Fix CVE-2024-6472 remove ability to trust not validated macro signatures in high security

Resolves: RHEL-52942
2024-08-15 12:55:06 +02:00 · 2024-08-15 12:55:06 +02:00 · 5b611bf514
commit 5b611bf514
parent d5f5b49782
2 changed files with 87 additions and 1 deletions
--- a/0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
+++ b/0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
@ -0,0 +1,81 @@
+From 4e997c62fd6edf6c3fe9e553cc92c77fd48f039c Mon Sep 17 00:00:00 2001
+Message-ID: <4e997c62fd6edf6c3fe9e553cc92c77fd48f039c.1723718921.git.erack@redhat.com>
+From: Sarper Akdemir <sarper.akdemir@allotropia.de>
+Date: Tue, 11 Jun 2024 12:39:36 +0200
+Subject: [PATCH] remove ability to trust not validated macro signatures in
+ high security
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
+
+This is a multi-part message in MIME format.
+--------------erAck-patch-parts
+Content-Type: text/plain; charset=UTF-8; format=fixed
+Content-Transfer-Encoding: 8bit
+
+
+Giving the user the option to determine if they should trust an
+invalid signature in HIGH macro security doesn't make sense.
+CommonName of the signature is the most prominent feature presented
+and the CommonName of a certificate can be easily forged for an
+invalid signature, tricking the user into accepting an invalid
+signature.
+
+in the HIGH macro security setting only show the pop-up to
+enable/disable signed macro if the certificate signature can be
+validated.
+
+cherry-picked without UI/String altering bits for 24-2
+
+Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
+Tested-by: Jenkins
+Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
+(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
+Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171323
+---
+ sfx2/source/doc/docmacromode.cxx | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+
+--------------erAck-patch-parts
+Content-Type: text/x-patch; name="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
+Content-Transfer-Encoding: 8bit
+Content-Disposition: attachment; filename="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
+
+diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
+index 8a617b1785c6..997a8f739395 100644
+--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
+@@ -229,14 +229,18 @@ namespace sfx2
+             // check whether the document is signed with trusted certificate
+             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
+             {
+                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
+                 // the trusted macro check will also retrieve the signature state ( small optimization )
+                 const SvtSecurityOptions aSecOption;
+                 const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+                                                  && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
+-                                                     || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                                                     || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+                                                 && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                                                     || nSignatureState == SignatureState::OK);
+
+                 const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
+ 
+-                SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+                 if ( nSignatureState == SignatureState::BROKEN )
+                 {
+                     if (!bAllowUIToAddAuthor)
+
+--------------erAck-patch-parts--
+
+
--- a/libreoffice.spec
+++ b/libreoffice.spec
@ -54,7 +54,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.2
-Release:        17%{?libo_prerelease}%{?dist}
+Release:        18%{?libo_prerelease}%{?dist}
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/

@ -301,6 +301,7 @@ Patch57: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patc
 Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
 Patch59: 0006-CVE-2023-6186-backporting.patch
 Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
+Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch

 %if 0%{?rhel}
 # not upstreamed
@ -2307,6 +2308,10 @@ done
 %{_includedir}/LibreOfficeKit

 %changelog
+* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
+- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
+  high security
+
 * Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-17
 - Fix CVE-2024-3044 add notify for script use