diff --git a/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch new file mode 100644 index 0000000..ad525fd --- /dev/null +++ b/SOURCES/0001-CVE-2024-3044-add-notify-for-script-use.patch @@ -0,0 +1,29 @@ +From 3c25a1e4885a91b1a2fbfd873633f055caa50745 Mon Sep 17 00:00:00 2001 +From: Caolán McNamara +Date: Wed, 27 Mar 2024 17:07:20 +0000 +Subject: [PATCH] add notify for script use + +Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410 +Tested-by: Jenkins CollaboraOffice +Reviewed-by: Miklos Vajna +(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167421 +Tested-by: Caolán McNamara +Reviewed-by: Caolán McNamara +--- + +diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx +index f9e10c1..fcc36f9 100644 +--- a/xmloff/source/draw/eventimp.cxx ++++ b/xmloff/source/draw/eventimp.cxx +@@ -231,6 +231,9 @@ + + if( maData.mbValid ) + maData.mbValid = !sEventName.isEmpty(); ++ ++ if (!maData.msMacroName.isEmpty()) ++ rImp.NotifyMacroEventRead(); + } + + SvXMLImportContextRef SdXMLEventContext::CreateChildContext( sal_uInt16 nPrefix, const OUString& rLocalName, const Reference< XAttributeList>& xAttrList ) diff --git a/SPECS/libreoffice.spec b/SPECS/libreoffice.spec index a8f7e14..0213716 100644 --- a/SPECS/libreoffice.spec +++ b/SPECS/libreoffice.spec @@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite Name: libreoffice Epoch: 1 Version: %{libo_version}.2 -Release: 16%{?libo_prerelease}%{?dist} +Release: 17%{?libo_prerelease}%{?dist} License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 URL: http://www.libreoffice.org/ @@ -300,6 +300,7 @@ Patch56: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot Patch57: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch Patch59: 0006-CVE-2023-6186-backporting.patch +Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch %if 0%{?rhel} # not upstreamed @@ -2306,6 +2307,9 @@ done %{_includedir}/LibreOfficeKit %changelog +* Fri Jun 07 2024 Eike Rathke - 1:6.4.7.2-17 +- Fix CVE-2024-3044 add notify for script use + * Mon Mar 11 2024 Eike Rathke - 1:6.4.7.2-16 - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols