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eike Rathke <erack@redhat.com>
|
||||||
|
Date: Wed, 6 Mar 2024 23:19:34 +0100
|
||||||
|
Subject: [PATCH] CVE-2023-6186 backporting
|
||||||
|
|
||||||
|
Add dialog text string STR_DANGEROUS_TO_OPEN
|
||||||
|
as per upstream commit 70009098fd70df021048c540d1796c928554b494
|
||||||
|
|
||||||
|
SfxViewFrame doesn't have GetFrameWeld() yet, get from Window.
|
||||||
|
---
|
||||||
|
include/sfx2/strings.hrc | 1 +
|
||||||
|
sc/source/core/data/global.cxx | 4 +++-
|
||||||
|
sw/source/uibase/wrtsh/wrtsh2.cxx | 2 +-
|
||||||
|
3 files changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
|
||||||
|
index 317dd88..b1bfa69 100644
|
||||||
|
--- a/include/sfx2/strings.hrc
|
||||||
|
+++ b/include/sfx2/strings.hrc
|
||||||
|
@@ -101,6 +101,7 @@
|
||||||
|
#define STR_GB NC_("STR_GB", "GB")
|
||||||
|
#define STR_QUERY_LASTVERSION NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
|
||||||
|
#define STR_NO_WEBBROWSER_FOUND NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
|
||||||
|
+#define STR_DANGEROUS_TO_OPEN NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
|
||||||
|
#define STR_NO_ABS_URI_REF NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" cannot be passed to an external application to open it (e.g., it might not be an absolute URL, or might denote no existing file).")
|
||||||
|
#define STR_GID_INTERN NC_("STR_GID_INTERN", "Internal")
|
||||||
|
#define STR_GID_APPLICATION NC_("STR_GID_APPLICATION", "Application")
|
||||||
|
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
|
||||||
|
index d2f7343..a066985 100644
|
||||||
|
--- a/sc/source/core/data/global.cxx
|
||||||
|
+++ b/sc/source/core/data/global.cxx
|
||||||
|
@@ -37,6 +37,8 @@
|
||||||
|
#include <vcl/virdev.hxx>
|
||||||
|
#include <vcl/settings.hxx>
|
||||||
|
#include <vcl/svapp.hxx>
|
||||||
|
+#include <vcl/weld.hxx>
|
||||||
|
+#include <vcl/window.hxx>
|
||||||
|
#include <unotools/charclass.hxx>
|
||||||
|
#include <unotools/securityoptions.hxx>
|
||||||
|
#include <osl/diagnose.h>
|
||||||
|
@@ -806,7 +808,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
|
||||||
|
aUrlName = aNewUrlName;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
|
||||||
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetWindow().GetFrameWeld() : nullptr))
|
||||||
|
return;
|
||||||
|
|
||||||
|
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
|
||||||
|
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
index c91a8f3..7908814 100644
|
||||||
|
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
|
||||||
|
@@ -483,7 +483,7 @@ static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
|
||||||
|
OSL_ENSURE( pDShell, "No DocShell?!");
|
||||||
|
SfxViewFrame* pViewFrame = rView.GetViewFrame();
|
||||||
|
|
||||||
|
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
|
||||||
|
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetWindow().GetFrameWeld()))
|
||||||
|
return;
|
||||||
|
|
||||||
|
// We are doing tiledRendering, let the client handles the URL loading,
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
|
|||||||
Name: libreoffice
|
Name: libreoffice
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{libo_version}.1
|
Version: %{libo_version}.1
|
||||||
Release: 11%{?libo_prerelease}%{?dist}
|
Release: 12%{?libo_prerelease}%{?dist}
|
||||||
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
||||||
URL: http://www.libreoffice.org/
|
URL: http://www.libreoffice.org/
|
||||||
|
|
||||||
@ -289,6 +289,13 @@ Patch33: 0001-set-Referer-on-loading-IFrames.patch
|
|||||||
Patch34: 0002-put-floating-frames-under-managed-links-control.patch
|
Patch34: 0002-put-floating-frames-under-managed-links-control.patch
|
||||||
Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
|
Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
|
||||||
Patch36: 0001-disable-script-dump.patch
|
Patch36: 0001-disable-script-dump.patch
|
||||||
|
Patch37: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
|
||||||
|
Patch38: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
|
||||||
|
Patch39: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
|
||||||
|
Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot.patch
|
||||||
|
Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
|
||||||
|
Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
|
||||||
|
Patch43: 0006-CVE-2023-6186-backporting.patch
|
||||||
|
|
||||||
# not upstreamed
|
# not upstreamed
|
||||||
Patch500: 0001-disable-libe-book-support.patch
|
Patch500: 0001-disable-libe-book-support.patch
|
||||||
@ -1042,6 +1049,10 @@ git commit -q -a -m 'add Red Hat colors to palette'
|
|||||||
# apply patches
|
# apply patches
|
||||||
%autopatch -M 99
|
%autopatch -M 99
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
|
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
|
||||||
|
# From https://src.fedoraproject.org/rpms/python3.9/pull-request/60
|
||||||
|
# Make at least a local rhpkg prep on Fedora work..
|
||||||
|
%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
|
||||||
%apply_patch -q %{PATCH500}
|
%apply_patch -q %{PATCH500}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -1060,6 +1071,9 @@ sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
|
|||||||
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
|
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
|
||||||
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
|
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
|
||||||
%endif
|
%endif
|
||||||
|
# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
|
||||||
|
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
|
||||||
|
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
|
||||||
|
|
||||||
git commit -q -a -m 'temporarily disable failing tests'
|
git commit -q -a -m 'temporarily disable failing tests'
|
||||||
|
|
||||||
@ -2285,6 +2299,10 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
|
|||||||
%{_includedir}/LibreOfficeKit
|
%{_includedir}/LibreOfficeKit
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
|
||||||
|
- Fix CVE-2023-6185 escape url passed to gstreamer
|
||||||
|
- Fix CVE-2023-6186 check link target protocols
|
||||||
|
|
||||||
* Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
|
* Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
|
||||||
- Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula
|
- Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula
|
||||||
Parsing
|
Parsing
|
||||||
|
Loading…
Reference in New Issue
Block a user