configure.ac | 2 include/unotools/securityoptions.hxx | 2 sc/source/filter/xml/xmlimprt.cxx | 10 +++ sc/source/ui/docshell/docsh4.cxx | 18 +++++- sw/source/core/doc/docnew.cxx | 10 +++ sw/source/filter/ww8/ww8scan.cxx | 22 ++++---- sw/source/filter/ww8/ww8scan.hxx | 4 - sw/source/filter/xml/xmlimp.cxx | 78 ++++++++++++++--------------- unotools/source/config/securityoptions.cxx | 8 ++ vcl/source/gdi/jobset.cxx | 27 +++++----- 10 files changed, 115 insertions(+), 66 deletions(-)
New commits: commit a71ec87df4d17a20654dcacb0268ee93f212fa27 Author: Andras Timar <andras.ti...@collabora.com> Date: Tue Sep 29 04:06:27 2015 -0700 Bump version to 4.2-30 Change-Id: I0b6947aa5563b580bcd5acd3d45af646e276b7b0 diff --git a/configure.ac b/configure.ac index fac5eb4..f819417 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([LibreOffice],[4.2.10.29],[],[],[https://libreoffice-from-collabora.com/]) +AC_INIT([LibreOffice],[4.2.10.30],[],[],[https://libreoffice-from-collabora.com/]) AC_PREREQ([2.59]) commit 259b7be4313dc7a8eb4047a99918e95a1719cbe6 Author: Caolán McNamara <caol...@redhat.com> Date: Mon Jan 26 11:26:41 2015 +0000 coverity#1266485 Untrusted value as argument (cherry picked from commit 0934ed1a40c59c169354b177d7dab4228de66171) min legal size here is > 4 (cherry picked from commit 3131205c05a3fde4ef1e3322cc48ca23c443f6d3) (cherry picked from commit 964000d415bcf491704dad57aee7e0656ea60dab) (cherry picked from commit d4f07cdd244a6aa69de1fde0df4163b27a65556c) Conflicts: vcl/source/gdi/jobset.cxx 9f68d000b32623db4d949d13284043630f5689f4 Change-Id: I7708ecaf5412535055584ed6c71beaa9cd71c10c diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx index a2ca658..16718f0 100644 --- a/vcl/source/gdi/jobset.cxx +++ b/vcl/source/gdi/jobset.cxx @@ -235,19 +235,24 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup ) DBG_ASSERTWARNING( rIStream.GetVersion(), "JobSetup::>> - Solar-Version not set on rOStream" ); { - sal_Size nFirstPos = rIStream.Tell(); - sal_uInt16 nLen = 0; rIStream >> nLen; - if ( !nLen ) + if (nLen <= 4) return rIStream; sal_uInt16 nSystem = 0; rIStream >> nSystem; - - char* pTempBuf = new char[nLen]; - rIStream.Read( pTempBuf, nLen - sizeof( nLen ) - sizeof( nSystem ) ); - if ( nLen >= sizeof(ImplOldJobSetupData)+4 ) + const size_t nRead = nLen - sizeof(nLen) - sizeof(nSystem); + if (nRead > rIStream.remainingSize()) + { + SAL_WARN("vcl", "Parsing error: " << rIStream.remainingSize() << + " max possible entries, but " << nRead << " claimed, truncating"); + return rIStream; + } + sal_Size nFirstPos = rIStream.Tell(); + char* pTempBuf = new char[nRead]; + rIStream.Read(pTempBuf, nRead); + if (nRead >= sizeof(ImplOldJobSetupData)) { ImplOldJobSetupData* pData = (ImplOldJobSetupData*)pTempBuf; if ( rJobSetup.mpData ) @@ -289,8 +294,8 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup ) } if( nSystem == JOBSET_FILE605_SYSTEM ) { - rIStream.Seek( nFirstPos + sizeof( ImplOldJobSetupData ) + 4 + sizeof( Impl364JobSetupData ) + pJobData->mnDriverDataLen ); - while( rIStream.Tell() < nFirstPos + nLen ) + rIStream.Seek( nFirstPos + sizeof( ImplOldJobSetupData ) + sizeof( Impl364JobSetupData ) + pJobData->mnDriverDataLen ); + while( rIStream.Tell() < nFirstPos + nRead ) { OUString aKey = read_lenPrefixed_uInt8s_ToOUString<sal_uInt16>(rIStream, RTL_TEXTENCODING_UTF8); OUString aValue = read_lenPrefixed_uInt8s_ToOUString<sal_uInt16>(rIStream, RTL_TEXTENCODING_UTF8); @@ -308,9 +313,9 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup ) else pJobData->maValueMap[ aKey ] = aValue; } - DBG_ASSERT( rIStream.Tell() == nFirstPos+nLen, "corrupted job setup" ); + DBG_ASSERT( rIStream.Tell() == nFirstPos+nRead, "corrupted job setup" ); // ensure correct stream position - rIStream.Seek( nFirstPos + nLen ); + rIStream.Seek(nFirstPos + nRead); } } } commit e7284e9f376fe6e2cca6b79acaf18c13e94e840f Author: Caolán McNamara <caol...@redhat.com> Date: Thu Aug 13 10:58:06 2015 +0100 convert pStatus to vector and use at to check offsets (cherry picked from commit ea70088895ed45dc60abf18319acc1b4fa3018dd) Change-Id: I5186f6a65bb9d5ed8a0d1ab1d71f7e2c13865411 Reviewed-on: https://gerrit.libreoffice.org/17695 Reviewed-by: David Tardon <dtar...@redhat.com> Tested-by: David Tardon <dtar...@redhat.com> (cherry picked from commit 92c3a5b80ac575e1c538894b7c1a4170093785b5) (cherry picked from commit 8b6a6a2417c1405263fea0089c3fae128f30bc5b) diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index a2d17c2..9566f8b 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -3914,7 +3914,7 @@ void WW8ReadSTTBF(bool bVer8, SvStream& rStrm, sal_uInt32 nStart, sal_Int32 nLen } WW8PLCFx_Book::WW8PLCFx_Book(SvStream* pTblSt, const WW8Fib& rFib) - : WW8PLCFx(rFib.GetFIBVersion(), false), pStatus(0), nIsEnd(0), nBookmarkId(1) + : WW8PLCFx(rFib.GetFIBVersion(), false), nIsEnd(0), nBookmarkId(1) { if( !rFib.fcPlcfbkf || !rFib.lcbPlcfbkf || !rFib.fcPlcfbkl || !rFib.lcbPlcfbkl || !rFib.fcSttbfbkmk || !rFib.lcbSttbfbkmk ) @@ -3939,14 +3939,12 @@ WW8PLCFx_Book::WW8PLCFx_Book(SvStream* pTblSt, const WW8Fib& rFib) nIMax = pBook[0]->GetIMax(); if( pBook[1]->GetIMax() < nIMax ) nIMax = pBook[1]->GetIMax(); - pStatus = new eBookStatus[ nIMax ]; - memset( pStatus, 0, nIMax * sizeof( eBookStatus ) ); + aStatus.resize(nIMax); } } WW8PLCFx_Book::~WW8PLCFx_Book() { - delete[] pStatus; delete pBook[1]; delete pBook[0]; } @@ -4064,18 +4062,20 @@ long WW8PLCFx_Book::GetLen() const return nNum; } -void WW8PLCFx_Book::SetStatus(sal_uInt16 nIndex, eBookStatus eStat ) +void WW8PLCFx_Book::SetStatus(sal_uInt16 nIndex, eBookStatus eStat) { - OSL_ENSURE(nIndex < nIMax, "set status of non existing bookmark!"); - pStatus[nIndex] = (eBookStatus)( pStatus[nIndex] | eStat ); + SAL_WARN_IF(nIndex >= nIMax, "sw.ww8", + "bookmark index " << nIndex << " invalid"); + eBookStatus eStatus = aStatus.at(nIndex); + aStatus[nIndex] = static_cast<eBookStatus>(eStatus | eStat); } eBookStatus WW8PLCFx_Book::GetStatus() const { - if( !pStatus ) + if (aStatus.empty()) return BOOK_NORMAL; long nEndIdx = GetHandle(); - return ( nEndIdx < nIMax ) ? pStatus[nEndIdx] : BOOK_NORMAL; + return ( nEndIdx < nIMax ) ? aStatus[nEndIdx] : BOOK_NORMAL; } long WW8PLCFx_Book::GetHandle() const diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx index e20af3e..54dd9a5 100644 --- a/sw/source/filter/ww8/ww8scan.hxx +++ b/sw/source/filter/ww8/ww8scan.hxx @@ -717,8 +717,8 @@ class WW8PLCFx_Book : public WW8PLCFx { private: WW8PLCFspecial* pBook[2]; // Start and End Position - ::std::vector<OUString> aBookNames; // Name - eBookStatus* pStatus; + std::vector<OUString> aBookNames; // Name + std::vector<eBookStatus> aStatus; long nIMax; // Number of Booknotes sal_uInt16 nIsEnd; sal_Int32 nBookmarkId; // counter incremented by GetUniqueBookmarkName. commit e0a7ad35751ab4a664c203a389abcbcac17c0798 Author: Caolán McNamara <caol...@redhat.com> Date: Mon Jul 13 10:31:30 2015 +0100 ww8: make sure we don't wrap around Change-Id: I667bb264f92024b72f230c2ddbba3887471345f2 (cherry picked from commit 755b9320c81948358a1d4104c8875594b5700d39) (cherry picked from commit 1877e2a1d0092fea5cc0ea4676f6eca578521911) diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 372e7b1..a2d17c2 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -1519,7 +1519,11 @@ WW8PLCFpcd* WW8ScannerBase::OpenPieceTable( SvStream* pStr, const WW8Fib* pWwF ) if( 2 == clxt ) // PLCFfpcd ? break; // PLCFfpcd gefunden if( 1 == clxt ) // clxtGrpprl ? + { + if (nGrpprl == SHRT_MAX) + return NULL; nGrpprl++; + } sal_uInt16 nLen(0); *pStr >> nLen; nLeft -= 2 + nLen; commit 6607e323a1d60807abb64243d126e99bc15c383f Author: Stephan Bergmann <sberg...@redhat.com> Date: Tue Jun 23 08:26:36 2015 +0200 LinkUpdateMode is a global setting (cherry picked from commit 77cc71476bae2b3655102e2c29d36af40a393201) Conflicts: sw/source/core/doc/DocumentLinksAdministrationManager.cxx sw/source/filter/xml/xmlimp.cxx Reviewed-on: https://gerrit.libreoffice.org/16422 Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk> Tested-by: Miklos Vajna <vmik...@collabora.co.uk> (cherry picked from commit c1c3c282be11bb383bd3d5401bf9397f18add48a) Conflicts: include/unotools/securityoptions.hxx sw/source/filter/xml/xmlimp.cxx Change-Id: Ida1257337c6e0916f2228fe053d9c9f085183af6 diff --git a/include/unotools/securityoptions.hxx b/include/unotools/securityoptions.hxx index dd150f1..f995afa 100644 --- a/include/unotools/securityoptions.hxx +++ b/include/unotools/securityoptions.hxx @@ -200,6 +200,8 @@ class UNOTOOLS_DLLPUBLIC SAL_WARN_UNUSED SvtSecurityOptions : public utl::detail */ bool isTrustedLocationUri(OUString const & uri) const; + bool isTrustedLocationUriForUpdatingLinks(OUString const & uri) const; + ::com::sun::star::uno::Sequence< Certificate > GetTrustedAuthors ( ) const ; void SetTrustedAuthors ( const ::com::sun::star::uno::Sequence< Certificate >& rAuthors ) ; diff --git a/sc/source/filter/xml/xmlimprt.cxx b/sc/source/filter/xml/xmlimprt.cxx index 8d095ee..9b4ca50 100644 --- a/sc/source/filter/xml/xmlimprt.cxx +++ b/sc/source/filter/xml/xmlimprt.cxx @@ -2639,6 +2639,9 @@ void ScXMLImport::SetConfigurationSettings(const uno::Sequence<beans::PropertyVa OUString sCTName("TrackedChangesProtectionKey"); OUString sVBName("VBACompatibilityMode"); OUString sSCName("ScriptConfiguration"); + css::uno::Sequence<css::beans::PropertyValue> aFilteredProps( + aConfigProps.getLength()); + sal_Int32 nFilteredPropsLen = 0; for (sal_Int32 i = nCount - 1; i >= 0; --i) { if (aConfigProps[i].Name == sCTName) @@ -2673,11 +2676,16 @@ void ScXMLImport::SetConfigurationSettings(const uno::Sequence<beans::PropertyVa xImportInfo->setPropertyValue( aConfigProps[i].Name, aConfigProps[i].Value ); } } + if (aConfigProps[i].Name != "LinkUpdateMode") + { + aFilteredProps[nFilteredPropsLen++] = aConfigProps[i]; + } } + aFilteredProps.realloc(nFilteredPropsLen); uno::Reference <uno::XInterface> xInterface = xMultiServiceFactory->createInstance("com.sun.star.comp.SpreadsheetSettings"); uno::Reference <beans::XPropertySet> xProperties(xInterface, uno::UNO_QUERY); if (xProperties.is()) - SvXMLUnitConverter::convertPropertySet(xProperties, aConfigProps); + SvXMLUnitConverter::convertPropertySet(xProperties, aFilteredProps); } } } diff --git a/sc/source/ui/docshell/docsh4.cxx b/sc/source/ui/docshell/docsh4.cxx index 375b59d..806549a 100644 --- a/sc/source/ui/docshell/docsh4.cxx +++ b/sc/source/ui/docshell/docsh4.cxx @@ -48,6 +48,7 @@ using namespace ::com::sun::star; #include <svl/PasswordHelper.hxx> #include <svl/documentlockfile.hxx> #include <svl/sharecontrolfile.hxx> +#include <unotools/securityoptions.hxx> #include <comphelper/processfactory.hxx> #include "docuno.hxx" @@ -426,12 +427,23 @@ void ScDocShell::Execute( SfxRequest& rReq ) if (nCanUpdate == com::sun::star::document::UpdateDocMode::NO_UPDATE) nSet = LM_NEVER; - else if (nCanUpdate == com::sun::star::document::UpdateDocMode::QUIET_UPDATE && - nSet == LM_ON_DEMAND) - nSet = LM_NEVER; else if (nCanUpdate == com::sun::star::document::UpdateDocMode::FULL_UPDATE) nSet = LM_ALWAYS; + if (nSet == LM_ALWAYS + && !(SvtSecurityOptions() + .isTrustedLocationUriForUpdatingLinks( + GetMedium() == nullptr + ? OUString() : GetMedium()->GetName()))) + { + nSet = LM_ON_DEMAND; + } + if (nCanUpdate == css::document::UpdateDocMode::QUIET_UPDATE + && nSet == LM_ON_DEMAND) + { + nSet = LM_NEVER; + } + if(nSet==LM_ON_DEMAND) { QueryBox aBox( GetActiveDialogParent(), WinBits(WB_YES_NO | WB_DEF_YES), diff --git a/sw/source/core/doc/docnew.cxx b/sw/source/core/doc/docnew.cxx index a97e616..e2f6d77 100644 --- a/sw/source/core/doc/docnew.cxx +++ b/sw/source/core/doc/docnew.cxx @@ -42,6 +42,7 @@ #include <svl/zforlist.hxx> #include <unotools/compatibility.hxx> #include <unotools/lingucfg.hxx> +#include <unotools/securityoptions.hxx> #include <svx/svdpage.hxx> #include <paratr.hxx> #include <fchrfmt.hxx> @@ -980,6 +981,15 @@ void SwDoc::UpdateLinks( bool bUI ) case document::UpdateDocMode::QUIET_UPDATE:bAskUpdate = false; break; case document::UpdateDocMode::FULL_UPDATE: bAskUpdate = true; break; } + if (nLinkMode == AUTOMATIC && !bAskUpdate) + { + SfxMedium * medium = GetDocShell()->GetMedium(); + if (!SvtSecurityOptions().isTrustedLocationUriForUpdatingLinks( + medium == nullptr ? OUString() : medium->GetName())) + { + bAskUpdate = true; + } + } if( bUpdate && (bUI || !bAskUpdate) ) { SfxMedium* pMedium = GetDocShell()->GetMedium(); diff --git a/sw/source/filter/xml/xmlimp.cxx b/sw/source/filter/xml/xmlimp.cxx index c49a463..af7f5fa 100644 --- a/sw/source/filter/xml/xmlimp.cxx +++ b/sw/source/filter/xml/xmlimp.cxx @@ -1095,45 +1095,45 @@ void SwXMLImport::SetConfigurationSettings(const Sequence < PropertyValue > & aC if( !xInfo.is() ) return; - boost::unordered_set< OUString, OUStringHash > aSet; - aSet.insert(OUString("ForbiddenCharacters")); - aSet.insert(OUString("IsKernAsianPunctuation")); - aSet.insert(OUString("CharacterCompressionType")); - aSet.insert(OUString("LinkUpdateMode")); - aSet.insert(OUString("FieldAutoUpdate")); - aSet.insert(OUString("ChartAutoUpdate")); - aSet.insert(OUString("AddParaTableSpacing")); - aSet.insert(OUString("AddParaTableSpacingAtStart")); - aSet.insert(OUString("PrintAnnotationMode")); - aSet.insert(OUString("PrintBlackFonts")); - aSet.insert(OUString("PrintControls")); - aSet.insert(OUString("PrintDrawings")); - aSet.insert(OUString("PrintGraphics")); - aSet.insert(OUString("PrintLeftPages")); - aSet.insert(OUString("PrintPageBackground")); - aSet.insert(OUString("PrintProspect")); - aSet.insert(OUString("PrintReversed")); - aSet.insert(OUString("PrintRightPages")); - aSet.insert(OUString("PrintFaxName")); - aSet.insert(OUString("PrintPaperFromSetup")); - aSet.insert(OUString("PrintTables")); - aSet.insert(OUString("PrintSingleJobs")); - aSet.insert(OUString("UpdateFromTemplate")); - aSet.insert(OUString("PrinterIndependentLayout")); - aSet.insert(OUString("PrintEmptyPages")); - aSet.insert(OUString("SmallCapsPercentage66")); - aSet.insert(OUString("TabOverflow")); - aSet.insert(OUString("UnbreakableNumberings")); - aSet.insert(OUString("ClippedPictures")); - aSet.insert(OUString("BackgroundParaOverDrawings")); - aSet.insert(OUString("TabOverMargin")); + boost::unordered_set< OUString, OUStringHash > aExcludeAlways; + aExcludeAlways.insert("LinkUpdateMode"); + boost::unordered_set< OUString, OUStringHash > aExcludeWhenNotLoadingUserSettings; + aExcludeWhenNotLoadingUserSettings.insert(OUString("ForbiddenCharacters")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("IsKernAsianPunctuation")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("CharacterCompressionType")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("FieldAutoUpdate")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("ChartAutoUpdate")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("AddParaTableSpacing")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("AddParaTableSpacingAtStart")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintAnnotationMode")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintBlackFonts")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintControls")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintDrawings")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintGraphics")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintLeftPages")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintPageBackground")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintProspect")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintReversed")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintRightPages")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintFaxName")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintPaperFromSetup")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintTables")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintSingleJobs")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("UpdateFromTemplate")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrinterIndependentLayout")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintEmptyPages")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("SmallCapsPercentage66")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("TabOverflow")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("UnbreakableNumberings")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("ClippedPictures")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("BackgroundParaOverDrawings")); + aExcludeWhenNotLoadingUserSettings.insert(OUString("TabOverMargin")); sal_Int32 nCount = aConfigProps.getLength(); const PropertyValue* pValues = aConfigProps.getConstArray(); SvtSaveOptions aSaveOpt; - sal_Bool bIsUserSetting = aSaveOpt.IsLoadUserSettings(), - bSet = bIsUserSetting; + sal_Bool bIsUserSetting = aSaveOpt.IsLoadUserSettings(); // for some properties we don't want to use the application // default if they're missing. So we watch for them in the loop @@ -1173,12 +1173,12 @@ void SwXMLImport::SetConfigurationSettings(const Sequence < PropertyValue > & aC while( nCount-- ) { - if( !bIsUserSetting ) + bool bSet = aExcludeAlways.find(pValues->Name) == aExcludeAlways.end(); + if( bSet && !bIsUserSetting + && (aExcludeWhenNotLoadingUserSettings.find(pValues->Name) + != aExcludeWhenNotLoadingUserSettings.end()) ) { - // test over the hash value if the entry is in the table. - OUString aStr(pValues->Name); - - bSet = aSet.find(aStr) == aSet.end(); + bSet = false; } if( bSet ) diff --git a/unotools/source/config/securityoptions.cxx b/unotools/source/config/securityoptions.cxx index 20df661..34c4a8e 100644 --- a/unotools/source/config/securityoptions.cxx +++ b/unotools/source/config/securityoptions.cxx @@ -1082,6 +1082,14 @@ bool SvtSecurityOptions::isTrustedLocationUri(OUString const & uri) const { return false; } +bool SvtSecurityOptions::isTrustedLocationUriForUpdatingLinks( + OUString const & uri) const +{ + return GetMacroSecurityLevel() == 0 || uri.isEmpty() + || uri.startsWithIgnoreAsciiCase("private:") + || isTrustedLocationUri(uri); +} + sal_Int32 SvtSecurityOptions::GetMacroSecurityLevel() const { MutexGuard aGuard( GetInitMutex() );
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits