import libreoffice-6.4.7.2-7.el8
This commit is contained in:
parent
4f82457441
commit
541ca09b05
259
SOURCES/0001-backports-to-ease-CVE-backporting.patch
Normal file
259
SOURCES/0001-backports-to-ease-CVE-backporting.patch
Normal file
@ -0,0 +1,259 @@
|
|||||||
|
From c2cf13da3bbf756ef3f78251c40d45fc23c27f36 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
||||||
|
Date: Wed, 29 Apr 2020 07:42:24 +0200
|
||||||
|
Subject: [PATCH 1/6] backports to ease CVE backporting
|
||||||
|
|
||||||
|
Remove unnecessary if block
|
||||||
|
|
||||||
|
And format code inside
|
||||||
|
|
||||||
|
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
||||||
|
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
|
||||||
|
|
||||||
|
space out the namespace constant values
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88938
|
||||||
|
(cherry picked from commit 5352d45dd4a04f8f02cf7f6ad4169126d3b3586a)
|
||||||
|
|
||||||
|
Change-Id: I30f54bfc1389e91b18e4fee8b83e1b297419899b
|
||||||
|
---
|
||||||
|
include/xmloff/xmlnmspe.hxx | 16 +--
|
||||||
|
.../component/documentdigitalsignatures.cxx | 130 +++++++++---------
|
||||||
|
.../source/helper/xmlsignaturehelper.cxx | 1 +
|
||||||
|
3 files changed, 75 insertions(+), 72 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
|
||||||
|
index a00628b6b999..b079053c38d3 100644
|
||||||
|
--- a/include/xmloff/xmlnmspe.hxx
|
||||||
|
+++ b/include/xmloff/xmlnmspe.hxx
|
||||||
|
@@ -69,7 +69,7 @@ XML_NAMESPACE( XML_NAMESPACE_VERSIONS_LIST, 37U )
|
||||||
|
|
||||||
|
// namespaces for odf extended formats
|
||||||
|
|
||||||
|
-#define XML_NAMESPACE_EXT_BASE 38U
|
||||||
|
+#define XML_NAMESPACE_EXT_BASE 50U
|
||||||
|
#define XML_NAMESPACE_EXT( prefix, index ) \
|
||||||
|
const sal_uInt16 prefix = (XML_NAMESPACE_EXT_BASE+index);
|
||||||
|
|
||||||
|
@@ -82,7 +82,7 @@ XML_NAMESPACE_EXT( XML_NAMESPACE_LO_EXT, 5U )
|
||||||
|
|
||||||
|
// namespaces for OOo formats
|
||||||
|
|
||||||
|
-#define XML_NAMESPACE_OOO_BASE 44U
|
||||||
|
+#define XML_NAMESPACE_OOO_BASE 60U
|
||||||
|
#define XML_NAMESPACE_OOO( prefix, index ) \
|
||||||
|
const sal_uInt16 prefix = (XML_NAMESPACE_OOO_BASE+index);
|
||||||
|
|
||||||
|
@@ -100,7 +100,7 @@ XML_NAMESPACE_OOO( XML_NAMESPACE_CONFIG_OOO, 10U )
|
||||||
|
XML_NAMESPACE_OOO( XML_NAMESPACE_FORM_OOO, 11U )
|
||||||
|
XML_NAMESPACE_OOO( XML_NAMESPACE_SCRIPT_OOO, 12U )
|
||||||
|
|
||||||
|
-#define XML_NAMESPACE_COMPAT_BASE 57U
|
||||||
|
+#define XML_NAMESPACE_COMPAT_BASE 80U
|
||||||
|
#define XML_NAMESPACE_COMPAT( prefix, index ) \
|
||||||
|
const sal_uInt16 prefix = (XML_NAMESPACE_COMPAT_BASE+index);
|
||||||
|
|
||||||
|
@@ -108,14 +108,14 @@ XML_NAMESPACE_COMPAT( XML_NAMESPACE_SVG_COMPAT, 0U )
|
||||||
|
XML_NAMESPACE_COMPAT( XML_NAMESPACE_FO_COMPAT, 1U )
|
||||||
|
XML_NAMESPACE_COMPAT( XML_NAMESPACE_SMIL_COMPAT, 2U )
|
||||||
|
|
||||||
|
-#define XML_NAMESPACE_OASIS_BASE 60U
|
||||||
|
+#define XML_NAMESPACE_OASIS_BASE 90U
|
||||||
|
#define XML_NAMESPACE_OASIS( prefix, index ) \
|
||||||
|
const sal_uInt16 prefix = (XML_NAMESPACE_OASIS_BASE+index);
|
||||||
|
|
||||||
|
XML_NAMESPACE_OASIS( XML_NAMESPACE_DB_OASIS, 0U )
|
||||||
|
XML_NAMESPACE_OASIS( XML_NAMESPACE_REPORT_OASIS, 1U )
|
||||||
|
|
||||||
|
-#define XML_OLD_NAMESPACE_BASE 62U
|
||||||
|
+#define XML_OLD_NAMESPACE_BASE 100U
|
||||||
|
#define XML_OLD_NAMESPACE( prefix, index ) \
|
||||||
|
const sal_uInt16 prefix = (XML_OLD_NAMESPACE_BASE+index);
|
||||||
|
|
||||||
|
@@ -134,9 +134,9 @@ XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_CHART, 10U )
|
||||||
|
XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_SMIL, 11U )
|
||||||
|
|
||||||
|
// experimental namespaces
|
||||||
|
-XML_NAMESPACE( XML_NAMESPACE_FIELD, 100U )
|
||||||
|
-XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 103U ) // CSS Text Level 3
|
||||||
|
-XML_NAMESPACE( XML_NAMESPACE_FORMX, 101U ) // form interop extensions
|
||||||
|
+XML_NAMESPACE( XML_NAMESPACE_FIELD, 120U )
|
||||||
|
+XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 123U ) // CSS Text Level 3
|
||||||
|
+XML_NAMESPACE( XML_NAMESPACE_FORMX, 121U ) // form interop extensions
|
||||||
|
|
||||||
|
|
||||||
|
#endif // INCLUDED_XMLOFF_XMLNMSPE_HXX
|
||||||
|
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
index dcfaad0af773..52cb938a8e0a 100644
|
||||||
|
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
@@ -500,85 +500,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
|
||||||
|
Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
|
||||||
|
css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
|
||||||
|
|
||||||
|
- if ( nInfos )
|
||||||
|
+ for (int n = 0; n < nInfos; ++n)
|
||||||
|
{
|
||||||
|
- for( int n = 0; n < nInfos; ++n )
|
||||||
|
- {
|
||||||
|
- DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
|
||||||
|
- m_sODFVersion, aSignInfos[n]);
|
||||||
|
- const std::vector< OUString > aElementsToBeVerified =
|
||||||
|
- DocumentSignatureHelper::CreateElementList(
|
||||||
|
- rxStorage, eMode, mode);
|
||||||
|
+ DocumentSignatureAlgorithm mode
|
||||||
|
+ = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
|
||||||
|
+ const std::vector<OUString> aElementsToBeVerified
|
||||||
|
+ = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
|
||||||
|
|
||||||
|
- const SignatureInformation& rInfo = aSignInfos[n];
|
||||||
|
- css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
|
||||||
|
+ const SignatureInformation& rInfo = aSignInfos[n];
|
||||||
|
+ css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
|
||||||
|
|
||||||
|
- if (rInfo.ouGpgCertificate.isEmpty()) // X.509
|
||||||
|
+ if (rInfo.ouGpgCertificate.isEmpty()) // X.509
|
||||||
|
+ {
|
||||||
|
+ if (!rInfo.ouX509Certificate.isEmpty())
|
||||||
|
+ rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
|
||||||
|
+ if (!rSigInfo.Signer.is())
|
||||||
|
+ rSigInfo.Signer = xSecEnv->getCertificate(
|
||||||
|
+ rInfo.ouX509IssuerName,
|
||||||
|
+ xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
|
||||||
|
+
|
||||||
|
+ // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
|
||||||
|
+ // to find the parent certificate. It does not take into account that there can be several certificates
|
||||||
|
+ // with the same subject name.
|
||||||
|
+ try
|
||||||
|
{
|
||||||
|
- if (!rInfo.ouX509Certificate.isEmpty())
|
||||||
|
- rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
|
||||||
|
- if (!rSigInfo.Signer.is())
|
||||||
|
- rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
|
||||||
|
- xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
|
||||||
|
-
|
||||||
|
- // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
|
||||||
|
- // to find the parent certificate. It does not take into account that there can be several certificates
|
||||||
|
- // with the same subject name.
|
||||||
|
-
|
||||||
|
- try {
|
||||||
|
- rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
|
||||||
|
- Sequence<Reference<css::security::XCertificate> >());
|
||||||
|
- } catch (SecurityException& ) {
|
||||||
|
- OSL_FAIL("Verification of certificate failed");
|
||||||
|
- rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
|
||||||
|
- }
|
||||||
|
+ rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
|
||||||
|
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
|
||||||
|
}
|
||||||
|
- else if (xGpgSecEnv.is()) // GPG
|
||||||
|
+ catch (SecurityException&)
|
||||||
|
{
|
||||||
|
- // TODO not ideal to retrieve cert by keyID, might
|
||||||
|
- // collide, or PGPKeyID format might change - can't we
|
||||||
|
- // keep the xCert itself in rInfo?
|
||||||
|
- rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
|
||||||
|
- rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
|
||||||
|
- Sequence<Reference<css::security::XCertificate> >());
|
||||||
|
+ OSL_FAIL("Verification of certificate failed");
|
||||||
|
+ rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
|
||||||
|
}
|
||||||
|
+ }
|
||||||
|
+ else if (xGpgSecEnv.is()) // GPG
|
||||||
|
+ {
|
||||||
|
+ // TODO not ideal to retrieve cert by keyID, might
|
||||||
|
+ // collide, or PGPKeyID format might change - can't we
|
||||||
|
+ // keep the xCert itself in rInfo?
|
||||||
|
+ rSigInfo.Signer = xGpgSecEnv->getCertificate(
|
||||||
|
+ rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
|
||||||
|
+ rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
|
||||||
|
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- // Time support again (#i38744#)
|
||||||
|
- Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
|
||||||
|
- tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
|
||||||
|
- rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
|
||||||
|
- rSigInfo.SignatureDate = aDate.GetDate();
|
||||||
|
- rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
|
||||||
|
+ // Time support again (#i38744#)
|
||||||
|
+ Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
|
||||||
|
+ tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
|
||||||
|
+ rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
|
||||||
|
+ rSigInfo.SignatureDate = aDate.GetDate();
|
||||||
|
+ rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
|
||||||
|
|
||||||
|
- rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
|
||||||
|
+ rSigInfo.SignatureIsValid
|
||||||
|
+ = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
|
||||||
|
|
||||||
|
- // Signature line info (ID + Images)
|
||||||
|
- if (!rInfo.ouSignatureLineId.isEmpty())
|
||||||
|
- rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
|
||||||
|
+ // Signature line info (ID + Images)
|
||||||
|
+ if (!rInfo.ouSignatureLineId.isEmpty())
|
||||||
|
+ rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
|
||||||
|
|
||||||
|
- if (rInfo.aValidSignatureImage.is())
|
||||||
|
- rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
|
||||||
|
+ if (rInfo.aValidSignatureImage.is())
|
||||||
|
+ rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
|
||||||
|
|
||||||
|
- if (rInfo.aInvalidSignatureImage.is())
|
||||||
|
- rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
|
||||||
|
-
|
||||||
|
- // OOXML intentionally doesn't sign metadata.
|
||||||
|
- if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
||||||
|
- {
|
||||||
|
- rSigInfo.SignatureIsValid =
|
||||||
|
- DocumentSignatureHelper::checkIfAllFilesAreSigned(
|
||||||
|
- aElementsToBeVerified, rInfo, mode);
|
||||||
|
- }
|
||||||
|
- if (eMode == DocumentSignatureMode::Content)
|
||||||
|
- {
|
||||||
|
- if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
|
||||||
|
- rSigInfo.PartialDocumentSignature = true;
|
||||||
|
- else
|
||||||
|
- rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
|
||||||
|
- }
|
||||||
|
+ if (rInfo.aInvalidSignatureImage.is())
|
||||||
|
+ rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
|
||||||
|
|
||||||
|
+ // OOXML intentionally doesn't sign metadata.
|
||||||
|
+ if (rSigInfo.SignatureIsValid
|
||||||
|
+ && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
||||||
|
+ {
|
||||||
|
+ rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
|
||||||
|
+ aElementsToBeVerified, rInfo, mode);
|
||||||
|
+ }
|
||||||
|
+ if (eMode == DocumentSignatureMode::Content)
|
||||||
|
+ {
|
||||||
|
+ if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
|
||||||
|
+ rSigInfo.PartialDocumentSignature = true;
|
||||||
|
+ else
|
||||||
|
+ rSigInfo.PartialDocumentSignature
|
||||||
|
+ = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
return aInfos;
|
||||||
|
|
||||||
|
}
|
||||||
|
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
|
||||||
|
index 6ec834053a17..22c056e70da1 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
|
||||||
|
@@ -402,6 +402,7 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorageStream(const css::uno::Ref
|
||||||
|
catch(const uno::Exception&)
|
||||||
|
{
|
||||||
|
DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper");
|
||||||
|
+ mbError = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
mpXSecController->releaseSignatureReader();
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
56
SOURCES/0002-CVE-2021-25635.patch
Normal file
56
SOURCES/0002-CVE-2021-25635.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
From a9102a384893fd084011e8451867071452031ece Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Mon, 8 Feb 2021 17:05:28 +0000
|
||||||
|
Subject: [PATCH 2/6] CVE-2021-25635
|
||||||
|
|
||||||
|
default to CertificateValidity::INVALID
|
||||||
|
|
||||||
|
so if CertGetCertificateChain fails we don't want validity to be
|
||||||
|
css::security::CertificateValidity::VALID which is what the old default
|
||||||
|
of 0 equates to
|
||||||
|
|
||||||
|
notably
|
||||||
|
|
||||||
|
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
|
||||||
|
Date: Thu Nov 5 16:55:26 2009 +0100
|
||||||
|
|
||||||
|
jl137: #103420# better logging
|
||||||
|
|
||||||
|
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
|
||||||
|
from 0 to CertificateValidity::INVALID like this change does
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
|
||||||
|
|
||||||
|
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
|
||||||
|
---
|
||||||
|
.../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
||||||
|
index d9b657891b96..4031df289f44 100644
|
||||||
|
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
||||||
|
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
||||||
|
@@ -755,7 +755,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
|
||||||
|
const uno::Reference< css::security::XCertificate >& aCert,
|
||||||
|
const uno::Sequence< uno::Reference< css::security::XCertificate > >& seqCerts)
|
||||||
|
{
|
||||||
|
- sal_Int32 validity = 0;
|
||||||
|
+ sal_Int32 validity = css::security::CertificateValidity::INVALID;
|
||||||
|
PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
|
||||||
|
PCCERT_CONTEXT pCertContext = nullptr;
|
||||||
|
|
||||||
|
@@ -899,7 +899,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChaine failed.");
|
||||||
|
+ SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChain failed.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
2172
SOURCES/0003-xmlsecurity-replace-XSecParser-implementation.patch
Normal file
2172
SOURCES/0003-xmlsecurity-replace-XSecParser-implementation.patch
Normal file
File diff suppressed because it is too large
Load Diff
397
SOURCES/0004-CVE-2021-25634.patch
Normal file
397
SOURCES/0004-CVE-2021-25634.patch
Normal file
@ -0,0 +1,397 @@
|
|||||||
|
From 9ef423d4e7c85629772131b3216b98e17d7b8d7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Date: Thu, 18 Feb 2021 19:22:31 +0100
|
||||||
|
Subject: [PATCH 4/6] CVE-2021-25634
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
xmlsecurity: XSecParser confused about multiple timestamps
|
||||||
|
|
||||||
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
|
||||||
|
|
||||||
|
The parser tries to avoid reading multiple dc:date, preferring the first
|
||||||
|
one, but doesn't care about multiple xades:SigningTime, for undocumented
|
||||||
|
reasons.
|
||||||
|
|
||||||
|
Ideally something should check all read values for consistency.
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
|
||||||
|
|
||||||
|
xmlsecurity: remove XSecController::setPropertyId()
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
||||||
|
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
|
||||||
|
|
||||||
|
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
|
||||||
|
---
|
||||||
|
include/svl/sigstruct.hxx | 7 +-
|
||||||
|
xmlsecurity/inc/xsecctl.hxx | 5 +-
|
||||||
|
xmlsecurity/source/helper/ooxmlsecparser.cxx | 4 +-
|
||||||
|
xmlsecurity/source/helper/xsecctl.cxx | 2 +-
|
||||||
|
xmlsecurity/source/helper/xsecparser.cxx | 81 ++++++++++----------
|
||||||
|
xmlsecurity/source/helper/xsecparser.hxx | 6 --
|
||||||
|
xmlsecurity/source/helper/xsecsign.cxx | 4 +-
|
||||||
|
xmlsecurity/source/helper/xsecverify.cxx | 39 ++++------
|
||||||
|
8 files changed, 68 insertions(+), 80 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
|
||||||
|
index f6ee242c84d1..7a0296fa9fae 100644
|
||||||
|
--- a/include/svl/sigstruct.hxx
|
||||||
|
+++ b/include/svl/sigstruct.hxx
|
||||||
|
@@ -103,6 +103,9 @@ struct SignatureInformation
|
||||||
|
// XAdES EncapsulatedX509Certificate values
|
||||||
|
std::set<OUString> maEncapsulatedX509Certificates;
|
||||||
|
|
||||||
|
+ OUString ouSignatureId;
|
||||||
|
+ // signature may contain multiple time stamps - check they're consistent
|
||||||
|
+ bool hasInconsistentSigningTime = false;
|
||||||
|
//We also keep the date and time as string. This is done when this
|
||||||
|
//structure is created as a result of a XML signature being read.
|
||||||
|
//When then a signature is added or another removed, then the original
|
||||||
|
@@ -115,8 +118,8 @@ struct SignatureInformation
|
||||||
|
//and the converted time is written back, then the string looks different
|
||||||
|
//and the signature is broken.
|
||||||
|
OUString ouDateTime;
|
||||||
|
- OUString ouSignatureId;
|
||||||
|
- OUString ouPropertyId;
|
||||||
|
+ /// The Id attribute of the <SignatureProperty> element that contains the <dc:date>.
|
||||||
|
+ OUString ouDateTimePropertyId;
|
||||||
|
/// Characters of the <dc:description> element inside the signature.
|
||||||
|
OUString ouDescription;
|
||||||
|
/// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
|
||||||
|
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
|
||||||
|
index 351c94a2a3e6..7baa219fb13c 100644
|
||||||
|
--- a/xmlsecurity/inc/xsecctl.hxx
|
||||||
|
+++ b/xmlsecurity/inc/xsecctl.hxx
|
||||||
|
@@ -271,8 +271,8 @@ private:
|
||||||
|
void setGpgCertificate( OUString const & ouGpgCert );
|
||||||
|
void setGpgOwner( OUString const & ouGpgOwner );
|
||||||
|
|
||||||
|
- void setDate( OUString const & ouDate );
|
||||||
|
- void setDescription(const OUString& rDescription);
|
||||||
|
+ void setDate(OUString const& rId, OUString const& ouDate);
|
||||||
|
+ void setDescription(OUString const& rId, OUString const& rDescription);
|
||||||
|
void setCertDigest(const OUString& rCertDigest);
|
||||||
|
void setValidSignatureImage(const OUString& rValidSigImg);
|
||||||
|
void setInvalidSignatureImage(const OUString& rInvalidSigImg);
|
||||||
|
@@ -283,7 +283,6 @@ public:
|
||||||
|
|
||||||
|
private:
|
||||||
|
void setId( OUString const & ouId );
|
||||||
|
- void setPropertyId( OUString const & ouPropertyId );
|
||||||
|
|
||||||
|
css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
|
||||||
|
sal_Int32 nSecurityId );
|
||||||
|
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
||||||
|
index c22e8c2261bf..a200de60c07a 100644
|
||||||
|
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
|
||||||
|
@@ -192,12 +192,12 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
|
||||||
|
}
|
||||||
|
else if (rName == "mdssi:Value")
|
||||||
|
{
|
||||||
|
- m_pXSecController->setDate(m_aMdssiValue);
|
||||||
|
+ m_pXSecController->setDate("", m_aMdssiValue);
|
||||||
|
m_bInMdssiValue = false;
|
||||||
|
}
|
||||||
|
else if (rName == "SignatureComments")
|
||||||
|
{
|
||||||
|
- m_pXSecController->setDescription(m_aSignatureComments);
|
||||||
|
+ m_pXSecController->setDescription("", m_aSignatureComments);
|
||||||
|
m_bInSignatureComments = false;
|
||||||
|
}
|
||||||
|
else if (rName == "X509IssuerName")
|
||||||
|
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
|
||||||
|
index ab108d13c224..8d5ea68c768b 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xsecctl.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xsecctl.cxx
|
||||||
|
@@ -819,7 +819,7 @@ void XSecController::exportSignature(
|
||||||
|
pAttributeList = new SvXMLAttributeList();
|
||||||
|
pAttributeList->AddAttribute(
|
||||||
|
"Id",
|
||||||
|
- signatureInfo.ouPropertyId);
|
||||||
|
+ signatureInfo.ouDateTimePropertyId);
|
||||||
|
pAttributeList->AddAttribute(
|
||||||
|
"Target",
|
||||||
|
"#" + signatureInfo.ouSignatureId);
|
||||||
|
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
|
||||||
|
index 5c92e5efa104..9cc9312b4d9f 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xsecparser.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xsecparser.cxx
|
||||||
|
@@ -978,6 +978,9 @@ class XSecParser::XadesSigningCertificateContext
|
||||||
|
class XSecParser::XadesSigningTimeContext
|
||||||
|
: public XSecParser::Context
|
||||||
|
{
|
||||||
|
+ private:
|
||||||
|
+ OUString m_Value;
|
||||||
|
+
|
||||||
|
public:
|
||||||
|
XadesSigningTimeContext(XSecParser & rParser,
|
||||||
|
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
||||||
|
@@ -985,20 +988,14 @@ class XSecParser::XadesSigningTimeContext
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
- virtual void StartElement(
|
||||||
|
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
|
||||||
|
- {
|
||||||
|
- m_rParser.m_ouDate.clear();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
virtual void EndElement() override
|
||||||
|
{
|
||||||
|
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
|
||||||
|
+ m_rParser.m_pXSecController->setDate("", m_Value);
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual void Characters(OUString const& rChars) override
|
||||||
|
{
|
||||||
|
- m_rParser.m_ouDate += rChars;
|
||||||
|
+ m_Value += rChars;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -1104,35 +1101,20 @@ class XSecParser::DcDateContext
|
||||||
|
: public XSecParser::Context
|
||||||
|
{
|
||||||
|
private:
|
||||||
|
- bool m_isIgnore = false;
|
||||||
|
+ OUString & m_rValue;
|
||||||
|
|
||||||
|
public:
|
||||||
|
DcDateContext(XSecParser & rParser,
|
||||||
|
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
||||||
|
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
|
||||||
|
+ OUString & rValue)
|
||||||
|
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
|
||||||
|
+ , m_rValue(rValue)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
- virtual void StartElement(
|
||||||
|
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
|
||||||
|
- {
|
||||||
|
- m_isIgnore = !m_rParser.m_ouDate.isEmpty();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- virtual void EndElement() override
|
||||||
|
- {
|
||||||
|
- if (!m_isIgnore)
|
||||||
|
- {
|
||||||
|
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
virtual void Characters(OUString const& rChars) override
|
||||||
|
{
|
||||||
|
- if (!m_isIgnore)
|
||||||
|
- {
|
||||||
|
- m_rParser.m_ouDate += rChars;
|
||||||
|
- }
|
||||||
|
+ m_rValue += rChars;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -1140,29 +1122,32 @@ class XSecParser::DcDescriptionContext
|
||||||
|
: public XSecParser::Context
|
||||||
|
{
|
||||||
|
private:
|
||||||
|
- OUString m_Value;
|
||||||
|
+ OUString & m_rValue;
|
||||||
|
|
||||||
|
public:
|
||||||
|
DcDescriptionContext(XSecParser & rParser,
|
||||||
|
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
||||||
|
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
|
||||||
|
+ OUString & rValue)
|
||||||
|
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
|
||||||
|
+ , m_rValue(rValue)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
- virtual void EndElement() override
|
||||||
|
- {
|
||||||
|
- m_rParser.m_pXSecController->setDescription(m_Value);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
virtual void Characters(OUString const& rChars) override
|
||||||
|
{
|
||||||
|
- m_Value += rChars;
|
||||||
|
+ m_rValue += rChars;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
class XSecParser::DsSignaturePropertyContext
|
||||||
|
: public XSecParser::Context
|
||||||
|
{
|
||||||
|
+ private:
|
||||||
|
+ enum class SignatureProperty { Unknown, Date, Description };
|
||||||
|
+ SignatureProperty m_Property = SignatureProperty::Unknown;
|
||||||
|
+ OUString m_Id;
|
||||||
|
+ OUString m_Value;
|
||||||
|
+
|
||||||
|
public:
|
||||||
|
DsSignaturePropertyContext(XSecParser & rParser,
|
||||||
|
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
|
||||||
|
@@ -1173,10 +1158,22 @@ class XSecParser::DsSignaturePropertyContext
|
||||||
|
virtual void StartElement(
|
||||||
|
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
|
||||||
|
{
|
||||||
|
- OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
|
||||||
|
- if (!ouIdAttr.isEmpty())
|
||||||
|
+ m_Id = m_rParser.HandleIdAttr(xAttrs);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ virtual void EndElement() override
|
||||||
|
+ {
|
||||||
|
+ switch (m_Property)
|
||||||
|
{
|
||||||
|
- m_rParser.m_pXSecController->setPropertyId( ouIdAttr );
|
||||||
|
+ case SignatureProperty::Unknown:
|
||||||
|
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
|
||||||
|
+ break;
|
||||||
|
+ case SignatureProperty::Date:
|
||||||
|
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
|
||||||
|
+ break;
|
||||||
|
+ case SignatureProperty::Description:
|
||||||
|
+ m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1186,11 +1183,13 @@ class XSecParser::DsSignaturePropertyContext
|
||||||
|
{
|
||||||
|
if (nNamespace == XML_NAMESPACE_DC && rName == "date")
|
||||||
|
{
|
||||||
|
- return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap));
|
||||||
|
+ m_Property = SignatureProperty::Date;
|
||||||
|
+ return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
|
||||||
|
}
|
||||||
|
if (nNamespace == XML_NAMESPACE_DC && rName == "description")
|
||||||
|
{
|
||||||
|
- return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap));
|
||||||
|
+ m_Property = SignatureProperty::Description;
|
||||||
|
+ return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
|
||||||
|
}
|
||||||
|
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
|
||||||
|
}
|
||||||
|
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
|
||||||
|
index 93efcb766e3e..7a0eb08bca28 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xsecparser.hxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xsecparser.hxx
|
||||||
|
@@ -97,12 +97,6 @@ private:
|
||||||
|
class DsSignatureContext;
|
||||||
|
class DsigSignaturesContext;
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * the following members are used to reserve the signature information,
|
||||||
|
- * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
|
||||||
|
- */
|
||||||
|
- OUString m_ouDate;
|
||||||
|
-
|
||||||
|
std::stack<std::unique_ptr<Context>> m_ContextStack;
|
||||||
|
std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
|
||||||
|
|
||||||
|
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
|
||||||
|
index 4d1b89949feb..5ed23281f083 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xsecsign.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xsecsign.cxx
|
||||||
|
@@ -132,8 +132,8 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
|
||||||
|
if (nStorageFormat != embed::StorageFormats::OFOPXML)
|
||||||
|
{
|
||||||
|
internalSignatureInfor.signatureInfor.ouSignatureId = createId();
|
||||||
|
- internalSignatureInfor.signatureInfor.ouPropertyId = createId();
|
||||||
|
- internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1, OUString() );
|
||||||
|
+ internalSignatureInfor.signatureInfor.ouDateTimePropertyId = createId();
|
||||||
|
+ internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDateTimePropertyId, -1, OUString() );
|
||||||
|
size++;
|
||||||
|
|
||||||
|
if (bXAdESCompliantIfODF)
|
||||||
|
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
|
||||||
|
index 1f7fa9ac8ca8..5f5840334254 100644
|
||||||
|
--- a/xmlsecurity/source/helper/xsecverify.cxx
|
||||||
|
+++ b/xmlsecurity/source/helper/xsecverify.cxx
|
||||||
|
@@ -321,7 +321,7 @@ void XSecController::setGpgOwner( OUString const & ouGpgOwner )
|
||||||
|
isi.signatureInfor.ouGpgOwner = ouGpgOwner;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void XSecController::setDate( OUString const & ouDate )
|
||||||
|
+void XSecController::setDate(OUString const& rId, OUString const& ouDate)
|
||||||
|
{
|
||||||
|
if (m_vInternalSignatureInformations.empty())
|
||||||
|
{
|
||||||
|
@@ -329,17 +329,31 @@ void XSecController::setDate( OUString const & ouDate )
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
|
||||||
|
+ // there may be multiple timestamps in a signature - check them for consistency
|
||||||
|
+ if (!isi.signatureInfor.ouDateTime.isEmpty()
|
||||||
|
+ && isi.signatureInfor.ouDateTime != ouDate)
|
||||||
|
+ {
|
||||||
|
+ isi.signatureInfor.hasInconsistentSigningTime = true;
|
||||||
|
+ }
|
||||||
|
(void)utl::ISO8601parseDateTime( ouDate, isi.signatureInfor.stDateTime);
|
||||||
|
isi.signatureInfor.ouDateTime = ouDate;
|
||||||
|
+ if (!rId.isEmpty())
|
||||||
|
+ {
|
||||||
|
+ isi.signatureInfor.ouDateTimePropertyId = rId;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
-void XSecController::setDescription(const OUString& rDescription)
|
||||||
|
+void XSecController::setDescription(OUString const& rId, OUString const& rDescription)
|
||||||
|
{
|
||||||
|
if (m_vInternalSignatureInformations.empty())
|
||||||
|
return;
|
||||||
|
|
||||||
|
InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
|
||||||
|
rInformation.signatureInfor.ouDescription = rDescription;
|
||||||
|
+ if (!rId.isEmpty())
|
||||||
|
+ {
|
||||||
|
+ rInformation.signatureInfor.ouDescriptionPropertyId = rId;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
void XSecController::setSignatureBytes(const uno::Sequence<sal_Int8>& rBytes)
|
||||||
|
@@ -433,27 +447,6 @@ void XSecController::setId( OUString const & ouId )
|
||||||
|
isi.signatureInfor.ouSignatureId = ouId;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void XSecController::setPropertyId( OUString const & ouPropertyId )
|
||||||
|
-{
|
||||||
|
- if (m_vInternalSignatureInformations.empty())
|
||||||
|
- {
|
||||||
|
- SAL_INFO("xmlsecurity.helper","XSecController::setPropertyId: no signature");
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
|
||||||
|
-
|
||||||
|
- if (isi.signatureInfor.ouPropertyId.isEmpty())
|
||||||
|
- {
|
||||||
|
- // <SignatureProperty> ID attribute is for the date.
|
||||||
|
- isi.signatureInfor.ouPropertyId = ouPropertyId;
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- {
|
||||||
|
- // <SignatureProperty> ID attribute is for the description.
|
||||||
|
- isi.signatureInfor.ouDescriptionPropertyId = ouPropertyId;
|
||||||
|
- }
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
/* public: for signature verify */
|
||||||
|
void XSecController::collectToVerify( const OUString& referenceId )
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
2120
SOURCES/0005-CVE-2021-25633.patch
Normal file
2120
SOURCES/0005-CVE-2021-25633.patch
Normal file
File diff suppressed because it is too large
Load Diff
1670
SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch
Normal file
1670
SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
|
|||||||
Name: libreoffice
|
Name: libreoffice
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{libo_version}.2
|
Version: %{libo_version}.2
|
||||||
Release: 6%{?libo_prerelease}%{?dist}
|
Release: 7%{?libo_prerelease}%{?dist}
|
||||||
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
||||||
URL: http://www.libreoffice.org/
|
URL: http://www.libreoffice.org/
|
||||||
|
|
||||||
@ -269,6 +269,12 @@ Patch25: 0008-Resolves-tdf-137215-restore-original-modality-before.patch
|
|||||||
Patch26: 0001-rhbz-1882616-move-cursor-one-step-at-a-time-in-the-d.patch
|
Patch26: 0001-rhbz-1882616-move-cursor-one-step-at-a-time-in-the-d.patch
|
||||||
Patch27: 0001-rhbz-1980800-allow-convert-to-csv-to-write-each-shee.patch
|
Patch27: 0001-rhbz-1980800-allow-convert-to-csv-to-write-each-shee.patch
|
||||||
Patch28: 0001-Resolves-tdf-132739-two-style-tags-where-there-shoul.patch
|
Patch28: 0001-Resolves-tdf-132739-two-style-tags-where-there-shoul.patch
|
||||||
|
Patch29: 0001-backports-to-ease-CVE-backporting.patch
|
||||||
|
Patch30: 0002-CVE-2021-25635.patch
|
||||||
|
Patch31: 0003-xmlsecurity-replace-XSecParser-implementation.patch
|
||||||
|
Patch32: 0004-CVE-2021-25634.patch
|
||||||
|
Patch33: 0005-CVE-2021-25633.patch
|
||||||
|
Patch34: 0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
# not upstreamed
|
# not upstreamed
|
||||||
@ -2253,6 +2259,11 @@ done
|
|||||||
%{_includedir}/LibreOfficeKit
|
%{_includedir}/LibreOfficeKit
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 15 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-7
|
||||||
|
- Resolves: rhbz#2013858 CVE-2021-25633
|
||||||
|
- Resolves: rhbz#2014215 CVE-2021-25634
|
||||||
|
- Resolves: rhbz#2014209 CVE-2021-25635
|
||||||
|
|
||||||
* Mon Sep 06 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-6
|
* Mon Sep 06 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-6
|
||||||
- Resolves: rhbz#1980800 allow convert to csv to write each sheet to
|
- Resolves: rhbz#1980800 allow convert to csv to write each sheet to
|
||||||
separate file
|
separate file
|
||||||
|
Loading…
Reference in New Issue
Block a user