rpms
/
libreoffice
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libreoffice-6.4.7.2-7.el8

This commit is contained in:
CentOS Sources 2021-10-20 04:22:10 +00:00 committed by Stepan Oksanichenko
parent 4f82457441
commit 541ca09b05
7 changed files with 6686 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
SOURCES/0001-backports-to-ease-CVE-backporting.patch Normal file
View File

@ -0,0 +1,259 @@
From c2cf13da3bbf756ef3f78251c40d45fc23c27f36 Mon Sep 17 00:00:00 2001
From: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Date: Wed, 29 Apr 2020 07:42:24 +0200
Subject: [PATCH 1/6] backports to ease CVE backporting
Remove unnecessary if block
And format code inside
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
space out the namespace constant values
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88938
(cherry picked from commit 5352d45dd4a04f8f02cf7f6ad4169126d3b3586a)
Change-Id: I30f54bfc1389e91b18e4fee8b83e1b297419899b
---
include/xmloff/xmlnmspe.hxx | 16 +--
.../component/documentdigitalsignatures.cxx | 130 +++++++++---------
.../source/helper/xmlsignaturehelper.cxx | 1 +
3 files changed, 75 insertions(+), 72 deletions(-)
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
index a00628b6b999..b079053c38d3 100644
--- a/include/xmloff/xmlnmspe.hxx
+++ b/include/xmloff/xmlnmspe.hxx
@@ -69,7 +69,7 @@ XML_NAMESPACE( XML_NAMESPACE_VERSIONS_LIST, 37U )
// namespaces for odf extended formats
-#define XML_NAMESPACE_EXT_BASE 38U
+#define XML_NAMESPACE_EXT_BASE 50U
#define XML_NAMESPACE_EXT( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_EXT_BASE+index);
@@ -82,7 +82,7 @@ XML_NAMESPACE_EXT( XML_NAMESPACE_LO_EXT, 5U )
// namespaces for OOo formats
-#define XML_NAMESPACE_OOO_BASE 44U
+#define XML_NAMESPACE_OOO_BASE 60U
#define XML_NAMESPACE_OOO( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_OOO_BASE+index);
@@ -100,7 +100,7 @@ XML_NAMESPACE_OOO( XML_NAMESPACE_CONFIG_OOO, 10U )
XML_NAMESPACE_OOO( XML_NAMESPACE_FORM_OOO, 11U )
XML_NAMESPACE_OOO( XML_NAMESPACE_SCRIPT_OOO, 12U )
-#define XML_NAMESPACE_COMPAT_BASE 57U
+#define XML_NAMESPACE_COMPAT_BASE 80U
#define XML_NAMESPACE_COMPAT( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_COMPAT_BASE+index);
@@ -108,14 +108,14 @@ XML_NAMESPACE_COMPAT( XML_NAMESPACE_SVG_COMPAT, 0U )
XML_NAMESPACE_COMPAT( XML_NAMESPACE_FO_COMPAT, 1U )
XML_NAMESPACE_COMPAT( XML_NAMESPACE_SMIL_COMPAT, 2U )
-#define XML_NAMESPACE_OASIS_BASE 60U
+#define XML_NAMESPACE_OASIS_BASE 90U
#define XML_NAMESPACE_OASIS( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_OASIS_BASE+index);
XML_NAMESPACE_OASIS( XML_NAMESPACE_DB_OASIS, 0U )
XML_NAMESPACE_OASIS( XML_NAMESPACE_REPORT_OASIS, 1U )
-#define XML_OLD_NAMESPACE_BASE 62U
+#define XML_OLD_NAMESPACE_BASE 100U
#define XML_OLD_NAMESPACE( prefix, index ) \
const sal_uInt16 prefix = (XML_OLD_NAMESPACE_BASE+index);
@@ -134,9 +134,9 @@ XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_CHART, 10U )
XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_SMIL, 11U )
// experimental namespaces
-XML_NAMESPACE( XML_NAMESPACE_FIELD, 100U )
-XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 103U ) // CSS Text Level 3
-XML_NAMESPACE( XML_NAMESPACE_FORMX, 101U ) // form interop extensions
+XML_NAMESPACE( XML_NAMESPACE_FIELD, 120U )
+XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 123U ) // CSS Text Level 3
+XML_NAMESPACE( XML_NAMESPACE_FORMX, 121U ) // form interop extensions
#endif // INCLUDED_XMLOFF_XMLNMSPE_HXX
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index dcfaad0af773..52cb938a8e0a 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -500,85 +500,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
- if ( nInfos )
+ for (int n = 0; n < nInfos; ++n)
{
- for( int n = 0; n < nInfos; ++n )
- {
- DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
- m_sODFVersion, aSignInfos[n]);
- const std::vector< OUString > aElementsToBeVerified =
- DocumentSignatureHelper::CreateElementList(
- rxStorage, eMode, mode);
+ DocumentSignatureAlgorithm mode
+ = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
+ const std::vector<OUString> aElementsToBeVerified
+ = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
- const SignatureInformation& rInfo = aSignInfos[n];
- css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
+ const SignatureInformation& rInfo = aSignInfos[n];
+ css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
- if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ {
+ if (!rInfo.ouX509Certificate.isEmpty())
+ rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
+ if (!rSigInfo.Signer.is())
+ rSigInfo.Signer = xSecEnv->getCertificate(
+ rInfo.ouX509IssuerName,
+ xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
+
+ // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
+ // to find the parent certificate. It does not take into account that there can be several certificates
+ // with the same subject name.
+ try
{
- if (!rInfo.ouX509Certificate.isEmpty())
- rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
- if (!rSigInfo.Signer.is())
- rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
- xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
- // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
- // to find the parent certificate. It does not take into account that there can be several certificates
- // with the same subject name.
-
- try {
- rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
- } catch (SecurityException& ) {
- OSL_FAIL("Verification of certificate failed");
- rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
- }
+ rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
}
- else if (xGpgSecEnv.is()) // GPG
+ catch (SecurityException&)
{
- // TODO not ideal to retrieve cert by keyID, might
- // collide, or PGPKeyID format might change - can't we
- // keep the xCert itself in rInfo?
- rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
- rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
+ OSL_FAIL("Verification of certificate failed");
+ rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
}
+ }
+ else if (xGpgSecEnv.is()) // GPG
+ {
+ // TODO not ideal to retrieve cert by keyID, might
+ // collide, or PGPKeyID format might change - can't we
+ // keep the xCert itself in rInfo?
+ rSigInfo.Signer = xGpgSecEnv->getCertificate(
+ rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
+ rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
+ }
- // Time support again (#i38744#)
- Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
- tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
- rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
- rSigInfo.SignatureDate = aDate.GetDate();
- rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
+ // Time support again (#i38744#)
+ Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
+ tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
+ rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
+ rSigInfo.SignatureDate = aDate.GetDate();
+ rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
- rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
+ rSigInfo.SignatureIsValid
+ = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
- // Signature line info (ID + Images)
- if (!rInfo.ouSignatureLineId.isEmpty())
- rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
+ // Signature line info (ID + Images)
+ if (!rInfo.ouSignatureLineId.isEmpty())
+ rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
- if (rInfo.aValidSignatureImage.is())
- rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
+ if (rInfo.aValidSignatureImage.is())
+ rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
- if (rInfo.aInvalidSignatureImage.is())
- rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
-
- // OOXML intentionally doesn't sign metadata.
- if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
- {
- rSigInfo.SignatureIsValid =
- DocumentSignatureHelper::checkIfAllFilesAreSigned(
- aElementsToBeVerified, rInfo, mode);
- }
- if (eMode == DocumentSignatureMode::Content)
- {
- if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
- rSigInfo.PartialDocumentSignature = true;
- else
- rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
- }
+ if (rInfo.aInvalidSignatureImage.is())
+ rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
+ // OOXML intentionally doesn't sign metadata.
+ if (rSigInfo.SignatureIsValid
+ && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
+ {
+ rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
+ aElementsToBeVerified, rInfo, mode);
+ }
+ if (eMode == DocumentSignatureMode::Content)
+ {
+ if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+ rSigInfo.PartialDocumentSignature = true;
+ else
+ rSigInfo.PartialDocumentSignature
+ = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
}
}
+
return aInfos;
}
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 6ec834053a17..22c056e70da1 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -402,6 +402,7 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorageStream(const css::uno::Ref
catch(const uno::Exception&)
{
DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper");
+ mbError = true;
}
mpXSecController->releaseSignatureReader();
--
2.32.0

56
SOURCES/0002-CVE-2021-25635.patch Normal file
View File

@ -0,0 +1,56 @@
From a9102a384893fd084011e8451867071452031ece Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 8 Feb 2021 17:05:28 +0000
Subject: [PATCH 2/6] CVE-2021-25635
default to CertificateValidity::INVALID
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
---
.../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index d9b657891b96..4031df289f44 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -755,7 +755,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
const uno::Reference< css::security::XCertificate >& aCert,
const uno::Sequence< uno::Reference< css::security::XCertificate > >& seqCerts)
{
- sal_Int32 validity = 0;
+ sal_Int32 validity = css::security::CertificateValidity::INVALID;
PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
PCCERT_CONTEXT pCertContext = nullptr;
@@ -899,7 +899,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
}
else
{
- SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChaine failed.");
+ SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChain failed.");
}
}
--
2.32.0

2172
SOURCES/0003-xmlsecurity-replace-XSecParser-implementation.patch Normal file
View File

File diff suppressed because it is too large Load Diff

397
SOURCES/0004-CVE-2021-25634.patch Normal file
View File

@ -0,0 +1,397 @@
From 9ef423d4e7c85629772131b3216b98e17d7b8d7e Mon Sep 17 00:00:00 2001
From: Michael Stahl <michael.stahl@allotropia.de>
Date: Thu, 18 Feb 2021 19:22:31 +0100
Subject: [PATCH 4/6] CVE-2021-25634
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
xmlsecurity: XSecParser confused about multiple timestamps
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
---
include/svl/sigstruct.hxx | 7 +-
xmlsecurity/inc/xsecctl.hxx | 5 +-
xmlsecurity/source/helper/ooxmlsecparser.cxx | 4 +-
xmlsecurity/source/helper/xsecctl.cxx | 2 +-
xmlsecurity/source/helper/xsecparser.cxx | 81 ++++++++++----------
xmlsecurity/source/helper/xsecparser.hxx | 6 --
xmlsecurity/source/helper/xsecsign.cxx | 4 +-
xmlsecurity/source/helper/xsecverify.cxx | 39 ++++------
8 files changed, 68 insertions(+), 80 deletions(-)
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
index f6ee242c84d1..7a0296fa9fae 100644
--- a/include/svl/sigstruct.hxx
+++ b/include/svl/sigstruct.hxx
@@ -103,6 +103,9 @@ struct SignatureInformation
// XAdES EncapsulatedX509Certificate values
std::set<OUString> maEncapsulatedX509Certificates;
+ OUString ouSignatureId;
+ // signature may contain multiple time stamps - check they're consistent
+ bool hasInconsistentSigningTime = false;
//We also keep the date and time as string. This is done when this
//structure is created as a result of a XML signature being read.
//When then a signature is added or another removed, then the original
@@ -115,8 +118,8 @@ struct SignatureInformation
//and the converted time is written back, then the string looks different
//and the signature is broken.
OUString ouDateTime;
- OUString ouSignatureId;
- OUString ouPropertyId;
+ /// The Id attribute of the <SignatureProperty> element that contains the <dc:date>.
+ OUString ouDateTimePropertyId;
/// Characters of the <dc:description> element inside the signature.
OUString ouDescription;
/// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index 351c94a2a3e6..7baa219fb13c 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -271,8 +271,8 @@ private:
void setGpgCertificate( OUString const & ouGpgCert );
void setGpgOwner( OUString const & ouGpgOwner );
- void setDate( OUString const & ouDate );
- void setDescription(const OUString& rDescription);
+ void setDate(OUString const& rId, OUString const& ouDate);
+ void setDescription(OUString const& rId, OUString const& rDescription);
void setCertDigest(const OUString& rCertDigest);
void setValidSignatureImage(const OUString& rValidSigImg);
void setInvalidSignatureImage(const OUString& rInvalidSigImg);
@@ -283,7 +283,6 @@ public:
private:
void setId( OUString const & ouId );
- void setPropertyId( OUString const & ouPropertyId );
css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
sal_Int32 nSecurityId );
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index c22e8c2261bf..a200de60c07a 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -192,12 +192,12 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
}
else if (rName == "mdssi:Value")
{
- m_pXSecController->setDate(m_aMdssiValue);
+ m_pXSecController->setDate("", m_aMdssiValue);
m_bInMdssiValue = false;
}
else if (rName == "SignatureComments")
{
- m_pXSecController->setDescription(m_aSignatureComments);
+ m_pXSecController->setDescription("", m_aSignatureComments);
m_bInSignatureComments = false;
}
else if (rName == "X509IssuerName")
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index ab108d13c224..8d5ea68c768b 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -819,7 +819,7 @@ void XSecController::exportSignature(
pAttributeList = new SvXMLAttributeList();
pAttributeList->AddAttribute(
"Id",
- signatureInfo.ouPropertyId);
+ signatureInfo.ouDateTimePropertyId);
pAttributeList->AddAttribute(
"Target",
"#" + signatureInfo.ouSignatureId);
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 5c92e5efa104..9cc9312b4d9f 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -978,6 +978,9 @@ class XSecParser::XadesSigningCertificateContext
class XSecParser::XadesSigningTimeContext
: public XSecParser::Context
{
+ private:
+ OUString m_Value;
+
public:
XadesSigningTimeContext(XSecParser & rParser,
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
@@ -985,20 +988,14 @@ class XSecParser::XadesSigningTimeContext
{
}
- virtual void StartElement(
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
- {
- m_rParser.m_ouDate.clear();
- }
-
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
+ m_rParser.m_pXSecController->setDate("", m_Value);
}
virtual void Characters(OUString const& rChars) override
{
- m_rParser.m_ouDate += rChars;
+ m_Value += rChars;
}
};
@@ -1104,35 +1101,20 @@ class XSecParser::DcDateContext
: public XSecParser::Context
{
private:
- bool m_isIgnore = false;
+ OUString & m_rValue;
public:
DcDateContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
{
}
- virtual void StartElement(
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
- {
- m_isIgnore = !m_rParser.m_ouDate.isEmpty();
- }
-
- virtual void EndElement() override
- {
- if (!m_isIgnore)
- {
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
- }
- }
-
virtual void Characters(OUString const& rChars) override
{
- if (!m_isIgnore)
- {
- m_rParser.m_ouDate += rChars;
- }
+ m_rValue += rChars;
}
};
@@ -1140,29 +1122,32 @@ class XSecParser::DcDescriptionContext
: public XSecParser::Context
{
private:
- OUString m_Value;
+ OUString & m_rValue;
public:
DcDescriptionContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
{
}
- virtual void EndElement() override
- {
- m_rParser.m_pXSecController->setDescription(m_Value);
- }
-
virtual void Characters(OUString const& rChars) override
{
- m_Value += rChars;
+ m_rValue += rChars;
}
};
class XSecParser::DsSignaturePropertyContext
: public XSecParser::Context
{
+ private:
+ enum class SignatureProperty { Unknown, Date, Description };
+ SignatureProperty m_Property = SignatureProperty::Unknown;
+ OUString m_Id;
+ OUString m_Value;
+
public:
DsSignaturePropertyContext(XSecParser & rParser,
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
@@ -1173,10 +1158,22 @@ class XSecParser::DsSignaturePropertyContext
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
- if (!ouIdAttr.isEmpty())
+ m_Id = m_rParser.HandleIdAttr(xAttrs);
+ }
+
+ virtual void EndElement() override
+ {
+ switch (m_Property)
{
- m_rParser.m_pXSecController->setPropertyId( ouIdAttr );
+ case SignatureProperty::Unknown:
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
+ break;
+ case SignatureProperty::Date:
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
+ break;
+ case SignatureProperty::Description:
+ m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
+ break;
}
}
@@ -1186,11 +1183,13 @@ class XSecParser::DsSignaturePropertyContext
{
if (nNamespace == XML_NAMESPACE_DC && rName == "date")
{
- return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap));
+ m_Property = SignatureProperty::Date;
+ return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
}
if (nNamespace == XML_NAMESPACE_DC && rName == "description")
{
- return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap));
+ m_Property = SignatureProperty::Description;
+ return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index 93efcb766e3e..7a0eb08bca28 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -97,12 +97,6 @@ private:
class DsSignatureContext;
class DsigSignaturesContext;
- /*
- * the following members are used to reserve the signature information,
- * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
- */
- OUString m_ouDate;
-
std::stack<std::unique_ptr<Context>> m_ContextStack;
std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index 4d1b89949feb..5ed23281f083 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -132,8 +132,8 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
if (nStorageFormat != embed::StorageFormats::OFOPXML)
{
internalSignatureInfor.signatureInfor.ouSignatureId = createId();
- internalSignatureInfor.signatureInfor.ouPropertyId = createId();
- internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1, OUString() );
+ internalSignatureInfor.signatureInfor.ouDateTimePropertyId = createId();
+ internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDateTimePropertyId, -1, OUString() );
size++;
if (bXAdESCompliantIfODF)
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 1f7fa9ac8ca8..5f5840334254 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -321,7 +321,7 @@ void XSecController::setGpgOwner( OUString const & ouGpgOwner )
isi.signatureInfor.ouGpgOwner = ouGpgOwner;
}
-void XSecController::setDate( OUString const & ouDate )
+void XSecController::setDate(OUString const& rId, OUString const& ouDate)
{
if (m_vInternalSignatureInformations.empty())
{
@@ -329,17 +329,31 @@ void XSecController::setDate( OUString const & ouDate )
return;
}
InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
+ // there may be multiple timestamps in a signature - check them for consistency
+ if (!isi.signatureInfor.ouDateTime.isEmpty()
+ && isi.signatureInfor.ouDateTime != ouDate)
+ {
+ isi.signatureInfor.hasInconsistentSigningTime = true;
+ }
(void)utl::ISO8601parseDateTime( ouDate, isi.signatureInfor.stDateTime);
isi.signatureInfor.ouDateTime = ouDate;
+ if (!rId.isEmpty())
+ {
+ isi.signatureInfor.ouDateTimePropertyId = rId;
+ }
}
-void XSecController::setDescription(const OUString& rDescription)
+void XSecController::setDescription(OUString const& rId, OUString const& rDescription)
{
if (m_vInternalSignatureInformations.empty())
return;
InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
rInformation.signatureInfor.ouDescription = rDescription;
+ if (!rId.isEmpty())
+ {
+ rInformation.signatureInfor.ouDescriptionPropertyId = rId;
+ }
}
void XSecController::setSignatureBytes(const uno::Sequence<sal_Int8>& rBytes)
@@ -433,27 +447,6 @@ void XSecController::setId( OUString const & ouId )
isi.signatureInfor.ouSignatureId = ouId;
}
-void XSecController::setPropertyId( OUString const & ouPropertyId )
-{
- if (m_vInternalSignatureInformations.empty())
- {
- SAL_INFO("xmlsecurity.helper","XSecController::setPropertyId: no signature");
- return;
- }
- InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
-
- if (isi.signatureInfor.ouPropertyId.isEmpty())
- {
- // <SignatureProperty> ID attribute is for the date.
- isi.signatureInfor.ouPropertyId = ouPropertyId;
- }
- else
- {
- // <SignatureProperty> ID attribute is for the description.
- isi.signatureInfor.ouDescriptionPropertyId = ouPropertyId;
- }
-}
-
/* public: for signature verify */
void XSecController::collectToVerify( const OUString& referenceId )
{
--
2.32.0

2120
SOURCES/0005-CVE-2021-25633.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1670
SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch Normal file
View File

File diff suppressed because it is too large Load Diff

13
SPECS/libreoffice.spec
View File

@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
Release: 6%{?libo_prerelease}%{?dist}
Release: 7%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/
@ -269,6 +269,12 @@ Patch25: 0008-Resolves-tdf-137215-restore-original-modality-before.patch
Patch26: 0001-rhbz-1882616-move-cursor-one-step-at-a-time-in-the-d.patch
Patch27: 0001-rhbz-1980800-allow-convert-to-csv-to-write-each-shee.patch
Patch28: 0001-Resolves-tdf-132739-two-style-tags-where-there-shoul.patch
Patch29: 0001-backports-to-ease-CVE-backporting.patch
Patch30: 0002-CVE-2021-25635.patch
Patch31: 0003-xmlsecurity-replace-XSecParser-implementation.patch
Patch32: 0004-CVE-2021-25634.patch
Patch33: 0005-CVE-2021-25633.patch
Patch34: 0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch
%if 0%{?rhel}
# not upstreamed
@ -2253,6 +2259,11 @@ done
%{_includedir}/LibreOfficeKit
%changelog
* Fri Oct 15 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-7
- Resolves: rhbz#2013858 CVE-2021-25633
- Resolves: rhbz#2014215 CVE-2021-25634
- Resolves: rhbz#2014209 CVE-2021-25635
* Mon Sep 06 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-6
- Resolves: rhbz#1980800 allow convert to csv to write each sheet to
separate file