- CVE-2024-3044 add notify for script use

2024-07-03 12:36:59 +03:00 · 2024-07-03 12:36:59 +03:00 · c3f388ce68
commit c3f388ce68
parent 50fd5124e0
2 changed files with 35 additions and 1 deletions
--- a/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch
+++ b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch
@ -0,0 +1,29 @@
+From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
+From: Caolán McNamara <caolan.mcnamara@collabora.com>
+Date: Wed, 27 Mar 2024 17:07:20 +0000
+Subject: [PATCH] add notify for script use
+
+Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
+Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
+Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+---
+
+diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
+index 226caca..bcf67c4 100644
+--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
+@@ -231,6 +231,9 @@
+ 
+     if( maData.mbValid )
+         maData.mbValid = !sEventName.isEmpty();
+
+    if (!maData.msMacroName.isEmpty())
+        rImp.NotifyMacroEventRead();
+ }
+ 
+ SvXMLImportContextRef SdXMLEventContext::CreateChildContext( sal_uInt16 nPrefix, const OUString& rLocalName, const Reference< XAttributeList>& xAttrList )
--- a/SPECS/libreoffice.spec
+++ b/SPECS/libreoffice.spec
@ -54,7 +54,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.2
-Release:        16%{?libo_prerelease}%{?dist}.alma.1
+Release:        17%{?libo_prerelease}%{?dist}.alma.1
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -301,6 +301,8 @@ Patch56: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot
 Patch57: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
 Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
 Patch59: 0006-CVE-2023-6186-backporting.patch
+# https://gitlab.com/redhat/centos-stream/rpms/libreoffice/-/commit/95b2641468a862d1c14510ba087ccdceab80951b
+Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch

 %if 0%{?rhel}
 # not upstreamed
@ -2296,6 +2298,9 @@ done
 %{_includedir}/LibreOfficeKit

 %changelog
+* Wed Jul 03 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:6.4.7.2-17.alma.1
+- CVE-2024-3044 add notify for script use
+
 * Fri Mar 29 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:6.4.7.2-16.alma.1
 - escape url passed to gstreamer
 - add some protocols that don't make sense as floating frame