Accepting request 1186713 from home:mschreiner:branches:LibreOffice:Factory

- Remove recommendation on libreoffice-qt5 to keep the same behaviour as we do for libreoffice-qt6, which is not recommending it by default (bsc#1227145). - Add patch for CVE-2024-5261 (bsc#1226975): * cve-2024-5261.patch - This patch won't be needed when LibreOffice 24.8 is released, as it's been merged upstream. OBS-URL: https://build.opensuse.org/request/show/1186713 OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/libreoffice?expand=0&rev=1175
2024-07-10 23:31:30 +00:00 · 2024-07-10 23:31:30 +00:00 · 610b66b38e
commit 610b66b38e
parent 7543ff5469
3 changed files with 43 additions and 3 deletions
--- a/cve-2024-5261.patch
+++ b/cve-2024-5261.patch
@ -0,0 +1,29 @@
+commit bdb47881a214b659b6102c78e5e082197ecf15c7
+Author: Thorsten Behrens <thorsten.behrens@allotropia.de>
+Date:   Thu May 16 17:43:38 2024 +0200
+
+    Revert "tdf#109347: don't verify SSL certificate for crashreport upload"
+    
+    With recent improvements in libcurl CA usage on Linux, this workaround
+    is no longer needed. See also 11f439b861922b9286b2e47ed326f3508a48d44e
+    
+    This reverts commit ec4229bc49a315f3f17664bb43e61d3b2e13fb87.
+    
+    Change-Id: I09124691687297f3b6ae0b9ca64652809caf3a11
+    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167752
+    Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
+    Tested-by: Jenkins
+    Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
+
+diff --git a/desktop/source/minidump/minidump.cxx b/desktop/source/minidump/minidump.cxx
+index 90d23f51acf3..6e0b0141869d 100644
+--- a/desktop/source/minidump/minidump.cxx
+++ b/desktop/source/minidump/minidump.cxx
+@@ -119,7 +119,6 @@ static bool uploadContent(std::map<std::string, std::string>& parameters, std::s
+ 
+     curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
+     curl_easy_setopt(curl, CURLOPT_USERAGENT, kUserAgent);
+-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
+     // Set proxy information if necessary.
+     if (!proxy.empty())
+     {
--- a/libreoffice.changes
+++ b/libreoffice.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Jul 10 17:49:13 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
+
+- Remove recommendation on libreoffice-qt5 to keep the same behaviour
+  as we do for libreoffice-qt6, which is not recommending it by
+  default (bsc#1227145).
+- Add patch for CVE-2024-5261 (bsc#1226975):
+  * cve-2024-5261.patch
+- This patch won't be needed when LibreOffice 24.8 is released, as
+  it's been merged upstream.
+
 -------------------------------------------------------------------
 Tue Jul  2 19:16:57 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>

--- a/libreoffice.spec
+++ b/libreoffice.spec
@ -149,6 +149,8 @@ Patch991:       libreoffice-no-destdircheck.patch
 Patch992:       python34-no-f-strings.patch
 # Fix build with icu 74 (bsc#1224309)
 Patch993:       icu-74-compatibility.patch
+# PATCH-FIX-UPSTREAM CVE-2024-5261 (bsc#1226975)
+Patch994:       cve-2024-5261.patch
 BuildRequires:  %{name}-share-linker
 BuildRequires:  ant
 BuildRequires:  autoconf
@ -292,9 +294,6 @@ Requires:       libreoffice-l10n-en = %{version}
 Requires:       python3
 Recommends:     dejavu-fonts
 Recommends:     google-carlito-fonts
-%if %{with qt5}
-Recommends:     libreoffice-qt5
-%endif
 Provides:       %{name}-draw-extensions = %{version}
 Obsoletes:      %{name}-draw-extensions < %{version}
 Provides:       %{name}-impress-extensions = %{version}
@ -1105,6 +1104,7 @@ Provides %{langname} translations and additional resources (help files, etc.) fo
 %patch -P 992 -p1
 %endif
 %patch -P 993 -p1
+%patch -P 994 -p1

 # Disable some of the failing tests (some are random)
 %if 0%{?suse_version} < 1330