source

Jean-Sebastien BEVILACQUA (via logerrit) Thu, 03 Oct 2019 01:39:15 -0700

 README.md                                          |    5 +++-
 configure.ac                                       |    2 -
 scripting/source/protocolhandler/scripthandler.cxx |    9 ++++++--
 sfx2/source/doc/objmisc.cxx                        |   23 ++++++++++++---------
 4 files changed, 26 insertions(+), 13 deletions(-)


New commits:
commit 41ee200cf4757de946a4b979e90b833b328d1531
Author:     Jean-Sebastien BEVILACQUA <reali...@gmail.com>
AuthorDate: Tue Oct 1 14:59:17 2019 +0200
Commit:     Jean-Sebastien BEVILACQUA <reali...@gmail.com>
CommitDate: Wed Oct 2 14:25:22 2019 +0200

    bump product version to 6.1.6.3.M14
    
    Change-Id: I14853887a4b923e00e6b4c66f8e1c2c0598394b7

diff --git a/README.md b/README.md
index d164e4784078..6ae0487c6ac9 100644
--- a/README.md
+++ b/README.md
@@ -14,13 +14,16 @@ The most recent version reviewed by MIMO can be downloaded 
at <https://www.mim.o
 
 ## Release notes
 
+### `6.1.6.3.M14`
+
+* Fix [acim#1422](https://acim.08000linux.com/issues/1422): Fixing 
CVE-2019-9853
+
 ### `6.1.6.3.M13`
 
 * Fix [acim#1418](https://acim.08000linux.com/issues/1418): Nouvelles failles 
dans libreoffice by fixing two CVE:
        - CVE-2019-9855
        - CVE-2019-9854
 
-
 ### `6.1.6.3.M12`
 
 * Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande 
d'intégration du patch de sécurité pour LibreOffice by fixing two CVE:
diff --git a/configure.ac b/configure.ac
index 7189dd37b5c6..0a37b9cb6bbe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for 
the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no 
idea.
 
-AC_INIT([LibreOffice],[6.1.6.3.M13],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.1.6.3.M14],[],[],[http://documentfoundation.org/])
 
 AC_PREREQ([2.59])
 
commit 557541fc93868ee9e890d407c1dd780326314061
Author:     Jean-Sebastien BEVILACQUA <reali...@gmail.com>
AuthorDate: Wed Oct 2 14:24:33 2019 +0200
Commit:     Jean-Sebastien BEVILACQUA <reali...@gmail.com>
CommitDate: Wed Oct 2 14:24:33 2019 +0200

    Fix missing header
    
    Change-Id: I031e8b702bda803282f90cdc7760cb30ebe0b65d

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 4c192aea9e0f..3d71f8fafc3d 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -41,6 +41,8 @@
 #include <com/sun/star/script/provider/XScriptProvider.hpp>
 #include <com/sun/star/script/provider/XScriptProviderSupplier.hpp>
 #include <com/sun/star/ucb/SimpleFileAccess.hpp>
+#include <com/sun/star/uri/UriReferenceFactory.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
 #include <com/sun/star/util/XModifiable.hpp>
 
 #include <toolkit/helper/vclunohelper.hxx>
commit 13a17f43cdc046d6c658ba56b7205641296f4a92
Author:     Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Tue Aug 6 13:29:22 2019 +0200
Commit:     Jean-Sebastien BEVILACQUA <reali...@gmail.com>
CommitDate: Tue Oct 1 14:57:07 2019 +0200

    Properly obtain location
    
    Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
    Reviewed-on: https://gerrit.libreoffice.org/77019
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
    (cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
    Reviewed-on: https://gerrit.libreoffice.org/77023
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit 28c6af3ddc283ca9c5712359a9abcb385c1575b4)
    Reviewed-on: https://gerrit.libreoffice.org/77091
    Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
    Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>

diff --git a/scripting/source/protocolhandler/scripthandler.cxx 
b/scripting/source/protocolhandler/scripthandler.cxx
index d238bdbd300d..e7cd12a21f0e 100644
--- a/scripting/source/protocolhandler/scripthandler.cxx
+++ b/scripting/source/protocolhandler/scripthandler.cxx
@@ -47,6 +47,7 @@
 
 #include <com/sun/star/uno/XComponentContext.hpp>
 #include <com/sun/star/uri/XUriReference.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
 #include <com/sun/star/uri/UriReferenceFactory.hpp>
 
 #include <memory>
@@ -133,8 +134,12 @@ void SAL_CALL 
ScriptProtocolHandler::dispatchWithNotification(
     {
         try
         {
-            bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) 
!=-1 );
-                // TODO: isn't this somewhat strange? This should be a test 
for a location=document parameter, shouldn't it?
+            css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+                css::uri::UriReferenceFactory::create(m_xContext));
+            css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+                urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW);
+            auto const loc = uri->getParameter("location");
+            bool bIsDocumentScript = loc == "document";
 
             if ( bIsDocumentScript )
             {
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 8594e9522e48..4c192aea9e0f 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1362,19 +1362,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< 
XInterface >& _rxScriptCon
     SAL_INFO("sfx", "in CallXScript" );
     ErrCode nErr = ERRCODE_NONE;
 
-    bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 
);
-        // TODO: we should parse the URL, and check whether there is a 
parameter with this name.
-        // Otherwise, we might find too much.
-    if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( 
_rxScriptContext ) )
-        return ERRCODE_IO_ACCESSDENIED;
-
-    if ( UnTrustedScript(_rScriptURL) )
-        return ERRCODE_IO_ACCESSDENIED;
-
     bool bCaughtException = false;
     Any aException;
     try
     {
+        css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+            
css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext()));
+        css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+            urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW);
+        auto const loc = uri->getParameter("location");
+        bool bIsDocumentScript = loc == "document";
+        if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( 
_rxScriptContext ) )
+            return ERRCODE_IO_ACCESSDENIED;
+
+        if ( UnTrustedScript(_rScriptURL) )
+            return ERRCODE_IO_ACCESSDENIED;
+
         // obtain/create a script provider
         Reference< provider::XScriptProvider > xScriptProvider;
         Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, 
UNO_QUERY );
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-6-1' - 3 commits - configure.ac README.md scripting/source sfx2/source

Reply via email to