Resolves: rhbz#2056412 merge in fedoa 34 changes
This commit is contained in:
parent
8f0d24fcce
commit
8293a300d5
69
0001-CVE-2021-25636.patch
Normal file
69
0001-CVE-2021-25636.patch
Normal file
@ -0,0 +1,69 @@
|
||||
From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||
Date: Mon, 20 Dec 2021 17:05:44 +0000
|
||||
Subject: [PATCH] only use X509Data
|
||||
|
||||
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
|
||||
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
|
||||
Tested-by: Jenkins
|
||||
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
|
||||
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
|
||||
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
||||
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
|
||||
---
|
||||
.../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++
|
||||
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++
|
||||
2 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
||||
index c699c950f351..9f816479f9dd 100644
|
||||
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
||||
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
||||
@@ -22,6 +22,8 @@
|
||||
#include <rtl/uuid.h>
|
||||
#include <xmlsec-wrapper.h>
|
||||
|
||||
+#include <xmlsec/mscng/x509.h>
|
||||
+
|
||||
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
|
||||
#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
|
||||
|
||||
@@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
|
||||
// We do certificate verification ourselves.
|
||||
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
|
||||
|
||||
+ // limit possible key data to valid X509 certificates only, no KeyValues
|
||||
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0)
|
||||
+ throw RuntimeException("failed to limit allowed key data");
|
||||
+
|
||||
//Verify signature
|
||||
//The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
|
||||
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
|
||||
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
||||
index b41d754f7407..975c17272dc7 100644
|
||||
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
||||
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
||||
@@ -20,6 +20,8 @@
|
||||
#include <sal/config.h>
|
||||
#include <xmlsec-wrapper.h>
|
||||
|
||||
+#include <xmlsec/nss/x509.h>
|
||||
+
|
||||
#include <xmlelementwrapper_xmlsecimpl.hxx>
|
||||
#include <xmlsec/xmlstreamio.hxx>
|
||||
#include <xmlsec/errorcallback.hxx>
|
||||
@@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
|
||||
// We do certificate verification ourselves.
|
||||
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
|
||||
|
||||
+ // limit possible key data to valid X509 certificates only, no KeyValues
|
||||
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
|
||||
+ throw RuntimeException("failed to limit allowed key data");
|
||||
+
|
||||
//Verify signature
|
||||
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
|
||||
|
||||
--
|
||||
2.35.1
|
||||
|
@ -0,0 +1,53 @@
|
||||
From 3925cf39742ebee935498b14571f13f3e8b64b49 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||
Date: Sat, 19 Feb 2022 20:43:33 +0000
|
||||
Subject: [PATCH] EditTextObjectImpl copy ctor doesn't exactly copy
|
||||
EditTextObjectImpl
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
and this is apparently relied on, so eliding the copy gives unexpected
|
||||
results.
|
||||
|
||||
EditTextObjectImpl::Clone returns a copy of *this, but the
|
||||
EditTextObjectImpl copy ctor explicitly does not copy the "PortionInfo"
|
||||
member, so in:
|
||||
|
||||
commit fb8973f31f111229be5184f4e4223e963ced2c7b
|
||||
Author: Caolán McNamara <caolanm@redhat.com>
|
||||
Date: Sat Oct 10 19:21:38 2020 +0100
|
||||
|
||||
ofz#23492 the only user of this ctor throws away the original of the clone
|
||||
|
||||
so we can take ownership of the original instead
|
||||
|
||||
where the copy was optimized away we want from a state where there was a
|
||||
new EditTextObjectImpl with an empty PortionInfo member to one where the
|
||||
PortionInfo of the EditTextObjectImpl was retained.
|
||||
|
||||
So explicitly clear this unwanted info.
|
||||
|
||||
It's very hard to make rational judgements about code if a copy behaves
|
||||
differently than the orignal :-(
|
||||
|
||||
Change-Id: I642d60841d6bdccbf830f8a2ccdbd9f542a8aa18
|
||||
---
|
||||
editeng/source/outliner/outliner.cxx | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/editeng/source/outliner/outliner.cxx b/editeng/source/outliner/outliner.cxx
|
||||
index 9c474131352c..d48e4a542723 100644
|
||||
--- a/editeng/source/outliner/outliner.cxx
|
||||
+++ b/editeng/source/outliner/outliner.cxx
|
||||
@@ -383,6 +383,7 @@ std::unique_ptr<OutlinerParaObject> Outliner::CreateParaObject( sal_Int32 nStart
|
||||
aParagraphDataVector[nPara-nStartPara] = *GetParagraph(nPara);
|
||||
}
|
||||
|
||||
+ xText->ClearPortionInfo(); // tdf#147166 the PortionInfo is unwanted here
|
||||
std::unique_ptr<OutlinerParaObject> pPObj(new OutlinerParaObject(std::move(xText), aParagraphDataVector, bIsEditDoc));
|
||||
pPObj->SetOutlinerMode(GetMode());
|
||||
|
||||
--
|
||||
2.35.1
|
||||
|
@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
|
||||
Name: libreoffice
|
||||
Epoch: 1
|
||||
Version: %{libo_version}.1
|
||||
Release: 5%{?libo_prerelease}%{?dist}
|
||||
Release: 6%{?libo_prerelease}%{?dist}
|
||||
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
||||
URL: http://www.libreoffice.org/
|
||||
|
||||
@ -271,6 +271,8 @@ Patch15: 0001-Resolves-tdf-140250-don-t-share-adjustments-between-.patch
|
||||
Patch16: 0001-fix-comparison-when-searching-cache.patch
|
||||
Patch17: 0001-tdf-121546-sw-don-t-use-undo-array-s-m_pOutlineNodes.patch
|
||||
Patch18: 0001-annocheck-warning-about-missing-.note.gnu.property-s.patch
|
||||
Patch19: 0001-EditTextObjectImpl-copy-ctor-doesn-t-exactly-copy-Ed.patch
|
||||
Patch20: 0001-CVE-2021-25636.patch
|
||||
|
||||
# not upstreamed
|
||||
Patch500: 0001-disable-libe-book-support.patch
|
||||
@ -2267,6 +2269,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
|
||||
%{_includedir}/LibreOfficeKit
|
||||
|
||||
%changelog
|
||||
* Tue Feb 22 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-6
|
||||
- Resolves: rhbz#2056412 merge in fedoa 34 changes
|
||||
|
||||
* Thu Feb 10 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-5
|
||||
- Related: rhbz#2042817 bump n-v-r
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user