import libreoffice-6.4.7.2-12.el8_7
This commit is contained in:
parent
c5711baf0e
commit
fdfe5265c8
@ -0,0 +1,63 @@
|
|||||||
|
From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Thu, 3 Mar 2022 14:22:37 +0000
|
||||||
|
Subject: [PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint
|
||||||
|
|
||||||
|
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
|
||||||
|
---
|
||||||
|
.../component/documentdigitalsignatures.cxx | 23 +++++++++++++++----
|
||||||
|
1 file changed, 19 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
index b9066ea92cac..5a21c8421bec 100644
|
||||||
|
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
||||||
|
@@ -19,9 +19,10 @@
|
||||||
|
|
||||||
|
#include <resourcemanager.hxx>
|
||||||
|
|
||||||
|
-#include <digitalsignaturesdialog.hxx>
|
||||||
|
+#include <certificate.hxx>
|
||||||
|
#include <certificatechooser.hxx>
|
||||||
|
#include <certificateviewer.hxx>
|
||||||
|
+#include <digitalsignaturesdialog.hxx>
|
||||||
|
#include <macrosecurity.hxx>
|
||||||
|
#include <biginteger.hxx>
|
||||||
|
#include <strings.hrc>
|
||||||
|
@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
|
||||||
|
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
|
||||||
|
|
||||||
|
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
|
||||||
|
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
|
||||||
|
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
|
||||||
|
- && ( rAuthor[1] == sSerialNum );
|
||||||
|
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
|
||||||
|
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
|
||||||
|
+ return false;
|
||||||
|
+ if (rAuthor[1] != sSerialNum)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
|
||||||
|
+ if (!aSignatureManager.init())
|
||||||
|
+ return false;
|
||||||
|
+ uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
|
||||||
|
+
|
||||||
|
+ auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
|
||||||
|
+ auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
|
||||||
|
+ if (pAuthor && pCert)
|
||||||
|
+ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
|
||||||
|
+
|
||||||
|
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
279
SOURCES/0001-CVE-2022-3140.patch
Normal file
279
SOURCES/0001-CVE-2022-3140.patch
Normal file
@ -0,0 +1,279 @@
|
|||||||
|
From 3831e68bffc233f581e3eb1cb3c7ed925daab86f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
Date: Tue, 30 Aug 2022 14:04:52 +0200
|
||||||
|
Subject: [PATCH] Filter out unwanted command URIs
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
(cherry picked from commit 27d29f7df428885865a8e2313283839b20f2a34b)
|
||||||
|
Conflicts:
|
||||||
|
desktop/source/app/cmdlineargs.cxx
|
||||||
|
|
||||||
|
Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139182
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||||||
|
(cherry picked from commit da291e2960b75153f41d440a1b41961567432e8c)
|
||||||
|
|
||||||
|
These commands are always URLs already
|
||||||
|
|
||||||
|
Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
|
||||||
|
Tested-by: Jean-Pierre Ledure <jp@ledure.be>
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
(cherry picked from commit e61701e1ee6763de72b397e6ade1124eca9400f3)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138980
|
||||||
|
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
||||||
|
(cherry picked from commit 5b4025bb56999f5c895c6f7e0b52f521800d65b0)
|
||||||
|
|
||||||
|
check IFrame "FrameURL" target
|
||||||
|
|
||||||
|
similiar to
|
||||||
|
|
||||||
|
commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
|
||||||
|
Date: Wed Aug 7 17:37:11 2019 +0100
|
||||||
|
|
||||||
|
warn on load when a document binds an event to a macro
|
||||||
|
|
||||||
|
Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
(cherry picked from commit c7450d0b9d02c64ae3da467d329040787039767e)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139117
|
||||||
|
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
||||||
|
(cherry picked from commit f5e3b0a7966d7d28817292adbb58fb43f28b7c6d)
|
||||||
|
|
||||||
|
check impress/calc IFrame "FrameURL" target
|
||||||
|
|
||||||
|
similar to
|
||||||
|
|
||||||
|
commit c7450d0b9d02c64ae3da467d329040787039767e
|
||||||
|
Date: Tue Aug 30 17:01:08 2022 +0100
|
||||||
|
|
||||||
|
check IFrame "FrameURL" target
|
||||||
|
|
||||||
|
Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139495
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
(cherry picked from commit d0312786571221c2dd4f63fa69f6f0489d7d39ec)
|
||||||
|
---
|
||||||
|
desktop/source/app/cmdlineargs.cxx | 10 +++++++++-
|
||||||
|
sfx2/source/appl/macroloader.cxx | 9 +++++++--
|
||||||
|
sfx2/source/doc/iframe.cxx | 21 ++++++++++++++++-----
|
||||||
|
sfx2/source/inc/macroloader.hxx | 2 ++
|
||||||
|
sw/source/filter/html/htmlplug.cxx | 7 ++++++-
|
||||||
|
sw/source/filter/xml/xmltexti.cxx | 9 +++++++--
|
||||||
|
wizards/source/access2base/DoCmd.xba | 2 +-
|
||||||
|
xmloff/source/draw/ximpshap.cxx | 4 ++++
|
||||||
|
8 files changed, 52 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
|
||||||
|
index 381147c..5babfbe 100644
|
||||||
|
--- a/desktop/source/app/cmdlineargs.cxx
|
||||||
|
+++ b/desktop/source/app/cmdlineargs.cxx
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
|
||||||
|
#include "cmdlineargs.hxx"
|
||||||
|
#include <tools/stream.hxx>
|
||||||
|
+#include <tools/urlobj.hxx>
|
||||||
|
#include <vcl/svapp.hxx>
|
||||||
|
#include <rtl/uri.hxx>
|
||||||
|
#include <rtl/ustring.hxx>
|
||||||
|
@@ -169,7 +170,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
|
||||||
|
}
|
||||||
|
if (nURIlen < 0)
|
||||||
|
nURIlen = rest2.getLength();
|
||||||
|
- arg = rest2.copy(0, nURIlen);
|
||||||
|
+ auto const uri = rest2.copy(0, nURIlen);
|
||||||
|
+ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
|
||||||
|
+ // Let the "Open" machinery process the full command URI (leading to failure, by intention,
|
||||||
|
+ // as the "Open" machinery does not know about those command URI schemes):
|
||||||
|
+ curEvt = CommandLineEvent::Open;
|
||||||
|
+ } else {
|
||||||
|
+ arg = uri;
|
||||||
|
+ }
|
||||||
|
return curEvt;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx
|
||||||
|
index 98e036e..b50d1e6 100644
|
||||||
|
--- a/sfx2/source/appl/macroloader.cxx
|
||||||
|
+++ b/sfx2/source/appl/macroloader.cxx
|
||||||
|
@@ -76,10 +76,10 @@ css::uno::Sequence<OUString> SAL_CALL SfxMacroLoader::getSupportedServiceNames()
|
||||||
|
return aSeq;
|
||||||
|
}
|
||||||
|
|
||||||
|
-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
|
||||||
|
+SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>& xFrame)
|
||||||
|
{
|
||||||
|
SfxObjectShell* pDocShell = nullptr;
|
||||||
|
- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
|
||||||
|
+
|
||||||
|
if ( xFrame.is() )
|
||||||
|
{
|
||||||
|
SfxFrame* pFrame=nullptr;
|
||||||
|
@@ -96,6 +96,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
|
||||||
|
return pDocShell;
|
||||||
|
}
|
||||||
|
|
||||||
|
+SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
|
||||||
|
+{
|
||||||
|
+ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
|
||||||
|
+ return SfxMacroLoader::GetObjectShell(xFrame);
|
||||||
|
+}
|
||||||
|
|
||||||
|
uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch(
|
||||||
|
const util::URL& aURL ,
|
||||||
|
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
|
||||||
|
index 8b12715..b5291b2 100644
|
||||||
|
--- a/sfx2/source/doc/iframe.cxx
|
||||||
|
+++ b/sfx2/source/doc/iframe.cxx
|
||||||
|
@@ -39,11 +39,13 @@
|
||||||
|
#include <svl/ownlist.hxx>
|
||||||
|
#include <svl/itemprop.hxx>
|
||||||
|
#include <sfx2/frmdescr.hxx>
|
||||||
|
+#include <sfx2/objsh.hxx>
|
||||||
|
#include <sfx2/sfxdlg.hxx>
|
||||||
|
#include <sfx2/sfxsids.hrc>
|
||||||
|
#include <toolkit/helper/vclunohelper.hxx>
|
||||||
|
#include <vcl/window.hxx>
|
||||||
|
#include <tools/debug.hxx>
|
||||||
|
+#include <macroloader.hxx>
|
||||||
|
|
||||||
|
using namespace ::com::sun::star;
|
||||||
|
|
||||||
|
@@ -159,6 +161,19 @@ sal_Bool SAL_CALL IFrameObject::load(
|
||||||
|
{
|
||||||
|
if ( SvtMiscOptions().IsPluginsEnabled() )
|
||||||
|
{
|
||||||
|
+ util::URL aTargetURL;
|
||||||
|
+ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
|
||||||
|
+ uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
|
||||||
|
+ xTrans->parseStrict( aTargetURL );
|
||||||
|
+
|
||||||
|
+ if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ {
|
||||||
|
+ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
|
||||||
|
+ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
|
||||||
|
+ if (pDoc && !pDoc->AdjustMacroMode())
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
|
||||||
|
VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
|
||||||
|
VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
|
||||||
|
@@ -181,16 +196,12 @@ sal_Bool SAL_CALL IFrameObject::load(
|
||||||
|
if ( xFramesSupplier.is() )
|
||||||
|
mxFrame->setCreator( xFramesSupplier );
|
||||||
|
|
||||||
|
- util::URL aTargetURL;
|
||||||
|
- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
|
||||||
|
- uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
|
||||||
|
- xTrans->parseStrict( aTargetURL );
|
||||||
|
-
|
||||||
|
uno::Sequence < beans::PropertyValue > aProps(2);
|
||||||
|
aProps[0].Name = "PluginMode";
|
||||||
|
aProps[0].Value <<= sal_Int16(2);
|
||||||
|
aProps[1].Name = "ReadOnly";
|
||||||
|
aProps[1].Value <<= true;
|
||||||
|
+
|
||||||
|
uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 );
|
||||||
|
if ( xDisp.is() )
|
||||||
|
xDisp->dispatch( aTargetURL, aProps );
|
||||||
|
diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx
|
||||||
|
index 9e1dfba..b3e7a5e 100644
|
||||||
|
--- a/sfx2/source/inc/macroloader.hxx
|
||||||
|
+++ b/sfx2/source/inc/macroloader.hxx
|
||||||
|
@@ -82,6 +82,8 @@ public:
|
||||||
|
virtual void SAL_CALL addStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
|
||||||
|
|
||||||
|
virtual void SAL_CALL removeStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
|
||||||
|
+
|
||||||
|
+ static SfxObjectShell* GetObjectShell(const css::uno::Reference<css::frame::XFrame>& xFrame);
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
|
||||||
|
index a0da671..eb70704 100644
|
||||||
|
--- a/sw/source/filter/html/htmlplug.cxx
|
||||||
|
+++ b/sw/source/filter/html/htmlplug.cxx
|
||||||
|
@@ -1087,7 +1087,12 @@ void SwHTMLParser::InsertFloatingFrame()
|
||||||
|
bool bHasBorder = aFrameDesc.HasFrameBorder();
|
||||||
|
Size aMargin = aFrameDesc.GetMargin();
|
||||||
|
|
||||||
|
- xSet->setPropertyValue("FrameURL", uno::makeAny( aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) );
|
||||||
|
+ OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
|
||||||
|
+
|
||||||
|
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ NotifyMacroEventRead();
|
||||||
|
+
|
||||||
|
+ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
|
||||||
|
xSet->setPropertyValue("FrameName", uno::makeAny( aName ) );
|
||||||
|
|
||||||
|
if ( eScroll == ScrollingMode::Auto )
|
||||||
|
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
index 788bec5..72a14b9 100644
|
||||||
|
--- a/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
+++ b/sw/source/filter/xml/xmltexti.cxx
|
||||||
|
@@ -853,9 +853,14 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
|
||||||
|
uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
|
||||||
|
if ( xSet.is() )
|
||||||
|
{
|
||||||
|
+ OUString sHRef = URIHelper::SmartRel2Abs(
|
||||||
|
+ INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
|
||||||
|
+
|
||||||
|
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ GetXMLImport().NotifyMacroEventRead();
|
||||||
|
+
|
||||||
|
xSet->setPropertyValue("FrameURL",
|
||||||
|
- makeAny( URIHelper::SmartRel2Abs(
|
||||||
|
- INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ) ) );
|
||||||
|
+ makeAny( rHRef ) );
|
||||||
|
|
||||||
|
xSet->setPropertyValue("FrameName",
|
||||||
|
makeAny( rName ) );
|
||||||
|
diff --git a/wizards/source/access2base/DoCmd.xba b/wizards/source/access2base/DoCmd.xba
|
||||||
|
index 27b0d74..26755a8 100644
|
||||||
|
--- a/wizards/source/access2base/DoCmd.xba
|
||||||
|
+++ b/wizards/source/access2base/DoCmd.xba
|
||||||
|
@@ -2655,7 +2655,7 @@ Private Sub _ShellExecute(sCommand As String)
|
||||||
|
|
||||||
|
Dim oShell As Object
|
||||||
|
Set oShell = createUnoService("com.sun.star.system.SystemShellExecute")
|
||||||
|
- oShell.execute(sCommand, "" , com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
|
||||||
|
+ oShell.execute(sCommand, "" , com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
|
||||||
|
|
||||||
|
End Sub ' _ShellExecute V0.8.5
|
||||||
|
|
||||||
|
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
|
||||||
|
index 2e509f8..ae35f1e 100644
|
||||||
|
--- a/xmloff/source/draw/ximpshap.cxx
|
||||||
|
+++ b/xmloff/source/draw/ximpshap.cxx
|
||||||
|
@@ -87,6 +87,7 @@
|
||||||
|
#include <basegfx/polygon/b2dpolypolygon.hxx>
|
||||||
|
#include <basegfx/polygon/b2dpolypolygontools.hxx>
|
||||||
|
#include <basegfx/vector/b2dvector.hxx>
|
||||||
|
+#include <tools/urlobj.hxx>
|
||||||
|
#include <o3tl/safeint.hxx>
|
||||||
|
|
||||||
|
using namespace ::com::sun::star;
|
||||||
|
@@ -3243,6 +3244,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
|
||||||
|
|
||||||
|
if( !maHref.isEmpty() )
|
||||||
|
{
|
||||||
|
+ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
|
||||||
|
+ GetImport().NotifyMacroEventRead();
|
||||||
|
+
|
||||||
|
xProps->setPropertyValue("FrameURL", Any(maHref) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,198 @@
|
|||||||
|
From 61f8673fb44150bd629d88f6626aff8d5b026449 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Mon, 21 Mar 2022 20:58:34 +0000
|
||||||
|
Subject: [PATCH] make hash encoding match decoding
|
||||||
|
|
||||||
|
Seeing as old versions of the hash may be in the users config, add a
|
||||||
|
StorageVersion field to the office config Passwords section which
|
||||||
|
defaults to 0 to indicate the old hash is in use.
|
||||||
|
|
||||||
|
Try the old varient when StorageVersion is 0. When a new encoded master
|
||||||
|
password it set write StorageVersion of 1 to indicate a new hash is in
|
||||||
|
use and use the new style when StorageVersion is 1.
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
||||||
|
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
|
||||||
|
|
||||||
|
svl: fix crash if user cancels/closes master password dialog
|
||||||
|
|
||||||
|
(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)
|
||||||
|
|
||||||
|
Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905
|
||||||
|
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
---
|
||||||
|
.../schema/org/openoffice/Office/Common.xcs | 6 +++
|
||||||
|
.../passwordcontainer/passwordcontainer.cxx | 47 ++++++++++++++++++-
|
||||||
|
.../passwordcontainer/passwordcontainer.hxx | 6 +++
|
||||||
|
uui/source/iahndl-authentication.cxx | 5 +-
|
||||||
|
4 files changed, 60 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
index b317f616deeb..b033b29b60d7 100644
|
||||||
|
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
@@ -911,6 +911,12 @@
|
||||||
|
</info>
|
||||||
|
<value>false</value>
|
||||||
|
</prop>
|
||||||
|
+ <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false">
|
||||||
|
+ <info>
|
||||||
|
+ <desc>Specifies what version of encoding scheme the password container uses.</desc>
|
||||||
|
+ </info>
|
||||||
|
+ <value>0</value>
|
||||||
|
+ </prop>
|
||||||
|
<prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false">
|
||||||
|
<info>
|
||||||
|
<desc>Specifies if there is a valid master password.</desc>
|
||||||
|
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
index 02947cd3892c..ff0b40df4016 100644
|
||||||
|
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
@@ -17,6 +17,8 @@
|
||||||
|
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#include <sal/config.h>
|
||||||
|
+#include <sal/log.hxx>
|
||||||
|
|
||||||
|
#include "passwordcontainer.hxx"
|
||||||
|
|
||||||
|
@@ -259,6 +261,23 @@ bool StorageItem::useStorage()
|
||||||
|
return aResult;
|
||||||
|
}
|
||||||
|
|
||||||
|
+sal_Int32 StorageItem::getStorageVersion()
|
||||||
|
+{
|
||||||
|
+ Sequence<OUString> aNodeNames { "StorageVersion" };
|
||||||
|
+
|
||||||
|
+ Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
|
||||||
|
+
|
||||||
|
+ if( aPropertyValues.getLength() != aNodeNames.getLength() )
|
||||||
|
+ {
|
||||||
|
+ OSL_FAIL( "Problems during reading" );
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ sal_Int32 nResult = 0;
|
||||||
|
+ aPropertyValues[0] >>= nResult;
|
||||||
|
+
|
||||||
|
+ return nResult;
|
||||||
|
+}
|
||||||
|
|
||||||
|
bool StorageItem::getEncodedMP( OUString& aResult )
|
||||||
|
{
|
||||||
|
@@ -291,15 +310,17 @@ bool StorageItem::getEncodedMP( OUString& aResult )
|
||||||
|
|
||||||
|
void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
|
||||||
|
{
|
||||||
|
- Sequence< OUString > sendNames(2);
|
||||||
|
- Sequence< uno::Any > sendVals(2);
|
||||||
|
+ Sequence< OUString > sendNames(3);
|
||||||
|
+ Sequence< uno::Any > sendVals(3);
|
||||||
|
|
||||||
|
sendNames[0] = "HasMaster";
|
||||||
|
sendNames[1] = "Master";
|
||||||
|
+ sendNames[2] = "StorageVersion";
|
||||||
|
|
||||||
|
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
|
||||||
|
sendVals[0] <<= bHasMaster;
|
||||||
|
sendVals[1] <<= aEncoded;
|
||||||
|
+ sendVals[2] <<= nCurrentStorageVersion;
|
||||||
|
|
||||||
|
ConfigItem::SetModified();
|
||||||
|
ConfigItem::PutProperties( sendNames, sendVals );
|
||||||
|
@@ -800,6 +821,18 @@ OUString PasswordContainer::RequestPasswordFromUser( PasswordRequestMode aRMode,
|
||||||
|
return aResult;
|
||||||
|
}
|
||||||
|
|
||||||
|
+// Mangle the key to match an old bug
|
||||||
|
+static OUString ReencodeAsOldHash(const OUString& rPass)
|
||||||
|
+{
|
||||||
|
+ OUStringBuffer aBuffer;
|
||||||
|
+ for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind)
|
||||||
|
+ {
|
||||||
|
+ unsigned char i = static_cast<char>(rPass.copy(ind * 2, 2).toUInt32(16));
|
||||||
|
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
|
||||||
|
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
|
||||||
|
+ }
|
||||||
|
+ return aBuffer.makeStringAndClear();
|
||||||
|
+}
|
||||||
|
|
||||||
|
OUString const & PasswordContainer::GetMasterPassword( const Reference< XInteractionHandler >& aHandler )
|
||||||
|
{
|
||||||
|
@@ -838,6 +871,9 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
+ if (m_pStorageFile->getStorageVersion() == 0)
|
||||||
|
+ aPass = ReencodeAsOldHash(aPass);
|
||||||
|
+
|
||||||
|
std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );
|
||||||
|
if( aRM.empty() || aPass != aRM[0] )
|
||||||
|
{
|
||||||
|
@@ -1042,6 +1078,13 @@ sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::R
|
||||||
|
|
||||||
|
do {
|
||||||
|
aPass = RequestPasswordFromUser( aRMode, xTmpHandler );
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ if (!aPass.isEmpty() && m_pStorageFile->getStorageVersion() == 0)
|
||||||
|
+ {
|
||||||
|
+ aPass = ReencodeAsOldHash(aPass);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd );
|
||||||
|
aRMode = PasswordRequestMode_PASSWORD_REENTER; // further questions with error notification
|
||||||
|
} while( !bResult && !aPass.isEmpty() );
|
||||||
|
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
index 09fb7e03629d..cf5c717d0c9e 100644
|
||||||
|
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
@@ -167,6 +167,10 @@ public:
|
||||||
|
typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord;
|
||||||
|
typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap;
|
||||||
|
|
||||||
|
+// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of
|
||||||
|
+// how password details are saved changes. Enables migration from previous
|
||||||
|
+// schemes.
|
||||||
|
+constexpr sal_Int32 nCurrentStorageVersion = 1;
|
||||||
|
|
||||||
|
class PasswordContainer;
|
||||||
|
|
||||||
|
@@ -195,6 +199,8 @@ public:
|
||||||
|
void remove( const OUString& url, const OUString& rec );
|
||||||
|
void clear();
|
||||||
|
|
||||||
|
+ sal_Int32 getStorageVersion();
|
||||||
|
+
|
||||||
|
bool getEncodedMP( OUString& aResult );
|
||||||
|
void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
|
||||||
|
void setUseStorage( bool bUse );
|
||||||
|
diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx
|
||||||
|
index 4835a485dd2a..5764e62cb1c6 100644
|
||||||
|
--- a/uui/source/iahndl-authentication.cxx
|
||||||
|
+++ b/uui/source/iahndl-authentication.cxx
|
||||||
|
@@ -436,8 +436,9 @@ executeMasterPasswordDialog(
|
||||||
|
OUStringBuffer aBuffer;
|
||||||
|
for (sal_uInt8 i : aKey)
|
||||||
|
{
|
||||||
|
- aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
|
||||||
|
- aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
|
||||||
|
+ // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index * 2, 2).toUInt32(16));
|
||||||
|
+ aBuffer.append(OUString::number(i >> 4, 16));
|
||||||
|
+ aBuffer.append(OUString::number(i & 15, 16));
|
||||||
|
}
|
||||||
|
rInfo.SetPassword(aBuffer.makeStringAndClear());
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,586 @@
|
|||||||
|
From a3046cfa58bdfa2a1b9ea6287a021230830f056f Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Tue, 22 Mar 2022 17:22:22 +0000
|
||||||
|
Subject: [PATCH] add Initialization Vectors to password storage
|
||||||
|
|
||||||
|
old ones default to the current all zero case and continue to work
|
||||||
|
as before
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
|
||||||
|
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
||||||
|
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
|
||||||
|
|
||||||
|
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907
|
||||||
|
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
---
|
||||||
|
.../schema/org/openoffice/Office/Common.xcs | 10 ++
|
||||||
|
.../passwordcontainer/passwordcontainer.cxx | 127 ++++++++++++------
|
||||||
|
.../passwordcontainer/passwordcontainer.hxx | 63 +++++++--
|
||||||
|
3 files changed, 151 insertions(+), 49 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
index b033b29b60d7..e57d26ab3366 100644
|
||||||
|
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
|
||||||
|
@@ -27,6 +27,11 @@
|
||||||
|
<info>
|
||||||
|
<desc>Contains a container for passwords.</desc>
|
||||||
|
</info>
|
||||||
|
+ <prop oor:name="InitializationVector" oor:type="xs:string">
|
||||||
|
+ <info>
|
||||||
|
+ <desc>Contains an initialization vector for the password encryption.</desc>
|
||||||
|
+ </info>
|
||||||
|
+ </prop>
|
||||||
|
<prop oor:name="Password" oor:type="xs:string" oor:localized="false">
|
||||||
|
<info>
|
||||||
|
<desc>Contains a password encoded with the master password.</desc>
|
||||||
|
@@ -923,6 +928,11 @@
|
||||||
|
</info>
|
||||||
|
<value>false</value>
|
||||||
|
</prop>
|
||||||
|
+ <prop oor:name="MasterInitializationVector" oor:type="xs:string">
|
||||||
|
+ <info>
|
||||||
|
+ <desc>Contains an initialization vector for the master password encryption.</desc>
|
||||||
|
+ </info>
|
||||||
|
+ </prop>
|
||||||
|
<prop oor:name="Master" oor:type="xs:string" oor:nillable="false">
|
||||||
|
<info>
|
||||||
|
<desc>Contains the master password encrypted by itself.</desc>
|
||||||
|
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
index ff0b40df4016..380188ef495c 100644
|
||||||
|
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
|
||||||
|
@@ -184,15 +184,18 @@ PassMap StorageItem::getInfo()
|
||||||
|
|
||||||
|
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
|
||||||
|
sal_Int32 aNodeCount = aNodeNames.getLength();
|
||||||
|
- Sequence< OUString > aPropNames( aNodeCount );
|
||||||
|
+ Sequence< OUString > aPropNames( aNodeCount * 2);
|
||||||
|
|
||||||
|
std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
|
||||||
|
[](const OUString& rName) -> OUString {
|
||||||
|
return "Store/Passwordstorage['" + rName + "']/Password"; });
|
||||||
|
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray() + aNodeCount,
|
||||||
|
+ [](const OUString& rName) -> OUString {
|
||||||
|
+ return "Store/Passwordstorage['" + rName + "']/InitializationVector"; });
|
||||||
|
|
||||||
|
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
|
||||||
|
|
||||||
|
- if( aPropertyValues.getLength() != aNodeCount )
|
||||||
|
+ if( aPropertyValues.getLength() != aNodeCount * 2)
|
||||||
|
{
|
||||||
|
OSL_FAIL( "Problems during reading" );
|
||||||
|
return aResult;
|
||||||
|
@@ -208,14 +211,16 @@ PassMap StorageItem::getInfo()
|
||||||
|
OUString aName = aUrlUsr[1];
|
||||||
|
|
||||||
|
OUString aEPasswd;
|
||||||
|
+ OUString aIV;
|
||||||
|
aPropertyValues[aNodeInd] >>= aEPasswd;
|
||||||
|
+ aPropertyValues[aNodeInd + aNodeCount] >>= aIV;
|
||||||
|
|
||||||
|
PassMap::iterator aIter = aResult.find( aUrl );
|
||||||
|
if( aIter != aResult.end() )
|
||||||
|
- aIter->second.emplace_back( aName, aEPasswd );
|
||||||
|
+ aIter->second.emplace_back( aName, aEPasswd, aIV );
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- NamePassRecord aNewRecord( aName, aEPasswd );
|
||||||
|
+ NamePassRecord aNewRecord( aName, aEPasswd, aIV );
|
||||||
|
std::vector< NamePassRecord > listToAdd( 1, aNewRecord );
|
||||||
|
|
||||||
|
aResult.insert( PairUrlRecord( aUrl, listToAdd ) );
|
||||||
|
@@ -279,17 +284,19 @@ sal_Int32 StorageItem::getStorageVersion()
|
||||||
|
return nResult;
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool StorageItem::getEncodedMP( OUString& aResult )
|
||||||
|
+bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV )
|
||||||
|
{
|
||||||
|
if( hasEncoded )
|
||||||
|
{
|
||||||
|
aResult = mEncoded;
|
||||||
|
+ aResultIV = mEncodedIV;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
- Sequence< OUString > aNodeNames( 2 );
|
||||||
|
+ Sequence< OUString > aNodeNames( 3 );
|
||||||
|
aNodeNames[0] = "HasMaster";
|
||||||
|
aNodeNames[1] = "Master";
|
||||||
|
+ aNodeNames[2] = "MasterInitializationVector";
|
||||||
|
|
||||||
|
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
|
||||||
|
|
||||||
|
@@ -301,32 +308,37 @@ bool StorageItem::getEncodedMP( OUString& aResult )
|
||||||
|
|
||||||
|
aPropertyValues[0] >>= hasEncoded;
|
||||||
|
aPropertyValues[1] >>= mEncoded;
|
||||||
|
+ aPropertyValues[2] >>= mEncodedIV;
|
||||||
|
|
||||||
|
aResult = mEncoded;
|
||||||
|
+ aResultIV = mEncodedIV;
|
||||||
|
|
||||||
|
return hasEncoded;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
|
||||||
|
+void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString& aEncodedIV, bool bAcceptEmpty )
|
||||||
|
{
|
||||||
|
- Sequence< OUString > sendNames(3);
|
||||||
|
- Sequence< uno::Any > sendVals(3);
|
||||||
|
+ Sequence< OUString > sendNames(4);
|
||||||
|
+ Sequence< uno::Any > sendVals(4);
|
||||||
|
|
||||||
|
sendNames[0] = "HasMaster";
|
||||||
|
sendNames[1] = "Master";
|
||||||
|
- sendNames[2] = "StorageVersion";
|
||||||
|
+ sendNames[2] = "MasterInitializationVector";
|
||||||
|
+ sendNames[3] = "StorageVersion";
|
||||||
|
|
||||||
|
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
|
||||||
|
sendVals[0] <<= bHasMaster;
|
||||||
|
sendVals[1] <<= aEncoded;
|
||||||
|
- sendVals[2] <<= nCurrentStorageVersion;
|
||||||
|
+ sendVals[2] <<= aEncodedIV;
|
||||||
|
+ sendVals[3] <<= nCurrentStorageVersion;
|
||||||
|
|
||||||
|
ConfigItem::SetModified();
|
||||||
|
ConfigItem::PutProperties( sendNames, sendVals );
|
||||||
|
|
||||||
|
hasEncoded = bHasMaster;
|
||||||
|
mEncoded = aEncoded;
|
||||||
|
+ mEncodedIV = aEncodedIV;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -362,11 +374,13 @@ void StorageItem::update( const OUString& aURL, const NamePassRecord& aRecord )
|
||||||
|
forIndex.push_back( aURL );
|
||||||
|
forIndex.push_back( aRecord.GetUserName() );
|
||||||
|
|
||||||
|
- Sequence< beans::PropertyValue > sendSeq(1);
|
||||||
|
+ Sequence< beans::PropertyValue > sendSeq(2);
|
||||||
|
|
||||||
|
- sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
|
||||||
|
+ sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/InitializationVector";
|
||||||
|
+ sendSeq[0].Value <<= aRecord.GetPersistentIV();
|
||||||
|
|
||||||
|
- sendSeq[0].Value <<= aRecord.GetPersPasswords();
|
||||||
|
+ sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
|
||||||
|
+ sendSeq[1].Value <<= aRecord.GetPersPasswords();
|
||||||
|
|
||||||
|
ConfigItem::SetModified();
|
||||||
|
ConfigItem::SetSetProperties( "Store", sendSeq );
|
||||||
|
@@ -427,7 +441,7 @@ void SAL_CALL PasswordContainer::disposing( const EventObject& )
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
|
||||||
|
+std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
|
||||||
|
{
|
||||||
|
if( !aMasterPasswd.isEmpty() )
|
||||||
|
{
|
||||||
|
@@ -442,9 +456,16 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
|
||||||
|
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
|
||||||
|
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
|
||||||
|
|
||||||
|
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
|
||||||
|
+ if (!aIV.isEmpty())
|
||||||
|
+ {
|
||||||
|
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
|
||||||
|
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
rtlCipherError result = rtl_cipher_init (
|
||||||
|
aDecoder, rtl_Cipher_DirectionDecode,
|
||||||
|
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
|
||||||
|
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
|
||||||
|
|
||||||
|
if( result == rtl_Cipher_E_None )
|
||||||
|
{
|
||||||
|
@@ -477,7 +498,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
|
||||||
|
"Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
-OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPasswd )
|
||||||
|
+OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPasswd)
|
||||||
|
{
|
||||||
|
if( !aMasterPasswd.isEmpty() )
|
||||||
|
{
|
||||||
|
@@ -494,9 +515,16 @@ OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines
|
||||||
|
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
|
||||||
|
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
|
||||||
|
|
||||||
|
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
|
||||||
|
+ if (!aIV.isEmpty())
|
||||||
|
+ {
|
||||||
|
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
|
||||||
|
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
rtlCipherError result = rtl_cipher_init (
|
||||||
|
aEncoder, rtl_Cipher_DirectionEncode,
|
||||||
|
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
|
||||||
|
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
|
||||||
|
|
||||||
|
if( result == rtl_Cipher_E_None )
|
||||||
|
{
|
||||||
|
@@ -564,7 +592,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL, std::vector< NamePas
|
||||||
|
|
||||||
|
if( aRecord.HasPasswords( PERSISTENT_RECORD ) )
|
||||||
|
{
|
||||||
|
- aNPIter.SetPersPasswords( aRecord.GetPersPasswords() );
|
||||||
|
+ aNPIter.SetPersPasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV() );
|
||||||
|
|
||||||
|
if( writeFile )
|
||||||
|
{
|
||||||
|
@@ -597,7 +625,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const NamePassRecord& aRecord, b
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
- ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
|
||||||
|
+ ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV(),
|
||||||
|
+ GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
|
||||||
|
aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(), aDecodedPasswords.end() );
|
||||||
|
}
|
||||||
|
catch( NoMasterException& )
|
||||||
|
@@ -642,6 +671,19 @@ void SAL_CALL PasswordContainer::addPersistent( const OUString& Url, const OUStr
|
||||||
|
PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler );
|
||||||
|
}
|
||||||
|
|
||||||
|
+OUString PasswordContainer::createIV()
|
||||||
|
+{
|
||||||
|
+ rtlRandomPool randomPool = mRandomPool.get();
|
||||||
|
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5];
|
||||||
|
+ rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
|
||||||
|
+ OUStringBuffer aBuffer;
|
||||||
|
+ for (sal_uInt8 i : iv)
|
||||||
|
+ {
|
||||||
|
+ aBuffer.append(OUString::number(i >> 4, 16));
|
||||||
|
+ aBuffer.append(OUString::number(i & 15, 16));
|
||||||
|
+ }
|
||||||
|
+ return aBuffer.makeStringAndClear();
|
||||||
|
+}
|
||||||
|
|
||||||
|
void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserName, const Sequence< OUString >& Passwords, char Mode, const Reference< XInteractionHandler >& aHandler )
|
||||||
|
{
|
||||||
|
@@ -649,7 +691,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserNam
|
||||||
|
::std::vector< OUString > aStorePass = comphelper::sequenceToContainer< std::vector<OUString> >( Passwords );
|
||||||
|
|
||||||
|
if( Mode == PERSISTENT_RECORD )
|
||||||
|
- aRecord.SetPersPasswords( EncodePasswords( aStorePass, GetMasterPassword( aHandler ) ) );
|
||||||
|
+ {
|
||||||
|
+ OUString sIV = createIV();
|
||||||
|
+ OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV, GetMasterPassword( aHandler ) );
|
||||||
|
+ aRecord.SetPersPasswords( sEncodedPasswords, sIV );
|
||||||
|
+ }
|
||||||
|
else if( Mode == MEMORY_RECORD )
|
||||||
|
aRecord.SetMemPasswords( aStorePass );
|
||||||
|
else
|
||||||
|
@@ -842,10 +888,10 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
|
||||||
|
|
||||||
|
if( m_aMasterPasswd.isEmpty() && aHandler.is() )
|
||||||
|
{
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
bool bDefaultPassword = false;
|
||||||
|
|
||||||
|
- if( !m_pStorageFile->getEncodedMP( aEncodedMP ) )
|
||||||
|
+ if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
|
||||||
|
aRMode = PasswordRequestMode_PASSWORD_CREATE;
|
||||||
|
else if ( aEncodedMP.isEmpty() )
|
||||||
|
{
|
||||||
|
@@ -867,14 +913,15 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
|
||||||
|
m_aMasterPasswd = aPass;
|
||||||
|
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
|
||||||
|
|
||||||
|
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
|
||||||
|
+ OUString sIV = createIV();
|
||||||
|
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, sIV, m_aMasterPasswd ), sIV );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (m_pStorageFile->getStorageVersion() == 0)
|
||||||
|
aPass = ReencodeAsOldHash(aPass);
|
||||||
|
|
||||||
|
- std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );
|
||||||
|
+ std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aEncodedMPIV, aPass, aRMode ) );
|
||||||
|
if( aRM.empty() || aPass != aRM[0] )
|
||||||
|
{
|
||||||
|
bAskAgain = true;
|
||||||
|
@@ -1031,7 +1078,8 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
|
||||||
|
{
|
||||||
|
sal_Int32 oldLen = aUsers.getLength();
|
||||||
|
aUsers.realloc( oldLen + 1 );
|
||||||
|
- aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
|
||||||
|
+ aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), aNP.GetPersistentIV(),
|
||||||
|
+ GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( aUsers.hasElements() )
|
||||||
|
@@ -1048,12 +1096,12 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
|
||||||
|
sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::Reference< task::XInteractionHandler >& xHandler )
|
||||||
|
{
|
||||||
|
bool bResult = false;
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler;
|
||||||
|
::osl::MutexGuard aGuard( mMutex );
|
||||||
|
|
||||||
|
// the method should fail if there is no master password
|
||||||
|
- if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) )
|
||||||
|
+ if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
|
||||||
|
{
|
||||||
|
if ( aEncodedMP.isEmpty() )
|
||||||
|
{
|
||||||
|
@@ -1122,8 +1170,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
|
||||||
|
|
||||||
|
bool bCanChangePassword = true;
|
||||||
|
// if there is already a stored master password it should be entered by the user before the change happen
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
- if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP ) )
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
+ if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
|
||||||
|
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
|
||||||
|
|
||||||
|
if ( bCanChangePassword )
|
||||||
|
@@ -1142,7 +1190,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
|
||||||
|
// store the new master password
|
||||||
|
m_aMasterPasswd = aPass;
|
||||||
|
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
|
||||||
|
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
|
||||||
|
+ OUString aIV = createIV();
|
||||||
|
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV, m_aMasterPasswd ), aIV );
|
||||||
|
|
||||||
|
// store all the entries with the new password
|
||||||
|
for ( const auto& rURL : aPersistent )
|
||||||
|
@@ -1167,7 +1216,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword()
|
||||||
|
if ( m_pStorageFile )
|
||||||
|
{
|
||||||
|
m_aMasterPasswd.clear();
|
||||||
|
- m_pStorageFile->setEncodedMP( OUString() ); // let the master password be removed from configuration
|
||||||
|
+ m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the master password be removed from configuration
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1178,8 +1227,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( )
|
||||||
|
if ( !m_pStorageFile )
|
||||||
|
throw uno::RuntimeException();
|
||||||
|
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) );
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow )
|
||||||
|
@@ -1226,8 +1275,8 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
|
||||||
|
|
||||||
|
bool bCanChangePassword = true;
|
||||||
|
// if there is already a stored nondefault master password it should be entered by the user before the change happen
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
- if( m_pStorageFile->getEncodedMP( aEncodedMP ) && !aEncodedMP.isEmpty() )
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
+ if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && !aEncodedMP.isEmpty() )
|
||||||
|
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
|
||||||
|
|
||||||
|
if ( bCanChangePassword )
|
||||||
|
@@ -1244,7 +1293,7 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
|
||||||
|
|
||||||
|
// store the empty string to flag the default master password
|
||||||
|
m_aMasterPasswd = aPass;
|
||||||
|
- m_pStorageFile->setEncodedMP( OUString(), true );
|
||||||
|
+ m_pStorageFile->setEncodedMP( OUString(), OUString(), true );
|
||||||
|
|
||||||
|
// store all the entries with the new password
|
||||||
|
for ( const auto& rURL : aPersistent )
|
||||||
|
@@ -1268,8 +1317,8 @@ sal_Bool SAL_CALL PasswordContainer::isDefaultMasterPasswordUsed()
|
||||||
|
if ( !m_pStorageFile )
|
||||||
|
throw uno::RuntimeException();
|
||||||
|
|
||||||
|
- OUString aEncodedMP;
|
||||||
|
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) && aEncodedMP.isEmpty() );
|
||||||
|
+ OUString aEncodedMP, aEncodedMPIV;
|
||||||
|
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
index cf5c717d0c9e..4e3a6629139e 100644
|
||||||
|
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
|
||||||
|
@@ -33,6 +33,7 @@
|
||||||
|
#include <unotools/configitem.hxx>
|
||||||
|
#include <ucbhelper/interactionrequest.hxx>
|
||||||
|
|
||||||
|
+#include <rtl/random.h>
|
||||||
|
#include <rtl/ref.hxx>
|
||||||
|
#include <osl/mutex.hxx>
|
||||||
|
|
||||||
|
@@ -51,11 +52,12 @@ class NamePassRecord
|
||||||
|
::std::vector< OUString > m_aMemPass;
|
||||||
|
|
||||||
|
// persistent passwords are encrypted in one string
|
||||||
|
- bool m_bHasPersPass;
|
||||||
|
+ bool m_bHasPersPass;
|
||||||
|
OUString m_aPersPass;
|
||||||
|
+ OUString m_aPersistentIV;
|
||||||
|
|
||||||
|
void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList,
|
||||||
|
- bool bHasPersistentList, const OUString& aPersistentList )
|
||||||
|
+ bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV )
|
||||||
|
{
|
||||||
|
m_bHasMemPass = bHasMemoryList;
|
||||||
|
if ( bHasMemoryList )
|
||||||
|
@@ -63,7 +65,10 @@ class NamePassRecord
|
||||||
|
|
||||||
|
m_bHasPersPass = bHasPersistentList;
|
||||||
|
if ( bHasPersistentList )
|
||||||
|
+ {
|
||||||
|
m_aPersPass = aPersistentList;
|
||||||
|
+ m_aPersistentIV = aPersistentIV;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
public:
|
||||||
|
@@ -75,11 +80,12 @@ public:
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
- NamePassRecord( const OUString& aName, const OUString& aPersistentList )
|
||||||
|
+ NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV )
|
||||||
|
: m_aName( aName )
|
||||||
|
, m_bHasMemPass( false )
|
||||||
|
, m_bHasPersPass( true )
|
||||||
|
, m_aPersPass( aPersistentList )
|
||||||
|
+ , m_aPersistentIV( aPersistentIV )
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -88,7 +94,8 @@ public:
|
||||||
|
, m_bHasMemPass( false )
|
||||||
|
, m_bHasPersPass( false )
|
||||||
|
{
|
||||||
|
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
|
||||||
|
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
|
||||||
|
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
|
||||||
|
}
|
||||||
|
|
||||||
|
NamePassRecord& operator=( const NamePassRecord& aRecord )
|
||||||
|
@@ -99,7 +106,9 @@ public:
|
||||||
|
|
||||||
|
m_aMemPass.clear();
|
||||||
|
m_aPersPass.clear();
|
||||||
|
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
|
||||||
|
+ m_aPersistentIV.clear();
|
||||||
|
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
|
||||||
|
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
|
||||||
|
}
|
||||||
|
return *this;
|
||||||
|
}
|
||||||
|
@@ -135,15 +144,24 @@ public:
|
||||||
|
return OUString();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ OUString GetPersistentIV() const
|
||||||
|
+ {
|
||||||
|
+ if ( m_bHasPersPass )
|
||||||
|
+ return m_aPersistentIV;
|
||||||
|
+
|
||||||
|
+ return OUString();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
void SetMemPasswords( const ::std::vector< OUString >& aMemList )
|
||||||
|
{
|
||||||
|
m_aMemPass = aMemList;
|
||||||
|
m_bHasMemPass = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
- void SetPersPasswords( const OUString& aPersList )
|
||||||
|
+ void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
|
||||||
|
{
|
||||||
|
m_aPersPass = aPersList;
|
||||||
|
+ m_aPersistentIV = aPersIV;
|
||||||
|
m_bHasPersPass = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -158,6 +176,7 @@ public:
|
||||||
|
{
|
||||||
|
m_bHasPersPass = false;
|
||||||
|
m_aPersPass.clear();
|
||||||
|
+ m_aPersistentIV.clear();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -181,6 +200,7 @@ private:
|
||||||
|
PasswordContainer* mainCont;
|
||||||
|
bool hasEncoded;
|
||||||
|
OUString mEncoded;
|
||||||
|
+ OUString mEncodedIV;
|
||||||
|
|
||||||
|
virtual void ImplCommit() override;
|
||||||
|
|
||||||
|
@@ -201,8 +221,8 @@ public:
|
||||||
|
|
||||||
|
sal_Int32 getStorageVersion();
|
||||||
|
|
||||||
|
- bool getEncodedMP( OUString& aResult );
|
||||||
|
- void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
|
||||||
|
+ bool getEncodedMP( OUString& aResult, OUString& aResultIV );
|
||||||
|
+ void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false );
|
||||||
|
void setUseStorage( bool bUse );
|
||||||
|
bool useStorage();
|
||||||
|
|
||||||
|
@@ -223,6 +243,29 @@ private:
|
||||||
|
css::uno::Reference< css::lang::XComponent > mComponent;
|
||||||
|
SysCredentialsConfig mUrlContainer;
|
||||||
|
|
||||||
|
+ class RandomPool
|
||||||
|
+ {
|
||||||
|
+ private:
|
||||||
|
+ rtlRandomPool m_aRandomPool;
|
||||||
|
+ public:
|
||||||
|
+ RandomPool() : m_aRandomPool(rtl_random_createPool())
|
||||||
|
+ {
|
||||||
|
+ }
|
||||||
|
+ rtlRandomPool get()
|
||||||
|
+ {
|
||||||
|
+ return m_aRandomPool;
|
||||||
|
+ }
|
||||||
|
+ ~RandomPool()
|
||||||
|
+ {
|
||||||
|
+ // Clean up random pool memory
|
||||||
|
+ rtl_random_destroyPool(m_aRandomPool);
|
||||||
|
+ }
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ RandomPool mRandomPool;
|
||||||
|
+
|
||||||
|
+ OUString createIV();
|
||||||
|
+
|
||||||
|
/// @throws css::uno::RuntimeException
|
||||||
|
css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
|
||||||
|
const ::std::vector< NamePassRecord >& original,
|
||||||
|
@@ -273,10 +316,10 @@ css::task::UrlRecord find(
|
||||||
|
const css::uno::Reference< css::task::XInteractionHandler >& Handler );
|
||||||
|
|
||||||
|
/// @throws css::uno::RuntimeException
|
||||||
|
- static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
|
||||||
|
+ static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
|
||||||
|
|
||||||
|
/// @throws css::uno::RuntimeException
|
||||||
|
- static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword );
|
||||||
|
+ static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword );
|
||||||
|
|
||||||
|
public:
|
||||||
|
PasswordContainer( const css::uno::Reference< css::lang::XMultiServiceFactory >& );
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,117 @@
|
|||||||
|
From 4cfd591942e4cfd3efc416bfac8e46e3580d37ba Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
||||||
|
Date: Wed, 23 Mar 2022 13:03:30 +0000
|
||||||
|
Subject: [PATCH] add infobar to prompt to refresh to replace old format
|
||||||
|
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
|
||||||
|
Tested-by: Jenkins
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
|
||||||
|
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
|
||||||
|
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
||||||
|
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
|
||||||
|
|
||||||
|
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
|
||||||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906
|
||||||
|
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
||||||
|
---
|
||||||
|
include/sfx2/strings.hrc | 2 ++
|
||||||
|
include/sfx2/viewfrm.hxx | 1 +
|
||||||
|
sfx2/source/view/viewfrm.cxx | 40 ++++++++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 43 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
|
||||||
|
index 1f21f0a0f186..1db36e733c0c 100644
|
||||||
|
--- a/include/sfx2/strings.hrc
|
||||||
|
+++ b/include/sfx2/strings.hrc
|
||||||
|
@@ -297,6 +297,8 @@
|
||||||
|
#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
|
||||||
|
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
|
||||||
|
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures")
|
||||||
|
+#define STR_REFRESH_MASTER_PASSWORD NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it")
|
||||||
|
+#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD", "Refresh Password")
|
||||||
|
|
||||||
|
#define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close Pane")
|
||||||
|
#define STR_SFX_DOCK NC_("STR_SFX_DOCK", "Dock")
|
||||||
|
diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
|
||||||
|
index fe336ba5f091..cc6a7dae7047 100644
|
||||||
|
--- a/include/sfx2/viewfrm.hxx
|
||||||
|
+++ b/include/sfx2/viewfrm.hxx
|
||||||
|
@@ -61,6 +61,7 @@ protected:
|
||||||
|
DECL_LINK(WhatsNewHandler, Button*, void);
|
||||||
|
DECL_LINK(SwitchReadOnlyHandler, Button*, void);
|
||||||
|
DECL_LINK(SignDocumentHandler, Button*, void);
|
||||||
|
+ DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
|
||||||
|
SAL_DLLPRIVATE void KillDispatcher_Impl();
|
||||||
|
|
||||||
|
virtual ~SfxViewFrame() override;
|
||||||
|
diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
|
||||||
|
index 5a64599e5894..86e7d51bbfea 100644
|
||||||
|
--- a/sfx2/source/view/viewfrm.cxx
|
||||||
|
+++ b/sfx2/source/view/viewfrm.cxx
|
||||||
|
@@ -32,6 +32,7 @@
|
||||||
|
#include <com/sun/star/frame/XLoadable.hpp>
|
||||||
|
#include <com/sun/star/frame/XLayoutManager.hpp>
|
||||||
|
#include <com/sun/star/frame/XComponentLoader.hpp>
|
||||||
|
+#include <com/sun/star/task/PasswordContainer.hpp>
|
||||||
|
#include <officecfg/Office/Common.hxx>
|
||||||
|
#include <officecfg/Setup.hxx>
|
||||||
|
#include <toolkit/helper/vclunohelper.hxx>
|
||||||
|
@@ -1390,6 +1391,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint )
|
||||||
|
batch->commit();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (officecfg::Office::Common::Passwords::HasMaster::get() &&
|
||||||
|
+ officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
|
||||||
|
+ {
|
||||||
|
+ // master password stored in deprecated format
|
||||||
|
+ VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
|
||||||
|
+ AppendInfoBar("oldmasterpassword", "",
|
||||||
|
+ SfxResId(STR_REFRESH_MASTER_PASSWORD), InfobarType::DANGER, false);
|
||||||
|
+ if (pOldMasterPasswordInfoBar)
|
||||||
|
+ {
|
||||||
|
+ VclPtrInstance<PushButton> const xBtn(&GetWindow());
|
||||||
|
+ xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
|
||||||
|
+ xBtn->SetSizePixel(xBtn->GetOptimalSize());
|
||||||
|
+ xBtn->SetClickHdl(LINK(this,
|
||||||
|
+ SfxViewFrame, RefreshMasterPasswordHdl));
|
||||||
|
+ pOldMasterPasswordInfoBar->addButton(xBtn);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
// read-only infobar if necessary
|
||||||
|
const SfxViewShell *pVSh;
|
||||||
|
const SfxShell *pFSh;
|
||||||
|
@@ -1565,6 +1584,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, Button*, void)
|
||||||
|
GetDispatcher()->Execute(SID_SIGNATURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
|
||||||
|
+{
|
||||||
|
+ bool bChanged = false;
|
||||||
|
+ try
|
||||||
|
+ {
|
||||||
|
+ Reference< task::XPasswordContainer2 > xMasterPasswd(
|
||||||
|
+ task::PasswordContainer::create(comphelper::getProcessComponentContext()));
|
||||||
|
+
|
||||||
|
+ css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface();
|
||||||
|
+ css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow();
|
||||||
|
+
|
||||||
|
+ uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
|
||||||
|
+ xContainerWindow));
|
||||||
|
+ bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
|
||||||
|
+ }
|
||||||
|
+ catch (const Exception&)
|
||||||
|
+ {}
|
||||||
|
+ if (bChanged)
|
||||||
|
+ RemoveInfoBar(u"oldmasterpassword");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
|
||||||
|
{
|
||||||
|
m_pImpl->bResizeInToOut = true;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
|
|||||||
Name: libreoffice
|
Name: libreoffice
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{libo_version}.2
|
Version: %{libo_version}.2
|
||||||
Release: 11%{?libo_prerelease}%{?dist}
|
Release: 12%{?libo_prerelease}%{?dist}
|
||||||
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
|
||||||
URL: http://www.libreoffice.org/
|
URL: http://www.libreoffice.org/
|
||||||
|
|
||||||
@ -280,6 +280,11 @@ Patch36: 0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch
|
|||||||
Patch37: 0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch
|
Patch37: 0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch
|
||||||
Patch38: 0001-Fix-endianness-issues-in-OOX-crypto-routines.patch
|
Patch38: 0001-Fix-endianness-issues-in-OOX-crypto-routines.patch
|
||||||
Patch39: 0001-CVE-2021-25636.patch
|
Patch39: 0001-CVE-2021-25636.patch
|
||||||
|
Patch40: 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
|
||||||
|
Patch41: 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch
|
||||||
|
Patch42: 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch
|
||||||
|
Patch43: 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch
|
||||||
|
Patch44: 0001-CVE-2022-3140.patch
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
# not upstreamed
|
# not upstreamed
|
||||||
@ -1130,7 +1135,13 @@ touch autogen.lastrun
|
|||||||
|
|
||||||
ulimit -c unlimited || true
|
ulimit -c unlimited || true
|
||||||
|
|
||||||
make verbose=true build-nocheck
|
if ! make verbose=true build-nocheck; then
|
||||||
|
echo "build attempt 1 failed"
|
||||||
|
if ! make verbose=true build-nocheck; then
|
||||||
|
echo "build attempt 2 failed"
|
||||||
|
make verbose=true GMAKE_OPTIONS=-rj1 build-nocheck
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
#generate the icons and mime type stuff
|
#generate the icons and mime type stuff
|
||||||
export DESTDIR=../output
|
export DESTDIR=../output
|
||||||
@ -2276,6 +2287,12 @@ done
|
|||||||
%{_includedir}/LibreOfficeKit
|
%{_includedir}/LibreOfficeKit
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 14 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-12
|
||||||
|
- Resolves: rhbz#2134752 CVE-2022-26305 Untrusted Macros
|
||||||
|
- Resolves: rhbz#2134751 CVE-2022-26307 Weak Master Keys
|
||||||
|
- Resolves: rhbz#2134750 CVE-2022-26306 Static Initialization Vector
|
||||||
|
- Resolves: rhbz#2134753 CVE-2022-3140 Macro URL arbitrary script execution
|
||||||
|
|
||||||
* Mon Mar 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-11
|
* Mon Mar 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-11
|
||||||
- Resolves: rhbz#2060559 CVE-2021-25636
|
- Resolves: rhbz#2060559 CVE-2021-25636
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user