diff --git a/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch new file mode 100644 index 0000000..d9a1685 --- /dev/null +++ b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch @@ -0,0 +1,29 @@ +From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001 +From: Caolán McNamara +Date: Wed, 27 Mar 2024 17:07:20 +0000 +Subject: [PATCH] add notify for script use + +Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410 +Tested-by: Jenkins CollaboraOffice +Reviewed-by: Miklos Vajna +(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419 +Tested-by: Caolán McNamara +Reviewed-by: Caolán McNamara +--- + +diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx +index 226caca..bcf67c4 100644 +--- a/xmloff/source/draw/eventimp.cxx ++++ b/xmloff/source/draw/eventimp.cxx +@@ -212,6 +212,9 @@ + + if( maData.mbValid ) + maData.mbValid = !sEventName.isEmpty(); ++ ++ if (!maData.msMacroName.isEmpty()) ++ rImp.NotifyMacroEventRead(); + } + + css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext( diff --git a/SPECS/libreoffice.spec b/SPECS/libreoffice.spec index f87b3d8..a524c3a 100644 --- a/SPECS/libreoffice.spec +++ b/SPECS/libreoffice.spec @@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite Name: libreoffice Epoch: 1 Version: %{libo_version}.1 -Release: 12%{?libo_prerelease}%{?dist}.inferit +Release: 13%{?libo_prerelease}%{?dist}.inferit License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 URL: http://www.libreoffice.org/ @@ -306,6 +306,7 @@ Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch Patch43: 0006-CVE-2023-6186-backporting.patch +Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch # MSVSphere Patch50: 0001-Cleanup-vendor-in-aboutdialog.patch @@ -2312,9 +2313,8 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || : %{_includedir}/LibreOfficeKit %changelog -* Wed Mar 20 2024 Sergey Cherevko - 1:7.1.8.1-12.inferit -- Update to 7.1.8.1-12 -- Rebuilt for MSVSphere 9.3 +* Fri Jun 07 2024 Eike Rathke - 1:7.1.8.1-13 +- Fix CVE-2024-3044 add notify for script use * Fri Mar 08 2024 Eike Rathke - 1:7.1.8.1-12 - Fix CVE-2023-6185 escape url passed to gstreamer