Import from CS git

This commit is contained in:
eabdullin 2025-03-17 07:36:34 +00:00
parent 938de2979d
commit 857adf2f09
2 changed files with 43 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From b79d62375e7b249c7b351b4b32a47ba310ac5fe9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Thu, 30 Jan 2025 20:37:38 +0000
Subject: [PATCH] Filter out more unwanted command URIs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181116
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
erAck: backported to 7.1.8.1
---
desktop/source/app/cmdlineargs.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index 93d9e87..70b9f05 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
if (nURIlen < 0)
nURIlen = rest2.getLength();
auto const uri = rest2.copy(0, nURIlen);
- if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+ if (INetURLObject(uri).IsExoticProtocol()) {
// Let the "Open" machinery process the full command URI (leading to failure, by intention,
// as the "Open" machinery does not know about those command URI schemes):
curEvt = CommandLineEvent::Open;
--
2.48.1

View File

@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
Release: 18%{?libo_prerelease}%{?dist}
Release: 19%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/
@ -302,6 +302,7 @@ Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra
Patch59: 0006-CVE-2023-6186-backporting.patch
Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
Patch62: 0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
%if 0%{?rhel}
# not upstreamed
@ -2308,6 +2309,9 @@ done
%{_includedir}/LibreOfficeKit
%changelog
* Tue Mar 11 2025 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-19
- Fix CVE-2025-1080 Filter out more unwanted command URIs
* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
high security