Resolves: rhbz#2056412 merge in fedoa 34 changes

This commit is contained in:
Caolán McNamara 2022-02-22 11:37:43 +00:00
parent 8f0d24fcce
commit 8293a300d5
3 changed files with 128 additions and 1 deletions

69
0001-CVE-2021-25636.patch Normal file
View File

@ -0,0 +1,69 @@
From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 20 Dec 2021 17:05:44 +0000
Subject: [PATCH] only use X509Data
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
---
.../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index c699c950f351..9f816479f9dd 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -22,6 +22,8 @@
#include <rtl/uuid.h>
#include <xmlsec-wrapper.h>
+#include <xmlsec/mscng/x509.h>
+
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
@@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
//The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index b41d754f7407..975c17272dc7 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -20,6 +20,8 @@
#include <sal/config.h>
#include <xmlsec-wrapper.h>
+#include <xmlsec/nss/x509.h>
+
#include <xmlelementwrapper_xmlsecimpl.hxx>
#include <xmlsec/xmlstreamio.hxx>
#include <xmlsec/errorcallback.hxx>
@@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
--
2.35.1

View File

@ -0,0 +1,53 @@
From 3925cf39742ebee935498b14571f13f3e8b64b49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Sat, 19 Feb 2022 20:43:33 +0000
Subject: [PATCH] EditTextObjectImpl copy ctor doesn't exactly copy
EditTextObjectImpl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
and this is apparently relied on, so eliding the copy gives unexpected
results.
EditTextObjectImpl::Clone returns a copy of *this, but the
EditTextObjectImpl copy ctor explicitly does not copy the "PortionInfo"
member, so in:
commit fb8973f31f111229be5184f4e4223e963ced2c7b
Author: Caolán McNamara <caolanm@redhat.com>
Date: Sat Oct 10 19:21:38 2020 +0100
ofz#23492 the only user of this ctor throws away the original of the clone
so we can take ownership of the original instead
where the copy was optimized away we want from a state where there was a
new EditTextObjectImpl with an empty PortionInfo member to one where the
PortionInfo of the EditTextObjectImpl was retained.
So explicitly clear this unwanted info.
It's very hard to make rational judgements about code if a copy behaves
differently than the orignal :-(
Change-Id: I642d60841d6bdccbf830f8a2ccdbd9f542a8aa18
---
editeng/source/outliner/outliner.cxx | 1 +
1 file changed, 1 insertion(+)
diff --git a/editeng/source/outliner/outliner.cxx b/editeng/source/outliner/outliner.cxx
index 9c474131352c..d48e4a542723 100644
--- a/editeng/source/outliner/outliner.cxx
+++ b/editeng/source/outliner/outliner.cxx
@@ -383,6 +383,7 @@ std::unique_ptr<OutlinerParaObject> Outliner::CreateParaObject( sal_Int32 nStart
aParagraphDataVector[nPara-nStartPara] = *GetParagraph(nPara);
}
+ xText->ClearPortionInfo(); // tdf#147166 the PortionInfo is unwanted here
std::unique_ptr<OutlinerParaObject> pPObj(new OutlinerParaObject(std::move(xText), aParagraphDataVector, bIsEditDoc));
pPObj->SetOutlinerMode(GetMode());
--
2.35.1

View File

@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.1
Release: 5%{?libo_prerelease}%{?dist}
Release: 6%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/
@ -271,6 +271,8 @@ Patch15: 0001-Resolves-tdf-140250-don-t-share-adjustments-between-.patch
Patch16: 0001-fix-comparison-when-searching-cache.patch
Patch17: 0001-tdf-121546-sw-don-t-use-undo-array-s-m_pOutlineNodes.patch
Patch18: 0001-annocheck-warning-about-missing-.note.gnu.property-s.patch
Patch19: 0001-EditTextObjectImpl-copy-ctor-doesn-t-exactly-copy-Ed.patch
Patch20: 0001-CVE-2021-25636.patch
# not upstreamed
Patch500: 0001-disable-libe-book-support.patch
@ -2267,6 +2269,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
%{_includedir}/LibreOfficeKit
%changelog
* Tue Feb 22 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-6
- Resolves: rhbz#2056412 merge in fedoa 34 changes
* Thu Feb 10 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-5
- Related: rhbz#2042817 bump n-v-r