rpms/libreoffice
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#2134759 Untrusted Macros

Browse Source
This commit is contained in:
Caolán McNamara 2022-10-20 12:28:09 +01:00
parent b61469fd95
commit bf5e0e75a8
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch Normal file
View File

@ -0,0 +1,63 @@
From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 3 Mar 2022 14:22:37 +0000
Subject: [PATCH 1/5] CVE-2022-26305 compare authors using Thumbprint
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
---
.../component/documentdigitalsignatures.cxx | 23 +++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index b9066ea92cac..5a21c8421bec 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -19,9 +19,10 @@
#include <resourcemanager.hxx>
-#include <digitalsignaturesdialog.hxx>
+#include <certificate.hxx>
#include <certificatechooser.hxx>
#include <certificateviewer.hxx>
+#include <digitalsignaturesdialog.hxx>
#include <macrosecurity.hxx>
#include <biginteger.hxx>
#include <strings.hrc>
@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
- && ( rAuthor[1] == sSerialNum );
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
+ return false;
+ if (rAuthor[1] != sSerialNum)
+ return false;
+
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
+ if (!aSignatureManager.init())
+ return false;
+ uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
+
+ auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
+ auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
+ if (pAuthor && pCert)
+ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
+
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}
--
2.37.3

6
libreoffice.spec
View File

@ -57,7 +57,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice Name: libreoffice
Epoch: 1 Epoch: 1
Version: %{libo_version}.1 Version: %{libo_version}.1
Release: 7%{?libo_prerelease}%{?dist} Release: 8%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/ URL: http://www.libreoffice.org/
@ -274,6 +274,7 @@ Patch18: 0001-annocheck-warning-about-missing-.note.gnu.property-s.patch
Patch19: 0001-EditTextObjectImpl-copy-ctor-doesn-t-exactly-copy-Ed.patch Patch19: 0001-EditTextObjectImpl-copy-ctor-doesn-t-exactly-copy-Ed.patch
Patch20: 0001-CVE-2021-25636.patch Patch20: 0001-CVE-2021-25636.patch
Patch21: 0001-Resolves-rhbz-2081661-gtk-critical-gtk_tree_view_scr.patch Patch21: 0001-Resolves-rhbz-2081661-gtk-critical-gtk_tree_view_scr.patch
Patch22: 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
# not upstreamed # not upstreamed
Patch500: 0001-disable-libe-book-support.patch Patch500: 0001-disable-libe-book-support.patch
@ -2270,6 +2271,9 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
%{_includedir}/LibreOfficeKit %{_includedir}/LibreOfficeKit
%changelog %changelog
* Thu Oct 20 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-8
- Resolves: rhbz#2134759 Untrusted Macros
* Tue May 10 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-7 * Tue May 10 2022 Caolán McNamara <caolanm@redhat.com> - 1:7.1.8.1-7
- Resolves: rhbz#2081661 fix gtk_tree_view_scroll_to_cell assert - Resolves: rhbz#2081661 fix gtk_tree_view_scroll_to_cell assert