rpms/libreoffice
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:a8
rpms:a9
rpms:c9
rpms:c9s
rpms:c8s
rpms:a8-beta
rpms:c8-beta
rpms:a9-beta
rpms:c9-beta
rpms:changed/a8/libreoffice-6.4.7.2-18.el8_10.alma.1
rpms:imports/c8/libreoffice-6.4.7.2-18.el8_10
rpms:changed/a9/libreoffice-7.1.8.1-14.el9_4.alma.1
rpms:imports/c9/libreoffice-7.1.8.1-14.el9_4
rpms:imports/c10s/libreoffice-7.1.8.1-14.el10
rpms:changed/a9/libreoffice-7.1.8.1-13.el9_4.alma.1
rpms:imports/c9/libreoffice-7.1.8.1-13.el9_4
rpms:changed/a8/libreoffice-6.4.7.2-17.el8_10.alma.1
rpms:changed/a9/libreoffice-7.1.8.1-12.el9_4.alma.1
rpms:changed/a9/libreoffice-7.1.8.1-12.el9_3.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-15.el8.alma
rpms:imports/c8-beta/libreoffice-6.4.7.2-15.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-11.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-11.el9
rpms:changed/a8/libreoffice-6.4.7.2-13.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-13.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-8.el9_1.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-13.el8.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-8.el9_1
rpms:imports/c8-beta/libreoffice-6.4.7.2-13.el8
rpms:changed/a9/libreoffice-7.1.8.1-8.el9_1.alma
rpms:imports/c9/libreoffice-7.1.8.1-8.el9_1
rpms:changed/a8/libreoffice-6.4.7.2-12.el8_7.alma
rpms:imports/c8/libreoffice-6.4.7.2-12.el8_7
rpms:imports/c8s/libreoffice-6.4.7.2-13.el8
rpms:changed/a9/libreoffice-7.1.8.1-7.el9.alma
rpms:imports/c9/libreoffice-7.1.8.1-7.el9
rpms:imports/c8s/libreoffice-6.4.7.2-12.el8
rpms:imports/c8s/libreoffice-6.4.7.2-12.el8_7
rpms:changed/a8/libreoffice-6.4.7.2-11.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-11.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-7.el9.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-11.el8.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-7.el9
rpms:imports/c8-beta/libreoffice-6.4.7.2-11.el8
rpms:changed/a9/libreoffice-7.1.8.1-6.el9.alma
rpms:imports/c9/libreoffice-7.1.8.1-6.el9
rpms:changed/a8/libreoffice-6.4.7.2-10.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-10.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-6.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-6.el9
rpms:changed/a9-beta/libreoffice-7.1.8.1-5.el9.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-10.el8.alma
rpms:imports/c8-beta/libreoffice-6.4.7.2-10.el8
rpms:imports/c8s/libreoffice-6.4.7.2-11.el8
rpms:imports/c9-beta/libreoffice-7.1.8.1-5.el9
rpms:imports/c8s/libreoffice-6.4.7.2-10.el8
rpms:imports/c9-beta/libreoffice-7.1.8.1-2.el9
rpms:changed/a9-beta/libreoffice-7.1.8.1-1.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-1.el9
rpms:imports/c8s/libreoffice-6.4.7.2-8.el8
rpms:imports/c9-beta/libreoffice-7.1.7.2-3.el9
rpms:imports/c9-beta/libreoffice-7.1.5.2-4.el9
rpms:imports/c8s/libreoffice-6.4.7.2-7.el8
rpms:imports/c8s/libreoffice-6.4.7.2-6.el8
rpms:imports/c8-beta/libreoffice-6.4.7.2-5.el8
rpms:imports/c8-beta/libreoffice-6.3.6.2-2.el8
rpms:imports/c8-beta/libreoffice-6.0.6.1-20.el8
rpms:imports/c8-beta/libreoffice-6.0.6.1-16.el8
rpms:changed/a8/libreoffice-6.4.7.2-5.el8.alma
rpms:imports/c8s/libreoffice-6.4.7.2-5.el8
rpms:imports/c8s/libreoffice-6.4.7.2-4.el8
rpms:imports/c8s/libreoffice-6.4.7.2-3.el8
rpms:imports/c8s/libreoffice-6.3.6.2-3.el8
rpms:imports/c8s/libreoffice-6.3.6.2-2.el8
rpms:imports/c8/libreoffice-6.4.7.2-5.el8
rpms:imports/c8/libreoffice-6.3.6.2-3.el8
rpms:imports/c8/libreoffice-6.0.6.1-20.el8
rpms:imports/c8/libreoffice-6.0.6.1-19.el8
rpms:imports/c8/libreoffice-6.0.6.1-13.el8
...
pull from: rpms:a8-beta
Branches Tags
rpms:c10s
rpms:a8
rpms:c8
rpms:a9
rpms:c9
rpms:c9s
rpms:c8s
rpms:a8-beta
rpms:c8-beta
rpms:a9-beta
rpms:c9-beta
rpms:changed/a8/libreoffice-6.4.7.2-18.el8_10.alma.1
rpms:imports/c8/libreoffice-6.4.7.2-18.el8_10
rpms:changed/a9/libreoffice-7.1.8.1-14.el9_4.alma.1
rpms:imports/c9/libreoffice-7.1.8.1-14.el9_4
rpms:imports/c10s/libreoffice-7.1.8.1-14.el10
rpms:changed/a9/libreoffice-7.1.8.1-13.el9_4.alma.1
rpms:imports/c9/libreoffice-7.1.8.1-13.el9_4
rpms:changed/a8/libreoffice-6.4.7.2-17.el8_10.alma.1
rpms:changed/a9/libreoffice-7.1.8.1-12.el9_4.alma.1
rpms:changed/a9/libreoffice-7.1.8.1-12.el9_3.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-15.el8.alma
rpms:imports/c8-beta/libreoffice-6.4.7.2-15.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-11.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-11.el9
rpms:changed/a8/libreoffice-6.4.7.2-13.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-13.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-8.el9_1.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-13.el8.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-8.el9_1
rpms:imports/c8-beta/libreoffice-6.4.7.2-13.el8
rpms:changed/a9/libreoffice-7.1.8.1-8.el9_1.alma
rpms:imports/c9/libreoffice-7.1.8.1-8.el9_1
rpms:changed/a8/libreoffice-6.4.7.2-12.el8_7.alma
rpms:imports/c8/libreoffice-6.4.7.2-12.el8_7
rpms:imports/c8s/libreoffice-6.4.7.2-13.el8
rpms:changed/a9/libreoffice-7.1.8.1-7.el9.alma
rpms:imports/c9/libreoffice-7.1.8.1-7.el9
rpms:imports/c8s/libreoffice-6.4.7.2-12.el8
rpms:imports/c8s/libreoffice-6.4.7.2-12.el8_7
rpms:changed/a8/libreoffice-6.4.7.2-11.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-11.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-7.el9.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-11.el8.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-7.el9
rpms:imports/c8-beta/libreoffice-6.4.7.2-11.el8
rpms:changed/a9/libreoffice-7.1.8.1-6.el9.alma
rpms:imports/c9/libreoffice-7.1.8.1-6.el9
rpms:changed/a8/libreoffice-6.4.7.2-10.el8.alma
rpms:imports/c8/libreoffice-6.4.7.2-10.el8
rpms:changed/a9-beta/libreoffice-7.1.8.1-6.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-6.el9
rpms:changed/a9-beta/libreoffice-7.1.8.1-5.el9.alma
rpms:changed/a8-beta/libreoffice-6.4.7.2-10.el8.alma
rpms:imports/c8-beta/libreoffice-6.4.7.2-10.el8
rpms:imports/c8s/libreoffice-6.4.7.2-11.el8
rpms:imports/c9-beta/libreoffice-7.1.8.1-5.el9
rpms:imports/c8s/libreoffice-6.4.7.2-10.el8
rpms:imports/c9-beta/libreoffice-7.1.8.1-2.el9
rpms:changed/a9-beta/libreoffice-7.1.8.1-1.el9.alma
rpms:imports/c9-beta/libreoffice-7.1.8.1-1.el9
rpms:imports/c8s/libreoffice-6.4.7.2-8.el8
rpms:imports/c9-beta/libreoffice-7.1.7.2-3.el9
rpms:imports/c9-beta/libreoffice-7.1.5.2-4.el9
rpms:imports/c8s/libreoffice-6.4.7.2-7.el8
rpms:imports/c8s/libreoffice-6.4.7.2-6.el8
rpms:imports/c8-beta/libreoffice-6.4.7.2-5.el8
rpms:imports/c8-beta/libreoffice-6.3.6.2-2.el8
rpms:imports/c8-beta/libreoffice-6.0.6.1-20.el8
rpms:imports/c8-beta/libreoffice-6.0.6.1-16.el8
rpms:changed/a8/libreoffice-6.4.7.2-5.el8.alma
rpms:imports/c8s/libreoffice-6.4.7.2-5.el8
rpms:imports/c8s/libreoffice-6.4.7.2-4.el8
rpms:imports/c8s/libreoffice-6.4.7.2-3.el8
rpms:imports/c8s/libreoffice-6.3.6.2-3.el8
rpms:imports/c8s/libreoffice-6.3.6.2-2.el8
rpms:imports/c8/libreoffice-6.4.7.2-5.el8
rpms:imports/c8/libreoffice-6.3.6.2-3.el8
rpms:imports/c8/libreoffice-6.0.6.1-20.el8
rpms:imports/c8/libreoffice-6.0.6.1-19.el8
rpms:imports/c8/libreoffice-6.0.6.1-13.el8

No commits in common. "c8" and "a8-beta" have entirely different histories.
c8 ... a8-beta

10 changed files with 5 additions and 1056 deletions
Show Stats Expand all files Collapse all files

69
SOURCES/0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
View File

@ -1,69 +0,0 @@
From 6167f5815aefa78a70517c8e2acbdd7b9c9be27d Mon Sep 17 00:00:00 2001
Message-ID: <6167f5815aefa78a70517c8e2acbdd7b9c9be27d.1703003067.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 14:20:07 +0000
Subject: [PATCH] escape url passed to gstreamer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159583
erAck: backported to 7.1.8.1
---
avmedia/source/gstreamer/gstframegrabber.cxx | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-escape-url-passed-to-gstreamer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-escape-url-passed-to-gstreamer.patch"
diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
index ece799d87530..25170a296e66 100644
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
@@ -51,11 +51,9 @@ void FrameGrabber::disposePipeline()
FrameGrabber::FrameGrabber( const OUString &rURL ) :
FrameGrabber_BASE()
{
- gchar *pPipelineStr;
- pPipelineStr = g_strdup_printf(
- "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
- "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
- OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
+ const char pPipelineStr[] =
+ "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
+ "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
GError *pError = nullptr;
mpPipeline = gst_parse_launch( pPipelineStr, &pError );
@@ -66,6 +64,12 @@ FrameGrabber::FrameGrabber( const OUString &rURL ) :
}
if( mpPipeline ) {
+
+ if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
+ g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
+ else
+ g_warning("Missing 'source' element in gstreamer pipeline");
+
// pre-roll
switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
case GST_STATE_CHANGE_FAILURE:
--------------erAck-patch-parts--

93
SOURCES/0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
View File

@ -1,93 +0,0 @@
From 37d73a1ab94b43e03866d5a910cb58331543b8c3 Mon Sep 17 00:00:00 2001
Message-ID: <37d73a1ab94b43e03866d5a910cb58331543b8c3.1703086247.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:14:26 +0000
Subject: [PATCH] add some protocols that don't make sense as floating frame
targets
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159582
erAck: backported to 7.1.8.1
---
include/tools/urlobj.hxx | 5 +++++
sfx2/source/doc/iframe.cxx | 5 ++++-
tools/source/fsys/urlobj.cxx | 8 ++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
index 9d6820ddf241..dfd658722826 100644
--- a/include/tools/urlobj.hxx
+++ b/include/tools/urlobj.hxx
@@ -915,6 +915,11 @@ public:
void changeScheme(INetProtocol eTargetScheme);
+ // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
+ // vnd.sun.star.script, etc. All the types of URLs which shouldn't
+ // be accepted from an outside controlled source
+ bool IsExoticProtocol() const;
+
private:
// General Structure:
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 150218b436e9..b81ce82fd32e 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -168,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
xTrans->parseStrict( aTargetURL );
INetURLObject aURLObject(aTargetURL.Complete);
- if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ if (aURLObject.IsExoticProtocol())
+ {
+ //SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete);
return false;
+ }
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 764bb28ef623..2a9f7bc3d7dc 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4829,4 +4829,12 @@ OUString INetURLObject::CutExtension()
? aTheExtension : OUString();
}
+bool INetURLObject::IsExoticProtocol() const
+{
+ return m_eScheme == INetProtocol::Slot ||
+ m_eScheme == INetProtocol::Macro ||
+ m_eScheme == INetProtocol::Uno ||
+ isSchemeEqualTo(u"vnd.sun.star.script");
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
--------------erAck-patch-parts--

29
SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch
View File

@ -1,29 +0,0 @@
From 3c25a1e4885a91b1a2fbfd873633f055caa50745 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 27 Mar 2024 17:07:20 +0000
Subject: [PATCH] add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167421
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
index f9e10c1..fcc36f9 100644
--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
@@ -231,6 +231,9 @@
if( maData.mbValid )
maData.mbValid = !sEventName.isEmpty();
+
+ if (!maData.msMacroName.isEmpty())
+ rImp.NotifyMacroEventRead();
}
SvXMLImportContextRef SdXMLEventContext::CreateChildContext( sal_uInt16 nPrefix, const OUString& rLocalName, const Reference< XAttributeList>& xAttrList )

81
SOURCES/0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
View File

@ -1,81 +0,0 @@
From 4e997c62fd6edf6c3fe9e553cc92c77fd48f039c Mon Sep 17 00:00:00 2001
Message-ID: <4e997c62fd6edf6c3fe9e553cc92c77fd48f039c.1723718921.git.erack@redhat.com>
From: Sarper Akdemir <sarper.akdemir@allotropia.de>
Date: Tue, 11 Jun 2024 12:39:36 +0200
Subject: [PATCH] remove ability to trust not validated macro signatures in
high security
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171323
---
sfx2/source/doc/docmacromode.cxx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 8a617b1785c6..997a8f739395 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -229,14 +229,18 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
// the trusted macro check will also retrieve the signature state ( small optimization )
const SvtSecurityOptions aSecOption;
const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
- || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState == SignatureState::OK);
+
const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
- SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
if (!bAllowUIToAddAuthor)
--------------erAck-patch-parts--

87
SOURCES/0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
View File

@ -1,87 +0,0 @@
From 99b453dfac5ed44a02c6e1a51b871ee50709a405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Sat, 4 Nov 2023 19:57:51 +0000
Subject: [PATCH] warn about exotic protocols as well
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159881
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159911
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 6.4.7.2
---
sw/source/filter/html/htmlplug.cxx | 2 +-
sw/source/filter/xml/xmltexti.cxx | 2 +-
tools/source/fsys/urlobj.cxx | 3 ++-
xmloff/source/draw/ximpshap.cxx | 2 +-
4 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
index eb70704..112975f 100644
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1089,7 +1089,7 @@ void SwHTMLParser::InsertFloatingFrame()
OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 72a14b9..e015575 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -856,7 +856,7 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
OUString sHRef = URIHelper::SmartRel2Abs(
INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
GetXMLImport().NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL",
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index ab6e885..1ef2b7e 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4776,7 +4776,8 @@ bool INetURLObject::IsExoticProtocol() const
return m_eScheme == INetProtocol::Slot ||
m_eScheme == INetProtocol::Macro ||
m_eScheme == INetProtocol::Uno ||
- isSchemeEqualTo(u"vnd.sun.star.script");
+ isSchemeEqualTo(u"vnd.sun.star.script") ||
+ isSchemeEqualTo(u"service");
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index bd5f30a..b58da79 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -3269,7 +3269,7 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
if( !maHref.isEmpty() )
{
- if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(maHref).IsExoticProtocol())
GetImport().NotifyMacroEventRead();
xProps->setPropertyValue("FrameURL", Any(maHref) );
--
2.43.0

225
SOURCES/0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot.patch
View File

@ -1,225 +0,0 @@
From ae89e7b8ae1e781c1a9d8ca2c5d4aeca656932f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:26:25 +0000
Subject: [PATCH] default to ignoring libreoffice special-purpose protocols in
calc hyperlink
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159882
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159912
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 6.4.7.2
---
dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 +-
include/sfx2/docmacromode.hxx | 5 ++-
include/sfx2/objsh.hxx | 3 ++
sc/source/core/data/global.cxx | 33 ++++++++++++++++++-
sfx2/source/doc/docmacromode.cxx | 8 +++--
sfx2/source/doc/objmisc.cxx | 8 ++++-
sfx2/source/doc/objxtor.cxx | 1 +
sfx2/source/inc/objshimp.hxx | 3 +-
8 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 1f11f36..ce4dbae 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1140,7 +1140,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
{
Reference< XInteractionHandler > xInteraction;
xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
- return m_aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasMacros = m_aMacroMode.hasMacros();
+ return m_aMacroMode.checkMacrosOnLoading(xInteraction, bHasMacros);
}
void ODatabaseModelImpl::resetMacroExecutionMode()
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index a15bbbe..98b7d3a 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -260,6 +260,8 @@ namespace sfx2
*/
static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
+ bool hasMacros() const;
+
static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainter );
/** checks the macro execution mode while loading the document.
@@ -286,7 +288,8 @@ namespace sfx2
*/
bool
checkMacrosOnLoading(
- const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction
+ const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
+ bool bHasMacros
);
private:
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 2a56ebe..43df460 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -418,6 +418,9 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
+ // true if the document had macros (or similar) on load to trigger warning user
+ bool GetHadCheckedMacrosOnLoad() const;
+
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 050fd82..92d50c4 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -26,7 +26,9 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
+#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
+#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -789,7 +791,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
OUString aUrlName( rURL );
SfxViewFrame* pFrame = nullptr;
- const SfxObjectShell* pObjShell = nullptr;
+ SfxObjectShell* pObjShell = nullptr;
OUString aReferName;
if ( pScActiveViewShell )
{
@@ -823,6 +825,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
+ if (INetURLObject(aUrlName).IsExoticProtocol())
+ {
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ assert(pFrame && "if we have pObjShell we have pFrame");
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ if (!bAllow)
+ {
+ SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
+ return;
+ }
+ }
+
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 492bd0a..7f1fb2b 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -391,8 +391,12 @@ namespace sfx2
return bHasMacros;
}
+ bool DocumentMacroMode::hasMacros() const
+ {
+ return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
+ }
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction )
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasMacros )
{
bool bAllow = false;
if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -402,7 +406,7 @@ namespace sfx2
}
else
{
- if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+ if (bHasMacros)
{
bAllow = adjustMacroMode( rxInteraction );
}
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 6819404..fac75dd 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -953,9 +953,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
CheckEncryption_Impl( xInteraction );
// check macro security
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasMacros = pImpl->aMacroMode.hasMacros();
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasMacros );
+ pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
}
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
+{
+ return pImpl->m_bHadCheckedMacrosOnLoad;
+}
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
index 510c35d..a707bb7 100644
--- a/sfx2/source/doc/objxtor.cxx
+++ b/sfx2/source/doc/objxtor.cxx
@@ -237,6 +237,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
,m_bAllowShareControlFileClean( true )
,m_bConfigOptionsChecked( false )
,m_bMacroCallsSeenWhileLoading( false )
+ ,m_bHadCheckedMacrosOnLoad( false )
,lErr(ERRCODE_NONE)
,nEventId ( SfxEventHintId::NONE )
,nLoadedFlags ( SfxLoadedFlags::ALL )
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
index 3d7b0b6..4afdd70 100644
--- a/sfx2/source/inc/objshimp.hxx
+++ b/sfx2/source/inc/objshimp.hxx
@@ -91,7 +91,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
- m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
+ m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
+ m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
IndexBitSet aBitSet;
ErrCode lErr;
--
2.43.0

281
SOURCES/0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
View File

@ -1,281 +0,0 @@
From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 15 Nov 2023 11:39:24 +0000
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
reorg calc hyperlink check to reuse elsewhere
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
reuse AllowedLinkProtocolFromDocument in writer
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
combine these hyperlink dispatchers into one call
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
we can have just one LoadURL for writer
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Eike Rathke <erack@redhat.com>
---
include/sfx2/objsh.hxx | 7 +++--
sc/source/core/data/global.cxx | 32 ++---------------------
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
5 files changed, 60 insertions(+), 52 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index fde0dba3d7c9..79f22c978dcb 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -200,6 +200,9 @@ private:
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
+ // true if the document had macros (or similar) on load to trigger warning user
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
+
protected:
SfxObjectShell(SfxObjectCreateMode);
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
@@ -427,8 +430,8 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
- // true if the document had macros (or similar) on load to trigger warning user
- bool GetHadCheckedMacrosOnLoad() const;
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 92caea1ea459..27c5a51a46c1 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -29,9 +29,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
-#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
-#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (INetURLObject(aUrlName).IsExoticProtocol())
- {
- // Default to ignoring exotic protocols
- bool bAllow = false;
- if (pObjShell)
- {
- // If the document had macros when loaded then follow the allowed macro-mode
- if (pObjShell->GetHadCheckedMacrosOnLoad())
- bAllow = pObjShell->AdjustMacroMode();
- else // otherwise ask the user, defaulting to cancel
- {
- assert(pFrame && "if we have pObjShell we have pFrame");
- //Reuse URITools::onOpenURI warning string
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
- VclMessageType::Warning, VclButtonsType::YesNo,
- SfxResId(STR_DANGEROUS_TO_OPEN)));
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
- xQueryBox->set_default_response(RET_NO);
- bAllow = xQueryBox->run() == RET_YES;
- }
- }
- if (!bAllow)
- {
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
- return;
- }
- }
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index ddf95eeafe5e..8c76c3f0f4d6 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
return pImpl->m_bHadCheckedMacrosOnLoad;
}
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
+{
+ if (!INetURLObject(rUrl).IsExoticProtocol())
+ return true;
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
+ return bAllow;
+}
+
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
OUString aVersion;
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
index c84ee7bd9af4..c51f501841ad 100644
--- a/sw/source/uibase/shells/drwtxtex.cxx
+++ b/sw/source/uibase/shells/drwtxtex.cxx
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
{
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
- SfxBoolItem aBrowsing(SID_BROWSE, true);
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
+ pURLField->GetTargetFrame());
}
}
break;
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 1995e7133c4a..d781823e82ec 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
return bRet;
}
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
- const OUString& rTargetFrameName )
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName)
{
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
- if( rURL.isEmpty() )
- return ;
+ SwDocShell* pDShell = rView.GetDocShell();
+ OSL_ENSURE( pDShell, "No DocShell?!");
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
- // The shell could be 0 also!!!!!
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
// unless we are jumping to a TOC mark.
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
{
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
return;
}
- //A CursorShell is always a WrtShell
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
-
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
- OSL_ENSURE( pDShell, "No DocShell?!");
OUString sTargetFrame(rTargetFrameName);
if (sTargetFrame.isEmpty() && pDShell)
{
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
OUString sReferer;
if( pDShell && pDShell->GetMedium() )
sReferer = pDShell->GetMedium()->GetName();
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
SfxStringItem aName( SID_FILE_NAME, rURL );
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
}
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName )
+{
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
+ if( rURL.isEmpty() )
+ return ;
+
+ // The shell could be 0 also!!!!!
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ return;
+
+ //A CursorShell is always a WrtShell
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
+
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
+}
+
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
const sal_uInt16 nAction )
{
--------------erAck-patch-parts--

87
SOURCES/0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
View File

@ -1,87 +0,0 @@
From 62ba88176c10469588e4bbb73cbf33889df08dbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 22 Nov 2023 21:14:41 +0000
Subject: [PATCH] reuse AllowedLinkProtocolFromDocument in impress/draw
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159914
Reviewed-by: Eike Rathke <erack@redhat.com>
erAck: backported to 6.4.7.2
---
sd/source/ui/app/sdmod1.cxx | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index 3d84ddb..8d42653 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -32,6 +32,7 @@
#include <sfx2/dispatch.hxx>
#include <sfx2/request.hxx>
#include <sfx2/templatedlg.hxx>
+#include <svl/stritem.hxx>
#include <editeng/eeitem.hxx>
#include <svx/svxids.hrc>
@@ -193,26 +194,32 @@ void SdModule::Execute(SfxRequest& rReq)
{
bool bIntercept = false;
::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
- if (pDocShell)
+ ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
+ if (pViewShell)
{
- ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
- if (pViewShell)
+ if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
{
- if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
+ // Prevent documents from opening while the slide
+ // show is running, except when this request comes
+ // from a shape interaction.
+ if (rReq.GetArgs() == nullptr)
{
- // Prevent documents from opening while the slide
- // show is running, except when this request comes
- // from a shape interaction.
- if (rReq.GetArgs() == nullptr)
- {
- bIntercept = true;
- }
+ bIntercept = true;
}
}
}
if (!bIntercept)
{
+ if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
+ {
+ if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
+ pViewShell->GetObjectShell(),
+ pViewShell->GetFrameWeld()))
+ {
+ return;
+ }
+ }
SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
}
else
--
2.43.0

65
SOURCES/0006-CVE-2023-6186-backporting.patch
View File

@ -1,65 +0,0 @@
From a255a9c69d35df27e92349ea5bb9cb8d6c46d97f Mon Sep 17 00:00:00 2001
From: rpmbuild <rpmbuild@fedoraproject.org>
Date: Fri, 8 Mar 2024 17:51:24 +0100
Subject: [PATCH] CVE-2023-6186 backporting
Add dialog text string STR_DANGEROUS_TO_OPEN
as per upstream commit 70009098fd70df021048c540d1796c928554b494
SfxViewFrame doesn't have GetFrameWeld() yet, get from Window.
---
include/sfx2/strings.hrc | 1 +
sc/source/core/data/global.cxx | 4 +++-
sw/source/uibase/wrtsh/wrtsh2.cxx | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 1db36e7..29950ba 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -103,6 +103,7 @@
#define STR_GB NC_("STR_GB", "GB")
#define STR_QUERY_LASTVERSION NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
#define STR_NO_WEBBROWSER_FOUND NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
+#define STR_DANGEROUS_TO_OPEN NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
#define STR_NO_ABS_URI_REF NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" is not an absolute URL that can be passed to an external application to open it.")
#define STR_GID_INTERN NC_("STR_GID_INTERN", "Internal")
#define STR_GID_APPLICATION NC_("STR_GID_APPLICATION", "Application")
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index b16be6b..3295a38 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -37,6 +37,8 @@
#include <vcl/virdev.hxx>
#include <vcl/settings.hxx>
#include <vcl/svapp.hxx>
+#include <vcl/weld.hxx>
+#include <vcl/window.hxx>
#include <unotools/charclass.hxx>
#include <unotools/securityoptions.hxx>
#include <osl/diagnose.h>
@@ -823,7 +825,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetWindow().GetFrameWeld() : nullptr))
return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 41f427a..543644d 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -495,7 +495,7 @@ static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
OSL_ENSURE( pDShell, "No DocShell?!");
SfxViewFrame* pViewFrame = rView.GetViewFrame();
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetWindow().GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
--
2.43.0

44
SPECS/libreoffice.spec
View File

@ -1,6 +1,7 @@
# This package depends on automagic byte compilation
# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
%global _python_bytecompile_extra 1
%global dist %{?dist}.alma
# download path contains version without the last (fourth) digit
%global libo_version 6.4.7
@ -12,7 +13,7 @@
%global libo_buildfix %{nil}
# rhbz#715152 state vendor
%if 0%{?rhel}
%global vendoroption --with-vendor="Red Hat, Inc."
%global vendoroption --with-vendor="AlmaLinux"
%endif
%if 0%{?fedora}
%global vendoroption --with-vendor="The Fedora Project"
@ -54,7 +55,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
Release: 18%{?libo_prerelease}%{?dist}
Release: 15%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/
@ -293,15 +294,6 @@ Patch49: 0001-set-Referer-on-loading-IFrames.patch
Patch50: 0002-put-floating-frames-under-managed-links-control.patch
Patch51: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
Patch52: 0001-disable-script-dump.patch
Patch53: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Patch54: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
Patch55: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
Patch56: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot.patch
Patch57: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Patch59: 0006-CVE-2023-6186-backporting.patch
Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
%if 0%{?rhel}
# not upstreamed
@ -1020,17 +1012,6 @@ git config gc.auto 0 # disable auto packing
git add -A
git commit -q -a -m %{name}-%{version}
#Customize Palette to add Red Hat colours
(head -n -1 extras/source/palettes/standard.soc && \
echo -e ' <draw:color draw:name="Red Hat 1" draw:color="#cc0000"/>
<draw:color draw:name="Red Hat 2" draw:color="#0093d9"/>
<draw:color draw:name="Red Hat 3" draw:color="#ff8d00"/>
<draw:color draw:name="Red Hat 4" draw:color="#abb400"/>
<draw:color draw:name="Red Hat 5" draw:color="#4e376b"/>' && \
tail -n 1 extras/source/palettes/standard.soc) > redhat.soc
mv -f redhat.soc extras/source/palettes/standard.soc
git commit -q -a -m 'add Red Hat colors to palette'
# apply patches
git am %{patches}
@ -1060,11 +1041,7 @@ sed -i -e /CppunitTest_sal_osl/d sal/Module_sal.mk
sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
sed -i -e /CppunitTest_sw_htmlexport/d sw/Module_sw.mk
%endif
# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
git commit -q -a -m 'temporarily disable failing tests'
@ -2308,16 +2285,8 @@ done
%{_includedir}/LibreOfficeKit
%changelog
* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
high security
* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-17
- Fix CVE-2024-3044 add notify for script use
* Mon Mar 11 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-16
- Fix CVE-2023-6185 escape url passed to gstreamer
- Fix CVE-2023-6186 check link target protocols
* Wed Sep 27 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1:6.4.7.2-15.alma
- AlmaLinux changes
* Mon Jun 19 2023 Stephan Bergmann <sbergman@redhat.com> - 1:6.4.7.2-15
- Resolves: rhbz#2210191 CVE-2023-0950 Array Index UnderFlow in Calc Formula
@ -2325,13 +2294,11 @@ done
- Resolves: rhbz#2210195 CVE-2023-2255 libreoffice: Remote documents loaded
without prompt via IFrame
- Resolves: rhbz#2208509 CVE-2023-1183 libreoffice: Arbitrary File Write
* Wed Apr 12 2023 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-14
- Resolves: rhbz#2182390 CVE-2022-38745 Empty entry in Java class path
* Mon Nov 21 2022 Stephan Bergmann <sbergman@redhat.com> - 1:6.4.7.2-13
- Resolves: rhbz#2031681 Failure saving to smb share
* Fri Oct 14 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-12
- Resolves: rhbz#2118928 CVE-2022-26305 Untrusted Macros
- Resolves: rhbz#2118924 CVE-2022-26307 Weak Master Keys
@ -2340,7 +2307,6 @@ done
* Mon Mar 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-11
- Resolves: rhbz#2060559 CVE-2021-25636
* Mon Feb 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-10
- Related: rhbz#2029810 bump n-v-r