rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources...

to be blocked via tools->options->security->options->block any link...

0001-set-Referer-on-link-mediadescriptor.patch

@@ -0,0 +1,48 @@
+From cd25a97bbadc0a5c1fd6b0e8603c8b6ebd051926 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 1 May 2018 12:57:02 +0100
+Subject: [PATCH] set Referer on link mediadescriptor
+
+to allow determining if the source document is from a trusted/untrusted
+location
+
+Change-Id: I780568652d2ef0cc8543c27ba26289277b5d9d0c
+Reviewed-on: https://gerrit.libreoffice.org/53693
+Tested-by: Jenkins <ci@libreoffice.org>
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+---
+ sw/source/filter/xml/xmltexti.cxx | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
+index 78cab08507f0..33548de42f6c 100644
+--- a/sw/source/filter/xml/xmltexti.cxx
++++ b/sw/source/filter/xml/xmltexti.cxx
+@@ -570,16 +570,21 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertOOoLink(
+         uno::Sequence< beans::PropertyValue > aMediaDescriptor( 1 );
+         aMediaDescriptor[0].Name = "URL";
+         aMediaDescriptor[0].Value <<= aURLObj.GetMainURL( INetURLObject::DecodeMechanism::NONE );
+-        if ( pDoc->GetDocShell() && pDoc->GetDocShell()->GetMedium() )
++
++        if (SfxMedium* pMedium = pDoc->GetDocShell() ? pDoc->GetDocShell()->GetMedium() : nullptr)
+         {
+-            uno::Reference< task::XInteractionHandler > xInteraction =
+-                                        pDoc->GetDocShell()->GetMedium()->GetInteractionHandler();
++            uno::Reference< task::XInteractionHandler > xInteraction = pMedium->GetInteractionHandler();
+             if ( xInteraction.is() )
+             {
+                 aMediaDescriptor.realloc( 2 );
+                 aMediaDescriptor[1].Name = "InteractionHandler";
+                 aMediaDescriptor[1].Value <<= xInteraction;
+             }
++
++            const auto nLen = aMediaDescriptor.getLength() + 1;
++            aMediaDescriptor.realloc(nLen);
++            aMediaDescriptor[nLen - 1].Name = "Referer";
++            aMediaDescriptor[nLen - 1].Value <<= pMedium->GetName();
+         }
+ 
+         uno::Reference < embed::XEmbeddedObject > xObj(
+-- 
+2.14.3
+

libreoffice.spec

@@ -62,7 +62,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.2
-Release:        7%{?libo_prerelease}%{?dist}
+Release:        8%{?libo_prerelease}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/
 
@@ -275,6 +275,7 @@ Patch7: 0001-Related-rhbz-1396729-use-cairo_surface_create_simila.patch
 Patch8: 0001-tdf-95843-Wait-for-fire_glxtest_process-also-in-head.patch
 Patch9: 0001-Related-tdf-116951-rhbz-1569331-end-should-be-in-ter.patch
 Patch10: 0001-Resolves-tdf-116951-rhbz-1569331-start-is-G_MAXINT.patch
+Patch11: 0001-set-Referer-on-link-mediadescriptor.patch
 
 %if 0%{?rhel}
 # not upstreamed
@@ -2323,6 +2324,10 @@ done
 %{_includedir}/LibreOfficeKit
 
 %changelog
+* Fri May 4 2018 Caolán McNamara <caolanm@redhat.com> - 1:6.0.3.2-8
+- rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources
+  to be blocked
+
 * Thu May 3 2018 Caolán McNamara <caolanm@redhat.com> - 1:6.0.3.2-7
 - rhbz#1573845 won't start without at least Langpack-en-US.xcd