Merge branch 'c9' into a9

2024-07-24 11:07:37 +03:00 · 2024-07-24 11:07:37 +03:00 · 2e0e5adb81
commit 2e0e5adb81
parent 3d9aa91c87 6081b45d0e
5 changed files with 94 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,6 @@ SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll
 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
 SOURCES/dtoa-20180411.tgz
 SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
-SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
 SOURCES/libreoffice-7.1.8.1.tar.xz
 SOURCES/libreoffice-help-7.1.8.1.tar.xz
 SOURCES/libreoffice-translations-7.1.8.1.tar.xz
--- a/.libreoffice.metadata
+++ b/.libreoffice.metadata
@ -3,7 +3,6 @@
 2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
 083509db5ad9d1680830be9add727d58b54ca0d3 SOURCES/dtoa-20180411.tgz
 dd55efd721df8a013709e27836bdf26623e5320e SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
-7b5fd93d787fbc6d9c2d4025d543730ee8dc4559 SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
 58642377b80001f41884b2fff3d74fe66426b182 SOURCES/libreoffice-7.1.8.1.tar.xz
 48afe3a1a30861904bf31b387d6bc56360f5ac19 SOURCES/libreoffice-help-7.1.8.1.tar.xz
 cb1238f7b182c8bfb16086d2eb9305b43b8a6d16 SOURCES/libreoffice-translations-7.1.8.1.tar.xz
--- a/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch
+++ b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch
@ -0,0 +1,29 @@
+From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
+From: Caolán McNamara <caolan.mcnamara@collabora.com>
+Date: Wed, 27 Mar 2024 17:07:20 +0000
+Subject: [PATCH] add notify for script use
+
+Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
+Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
+Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+---
+
+diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
+index 226caca..bcf67c4 100644
+--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
+@@ -212,6 +212,9 @@
+ 
+     if( maData.mbValid )
+         maData.mbValid = !sEventName.isEmpty();
+
+    if (!maData.msMacroName.isEmpty())
+        rImp.NotifyMacroEventRead();
+ }
+ 
+ css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext(
--- a/SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
+++ b/SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBEyzEr0BEADT441wUITsTwDA2nM3kmUhGrzTdxZB5xv/E1ZJCw63qWdmdTdW
+NZDfNDuLs4r2VjlEoA3xGK6jgnQvyAoNj0yiEbW/JedHHgOiVdXDlkgkY58myafT
+FXqDLzTXVrsNnay0GS8XrNjptZJPhEPBvNUdkqpA9B7RTkfaXj779Pf/AeFMZVLl
+UAci5RA0NNF910GHwoXT6SEv2PGoawsphnfmMVdKh9wz7asbtKXEmotCwX3k045x
+LsIVK5ANOi+BI9C3LkrrFJWw2XHqDW2ulwCJ0L5QNSjOuY/v8REODwIXamvvdZOz
+XBKSIzDOalJqFCHls3YlGyFw1knr6BAOmVOm32YtNTCLbVA/iK55fZWnUCjD3a4G
+xz4qpQYWfpxhOmlHpk5JkraSNHzCc7SB43DwcHF5ecXHttMhO8MoN/bAZBgCuLGF
+EwNvwFbDwIWo07mlv7wD8i1rtUCvLywJc5YL2PbjCLfB1Q4YzDX1EWnjKdnAsxxK
+ftrx1DFlxzUF+TaHbLTPttUcsWQaL8wITznoWIwdIWlo2woPgWIpUXMOYwYV31Oo
+fgmroHa3V4NOvkke09uhaZawg5yZCoRFohhfKPqT1ZrJ9SnRbW/WR3VTVY76ht5k
+RuV3eb2VWBmPU9zn56Tbe6dvFkBuzHH1JdECAqy1BzFcmQQFBebFzf1XAQARAQAB
+tEhMaWJyZU9mZmljZSBCdWlsZCBUZWFtIChDT0RFIFNJR05JTkcgS0VZKSA8YnVp
+bGRAZG9jdW1lbnRmb3VuZGF0aW9uLm9yZz6JAjcEEwEKACEFAkyzEr0CGwMFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ9DSh76/urqOc4w//X+74QlyRalcuLNw3
+oJKB1+1z6xxhhpwg1kw5cMMrGu0w0YoPvLDKaiS02DdkIaXDECcQTOoEh7/bYbZq
+6OtE1WyxqHYYOPK5yul5FRwZ5k5HZ7pDFcKCQ72UgWhz+QznRhgZ0jwEWl5Ln3rw
+JpSynIvTXHmQogId0xmcrNQPyckzzugGx4qZFinSOmDGwTgG14NU3vat2iek37Ph
+BLh5V8ohlEoccwwPejtKEWQudg0Q8K7uBuqLUhnJoZodEytqpOvtysuPtGxGXnmD
+7oXtBVEF3X6eFRXDIp81cx2isHK4Krf4z4T9KUimNLHjWRa+ZQtp2pZLHQlblfsn
+CUf6TYZ0Yi909EhcM/hxAgBZXellOCQ/8U2cJsTUyN5Dp1wbf6X0uK4uaed1/037
+EGLAO6PP6WQz6jWd1/hhsQ5oAmdjkzlMFEfKNeIIDuKMOjXcTvM8/KRXhufwICvS
+FBlSIveHfDFWCvOVgq0VjAY7NFMFKRUnRHB58qBamtyhOyscRIvT5QH8HYfUA/YN
+l9FguczYUIQi3t+H1hoHIywdtmRuhYx5WlIUe8FO9QD5RMPbBjVbkCYgdHdxgnJD
+KCoRGsoKlLB7UZc4Ak9j6plZbYtFRonm2MjU4zxblCFNuEqVQ0V/y6/OIGpBYF9Y
+aEAtTgEJd9OmmDCM3d8O0zZHYma5Ag0ETLMSvQEQAMDp0HxSDWd+2Od/aJutCMFe
+8tfw7+nP9gfHOCUqesb88QvRMJgVY6z1aNdMllxTKlsxUiuA6uNcrUAkzDp/qRWR
+58rWIO642PLifng3urJ1cDbSKC+K4RHpQC+hXllMKLqq8dwNy1LO4fPo9SdtUF4B
+ev6enKmo4yCiOGv2tvztPh9gMGYoDncaOsS0t2UPr2MMQIVUmmIzfJBkdOxbZiWO
+doeNbWsYJHQaO+Ahal6SjPHKzhdjeXhZzHl1vqeDkV4MXHprrOwXNXwPiEpkZe2O
+dc7yaMkQc0k8WRrfKHApbnwDx6Mi8HYaf+LvRq7P0eMO9osD1q44wQQvVzk199zp
+MMHS5/kAv7RBNmDOSJQIZ4zT4lzRDODjMf01Ljn02zon12GfJo0WbbpmLulta7uj
+HgMrUU54by8WPFGW0fljXiDX0EpkHhxUsUsfaNfBsFnE+sRxQjNF/ljvofkyApI2
+1OjtEa9krwvgDqaXsL+a2076OsoFpORlTZ30REb0eRS6rEt8M+7s4xTaA7GFxlY/
+N+bnaM8m+ItygfFHHW4H0wLbbgajDeooSTgaheVNF5V9HS0EkN4MNVvtJH7J6drd
+iR1QVhX87n7+JtQzTtCOyfeKjaB+kcbAm/2VOFOeHdig5+BygpXt3IixVq72xmGz
+h0jhY565MjXrqg5O3pvLABEBAAGJAh8EGAEKAAkFAkyzEr0CGwwACgkQ9DSh76/u
+rqPaeg//avI2/a94XlSYtSZb2hVdW3qa9AEypQurqtVrKJfEKFV+ZQBPXbPRy8Mz
+5LMEH1sfD6B4SVGIGJ8opSyieJkcKIke+GMekTWvSqDpFOgY2rw7eHNn/33ZJs3O
+zQOyWz8smE/AIM/5lyiVGuSlU7RjYncf1V9bIBc91q9Edqk4IYUo/7W+yafC0VW/
+8oHUFYjHNaujiOsEoLiXsh9Y0R/6Jxs6fvE4XbCANV/ecN5UX+9BBrNZNN/9GbNr
+6CYGZ57M2f1Pgywy/XvOnEPnJ8aWXUyGLqq34KvMPFPSOeAmFbkFEsB4mdDMFaDw
+rzziiZE/zS8/nKiH4X2JgmLgFsadEihdfYxeDcGbhREK/qA1f3bGnr1j05V07yko
+2FFZdiOr4OgiT5ymgwVUXQ2Aiz+J/C8URjfpcPxetmuDQT9AYfgmMKPNVXPFWuNQ
+dzN5GZbI+E1/cb5+uLNknvjngw2G4PR/4uPHX1HCSftlNawBqWzyun1k+B7/u3Oe
+FebWXcdqSmZuLQ7l0Pkuz/Nlp6M6cKpceL+9zCgaiR5+v9h94VvtXKd/mw9ZLACc
+VcOANiwCtsJP3lt7jRSHtkuUe6vUm5tLS582RfXxoI1BlPjNtG9xAQ3JKBHIXbal
+T18pAFO3t74cxg3h0iI1G51F3oL0DwILP2MBBmardVEp5CMnB/M=
+=1iQB
+-----END PGP PUBLIC KEY BLOCK-----
--- a/SPECS/libreoffice.spec
+++ b/SPECS/libreoffice.spec
@ -57,7 +57,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        12%{?libo_prerelease}%{?dist}.alma.1
+Release:        13%{?libo_prerelease}%{?dist}.alma.1
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -289,7 +289,6 @@ Patch33: 0001-set-Referer-on-loading-IFrames.patch
 Patch34: 0002-put-floating-frames-under-managed-links-control.patch
 Patch35: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
 Patch36: 0001-disable-script-dump.patch
-# Patches were taken from the latest OL relase
 Patch37: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
 Patch38: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
 Patch39: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
@ -297,6 +296,7 @@ Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot
 Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
 Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
 Patch43: 0006-CVE-2023-6186-backporting.patch
+Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch

 # not upstreamed
 Patch500: 0001-disable-libe-book-support.patch
@ -1039,6 +1039,9 @@ rm -rf git-hooks */git-hooks
 # apply patches
 %autopatch -M 99
 %if 0%{?rhel}
+# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
+# From https://src.fedoraproject.org/rpms/python3.9/pull-request/60
+# Make at least a local rhpkg prep on Fedora work..
 %{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
 %apply_patch -q %{PATCH500}
 %endif
@ -1058,10 +1061,10 @@ sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
 sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
 sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
 %endif
+# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
 sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
 sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx

-
 git commit -q -a -m 'temporarily disable failing tests'

 # Seeing .git dir makes some of the build tools change their behavior.
@ -2286,20 +2289,16 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit

 %changelog
-* Thu Mar 21 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-12.alma.1
- escape url passed to gstreamer
- add some protocols that don't make sense as floating frame
- targets
- warn about exotic protocols as well
- default to ignoring libreoffice special-purpose protocols
- in calc hyperlink
- reuse AllowedLinkProtocolFromDocument in writer
- reuse AllowedLinkProtocolFromDocument in impress/draw
- CVE-2023-6186 backporting
-
-* Thu Sep 21 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-11.alma
+* Wed Jul 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-13.alma.1
 - Debrand for AlmaLinux

+* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-13
+- Fix CVE-2024-3044 add notify for script use
+
+* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
+- Fix CVE-2023-6185 escape url passed to gstreamer
+- Fix CVE-2023-6186 check link target protocols
+
 * Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
 - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula
  Parsing