[libreoffice/f19] Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager

Caolán McNamara caolanm at fedoraproject.org
Tue Nov 25 10:29:36 UTC 2014 

commit 0427d74ea2d8ad5767f8375036316ca36b5cd5b2
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Tue Nov 25 10:29:28 2014 +0000

    Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager

 ...emote-by-default-and-improve-flow-control.patch |   52 ++++++++++++++++++++
 libreoffice.spec                                   |    6 ++-
 2 files changed, 57 insertions(+), 1 deletions(-)
---
diff --git a/0001-Disable-sdremote-by-default-and-improve-flow-control.patch b/0001-Disable-sdremote-by-default-and-improve-flow-control.patch
new file mode 100644
index 0000000..30e62aa
--- /dev/null
+++ b/0001-Disable-sdremote-by-default-and-improve-flow-control.patch
@@ -0,0 +1,52 @@
+From 99023fe9bd7d8b665faed7fe9cb98b3fb8922292 Mon Sep 17 00:00:00 2001
+From: Michael Meeks <michael.meeks at collabora.com>
+Date: Tue, 7 Oct 2014 10:10:27 +0100
+Subject: [PATCH] Disable sdremote by default, and improve flow control.
+
+It was intended to disable sdremote by default when it exited
+experimental mode.
+
+This reverts commit 576943b9bf7506829de97d2194c4bee35a485436.
+
+Change-Id: I2c1b5443e334021bd9574316167f48b1af6200e5
+Reviewed-on: https://gerrit.libreoffice.org/11837
+Reviewed-by: Jan Holesovsky <kendy at collabora.com>
+Tested-by: Jan Holesovsky <kendy at collabora.com>
+---
+ officecfg/registry/schema/org/openoffice/Office/Impress.xcs | 2 +-
+ sd/source/ui/remotecontrol/Server.cxx                       | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/officecfg/registry/schema/org/openoffice/Office/Impress.xcs b/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
+index b740aca..01836d6 100644
+--- a/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
++++ b/officecfg/registry/schema/org/openoffice/Office/Impress.xcs
+@@ -629,7 +629,7 @@
+             <desc>Indicates whether to enable the Impress remote controller.</desc>
+             <label>Enable remote control</label>
+           </info>
+-          <value>true</value>
++          <value>false</value>
+         </prop>
+         <prop oor:name="EnablePresenterScreen" oor:type="xs:boolean" oor:nillable="false">
+            <info>
+diff --git a/sd/source/ui/remotecontrol/Server.cxx b/sd/source/ui/remotecontrol/Server.cxx
+index 51796cc..fb24e67 100644
+--- a/sd/source/ui/remotecontrol/Server.cxx
++++ b/sd/source/ui/remotecontrol/Server.cxx
+@@ -115,7 +115,11 @@ void RemoteServer::execute()
+         {
+             OString aName( aLine );
+ 
+-            if ( ! pSocket->readLine( aLine ) ) delete pSocket;
++            if ( ! pSocket->readLine( aLine ) )
++            {
++                delete pSocket;
++                continue;
++            }
+             OString aPin( aLine );
+ 
+             SocketAddr aClientAddr;
+-- 
+1.9.3
+
diff --git a/libreoffice.spec b/libreoffice.spec
index 14e0873..d0d522e 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -42,7 +42,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.2
-Release:        8%{?libo_prerelease}%{?dist}
+Release:        9%{?libo_prerelease}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0
 Group:          Applications/Productivity
 URL:            http://www.libreoffice.org/default/
@@ -286,6 +286,7 @@ Patch49: 0001-rhbz-1105376-move-FlatODF-filter-config-to-right-pla.patch
 Patch50: 0001-Fix-fdo-71423-crash-while-editing-Impress-tables.patch
 Patch51: 0001-Use-varying-aElement-name.patch
 Patch52: 0001-Resolves-i125386-secured-user-request-and-changed-so.patch
+Patch53: 0001-Disable-sdremote-by-default-and-improve-flow-control.patch
 
 %define instdir %{_libdir}
 %define baseinstdir %{instdir}/libreoffice
@@ -2163,6 +2164,9 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
 %endif
 
 %changelog
+* Tue Nov 25 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-9
+- Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
+
 * Tue Sep 09 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.1.6.2-8
 - Resolves: rhbz#1139592 CVE-2014-3575 arbitrary file preview disclosure via ole2 objects

More information about the scm-commits mailing list