README.md | 13 +++++++++++++ configure.ac | 2 +- scripting/source/pyprov/pythonscript.py | 17 +++++++++++++++-- 3 files changed, 29 insertions(+), 3 deletions(-)
New commits: commit 31b3b6737b7523651f689242c6e03d71bd5ecf85 Author: Jean-Sebastien BEVILACQUA <reali...@gmail.com> AuthorDate: Wed Sep 18 14:30:29 2019 +0200 Commit: Jean-Sebastien BEVILACQUA <reali...@gmail.com> CommitDate: Thu Sep 19 17:49:44 2019 +0200 bump product versionto 6.1.6.3.M13 Change-Id: I60dad7c6c861e8439144d346a6ad619d2dba2ea5 diff --git a/README.md b/README.md index 761b043465b3..d164e4784078 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,13 @@ The most recent version reviewed by MIMO can be downloaded at <https://www.mim.o ## Release notes +### `6.1.6.3.M13` + +* Fix [acim#1418](https://acim.08000linux.com/issues/1418): Nouvelles failles dans libreoffice by fixing two CVE: + - CVE-2019-9855 + - CVE-2019-9854 + + ### `6.1.6.3.M12` * Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande d'intégration du patch de sécurité pour LibreOffice by fixing two CVE: diff --git a/configure.ac b/configure.ac index 21c7b66be72f..ce06dbb534d5 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([LibreOffice],[6.1.6.3.M12],[],[],[http://documentfoundation.org/]) +AC_INIT([LibreOffice],[6.1.6.3.M13],[],[],[http://documentfoundation.org/]) AC_PREREQ([2.59]) commit 8f2f6153641636d7edf3c2e3f5ec113fc110dc43 Author: Jean-Sebastien BEVILACQUA <reali...@gmail.com> AuthorDate: Wed Sep 18 14:27:57 2019 +0200 Commit: Jean-Sebastien BEVILACQUA <reali...@gmail.com> CommitDate: Thu Sep 19 17:49:37 2019 +0200 Update README with m12 version Change-Id: I02364f7c6b9f975022f66540034f9ca6df49b248 diff --git a/README.md b/README.md index 9cfaabb4d5b2..761b043465b3 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,12 @@ The most recent version reviewed by MIMO can be downloaded at <https://www.mim.o ## Release notes +### `6.1.6.3.M12` + +* Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande d'intégration du patch de sécurité pour LibreOffice by fixing two CVE: + - CVE-2019-9848 + - CVE-2019-9849 + ### `6.1.6.3.M11` * Revert `tosca#24996: Recolor the shadow in the renderer`: the patch generated regressions commit e18d99c7d666111a8cc7e676bf36427ee1eb49d7 Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Mon Aug 19 11:27:15 2019 +0200 Commit: Jean-Sebastien BEVILACQUA <reali...@gmail.com> CommitDate: Thu Sep 19 17:49:27 2019 +0200 Improve check for absolute URI Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346 Reviewed-on: https://gerrit.libreoffice.org/77706 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728) Reviewed-on: https://gerrit.libreoffice.org/77724 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 52f7aa318722bd17c77ee5c4fa8307936e7b53af) Reviewed-on: https://gerrit.libreoffice.org/78146 Reviewed-by: Michael Stahl <michael.st...@cib.de> Tested-by: Michael Stahl <michael.st...@cib.de> diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py index e99c002cde4e..828a6bcd6f3c 100644 --- a/scripting/source/pyprov/pythonscript.py +++ b/scripting/source/pyprov/pythonscript.py @@ -235,7 +235,7 @@ class MyUriHelper: log.debug( message ) raise RuntimeException( message ) - if xFileUri.isAbsolute(): + if not xFileUri.hasRelativePath(): message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'" log.debug( message ) raise RuntimeException( message ) commit a766b22ff6f5859d1d90bcebd7d852a2ff443c55 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Fri Aug 16 10:18:34 2019 +0100 Commit: Jean-Sebastien BEVILACQUA <reali...@gmail.com> CommitDate: Thu Sep 19 17:49:20 2019 +0200 an absolute uri is invalid input Change-Id: I392be4282be8ed67e3451b28d2c9f22acd4c87fc Reviewed-on: https://gerrit.libreoffice.org/77564 Reviewed-by: Stephan Bergmann <sberg...@redhat.com> Tested-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit 3c076e54f736980e208f5c27ecf179aa90aea103) Reviewed-on: https://gerrit.libreoffice.org/77572 Tested-by: Jenkins (cherry picked from commit 5445f7ffd09e891b220dabb19cd013bcf591fc08) Reviewed-on: https://gerrit.libreoffice.org/78145 Reviewed-by: Michael Stahl <michael.st...@cib.de> Tested-by: Michael Stahl <michael.st...@cib.de> diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py index d7bfdd8a4c29..e99c002cde4e 100644 --- a/scripting/source/pyprov/pythonscript.py +++ b/scripting/source/pyprov/pythonscript.py @@ -235,6 +235,11 @@ class MyUriHelper: log.debug( message ) raise RuntimeException( message ) + if xFileUri.isAbsolute(): + message = "pythonscript: an absolute uri is invalid '" + sFileUri+ "'" + log.debug( message ) + raise RuntimeException( message ) + # absolute path to the .py file xAbsScriptUri = self.m_uriRefFac.makeAbsolute(xBaseUri, xFileUri, True, RETAIN) sAbsScriptUri = xAbsScriptUri.getUriReference() commit 2e562dd079ada5e428b761daaec06bebed64632a Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Aug 12 20:32:54 2019 +0100 Commit: Jean-Sebastien BEVILACQUA <reali...@gmail.com> CommitDate: Thu Sep 19 17:49:14 2019 +0200 construct final url from parsed output Change-Id: Ifd733625a439685ad307603eb2b00bf463eb9ca9 Reviewed-on: https://gerrit.libreoffice.org/77373 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit 87959e5deea6d33cd35dbb3b8423056f9566710e) Reviewed-on: https://gerrit.libreoffice.org/77377 (cherry picked from commit c03acb9b8a97254cfcf7c45ef920b93b7f1dd344) Reviewed-on: https://gerrit.libreoffice.org/77404 Reviewed-by: Michael Stahl <michael.st...@cib.de> Tested-by: Michael Stahl <michael.st...@cib.de> diff --git a/scripting/source/pyprov/pythonscript.py b/scripting/source/pyprov/pythonscript.py index f1b2bfc75ee3..d7bfdd8a4c29 100644 --- a/scripting/source/pyprov/pythonscript.py +++ b/scripting/source/pyprov/pythonscript.py @@ -222,7 +222,13 @@ class MyUriHelper: sStorageUri = xStorageUri.getName().replace( "|", "/" ); # path to the .py file, relative to the base - sFileUri = sStorageUri[0:sStorageUri.find("$")] + funcNameStart = sStorageUri.find("$") + if funcNameStart != -1: + sFileUri = sStorageUri[0:funcNameStart] + sFuncName = sStorageUri[funcNameStart+1:] + else: + sFileUri = sStorageUri + xFileUri = self.m_uriRefFac.parse(sFileUri) if not xFileUri: message = "pythonscript: invalid relative uri '" + sFileUri+ "'" @@ -239,7 +245,9 @@ class MyUriHelper: log.debug( message ) raise RuntimeException( message ) - ret = sBaseUri + sStorageUri + ret = sAbsScriptUri + if funcNameStart != -1: + ret = ret + "$" + sFuncName log.debug( "converting scriptURI="+scriptURI + " to storageURI=" + ret ) return ret except UnoException as e: _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits