diff --git a/0001-CVE-2024-3044-add-notify-for-script-use.patch b/0001-CVE-2024-3044-add-notify-for-script-use.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d9a1685e1c451475e831a2008129c48bab496496
--- /dev/null
+++ b/0001-CVE-2024-3044-add-notify-for-script-use.patch
@@ -0,0 +1,29 @@
+From 6582f7956313e16ea7df5b7cc961d368c150de0a Mon Sep 17 00:00:00 2001
+From: Caolán McNamara <caolan.mcnamara@collabora.com>
+Date: Wed, 27 Mar 2024 17:07:20 +0000
+Subject: [PATCH] add notify for script use
+
+Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
+Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167419
+Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+---
+
+diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
+index 226caca..bcf67c4 100644
+--- a/xmloff/source/draw/eventimp.cxx
++++ b/xmloff/source/draw/eventimp.cxx
+@@ -212,6 +212,9 @@
+ 
+     if( maData.mbValid )
+         maData.mbValid = !sEventName.isEmpty();
++
++    if (!maData.msMacroName.isEmpty())
++        rImp.NotifyMacroEventRead();
+ }
+ 
+ css::uno::Reference< css::xml::sax::XFastContextHandler > SdXMLEventContext::createFastChildContext(
diff --git a/fix-cve-2024-6472.patch b/0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
similarity index 43%
rename from fix-cve-2024-6472.patch
rename to 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
index 8155bead37702bcd46cbf81a61d883a4c475f516..e40773a27765e2767fb08f7fad2847be083d0a3b 100644
--- a/fix-cve-2024-6472.patch
+++ b/0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
@@ -1,22 +1,63 @@
-From bf31368d3f0619c802a5d22577326e0760482277 Mon Sep 17 00:00:00 2001
+From 1dec4285bd4c59c23a6a9a56cee9a66ebe0ba6c3 Mon Sep 17 00:00:00 2001
+Message-ID: <1dec4285bd4c59c23a6a9a56cee9a66ebe0ba6c3.1723721182.git.erack@redhat.com>
 From: Sarper Akdemir <sarper.akdemir@allotropia.de>
-Date: Tue, 27 Aug 2024 16:03:14 +0800
-Subject: [PATCH] fix-cve-2024-6472
+Date: Tue, 11 Jun 2024 12:39:36 +0200
+Subject: [PATCH] remove ability to trust not validated macro signatures in
+ high security
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
 
+This is a multi-part message in MIME format.
+--------------erAck-patch-parts
+Content-Type: text/plain; charset=UTF-8; format=fixed
+Content-Transfer-Encoding: 8bit
+
+
+Giving the user the option to determine if they should trust an
+invalid signature in HIGH macro security doesn't make sense.
+CommonName of the signature is the most prominent feature presented
+and the CommonName of a certificate can be easily forged for an
+invalid signature, tricking the user into accepting an invalid
+signature.
+
+in the HIGH macro security setting only show the pop-up to
+enable/disable signed macro if the certificate signature can be
+validated.
+
+cherry-picked without UI/String altering bits for 24-2
+
+Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
+Tested-by: Jenkins
+Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
+(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
+Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
 ---
- sfx2/source/doc/docmacromode.cxx | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
+ sfx2/source/doc/docmacromode.cxx | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+
+--------------erAck-patch-parts
+Content-Type: text/x-patch; name="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
+Content-Transfer-Encoding: 8bit
+Content-Disposition: attachment; filename="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
 
 diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
-index 919033cba..84fe410db 100644
+index 919033cbaf5d..33d546f2920a 100644
 --- a/sfx2/source/doc/docmacromode.cxx
 +++ b/sfx2/source/doc/docmacromode.cxx
-@@ -228,14 +228,17 @@ namespace sfx2
+@@ -228,14 +228,18 @@ namespace sfx2
              // check whether the document is signed with trusted certificate
              if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
              {
 +                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
-+                
++
                  // the trusted macro check will also retrieve the signature state ( small optimization )
                  const SvtSecurityOptions aSecOption;
                  const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
@@ -25,12 +66,14 @@ index 919033cba..84fe410db 100644
 +                                                     || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
 +                                                 && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
 +                                                     || nSignatureState == SignatureState::OK);
++
                  const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
  
 -                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
                  if ( nSignatureState == SignatureState::BROKEN )
                  {
                      if (!bAllowUIToAddAuthor)
--- 
-2.33.0
+
+--------------erAck-patch-parts--
+
 
diff --git a/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch b/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c4d7734a7e404736d61dd68232fde3342b7d6d10
--- /dev/null
+++ b/0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
@@ -0,0 +1,39 @@
+From b79d62375e7b249c7b351b4b32a47ba310ac5fe9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
+Date: Thu, 30 Jan 2025 20:37:38 +0000
+Subject: [PATCH] Filter out more unwanted command URIs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
+Tested-by: Jenkins
+Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
+(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181116
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+
+erAck: backported to 7.1.8.1
+---
+ desktop/source/app/cmdlineargs.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
+index 93d9e87..70b9f05 100644
+--- a/desktop/source/app/cmdlineargs.cxx
++++ b/desktop/source/app/cmdlineargs.cxx
+@@ -168,7 +168,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
+     if (nURIlen < 0)
+         nURIlen = rest2.getLength();
+     auto const uri = rest2.copy(0, nURIlen);
+-    if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
++    if (INetURLObject(uri).IsExoticProtocol()) {
+         // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+         // as the "Open" machinery does not know about those command URI schemes):
+         curEvt = CommandLineEvent::Open;
+-- 
+2.48.1
+
diff --git a/dist b/dist
index 0b1f29d1996a6e51bc20a44b790adcb166a234f4..635820538d487259e6dce4499a172e3066902da5 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an9_3
+an9_5
diff --git a/libreoffice.spec b/libreoffice.spec
index 88a417c4e81b8d730588bad035e6498fb11b00f7..4779c00754b7ac2d3790720666b25734be7d5808 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.2
+%define anolis_release .0.1
 # download path contains version without the last (fourth) digit
 %global libo_version 7.1.8
 # Should contain .alphaX / .betaX, if this is pre-release (actually
@@ -58,7 +58,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        12%{?libo_prerelease}%{anolis_release}%{?dist}.1
+Release:        15%{?libo_prerelease}%{anolis_release}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/
 Excludearch:    loongarch64
@@ -301,15 +301,15 @@ Patch40: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot
 Patch41: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
 Patch42: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
 Patch43: 0006-CVE-2023-6186-backporting.patch
+Patch44: 0001-CVE-2024-3044-add-notify-for-script-use.patch
+Patch45: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
+Patch46: 0001-CVE-2025-1080-Filter-out-more-unwanted-command-URIs.patch
 
 # not upstreamed
 Patch500: 0001-disable-libe-book-support.patch
 Patch1000: 0001-neon-fit-with-older-gnutls.patch
 Patch1001: 1000-skip-failed-tests-for-anolis.patch
 
-#https://github.com/LibreOffice/core/commit/2587dbff640e2443f0800f9c1a865723500de1c5
-Patch1002: fix-cve-2024-6472.patch
-
 %global instdir %{_libdir}
 %global baseinstdir %{instdir}/libreoffice
 %global sdkinstdir %{baseinstdir}/sdk
@@ -1067,7 +1067,6 @@ git commit -q -a -m 'add Anolis colors to palette'
 %if 0%{?anolis}
 %apply_patch -q %{PATCH1000}
 %apply_patch -q %{PATCH1001}
-%apply_patch -q %{PATCH1002}
 %endif
 
 sed -i -e /CppunitTest_sc_array_functions_test/d sc/Module_sc.mk # ppc64le
@@ -2320,18 +2319,24 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit
 
 %changelog
-* Tue Aug 27 2024 yangxinyu <yangxinyu@nfschina.com> 1:7.1.8.1-12.0.1.2
-- fix cve-2024-6472
-
-* Thu May 16 2024 yangxiaoxuan <yangxiaoxuan@openanolis.org> 1:7.1.8.1-12.0.1.1
+* Tue Apr 01 2025 yangxiaoxuan <yangxiaoxuan@openanolis.org> 1:7.1.8.1-15.0.1
 - Add configuration file and vemdor for Anolis OS
 - Fit build on Anolis OS 8
 - Remove loongarch64 arch
 - skip failed tests for anolis
 - remove Esperanto
-- fix CVE-2023-6185 CVE-2023-6186 (wangkaiqiang@inspur.com)
 
-* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12.1
+* Mon Mar 10 2025 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-15
+- Fix CVE-2025-1080 Filter out more unwanted command URIs
+
+* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-14
+- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
+  high security
+
+* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-13
+- Fix CVE-2024-3044 add notify for script use
+
+* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12
 - Fix CVE-2023-6185 escape url passed to gstreamer
 - Fix CVE-2023-6186 check link target protocols