Import from CS git
This commit is contained in:
parent
938de2979d
commit
857adf2f09
@ -0,0 +1,38 @@
|
||||
From b79d62375e7b249c7b351b4b32a47ba310ac5fe9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
|
||||
Date: Thu, 30 Jan 2025 20:37:38 +0000
|
||||
Subject: [PATCH] Filter out more unwanted command URIs
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
|
||||
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
|
||||
Tested-by: Jenkins
|
||||
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
||||
(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
|
||||
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181116
|
||||
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
||||
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
||||
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
||||
|
||||
erAck: backported to 7.1.8.1
|
||||
---
|
||||
desktop/source/app/cmdlineargs.cxx | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
|
||||
index 93d9e87..70b9f05 100644
|
||||
--- a/desktop/source/app/cmdlineargs.cxx
|
||||
+++ b/desktop/source/app/cmdlineargs.cxx
|
||||
@@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
|
||||
if (nURIlen < 0)
|
||||
nURIlen = rest2.getLength();
|
||||
auto const uri = rest2.copy(0, nURIlen);
|
||||
- if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
|
||||
+ if (INetURLObject(uri).IsExoticProtocol()) {
|
||||
// Let the "Open" machinery process the full command URI (leading to failure, by intention,
|
||||
// as the "Open" machinery does not know about those command URI schemes):
|
||||
curEvt = CommandLineEvent::Open;
|
||||
--
|
||||
2.48.1
|
@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
|
||||
Name: libreoffice
|
||||
Epoch: 1
|
||||
Version: %{libo_version}.2
|
||||
Release: 18%{?libo_prerelease}%{?dist}
|
||||
Release: 19%{?libo_prerelease}%{?dist}
|
||||
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
||||
URL: http://www.libreoffice.org/
|
||||
|
||||
@ -302,6 +302,7 @@ Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra
|
||||
Patch59: 0006-CVE-2023-6186-backporting.patch
|
||||
Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
|
||||
Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
|
||||
Patch62: 0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
|
||||
|
||||
%if 0%{?rhel}
|
||||
# not upstreamed
|
||||
@ -2308,6 +2309,9 @@ done
|
||||
%{_includedir}/LibreOfficeKit
|
||||
|
||||
%changelog
|
||||
* Tue Mar 11 2025 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-19
|
||||
- Fix CVE-2025-1080 Filter out more unwanted command URIs
|
||||
|
||||
* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
|
||||
- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
|
||||
high security
|
||||
|
Loading…
Reference in New Issue
Block a user