[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 sdc.bla...@youmail.dk changed: What|Removed |Added CC||sdc.bla...@youmail.dk --- Comment #15 from sdc.bla...@youmail.dk --- (In reply to S.Zosgornik from comment #14) > Only documentation lags the needed informations Maybe you will open a new ticket identifying what information should be added to the online help and where. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Heiko Tietze changed: What|Removed |Added See Also||https://bugs.documentfounda ||tion.org/show_bug.cgi?id=14 ||9153 -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 S.Zosgornik changed: What|Removed |Added See Also||https://bugs.documentfounda ||tion.org/show_bug.cgi?id=12 ||8216 --- Comment #14 from S.Zosgornik --- Don't know about reopening this bug-report. Everything works as expected with the right settings. Only documentation lags the needed informations and there is still bug 128216 open that will always confuse users. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 S.Zosgornik changed: What|Removed |Added See Also||https://bugs.documentfounda ||tion.org/show_bug.cgi?id=13 ||5506 -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Heiko Tietze changed: What|Removed |Added CC|libreoffice-ux-advise@lists |heiko.tietze@documentfounda |.freedesktop.org|tion.org Keywords|needsUXEval | -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 --- Comment #13 from S.Zosgornik --- Option in the settings. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Adalbert Hanßen changed: What|Removed |Added Status|CLOSED |REOPENED Resolution|WONTFIX |--- --- Comment #12 from Adalbert Hanßen --- (In reply to S.Zosgornik from comment #0) > ... > > For the reason that LibreOffice Writer can handle relative paths it is even > possible to insert all sourcing documents along the main documents and move > the resident folder to other places and even send the documents to other > persons e.g. as downloaded zip-folder. How did you enter relative paths? When browsing, LO Writer always gives a full path like this file:///home/full path to/file.odt. If I manually change this to file:///./file.odt or to ./file.odt. I can enter this link (which should be relative links), but the file is not shown in the newly created section. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 S.Zosgornik changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #11 from S.Zosgornik --- (In reply to Caolán McNamara from comment #9) > > IIRC its possible to use tools, options, macro security and "trusted > sources" to designate a dir as a "trusted file location" which I think has > an effect on this. Found the option - it's under Tools>Options>LibreOffice Writer/Calc>General>Updates Links when Loading Writer just doesn't mention "from trusted locations" -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 --- Comment #10 from S.Zosgornik --- (In reply to Caolán McNamara from comment #9) > > IIRC its possible to use tools, options, macro security and "trusted > sources" to designate a dir as a "trusted file location" which I think has > an effect on this. Thank you for your reply. I thought on a security setting, maybe hidden under the advanced options for expert users that know they only work with self-created files or files from trustworthy sources. But having the possibility to declare directories as "trusted locations" should be the better security solution. Unfortunately Macro Security>Trusted Sources has no impact for linked documents. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 --- Comment #9 from Caolán McNamara --- https://www.libreoffice.org/about-us/security/advisories/CVE-2017-3157/ https://www.libreoffice.org/about-us/security/advisories/CVE-2015-4551/ https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3575/ are three historical cases where we issued advisories that there existed cases where documents/links/previews were updated without a warning and we changed things so that wouldn't happen for what that's worth. The advisory arguments, for the normal desktop user case, mostly center around a attacker sending someone a document with a hidden section containing a link to a plausible location in the attacked users file system and convincing them to send it back to the attacker. IIRC its possible to use tools, options, macro security and "trusted sources" to designate a dir as a "trusted file location" which I think has an effect on this. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Mike Kaganski changed: What|Removed |Added CC||caol...@redhat.com, ||sberg...@redhat.com --- Comment #8 from Mike Kaganski --- (In reply to S.Zosgornik from comment #7) > Again, you speak about documents with links to external SITES while I speak > about locale files. I speak about local files, too. If you automatically open a local file linked to currently opened local file, you are at risk. > LibreOffice isn't a web-browser nor an email-client. It > can't open web-sites other than in plain-text and the only concern would be > about external images that could track the users. Wrong. You perfectly can reference other ODFs or OOXMLs from e.g. WebDAV (i.e., "http:/...") > So I can totally agree to a secure setting to prevent LibO to open remote > files. Similar to the security setting of disable macros by default. > > But the dialog says: "The document contains one or more links to external > data. Would you like to change the document, and update all links to get the > most recent data?" And even if you chose "No" will LibO include the data of > the linked document, just not updated to the current version. The data is cached in the opened document, so LO does not need to fetch anything from other files. > Sure. buffer-overrun attempts can happen, even on local files downloaded > from the wrong source. But the right solution should be to ask the user to > execute macro data and open remote files rather than urge him to confirm his > own documents on every opening. LibreOffice has no way to know if that's your documents or not. Maybe Caolan and Stephan have their opinion on this? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 --- Comment #7 from S.Zosgornik --- (In reply to Mike Kaganski from comment #6) > You seem to not read carefully. Specifically for this case, I explained in > comment 4: > > > Absolutely. The request is out of question, because automatically reading an > > external document Again, you speak about documents with links to external SITES while I speak about locale files. LibreOffice isn't a web-browser nor an email-client. It can't open web-sites other than in plain-text and the only concern would be about external images that could track the users. So I can totally agree to a secure setting to prevent LibO to open remote files. Similar to the security setting of disable macros by default. But the dialog says: "The document contains one or more links to external data. Would you like to change the document, and update all links to get the most recent data?" And even if you chose "No" will LibO include the data of the linked document, just not updated to the current version. Sure. buffer-overrun attempts can happen, even on local files downloaded from the wrong source. But the right solution should be to ask the user to execute macro data and open remote files rather than urge him to confirm his own documents on every opening. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Mike Kaganski changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |WONTFIX --- Comment #6 from Mike Kaganski --- (In reply to S.Zosgornik from comment #5) > This bug-report wasn't about any external data but relative linked documents > on your own hard-drive. You seem to not read carefully. Specifically for this case, I explained in comment 4: > Absolutely. The request is out of question, because automatically reading an > external document (even local one) may lead to all kinds of security/privacy > issues, think about documents with URLs to sites that track your IP; the > link in fact could be in the document near the main one, if you received > several malicious documents in a ZIP, so links to local files are not safe. To emphasize the relevant parts: *even local one* *the link in fact could be in the document near the main one* So no, silencing only relatively-referenced local documents is not an option, since it is no less dangerous. Closing WONTFIX again. Please do not reopen, unless you have a good proposal that addresses the security issues. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 S.Zosgornik changed: What|Removed |Added Ever confirmed|0 |1 Resolution|WONTFIX |--- Status|RESOLVED|REOPENED -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 S.Zosgornik changed: What|Removed |Added Version|6.4.5.2 release |7.0.3.1 release --- Comment #5 from S.Zosgornik --- This bug-report wasn't about any external data but relative linked documents on your own hard-drive. Take two documents, both in the same folder, one is relative linked to the other one. You move the entire folder, the relative link keeps the same but LibO will ask you to update the link. Same happens just to have a relative linked document without any changes. LibO will always ask to update the source documents whenever you open the target. Steps to reproduce: - Create a new document - Link any other document as a section (Insert>Section>Checkmark on "Link" while Options>Load\Save>Save URLs relative to file system is enable) -Save and reload the document Same happens for linked pictures with "Save URLs relative..." enabled -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Mike Kaganski changed: What|Removed |Added Resolution|--- |WONTFIX Status|UNCONFIRMED |RESOLVED --- Comment #4 from Mike Kaganski --- (In reply to Heiko Tietze from comment #3) > Understand this question as a security measure. Absolutely. The request is out of question, because automatically reading an external document (even local one) may lead to all kinds of security/privacy issues, think about documents with URLs to sites that track your IP; the link in fact could be in the document near the main one, if you received several malicious documents in a ZIP, so links to local files are not safe. > Could agree if author and current user are the same. Mike, what's your take? An author/user name is not secure data; they are mainly for convenience. No one prevents me from entering the same user name into my copy of LO, if I ever get a sample document from you, and see the user name mentioned there (and even if I never get a document from you, I may prepare several versions of malicious documents with reasonably guessed user names). It could be only used in signed documents, where you can have some level of confidence that the authors are actually what it claims they are ... then how likely would it improve UX for users who "have to (re-)open several documents a day"? Or is it reasonable that users' documents reopened that often are all signed (likely finalized, or else they will nag the users with a different question about "edits will invalidate the signature")? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Heiko Tietze changed: What|Removed |Added CC||mikekagan...@hotmail.com --- Comment #3 from Heiko Tietze --- Understand this question as a security measure. Could agree if author and current user are the same. Mike, what's your take? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 --- Comment #2 from Sascha Z --- (In reply to Dieter from comment #1) > Sascha, I think this is more an enhancement request than a bug, because > everything works as it should (but of course, improvement is alwys > possible). So let's ask design team. > > cc: Design-Team for further input and decision Thanks for your replay Dieter. I am from design team myself and open to discuss it in one of our meetings. ATM LibO ALWAYS ask the user to update relative linked documents even if the document itself wasn't changed (open right after last save) and linked documents haven't moved or changed. So LibO always ask without any reason. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 135508] Relative linked text sections should automatically read on document opening
https://bugs.documentfoundation.org/show_bug.cgi?id=135508 Dieter changed: What|Removed |Added CC||dgp-m...@gmx.de, ||libreoffice-ux-advise@lists ||.freedesktop.org Keywords||needsUXEval Blocks||107738 Whiteboard| QA:needsComment| Summary|Relative linked text|Relative linked text |sections aren't |sections should |automatically read on |automatically read on |document opening|document opening Severity|normal |enhancement --- Comment #1 from Dieter --- Sascha, I think this is more an enhancement request than a bug, because everything works as it should (but of course, improvement is alwys possible). So let's ask design team. cc: Design-Team for further input and decision Referenced Bugs: https://bugs.documentfoundation.org/show_bug.cgi?id=107738 [Bug 107738] [META] Section bugs and enhancements -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
