https://bz.apache.org/ooo/show_bug.cgi?id=127861

--- Comment #10 from [email protected] ---
(In reply to Matthias Seidel from comment #9)
> Maybe it should align with:
> 
> https://github.com/apache/openoffice/commit/
> cf914f842e0d4f6546c2c6edefa5660411c62b42
> 
> and
> 
> https://github.com/apache/openoffice/commit/
> 611fcdab0900c77ff92ad579f9da6d63d2aca818
> 
> ?
> 
> Am I wrong or are there parts missing?

If we look at the files changed by the bad commit
eab2447c44324e4faff5275517dba43fafb93341, and do a:

$ git diff -w AOO41X..trunk PATH/TO/FILE

for all the files changed by that commit, they are all the same (barring
comment changes), except for this one:

---snip---
$ git diff -w AOO41X..trunk main/svtools/source/misc/embedhlp.cxx
diff --git a/main/svtools/source/misc/embedhlp.cxx
b/main/svtools/source/misc/embedhlp.cxx
index c08bb364ba..c82a8f9fa8 100644
--- a/main/svtools/source/misc/embedhlp.cxx
+++ b/main/svtools/source/misc/embedhlp.cxx
@@ -709,7 +709,7 @@ SvStream* EmbeddedObjectRef::GetGraphicStream( sal_Bool
bUpdate ) const
     if ( !xStream.is() )
     {
                RTL_LOGFILE_CONTEXT_TRACE( aLog, "getting stream from object"
);
-        bool bUserAllowsLinkUpdate(true);
+        bool bUserAllowsLinkUpdate(false);
         const comphelper::EmbeddedObjectContainer* pContainer =
GetContainer();

         if(pContainer)
---snip---

Now if on trunk I change that "false" to "true" like in AOO41X, it fixes this
bug - the equation shows when inserted.

But how did bUserAllowsLinkUpdate become "false" in the first place?

It was originally "true", and commit eab2447c44324e4faff5275517dba43fafb93341
changed it to "false" on trunk but NOT on AOO41X!!! AOO41X remained on "true"
from 2014 till present day!!!

Why?
- Was the change to false made on the wrong variable, or wrong file?
- Was it meant to be false on AOO41X too but never set to false?
- What was the point of these patches in the first place? They look related to
some security fix. If so, is AOO41X still vulnerable?

-- 
You are receiving this mail because:
You are the assignee for the issue.

Reply via email to