diff --git a/0001-set-Referer-on-link-mediadescriptor.patch b/0001-set-Referer-on-link-mediadescriptor.patch new file mode 100644 index 0000000..8c394c7 --- /dev/null +++ b/0001-set-Referer-on-link-mediadescriptor.patch @@ -0,0 +1,48 @@ +From cd25a97bbadc0a5c1fd6b0e8603c8b6ebd051926 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 1 May 2018 12:57:02 +0100 +Subject: [PATCH] set Referer on link mediadescriptor + +to allow determining if the source document is from a trusted/untrusted +location + +Change-Id: I780568652d2ef0cc8543c27ba26289277b5d9d0c +Reviewed-on: https://gerrit.libreoffice.org/53693 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +--- + sw/source/filter/xml/xmltexti.cxx | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx +index 78cab08507f0..33548de42f6c 100644 +--- a/sw/source/filter/xml/xmltexti.cxx ++++ b/sw/source/filter/xml/xmltexti.cxx +@@ -570,16 +570,21 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertOOoLink( + uno::Sequence< beans::PropertyValue > aMediaDescriptor( 1 ); + aMediaDescriptor[0].Name = "URL"; + aMediaDescriptor[0].Value <<= aURLObj.GetMainURL( INetURLObject::DecodeMechanism::NONE ); +- if ( pDoc->GetDocShell() && pDoc->GetDocShell()->GetMedium() ) ++ ++ if (SfxMedium* pMedium = pDoc->GetDocShell() ? pDoc->GetDocShell()->GetMedium() : nullptr) + { +- uno::Reference< task::XInteractionHandler > xInteraction = +- pDoc->GetDocShell()->GetMedium()->GetInteractionHandler(); ++ uno::Reference< task::XInteractionHandler > xInteraction = pMedium->GetInteractionHandler(); + if ( xInteraction.is() ) + { + aMediaDescriptor.realloc( 2 ); + aMediaDescriptor[1].Name = "InteractionHandler"; + aMediaDescriptor[1].Value <<= xInteraction; + } ++ ++ const auto nLen = aMediaDescriptor.getLength() + 1; ++ aMediaDescriptor.realloc(nLen); ++ aMediaDescriptor[nLen - 1].Name = "Referer"; ++ aMediaDescriptor[nLen - 1].Value <<= pMedium->GetName(); + } + + uno::Reference < embed::XEmbeddedObject > xObj( +-- +2.14.3 + diff --git a/libreoffice.spec b/libreoffice.spec index 90004b4..0ac02a2 100644 --- a/libreoffice.spec +++ b/libreoffice.spec @@ -62,7 +62,7 @@ Summary: Free Software Productivity Suite Name: libreoffice Epoch: 1 Version: %{libo_version}.2 -Release: 7%{?libo_prerelease}%{?dist} +Release: 8%{?libo_prerelease}%{?dist} License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 URL: http://www.libreoffice.org/ @@ -275,6 +275,7 @@ Patch7: 0001-Related-rhbz-1396729-use-cairo_surface_create_simila.patch Patch8: 0001-tdf-95843-Wait-for-fire_glxtest_process-also-in-head.patch Patch9: 0001-Related-tdf-116951-rhbz-1569331-end-should-be-in-ter.patch Patch10: 0001-Resolves-tdf-116951-rhbz-1569331-start-is-G_MAXINT.patch +Patch11: 0001-set-Referer-on-link-mediadescriptor.patch %if 0%{?rhel} # not upstreamed @@ -2323,6 +2324,10 @@ done %{_includedir}/LibreOfficeKit %changelog +* Fri May 4 2018 Caolán McNamara - 1:6.0.3.2-8 +- rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources + to be blocked + * Thu May 3 2018 Caolán McNamara - 1:6.0.3.2-7 - rhbz#1573845 won't start without at least Langpack-en-US.xcd