libreoffice/CVE-2019-9854.patch

Description: - an absolute uri is invalid input
             - improve check for absolute URI
Authors: - Caolán McNamara <caolanm@redhat.com>
         - Stephan Bergmann <sbergman@redhat.com>

diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index 316c5012c..c46565949 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -237,6 +237,11 @@ class MyUriHelper:
                 log.debug( message )
                 raise RuntimeException( message )
 
+            if not xFileUri.hasRelativePath():
+                message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'"
+                log.debug( message )
+                raise RuntimeException( message )
+
             # absolute path to the .py file
             xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN)
             sAbsScriptUri = xAbsScriptUri.getUriReference()
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index a508aea86..3ec10565b 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1371,7 +1371,7 @@ bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)
     do
     {
         OUString aToken = sScript.getToken(0, '/', nIndex);
-        if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))
+        if (aToken.startsWithIgnoreAsciiCase("LibreLogo") || aToken.indexOf('~') != -1)
         {
             return true;
         }
Fix CVE-2019-9854 https://usn.ubuntu.com/4138-1/ 2019-10-10 00:59:11 +03:00			`Description: - an absolute uri is invalid input`
			`- improve check for absolute URI`
			`Authors: - Caolán McNamara <caolanm@redhat.com>`
			`- Stephan Bergmann <sbergman@redhat.com>`

			`diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py`
			`index 316c5012c..c46565949 100644`
			`--- a/scripting/source/pyprov/pythonscript.py`
			`+++ b/scripting/source/pyprov/pythonscript.py`
			`@@ -237,6 +237,11 @@ class MyUriHelper:`
			`log.debug( message )`
			`raise RuntimeException( message )`

			`+ if not xFileUri.hasRelativePath():`
			`+ message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'"`
			`+ log.debug( message )`
			`+ raise RuntimeException( message )`
			`+`
			`# absolute path to the .py file`
			`xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN)`
			`sAbsScriptUri = xAbsScriptUri.getUriReference()`
			`diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx`
			`index a508aea86..3ec10565b 100644`
			`--- a/sfx2/source/doc/objmisc.cxx`
			`+++ b/sfx2/source/doc/objmisc.cxx`
			`@@ -1371,7 +1371,7 @@ bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL)`
			`do`
			`{`
			`OUString aToken = sScript.getToken(0, '/', nIndex);`
			`- if (aToken.startsWithIgnoreAsciiCase("LibreLogo"))`
			`+ if (aToken.startsWithIgnoreAsciiCase("LibreLogo") \|\| aToken.indexOf('~') != -1)`
			`{`
			`return true;`
			`}`