https://bz.apache.org/ooo/show_bug.cgi?id=127861
--- Comment #10 from [email protected] --- (In reply to Matthias Seidel from comment #9) > Maybe it should align with: > > https://github.com/apache/openoffice/commit/ > cf914f842e0d4f6546c2c6edefa5660411c62b42 > > and > > https://github.com/apache/openoffice/commit/ > 611fcdab0900c77ff92ad579f9da6d63d2aca818 > > ? > > Am I wrong or are there parts missing? If we look at the files changed by the bad commit eab2447c44324e4faff5275517dba43fafb93341, and do a: $ git diff -w AOO41X..trunk PATH/TO/FILE for all the files changed by that commit, they are all the same (barring comment changes), except for this one: ---snip--- $ git diff -w AOO41X..trunk main/svtools/source/misc/embedhlp.cxx diff --git a/main/svtools/source/misc/embedhlp.cxx b/main/svtools/source/misc/embedhlp.cxx index c08bb364ba..c82a8f9fa8 100644 --- a/main/svtools/source/misc/embedhlp.cxx +++ b/main/svtools/source/misc/embedhlp.cxx @@ -709,7 +709,7 @@ SvStream* EmbeddedObjectRef::GetGraphicStream( sal_Bool bUpdate ) const if ( !xStream.is() ) { RTL_LOGFILE_CONTEXT_TRACE( aLog, "getting stream from object" ); - bool bUserAllowsLinkUpdate(true); + bool bUserAllowsLinkUpdate(false); const comphelper::EmbeddedObjectContainer* pContainer = GetContainer(); if(pContainer) ---snip--- Now if on trunk I change that "false" to "true" like in AOO41X, it fixes this bug - the equation shows when inserted. But how did bUserAllowsLinkUpdate become "false" in the first place? It was originally "true", and commit eab2447c44324e4faff5275517dba43fafb93341 changed it to "false" on trunk but NOT on AOO41X!!! AOO41X remained on "true" from 2014 till present day!!! Why? - Was the change to false made on the wrong variable, or wrong file? - Was it meant to be false on AOO41X too but never set to false? - What was the point of these patches in the first place? They look related to some security fix. If so, is AOO41X still vulnerable? -- You are receiving this mail because: You are the assignee for the issue.
