[libreoffice/f19] Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
Caolán McNamara
caolanm at fedoraproject.org
Tue Nov 25 10:29:36 UTC 2014
commit 0427d74ea2d8ad5767f8375036316ca36b5cd5b2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Nov 25 10:29:28 2014 +0000
Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
...emote-by-default-and-improve-flow-control.patch | 52 ++++++++++++++++++++
libreoffice.spec | 6 ++-
2 files changed, 57 insertions(+), 1 deletions(-)
---
diff --git a/0001-Disable-sdremote-by-default-and-improve-flow-control.patch b/0001-Disable-sdremote-by-default-and-improve-flow-control.patch
new file mode 100644
index 0000000..30e62aa
--- /dev/null
+++ b/0001-Disable-sdremote-by-default-and-improve-flow-control.patch
@@ -0,0 +1,52 @@
+From 99023fe9bd7d8b665faed7fe9cb98b3fb8922292 Mon Sep 17 00:00:00 2001
+From: Michael Meeks <michael.meeks at collabora.com>
+Date: Tue, 7 Oct 2014 10:10:27 +0100
+Subject: [PATCH] Disable sdremote by default, and improve flow control.
+
+It was intended to disable sdremote by default when it exited
+experimental mode.
+
+This reverts commit 576943b9bf7506829de97d2194c4bee35a485436.
+
+Change-Id: I2c1b5443e334021bd9574316167f48b1af6200e5
+Reviewed-on: https://gerrit.libreoffice.org/11837
+Reviewed-by: Jan Holesovsky <kendy at collabora.com>
+Tested-by: Jan Holesovsky <kendy at collabora.com>
+---
+ officecfg/registry/schema/org/openoffice/Office/Impress.xcs | 2 +-
+ sd/source/ui/remotecontrol/Server.cxx | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/officecfg/registry/schema/org/openoffice/Office/Impress.xcs b/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
+index b740aca..01836d6 100644
+--- a/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
++++ b/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
+@@ -629,7 +629,7 @@
+ <desc>Indicates whether to enable the Impress remote controller.</desc>
+ <label>Enable remote control</label>
+ </info>
+- <value>true</value>
++ <value>false</value>
+ </prop>
+ <prop oor:name="EnablePresenterScreen" oor:type="xs:boolean" oor:nillable="false">
+ <info>
+diff --git a/sd/source/ui/remotecontrol/Server.cxx b/sd/source/ui/remotecontrol/Server.cxx
+index 51796cc..fb24e67 100644
+--- a/sd/source/ui/remotecontrol/Server.cxx
++++ b/sd/source/ui/remotecontrol/Server.cxx
+@@ -115,7 +115,11 @@ void RemoteServer::execute()
+ {
+ OString aName( aLine );
+
+- if ( ! pSocket->readLine( aLine ) ) delete pSocket;
++ if ( ! pSocket->readLine( aLine ) )
++ {
++ delete pSocket;
++ continue;
++ }
+ OString aPin( aLine );
+
+ SocketAddr aClientAddr;
+--
+1.9.3
+
diff --git a/libreoffice.spec b/libreoffice.spec
index 14e0873..d0d522e 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -42,7 +42,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
-Release: 8%{?libo_prerelease}%{?dist}
+Release: 9%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0
Group: Applications/Productivity
URL: http://www.libreoffice.org/default/
@@ -286,6 +286,7 @@ Patch49: 0001-rhbz-1105376-move-FlatODF-filter-config-to-right-pla.patch
Patch50: 0001-Fix-fdo-71423-crash-while-editing-Impress-tables.patch
Patch51: 0001-Use-varying-aElement-name.patch
Patch52: 0001-Resolves-i125386-secured-user-request-and-changed-so.patch
+Patch53: 0001-Disable-sdremote-by-default-and-improve-flow-control.patch
%define instdir %{_libdir}
%define baseinstdir %{instdir}/libreoffice
@@ -2163,6 +2164,9 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
%endif
%changelog
+* Tue Nov 25 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-9
+- Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
+
* Tue Sep 09 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-8
- Resolves: rhbz#1139592 CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
More information about the scm-commits
mailing list