[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-6-1' - 5 commits - configure.ac README.md scripting/source
Jean-Sebastien BEVILACQUA (via logerrit)
logerrit at kemper.freedesktop.org
Thu Sep 19 15:50:46 UTC 2019
README.md | 13 +++++++++++++
configure.ac | 2 +-
scripting/source/pyprov/pythonscript.py | 17 +++++++++++++++--
3 files changed, 29 insertions(+), 3 deletions(-)
New commits:
commit 31b3b6737b7523651f689242c6e03d71bd5ecf85
Author: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
AuthorDate: Wed Sep 18 14:30:29 2019 +0200
Commit: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
CommitDate: Thu Sep 19 17:49:44 2019 +0200
bump product versionto 6.1.6.3.M13
Change-Id: I60dad7c6c861e8439144d346a6ad619d2dba2ea5
diff --git a/README.md b/README.md
index 761b043465b3..d164e4784078 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,13 @@ The most recent version reviewed by MIMO can be downloaded at <https://www.mim.o
## Release notes
+### `6.1.6.3.M13`
+
+* Fix [acim#1418](https://acim.08000linux.com/issues/1418): Nouvelles failles dans libreoffice by fixing two CVE:
+ - CVE-2019-9855
+ - CVE-2019-9854
+
+
### `6.1.6.3.M12`
* Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande d'intégration du patch de sécurité pour LibreOffice by fixing two CVE:
diff --git a/configure.ac b/configure.ac
index 21c7b66be72f..ce06dbb534d5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea.
-AC_INIT([LibreOffice],[6.1.6.3.M12],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.1.6.3.M13],[],[],[http://documentfoundation.org/])
AC_PREREQ([2.59])
commit 8f2f6153641636d7edf3c2e3f5ec113fc110dc43
Author: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
AuthorDate: Wed Sep 18 14:27:57 2019 +0200
Commit: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
CommitDate: Thu Sep 19 17:49:37 2019 +0200
Update README with m12 version
Change-Id: I02364f7c6b9f975022f66540034f9ca6df49b248
diff --git a/README.md b/README.md
index 9cfaabb4d5b2..761b043465b3 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,12 @@ The most recent version reviewed by MIMO can be downloaded at <https://www.mim.o
## Release notes
+### `6.1.6.3.M12`
+
+* Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande d'intégration du patch de sécurité pour LibreOffice by fixing two CVE:
+ - CVE-2019-9848
+ - CVE-2019-9849
+
### `6.1.6.3.M11`
* Revert `tosca#24996: Recolor the shadow in the renderer`: the patch generated regressions
commit e18d99c7d666111a8cc7e676bf36427ee1eb49d7
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Mon Aug 19 11:27:15 2019 +0200
Commit: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
CommitDate: Thu Sep 19 17:49:27 2019 +0200
Improve check for absolute URI
Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346
Reviewed-on: https://gerrit.libreoffice.org/77706
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728)
Reviewed-on: https://gerrit.libreoffice.org/77724
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 52f7aa318722bd17c77ee5c4fa8307936e7b53af)
Reviewed-on: https://gerrit.libreoffice.org/78146
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
Tested-by: Michael Stahl <Michael.Stahl at cib.de>
diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index e99c002cde4e..828a6bcd6f3c 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -235,7 +235,7 @@ class MyUriHelper:
log.debug( message )
raise RuntimeException( message )
- if xFileUri.isAbsolute():
+ if not xFileUri.hasRelativePath():
message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'"
log.debug( message )
raise RuntimeException( message )
commit a766b22ff6f5859d1d90bcebd7d852a2ff443c55
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Aug 16 10:18:34 2019 +0100
Commit: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
CommitDate: Thu Sep 19 17:49:20 2019 +0200
an absolute uri is invalid input
Change-Id: I392be4282be8ed67e3451b28d2c9f22acd4c87fc
Reviewed-on: https://gerrit.libreoffice.org/77564
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
Tested-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 3c076e54f736980e208f5c27ecf179aa90aea103)
Reviewed-on: https://gerrit.libreoffice.org/77572
Tested-by: Jenkins
(cherry picked from commit 5445f7ffd09e891b220dabb19cd013bcf591fc08)
Reviewed-on: https://gerrit.libreoffice.org/78145
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
Tested-by: Michael Stahl <Michael.Stahl at cib.de>
diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index d7bfdd8a4c29..e99c002cde4e 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -235,6 +235,11 @@ class MyUriHelper:
log.debug( message )
raise RuntimeException( message )
+ if xFileUri.isAbsolute():
+ message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'"
+ log.debug( message )
+ raise RuntimeException( message )
+
# absolute path to the .py file
xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN)
sAbsScriptUri = xAbsScriptUri.getUriReference()
commit 2e562dd079ada5e428b761daaec06bebed64632a
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Aug 12 20:32:54 2019 +0100
Commit: Jean-Sebastien BEVILACQUA <realitix at gmail.com>
CommitDate: Thu Sep 19 17:49:14 2019 +0200
construct final url from parsed output
Change-Id: Ifd733625a439685ad307603eb2b00bf463eb9ca9
Reviewed-on: https://gerrit.libreoffice.org/77373
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 87959e5deea6d33cd35dbb3b8423056f9566710e)
Reviewed-on: https://gerrit.libreoffice.org/77377
(cherry picked from commit c03acb9b8a97254cfcf7c45ef920b93b7f1dd344)
Reviewed-on: https://gerrit.libreoffice.org/77404
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
Tested-by: Michael Stahl <Michael.Stahl at cib.de>
diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py
index f1b2bfc75ee3..d7bfdd8a4c29 100644
--- a/scripting/source/pyprov/pythonscript.py
+++ b/scripting/source/pyprov/pythonscript.py
@@ -222,7 +222,13 @@ class MyUriHelper:
sStorageUri = xStorageUri.getName().replace( "|", "/" );
# path to the .py file, relative to the base
- sFileUri = sStorageUri[0:sStorageUri.find("$")]
+ funcNameStart = sStorageUri.find("$")
+ if funcNameStart != -1:
+ sFileUri = sStorageUri[0:funcNameStart]
+ sFuncName = sStorageUri[funcNameStart+1:]
+ else:
+ sFileUri = sStorageUri
+
xFileUri = self.m_uriRefFac.parse(sFileUri)
if not xFileUri:
message = "pythonscript: invalid relative uri '" + sFileUri+ "'"
@@ -239,7 +245,9 @@ class MyUriHelper:
log.debug( message )
raise RuntimeException( message )
- ret = sBaseUri + sStorageUri
+ ret = sAbsScriptUri
+ if funcNameStart != -1:
+ ret = ret + "$" + sFuncName
log.debug( "converting scriptURI="+scriptURI + " to storageURI=" + ret )
return ret
except UnoException as e:
More information about the Libreoffice-commits
mailing list