rpms/libreoffice
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'c9' into a9

Browse Source
This commit is contained in:
eabdullin 2024-07-24 11:07:37 +03:00
commit 2e0e5adb81
5 changed files with 94 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,7 +3,6 @@ SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll
SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
SOURCES/dtoa-20180411.tgz SOURCES/dtoa-20180411.tgz
SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
SOURCES/libreoffice-7.1.8.1.tar.xz SOURCES/libreoffice-7.1.8.1.tar.xz
SOURCES/libreoffice-help-7.1.8.1.tar.xz SOURCES/libreoffice-help-7.1.8.1.tar.xz
SOURCES/libreoffice-translations-7.1.8.1.tar.xz SOURCES/libreoffice-translations-7.1.8.1.tar.xz

1
.libreoffice.metadata
View File

@ -3,7 +3,6 @@
2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip 2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
083509db5ad9d1680830be9add727d58b54ca0d3 SOURCES/dtoa-20180411.tgz 083509db5ad9d1680830be9add727d58b54ca0d3 SOURCES/dtoa-20180411.tgz
dd55efd721df8a013709e27836bdf26623e5320e SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf dd55efd721df8a013709e27836bdf26623e5320e SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
7b5fd93d787fbc6d9c2d4025d543730ee8dc4559 SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
58642377b80001f41884b2fff3d74fe66426b182 SOURCES/libreoffice-7.1.8.1.tar.xz 58642377b80001f41884b2fff3d74fe66426b182 SOURCES/libreoffice-7.1.8.1.tar.xz
48afe3a1a30861904bf31b387d6bc56360f5ac19 SOURCES/libreoffice-help-7.1.8.1.tar.xz 48afe3a1a30861904bf31b387d6bc56360f5ac19 SOURCES/libreoffice-help-7.1.8.1.tar.xz
cb1238f7b182c8bfb16086d2eb9305b43b8a6d16 SOURCES/libreoffice-translations-7.1.8.1.tar.xz cb1238f7b182c8bfb16086d2eb9305b43b8a6d16 SOURCES/libreoffice-translations-7.1.8.1.tar.xz

29
SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch Normal file
View File

@ -0,0 +1,29 @@
From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 27 Mar 2024 17:07:20 +0000
Subject: [PATCH] add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
index 226caca..bcf67c4 100644
--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
@@ -212,6 +212,9 @@
if( maData.mbValid )
maData.mbValid = !sEventName.isEmpty();
+
+ if (!maData.msMacroName.isEmpty())
+ rImp.NotifyMacroEventRead();
}
css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext(

51
SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBEyzEr0BEADT441wUITsTwDA2nM3kmUhGrzTdxZB5xv/E1ZJCw63qWdmdTdW
NZDfNDuLs4r2VjlEoA3xGK6jgnQvyAoNj0yiEbW/JedHHgOiVdXDlkgkY58myafT
FXqDLzTXVrsNnay0GS8XrNjptZJPhEPBvNUdkqpA9B7RTkfaXj779Pf/AeFMZVLl
UAci5RA0NNF910GHwoXT6SEv2PGoawsphnfmMVdKh9wz7asbtKXEmotCwX3k045x
LsIVK5ANOi+BI9C3LkrrFJWw2XHqDW2ulwCJ0L5QNSjOuY/v8REODwIXamvvdZOz
XBKSIzDOalJqFCHls3YlGyFw1knr6BAOmVOm32YtNTCLbVA/iK55fZWnUCjD3a4G
xz4qpQYWfpxhOmlHpk5JkraSNHzCc7SB43DwcHF5ecXHttMhO8MoN/bAZBgCuLGF
EwNvwFbDwIWo07mlv7wD8i1rtUCvLywJc5YL2PbjCLfB1Q4YzDX1EWnjKdnAsxxK
ftrx1DFlxzUF+TaHbLTPttUcsWQaL8wITznoWIwdIWlo2woPgWIpUXMOYwYV31Oo
fgmroHa3V4NOvkke09uhaZawg5yZCoRFohhfKPqT1ZrJ9SnRbW/WR3VTVY76ht5k
RuV3eb2VWBmPU9zn56Tbe6dvFkBuzHH1JdECAqy1BzFcmQQFBebFzf1XAQARAQAB
tEhMaWJyZU9mZmljZSBCdWlsZCBUZWFtIChDT0RFIFNJR05JTkcgS0VZKSA8YnVp
bGRAZG9jdW1lbnRmb3VuZGF0aW9uLm9yZz6JAjcEEwEKACEFAkyzEr0CGwMFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ9DSh76/urqOc4w//X+74QlyRalcuLNw3
oJKB1+1z6xxhhpwg1kw5cMMrGu0w0YoPvLDKaiS02DdkIaXDECcQTOoEh7/bYbZq
6OtE1WyxqHYYOPK5yul5FRwZ5k5HZ7pDFcKCQ72UgWhz+QznRhgZ0jwEWl5Ln3rw
JpSynIvTXHmQogId0xmcrNQPyckzzugGx4qZFinSOmDGwTgG14NU3vat2iek37Ph
BLh5V8ohlEoccwwPejtKEWQudg0Q8K7uBuqLUhnJoZodEytqpOvtysuPtGxGXnmD
7oXtBVEF3X6eFRXDIp81cx2isHK4Krf4z4T9KUimNLHjWRa+ZQtp2pZLHQlblfsn
CUf6TYZ0Yi909EhcM/hxAgBZXellOCQ/8U2cJsTUyN5Dp1wbf6X0uK4uaed1/037
EGLAO6PP6WQz6jWd1/hhsQ5oAmdjkzlMFEfKNeIIDuKMOjXcTvM8/KRXhufwICvS
FBlSIveHfDFWCvOVgq0VjAY7NFMFKRUnRHB58qBamtyhOyscRIvT5QH8HYfUA/YN
l9FguczYUIQi3t+H1hoHIywdtmRuhYx5WlIUe8FO9QD5RMPbBjVbkCYgdHdxgnJD
KCoRGsoKlLB7UZc4Ak9j6plZbYtFRonm2MjU4zxblCFNuEqVQ0V/y6/OIGpBYF9Y
aEAtTgEJd9OmmDCM3d8O0zZHYma5Ag0ETLMSvQEQAMDp0HxSDWd+2Od/aJutCMFe
8tfw7+nP9gfHOCUqesb88QvRMJgVY6z1aNdMllxTKlsxUiuA6uNcrUAkzDp/qRWR
58rWIO642PLifng3urJ1cDbSKC+K4RHpQC+hXllMKLqq8dwNy1LO4fPo9SdtUF4B
ev6enKmo4yCiOGv2tvztPh9gMGYoDncaOsS0t2UPr2MMQIVUmmIzfJBkdOxbZiWO
doeNbWsYJHQaO+Ahal6SjPHKzhdjeXhZzHl1vqeDkV4MXHprrOwXNXwPiEpkZe2O
dc7yaMkQc0k8WRrfKHApbnwDx6Mi8HYaf+LvRq7P0eMO9osD1q44wQQvVzk199zp
MMHS5/kAv7RBNmDOSJQIZ4zT4lzRDODjMf01Ljn02zon12GfJo0WbbpmLulta7uj
HgMrUU54by8WPFGW0fljXiDX0EpkHhxUsUsfaNfBsFnE+sRxQjNF/ljvofkyApI2
1OjtEa9krwvgDqaXsL+a2076OsoFpORlTZ30REb0eRS6rEt8M+7s4xTaA7GFxlY/
N+bnaM8m+ItygfFHHW4H0wLbbgajDeooSTgaheVNF5V9HS0EkN4MNVvtJH7J6drd
iR1QVhX87n7+JtQzTtCOyfeKjaB+kcbAm/2VOFOeHdig5+BygpXt3IixVq72xmGz
h0jhY565MjXrqg5O3pvLABEBAAGJAh8EGAEKAAkFAkyzEr0CGwwACgkQ9DSh76/u
rqPaeg//avI2/a94XlSYtSZb2hVdW3qa9AEypQurqtVrKJfEKFV+ZQBPXbPRy8Mz
5LMEH1sfD6B4SVGIGJ8opSyieJkcKIke+GMekTWvSqDpFOgY2rw7eHNn/33ZJs3O
zQOyWz8smE/AIM/5lyiVGuSlU7RjYncf1V9bIBc91q9Edqk4IYUo/7W+yafC0VW/
8oHUFYjHNaujiOsEoLiXsh9Y0R/6Jxs6fvE4XbCANV/ecN5UX+9BBrNZNN/9GbNr
6CYGZ57M2f1Pgywy/XvOnEPnJ8aWXUyGLqq34KvMPFPSOeAmFbkFEsB4mdDMFaDw
rzziiZE/zS8/nKiH4X2JgmLgFsadEihdfYxeDcGbhREK/qA1f3bGnr1j05V07yko
2FFZdiOr4OgiT5ymgwVUXQ2Aiz+J/C8URjfpcPxetmuDQT9AYfgmMKPNVXPFWuNQ
dzN5GZbI+E1/cb5+uLNknvjngw2G4PR/4uPHX1HCSftlNawBqWzyun1k+B7/u3Oe
FebWXcdqSmZuLQ7l0Pkuz/Nlp6M6cKpceL+9zCgaiR5+v9h94VvtXKd/mw9ZLACc
VcOANiwCtsJP3lt7jRSHtkuUe6vUm5tLS582RfXxoI1BlPjNtG9xAQ3JKBHIXbal
T18pAFO3t74cxg3h0iI1G51F3oL0DwILP2MBBmardVEp5CMnB/M=
=1iQB
-----END PGP PUBLIC KEY BLOCK-----

29
SPECS/libreoffice.spec
View File

@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice Name: libreoffice
Epoch: 1 Epoch: 1
Version: %{libo_version}.1 Version: %{libo_version}.1
Release: 12%{?libo_prerelease}%{?dist}.alma.1 Release: 13%{?libo_prerelease}%{?dist}.alma.1
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/ URL: http://www.libreoffice.org/
@ -289,7 +289,6 @@ Patch33: 0001-set-Referer-on-loading-IFrames.patch
Patch34: 0002-put-floating-frames-under-managed-links-control.patch Patch34: 0002-put-floating-frames-under-managed-links-control.patch
Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
Patch36: 0001-disable-script-dump.patch Patch36: 0001-disable-script-dump.patch
# Patches were taken from the latest OL relase
Patch37: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch Patch37: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Patch38: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch Patch38: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
Patch39: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch Patch39: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
@ -297,6 +296,7 @@ Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot
Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Patch43: 0006-CVE-2023-6186-backporting.patch Patch43: 0006-CVE-2023-6186-backporting.patch
Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch
# not upstreamed # not upstreamed
Patch500: 0001-disable-libe-book-support.patch Patch500: 0001-disable-libe-book-support.patch
@ -1039,6 +1039,9 @@ rm -rf git-hooks */git-hooks
# apply patches # apply patches
%autopatch -M 99 %autopatch -M 99
%if 0%{?rhel} %if 0%{?rhel}
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
# From https://src.fedoraproject.org/rpms/python3.9/pull-request/60
# Make at least a local rhpkg prep on Fedora work..
%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}} %{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
%apply_patch -q %{PATCH500} %apply_patch -q %{PATCH500}
%endif %endif
@ -1058,10 +1061,10 @@ sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
%endif %endif
# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
git commit -q -a -m 'temporarily disable failing tests' git commit -q -a -m 'temporarily disable failing tests'
# Seeing .git dir makes some of the build tools change their behavior. # Seeing .git dir makes some of the build tools change their behavior.
@ -2286,20 +2289,16 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
%{_includedir}/LibreOfficeKit %{_includedir}/LibreOfficeKit
%changelog %changelog
* Thu Mar 21 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-12.alma.1 * Wed Jul 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-13.alma.1
- escape url passed to gstreamer
- add some protocols that don't make sense as floating frame
targets
- warn about exotic protocols as well
- default to ignoring libreoffice special-purpose protocols
in calc hyperlink
- reuse AllowedLinkProtocolFromDocument in writer
- reuse AllowedLinkProtocolFromDocument in impress/draw
- CVE-2023-6186 backporting
* Thu Sep 21 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-11.alma
- Debrand for AlmaLinux - Debrand for AlmaLinux
* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-13
- Fix CVE-2024-3044 add notify for script use
* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
- Fix CVE-2023-6185 escape url passed to gstreamer
- Fix CVE-2023-6186 check link target protocols
* Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11 * Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
- Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula
Parsing Parsing