Debrand for AlmaLinux

2025-03-17 07:36:44 +00:00 · 2025-03-17 07:36:44 +00:00 · 0b32a26dee
commit 0b32a26dee
parent 84bb5abcd3 857adf2f09
2 changed files with 56 additions and 13 deletions
--- a/SOURCES/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
+++ b/SOURCES/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
@ -0,0 +1,38 @@
+From b79d62375e7b249c7b351b4b32a47ba310ac5fe9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
+Date: Thu, 30 Jan 2025 20:37:38 +0000
+Subject: [PATCH] Filter out more unwanted command URIs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
+Tested-by: Jenkins
+Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
+(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181116
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+
+erAck: backported to 7.1.8.1
+---
+ desktop/source/app/cmdlineargs.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
+index 93d9e87..70b9f05 100644
+--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
+@@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
+     if (nURIlen < 0)
+         nURIlen = rest2.getLength();
+     auto const uri = rest2.copy(0, nURIlen);
+-    if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+    if (INetURLObject(uri).IsExoticProtocol()) {
+         // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+         // as the "Open" machinery does not know about those command URI schemes):
+         curEvt = CommandLineEvent::Open;
+-- 
+2.48.1
--- a/SPECS/libreoffice.spec
+++ b/SPECS/libreoffice.spec
@ -54,7 +54,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.2
-Release:        18%{?libo_prerelease}%{?dist}.alma.1
+Release:        19%{?libo_prerelease}%{?dist}.alma.1
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -302,6 +302,7 @@ Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra
 Patch59: 0006-CVE-2023-6186-backporting.patch
 Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
 Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
+Patch62: 0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch

 %if 0%{?rhel}
 # not upstreamed
@ -394,7 +395,7 @@ Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}

 %description base
-GUI database front-end for LibreOffice. Allows creation and management of
+GUI database front-end for LibreOffice. Allows creation and management of 
 databases through a GUI.

 %if 0%{?fedora}
@ -478,7 +479,7 @@ BuildArch: noarch

 %description %{fontname}-fonts
 A dingbats font, OpenSymbol, suitable for use by LibreOffice for bullets and
-mathematical symbols.
+mathematical symbols. 

 %package writer
 Summary: LibreOffice Word Processor Application
@ -492,7 +493,7 @@ Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}
 The LibreOffice Word Processor application.

 %package emailmerge
-Summary: Email mail-merge component for LibreOffice
+Summary: Email mail-merge component for LibreOffice 
 Requires: %{name}-writer%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}

@ -542,7 +543,7 @@ Requires: %{name}-pdfimport%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}

-%description math
+%description math 
 The LibreOffice Equation Editor Application.

 %package graphicfilter
@ -1020,6 +1021,7 @@ git config gc.auto 0 # disable auto packing
 git add -A
 git commit -q -a -m %{name}-%{version}

+
 # apply patches
 git am %{patches}

@ -1255,7 +1257,7 @@ pushd %{buildroot}%{baseinstdir}/share/autocorr

 %make_autocorr_aliases -l en-GB en-AG en-AU en-BS en-BW en-BZ en-CA en-DK en-GH en-HK en-IE en-IN en-JM en-NG en-NZ en-SG en-TT
 %make_autocorr_aliases -l en-US en-PH
-#en-ZA exists and has a good autocorrect file with two or three extras that make sense for
+#en-ZA exists and has a good autocorrect file with two or three extras that make sense for 
 #neighbouring english speaking territories
 %make_autocorr_aliases -l en-ZA en-NA en-ZW
 %if %{with langpacks}
@ -1310,7 +1312,7 @@ rm -f %{buildroot}%{baseinstdir}/CREDITS.fodt %{buildroot}%{baseinstdir}/LICENSE
 ln -sr %{buildroot}%{lodatadocdir}/CREDITS.fodt %{buildroot}%{baseinstdir}/CREDITS.fodt
 ln -sr %{buildroot}%{lodatadocdir}/LICENSE.html %{buildroot}%{baseinstdir}/LICENSE.html

-#ensure that no sneaky un-prelinkable, un-fpic or non executable shared libs
+#ensure that no sneaky un-prelinkable, un-fpic or non executable shared libs 
 #have snuck through
 pic=0
 executable=0
@ -1502,13 +1504,13 @@ export DESTDIR=%{buildroot}
 #
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-writer.appdata.xml \
  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/a.png \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/b.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/b.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-calc.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-calc/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-calc/a.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-draw.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-draw/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-draw/a.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-impress.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-impress/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-impress/a.png 
 %endif
 %if 0%{?flatpak}
 # Assemble the libreoffice-*.appdata.xml files into a single
@ -2297,9 +2299,12 @@ done
 %{_includedir}/LibreOfficeKit

 %changelog
-* Tue Aug 20 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:6.4.7.2-18.alma.1
+* Mon Mar 17 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:6.4.7.2-19.alma.1
 - Debrand for AlmaLinux

+* Tue Mar 11 2025 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-19
+- Fix CVE-2025-1080 Filter out more unwanted command URIs
+
 * Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
 - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
  high security
@ -4125,7 +4130,7 @@ done

 * Wed Oct 19 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-14
 - Related: rhbz#743750 addXineramaScreenUnique issue
-
+ 
 * Fri Oct 07 2011 Stephan Bergmann <sbergman@redhat.com> - 3.4.3.2-13
 - Patches to build with GCC 6.4.1