Debrand for AlmaLinux

2025-04-02 12:59:48 +00:00 · 2025-04-02 12:59:48 +00:00 · d5e7f0e692
commit d5e7f0e692
parent 9200862daf 358dbdeea9
2 changed files with 57 additions and 13 deletions
--- a/SOURCES/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
+++ b/SOURCES/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
@ -0,0 +1,39 @@
+From b79d62375e7b249c7b351b4b32a47ba310ac5fe9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
+Date: Thu, 30 Jan 2025 20:37:38 +0000
+Subject: [PATCH] Filter out more unwanted command URIs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
+Tested-by: Jenkins
+Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
+(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181116
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+
+erAck: backported to 7.1.8.1
+---
+ desktop/source/app/cmdlineargs.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
+index 93d9e87..70b9f05 100644
+--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
+@@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
+     if (nURIlen < 0)
+         nURIlen = rest2.getLength();
+     auto const uri = rest2.copy(0, nURIlen);
+-    if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+    if (INetURLObject(uri).IsExoticProtocol()) {
+         // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+         // as the "Open" machinery does not know about those command URI schemes):
+         curEvt = CommandLineEvent::Open;
+-- 
+2.48.1
+
--- a/SPECS/libreoffice.spec
+++ b/SPECS/libreoffice.spec
@ -57,7 +57,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        14%{?libo_prerelease}%{?dist}.alma.1
+Release:        15%{?libo_prerelease}%{?dist}.alma.1
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -298,6 +298,7 @@ Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra
 Patch43: 0006-CVE-2023-6186-backporting.patch
 Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch
 Patch45: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
+Patch46: 0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch

 # not upstreamed
 Patch500: 0001-disable-libe-book-support.patch
@ -391,7 +392,7 @@ Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}

 %description base
-GUI database front-end for LibreOffice. Allows creation and management of
+GUI database front-end for LibreOffice. Allows creation and management of 
 databases through a GUI.

 %if 0%{?fedora}
@ -477,7 +478,7 @@ BuildArch: noarch

 %description %{fontname}-fonts
 A dingbats font, OpenSymbol, suitable for use by LibreOffice for bullets and
-mathematical symbols.
+mathematical symbols. 

 %package writer
 Summary: LibreOffice Word Processor Application
@ -491,7 +492,7 @@ Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}
 The LibreOffice Word Processor application.

 %package emailmerge
-Summary: Email mail-merge component for LibreOffice
+Summary: Email mail-merge component for LibreOffice 
 Requires: %{name}-writer%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}

@ -541,7 +542,7 @@ Requires: %{name}-pdfimport%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-pyuno%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}

-%description math
+%description math 
 The LibreOffice Equation Editor Application.

 %package graphicfilter
@ -1037,6 +1038,7 @@ rm -rf git-hooks */git-hooks
 %global __scm git_am
 %__scm_setup_git_am

+
 # apply patches
 %autopatch -M 99
 %if 0%{?rhel}
@ -1264,7 +1266,7 @@ pushd %{buildroot}%{baseinstdir}/share/autocorr

 %make_autocorr_aliases -l en-GB en-AG en-AU en-BS en-BW en-BZ en-CA en-DK en-GH en-HK en-IE en-IN en-JM en-NG en-NZ en-SG en-TT
 %make_autocorr_aliases -l en-US en-PH
-#en-ZA exists and has a good autocorrect file with two or three extras that make sense for
+#en-ZA exists and has a good autocorrect file with two or three extras that make sense for 
 #neighbouring english speaking territories
 %make_autocorr_aliases -l en-ZA en-NA en-ZW
 %if %{with langpacks}
@ -1324,7 +1326,7 @@ rm -f %{buildroot}%{baseinstdir}/CREDITS.fodt %{buildroot}%{baseinstdir}/LICENSE
 ln -sr %{buildroot}%{lodatadocdir}/CREDITS.fodt %{buildroot}%{baseinstdir}/CREDITS.fodt
 ln -sr %{buildroot}%{lodatadocdir}/LICENSE.html %{buildroot}%{baseinstdir}/LICENSE.html

-#ensure that no sneaky un-prelinkable, un-fpic or non executable shared libs
+#ensure that no sneaky un-prelinkable, un-fpic or non executable shared libs 
 #have snuck through
 pic=0
 executable=0
@ -1513,13 +1515,13 @@ export DESTDIR=%{buildroot}
 #
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-writer.appdata.xml \
  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/a.png \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/b.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-writer/b.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-calc.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-calc/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-calc/a.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-draw.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-draw/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-draw/a.png 
 appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-impress.appdata.xml \
-  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-impress/a.png
+  https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-impress/a.png 
 %endif
 %if 0%{?flatpak}
 # Assemble the libreoffice-*.appdata.xml files into a single
@ -2290,9 +2292,12 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit

 %changelog
-* Mon Aug 19 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-14.alma.1
+* Wed Apr 02 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:7.1.8.1-15.alma.1
 - Debrand for AlmaLinux

+* Mon Mar 10 2025 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-15
+- Fix CVE-2025-1080 Filter out more unwanted command URIs
+
 * Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-14
 - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
  high security
@ -4451,7 +4456,7 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :

 * Wed Oct 19 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-14
 - Related: rhbz#743750 addXineramaScreenUnique issue
-
+ 
 * Fri Oct 07 2011 Stephan Bergmann <sbergman@redhat.com> - 3.4.3.2-13
 - Patches to build with GCC 6.4.1