rpms/libreoffice
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2024-3044 add notify for script use

Browse Source 
Resolves: RHEL-36418
This commit is contained in:
Eike Rathke 2024-06-07 12:47:03 +02:00
parent 15f0103f76
commit 95b2641468
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
0001-CVE-2024-3044-add-notify-for-script-use.patch Normal file
View File

@ -0,0 +1,29 @@
From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 27 Mar 2024 17:07:20 +0000
Subject: [PATCH] add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
index 226caca..bcf67c4 100644
--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
@@ -212,6 +212,9 @@
if( maData.mbValid )
maData.mbValid = !sEventName.isEmpty();
+
+ if (!maData.msMacroName.isEmpty())
+ rImp.NotifyMacroEventRead();
}
css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext(

6
libreoffice.spec
View File

@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice Name: libreoffice
Epoch: 1 Epoch: 1
Version: %{libo_version}.1 Version: %{libo_version}.1
Release: 12%{?libo_prerelease}%{?dist} Release: 13%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/ URL: http://www.libreoffice.org/
@ -296,6 +296,7 @@ Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot
Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Patch43: 0006-CVE-2023-6186-backporting.patch Patch43: 0006-CVE-2023-6186-backporting.patch
Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch
# not upstreamed # not upstreamed
Patch500: 0001-disable-libe-book-support.patch Patch500: 0001-disable-libe-book-support.patch
@ -2299,6 +2300,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
%{_includedir}/LibreOfficeKit %{_includedir}/LibreOfficeKit
%changelog %changelog
* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-13
- Fix CVE-2024-3044 add notify for script use
* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12 * Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
- Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6185 escape url passed to gstreamer
- Fix CVE-2023-6186 check link target protocols - Fix CVE-2023-6186 check link target protocols