From b5fb7d3af71b00c9933b2f4794c1d660d42188a5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 20 2020 15:04:13 +0000 Subject: import libreoffice-5.3.6.1-24.el7 --- diff --git a/SOURCES/0001-rhbz-1728763-bg-of-blocks-is-black.patch b/SOURCES/0001-rhbz-1728763-bg-of-blocks-is-black.patch new file mode 100644 index 0000000..cc038ba --- /dev/null +++ b/SOURCES/0001-rhbz-1728763-bg-of-blocks-is-black.patch @@ -0,0 +1,114 @@ +From de56e13f6ddc291f2039cab57e017e9e2dd67016 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 23 Jul 2019 10:38:09 +0100 +Subject: [PATCH] rhbz#1728763 bg of blocks is black + +Change-Id: I31a331c8ada44b6d1424d122b54cbbe91cc8c221 +--- + cppcanvas/source/mtfrenderer/emfplus.cxx | 4 ++-- + cppcanvas/source/mtfrenderer/textaction.cxx | 11 ++++++++++- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/cppcanvas/source/mtfrenderer/emfplus.cxx b/cppcanvas/source/mtfrenderer/emfplus.cxx +index 5a9076e82a0f..8b2059a8d187 100644 +--- a/cppcanvas/source/mtfrenderer/emfplus.cxx ++++ b/cppcanvas/source/mtfrenderer/emfplus.cxx +@@ -1305,7 +1305,7 @@ namespace cppcanvas + ::Color(), + ::Size(), + ::Color(), +- ::Color(), ++ ::Color(COL_AUTO), + text, + 0, + stringLength, +@@ -1621,7 +1621,7 @@ namespace cppcanvas + ::Color(), + ::Size(), + ::Color(), +- ::Color(), ++ ::Color(COL_AUTO), + text, + 0, + glyphsCount, +diff --git a/cppcanvas/source/mtfrenderer/textaction.cxx b/cppcanvas/source/mtfrenderer/textaction.cxx +index ad38d6c8a131..0bb23720b6a5 100644 +--- a/cppcanvas/source/mtfrenderer/textaction.cxx ++++ b/cppcanvas/source/mtfrenderer/textaction.cxx +@@ -766,6 +766,7 @@ namespace cppcanvas + const ::Color& rReliefColor, + const ::basegfx::B2DSize& rShadowOffset, + const ::Color& rShadowColor, ++ const ::Color& rTextFillColor, + const OUString& rText, + sal_Int32 nStartPos, + sal_Int32 nLen, +@@ -778,6 +779,7 @@ namespace cppcanvas + const ::Color& rReliefColor, + const ::basegfx::B2DSize& rShadowOffset, + const ::Color& rShadowColor, ++ const ::Color& rTextFillColor, + const OUString& rText, + sal_Int32 nStartPos, + sal_Int32 nLen, +@@ -834,6 +836,7 @@ namespace cppcanvas + const ::Color& rReliefColor, + const ::basegfx::B2DSize& rShadowOffset, + const ::Color& rShadowColor, ++ const ::Color& rTextFillColor, + const OUString& rText, + sal_Int32 nStartPos, + sal_Int32 nLen, +@@ -852,6 +855,7 @@ namespace cppcanvas + maReliefColor( rReliefColor ), + maShadowOffset( rShadowOffset ), + maShadowColor( rShadowColor ), ++ maTextFillColor( rTextFillColor ), + maTextDirection( rState.textDirection ) + { + initEffectLinePolyPolygon( maLinesOverallSize, +@@ -873,6 +877,7 @@ namespace cppcanvas + const ::Color& rReliefColor, + const ::basegfx::B2DSize& rShadowOffset, + const ::Color& rShadowColor, ++ const ::Color& rTextFillColor, + const OUString& rText, + sal_Int32 nStartPos, + sal_Int32 nLen, +@@ -892,6 +897,7 @@ namespace cppcanvas + maReliefColor( rReliefColor ), + maShadowOffset( rShadowOffset ), + maShadowColor( rShadowColor ), ++ maTextFillColor( rTextFillColor ), + maTextDirection( rState.textDirection ) + { + initEffectLinePolyPolygon( maLinesOverallSize, +@@ -2196,7 +2202,8 @@ namespace cppcanvas + !rState.textUnderlineStyle && + !rState.textStrikeoutStyle && + rReliefColor == aEmptyColor && +- rShadowColor == aEmptyColor ) ++ rShadowColor == aEmptyColor && ++ rTextFillColor == aEmptyColor ) + { + // nope + if( rParms.maTextTransformation.is_initialized() ) +@@ -2231,6 +2238,7 @@ namespace cppcanvas + rReliefColor, + aShadowOffset, + rShadowColor, ++ rTextFillColor, + rText, + nStartPos, + nLen, +@@ -2245,6 +2253,7 @@ namespace cppcanvas + rReliefColor, + aShadowOffset, + rShadowColor, ++ rTextFillColor, + rText, + nStartPos, + nLen, +-- +2.21.0 + diff --git a/SOURCES/CVE-2019-9853.patch b/SOURCES/CVE-2019-9853.patch new file mode 100644 index 0000000..c56ef4c --- /dev/null +++ b/SOURCES/CVE-2019-9853.patch @@ -0,0 +1,89 @@ +From 2c71565673c4750732c7e507d2aaf9c3b1f679df Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Tue, 6 Aug 2019 13:29:22 +0200 +Subject: [PATCH] Properly obtain location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8 +Reviewed-on: https://gerrit.libreoffice.org/77019 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42) +Reviewed-on: https://gerrit.libreoffice.org/77024 +Reviewed-by: Caolán McNamara +Reviewed-by: Michael Stahl +Reviewed-by: Christian Lohmaier +Tested-by: Christian Lohmaier +--- + .../source/protocolhandler/scripthandler.cxx | 9 ++++++-- + sfx2/source/doc/objmisc.cxx | 21 +++++++++++-------- + 2 files changed, 19 insertions(+), 11 deletions(-) + +diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx +index cd82b19..1bc577b 100644 +--- a/scripting/source/protocolhandler/scripthandler.cxx ++++ b/scripting/source/protocolhandler/scripthandler.cxx +@@ -51,6 +51,7 @@ + #include "com/sun/star/uri/XUriReference.hpp" + #include "com/sun/star/uri/UriReferenceFactory.hpp" + #include "com/sun/star/uri/XVndSunStarScriptUrl.hpp" ++#include + + #include + +@@ -146,8 +147,12 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification( + { + try + { +- bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) !=-1 ); +- // TODO: isn't this somewhat strange? This should be a test for a location=document parameter, shouldn't it? ++ css::uno::Reference urifac( ++ css::uri::UriReferenceFactory::create(m_xContext)); ++ css::uno::Reference uri( ++ urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW); ++ auto const loc = uri->getParameter("location"); ++ bool bIsDocumentScript = loc == "document"; + + if ( bIsDocumentScript ) + { +diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx +index 24d131a..87580cb 100644 +--- a/sfx2/source/doc/objmisc.cxx ++++ b/sfx2/source/doc/objmisc.cxx +@@ -1462,19 +1462,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon + OSL_TRACE( "in CallXScript" ); + ErrCode nErr = ERRCODE_NONE; + +- bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 ); +- // TODO: we should parse the URL, and check whether there is a parameter with this name. +- // Otherwise, we might find too much. +- if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) +- return ERRCODE_IO_ACCESSDENIED; +- +- if ( UnTrustedScript(_rScriptURL) ) +- return ERRCODE_IO_ACCESSDENIED; +- + bool bCaughtException = false; + Any aException; + try + { ++ css::uno::Reference urifac( ++ css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext())); ++ css::uno::Reference uri( ++ urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW); ++ auto const loc = uri->getParameter("location"); ++ bool bIsDocumentScript = loc == "document"; ++ if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) ) ++ return ERRCODE_IO_ACCESSDENIED; ++ ++ if ( UnTrustedScript(_rScriptURL) ) ++ return ERRCODE_IO_ACCESSDENIED; ++ + // obtain/create a script provider + Reference< provider::XScriptProvider > xScriptProvider; + Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY ); +-- +2.20.1 + diff --git a/SPECS/libreoffice.spec b/SPECS/libreoffice.spec index 5a7aef8..142bac6 100644 --- a/SPECS/libreoffice.spec +++ b/SPECS/libreoffice.spec @@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite Name: libreoffice Epoch: 1 Version: %{libo_version}.1 -Release: 23%{?libo_prerelease}%{?dist} +Release: 24%{?libo_prerelease}%{?dist} License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0 and CC0 URL: http://www.libreoffice.org/ @@ -286,8 +286,10 @@ Patch56: CVE-2019-9849.patch Patch57: CVE-2019-9850.patch Patch58: CVE-2019-9851.patch Patch59: CVE-2019-9852.patch -Patch60: CVE-2019-9854.patch -Patch61: CVE-2019-9855.patch +Patch60: CVE-2019-9853.patch +Patch61: CVE-2019-9854.patch +Patch62: CVE-2019-9855.patch +Patch63: 0001-rhbz-1728763-bg-of-blocks-is-black.patch %if 0%{?rhel} # not upstreamed @@ -2350,6 +2352,9 @@ done %{_includedir}/LibreOfficeKit %changelog +* Tue Oct 29 2019 Caolán McNamara - 1:5.3.6.1-24 +- Resolves: rhbz#1728763 bg of blocks is black + * Mon Sep 09 2019 Caolán McNamara - 1:5.3.6.1-23 - Resolves: rhbz#1601372 libreoffice fails to build with --nocheck