Compare commits

..

No commits in common. "imports/c8s/libreoffice-6.4.7.2-4.el8" and "c8" have entirely different histories.

40 changed files with 11571 additions and 8 deletions

1
.gitignore vendored
View File

@ -2,7 +2,6 @@ SOURCES/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip
SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll
SOURCES/884ed41809687c3e168fc7c19b16585149ff058eca79acbf3ee784f6630704cc-opens___.ttf
SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
SOURCES/libreoffice-6.4.7.2.tar.xz
SOURCES/libreoffice-help-6.4.7.2.tar.xz
SOURCES/libreoffice-translations-6.4.7.2.tar.xz

View File

@ -2,7 +2,6 @@
0619ed3a89644bef318df67db12045b2b590585b SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll
d336802a36ed2c87dd243e7c2f1d0542dace5cca SOURCES/884ed41809687c3e168fc7c19b16585149ff058eca79acbf3ee784f6630704cc-opens___.ttf
2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
7b5fd93d787fbc6d9c2d4025d543730ee8dc4559 SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc
b29d8cdb3db8d6b317e1cb9117b020d7e676e601 SOURCES/libreoffice-6.4.7.2.tar.xz
ca7e087ef62f30c033db84ceb0f6a4021f53653e SOURCES/libreoffice-help-6.4.7.2.tar.xz
0f74fd6286e71ff2b7c7bc01f41c8972e354d81c SOURCES/libreoffice-translations-6.4.7.2.tar.xz

View File

@ -0,0 +1,69 @@
From ae1bd20a2d4d7b7d64edc3b06d7f901c05175b7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 20 Dec 2021 17:05:44 +0000
Subject: [PATCH] only use X509Data
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
---
.../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index db400e6..39f9d7f 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -21,6 +21,8 @@
#include <sal/log.hxx>
#include <rtl/uuid.h>
+#include <xmlsec/mscng/x509.h>
+
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
@@ -229,6 +231,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
//The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index 827580b..8f4d6f8 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -19,6 +19,8 @@
#include <sal/config.h>
+#include <xmlsec/nss/x509.h>
+
#include <xmlelementwrapper_xmlsecimpl.hxx>
#include <xmlsec/xmlstreamio.hxx>
#include <xmlsec/errorcallback.hxx>
@@ -243,6 +245,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
--
2.33.1

View File

@ -0,0 +1,63 @@
From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 3 Mar 2022 14:22:37 +0000
Subject: [PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
---
.../component/documentdigitalsignatures.cxx | 23 +++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index b9066ea92cac..5a21c8421bec 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -19,9 +19,10 @@
#include <resourcemanager.hxx>
-#include <digitalsignaturesdialog.hxx>
+#include <certificate.hxx>
#include <certificatechooser.hxx>
#include <certificateviewer.hxx>
+#include <digitalsignaturesdialog.hxx>
#include <macrosecurity.hxx>
#include <biginteger.hxx>
#include <strings.hrc>
@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
- && ( rAuthor[1] == sSerialNum );
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
+ return false;
+ if (rAuthor[1] != sSerialNum)
+ return false;
+
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
+ if (!aSignatureManager.init())
+ return false;
+ uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
+
+ auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
+ auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
+ if (pAuthor && pCert)
+ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
+
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}
--
2.37.1

View File

@ -0,0 +1,279 @@
From 3831e68bffc233f581e3eb1cb3c7ed925daab86f Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Tue, 30 Aug 2022 14:04:52 +0200
Subject: [PATCH] Filter out unwanted command URIs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 27d29f7df428885865a8e2313283839b20f2a34b)
Conflicts:
desktop/source/app/cmdlineargs.cxx
Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139182
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit da291e2960b75153f41d440a1b41961567432e8c)
These commands are always URLs already
Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
Tested-by: Jean-Pierre Ledure <jp@ledure.be>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e61701e1ee6763de72b397e6ade1124eca9400f3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138980
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 5b4025bb56999f5c895c6f7e0b52f521800d65b0)
check IFrame "FrameURL" target
similiar to
commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
Date: Wed Aug 7 17:37:11 2019 +0100
warn on load when a document binds an event to a macro
Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit c7450d0b9d02c64ae3da467d329040787039767e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139117
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit f5e3b0a7966d7d28817292adbb58fb43f28b7c6d)
check impress/calc IFrame "FrameURL" target
similar to
commit c7450d0b9d02c64ae3da467d329040787039767e
Date: Tue Aug 30 17:01:08 2022 +0100
check IFrame "FrameURL" target
Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139495
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit d0312786571221c2dd4f63fa69f6f0489d7d39ec)
---
desktop/source/app/cmdlineargs.cxx | 10 +++++++++-
sfx2/source/appl/macroloader.cxx | 9 +++++++--
sfx2/source/doc/iframe.cxx | 21 ++++++++++++++++-----
sfx2/source/inc/macroloader.hxx | 2 ++
sw/source/filter/html/htmlplug.cxx | 7 ++++++-
sw/source/filter/xml/xmltexti.cxx | 9 +++++++--
wizards/source/access2base/DoCmd.xba | 2 +-
xmloff/source/draw/ximpshap.cxx | 4 ++++
8 files changed, 52 insertions(+), 12 deletions(-)
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index 381147c..5babfbe 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -27,6 +27,7 @@
#include "cmdlineargs.hxx"
#include <tools/stream.hxx>
+#include <tools/urlobj.hxx>
#include <vcl/svapp.hxx>
#include <rtl/uri.hxx>
#include <rtl/ustring.hxx>
@@ -169,7 +170,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
}
if (nURIlen < 0)
nURIlen = rest2.getLength();
- arg = rest2.copy(0, nURIlen);
+ auto const uri = rest2.copy(0, nURIlen);
+ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+ // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+ // as the "Open" machinery does not know about those command URI schemes):
+ curEvt = CommandLineEvent::Open;
+ } else {
+ arg = uri;
+ }
return curEvt;
}
diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx
index 98e036e..b50d1e6 100644
--- a/sfx2/source/appl/macroloader.cxx
+++ b/sfx2/source/appl/macroloader.cxx
@@ -76,10 +76,10 @@ css::uno::Sequence<OUString> SAL_CALL SfxMacroLoader::getSupportedServiceNames()
return aSeq;
}
-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>& xFrame)
{
SfxObjectShell* pDocShell = nullptr;
- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
+
if ( xFrame.is() )
{
SfxFrame* pFrame=nullptr;
@@ -96,6 +96,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
return pDocShell;
}
+SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+{
+ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
+ return SfxMacroLoader::GetObjectShell(xFrame);
+}
uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch(
const util::URL& aURL ,
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 8b12715..b5291b2 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -39,11 +39,13 @@
#include <svl/ownlist.hxx>
#include <svl/itemprop.hxx>
#include <sfx2/frmdescr.hxx>
+#include <sfx2/objsh.hxx>
#include <sfx2/sfxdlg.hxx>
#include <sfx2/sfxsids.hrc>
#include <toolkit/helper/vclunohelper.hxx>
#include <vcl/window.hxx>
#include <tools/debug.hxx>
+#include <macroloader.hxx>
using namespace ::com::sun::star;
@@ -159,6 +161,19 @@ sal_Bool SAL_CALL IFrameObject::load(
{
if ( SvtMiscOptions().IsPluginsEnabled() )
{
+ util::URL aTargetURL;
+ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
+ uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
+ xTrans->parseStrict( aTargetURL );
+
+ if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
+ {
+ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
+ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
+ if (pDoc && !pDoc->AdjustMacroMode())
+ return false;
+ }
+
DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
@@ -181,16 +196,12 @@ sal_Bool SAL_CALL IFrameObject::load(
if ( xFramesSupplier.is() )
mxFrame->setCreator( xFramesSupplier );
- util::URL aTargetURL;
- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
- uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
- xTrans->parseStrict( aTargetURL );
-
uno::Sequence < beans::PropertyValue > aProps(2);
aProps[0].Name = "PluginMode";
aProps[0].Value <<= sal_Int16(2);
aProps[1].Name = "ReadOnly";
aProps[1].Value <<= true;
+
uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 );
if ( xDisp.is() )
xDisp->dispatch( aTargetURL, aProps );
diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx
index 9e1dfba..b3e7a5e 100644
--- a/sfx2/source/inc/macroloader.hxx
+++ b/sfx2/source/inc/macroloader.hxx
@@ -82,6 +82,8 @@ public:
virtual void SAL_CALL addStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
virtual void SAL_CALL removeStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
+
+ static SfxObjectShell* GetObjectShell(const css::uno::Reference<css::frame::XFrame>& xFrame);
};
#endif
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
index a0da671..eb70704 100644
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1087,7 +1087,12 @@ void SwHTMLParser::InsertFloatingFrame()
bool bHasBorder = aFrameDesc.HasFrameBorder();
Size aMargin = aFrameDesc.GetMargin();
- xSet->setPropertyValue("FrameURL", uno::makeAny( aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) );
+ OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
+
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ NotifyMacroEventRead();
+
+ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
xSet->setPropertyValue("FrameName", uno::makeAny( aName ) );
if ( eScroll == ScrollingMode::Auto )
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 788bec5..72a14b9 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -853,9 +853,14 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
if ( xSet.is() )
{
+ OUString sHRef = URIHelper::SmartRel2Abs(
+ INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
+
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ GetXMLImport().NotifyMacroEventRead();
+
xSet->setPropertyValue("FrameURL",
- makeAny( URIHelper::SmartRel2Abs(
- INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ) ) );
+ makeAny( rHRef ) );
xSet->setPropertyValue("FrameName",
makeAny( rName ) );
diff --git a/wizards/source/access2base/DoCmd.xba b/wizards/source/access2base/DoCmd.xba
index 27b0d74..26755a8 100644
--- a/wizards/source/access2base/DoCmd.xba
+++ b/wizards/source/access2base/DoCmd.xba
@@ -2655,7 +2655,7 @@ Private Sub _ShellExecute(sCommand As String)
Dim oShell As Object
Set oShell = createUnoService(&quot;com.sun.star.system.SystemShellExecute&quot;)
- oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
+ oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
End Sub &apos; _ShellExecute V0.8.5
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index 2e509f8..ae35f1e 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -87,6 +87,7 @@
#include <basegfx/polygon/b2dpolypolygon.hxx>
#include <basegfx/polygon/b2dpolypolygontools.hxx>
#include <basegfx/vector/b2dvector.hxx>
+#include <tools/urlobj.hxx>
#include <o3tl/safeint.hxx>
using namespace ::com::sun::star;
@@ -3243,6 +3244,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
if( !maHref.isEmpty() )
{
+ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+ GetImport().NotifyMacroEventRead();
+
xProps->setPropertyValue("FrameURL", Any(maHref) );
}
}
--
2.37.3

View File

@ -0,0 +1,93 @@
From 36c5c16b7846ff31f403913ad5cdddf8b22fda43 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Mon, 21 Feb 2022 11:55:21 +0100
Subject: [PATCH] Avoid unnecessary empty -Djava.class.path=
Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
---
.../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++---
jvmfwk/source/framework.cxx | 8 ++++++--
jvmfwk/source/fwkbase.cxx | 3 +++
3 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
index 4760ab6..ea133ea 100644
--- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
+++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx
@@ -687,17 +687,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
// all versions below 1.5.1
options.emplace_back("abort", reinterpret_cast<void*>(abort_handler));
bool hasStackSize = false;
+#ifdef UNX
+ // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
+ // in the class path in order to have applet support:
+ OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
+#endif
for (int i = 0; i < cOptions; i++)
{
OString opt(arOptions[i].optionString);
#ifdef UNX
- // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2)
- // in the class path in order to have applet support:
if (opt.startsWith("-Djava.class.path="))
{
- OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion);
if (!sAddPath.isEmpty())
+ {
opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath;
+ sAddPath.clear();
+ }
}
#endif
if (opt == "-Xint") {
@@ -742,6 +747,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine(
}
#endif
}
+#ifdef UNX
+ if (!sAddPath.isEmpty()) {
+ options.emplace_back("-Djava.class.path=" + sAddPath, nullptr);
+ }
+#endif
std::unique_ptr<JavaVMOption[]> sarOptions(new JavaVMOption[options.size()]);
for (std::vector<Option>::size_type i = 0; i != options.size(); ++i) {
diff --git a/jvmfwk/source/framework.cxx b/jvmfwk/source/framework.cxx
index 3212030..f532ebd 100644
--- a/jvmfwk/source/framework.cxx
+++ b/jvmfwk/source/framework.cxx
@@ -210,8 +210,12 @@ javaFrameworkError jfw_startVM(
//In direct mode the options are specified by bootstrap variables
//of the form UNO_JAVA_JFW_PARAMETER_1 .. UNO_JAVA_JFW_PARAMETER_n
vmParams = jfw::BootParams::getVMParameters();
- sUserClassPath =
- "-Djava.class.path=" + jfw::BootParams::getClasspath();
+ auto const cp = jfw::BootParams::getClasspath();
+ if (!cp.isEmpty())
+ {
+ sUserClassPath =
+ "-Djava.class.path=" + cp;
+ }
}
else
OSL_ASSERT(false);
diff --git a/jvmfwk/source/fwkbase.cxx b/jvmfwk/source/fwkbase.cxx
index ece4dd2..93c32a7 100644
--- a/jvmfwk/source/fwkbase.cxx
+++ b/jvmfwk/source/fwkbase.cxx
@@ -460,6 +460,9 @@ OString makeClassPathOption(OUString const & sUserClassPath)
sPaths = OUStringToOString(
sBufCP.makeStringAndClear(), osl_getThreadTextEncoding());
+ if (sPaths.isEmpty()) {
+ return "";
+ }
OString sOptionClassPath = "-Djava.class.path=" + sPaths;
return sOptionClassPath;
--
2.39.2

View File

@ -0,0 +1,69 @@
From 6167f5815aefa78a70517c8e2acbdd7b9c9be27d Mon Sep 17 00:00:00 2001
Message-ID: <6167f5815aefa78a70517c8e2acbdd7b9c9be27d.1703003067.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 14:20:07 +0000
Subject: [PATCH] escape url passed to gstreamer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159583
erAck: backported to 7.1.8.1
---
avmedia/source/gstreamer/gstframegrabber.cxx | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-escape-url-passed-to-gstreamer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-escape-url-passed-to-gstreamer.patch"
diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
index ece799d87530..25170a296e66 100644
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
@@ -51,11 +51,9 @@ void FrameGrabber::disposePipeline()
FrameGrabber::FrameGrabber( const OUString &rURL ) :
FrameGrabber_BASE()
{
- gchar *pPipelineStr;
- pPipelineStr = g_strdup_printf(
- "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
- "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
- OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
+ const char pPipelineStr[] =
+ "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
+ "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
GError *pError = nullptr;
mpPipeline = gst_parse_launch( pPipelineStr, &pError );
@@ -66,6 +64,12 @@ FrameGrabber::FrameGrabber( const OUString &rURL ) :
}
if( mpPipeline ) {
+
+ if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
+ g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
+ else
+ g_warning("Missing 'source' element in gstreamer pipeline");
+
// pre-roll
switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
case GST_STATE_CHANGE_FAILURE:
--------------erAck-patch-parts--

View File

@ -0,0 +1,93 @@
From 37d73a1ab94b43e03866d5a910cb58331543b8c3 Mon Sep 17 00:00:00 2001
Message-ID: <37d73a1ab94b43e03866d5a910cb58331543b8c3.1703086247.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:14:26 +0000
Subject: [PATCH] add some protocols that don't make sense as floating frame
targets
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159582
erAck: backported to 7.1.8.1
---
include/tools/urlobj.hxx | 5 +++++
sfx2/source/doc/iframe.cxx | 5 ++++-
tools/source/fsys/urlobj.cxx | 8 ++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-add-some-protocols-that-don-t-make-sense-as-floating.patch"
diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
index 9d6820ddf241..dfd658722826 100644
--- a/include/tools/urlobj.hxx
+++ b/include/tools/urlobj.hxx
@@ -915,6 +915,11 @@ public:
void changeScheme(INetProtocol eTargetScheme);
+ // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
+ // vnd.sun.star.script, etc. All the types of URLs which shouldn't
+ // be accepted from an outside controlled source
+ bool IsExoticProtocol() const;
+
private:
// General Structure:
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 150218b436e9..b81ce82fd32e 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -168,8 +168,11 @@ sal_Bool SAL_CALL IFrameObject::load(
xTrans->parseStrict( aTargetURL );
INetURLObject aURLObject(aTargetURL.Complete);
- if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ if (aURLObject.IsExoticProtocol())
+ {
+ //SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete);
return false;
+ }
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 764bb28ef623..2a9f7bc3d7dc 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4829,4 +4829,12 @@ OUString INetURLObject::CutExtension()
? aTheExtension : OUString();
}
+bool INetURLObject::IsExoticProtocol() const
+{
+ return m_eScheme == INetProtocol::Slot ||
+ m_eScheme == INetProtocol::Macro ||
+ m_eScheme == INetProtocol::Uno ||
+ isSchemeEqualTo(u"vnd.sun.star.script");
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
--------------erAck-patch-parts--

View File

@ -0,0 +1,29 @@
From 3c25a1e4885a91b1a2fbfd873633f055caa50745 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Wed, 27 Mar 2024 17:07:20 +0000
Subject: [PATCH] add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165410
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit a4a5c6b63599bca1f084bb90875f6fd8e15184ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167421
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx
index f9e10c1..fcc36f9 100644
--- a/xmloff/source/draw/eventimp.cxx
+++ b/xmloff/source/draw/eventimp.cxx
@@ -231,6 +231,9 @@
if( maData.mbValid )
maData.mbValid = !sEventName.isEmpty();
+
+ if (!maData.msMacroName.isEmpty())
+ rImp.NotifyMacroEventRead();
}
SvXMLImportContextRef SdXMLEventContext::CreateChildContext( sal_uInt16 nPrefix, const OUString& rLocalName, const Reference< XAttributeList>& xAttrList )

View File

@ -0,0 +1,81 @@
From 4e997c62fd6edf6c3fe9e553cc92c77fd48f039c Mon Sep 17 00:00:00 2001
Message-ID: <4e997c62fd6edf6c3fe9e553cc92c77fd48f039c.1723718921.git.erack@redhat.com>
From: Sarper Akdemir <sarper.akdemir@allotropia.de>
Date: Tue, 11 Jun 2024 12:39:36 +0200
Subject: [PATCH] remove ability to trust not validated macro signatures in
high security
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171323
---
sfx2/source/doc/docmacromode.cxx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-remove-ability-to-trust-not-validated-macro-signatur.patch"
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 8a617b1785c6..997a8f739395 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -229,14 +229,18 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
// the trusted macro check will also retrieve the signature state ( small optimization )
const SvtSecurityOptions aSecOption;
const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
- || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState == SignatureState::OK);
+
const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
- SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
if (!bAllowUIToAddAuthor)
--------------erAck-patch-parts--

View File

@ -0,0 +1,50 @@
From 78fd31b17931e1217d3b11fcbd13a41d79d99055 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Wed, 23 Sep 2020 11:41:05 +0200
Subject: [PATCH] Convert attribute value to UTF-8 when passing it to libxml2
Using toUtf8, requiring the OUString to actually contain well-formed data, but
which is likely OK for this test-code--only function, and is also what similar
dumpAsXml functions e.g. in editeng/source/items/textitem.cxx already use.
This appears to have been broken ever since the code's introduction in
553f10c71a2cc92f5f5890e24948f5277e3d2758 "add dumpAsXml() to more pool items",
and it would typically only have written the leading zero or one
(depending on the architecture's endianness) characters. (I ran across it on
big-endian s390x, where CppunitTest_sd_tiledrendering
SdTiledRenderingTest::testTdf104405 failed because of
> Entity: line 2: parser error : Input is not proper UTF-8, indicate encoding !
> Bytes: 0xCF 0x22 0x2F 0x3E
> ation=""/><SfxPoolItem whichId="4017" typeName="13SvxBulletItem" presentation="%
> ^
apparently reported from within libxml2.)
Change-Id: I4b116d3be84098bd8b8a13b6937da70a1ee02c7f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103236
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins
(cherry picked from commit fd9422febc384208558487bfe4a69ec89ab0ddca)
---
svl/source/items/poolitem.cxx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/svl/source/items/poolitem.cxx b/svl/source/items/poolitem.cxx
index ec37b68d3417..ad07a0b60b4b 100644
--- a/svl/source/items/poolitem.cxx
+++ b/svl/source/items/poolitem.cxx
@@ -548,7 +548,8 @@ void SfxPoolItem::dumpAsXml(xmlTextWriterPtr pWriter) const
OUString rText;
IntlWrapper aIntlWrapper(SvtSysLocale().GetUILanguageTag());
if (GetPresentation( SfxItemPresentation::Complete, MapUnit::Map100thMM, MapUnit::Map100thMM, rText, aIntlWrapper))
- xmlTextWriterWriteAttribute(pWriter, BAD_CAST("presentation"), BAD_CAST(rText.getStr()));
+ xmlTextWriterWriteAttribute(
+ pWriter, BAD_CAST("presentation"), BAD_CAST(rText.toUtf8().getStr()));
xmlTextWriterEndElement(pWriter);
}
--
2.33.1

View File

@ -0,0 +1,65 @@
From 41594786266265c1b7d5116ab85b38af0cd1fd59 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Wed, 23 Sep 2020 12:01:35 +0200
Subject: [PATCH] Correctly read PNG into bitmaps N32BitTcA... formats (where
alpha comes first)
This appears to be a regression introduced with
86ea64f216819696cd86d1926aff0a138ace2baf "Support for native 32bit Bitmap in VCL
and SVP (cairo) backend". It caused CppunitTest_vcl_png_test to fail on
(big-endian) Linux s390x with
> vcl/qa/cppunit/png/PngFilterTest.cxx:176:PngFilterTest::testPng
> equality assertion failed
> - Expected: c[ff000040]
> - Actual : c[0000ff40]
where eFormat happens to be ScanlineFormat::N32BitTcArgb, vs.
ScanlineFormat::N32BitTcBgra on e.g. Linux x86-64 (and which thus didn't notice
the lack of support for N32BitTcA... formats where alpha goes first instead of
last).
Change-Id: Id6030468718f6ef831b42f2b5ad7ba2c4c46a805
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103240
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 0387077e6647d7a30fd36d4ec41dfc559afe45c3)
---
vcl/source/filter/png/PngImageReader.cxx | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/vcl/source/filter/png/PngImageReader.cxx b/vcl/source/filter/png/PngImageReader.cxx
index 958cae34eb46..6e9f3825face 100644
--- a/vcl/source/filter/png/PngImageReader.cxx
+++ b/vcl/source/filter/png/PngImageReader.cxx
@@ -188,6 +188,8 @@ bool reader(SvStream& rStream, BitmapEx& rBitmapEx, bool bUseBitmap32)
for (auto& rRow : aRows)
rRow.resize(aRowSizeBytes, 0);
+ auto const alphaFirst = (eFormat == ScanlineFormat::N32BitTcAbgr
+ || eFormat == ScanlineFormat::N32BitTcArgb);
for (int pass = 0; pass < nNumberOfPasses; pass++)
{
for (png_uint_32 y = 0; y < height; y++)
@@ -199,10 +201,17 @@ bool reader(SvStream& rStream, BitmapEx& rBitmapEx, bool bUseBitmap32)
for (size_t i = 0; i < aRowSizeBytes; i += 4)
{
sal_Int8 alpha = pRow[i + 3];
+ if (alphaFirst)
+ {
+ pScanline[iColor++] = alpha;
+ }
pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 0], alpha);
pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 1], alpha);
pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 2], alpha);
- pScanline[iColor++] = alpha;
+ if (!alphaFirst)
+ {
+ pScanline[iColor++] = alpha;
+ }
}
}
}
--
2.33.1

View File

@ -0,0 +1,116 @@
From 96b088a62174a70441ebe959495756e9d86203a2 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Thu, 24 Sep 2020 14:51:16 +0200
Subject: [PATCH] Fix endianness issues in OOX crypto routines
...without which CppunitTest_sw_ooxmlencryption failed on (big-endian) s390x:
* The 32-bit segment counter in AgileEngine::de-/encrypt apparently needs to be
stored in LSB format (at least, if it is, CppunitTest_sw_ooxmlencryption
ultimately succeeded, whereas otherwise it failed).
* The UTF-16 string in Standard2007Engine::calculateEncryptionKey apparently
needs to be in LSB format (at least, if it is, CppunitTest_sw_ooxmlencryption
ultimately succeeded, whereas otherwise it failed).
* The various 32-bit values in the EncryptionStandardHeader and
EncryptionVerifierAES data structures apparently need to be written out in LSB
format in Standard2007Engine::writeEncryptionInfo, given that they are always
read in LSB format in Standard2007Engine::readEncryptionInfo.
Change-Id: I3a1efbfe324b1bbd539b88dc5d40bb44f9676ffa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103315
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 646a69757b928aeaf6e0d0d41c4b30c02803a3a3)
---
oox/source/crypto/AgileEngine.cxx | 16 +++++++++-----
oox/source/crypto/Standard2007Engine.cxx | 28 +++++++++++++++++-------
2 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index 7c2a0e9c93d2..0fc972bf2ca5 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -457,9 +457,11 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream,
while ((inputLength = aInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0)
{
- sal_uInt8* segmentBegin = reinterpret_cast<sal_uInt8*>(&segment);
- sal_uInt8* segmentEnd = segmentBegin + sizeof(segment);
- std::copy(segmentBegin, segmentEnd, saltWithBlockKey.begin() + saltSize);
+ auto p = saltWithBlockKey.begin() + saltSize;
+ p[0] = segment & 0xFF;
+ p[1] = (segment >> 8) & 0xFF;
+ p[2] = (segment >> 16) & 0xFF;
+ p[3] = segment >> 24;
hashCalc(hash, saltWithBlockKey, mInfo.hashAlgorithm);
@@ -800,9 +802,11 @@ void AgileEngine::encrypt(css::uno::Reference<css::io::XInputStream> & rxInputS
inputLength : oox::core::roundUp(inputLength, sal_uInt32(mInfo.blockSize));
// Update Key
- sal_uInt8* segmentBegin = reinterpret_cast<sal_uInt8*>(&nSegment);
- sal_uInt8* segmentEnd = segmentBegin + nSegmentByteSize;
- std::copy(segmentBegin, segmentEnd, saltWithBlockKey.begin() + saltSize);
+ auto p = saltWithBlockKey.begin() + saltSize;
+ p[0] = nSegment & 0xFF;
+ p[1] = (nSegment >> 8) & 0xFF;
+ p[2] = (nSegment >> 16) & 0xFF;
+ p[3] = nSegment >> 24;
hashCalc(hash, saltWithBlockKey, mInfo.hashAlgorithm);
diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx
index 38c4e03baf15..e96fc8f841f2 100644
--- a/oox/source/crypto/Standard2007Engine.cxx
+++ b/oox/source/crypto/Standard2007Engine.cxx
@@ -79,12 +79,12 @@ bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword)
std::vector<sal_uInt8> initialData(saltSize + passwordByteLength);
std::copy(saltArray, saltArray + saltSize, initialData.begin());
- const sal_uInt8* passwordByteArray = reinterpret_cast<const sal_uInt8*>(rPassword.getStr());
-
- std::copy(
- passwordByteArray,
- passwordByteArray + passwordByteLength,
- initialData.begin() + saltSize);
+ auto p = initialData.begin() + saltSize;
+ for (sal_Int32 i = 0; i != rPassword.getLength(); ++i) {
+ auto c = rPassword[i];
+ *p++ = c & 0xFF;
+ *p++ = c >> 8;
+ }
// use "hash" vector for result of sha1 hashing
// calculate SHA1 hash of initialData
@@ -223,11 +223,23 @@ void Standard2007Engine::writeEncryptionInfo(BinaryXOutputStream& rStream)
sal_uInt32 headerSize = encryptionHeaderSize + cspNameSize;
rStream.WriteUInt32(headerSize);
- rStream.writeMemory(&mInfo.header, encryptionHeaderSize);
+ rStream.WriteUInt32(mInfo.header.flags);
+ rStream.WriteUInt32(mInfo.header.sizeExtra);
+ rStream.WriteUInt32(mInfo.header.algId);
+ rStream.WriteUInt32(mInfo.header.algIdHash);
+ rStream.WriteUInt32(mInfo.header.keyBits);
+ rStream.WriteUInt32(mInfo.header.providedType);
+ rStream.WriteUInt32(mInfo.header.reserved1);
+ rStream.WriteUInt32(mInfo.header.reserved2);
rStream.writeUnicodeArray(lclCspName);
rStream.WriteUInt16(0);
- rStream.writeMemory(&mInfo.verifier, sizeof(msfilter::EncryptionVerifierAES));
+ rStream.WriteUInt32(mInfo.verifier.saltSize);
+ rStream.writeMemory(&mInfo.verifier.salt, sizeof mInfo.verifier.salt);
+ rStream.writeMemory(&mInfo.verifier.encryptedVerifier, sizeof mInfo.verifier.encryptedVerifier);
+ rStream.WriteUInt32(mInfo.verifier.encryptedVerifierHashSize);
+ rStream.writeMemory(
+ &mInfo.verifier.encryptedVerifierHash, sizeof mInfo.verifier.encryptedVerifierHash);
}
void Standard2007Engine::encrypt(css::uno::Reference<css::io::XInputStream> & rxInputStream,
--
2.33.1

View File

@ -0,0 +1,80 @@
From b66d735cf3dc8b80783cb161c0aff5b990db1bb0 Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Thu, 16 Feb 2023 20:20:31 +0100
Subject: [PATCH 1/3] Obtain actual 0-parameter count for OR(), AND() and
1-parameter functions
OR and AND for legacy infix notation are classified as binary
operators but in fact are functions with parameter count. In case
no argument is supplied, GetByte() returns 0 and for that case the
implicit binary operator 2 parameters were wrongly assumed.
Similar for functions expecting 1 parameter, without argument 1
was assumed. For "real" unary and binary operators the compiler
already checks parameters. Omit OR and AND and 1-parameter
functions from this implicit assumption and return the actual 0
count.
Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
Conflicts:
sc/source/core/tool/interpr4.cxx
---
formula/source/core/api/token.cxx | 13 +++++--------
sc/source/core/tool/interpr4.cxx | 10 +++++++++-
2 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/formula/source/core/api/token.cxx b/formula/source/core/api/token.cxx
index 17594207234f..0db0c3464610 100644
--- a/formula/source/core/api/token.cxx
+++ b/formula/source/core/api/token.cxx
@@ -95,17 +95,14 @@ sal_uInt8 FormulaToken::GetParamCount() const
return 0; // parameters and specials
// ocIf... jump commands not for FAP, have cByte then
//2do: bool parameter whether FAP or not?
- else if ( GetByte() )
+ else if (GetByte())
return GetByte(); // all functions, also ocExternal and ocMacro
- else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP)
- return 2; // binary
- else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP)
- || eOp == ocPercentSign)
- return 1; // unary
+ else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP && eOp != ocAnd && eOp != ocOr)
+ return 2; // binary operators, compiler checked; OR and AND legacy but are functions
+ else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP) || eOp == ocPercentSign)
+ return 1; // unary operators, compiler checked
else if (SC_OPCODE_START_NO_PAR <= eOp && eOp < SC_OPCODE_STOP_NO_PAR)
return 0; // no parameter
- else if (SC_OPCODE_START_1_PAR <= eOp && eOp < SC_OPCODE_STOP_1_PAR)
- return 1; // one parameter
else if (FormulaCompiler::IsOpCodeJumpCommand( eOp ))
return 1; // only the condition counts as parameter
else
diff --git a/sc/source/core/tool/interpr4.cxx b/sc/source/core/tool/interpr4.cxx
index eb3fb987c034..94235c33eaef 100644
--- a/sc/source/core/tool/interpr4.cxx
+++ b/sc/source/core/tool/interpr4.cxx
@@ -4012,7 +4012,15 @@ StackVar ScInterpreter::Interpret()
else if (sp >= pCur->GetParamCount())
nStackBase = sp - pCur->GetParamCount();
else
- nStackBase = sp; // underflow?!?
+ {
+ SAL_WARN("sc.core", "Stack anomaly at " << aPos.Format(
+ ScRefFlags::VALID | ScRefFlags::FORCE_DOC | ScRefFlags::TAB_3D, pDok)
+ << " eOp: " << static_cast<int>(eOp)
+ << " params: " << static_cast<int>(pCur->GetParamCount())
+ << " nStackBase: " << nStackBase << " sp: " << sp);
+ nStackBase = sp;
+ assert(!"underflow");
+ }
}
switch( eOp )
--
2.41.0

View File

@ -0,0 +1,59 @@
From 9f393ee10ae198063bbe3b71c2c87262e7880a34 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Wed, 23 Sep 2020 11:53:11 +0200
Subject: [PATCH] Read MOSDocumentLockFile UTF-16 string data with same
endianness
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
...as MSODocumentLockFile::WriteEntryToStream has written it to (i.e.,
always as UTF-16LE, assuming that is actually the right format to use). The
discrepancy between writing and reading the string data appears to be present
ever since the code's introduction in 5db1e20b8b0942dac2d50f3cd34532bb61147020
"Introduce new lockfile handler for MSO like lockfiles".
This caused CppunitTest_svl_lockfiles to fail on (big-endian) s390x Linux with
> svl/qa/unit/lockfiles/test_lockfiles.cxx:578:(anonymous namespace)::LockfileTest::testWordLockFileRT
> equality assertion failed
> - Expected: LockFile Test
> - Actual : 䰀漀挀欀䘀椀氀攀 吀攀猀琀
etc.
Change-Id: I97267aa14a3a926e7fd7bb1d2ce7d2de05d52a64
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103238
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 1b9fa11a0869246fe0433b79aab30dd216cf92b6)
---
svl/source/misc/msodocumentlockfile.cxx | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/svl/source/misc/msodocumentlockfile.cxx b/svl/source/misc/msodocumentlockfile.cxx
index 9650db03999f..0c857ffb53ec 100644
--- a/svl/source/misc/msodocumentlockfile.cxx
+++ b/svl/source/misc/msodocumentlockfile.cxx
@@ -228,8 +228,16 @@ LockFileEntry MSODocumentLockFile::GetLockData()
nUTF16Len = *++pBuf; // use Excel/PowerPoint position
if (nUTF16Len > 0 && nUTF16Len <= 52) // skip wrong format
- aResult[LockFileComponent::OOOUSERNAME]
- = OUString(reinterpret_cast<const sal_Unicode*>(pBuf + 2), nUTF16Len);
+ {
+ OUStringBuffer str(nUTF16Len);
+ sal_uInt8 const* p = reinterpret_cast<sal_uInt8 const*>(pBuf + 2);
+ for (int i = 0; i != nUTF16Len; ++i)
+ {
+ str.append(sal_Unicode(p[0] | (sal_uInt32(p[1]) << 8)));
+ p += 2;
+ }
+ aResult[LockFileComponent::OOOUSERNAME] = str.makeStringAndClear();
+ }
}
}
return aResult;
--
2.33.1

View File

@ -0,0 +1,72 @@
From 5c705fbd9e4d231fed87b7e8ac06d8b7d4c6891f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 12 Aug 2021 12:55:30 +0100
Subject: [PATCH] Resolves: tdf#132739 two style tags where there should be
just one
Change-Id: Id9c8c8cc8c5ffdd21ba79ff39a6279cf2ddc8025
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120360
Tested-by: Jenkins
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
---
sw/source/filter/html/css1atr.cxx | 4 +++-
sw/source/filter/html/htmltabw.cxx | 9 ++++++---
sw/source/filter/html/wrthtml.hxx | 2 +-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/sw/source/filter/html/css1atr.cxx b/sw/source/filter/html/css1atr.cxx
index 7b1a5cc19be3..c401d95a788f 100644
--- a/sw/source/filter/html/css1atr.cxx
+++ b/sw/source/filter/html/css1atr.cxx
@@ -2113,10 +2113,12 @@ void SwHTMLWriter::OutCSS1_TableFrameFormatOptions( const SwFrameFormat& rFrameF
Strm().WriteChar( '\"' );
}
-void SwHTMLWriter::OutCSS1_TableCellBorderHack(SwFrameFormat const& rFrameFormat)
+void SwHTMLWriter::OutCSS1_TableCellBordersAndBG(SwFrameFormat const& rFrameFormat, const SvxBrushItem *pBrushItem)
{
SwCSS1OutMode const aMode( *this,
CSS1_OUTMODE_STYLE_OPT_ON|CSS1_OUTMODE_ENCODE|CSS1_OUTMODE_TABLEBOX, nullptr );
+ if (pBrushItem)
+ OutCSS1_SvxBrush(*this, *pBrushItem, Css1Background::Table, nullptr);
OutCSS1_SvxBox(*this, rFrameFormat.GetBox());
if (!m_bFirstCSS1Property)
{
diff --git a/sw/source/filter/html/htmltabw.cxx b/sw/source/filter/html/htmltabw.cxx
index 4c83319747b7..63812a9b3ef6 100644
--- a/sw/source/filter/html/htmltabw.cxx
+++ b/sw/source/filter/html/htmltabw.cxx
@@ -424,11 +424,14 @@ void SwHTMLWrtTable::OutTableCell( SwHTMLWriter& rWrt,
// Avoid non-CSS version in the ReqIF case.
rWrt.OutBackground( pBrushItem, false );
- if( rWrt.m_bCfgOutStyles )
- OutCSS1_TableBGStyleOpt( rWrt, *pBrushItem );
+ if (!rWrt.m_bCfgOutStyles)
+ pBrushItem = nullptr;
}
- rWrt.OutCSS1_TableCellBorderHack(*pBox->GetFrameFormat());
+ // tdf#132739 with rWrt.m_bCfgOutStyles of true bundle the brush item css
+ // properties into the same "style" tag as the borders so there is only one
+ // style tag
+ rWrt.OutCSS1_TableCellBordersAndBG(*pBox->GetFrameFormat(), pBrushItem);
sal_uInt32 nNumFormat = 0;
double nValue = 0.0;
diff --git a/sw/source/filter/html/wrthtml.hxx b/sw/source/filter/html/wrthtml.hxx
index ab282ba652ff..f82325ee50ae 100644
--- a/sw/source/filter/html/wrthtml.hxx
+++ b/sw/source/filter/html/wrthtml.hxx
@@ -484,7 +484,7 @@ public:
void writeFrameFormatOptions(HtmlWriter& aHtml, const SwFrameFormat& rFrameFormat, const OUString& rAltText, HtmlFrmOpts nFrameOpts);
void OutCSS1_TableFrameFormatOptions( const SwFrameFormat& rFrameFormat );
- void OutCSS1_TableCellBorderHack(const SwFrameFormat& rFrameFormat);
+ void OutCSS1_TableCellBordersAndBG(const SwFrameFormat& rFrameFormat, const SvxBrushItem *pBrushItem);
void OutCSS1_SectionFormatOptions( const SwFrameFormat& rFrameFormat, const SwFormatCol *pCol );
void OutCSS1_FrameFormatOptions( const SwFrameFormat& rFrameFormat, HtmlFrmOpts nFrameOpts,
const SdrObject *pSdrObj=nullptr,
--
2.31.1

View File

@ -0,0 +1,259 @@
From c2cf13da3bbf756ef3f78251c40d45fc23c27f36 Mon Sep 17 00:00:00 2001
From: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Date: Wed, 29 Apr 2020 07:42:24 +0200
Subject: [PATCH 1/6] backports to ease CVE backporting
Remove unnecessary if block
And format code inside
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
space out the namespace constant values
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88938
(cherry picked from commit 5352d45dd4a04f8f02cf7f6ad4169126d3b3586a)
Change-Id: I30f54bfc1389e91b18e4fee8b83e1b297419899b
---
include/xmloff/xmlnmspe.hxx | 16 +--
.../component/documentdigitalsignatures.cxx | 130 +++++++++---------
.../source/helper/xmlsignaturehelper.cxx | 1 +
3 files changed, 75 insertions(+), 72 deletions(-)
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
index a00628b6b999..b079053c38d3 100644
--- a/include/xmloff/xmlnmspe.hxx
+++ b/include/xmloff/xmlnmspe.hxx
@@ -69,7 +69,7 @@ XML_NAMESPACE( XML_NAMESPACE_VERSIONS_LIST, 37U )
// namespaces for odf extended formats
-#define XML_NAMESPACE_EXT_BASE 38U
+#define XML_NAMESPACE_EXT_BASE 50U
#define XML_NAMESPACE_EXT( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_EXT_BASE+index);
@@ -82,7 +82,7 @@ XML_NAMESPACE_EXT( XML_NAMESPACE_LO_EXT, 5U )
// namespaces for OOo formats
-#define XML_NAMESPACE_OOO_BASE 44U
+#define XML_NAMESPACE_OOO_BASE 60U
#define XML_NAMESPACE_OOO( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_OOO_BASE+index);
@@ -100,7 +100,7 @@ XML_NAMESPACE_OOO( XML_NAMESPACE_CONFIG_OOO, 10U )
XML_NAMESPACE_OOO( XML_NAMESPACE_FORM_OOO, 11U )
XML_NAMESPACE_OOO( XML_NAMESPACE_SCRIPT_OOO, 12U )
-#define XML_NAMESPACE_COMPAT_BASE 57U
+#define XML_NAMESPACE_COMPAT_BASE 80U
#define XML_NAMESPACE_COMPAT( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_COMPAT_BASE+index);
@@ -108,14 +108,14 @@ XML_NAMESPACE_COMPAT( XML_NAMESPACE_SVG_COMPAT, 0U )
XML_NAMESPACE_COMPAT( XML_NAMESPACE_FO_COMPAT, 1U )
XML_NAMESPACE_COMPAT( XML_NAMESPACE_SMIL_COMPAT, 2U )
-#define XML_NAMESPACE_OASIS_BASE 60U
+#define XML_NAMESPACE_OASIS_BASE 90U
#define XML_NAMESPACE_OASIS( prefix, index ) \
const sal_uInt16 prefix = (XML_NAMESPACE_OASIS_BASE+index);
XML_NAMESPACE_OASIS( XML_NAMESPACE_DB_OASIS, 0U )
XML_NAMESPACE_OASIS( XML_NAMESPACE_REPORT_OASIS, 1U )
-#define XML_OLD_NAMESPACE_BASE 62U
+#define XML_OLD_NAMESPACE_BASE 100U
#define XML_OLD_NAMESPACE( prefix, index ) \
const sal_uInt16 prefix = (XML_OLD_NAMESPACE_BASE+index);
@@ -134,9 +134,9 @@ XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_CHART, 10U )
XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_SMIL, 11U )
// experimental namespaces
-XML_NAMESPACE( XML_NAMESPACE_FIELD, 100U )
-XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 103U ) // CSS Text Level 3
-XML_NAMESPACE( XML_NAMESPACE_FORMX, 101U ) // form interop extensions
+XML_NAMESPACE( XML_NAMESPACE_FIELD, 120U )
+XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT, 123U ) // CSS Text Level 3
+XML_NAMESPACE( XML_NAMESPACE_FORMX, 121U ) // form interop extensions
#endif // INCLUDED_XMLOFF_XMLNMSPE_HXX
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index dcfaad0af773..52cb938a8e0a 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -500,85 +500,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
- if ( nInfos )
+ for (int n = 0; n < nInfos; ++n)
{
- for( int n = 0; n < nInfos; ++n )
- {
- DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
- m_sODFVersion, aSignInfos[n]);
- const std::vector< OUString > aElementsToBeVerified =
- DocumentSignatureHelper::CreateElementList(
- rxStorage, eMode, mode);
+ DocumentSignatureAlgorithm mode
+ = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
+ const std::vector<OUString> aElementsToBeVerified
+ = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
- const SignatureInformation& rInfo = aSignInfos[n];
- css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
+ const SignatureInformation& rInfo = aSignInfos[n];
+ css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
- if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ if (rInfo.ouGpgCertificate.isEmpty()) // X.509
+ {
+ if (!rInfo.ouX509Certificate.isEmpty())
+ rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
+ if (!rSigInfo.Signer.is())
+ rSigInfo.Signer = xSecEnv->getCertificate(
+ rInfo.ouX509IssuerName,
+ xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
+
+ // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
+ // to find the parent certificate. It does not take into account that there can be several certificates
+ // with the same subject name.
+ try
{
- if (!rInfo.ouX509Certificate.isEmpty())
- rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
- if (!rSigInfo.Signer.is())
- rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
- xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
-
- // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
- // to find the parent certificate. It does not take into account that there can be several certificates
- // with the same subject name.
-
- try {
- rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
- } catch (SecurityException& ) {
- OSL_FAIL("Verification of certificate failed");
- rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
- }
+ rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
}
- else if (xGpgSecEnv.is()) // GPG
+ catch (SecurityException&)
{
- // TODO not ideal to retrieve cert by keyID, might
- // collide, or PGPKeyID format might change - can't we
- // keep the xCert itself in rInfo?
- rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
- rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
- Sequence<Reference<css::security::XCertificate> >());
+ OSL_FAIL("Verification of certificate failed");
+ rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
}
+ }
+ else if (xGpgSecEnv.is()) // GPG
+ {
+ // TODO not ideal to retrieve cert by keyID, might
+ // collide, or PGPKeyID format might change - can't we
+ // keep the xCert itself in rInfo?
+ rSigInfo.Signer = xGpgSecEnv->getCertificate(
+ rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
+ rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
+ rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
+ }
- // Time support again (#i38744#)
- Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
- tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
- rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
- rSigInfo.SignatureDate = aDate.GetDate();
- rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
+ // Time support again (#i38744#)
+ Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
+ tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
+ rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
+ rSigInfo.SignatureDate = aDate.GetDate();
+ rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
- rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
+ rSigInfo.SignatureIsValid
+ = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
- // Signature line info (ID + Images)
- if (!rInfo.ouSignatureLineId.isEmpty())
- rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
+ // Signature line info (ID + Images)
+ if (!rInfo.ouSignatureLineId.isEmpty())
+ rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
- if (rInfo.aValidSignatureImage.is())
- rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
+ if (rInfo.aValidSignatureImage.is())
+ rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
- if (rInfo.aInvalidSignatureImage.is())
- rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
-
- // OOXML intentionally doesn't sign metadata.
- if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
- {
- rSigInfo.SignatureIsValid =
- DocumentSignatureHelper::checkIfAllFilesAreSigned(
- aElementsToBeVerified, rInfo, mode);
- }
- if (eMode == DocumentSignatureMode::Content)
- {
- if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
- rSigInfo.PartialDocumentSignature = true;
- else
- rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
- }
+ if (rInfo.aInvalidSignatureImage.is())
+ rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
+ // OOXML intentionally doesn't sign metadata.
+ if (rSigInfo.SignatureIsValid
+ && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
+ {
+ rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
+ aElementsToBeVerified, rInfo, mode);
+ }
+ if (eMode == DocumentSignatureMode::Content)
+ {
+ if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
+ rSigInfo.PartialDocumentSignature = true;
+ else
+ rSigInfo.PartialDocumentSignature
+ = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
}
}
+
return aInfos;
}
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index 6ec834053a17..22c056e70da1 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -402,6 +402,7 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorageStream(const css::uno::Ref
catch(const uno::Exception&)
{
DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper");
+ mbError = true;
}
mpXSecController->releaseSignatureReader();
--
2.32.0

View File

@ -0,0 +1,99 @@
From ff68c22161071ce89851c6d81e80ba51b67e8e0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 13 Feb 2023 13:56:10 +0000
Subject: [PATCH] disable script dump
Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147051
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147255
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
(cherry picked from commit ae3a7dcbb60bb73700737b9ca8940ce3103648d9)
---
.../source/drivers/hsqldb/HDriver.cxx | 31 +++++++++++++++++++
external/hsqldb/UnpackedTarball_hsqldb.mk | 1 +
.../hsqldb/patches/disable-dump-script.patch | 14 +++++++++
3 files changed, 46 insertions(+)
create mode 100644 external/hsqldb/patches/disable-dump-script.patch
diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx b/connectivity/source/drivers/hsqldb/HDriver.cxx
index de76ecbba29de..95c610843efab 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -300,6 +300,37 @@ namespace connectivity
} // if ( xStream.is() )
::comphelper::disposeComponent(xStream);
}
+
+ // disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces
+ // in that bundled hsqldb 1.8.0 is patched to also reject them)
+ //
+ // hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data
+ // which seems to provide a builtin way to do this with contemporary hsqldb
+ const OUString sScript( "script" );
+ if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+ {
+ Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ);
+ if (xStream.is())
+ {
+ std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+ if (pStream)
+ {
+ OString sLine;
+ while (pStream->ReadLine(sLine))
+ {
+ OString sText = sLine.trim();
+ if (sText.startsWithIgnoreAsciiCase("SCRIPT"))
+ {
+ ::connectivity::SharedResources aResources;
+ sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath);
+ break;
+ }
+ }
+ }
+ } // if ( xStream.is() )
+ ::comphelper::disposeComponent(xStream);
+ }
+
}
catch(Exception&)
{
diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk b/external/hsqldb/UnpackedTarball_hsqldb.mk
index cbba770f19a07..ed262cccf4caa 100644
--- a/external/hsqldb/UnpackedTarball_hsqldb.mk
+++ b/external/hsqldb/UnpackedTarball_hsqldb.mk
@@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
external/hsqldb/patches/jdbc-4.1.patch \
external/hsqldb/patches/multipleResultSets.patch \
) \
+ external/hsqldb/patches/disable-dump-script.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/hsqldb/patches/disable-dump-script.patch b/external/hsqldb/patches/disable-dump-script.patch
new file mode 100644
index 0000000000000..401dd38abc9a2
--- /dev/null
+++ b/external/hsqldb/patches/disable-dump-script.patch
@@ -0,0 +1,14 @@
+--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 11:08:11.297243034 +0000
++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 13:49:17.973089433 +0000
+@@ -403,6 +403,11 @@
+ throw Trace.error(Trace.INVALID_IDENTIFIER);
+ }
+
++ // added condition to avoid execution of spurious command in .script or .log file
++ if (session.isProcessingScript() || session.isProcessingLog()) {
++ return new Result(ResultConstants.UPDATECOUNT);
++ }
++
+ dsw = new ScriptWriterText(database, token, true, true, true);
+
+ dsw.writeAll();
--
2.41.0

View File

@ -0,0 +1,82 @@
From 8bfdd84ffcffe19aa6c495a0772e1a5fcb9a5124 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Fri, 25 Sep 2020 11:22:03 +0100
Subject: [PATCH] rhbz#1882616 move cursor one step at a time in the desired
direction
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
until we get to the target position. The break iterator operates in graphemes
so we can't just move Left/Right the amount of utf-16 we want to move.
Change-Id: I25d4e9285deae374f85dcaadbf4601bc213a89de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103380
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit bf858622e543163a23db766912ea6b121f447e6d)
---
sw/source/core/edit/editsh.cxx | 40 +++++++++++++++++++++++++++++-----
1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/sw/source/core/edit/editsh.cxx b/sw/source/core/edit/editsh.cxx
index 8f84ce42ed75..872d92d7afcc 100644
--- a/sw/source/core/edit/editsh.cxx
+++ b/sw/source/core/edit/editsh.cxx
@@ -988,7 +988,8 @@ OUString SwEditShell::DeleteExtTextInput( bool bInsText )
void SwEditShell::SetExtTextInputData( const CommandExtTextInputData& rData )
{
- const SwPosition& rPos = *GetCursor()->GetPoint();
+ SwPaM* pCurrentCursor = GetCursor();
+ const SwPosition& rPos = *pCurrentCursor->GetPoint();
SwExtTextInput* pInput = GetDoc()->GetExtTextInput( rPos.nNode.GetNode() );
if( !pInput )
return;
@@ -1005,10 +1006,39 @@ void SwEditShell::SetExtTextInputData( const CommandExtTextInputData& rData )
// ugly but works
ShowCursor();
const sal_Int32 nDiff = nNewCursorPos - rPos.nContent.GetIndex();
- if( 0 > nDiff )
- Left( -nDiff, CRSR_SKIP_CHARS );
- else if( 0 < nDiff )
- Right( nDiff, CRSR_SKIP_CHARS );
+ if( nDiff != 0)
+ {
+ bool bLeft = nDiff < 0;
+ sal_Int32 nMaxGuard = std::abs(nDiff);
+ while (true)
+ {
+ auto nOldPos = pCurrentCursor->GetPoint()->nContent.GetIndex();
+ if (bLeft)
+ Left(1, CRSR_SKIP_CHARS);
+ else
+ Right(1, CRSR_SKIP_CHARS);
+ auto nNewPos = pCurrentCursor->GetPoint()->nContent.GetIndex();
+
+ // expected success
+ if (nNewPos == nNewCursorPos)
+ break;
+
+ if (nNewPos == nOldPos)
+ {
+ // if there was no movement, we have failed for some reason
+ SAL_WARN("sw.core", "IM cursor move failed");
+ break;
+ }
+
+ if (--nMaxGuard == 0)
+ {
+ // if it takes more cursor moves than there are utf-16 chars to move past
+ // something has probably gone wrong
+ SAL_WARN("sw.core", "IM abandoning cursor positioning");
+ break;
+ }
+ }
+ }
SetOverwriteCursor( rData.IsCursorOverwrite() );
--
2.29.2

View File

@ -0,0 +1,491 @@
From b49380bd288e642352cb7ddc1c050e2fb34b5b43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 13 Jul 2021 12:38:07 +0100
Subject: [PATCH] rhbz#1980800 allow --convert-to csv to write each sheet to a
separate file
Related: tdf#135762 except only currently implemented for command line use
sample usage:
soffice --convert-to csv:"Text - txt - csv (StarCalc)":44,34,UTF8,1,,0,false,true,false,false,false,-1 sample.ods
where the new (11th!) final token ("-1") enables writing each sheet to a
new file based on the suggested target name so output in this example
is files sample-Sheet1.csv and sample-Sheet2.csv
Only -1 for 'all sheets' vs 0 for existing 'current sheet only' (which
is always sheet 0 from the command line) are currently options but the
token could be expanded in the future to select specific sheets to
export.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118850
Tested-by: Jenkins
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit b8903bc106dad036acb3d117e5c4fc955697fe02)
Related: tdf#135762 Allow --convert-to csv to specify 1-based sheet number
Same multifile mechanism as for -1 all sheets is used, so
soffice --convert-to csv:"Text - txt - csv (StarCalc)":44,34,UTF8,1,,0,false,true,false,false,false,2 sample.ods
writes a file sample-Sheet2.csv
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118971
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit fda91f8be16ba760e360940ebafd6244c648cb8c)
Related: tdf#135762 Suppress cout if not command line
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119294
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 0cda081c9aa3b3dcb363f97bac60c845ce9a13e0)
Change-Id: Ib99a120f1a2c8d1008a7a3c59a6b39f572fb346e
b9248c9561e4e340c88458ac5dfd159e443a4cfd
9431221aadf97739bb197871f25fa151ef4c391c
Plus follow-up fix
<https://git.libreoffice.org/core/+/d768757872ad25219fa291acd623ab98924acaaa%5E%21>
"tdf#129829 sfx2: fix handling of password to open vs modify" (which happens to
also fix saving to smb shares, in addition to the Windows-specific issue it was
originally meant to fix), plus the relevant parts of its preceding
<https://git.libreoffice.org/core/+/037cd13af81f8a1169d01e95036ed942f261f9a6%5E%21>
"sw reqif-xhtml export: add a new RTFOLEMimeType parameter" introducing
SfxMedium::SetArgs.
---
desktop/source/app/dispatchwatcher.cxx | 50 +++++++--
include/sfx2/docfile.hxx | 2 +
sc/source/ui/dbgui/imoptdlg.cxx | 16 ++-
sc/source/ui/docshell/docsh.cxx | 141 +++++++++++++++++++++----
sc/source/ui/inc/docsh.hxx | 2 +-
sc/source/ui/inc/imoptdlg.hxx | 6 +-
sfx2/source/doc/docfile.cxx | 13 +++
7 files changed, 194 insertions(+), 36 deletions(-)
diff --git a/desktop/source/app/dispatchwatcher.cxx b/desktop/source/app/dispatchwatcher.cxx
index 04140173c6d1..a5365da618e8 100644
--- a/desktop/source/app/dispatchwatcher.cxx
+++ b/desktop/source/app/dispatchwatcher.cxx
@@ -30,6 +30,7 @@
#include "dispatchwatcher.hxx"
#include <rtl/ustring.hxx>
#include <comphelper/processfactory.hxx>
+#include <comphelper/string.hxx>
#include <comphelper/synchronousdispatch.hxx>
#include <com/sun/star/io/IOException.hpp>
#include <com/sun/star/util/XCloseable.hpp>
@@ -604,6 +605,8 @@ bool DispatchWatcher::executeDispatchRequests( const std::vector<DispatchRequest
aFilter = impl_GuessFilter( aOutFile, aDocService );
}
+ bool bMultiFileTarget = false;
+
if (aFilter.isEmpty())
{
std::cerr << "Error: no export filter" << std::endl;
@@ -611,29 +614,54 @@ bool DispatchWatcher::executeDispatchRequests( const std::vector<DispatchRequest
else
{
sal_Int32 nFilterOptionsIndex = aFilter.indexOf(':');
- sal_Int32 nProps = ( 0 < nFilterOptionsIndex ) ? 3 : 2;
+ sal_Int32 nProps = ( 0 < nFilterOptionsIndex ) ? 4 : 3;
if ( !aImgOut.isEmpty() )
nProps +=1;
Sequence<PropertyValue> conversionProperties( nProps );
- conversionProperties[0].Name = "Overwrite";
- conversionProperties[0].Value <<= true;
+ conversionProperties[0].Name = "ConversionRequestOrigin";
+ conversionProperties[0].Value <<= OUString("CommandLine");
+ conversionProperties[1].Name = "Overwrite";
+ conversionProperties[1].Value <<= true;
- conversionProperties[1].Name = "FilterName";
+ conversionProperties[2].Name = "FilterName";
if( 0 < nFilterOptionsIndex )
{
- conversionProperties[1].Value <<= aFilter.copy(0, nFilterOptionsIndex);
+ OUString sFilterName = aFilter.copy(0, nFilterOptionsIndex);
+ OUString sFilterOptions = aFilter.copy(nFilterOptionsIndex + 1);
+
+ if (sFilterName == "Text - txt - csv (StarCalc)")
+ {
+ sal_Int32 nIdx(0);
+ // If the 11th token is '-1' then we export a file
+ // per sheet where the file name is based on the suggested
+ // output filename concatenated with the sheet name, so adjust
+ // the output and overwrite messages
+ // If the 11th token is not present or numeric 0 then the
+ // default sheet is exported with the output filename. If it
+ // is numeric >0 then that sheet (1-based) with the output
+ // filename concatenated with the sheet name. So even if
+ // that is a single file, the multi file target mechanism is
+ // used.
+ const OUString aTok(sFilterOptions.getToken(11, ',', nIdx));
+ // Actual validity is checked in Calc, here just check for
+ // presence of numeric value at start.
+ bMultiFileTarget = (!aTok.isEmpty() && aTok.toInt32() != 0);
+ }
+
+ conversionProperties[2].Value <<= sFilterName;
- conversionProperties[2].Name = "FilterOptions";
- conversionProperties[2].Value <<= aFilter.copy(nFilterOptionsIndex + 1);
+ conversionProperties[3].Name = "FilterOptions";
+ conversionProperties[3].Value <<= sFilterOptions;
}
else
{
- conversionProperties[1].Value <<= aFilter;
+ conversionProperties[2].Value <<= aFilter;
}
if ( !aImgOut.isEmpty() )
{
+ assert(conversionProperties[nProps-1].Name.isEmpty());
conversionProperties[nProps-1].Name = "ImageFilter";
conversionProperties[nProps-1].Value <<= aImgOut;
}
@@ -645,9 +673,11 @@ bool DispatchWatcher::executeDispatchRequests( const std::vector<DispatchRequest
OString aTargetURL8 = OUStringToOString(aTempName, osl_getThreadTextEncoding());
if (aDispatchRequest.aRequestType != REQUEST_CAT)
{
- std::cout << "convert " << aSource8 << " -> " << aTargetURL8;
+ std::cout << "convert " << aSource8;
+ if (!bMultiFileTarget)
+ std::cout << " -> " << aTargetURL8;
std::cout << " using filter : " << OUStringToOString(aFilter, osl_getThreadTextEncoding()) << std::endl;
- if (FStatHelper::IsDocument(aOutFile))
+ if (!bMultiFileTarget && FStatHelper::IsDocument(aOutFile))
std::cout << "Overwriting: " << OUStringToOString(aTempName, osl_getThreadTextEncoding()) << std::endl ;
}
try
diff --git a/include/sfx2/docfile.hxx b/include/sfx2/docfile.hxx
index 2019b5738c01..2886348 100644
--- a/include/sfx2/docfile.hxx
+++ b/include/sfx2/docfile.hxx
@@ -108,6 +108,8 @@ public:
const OUString& GetOrigURL() const;
SfxItemSet * GetItemSet() const;
+ void SetArgs(const css::uno::Sequence<css::beans::PropertyValue>& rArgs);
+ css::uno::Sequence<css::beans::PropertyValue> GetArgs() const;
void Close(bool bInDestruction = false);
void CloseAndRelease();
void ReOpen();
diff --git a/sc/source/ui/dbgui/imoptdlg.cxx b/sc/source/ui/dbgui/imoptdlg.cxx
index 26781924baac..7aa8c8acb061 100644
--- a/sc/source/ui/dbgui/imoptdlg.cxx
+++ b/sc/source/ui/dbgui/imoptdlg.cxx
@@ -20,6 +20,7 @@
#include <imoptdlg.hxx>
#include <asciiopt.hxx>
#include <comphelper/string.hxx>
+#include <unotools/charclass.hxx>
#include <osl/thread.h>
#include <global.hxx>
@@ -43,6 +44,7 @@ ScImportOptions::ScImportOptions( const OUString& rStr )
bSaveNumberAsSuch = true;
bSaveFormulas = false;
bRemoveSpace = false;
+ nSheetToExport = 0;
sal_Int32 nTokenCount = comphelper::string::getTokenCount(rStr, ',');
if ( nTokenCount >= 3 )
{
@@ -76,6 +78,16 @@ ScImportOptions::ScImportOptions( const OUString& rStr )
bSaveFormulas = rStr.getToken(0, ',', nIdx) == "true";
if ( nTokenCount >= 11 )
bRemoveSpace = rStr.getToken(0, ',', nIdx) == "true";
+ if ( nTokenCount >= 12 )
+ {
+ const OUString aTok(rStr.getToken(0, ',', nIdx));
+ if (aTok == "-1")
+ nSheetToExport = -1; // all
+ else if (aTok.isEmpty() || CharClass::isAsciiNumeric(aTok))
+ nSheetToExport = aTok.toInt32();
+ else
+ nSheetToExport = -23; // invalid, force error
+ }
}
}
}
@@ -99,7 +111,9 @@ OUString ScImportOptions::BuildString() const
"," +
OUString::boolean( bSaveFormulas ) + // "save formulas": not in ScAsciiOptions
"," +
- OUString::boolean( bRemoveSpace ); // same as "Remove space" in ScAsciiOptions
+ OUString::boolean( bRemoveSpace ) + // same as "Remove space" in ScAsciiOptions
+ "," +
+ OUString::number(nSheetToExport) ; // Only available for command line --convert-to
return aResult;
}
diff --git a/sc/source/ui/docshell/docsh.cxx b/sc/source/ui/docshell/docsh.cxx
index bd7402231333..1c544fb6fa1a 100644
--- a/sc/source/ui/docshell/docsh.cxx
+++ b/sc/source/ui/docshell/docsh.cxx
@@ -45,6 +45,7 @@
#include <sfx2/objface.hxx>
#include <sfx2/viewfrm.hxx>
#include <svl/documentlockfile.hxx>
+#include <svl/fstathelper.hxx>
#include <svl/sharecontrolfile.hxx>
#include <svl/urihelper.hxx>
#include <osl/file.hxx>
@@ -120,6 +121,7 @@
#include <comphelper/processfactory.hxx>
#include <comphelper/string.hxx>
#include <unotools/configmgr.hxx>
+#include <unotools/ucbstreamhelper.hxx>
#include <uiitems.hxx>
#include <dpobject.hxx>
#include <markdata.hxx>
@@ -1920,7 +1922,7 @@ void escapeTextSep(sal_Int32 nPos, const StrT& rStrDelim, StrT& rStr)
}
-void ScDocShell::AsciiSave( SvStream& rStream, const ScImportOptions& rAsciiOpt )
+void ScDocShell::AsciiSave( SvStream& rStream, const ScImportOptions& rAsciiOpt, SCTAB nTab )
{
sal_Unicode cDelim = rAsciiOpt.nFieldSepCode;
sal_Unicode cStrDelim = rAsciiOpt.nTextSepCode;
@@ -1966,7 +1968,6 @@ void ScDocShell::AsciiSave( SvStream& rStream, const ScImportOptions& rAsciiOpt
SCCOL nStartCol = 0;
SCROW nStartRow = 0;
- SCTAB nTab = GetSaveTab();
SCCOL nEndCol;
SCROW nEndRow;
m_aDocument.GetCellArea( nTab, nEndCol, nEndRow );
@@ -2384,35 +2385,129 @@ bool ScDocShell::ConvertTo( SfxMedium &rMed )
}
else if (aFltName == pFilterAscii)
{
- SvStream* pStream = rMed.GetOutStream();
- if (pStream)
+ OUString sItStr;
+ SfxItemSet* pSet = rMed.GetItemSet();
+ const SfxPoolItem* pItem;
+ if ( pSet && SfxItemState::SET ==
+ pSet->GetItemState( SID_FILE_FILTEROPTIONS, true, &pItem ) )
{
- OUString sItStr;
- SfxItemSet* pSet = rMed.GetItemSet();
- const SfxPoolItem* pItem;
- if ( pSet && SfxItemState::SET ==
- pSet->GetItemState( SID_FILE_FILTEROPTIONS, true, &pItem ) )
+ sItStr = static_cast<const SfxStringItem*>(pItem)->GetValue();
+ }
+
+ if ( sItStr.isEmpty() )
+ {
+ // default for ascii export (from API without options):
+ // ISO8859-1/MS_1252 encoding, comma, double quotes
+
+ ScImportOptions aDefOptions( ',', '"', RTL_TEXTENCODING_MS_1252 );
+ sItStr = aDefOptions.BuildString();
+ }
+
+ weld::WaitObject aWait( GetActiveDialogParent() );
+ ScImportOptions aOptions( sItStr );
+
+ if (aOptions.nSheetToExport)
+ {
+ // Only from command line --convert-to
+ bRet = true;
+
+ // Verbose only from command line, not UI (in case we actually
+ // implement that) nor macro filter options.
+ bool bVerbose = false;
+ const css::uno::Sequence<css::beans::PropertyValue> & rArgs = rMed.GetArgs();
+ const auto pProp = std::find_if( rArgs.begin(), rArgs.end(),
+ [](const css::beans::PropertyValue& rProp) { return rProp.Name == "ConversionRequestOrigin"; });
+ if (pProp != rArgs.end())
{
- sItStr = static_cast<const SfxStringItem*>(pItem)->GetValue();
+ OUString aOrigin;
+ pProp->Value >>= aOrigin;
+ bVerbose = (aOrigin == "CommandLine");
}
- if ( sItStr.isEmpty() )
+ SCTAB nStartTab;
+ SCTAB nCount = m_aDocument.GetTableCount();
+ if (aOptions.nSheetToExport == -1)
{
- // default for ascii export (from API without options):
- // ISO8859-1/MS_1252 encoding, comma, double quotes
-
- ScImportOptions aDefOptions( ',', '"', RTL_TEXTENCODING_MS_1252 );
- sItStr = aDefOptions.BuildString();
+ // All sheets.
+ nStartTab = 0;
+ }
+ else if (0 < aOptions.nSheetToExport && aOptions.nSheetToExport <= nCount)
+ {
+ // One sheet, 1-based.
+ nCount = aOptions.nSheetToExport;
+ nStartTab = nCount - 1;
+ }
+ else
+ {
+ // Usage error, no export but log.
+ if (bVerbose)
+ {
+ if (aOptions.nSheetToExport < 0)
+ std::cout << "Bad sheet number string given." << std::endl;
+ else
+ std::cout << "No sheet number " << aOptions.nSheetToExport
+ << ", number of sheets is " << nCount << std::endl;
+ }
+ nStartTab = 0;
+ nCount = 0;
+ SetError(SCERR_EXPORT_DATA);
+ bRet = false;
}
- weld::WaitObject aWait( GetActiveDialogParent() );
- ScImportOptions aOptions( sItStr );
- AsciiSave( *pStream, aOptions );
- bRet = true;
+ INetURLObject aURLObject(rMed.GetURLObject());
+ OUString sExt = aURLObject.CutExtension();
+ OUString sBaseName = aURLObject.GetLastName();
+ aURLObject.CutLastName();
- if (m_aDocument.GetTableCount() > 1)
- if (!rMed.GetError())
- rMed.SetError(SCWARN_EXPORT_ASCII);
+ for (SCTAB i = nStartTab; i < nCount; ++i)
+ {
+ OUString sTabName;
+ if (!m_aDocument.GetName(i, sTabName))
+ sTabName = OUString::number(i);
+ INetURLObject aSheetURLObject(aURLObject);
+ OUString sFileName = sBaseName + "-" + sTabName;
+ if (!sExt.isEmpty())
+ sFileName = sFileName + "." + sExt;
+ aSheetURLObject.Append(sFileName);
+
+ // log similar to DispatchWatcher::executeDispatchRequests
+ OUString aOutFile = aSheetURLObject.GetMainURL(INetURLObject::DecodeMechanism::NONE);
+ if (bVerbose)
+ {
+ OUString aDisplayedName;
+ if (osl::FileBase::E_None != osl::FileBase::getSystemPathFromFileURL(aOutFile, aDisplayedName))
+ aDisplayedName = aOutFile;
+ std::cout << "Writing sheet " << OUStringToOString(sTabName, osl_getThreadTextEncoding()) << " -> "
+ << OUStringToOString(aDisplayedName, osl_getThreadTextEncoding())
+ << std::endl;
+
+ if (FStatHelper::IsDocument(aOutFile))
+ std::cout << "Overwriting: " << OUStringToOString(aDisplayedName, osl_getThreadTextEncoding())
+ << std::endl ;
+ }
+
+ std::unique_ptr<SvStream> xStm = ::utl::UcbStreamHelper::CreateStream(aOutFile, StreamMode::TRUNC | StreamMode::WRITE);
+ if (!xStm)
+ {
+ SetError(ERRCODE_IO_CANTCREATE);
+ bRet = false;
+ break;
+ }
+ AsciiSave(*xStm, aOptions, i);
+ }
+ }
+ else
+ {
+ SvStream* pStream = rMed.GetOutStream();
+ if (pStream)
+ {
+ AsciiSave(*pStream, aOptions, GetSaveTab());
+ bRet = true;
+
+ if (m_aDocument.GetTableCount() > 1)
+ if (!rMed.GetError())
+ rMed.SetError(SCWARN_EXPORT_ASCII);
+ }
}
}
else if (aFltName == pFilterDBase)
diff --git a/sc/source/ui/inc/docsh.hxx b/sc/source/ui/inc/docsh.hxx
index a519f4c87d04..6a075ff6dade 100644
--- a/sc/source/ui/inc/docsh.hxx
+++ b/sc/source/ui/inc/docsh.hxx
@@ -230,7 +230,7 @@ public:
ScDrawLayer* MakeDrawLayer();
- void AsciiSave( SvStream& rStream, const ScImportOptions& rOpt );
+ void AsciiSave( SvStream& rStream, const ScImportOptions& rOpt, SCTAB nTab );
void Execute( SfxRequest& rReq );
void GetState( SfxItemSet &rSet );
diff --git a/sc/source/ui/inc/imoptdlg.hxx b/sc/source/ui/inc/imoptdlg.hxx
index bac941c2a377..382067d67813 100644
--- a/sc/source/ui/inc/imoptdlg.hxx
+++ b/sc/source/ui/inc/imoptdlg.hxx
@@ -32,7 +32,8 @@ public:
ScImportOptions( sal_Unicode nFieldSep, sal_Unicode nTextSep, rtl_TextEncoding nEnc )
: nFieldSepCode(nFieldSep), nTextSepCode(nTextSep),
bFixedWidth(false), bSaveAsShown(false), bQuoteAllText(false),
- bSaveNumberAsSuch(true), bSaveFormulas(false), bRemoveSpace(false)
+ bSaveNumberAsSuch(true), bSaveFormulas(false), bRemoveSpace(false),
+ nSheetToExport(0)
{ SetTextEncoding( nEnc ); }
ScImportOptions& operator=( const ScImportOptions& rCpy ) = default;
@@ -51,6 +52,9 @@ public:
bool bSaveNumberAsSuch;
bool bSaveFormulas;
bool bRemoveSpace;
+ // "0" for 'current sheet', "-1" for all sheets (each to a separate file),
+ // or 1-based specific sheet number (to a separate file).
+ sal_Int32 nSheetToExport;
};
#endif // INCLUDED_SC_SOURCE_UI_INC_IMOPTDLG_HXX
diff --git a/sfx2/source/doc/docfile.cxx b/sfx2/source/doc/docfile.cxx
index 5d00d39bd837..4e4e74a 100644
--- a/sfx2/source/doc/docfile.cxx
+++ b/sfx2/source/doc/docfile.cxx
@@ -328,6 +328,8 @@ public:
util::DateTime m_aDateTime;
+ uno::Sequence<beans::PropertyValue> m_aArgs;
+
explicit SfxMedium_Impl();
~SfxMedium_Impl();
SfxMedium_Impl(const SfxMedium_Impl&) = delete;
@@ -3240,6 +3242,7 @@ SfxMedium::SfxMedium( const uno::Sequence<beans::PropertyValue>& aArgs ) :
SfxAllItemSet *pParams = new SfxAllItemSet( SfxGetpApp()->GetPool() );
pImpl->m_pSet.reset( pParams );
TransformParameters( SID_OPENDOC, aArgs, *pParams );
+ SetArgs(aArgs);
OUString aFilterProvider, aFilterName;
{
@@ -3301,6 +3304,16 @@ SfxMedium::SfxMedium( const uno::Sequence<beans::PropertyValue>& aArgs ) :
Init_Impl();
}
+void SfxMedium::SetArgs(const uno::Sequence<beans::PropertyValue>& rArgs)
+{
+ pImpl->m_aArgs = rArgs;
+ comphelper::SequenceAsHashMap aArgsMap(rArgs);
+ aArgsMap.erase("Stream");
+ aArgsMap.erase("InputStream");
+ pImpl->m_aArgs = aArgsMap.getAsConstPropertyValueList();
+}
+
+uno::Sequence<beans::PropertyValue> SfxMedium::GetArgs() const { return pImpl->m_aArgs; }
SfxMedium::SfxMedium( const uno::Reference < embed::XStorage >& rStor, const OUString& rBaseURL, const std::shared_ptr<SfxItemSet>& p ) :
pImpl(new SfxMedium_Impl)
--
2.31.1

View File

@ -0,0 +1,93 @@
From a7bc0ab5215734cb2bd4162cb5cdcc69fef23ef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 11 Apr 2023 10:13:37 +0100
Subject: [PATCH 1/3] set Referer on loading IFrames
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
so tools, options, security, options,
"block any links from document not..."
applies to their contents.
Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150751
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit acff9ca0579333b45d10ae5f8cd48172f563dddd)
(cherry picked from commit 04c8176fb40d2eb983aa0bd0a6ce65804d3f6ecd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152094
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 789155b523b384df020d86228ac200a63a68b154)
Conflicts:
sfx2/source/doc/iframe.cxx
---
sfx2/source/doc/iframe.cxx | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index b5291b239164b..5a0ea96a234da 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -32,12 +32,14 @@
#include <com/sun/star/ui/dialogs/XExecutableDialog.hpp>
#include <com/sun/star/embed/XEmbeddedObject.hpp>
+#include <comphelper/propertyvalue.hxx>
#include <cppuhelper/implbase.hxx>
#include <cppuhelper/supportsservice.hxx>
#include <rtl/ref.hxx>
#include <svtools/miscopt.hxx>
#include <svl/ownlist.hxx>
#include <svl/itemprop.hxx>
+#include <sfx2/docfile.hxx>
#include <sfx2/frmdescr.hxx>
#include <sfx2/objsh.hxx>
#include <sfx2/sfxdlg.hxx>
@@ -166,14 +168,19 @@ sal_Bool SAL_CALL IFrameObject::load(
uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
xTrans->parseStrict( aTargetURL );
+ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
+ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
+
if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
{
- uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
- SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
if (pDoc && !pDoc->AdjustMacroMode())
return false;
}
+ OUString sReferer;
+ if (pDoc && pDoc->HasName())
+ sReferer = pDoc->GetMedium()->GetName();
+
DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
@@ -196,12 +203,11 @@ sal_Bool SAL_CALL IFrameObject::load(
if ( xFramesSupplier.is() )
mxFrame->setCreator( xFramesSupplier );
- uno::Sequence < beans::PropertyValue > aProps(2);
- aProps[0].Name = "PluginMode";
- aProps[0].Value <<= sal_Int16(2);
- aProps[1].Name = "ReadOnly";
- aProps[1].Value <<= true;
-
+ uno::Sequence < beans::PropertyValue > aProps{
+ comphelper::makePropertyValue("PluginMode", sal_Int16(2)),
+ comphelper::makePropertyValue("ReadOnly", true),
+ comphelper::makePropertyValue("Referer", sReferer)
+ };
uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 );
if ( xDisp.is() )
xDisp->dispatch( aTargetURL, aProps );
--
2.41.0

View File

@ -0,0 +1,56 @@
From a9102a384893fd084011e8451867071452031ece Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 8 Feb 2021 17:05:28 +0000
Subject: [PATCH 2/6] CVE-2021-25635
default to CertificateValidity::INVALID
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
---
.../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index d9b657891b96..4031df289f44 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -755,7 +755,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
const uno::Reference< css::security::XCertificate >& aCert,
const uno::Sequence< uno::Reference< css::security::XCertificate > >& seqCerts)
{
- sal_Int32 validity = 0;
+ sal_Int32 validity = css::security::CertificateValidity::INVALID;
PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
PCCERT_CONTEXT pCertContext = nullptr;
@@ -899,7 +899,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
}
else
{
- SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChaine failed.");
+ SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChain failed.");
}
}
--
2.32.0

View File

@ -0,0 +1,198 @@
From 61f8673fb44150bd629d88f6626aff8d5b026449 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Mon, 21 Mar 2022 20:58:34 +0000
Subject: [PATCH] make hash encoding match decoding
Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.
Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
svl: fix crash if user cancels/closes master password dialog
(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)
Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
---
.../schema/org/openoffice/Office/Common.xcs | 6 +++
.../passwordcontainer/passwordcontainer.cxx | 47 ++++++++++++++++++-
.../passwordcontainer/passwordcontainer.hxx | 6 +++
uui/source/iahndl-authentication.cxx | 5 +-
4 files changed, 60 insertions(+), 4 deletions(-)
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index b317f616deeb..b033b29b60d7 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -911,6 +911,12 @@
</info>
<value>false</value>
</prop>
+ <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false">
+ <info>
+ <desc>Specifies what version of encoding scheme the password container uses.</desc>
+ </info>
+ <value>0</value>
+ </prop>
<prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false">
<info>
<desc>Specifies if there is a valid master password.</desc>
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx
index 02947cd3892c..ff0b40df4016 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -17,6 +17,8 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <sal/config.h>
+#include <sal/log.hxx>
#include "passwordcontainer.hxx"
@@ -259,6 +261,23 @@ bool StorageItem::useStorage()
return aResult;
}
+sal_Int32 StorageItem::getStorageVersion()
+{
+ Sequence<OUString> aNodeNames { "StorageVersion" };
+
+ Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
+
+ if( aPropertyValues.getLength() != aNodeNames.getLength() )
+ {
+ OSL_FAIL( "Problems during reading" );
+ return 0;
+ }
+
+ sal_Int32 nResult = 0;
+ aPropertyValues[0] >>= nResult;
+
+ return nResult;
+}
bool StorageItem::getEncodedMP( OUString& aResult )
{
@@ -291,15 +310,17 @@ bool StorageItem::getEncodedMP( OUString& aResult )
void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
{
- Sequence< OUString > sendNames(2);
- Sequence< uno::Any > sendVals(2);
+ Sequence< OUString > sendNames(3);
+ Sequence< uno::Any > sendVals(3);
sendNames[0] = "HasMaster";
sendNames[1] = "Master";
+ sendNames[2] = "StorageVersion";
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
sendVals[0] <<= bHasMaster;
sendVals[1] <<= aEncoded;
+ sendVals[2] <<= nCurrentStorageVersion;
ConfigItem::SetModified();
ConfigItem::PutProperties( sendNames, sendVals );
@@ -800,6 +821,18 @@ OUString PasswordContainer::RequestPasswordFromUser( PasswordRequestMode aRMode,
return aResult;
}
+// Mangle the key to match an old bug
+static OUString ReencodeAsOldHash(const OUString& rPass)
+{
+ OUStringBuffer aBuffer;
+ for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind)
+ {
+ unsigned char i = static_cast<char>(rPass.copy(ind * 2, 2).toUInt32(16));
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
+ aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
+ }
+ return aBuffer.makeStringAndClear();
+}
OUString const & PasswordContainer::GetMasterPassword( const Reference< XInteractionHandler >& aHandler )
{
@@ -838,6 +871,9 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
}
else
{
+ if (m_pStorageFile->getStorageVersion() == 0)
+ aPass = ReencodeAsOldHash(aPass);
+
std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );
if( aRM.empty() || aPass != aRM[0] )
{
@@ -1042,6 +1078,13 @@ sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::R
do {
aPass = RequestPasswordFromUser( aRMode, xTmpHandler );
+
+
+ if (!aPass.isEmpty() && m_pStorageFile->getStorageVersion() == 0)
+ {
+ aPass = ReencodeAsOldHash(aPass);
+ }
+
bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd );
aRMode = PasswordRequestMode_PASSWORD_REENTER; // further questions with error notification
} while( !bResult && !aPass.isEmpty() );
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
index 09fb7e03629d..cf5c717d0c9e 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -167,6 +167,10 @@ public:
typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord;
typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap;
+// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of
+// how password details are saved changes. Enables migration from previous
+// schemes.
+constexpr sal_Int32 nCurrentStorageVersion = 1;
class PasswordContainer;
@@ -195,6 +199,8 @@ public:
void remove( const OUString& url, const OUString& rec );
void clear();
+ sal_Int32 getStorageVersion();
+
bool getEncodedMP( OUString& aResult );
void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
void setUseStorage( bool bUse );
diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx
index 4835a485dd2a..5764e62cb1c6 100644
--- a/uui/source/iahndl-authentication.cxx
+++ b/uui/source/iahndl-authentication.cxx
@@ -436,8 +436,9 @@ executeMasterPasswordDialog(
OUStringBuffer aBuffer;
for (sal_uInt8 i : aKey)
{
- aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4)));
- aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15)));
+ // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index * 2, 2).toUInt32(16));
+ aBuffer.append(OUString::number(i >> 4, 16));
+ aBuffer.append(OUString::number(i & 15, 16));
}
rInfo.SetPassword(aBuffer.makeStringAndClear());
}
--
2.37.1

View File

@ -0,0 +1,87 @@
From 99b453dfac5ed44a02c6e1a51b871ee50709a405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Sat, 4 Nov 2023 19:57:51 +0000
Subject: [PATCH] warn about exotic protocols as well
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159881
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159911
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 6.4.7.2
---
sw/source/filter/html/htmlplug.cxx | 2 +-
sw/source/filter/xml/xmltexti.cxx | 2 +-
tools/source/fsys/urlobj.cxx | 3 ++-
xmloff/source/draw/ximpshap.cxx | 2 +-
4 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
index eb70704..112975f 100644
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1089,7 +1089,7 @@ void SwHTMLParser::InsertFloatingFrame()
OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 72a14b9..e015575 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -856,7 +856,7 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
OUString sHRef = URIHelper::SmartRel2Abs(
INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
- if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(sHRef).IsExoticProtocol())
GetXMLImport().NotifyMacroEventRead();
xSet->setPropertyValue("FrameURL",
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index ab6e885..1ef2b7e 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4776,7 +4776,8 @@ bool INetURLObject::IsExoticProtocol() const
return m_eScheme == INetProtocol::Slot ||
m_eScheme == INetProtocol::Macro ||
m_eScheme == INetProtocol::Uno ||
- isSchemeEqualTo(u"vnd.sun.star.script");
+ isSchemeEqualTo(u"vnd.sun.star.script") ||
+ isSchemeEqualTo(u"service");
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index bd5f30a..b58da79 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -3269,7 +3269,7 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
if( !maHref.isEmpty() )
{
- if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+ if (INetURLObject(maHref).IsExoticProtocol())
GetImport().NotifyMacroEventRead();
xProps->setPropertyValue("FrameURL", Any(maHref) );
--
2.43.0

View File

@ -0,0 +1,82 @@
From c0e926365dc7651dcb5eee48f50e6990523662ad Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Fri, 17 Feb 2023 12:03:54 +0100
Subject: [PATCH 2/3] Stack check safety belt before fishing in muddy waters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Have it hit hard in debug builds.
Change-Id: I9ea54844a0661fd7a75616a2876983a74b2d5bad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147205
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 9d91fbba6f374fa1c10b38eae003da89bd4e6d4b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147245
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 166a07062dd4ffedca6106f439a6fcddaeee5eb5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147391
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f8efb098f2abbf054a15dcf7daaaacfa575685ae)
---
sc/source/core/inc/interpre.hxx | 12 ++++++++++++
sc/source/core/tool/interpr1.cxx | 4 ++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/sc/source/core/inc/interpre.hxx b/sc/source/core/inc/interpre.hxx
index 3b902524d901..c7d4527dbf57 100644
--- a/sc/source/core/inc/interpre.hxx
+++ b/sc/source/core/inc/interpre.hxx
@@ -235,6 +235,7 @@ private:
inline bool MustHaveParamCount( short nAct, short nMust );
inline bool MustHaveParamCount( short nAct, short nMust, short nMax );
inline bool MustHaveParamCountMin( short nAct, short nMin );
+ inline bool MustHaveParamCountMinWithStackCheck( short nAct, short nMin );
void PushParameterExpected();
void PushIllegalParameter();
void PushIllegalArgument();
@@ -1086,6 +1087,17 @@ inline bool ScInterpreter::MustHaveParamCountMin( short nAct, short nMin )
return false;
}
+inline bool ScInterpreter::MustHaveParamCountMinWithStackCheck( short nAct, short nMin )
+{
+ assert(sp >= nAct);
+ if (sp < nAct)
+ {
+ PushParameterExpected();
+ return false;
+ }
+ return MustHaveParamCountMin( nAct, nMin);
+}
+
inline bool ScInterpreter::CheckStringPositionArgument( double & fVal )
{
if (!rtl::math::isFinite( fVal))
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index e375f1626ec5..4b093cb62d4f 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -7524,7 +7524,7 @@ void ScInterpreter::ScVLookup()
void ScInterpreter::ScSubTotal()
{
sal_uInt8 nParamCount = GetByte();
- if ( MustHaveParamCountMin( nParamCount, 2 ) )
+ if ( MustHaveParamCountMinWithStackCheck( nParamCount, 2 ) )
{
// We must fish the 1st parameter deep from the stack! And push it on top.
const FormulaToken* p = pStack[ sp - nParamCount ];
@@ -7571,7 +7571,7 @@ void ScInterpreter::ScSubTotal()
void ScInterpreter::ScAggregate()
{
sal_uInt8 nParamCount = GetByte();
- if ( MustHaveParamCountMin( nParamCount, 3 ) )
+ if ( MustHaveParamCountMinWithStackCheck( nParamCount, 3 ) )
{
// fish the 1st parameter from the stack and push it on top.
const FormulaToken* p = pStack[ sp - nParamCount ];
--
2.41.0

View File

@ -0,0 +1,907 @@
From 0ea515e760325b3d9f33824e917d0d549f4509e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 13 Apr 2023 11:31:17 +0100
Subject: [PATCH 2/3] put floating frames under managed links control
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
like we do for sections and ole objects that link to their content
individual commits in trunk are:
extract a OCommonEmbeddedObject::SetInplaceActiveState for reuse
no behaviour change intended
Change-Id: Ia1d12aa5c9afdc1347f6d4364bc6a0b7f41ee168
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150341
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 183e34a3f8c429c0698951e24c17844e416a3825)
use parent window as dialog parent
it makes no odds, but is more convenient for upcoming modification
Change-Id: Ibc5333b137d2da089b3b701ff615c6ddf43063d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150342
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit f93edf343658abd489bde3639d2ffaefd50c0f99)
adjust IFrameObject so it could reuse mxFrame for a reload of content
Change-Id: I7eec3132a23faafd9a2878215a0a117a67bc9bf2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150343
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 3a727d26fd9eb6fa140bc3f5cadf3db079d42206)
query getUserAllowsLinkUpdate for the case of content in a floating frame
similarly to how it works for the more common "normal" embedded objects
Change-Id: I83e38dfa2f84907c2de9680e91f779d34864a9ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149971
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 52aa46468531918eabfa2031dedf50377ae72cf7)
add a route to get writer Floating Frame links under 'manage links'
Change-Id: If90ff71d6a96342574799312f764badaf97980eb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150349
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 8b8a2844addbd262befb1a2d193dfb590dfa20be)
allow SvxOle2Shape::resetModifiedState to survive having no SdrObject
Change-Id: Iea059262c124e3f44249e49b4189732310d28156
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150538
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 02379929bd0e1d1676635f0ca1920422702ebb7c)
create the FloatingFrameShape in a separate step to inserting it
this is derived from the path taken by the AddShape(const OUString&)
function for this case. No change in behavior is intended.
Change-Id: Id09ae0c65a55a37743ad7c184070fb8dd97d8a7f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150526
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit bafec47847a0b9697b3bbe9358e53f8118af3024)
add a route to get calc Floating Frame links under 'manage links'
much harder than writer because the organization and ordering
of properties and object activation etc is different.
This ended up ugly, but functions.
We set FrameURL before AddShape, we have to do it again later because it
gets cleared when the SdrOle2Obj is attached to the XShape. But we want
FrameURL to exist when AddShape triggers SetPersistName which itself
triggers SdrOle2Obj::CheckFileLink_Impl and at that point we want to
know what URL will end up being used. So bodge this by setting FrameURL
to the temp pre-SdrOle2Obj attached properties and we can smuggle it
eventually into SdrOle2Obj::SetPersistName at the right point after
PersistName is set but before SdrOle2Obj::CheckFileLink_Impl is called
in order to inform the link manager that this is an IFrame that links to
a URL
Change-Id: I67fc199fef9e67fa12ca7873f0fe12137aa16d8f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150539
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 07179a5a5bd00f34acfa8a3f260dd834ae003c63)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150755
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit b91ea614c0b753ab3d378acd0e2db8262e9dbd72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151107
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit 8b35b17ffaab23d72ddec2d9f41be0e30fcaa6c4)
Conflicts:
embeddedobj/source/commonembedding/specialobject.cxx
embeddedobj/source/inc/specialobject.hxx
include/svx/svdoole2.hxx
sfx2/source/doc/iframe.cxx
svx/source/svdraw/svdoole2.cxx
sw/source/core/ole/ndole.cxx
xmloff/source/draw/ximpshap.cxx
---
.../source/commonembedding/embedobj.cxx | 60 +++++-----
.../source/commonembedding/specialobject.cxx | 9 ++
embeddedobj/source/inc/commonembobj.hxx | 3 +
embeddedobj/source/inc/specialobject.hxx | 6 +
include/svx/svdoole2.hxx | 17 ++-
include/svx/unoshape.hxx | 2 +
sc/source/ui/docshell/documentlinkmgr.cxx | 9 +-
sfx2/source/doc/iframe.cxx | 55 +++++----
svx/source/svdraw/svdoole2.cxx | 104 ++++++++++++++----
svx/source/unodraw/shapeimpl.hxx | 5 +
svx/source/unodraw/unoshap4.cxx | 23 +++-
sw/inc/ndole.hxx | 4 +-
sw/source/core/ole/ndole.cxx | 89 ++++++++++++--
xmloff/source/draw/ximpshap.cxx | 29 ++++-
xmloff/source/draw/ximpshap.hxx | 2 +
15 files changed, 335 insertions(+), 90 deletions(-)
diff --git a/embeddedobj/source/commonembedding/embedobj.cxx b/embeddedobj/source/commonembedding/embedobj.cxx
index e6e5bec2a3160..b402dff22042a 100644
--- a/embeddedobj/source/commonembedding/embedobj.cxx
+++ b/embeddedobj/source/commonembedding/embedobj.cxx
@@ -155,6 +155,37 @@ void OCommonEmbeddedObject::StateChangeNotification_Impl( bool bBeforeChange, sa
}
}
+void OCommonEmbeddedObject::SetInplaceActiveState()
+{
+ if ( !m_xClientSite.is() )
+ throw embed::WrongStateException( "client site not set, yet", *this );
+
+ uno::Reference< embed::XInplaceClient > xInplaceClient( m_xClientSite, uno::UNO_QUERY );
+ if ( !xInplaceClient.is() || !xInplaceClient->canInplaceActivate() )
+ throw embed::WrongStateException(); //TODO: can't activate inplace
+ xInplaceClient->activatingInplace();
+
+ uno::Reference< embed::XWindowSupplier > xClientWindowSupplier( xInplaceClient, uno::UNO_QUERY_THROW );
+
+ m_xClientWindow = xClientWindowSupplier->getWindow();
+ m_aOwnRectangle = xInplaceClient->getPlacement();
+ m_aClipRectangle = xInplaceClient->getClipRectangle();
+ awt::Rectangle aRectangleToShow = GetRectangleInterception( m_aOwnRectangle, m_aClipRectangle );
+
+ // create own window based on the client window
+ // place and resize the window according to the rectangles
+ uno::Reference< awt::XWindowPeer > xClientWindowPeer( m_xClientWindow, uno::UNO_QUERY_THROW );
+
+ // dispatch provider may not be provided
+ uno::Reference< frame::XDispatchProvider > xContainerDP = xInplaceClient->getInplaceDispatchProvider();
+ bool bOk = m_xDocHolder->ShowInplace( xClientWindowPeer, aRectangleToShow, xContainerDP );
+ m_nObjectState = embed::EmbedStates::INPLACE_ACTIVE;
+ if ( !bOk )
+ {
+ SwitchStateTo_Impl( embed::EmbedStates::RUNNING );
+ throw embed::WrongStateException(); //TODO: can't activate inplace
+ }
+}
void OCommonEmbeddedObject::SwitchStateTo_Impl( sal_Int32 nNextState )
{
@@ -228,34 +259,7 @@ void OCommonEmbeddedObject::SwitchStateTo_Impl( sal_Int32 nNextState )
{
if ( nNextState == embed::EmbedStates::INPLACE_ACTIVE )
{
- if ( !m_xClientSite.is() )
- throw embed::WrongStateException( "client site not set, yet", *this );
-
- uno::Reference< embed::XInplaceClient > xInplaceClient( m_xClientSite, uno::UNO_QUERY );
- if ( !xInplaceClient.is() || !xInplaceClient->canInplaceActivate() )
- throw embed::WrongStateException(); //TODO: can't activate inplace
- xInplaceClient->activatingInplace();
-
- uno::Reference< embed::XWindowSupplier > xClientWindowSupplier( xInplaceClient, uno::UNO_QUERY_THROW );
-
- m_xClientWindow = xClientWindowSupplier->getWindow();
- m_aOwnRectangle = xInplaceClient->getPlacement();
- m_aClipRectangle = xInplaceClient->getClipRectangle();
- awt::Rectangle aRectangleToShow = GetRectangleInterception( m_aOwnRectangle, m_aClipRectangle );
-
- // create own window based on the client window
- // place and resize the window according to the rectangles
- uno::Reference< awt::XWindowPeer > xClientWindowPeer( m_xClientWindow, uno::UNO_QUERY_THROW );
-
- // dispatch provider may not be provided
- uno::Reference< frame::XDispatchProvider > xContainerDP = xInplaceClient->getInplaceDispatchProvider();
- bool bOk = m_xDocHolder->ShowInplace( xClientWindowPeer, aRectangleToShow, xContainerDP );
- m_nObjectState = nNextState;
- if ( !bOk )
- {
- SwitchStateTo_Impl( embed::EmbedStates::RUNNING );
- throw embed::WrongStateException(); //TODO: can't activate inplace
- }
+ SetInplaceActiveState();
}
else if ( nNextState == embed::EmbedStates::ACTIVE )
{
diff --git a/embeddedobj/source/commonembedding/specialobject.cxx b/embeddedobj/source/commonembedding/specialobject.cxx
index 683fe0aab3f25..c17a39accf2c7 100644
--- a/embeddedobj/source/commonembedding/specialobject.cxx
+++ b/embeddedobj/source/commonembedding/specialobject.cxx
@@ -47,6 +47,7 @@ uno::Any SAL_CALL OSpecialEmbeddedObject::queryInterface( const uno::Type& rType
uno::Any aReturn = ::cppu::queryInterface( rType,
static_cast< embed::XEmbeddedObject* >( this ),
static_cast< embed::XInplaceObject* >( this ),
+ static_cast< embed::XCommonEmbedPersist* >( static_cast< embed::XEmbedPersist* >( this ) ),
static_cast< embed::XVisualObject* >( this ),
static_cast< embed::XClassifiedObject* >( this ),
static_cast< embed::XComponentSupplier* >( this ),
@@ -160,4 +161,12 @@ void SAL_CALL OSpecialEmbeddedObject::doVerb( sal_Int32 nVerbID )
OCommonEmbeddedObject::doVerb( nVerbID );
}
+void SAL_CALL OSpecialEmbeddedObject::reload(
+ const uno::Sequence< beans::PropertyValue >&,
+ const uno::Sequence< beans::PropertyValue >&)
+{
+ // Allow IFrames to reload their content
+ SetInplaceActiveState();
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/embeddedobj/source/inc/commonembobj.hxx b/embeddedobj/source/inc/commonembobj.hxx
index b2c9acd9ec1e7..73282a00deac4 100644
--- a/embeddedobj/source/inc/commonembobj.hxx
+++ b/embeddedobj/source/inc/commonembobj.hxx
@@ -226,6 +226,9 @@ private:
const css::uno::Sequence< css::beans::PropertyValue >& lArguments,
const css::uno::Sequence< css::beans::PropertyValue >& lObjArgs );
+protected:
+ void SetInplaceActiveState();
+
public:
OCommonEmbeddedObject(
const css::uno::Reference< css::uno::XComponentContext >& rxContext,
diff --git a/embeddedobj/source/inc/specialobject.hxx b/embeddedobj/source/inc/specialobject.hxx
index 32ad61a7a5828..ce5c01b35ae7f 100644
--- a/embeddedobj/source/inc/specialobject.hxx
+++ b/embeddedobj/source/inc/specialobject.hxx
@@ -48,6 +48,12 @@ public:
virtual void SAL_CALL changeState( sal_Int32 nNewState ) override;
virtual void SAL_CALL doVerb( sal_Int32 nVerbID ) override;
+
+// XCommonEmbedPersist
+
+ virtual void SAL_CALL reload(
+ const css::uno::Sequence< css::beans::PropertyValue >& lArguments,
+ const css::uno::Sequence< css::beans::PropertyValue >& lObjArgs ) override;
};
#endif
diff --git a/include/svx/svdoole2.hxx b/include/svx/svdoole2.hxx
index b192a438bc190..da5f094ab1553 100644
--- a/include/svx/svdoole2.hxx
+++ b/include/svx/svdoole2.hxx
@@ -42,6 +42,7 @@ namespace frame { class XModel; }
namespace svt { class EmbeddedObjectRef; }
class SdrOle2ObjImpl;
+class SvxOle2Shape;
class SVX_DLLPUBLIC SdrOle2Obj : public SdrRectObj
{
@@ -49,7 +50,7 @@ private:
std::unique_ptr<SdrOle2ObjImpl> mpImpl;
private:
- SVX_DLLPRIVATE void Connect_Impl();
+ SVX_DLLPRIVATE void Connect_Impl(SvxOle2Shape* pCreator = nullptr);
SVX_DLLPRIVATE void Disconnect_Impl();
SVX_DLLPRIVATE void AddListeners_Impl();
SVX_DLLPRIVATE void RemoveListeners_Impl();
@@ -105,7 +106,7 @@ public:
// OLE object has got a separate PersistName member now;
// !!! use ::SetPersistName( ... ) only, if you know what you do !!!
const OUString& GetPersistName() const;
- void SetPersistName( const OUString& rPersistName );
+ void SetPersistName( const OUString& rPersistName, SvxOle2Shape* pCreator = nullptr );
// One can add an application name to a SdrOle2Obj, which can be queried for
// later on (SD needs this for presentation objects).
@@ -153,7 +154,7 @@ public:
sal_Int64 nAspect );
static bool Unload( const css::uno::Reference< css::embed::XEmbeddedObject >& xObj, sal_Int64 nAspect );
bool Unload();
- void Connect();
+ void Connect(SvxOle2Shape* pCreator = nullptr);
void Disconnect();
void ObjectLoaded();
@@ -200,6 +201,16 @@ public:
void Connect() { GetRealObject(); }
};
+class SVX_DLLPUBLIC SdrIFrameLink final : public sfx2::SvBaseLink
+{
+ SdrOle2Obj* m_pObject;
+
+public:
+ explicit SdrIFrameLink(SdrOle2Obj* pObject);
+ virtual ::sfx2::SvBaseLink::UpdateResult DataChanged(
+ const OUString& rMimeType, const css::uno::Any & rValue ) override;
+};
+
#endif // INCLUDED_SVX_SVDOOLE2_HXX
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx
index 0b48d1e433d6e..712552a55281a 100644
--- a/include/svx/unoshape.hxx
+++ b/include/svx/unoshape.hxx
@@ -597,6 +597,8 @@ public:
bool createObject( const SvGlobalName &aClassName );
void createLink( const OUString& aLinkURL );
+
+ virtual OUString GetAndClearInitialFrameURL();
};
diff --git a/sc/source/ui/docshell/documentlinkmgr.cxx b/sc/source/ui/docshell/documentlinkmgr.cxx
index cb3467c8bb691..8ea3c2cce5fb4 100644
--- a/sc/source/ui/docshell/documentlinkmgr.cxx
+++ b/sc/source/ui/docshell/documentlinkmgr.cxx
@@ -142,7 +142,7 @@ bool DocumentLinkManager::hasDdeOrOleOrWebServiceLinks(bool bDde, bool bOle, boo
sfx2::SvBaseLink* pBase = rLink.get();
if (bDde && dynamic_cast<ScDdeLink*>(pBase))
return true;
- if (bOle && dynamic_cast<SdrEmbedObjectLink*>(pBase))
+ if (bOle && (dynamic_cast<SdrEmbedObjectLink*>(pBase) || dynamic_cast<SdrIFrameLink*>(pBase)))
return true;
if (bWebService && dynamic_cast<ScWebServiceLink*>(pBase))
return true;
@@ -173,6 +173,13 @@ bool DocumentLinkManager::updateDdeOrOleOrWebServiceLinks(weld::Window* pWin)
continue;
}
+ SdrIFrameLink* pIFrameLink = dynamic_cast<SdrIFrameLink*>(pBase);
+ if (pIFrameLink)
+ {
+ pIFrameLink->Update();
+ continue;
+ }
+
ScWebServiceLink* pWebserviceLink = dynamic_cast<ScWebServiceLink*>(pBase);
if (pWebserviceLink)
{
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 5a0ea96a234da..fce6cb48ea08f 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -177,31 +177,46 @@ sal_Bool SAL_CALL IFrameObject::load(
return false;
}
+ bool bUpdateAllowed(true);
+ if (pDoc)
+ {
+ // perhaps should only check for file targets, but lets default to making it strong
+ // unless there is a known need to distinguish
+ comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer();
+ bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate();
+ }
+ if (!bUpdateAllowed)
+ return false;
+
OUString sReferer;
if (pDoc && pDoc->HasName())
sReferer = pDoc->GetMedium()->GetName();
- DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
- VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
- VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
- pWin->SetSizePixel( pParent->GetOutputSizePixel() );
- pWin->SetBackground();
- pWin->Show();
-
- uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY );
- xFrame->setComponent( xWindow, uno::Reference < frame::XController >() );
+ uno::Reference<css::awt::XWindow> xParentWindow(xFrame->getContainerWindow());
- // we must destroy the IFrame before the parent is destroyed
- xWindow->addEventListener( this );
-
- mxFrame = frame::Frame::create( mxContext );
- uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY );
- mxFrame->initialize( xWin );
- mxFrame->setName( maFrmDescr.GetName() );
-
- uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY );
- if ( xFramesSupplier.is() )
- mxFrame->setCreator( xFramesSupplier );
+ if (!mxFrame.is())
+ {
+ VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow(xParentWindow);
+ VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
+ pWin->SetSizePixel( pParent->GetOutputSizePixel() );
+ pWin->SetBackground();
+ pWin->Show();
+
+ uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY );
+ xFrame->setComponent( xWindow, uno::Reference < frame::XController >() );
+
+ // we must destroy the IFrame before the parent is destroyed
+ xWindow->addEventListener( this );
+
+ mxFrame = frame::Frame::create( mxContext );
+ uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY );
+ mxFrame->initialize( xWin );
+ mxFrame->setName( maFrmDescr.GetName() );
+
+ uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY );
+ if ( xFramesSupplier.is() )
+ mxFrame->setCreator( xFramesSupplier );
+ }
uno::Sequence < beans::PropertyValue > aProps{
comphelper::makePropertyValue("PluginMode", sal_Int16(2)),
diff --git a/svx/source/svdraw/svdoole2.cxx b/svx/source/svdraw/svdoole2.cxx
index 16617ecaf94fe..dc5f74811723d 100644
--- a/svx/source/svdraw/svdoole2.cxx
+++ b/svx/source/svdraw/svdoole2.cxx
@@ -78,6 +78,7 @@
#include <sdr/contact/viewcontactofsdrole2obj.hxx>
#include <svx/svdograf.hxx>
#include <sdr/properties/oleproperties.hxx>
+#include <svx/unoshape.hxx>
#include <svx/xlineit0.hxx>
#include <svx/xlnclit.hxx>
#include <svx/xbtmpit.hxx>
@@ -598,6 +599,35 @@ void SdrEmbedObjectLink::Closed()
SvBaseLink::Closed();
}
+SdrIFrameLink::SdrIFrameLink(SdrOle2Obj* pObject)
+ : ::sfx2::SvBaseLink(::SfxLinkUpdateMode::ONCALL, SotClipboardFormatId::SVXB)
+ , m_pObject(pObject)
+{
+ SetSynchron( false );
+}
+
+::sfx2::SvBaseLink::UpdateResult SdrIFrameLink::DataChanged(
+ const OUString&, const uno::Any& )
+{
+ uno::Reference<embed::XEmbeddedObject> xObject = m_pObject->GetObjRef();
+ uno::Reference<embed::XCommonEmbedPersist> xPersObj(xObject, uno::UNO_QUERY);
+ if (xPersObj.is())
+ {
+ // let the IFrameObject reload the link
+ try
+ {
+ xPersObj->reload(uno::Sequence<beans::PropertyValue>(), uno::Sequence<beans::PropertyValue>());
+ }
+ catch (const uno::Exception&)
+ {
+ }
+
+ m_pObject->SetChanged();
+ }
+
+ return SUCCESS;
+}
+
class SdrOle2ObjImpl
{
public:
@@ -615,7 +645,7 @@ public:
bool mbLoadingOLEObjectFailed:1; // New local var to avoid repeated loading if load of OLE2 fails
bool mbConnected:1;
- SdrEmbedObjectLink* mpObjectLink;
+ sfx2::SvBaseLink* mpObjectLink;
OUString maLinkURL;
rtl::Reference<SvxUnoShapeModifyListener> mxModifyListener;
@@ -815,7 +845,7 @@ bool SdrOle2Obj::IsEmpty() const
return !mpImpl->mxObjRef.is();
}
-void SdrOle2Obj::Connect()
+void SdrOle2Obj::Connect(SvxOle2Shape* pCreator)
{
if( IsEmptyPresObj() )
return;
@@ -828,7 +858,7 @@ void SdrOle2Obj::Connect()
return;
}
- Connect_Impl();
+ Connect_Impl(pCreator);
AddListeners_Impl();
}
@@ -927,24 +957,51 @@ void SdrOle2Obj::CheckFileLink_Impl()
{
try
{
- uno::Reference< embed::XLinkageSupport > xLinkSupport( mpImpl->mxObjRef.GetObject(), uno::UNO_QUERY );
+ uno::Reference<embed::XEmbeddedObject> xObject = mpImpl->mxObjRef.GetObject();
+ if (!xObject)
+ return;
- if ( xLinkSupport.is() && xLinkSupport->isLink() )
- {
- OUString aLinkURL = xLinkSupport->getLinkURL();
+ bool bIFrame = false;
- if ( !aLinkURL.isEmpty() )
+ OUString aLinkURL;
+ uno::Reference<embed::XLinkageSupport> xLinkSupport(xObject, uno::UNO_QUERY);
+ if (xLinkSupport)
+ {
+ if (xLinkSupport->isLink())
+ aLinkURL = xLinkSupport->getLinkURL();
+ }
+ else
+ {
+ // get IFrame (Floating Frames) listed and updatable from the
+ // manage links dialog
+ SvGlobalName aClassId(xObject->getClassID());
+ if (aClassId == SvGlobalName(SO3_IFRAME_CLASSID))
{
- // this is a file link so the model link manager should handle it
- sfx2::LinkManager* pLinkManager(getSdrModelFromSdrObject().GetLinkManager());
+ uno::Reference<beans::XPropertySet> xSet(xObject->getComponent(), uno::UNO_QUERY);
+ if (xSet.is())
+ xSet->getPropertyValue("FrameURL") >>= aLinkURL;
+ bIFrame = true;
+ }
+ }
+
+ if (!aLinkURL.isEmpty()) // this is a file link so the model link manager should handle it
+ {
+ sfx2::LinkManager* pLinkManager(getSdrModelFromSdrObject().GetLinkManager());
- if ( pLinkManager )
+ if ( pLinkManager )
+ {
+ SdrEmbedObjectLink* pEmbedObjectLink = nullptr;
+ if (!bIFrame)
{
- mpImpl->mpObjectLink = new SdrEmbedObjectLink( this );
- mpImpl->maLinkURL = aLinkURL;
- pLinkManager->InsertFileLink( *mpImpl->mpObjectLink, OBJECT_CLIENT_OLE, aLinkURL );
- mpImpl->mpObjectLink->Connect();
+ pEmbedObjectLink = new SdrEmbedObjectLink(this);
+ mpImpl->mpObjectLink = pEmbedObjectLink;
}
+ else
+ mpImpl->mpObjectLink = new SdrIFrameLink(this);
+ mpImpl->maLinkURL = aLinkURL;
+ pLinkManager->InsertFileLink( *mpImpl->mpObjectLink, OBJECT_CLIENT_OLE, aLinkURL );
+ if (pEmbedObjectLink)
+ pEmbedObjectLink->Connect();
}
}
}
@@ -955,7 +1012,7 @@ void SdrOle2Obj::CheckFileLink_Impl()
}
}
-void SdrOle2Obj::Connect_Impl()
+void SdrOle2Obj::Connect_Impl(SvxOle2Shape* pCreator)
{
if(!mpImpl->aPersistName.isEmpty() )
{
@@ -995,6 +1052,17 @@ void SdrOle2Obj::Connect_Impl()
}
}
+ if (pCreator)
+ {
+ OUString sFrameURL(pCreator->GetAndClearInitialFrameURL());
+ if (!sFrameURL.isEmpty() && svt::EmbeddedObjectRef::TryRunningState(mpImpl->mxObjRef.GetObject()))
+ {
+ uno::Reference<beans::XPropertySet> xSet(mpImpl->mxObjRef->getComponent(), uno::UNO_QUERY);
+ if (xSet.is())
+ xSet->setPropertyValue("FrameURL", uno::Any(sFrameURL));
+ }
+ }
+
if ( mpImpl->mxObjRef.is() )
{
if ( !mpImpl->mxLightClient.is() )
@@ -1308,14 +1376,14 @@ SdrObjectUniquePtr SdrOle2Obj::getFullDragClone() const
return createSdrGrafObjReplacement(false);
}
-void SdrOle2Obj::SetPersistName( const OUString& rPersistName )
+void SdrOle2Obj::SetPersistName( const OUString& rPersistName, SvxOle2Shape* pCreator )
{
DBG_ASSERT( mpImpl->aPersistName.isEmpty(), "Persist name changed!");
mpImpl->aPersistName = rPersistName;
mpImpl->mbLoadingOLEObjectFailed = false;
- Connect();
+ Connect(pCreator);
SetChanged();
}
diff --git a/svx/source/unodraw/shapeimpl.hxx b/svx/source/unodraw/shapeimpl.hxx
index a1a4e69630206..4381094d380a3 100644
--- a/svx/source/unodraw/shapeimpl.hxx
+++ b/svx/source/unodraw/shapeimpl.hxx
@@ -64,8 +64,11 @@ public:
virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override;
};
+
class SvxFrameShape : public SvxOle2Shape
{
+private:
+ OUString m_sInitialFrameURL;
protected:
// override these for special property handling in subcasses. Return true if property is handled
virtual bool setPropertyValueImpl( const OUString& rName, const SfxItemPropertySimpleEntry* pProperty, const css::uno::Any& rValue ) override;
@@ -82,6 +85,8 @@ public:
virtual void SAL_CALL setPropertyValues( const css::uno::Sequence< OUString >& aPropertyNames, const css::uno::Sequence< css::uno::Any >& aValues ) override;
virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override;
+
+ virtual OUString GetAndClearInitialFrameURL() override;
};
diff --git a/svx/source/unodraw/unoshap4.cxx b/svx/source/unodraw/unoshap4.cxx
index f7629f3388587..6dc18d6cf9e48 100644
--- a/svx/source/unodraw/unoshap4.cxx
+++ b/svx/source/unodraw/unoshap4.cxx
@@ -180,7 +180,7 @@ bool SvxOle2Shape::setPropertyValueImpl( const OUString& rName, const SfxItemPro
#else
pOle = static_cast<SdrOle2Obj*>(GetSdrObject());
#endif
- pOle->SetPersistName( aPersistName );
+ pOle->SetPersistName( aPersistName, this );
return true;
}
break;
@@ -501,10 +501,11 @@ void SvxOle2Shape::createLink( const OUString& aLinkURL )
void SvxOle2Shape::resetModifiedState()
{
- ::comphelper::IEmbeddedHelper* pPersist = GetSdrObject()->getSdrModelFromSdrObject().GetPersist();
+ SdrObject* pObject = GetSdrObject();
+ ::comphelper::IEmbeddedHelper* pPersist = pObject ? pObject->getSdrModelFromSdrObject().GetPersist() : nullptr;
if( pPersist && !pPersist->isEnableSetModified() )
{
- SdrOle2Obj* pOle = dynamic_cast< SdrOle2Obj* >( GetSdrObject() );
+ SdrOle2Obj* pOle = dynamic_cast< SdrOle2Obj* >(pObject);
if( pOle && !pOle->IsEmpty() )
{
uno::Reference < util::XModifiable > xMod( pOle->GetObjRef(), uno::UNO_QUERY );
@@ -554,6 +555,11 @@ SvGlobalName SvxOle2Shape::GetClassName_Impl(OUString& rHexCLSID)
return aClassName;
}
+OUString SvxOle2Shape::GetAndClearInitialFrameURL()
+{
+ return OUString();
+}
+
SvxAppletShape::SvxAppletShape(SdrObject* pObject)
: SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_APPLET), getSvxMapProvider().GetPropertySet(SVXMAP_APPLET, SdrObject::GetGlobalDrawObjectItemPool()) )
{
@@ -707,8 +713,19 @@ SvxFrameShape::~SvxFrameShape() throw()
{
}
+OUString SvxFrameShape::GetAndClearInitialFrameURL()
+{
+ OUString sRet(m_sInitialFrameURL);
+ m_sInitialFrameURL.clear();
+ return sRet;
+}
+
void SvxFrameShape::Create( SdrObject* pNewObj, SvxDrawPage* pNewPage )
{
+ uno::Reference<beans::XPropertySet> xSet(static_cast<OWeakObject *>(this), uno::UNO_QUERY);
+ if (xSet)
+ xSet->getPropertyValue("FrameURL") >>= m_sInitialFrameURL;
+
SvxShape::Create( pNewObj, pNewPage );
const SvGlobalName aIFrameClassId( SO3_IFRAME_CLASSID );
createObject(aIFrameClassId);
diff --git a/sw/inc/ndole.hxx b/sw/inc/ndole.hxx
index 852fffd84e3d7..a2d9749420970 100644
--- a/sw/inc/ndole.hxx
+++ b/sw/inc/ndole.hxx
@@ -28,7 +28,7 @@ class SwGrfFormatColl;
class SwDoc;
class SwOLENode;
class SwOLEListener_Impl;
-class SwEmbedObjectLink;
+namespace sfx2 { class SvBaseLink; }
class DeflateData;
class SW_DLLPUBLIC SwOLEObj
@@ -90,7 +90,7 @@ class SW_DLLPUBLIC SwOLENode: public SwNoTextNode
bool mbOLESizeInvalid; /**< Should be considered at SwDoc::PrtOLENotify
(e.g. copied). Is not persistent. */
- SwEmbedObjectLink* mpObjectLink;
+ sfx2::SvBaseLink* mpObjectLink;
OUString maLinkURL;
SwOLENode( const SwNodeIndex &rWhere,
diff --git a/sw/source/core/ole/ndole.cxx b/sw/source/core/ole/ndole.cxx
index 9000d6ef1b9ee..7501fcdd09d7a 100644
--- a/sw/source/core/ole/ndole.cxx
+++ b/sw/source/core/ole/ndole.cxx
@@ -147,6 +147,8 @@ void SAL_CALL SwOLEListener_Impl::disposing( const lang::EventObject& )
// TODO/LATER: actually SwEmbedObjectLink should be used here, but because different objects are used to control
// embedded object different link objects with the same functionality had to be implemented
+namespace {
+
class SwEmbedObjectLink : public sfx2::SvBaseLink
{
SwOLENode* pOleNode;
@@ -209,6 +211,44 @@ void SwEmbedObjectLink::Closed()
SvBaseLink::Closed();
}
+class SwIFrameLink : public sfx2::SvBaseLink
+{
+ SwOLENode* m_pOleNode;
+
+public:
+ explicit SwIFrameLink(SwOLENode* pNode)
+ : ::sfx2::SvBaseLink(::SfxLinkUpdateMode::ONCALL, SotClipboardFormatId::SVXB)
+ , m_pOleNode(pNode)
+ {
+ SetSynchron( false );
+ }
+
+ ::sfx2::SvBaseLink::UpdateResult DataChanged(
+ const OUString&, const uno::Any& )
+ {
+ uno::Reference<embed::XEmbeddedObject> xObject = m_pOleNode->GetOLEObj().GetOleRef();
+ uno::Reference<embed::XCommonEmbedPersist> xPersObj(xObject, uno::UNO_QUERY);
+ if (xPersObj.is())
+ {
+ // let the IFrameObject reload the link
+ try
+ {
+ xPersObj->reload(uno::Sequence<beans::PropertyValue>(), uno::Sequence<beans::PropertyValue>());
+ }
+ catch (const uno::Exception&)
+ {
+ }
+
+ m_pOleNode->SetChanged();
+ }
+
+ return SUCCESS;
+ }
+
+};
+
+}
+
SwOLENode::SwOLENode( const SwNodeIndex &rWhere,
const svt::EmbeddedObjectRef& xObj,
SwGrfFormatColl *pGrfColl,
@@ -606,18 +646,49 @@ void SwOLENode::CheckFileLink_Impl()
{
try
{
- uno::Reference< embed::XLinkageSupport > xLinkSupport( maOLEObj.m_xOLERef.GetObject(), uno::UNO_QUERY_THROW );
- if ( xLinkSupport->isLink() )
+ uno::Reference<embed::XEmbeddedObject> xObject = maOLEObj.m_xOLERef.GetObject();
+ if (!xObject)
+ return;
+
+ bool bIFrame = false;
+
+ OUString aLinkURL;
+ uno::Reference<embed::XLinkageSupport> xLinkSupport(xObject, uno::UNO_QUERY);
+ if (xLinkSupport)
+ {
+ if (xLinkSupport->isLink())
+ aLinkURL = xLinkSupport->getLinkURL();
+ }
+ else
{
- const OUString aLinkURL = xLinkSupport->getLinkURL();
- if ( !aLinkURL.isEmpty() )
+ // get IFrame (Floating Frames) listed and updatable from the
+ // manage links dialog
+ SvGlobalName aClassId(xObject->getClassID());
+ if (aClassId == SvGlobalName(SO3_IFRAME_CLASSID))
+ {
+ uno::Reference<beans::XPropertySet> xSet(xObject->getComponent(), uno::UNO_QUERY);
+ if (xSet.is())
+ xSet->getPropertyValue("FrameURL") >>= aLinkURL;
+ bIFrame = true;
+ }
+ }
+
+ if (!aLinkURL.isEmpty()) // this is a file link so the model link manager should handle it
+ {
+ SwEmbedObjectLink* pEmbedObjectLink = nullptr;
+ if (!bIFrame)
+ {
+ pEmbedObjectLink = new SwEmbedObjectLink(this);
+ mpObjectLink = pEmbedObjectLink;
+ }
+ else
{
- // this is a file link so the model link manager should handle it
- mpObjectLink = new SwEmbedObjectLink( this );
- maLinkURL = aLinkURL;
- GetDoc()->getIDocumentLinksAdministration().GetLinkManager().InsertFileLink( *mpObjectLink, OBJECT_CLIENT_OLE, aLinkURL );
- mpObjectLink->Connect();
+ mpObjectLink = new SwIFrameLink(this);
}
+ maLinkURL = aLinkURL;
+ GetDoc()->getIDocumentLinksAdministration().GetLinkManager().InsertFileLink( *mpObjectLink, OBJECT_CLIENT_OLE, aLinkURL );
+ if (pEmbedObjectLink)
+ pEmbedObjectLink->Connect();
}
}
catch( uno::Exception& )
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index ae35f1e21a87b..bd5f30af7d708 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -3223,9 +3223,35 @@ SdXMLFloatingFrameShapeContext::~SdXMLFloatingFrameShapeContext()
{
}
+uno::Reference<drawing::XShape> SdXMLFloatingFrameShapeContext::CreateFloatingFrameShape() const
+{
+ uno::Reference<lang::XMultiServiceFactory> xServiceFact(GetImport().GetModel(), uno::UNO_QUERY);
+ if (!xServiceFact.is())
+ return nullptr;
+ uno::Reference<drawing::XShape> xShape(
+ xServiceFact->createInstance("com.sun.star.drawing.FrameShape"), uno::UNO_QUERY);
+ return xShape;
+}
+
void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< css::xml::sax::XAttributeList >& )
{
- AddShape("com.sun.star.drawing.FrameShape");
+ uno::Reference<drawing::XShape> xShape(SdXMLFloatingFrameShapeContext::CreateFloatingFrameShape());
+
+ uno::Reference< beans::XPropertySet > xProps(xShape, uno::UNO_QUERY);
+ // set FrameURL before AddShape, we have to do it again later because it
+ // gets cleared when the SdrOle2Obj is attached to the XShape. But we want
+ // FrameURL to exist when AddShape triggers SetPersistName which itself
+ // triggers SdrOle2Obj::CheckFileLink_Impl and at that point we want to
+ // know what URL will end up being used. So bodge this by setting FrameURL
+ // to the temp pre-SdrOle2Obj attached properties and we can smuggle it
+ // eventually into SdrOle2Obj::SetPersistName at the right point after
+ // PersistName is set but before SdrOle2Obj::CheckFileLink_Impl is called
+ // in order to inform the link manager that this is an IFrame that links to
+ // a URL
+ if (xProps && !maHref.isEmpty())
+ xProps->setPropertyValue("FrameURL", Any(maHref));
+
+ AddShape(xShape);
if( mxShape.is() )
{
@@ -3234,7 +3260,6 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
// set pos, size, shear and rotate
SetTransformation();
- uno::Reference< beans::XPropertySet > xProps( mxShape, uno::UNO_QUERY );
if( xProps.is() )
{
if( !maFrameName.isEmpty() )
diff --git a/xmloff/source/draw/ximpshap.hxx b/xmloff/source/draw/ximpshap.hxx
index fae45f88f00a9..a00c87e8a0dab 100644
--- a/xmloff/source/draw/ximpshap.hxx
+++ b/xmloff/source/draw/ximpshap.hxx
@@ -513,6 +513,8 @@ private:
OUString maFrameName;
OUString maHref;
+ css::uno::Reference<css::drawing::XShape> CreateFloatingFrameShape() const;
+
public:
SdXMLFloatingFrameShapeContext( SvXMLImport& rImport, sal_uInt16 nPrfx,
--
2.41.0

View File

@ -0,0 +1,50 @@
From 7e128f02a7cb513e4e57dbb1970fa316f456aa45 Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Mon, 27 Feb 2023 16:10:06 +0100
Subject: [PATCH 3/3] Always push a result, even if it's only an error
PERCENTILE() and QUARTILE() if an error was passed as argument (or
an error encountered during obtaining arguments) omitted to push
an error result, only setting the error.
Fallout from
commit f336f63da900d76c2bf6e5690f1c8a7bd15a0aa2
CommitDate: Thu Mar 3 16:28:59 2016 +0000
tdf#94635 Add FORECAST.ETS functions to Calc
Change-Id: I23e276fb0ce735cfd6383cc963446499dcf819f4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147922
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 64914560e279c71ff1233f4bab851e2a292797e6)
---
sc/source/core/tool/interpr3.cxx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sc/source/core/tool/interpr3.cxx b/sc/source/core/tool/interpr3.cxx
index f219beca9386..d442d4eee224 100644
--- a/sc/source/core/tool/interpr3.cxx
+++ b/sc/source/core/tool/interpr3.cxx
@@ -3474,7 +3474,7 @@ void ScInterpreter::ScPercentile( bool bInclusive )
GetNumberSequenceArray( 1, aArray, false );
if ( aArray.empty() || nGlobalError != FormulaError::NONE )
{
- SetError( FormulaError::NoValue );
+ PushNoValue();
return;
}
if ( bInclusive )
@@ -3497,7 +3497,7 @@ void ScInterpreter::ScQuartile( bool bInclusive )
GetNumberSequenceArray( 1, aArray, false );
if ( aArray.empty() || nGlobalError != FormulaError::NONE )
{
- SetError( FormulaError::NoValue );
+ PushNoValue();
return;
}
if ( bInclusive )
--
2.41.0

View File

@ -0,0 +1,586 @@
From a3046cfa58bdfa2a1b9ea6287a021230830f056f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 22 Mar 2022 17:22:22 +0000
Subject: [PATCH] add Initialization Vectors to password storage
old ones default to the current all zero case and continue to work
as before
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
---
.../schema/org/openoffice/Office/Common.xcs | 10 ++
.../passwordcontainer/passwordcontainer.cxx | 127 ++++++++++++------
.../passwordcontainer/passwordcontainer.hxx | 63 +++++++--
3 files changed, 151 insertions(+), 49 deletions(-)
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index b033b29b60d7..e57d26ab3366 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -27,6 +27,11 @@
<info>
<desc>Contains a container for passwords.</desc>
</info>
+ <prop oor:name="InitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the password encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Password" oor:type="xs:string" oor:localized="false">
<info>
<desc>Contains a password encoded with the master password.</desc>
@@ -923,6 +928,11 @@
</info>
<value>false</value>
</prop>
+ <prop oor:name="MasterInitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the master password encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Master" oor:type="xs:string" oor:nillable="false">
<info>
<desc>Contains the master password encrypted by itself.</desc>
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx
index ff0b40df4016..380188ef495c 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -184,15 +184,18 @@ PassMap StorageItem::getInfo()
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
sal_Int32 aNodeCount = aNodeNames.getLength();
- Sequence< OUString > aPropNames( aNodeCount );
+ Sequence< OUString > aPropNames( aNodeCount * 2);
std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
[](const OUString& rName) -> OUString {
return "Store/Passwordstorage['" + rName + "']/Password"; });
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray() + aNodeCount,
+ [](const OUString& rName) -> OUString {
+ return "Store/Passwordstorage['" + rName + "']/InitializationVector"; });
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
- if( aPropertyValues.getLength() != aNodeCount )
+ if( aPropertyValues.getLength() != aNodeCount * 2)
{
OSL_FAIL( "Problems during reading" );
return aResult;
@@ -208,14 +211,16 @@ PassMap StorageItem::getInfo()
OUString aName = aUrlUsr[1];
OUString aEPasswd;
+ OUString aIV;
aPropertyValues[aNodeInd] >>= aEPasswd;
+ aPropertyValues[aNodeInd + aNodeCount] >>= aIV;
PassMap::iterator aIter = aResult.find( aUrl );
if( aIter != aResult.end() )
- aIter->second.emplace_back( aName, aEPasswd );
+ aIter->second.emplace_back( aName, aEPasswd, aIV );
else
{
- NamePassRecord aNewRecord( aName, aEPasswd );
+ NamePassRecord aNewRecord( aName, aEPasswd, aIV );
std::vector< NamePassRecord > listToAdd( 1, aNewRecord );
aResult.insert( PairUrlRecord( aUrl, listToAdd ) );
@@ -279,17 +284,19 @@ sal_Int32 StorageItem::getStorageVersion()
return nResult;
}
-bool StorageItem::getEncodedMP( OUString& aResult )
+bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV )
{
if( hasEncoded )
{
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return true;
}
- Sequence< OUString > aNodeNames( 2 );
+ Sequence< OUString > aNodeNames( 3 );
aNodeNames[0] = "HasMaster";
aNodeNames[1] = "Master";
+ aNodeNames[2] = "MasterInitializationVector";
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
@@ -301,32 +308,37 @@ bool StorageItem::getEncodedMP( OUString& aResult )
aPropertyValues[0] >>= hasEncoded;
aPropertyValues[1] >>= mEncoded;
+ aPropertyValues[2] >>= mEncodedIV;
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return hasEncoded;
}
-void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
+void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString& aEncodedIV, bool bAcceptEmpty )
{
- Sequence< OUString > sendNames(3);
- Sequence< uno::Any > sendVals(3);
+ Sequence< OUString > sendNames(4);
+ Sequence< uno::Any > sendVals(4);
sendNames[0] = "HasMaster";
sendNames[1] = "Master";
- sendNames[2] = "StorageVersion";
+ sendNames[2] = "MasterInitializationVector";
+ sendNames[3] = "StorageVersion";
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
sendVals[0] <<= bHasMaster;
sendVals[1] <<= aEncoded;
- sendVals[2] <<= nCurrentStorageVersion;
+ sendVals[2] <<= aEncodedIV;
+ sendVals[3] <<= nCurrentStorageVersion;
ConfigItem::SetModified();
ConfigItem::PutProperties( sendNames, sendVals );
hasEncoded = bHasMaster;
mEncoded = aEncoded;
+ mEncodedIV = aEncodedIV;
}
@@ -362,11 +374,13 @@ void StorageItem::update( const OUString& aURL, const NamePassRecord& aRecord )
forIndex.push_back( aURL );
forIndex.push_back( aRecord.GetUserName() );
- Sequence< beans::PropertyValue > sendSeq(1);
+ Sequence< beans::PropertyValue > sendSeq(2);
- sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
+ sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/InitializationVector";
+ sendSeq[0].Value <<= aRecord.GetPersistentIV();
- sendSeq[0].Value <<= aRecord.GetPersPasswords();
+ sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
+ sendSeq[1].Value <<= aRecord.GetPersPasswords();
ConfigItem::SetModified();
ConfigItem::SetSetProperties( "Store", sendSeq );
@@ -427,7 +441,7 @@ void SAL_CALL PasswordContainer::disposing( const EventObject& )
}
}
-std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
+std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
{
if( !aMasterPasswd.isEmpty() )
{
@@ -442,9 +456,16 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aDecoder, rtl_Cipher_DirectionDecode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -477,7 +498,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
"Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode);
}
-OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPasswd )
+OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPasswd)
{
if( !aMasterPasswd.isEmpty() )
{
@@ -494,9 +515,16 @@ OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aEncoder, rtl_Cipher_DirectionEncode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -564,7 +592,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL, std::vector< NamePas
if( aRecord.HasPasswords( PERSISTENT_RECORD ) )
{
- aNPIter.SetPersPasswords( aRecord.GetPersPasswords() );
+ aNPIter.SetPersPasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV() );
if( writeFile )
{
@@ -597,7 +625,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const NamePassRecord& aRecord, b
{
try
{
- ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
+ ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV(),
+ GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(), aDecodedPasswords.end() );
}
catch( NoMasterException& )
@@ -642,6 +671,19 @@ void SAL_CALL PasswordContainer::addPersistent( const OUString& Url, const OUStr
PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler );
}
+OUString PasswordContainer::createIV()
+{
+ rtlRandomPool randomPool = mRandomPool.get();
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5];
+ rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
+ OUStringBuffer aBuffer;
+ for (sal_uInt8 i : iv)
+ {
+ aBuffer.append(OUString::number(i >> 4, 16));
+ aBuffer.append(OUString::number(i & 15, 16));
+ }
+ return aBuffer.makeStringAndClear();
+}
void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserName, const Sequence< OUString >& Passwords, char Mode, const Reference< XInteractionHandler >& aHandler )
{
@@ -649,7 +691,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserNam
::std::vector< OUString > aStorePass = comphelper::sequenceToContainer< std::vector<OUString> >( Passwords );
if( Mode == PERSISTENT_RECORD )
- aRecord.SetPersPasswords( EncodePasswords( aStorePass, GetMasterPassword( aHandler ) ) );
+ {
+ OUString sIV = createIV();
+ OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV, GetMasterPassword( aHandler ) );
+ aRecord.SetPersPasswords( sEncodedPasswords, sIV );
+ }
else if( Mode == MEMORY_RECORD )
aRecord.SetMemPasswords( aStorePass );
else
@@ -842,10 +888,10 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
if( m_aMasterPasswd.isEmpty() && aHandler.is() )
{
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
bool bDefaultPassword = false;
- if( !m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
aRMode = PasswordRequestMode_PASSWORD_CREATE;
else if ( aEncodedMP.isEmpty() )
{
@@ -867,14 +913,15 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
+ OUString sIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, sIV, m_aMasterPasswd ), sIV );
}
else
{
if (m_pStorageFile->getStorageVersion() == 0)
aPass = ReencodeAsOldHash(aPass);
- std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );
+ std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aEncodedMPIV, aPass, aRMode ) );
if( aRM.empty() || aPass != aRM[0] )
{
bAskAgain = true;
@@ -1031,7 +1078,8 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
{
sal_Int32 oldLen = aUsers.getLength();
aUsers.realloc( oldLen + 1 );
- aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
+ aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), aNP.GetPersistentIV(),
+ GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
}
if( aUsers.hasElements() )
@@ -1048,12 +1096,12 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::Reference< task::XInteractionHandler >& xHandler )
{
bool bResult = false;
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler;
::osl::MutexGuard aGuard( mMutex );
// the method should fail if there is no master password
- if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
{
if ( aEncodedMP.isEmpty() )
{
@@ -1122,8 +1170,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
bool bCanChangePassword = true;
// if there is already a stored master password it should be entered by the user before the change happen
- OUString aEncodedMP;
- if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1142,7 +1190,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
// store the new master password
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
+ OUString aIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV, m_aMasterPasswd ), aIV );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1167,7 +1216,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword()
if ( m_pStorageFile )
{
m_aMasterPasswd.clear();
- m_pStorageFile->setEncodedMP( OUString() ); // let the master password be removed from configuration
+ m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the master password be removed from configuration
}
}
@@ -1178,8 +1227,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( )
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) );
}
sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow )
@@ -1226,8 +1275,8 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
bool bCanChangePassword = true;
// if there is already a stored nondefault master password it should be entered by the user before the change happen
- OUString aEncodedMP;
- if( m_pStorageFile->getEncodedMP( aEncodedMP ) && !aEncodedMP.isEmpty() )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && !aEncodedMP.isEmpty() )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1244,7 +1293,7 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
// store the empty string to flag the default master password
m_aMasterPasswd = aPass;
- m_pStorageFile->setEncodedMP( OUString(), true );
+ m_pStorageFile->setEncodedMP( OUString(), OUString(), true );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1268,8 +1317,8 @@ sal_Bool SAL_CALL PasswordContainer::isDefaultMasterPasswordUsed()
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) && aEncodedMP.isEmpty() );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() );
}
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
index cf5c717d0c9e..4e3a6629139e 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -33,6 +33,7 @@
#include <unotools/configitem.hxx>
#include <ucbhelper/interactionrequest.hxx>
+#include <rtl/random.h>
#include <rtl/ref.hxx>
#include <osl/mutex.hxx>
@@ -51,11 +52,12 @@ class NamePassRecord
::std::vector< OUString > m_aMemPass;
// persistent passwords are encrypted in one string
- bool m_bHasPersPass;
+ bool m_bHasPersPass;
OUString m_aPersPass;
+ OUString m_aPersistentIV;
void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList,
- bool bHasPersistentList, const OUString& aPersistentList )
+ bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV )
{
m_bHasMemPass = bHasMemoryList;
if ( bHasMemoryList )
@@ -63,7 +65,10 @@ class NamePassRecord
m_bHasPersPass = bHasPersistentList;
if ( bHasPersistentList )
+ {
m_aPersPass = aPersistentList;
+ m_aPersistentIV = aPersistentIV;
+ }
}
public:
@@ -75,11 +80,12 @@ public:
{
}
- NamePassRecord( const OUString& aName, const OUString& aPersistentList )
+ NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV )
: m_aName( aName )
, m_bHasMemPass( false )
, m_bHasPersPass( true )
, m_aPersPass( aPersistentList )
+ , m_aPersistentIV( aPersistentIV )
{
}
@@ -88,7 +94,8 @@ public:
, m_bHasMemPass( false )
, m_bHasPersPass( false )
{
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
}
NamePassRecord& operator=( const NamePassRecord& aRecord )
@@ -99,7 +106,9 @@ public:
m_aMemPass.clear();
m_aPersPass.clear();
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ m_aPersistentIV.clear();
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
}
return *this;
}
@@ -135,15 +144,24 @@ public:
return OUString();
}
+ OUString GetPersistentIV() const
+ {
+ if ( m_bHasPersPass )
+ return m_aPersistentIV;
+
+ return OUString();
+ }
+
void SetMemPasswords( const ::std::vector< OUString >& aMemList )
{
m_aMemPass = aMemList;
m_bHasMemPass = true;
}
- void SetPersPasswords( const OUString& aPersList )
+ void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
{
m_aPersPass = aPersList;
+ m_aPersistentIV = aPersIV;
m_bHasPersPass = true;
}
@@ -158,6 +176,7 @@ public:
{
m_bHasPersPass = false;
m_aPersPass.clear();
+ m_aPersistentIV.clear();
}
}
@@ -181,6 +200,7 @@ private:
PasswordContainer* mainCont;
bool hasEncoded;
OUString mEncoded;
+ OUString mEncodedIV;
virtual void ImplCommit() override;
@@ -201,8 +221,8 @@ public:
sal_Int32 getStorageVersion();
- bool getEncodedMP( OUString& aResult );
- void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
+ bool getEncodedMP( OUString& aResult, OUString& aResultIV );
+ void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false );
void setUseStorage( bool bUse );
bool useStorage();
@@ -223,6 +243,29 @@ private:
css::uno::Reference< css::lang::XComponent > mComponent;
SysCredentialsConfig mUrlContainer;
+ class RandomPool
+ {
+ private:
+ rtlRandomPool m_aRandomPool;
+ public:
+ RandomPool() : m_aRandomPool(rtl_random_createPool())
+ {
+ }
+ rtlRandomPool get()
+ {
+ return m_aRandomPool;
+ }
+ ~RandomPool()
+ {
+ // Clean up random pool memory
+ rtl_random_destroyPool(m_aRandomPool);
+ }
+ };
+
+ RandomPool mRandomPool;
+
+ OUString createIV();
+
/// @throws css::uno::RuntimeException
css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
const ::std::vector< NamePassRecord >& original,
@@ -273,10 +316,10 @@ css::task::UrlRecord find(
const css::uno::Reference< css::task::XInteractionHandler >& Handler );
/// @throws css::uno::RuntimeException
- static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
+ static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
/// @throws css::uno::RuntimeException
- static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword );
+ static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword );
public:
PasswordContainer( const css::uno::Reference< css::lang::XMultiServiceFactory >& );
--
2.37.1

View File

@ -0,0 +1,225 @@
From ae89e7b8ae1e781c1a9d8ca2c5d4aeca656932f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 17:26:25 +0000
Subject: [PATCH] default to ignoring libreoffice special-purpose protocols in
calc hyperlink
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159882
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159912
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
erAck: backported to 6.4.7.2
---
dbaccess/source/core/dataaccess/ModelImpl.cxx | 3 +-
include/sfx2/docmacromode.hxx | 5 ++-
include/sfx2/objsh.hxx | 3 ++
sc/source/core/data/global.cxx | 33 ++++++++++++++++++-
sfx2/source/doc/docmacromode.cxx | 8 +++--
sfx2/source/doc/objmisc.cxx | 8 ++++-
sfx2/source/doc/objxtor.cxx | 1 +
sfx2/source/inc/objshimp.hxx | 3 +-
8 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index 1f11f36..ce4dbae 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -1140,7 +1140,8 @@ bool ODatabaseModelImpl::checkMacrosOnLoading()
{
Reference< XInteractionHandler > xInteraction;
xInteraction = m_aMediaDescriptor.getOrDefault( "InteractionHandler", xInteraction );
- return m_aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasMacros = m_aMacroMode.hasMacros();
+ return m_aMacroMode.checkMacrosOnLoading(xInteraction, bHasMacros);
}
void ODatabaseModelImpl::resetMacroExecutionMode()
diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index a15bbbe..98b7d3a 100644
--- a/include/sfx2/docmacromode.hxx
+++ b/include/sfx2/docmacromode.hxx
@@ -260,6 +260,8 @@ namespace sfx2
*/
static bool storageHasMacros( const css::uno::Reference< css::embed::XStorage >& _rxStorage );
+ bool hasMacros() const;
+
static bool containerHasBasicMacros( const css::uno::Reference< css::script::XLibraryContainer >& xContainter );
/** checks the macro execution mode while loading the document.
@@ -286,7 +288,8 @@ namespace sfx2
*/
bool
checkMacrosOnLoading(
- const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction
+ const css::uno::Reference< css::task::XInteractionHandler >& _rxInteraction,
+ bool bHasMacros
);
private:
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index 2a56ebe..43df460 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -418,6 +418,9 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
+ // true if the document had macros (or similar) on load to trigger warning user
+ bool GetHadCheckedMacrosOnLoad() const;
+
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 050fd82..92d50c4 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -26,7 +26,9 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
+#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
+#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -789,7 +791,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
OUString aUrlName( rURL );
SfxViewFrame* pFrame = nullptr;
- const SfxObjectShell* pObjShell = nullptr;
+ SfxObjectShell* pObjShell = nullptr;
OUString aReferName;
if ( pScActiveViewShell )
{
@@ -823,6 +825,35 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
+ if (INetURLObject(aUrlName).IsExoticProtocol())
+ {
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ assert(pFrame && "if we have pObjShell we have pFrame");
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ if (!bAllow)
+ {
+ SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
+ return;
+ }
+ }
+
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
if ( nScClickMouseModifier & KEY_SHIFT ) // control-click -> into new window
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 492bd0a..7f1fb2b 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -391,8 +391,12 @@ namespace sfx2
return bHasMacros;
}
+ bool DocumentMacroMode::hasMacros() const
+ {
+ return m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading();
+ }
- bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction )
+ bool DocumentMacroMode::checkMacrosOnLoading( const Reference< XInteractionHandler >& rxInteraction, bool bHasMacros )
{
bool bAllow = false;
if ( SvtSecurityOptions().IsMacroDisabled() )
@@ -402,7 +406,7 @@ namespace sfx2
}
else
{
- if (m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() || m_xData->m_rDocumentAccess.macroCallsSeenWhileLoading())
+ if (bHasMacros)
{
bAllow = adjustMacroMode( rxInteraction );
}
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 6819404..fac75dd 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -953,9 +953,15 @@ void SfxObjectShell::CheckSecurityOnLoading_Impl()
CheckEncryption_Impl( xInteraction );
// check macro security
- pImpl->aMacroMode.checkMacrosOnLoading( xInteraction );
+ const bool bHasMacros = pImpl->aMacroMode.hasMacros();
+ pImpl->aMacroMode.checkMacrosOnLoading( xInteraction, bHasMacros );
+ pImpl->m_bHadCheckedMacrosOnLoad = bHasMacros;
}
+bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
+{
+ return pImpl->m_bHadCheckedMacrosOnLoad;
+}
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
diff --git a/sfx2/source/doc/objxtor.cxx b/sfx2/source/doc/objxtor.cxx
index 510c35d..a707bb7 100644
--- a/sfx2/source/doc/objxtor.cxx
+++ b/sfx2/source/doc/objxtor.cxx
@@ -237,6 +237,7 @@ SfxObjectShell_Impl::SfxObjectShell_Impl( SfxObjectShell& _rDocShell )
,m_bAllowShareControlFileClean( true )
,m_bConfigOptionsChecked( false )
,m_bMacroCallsSeenWhileLoading( false )
+ ,m_bHadCheckedMacrosOnLoad( false )
,lErr(ERRCODE_NONE)
,nEventId ( SfxEventHintId::NONE )
,nLoadedFlags ( SfxLoadedFlags::ALL )
diff --git a/sfx2/source/inc/objshimp.hxx b/sfx2/source/inc/objshimp.hxx
index 3d7b0b6..4afdd70 100644
--- a/sfx2/source/inc/objshimp.hxx
+++ b/sfx2/source/inc/objshimp.hxx
@@ -91,7 +91,8 @@ struct SfxObjectShell_Impl : public ::sfx2::IMacroDocumentAccess
m_bSharedXMLFlag:1, // whether the document should be edited in shared mode
m_bAllowShareControlFileClean:1, // whether the flag should be stored in xml file
m_bConfigOptionsChecked:1, // whether or not the user options are checked after the Options dialog is closed.
- m_bMacroCallsSeenWhileLoading:1; // whether or not the user options are checked after the Options dialog is closed.
+ m_bMacroCallsSeenWhileLoading:1, // whether or not macro calls were seen when loading document.
+ m_bHadCheckedMacrosOnLoad:1; // if document contained macros (or calls) when loaded
IndexBitSet aBitSet;
ErrCode lErr;
--
2.43.0

View File

@ -0,0 +1,54 @@
From eaa66eec69ec311b73521c6ce410a749c810298f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 20 Apr 2023 20:58:21 +0100
Subject: [PATCH 3/3] assume IFrame script/macro support isn't needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
seems undocumented at least
Change-Id: I316e4f4f25ddb7cf6b7bac4d856a721b987207a3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151020
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152150
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 4b679f8e16bc050bc0cc9fa9294413c8115ed239)
---
sfx2/source/doc/iframe.cxx | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index fce6cb48ea08f..84d724f7c58f3 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -168,20 +168,16 @@ sal_Bool SAL_CALL IFrameObject::load(
uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
xTrans->parseStrict( aTargetURL );
+ INetURLObject aURLObject(aTargetURL.Complete);
+ if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+ return false;
+
uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
- if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
- {
- if (pDoc && !pDoc->AdjustMacroMode())
- return false;
- }
-
bool bUpdateAllowed(true);
if (pDoc)
{
- // perhaps should only check for file targets, but lets default to making it strong
- // unless there is a known need to distinguish
comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer();
bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate();
}
--
2.41.0

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,397 @@
From 9ef423d4e7c85629772131b3216b98e17d7b8d7e Mon Sep 17 00:00:00 2001
From: Michael Stahl <michael.stahl@allotropia.de>
Date: Thu, 18 Feb 2021 19:22:31 +0100
Subject: [PATCH 4/6] CVE-2021-25634
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
xmlsecurity: XSecParser confused about multiple timestamps
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
---
include/svl/sigstruct.hxx | 7 +-
xmlsecurity/inc/xsecctl.hxx | 5 +-
xmlsecurity/source/helper/ooxmlsecparser.cxx | 4 +-
xmlsecurity/source/helper/xsecctl.cxx | 2 +-
xmlsecurity/source/helper/xsecparser.cxx | 81 ++++++++++----------
xmlsecurity/source/helper/xsecparser.hxx | 6 --
xmlsecurity/source/helper/xsecsign.cxx | 4 +-
xmlsecurity/source/helper/xsecverify.cxx | 39 ++++------
8 files changed, 68 insertions(+), 80 deletions(-)
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx
index f6ee242c84d1..7a0296fa9fae 100644
--- a/include/svl/sigstruct.hxx
+++ b/include/svl/sigstruct.hxx
@@ -103,6 +103,9 @@ struct SignatureInformation
// XAdES EncapsulatedX509Certificate values
std::set<OUString> maEncapsulatedX509Certificates;
+ OUString ouSignatureId;
+ // signature may contain multiple time stamps - check they're consistent
+ bool hasInconsistentSigningTime = false;
//We also keep the date and time as string. This is done when this
//structure is created as a result of a XML signature being read.
//When then a signature is added or another removed, then the original
@@ -115,8 +118,8 @@ struct SignatureInformation
//and the converted time is written back, then the string looks different
//and the signature is broken.
OUString ouDateTime;
- OUString ouSignatureId;
- OUString ouPropertyId;
+ /// The Id attribute of the <SignatureProperty> element that contains the <dc:date>.
+ OUString ouDateTimePropertyId;
/// Characters of the <dc:description> element inside the signature.
OUString ouDescription;
/// The Id attribute of the <SignatureProperty> element that contains the <dc:description>.
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index 351c94a2a3e6..7baa219fb13c 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -271,8 +271,8 @@ private:
void setGpgCertificate( OUString const & ouGpgCert );
void setGpgOwner( OUString const & ouGpgOwner );
- void setDate( OUString const & ouDate );
- void setDescription(const OUString& rDescription);
+ void setDate(OUString const& rId, OUString const& ouDate);
+ void setDescription(OUString const& rId, OUString const& rDescription);
void setCertDigest(const OUString& rCertDigest);
void setValidSignatureImage(const OUString& rValidSigImg);
void setInvalidSignatureImage(const OUString& rInvalidSigImg);
@@ -283,7 +283,6 @@ public:
private:
void setId( OUString const & ouId );
- void setPropertyId( OUString const & ouPropertyId );
css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
sal_Int32 nSecurityId );
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index c22e8c2261bf..a200de60c07a 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -192,12 +192,12 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName)
}
else if (rName == "mdssi:Value")
{
- m_pXSecController->setDate(m_aMdssiValue);
+ m_pXSecController->setDate("", m_aMdssiValue);
m_bInMdssiValue = false;
}
else if (rName == "SignatureComments")
{
- m_pXSecController->setDescription(m_aSignatureComments);
+ m_pXSecController->setDescription("", m_aSignatureComments);
m_bInSignatureComments = false;
}
else if (rName == "X509IssuerName")
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index ab108d13c224..8d5ea68c768b 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -819,7 +819,7 @@ void XSecController::exportSignature(
pAttributeList = new SvXMLAttributeList();
pAttributeList->AddAttribute(
"Id",
- signatureInfo.ouPropertyId);
+ signatureInfo.ouDateTimePropertyId);
pAttributeList->AddAttribute(
"Target",
"#" + signatureInfo.ouSignatureId);
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index 5c92e5efa104..9cc9312b4d9f 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -978,6 +978,9 @@ class XSecParser::XadesSigningCertificateContext
class XSecParser::XadesSigningTimeContext
: public XSecParser::Context
{
+ private:
+ OUString m_Value;
+
public:
XadesSigningTimeContext(XSecParser & rParser,
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
@@ -985,20 +988,14 @@ class XSecParser::XadesSigningTimeContext
{
}
- virtual void StartElement(
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
- {
- m_rParser.m_ouDate.clear();
- }
-
virtual void EndElement() override
{
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
+ m_rParser.m_pXSecController->setDate("", m_Value);
}
virtual void Characters(OUString const& rChars) override
{
- m_rParser.m_ouDate += rChars;
+ m_Value += rChars;
}
};
@@ -1104,35 +1101,20 @@ class XSecParser::DcDateContext
: public XSecParser::Context
{
private:
- bool m_isIgnore = false;
+ OUString & m_rValue;
public:
DcDateContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
{
}
- virtual void StartElement(
- css::uno::Reference<css::xml::sax::XAttributeList> const& /*xAttrs*/) override
- {
- m_isIgnore = !m_rParser.m_ouDate.isEmpty();
- }
-
- virtual void EndElement() override
- {
- if (!m_isIgnore)
- {
- m_rParser.m_pXSecController->setDate( m_rParser.m_ouDate );
- }
- }
-
virtual void Characters(OUString const& rChars) override
{
- if (!m_isIgnore)
- {
- m_rParser.m_ouDate += rChars;
- }
+ m_rValue += rChars;
}
};
@@ -1140,29 +1122,32 @@ class XSecParser::DcDescriptionContext
: public XSecParser::Context
{
private:
- OUString m_Value;
+ OUString & m_rValue;
public:
DcDescriptionContext(XSecParser & rParser,
- std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
+ std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap,
+ OUString & rValue)
: XSecParser::Context(rParser, std::move(pOldNamespaceMap))
+ , m_rValue(rValue)
{
}
- virtual void EndElement() override
- {
- m_rParser.m_pXSecController->setDescription(m_Value);
- }
-
virtual void Characters(OUString const& rChars) override
{
- m_Value += rChars;
+ m_rValue += rChars;
}
};
class XSecParser::DsSignaturePropertyContext
: public XSecParser::Context
{
+ private:
+ enum class SignatureProperty { Unknown, Date, Description };
+ SignatureProperty m_Property = SignatureProperty::Unknown;
+ OUString m_Id;
+ OUString m_Value;
+
public:
DsSignaturePropertyContext(XSecParser & rParser,
std::unique_ptr<SvXMLNamespaceMap> pOldNamespaceMap)
@@ -1173,10 +1158,22 @@ class XSecParser::DsSignaturePropertyContext
virtual void StartElement(
css::uno::Reference<css::xml::sax::XAttributeList> const& xAttrs) override
{
- OUString const ouIdAttr(m_rParser.HandleIdAttr(xAttrs));
- if (!ouIdAttr.isEmpty())
+ m_Id = m_rParser.HandleIdAttr(xAttrs);
+ }
+
+ virtual void EndElement() override
+ {
+ switch (m_Property)
{
- m_rParser.m_pXSecController->setPropertyId( ouIdAttr );
+ case SignatureProperty::Unknown:
+ SAL_INFO("xmlsecurity.helper", "Unknown property in ds:Object ignored");
+ break;
+ case SignatureProperty::Date:
+ m_rParser.m_pXSecController->setDate(m_Id, m_Value);
+ break;
+ case SignatureProperty::Description:
+ m_rParser.m_pXSecController->setDescription(m_Id, m_Value);
+ break;
}
}
@@ -1186,11 +1183,13 @@ class XSecParser::DsSignaturePropertyContext
{
if (nNamespace == XML_NAMESPACE_DC && rName == "date")
{
- return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap));
+ m_Property = SignatureProperty::Date;
+ return std::make_unique<DcDateContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
}
if (nNamespace == XML_NAMESPACE_DC && rName == "description")
{
- return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap));
+ m_Property = SignatureProperty::Description;
+ return std::make_unique<DcDescriptionContext>(m_rParser, std::move(pOldNamespaceMap), m_Value);
}
return XSecParser::Context::CreateChildContext(std::move(pOldNamespaceMap), nNamespace, rName);
}
diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx
index 93efcb766e3e..7a0eb08bca28 100644
--- a/xmlsecurity/source/helper/xsecparser.hxx
+++ b/xmlsecurity/source/helper/xsecparser.hxx
@@ -97,12 +97,6 @@ private:
class DsSignatureContext;
class DsigSignaturesContext;
- /*
- * the following members are used to reserve the signature information,
- * including X509IssuerName, X509SerialNumber, and X509Certificate,etc.
- */
- OUString m_ouDate;
-
std::stack<std::unique_ptr<Context>> m_ContextStack;
std::unique_ptr<SvXMLNamespaceMap> m_pNamespaceMap;
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index 4d1b89949feb..5ed23281f083 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -132,8 +132,8 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
if (nStorageFormat != embed::StorageFormats::OFOPXML)
{
internalSignatureInfor.signatureInfor.ouSignatureId = createId();
- internalSignatureInfor.signatureInfor.ouPropertyId = createId();
- internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouPropertyId, -1, OUString() );
+ internalSignatureInfor.signatureInfor.ouDateTimePropertyId = createId();
+ internalSignatureInfor.addReference(SignatureReferenceType::SAMEDOCUMENT, digestID, internalSignatureInfor.signatureInfor.ouDateTimePropertyId, -1, OUString() );
size++;
if (bXAdESCompliantIfODF)
diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx
index 1f7fa9ac8ca8..5f5840334254 100644
--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -321,7 +321,7 @@ void XSecController::setGpgOwner( OUString const & ouGpgOwner )
isi.signatureInfor.ouGpgOwner = ouGpgOwner;
}
-void XSecController::setDate( OUString const & ouDate )
+void XSecController::setDate(OUString const& rId, OUString const& ouDate)
{
if (m_vInternalSignatureInformations.empty())
{
@@ -329,17 +329,31 @@ void XSecController::setDate( OUString const & ouDate )
return;
}
InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
+ // there may be multiple timestamps in a signature - check them for consistency
+ if (!isi.signatureInfor.ouDateTime.isEmpty()
+ && isi.signatureInfor.ouDateTime != ouDate)
+ {
+ isi.signatureInfor.hasInconsistentSigningTime = true;
+ }
(void)utl::ISO8601parseDateTime( ouDate, isi.signatureInfor.stDateTime);
isi.signatureInfor.ouDateTime = ouDate;
+ if (!rId.isEmpty())
+ {
+ isi.signatureInfor.ouDateTimePropertyId = rId;
+ }
}
-void XSecController::setDescription(const OUString& rDescription)
+void XSecController::setDescription(OUString const& rId, OUString const& rDescription)
{
if (m_vInternalSignatureInformations.empty())
return;
InternalSignatureInformation& rInformation = m_vInternalSignatureInformations.back();
rInformation.signatureInfor.ouDescription = rDescription;
+ if (!rId.isEmpty())
+ {
+ rInformation.signatureInfor.ouDescriptionPropertyId = rId;
+ }
}
void XSecController::setSignatureBytes(const uno::Sequence<sal_Int8>& rBytes)
@@ -433,27 +447,6 @@ void XSecController::setId( OUString const & ouId )
isi.signatureInfor.ouSignatureId = ouId;
}
-void XSecController::setPropertyId( OUString const & ouPropertyId )
-{
- if (m_vInternalSignatureInformations.empty())
- {
- SAL_INFO("xmlsecurity.helper","XSecController::setPropertyId: no signature");
- return;
- }
- InternalSignatureInformation &isi = m_vInternalSignatureInformations.back();
-
- if (isi.signatureInfor.ouPropertyId.isEmpty())
- {
- // <SignatureProperty> ID attribute is for the date.
- isi.signatureInfor.ouPropertyId = ouPropertyId;
- }
- else
- {
- // <SignatureProperty> ID attribute is for the description.
- isi.signatureInfor.ouDescriptionPropertyId = ouPropertyId;
- }
-}
-
/* public: for signature verify */
void XSecController::collectToVerify( const OUString& referenceId )
{
--
2.32.0

View File

@ -0,0 +1,117 @@
From 4cfd591942e4cfd3efc416bfac8e46e3580d37ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Wed, 23 Mar 2022 13:03:30 +0000
Subject: [PATCH] add infobar to prompt to refresh to replace old format
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
---
include/sfx2/strings.hrc | 2 ++
include/sfx2/viewfrm.hxx | 1 +
sfx2/source/view/viewfrm.cxx | 40 ++++++++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+)
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 1f21f0a0f186..1db36e733c0c 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -297,6 +297,8 @@
#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures")
+#define STR_REFRESH_MASTER_PASSWORD NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it")
+#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD", "Refresh Password")
#define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close Pane")
#define STR_SFX_DOCK NC_("STR_SFX_DOCK", "Dock")
diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
index fe336ba5f091..cc6a7dae7047 100644
--- a/include/sfx2/viewfrm.hxx
+++ b/include/sfx2/viewfrm.hxx
@@ -61,6 +61,7 @@ protected:
DECL_LINK(WhatsNewHandler, Button*, void);
DECL_LINK(SwitchReadOnlyHandler, Button*, void);
DECL_LINK(SignDocumentHandler, Button*, void);
+ DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
SAL_DLLPRIVATE void KillDispatcher_Impl();
virtual ~SfxViewFrame() override;
diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
index 5a64599e5894..86e7d51bbfea 100644
--- a/sfx2/source/view/viewfrm.cxx
+++ b/sfx2/source/view/viewfrm.cxx
@@ -32,6 +32,7 @@
#include <com/sun/star/frame/XLoadable.hpp>
#include <com/sun/star/frame/XLayoutManager.hpp>
#include <com/sun/star/frame/XComponentLoader.hpp>
+#include <com/sun/star/task/PasswordContainer.hpp>
#include <officecfg/Office/Common.hxx>
#include <officecfg/Setup.hxx>
#include <toolkit/helper/vclunohelper.hxx>
@@ -1390,6 +1391,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint )
batch->commit();
}
+ if (officecfg::Office::Common::Passwords::HasMaster::get() &&
+ officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
+ {
+ // master password stored in deprecated format
+ VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
+ AppendInfoBar("oldmasterpassword", "",
+ SfxResId(STR_REFRESH_MASTER_PASSWORD), InfobarType::DANGER, false);
+ if (pOldMasterPasswordInfoBar)
+ {
+ VclPtrInstance<PushButton> const xBtn(&GetWindow());
+ xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
+ xBtn->SetSizePixel(xBtn->GetOptimalSize());
+ xBtn->SetClickHdl(LINK(this,
+ SfxViewFrame, RefreshMasterPasswordHdl));
+ pOldMasterPasswordInfoBar->addButton(xBtn);
+ }
+ }
+
// read-only infobar if necessary
const SfxViewShell *pVSh;
const SfxShell *pFSh;
@@ -1565,6 +1584,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, Button*, void)
GetDispatcher()->Execute(SID_SIGNATURE);
}
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
+{
+ bool bChanged = false;
+ try
+ {
+ Reference< task::XPasswordContainer2 > xMasterPasswd(
+ task::PasswordContainer::create(comphelper::getProcessComponentContext()));
+
+ css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface();
+ css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow();
+
+ uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
+ xContainerWindow));
+ bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
+ }
+ catch (const Exception&)
+ {}
+ if (bChanged)
+ RemoveInfoBar(u"oldmasterpassword");
+}
+
void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
{
m_pImpl->bResizeInToOut = true;
--
2.37.1

View File

@ -0,0 +1,281 @@
From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 15 Nov 2023 11:39:24 +0000
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
reorg calc hyperlink check to reuse elsewhere
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
reuse AllowedLinkProtocolFromDocument in writer
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
combine these hyperlink dispatchers into one call
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
we can have just one LoadURL for writer
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Eike Rathke <erack@redhat.com>
---
include/sfx2/objsh.hxx | 7 +++--
sc/source/core/data/global.cxx | 32 ++---------------------
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
5 files changed, 60 insertions(+), 52 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index fde0dba3d7c9..79f22c978dcb 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -200,6 +200,9 @@ private:
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
+ // true if the document had macros (or similar) on load to trigger warning user
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
+
protected:
SfxObjectShell(SfxObjectCreateMode);
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
@@ -427,8 +430,8 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
- // true if the document had macros (or similar) on load to trigger warning user
- bool GetHadCheckedMacrosOnLoad() const;
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 92caea1ea459..27c5a51a46c1 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -29,9 +29,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
-#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
-#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (INetURLObject(aUrlName).IsExoticProtocol())
- {
- // Default to ignoring exotic protocols
- bool bAllow = false;
- if (pObjShell)
- {
- // If the document had macros when loaded then follow the allowed macro-mode
- if (pObjShell->GetHadCheckedMacrosOnLoad())
- bAllow = pObjShell->AdjustMacroMode();
- else // otherwise ask the user, defaulting to cancel
- {
- assert(pFrame && "if we have pObjShell we have pFrame");
- //Reuse URITools::onOpenURI warning string
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
- VclMessageType::Warning, VclButtonsType::YesNo,
- SfxResId(STR_DANGEROUS_TO_OPEN)));
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
- xQueryBox->set_default_response(RET_NO);
- bAllow = xQueryBox->run() == RET_YES;
- }
- }
- if (!bAllow)
- {
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
- return;
- }
- }
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index ddf95eeafe5e..8c76c3f0f4d6 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
return pImpl->m_bHadCheckedMacrosOnLoad;
}
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
+{
+ if (!INetURLObject(rUrl).IsExoticProtocol())
+ return true;
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
+ return bAllow;
+}
+
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
OUString aVersion;
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
index c84ee7bd9af4..c51f501841ad 100644
--- a/sw/source/uibase/shells/drwtxtex.cxx
+++ b/sw/source/uibase/shells/drwtxtex.cxx
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
{
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
- SfxBoolItem aBrowsing(SID_BROWSE, true);
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
+ pURLField->GetTargetFrame());
}
}
break;
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 1995e7133c4a..d781823e82ec 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
return bRet;
}
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
- const OUString& rTargetFrameName )
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName)
{
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
- if( rURL.isEmpty() )
- return ;
+ SwDocShell* pDShell = rView.GetDocShell();
+ OSL_ENSURE( pDShell, "No DocShell?!");
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
- // The shell could be 0 also!!!!!
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
// unless we are jumping to a TOC mark.
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
{
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
return;
}
- //A CursorShell is always a WrtShell
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
-
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
- OSL_ENSURE( pDShell, "No DocShell?!");
OUString sTargetFrame(rTargetFrameName);
if (sTargetFrame.isEmpty() && pDShell)
{
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
OUString sReferer;
if( pDShell && pDShell->GetMedium() )
sReferer = pDShell->GetMedium()->GetName();
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
SfxStringItem aName( SID_FILE_NAME, rURL );
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
}
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName )
+{
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
+ if( rURL.isEmpty() )
+ return ;
+
+ // The shell could be 0 also!!!!!
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ return;
+
+ //A CursorShell is always a WrtShell
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
+
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
+}
+
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
const sal_uInt16 nAction )
{
--------------erAck-patch-parts--

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,87 @@
From 62ba88176c10469588e4bbb73cbf33889df08dbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 22 Nov 2023 21:14:41 +0000
Subject: [PATCH] reuse AllowedLinkProtocolFromDocument in impress/draw
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159914
Reviewed-by: Eike Rathke <erack@redhat.com>
erAck: backported to 6.4.7.2
---
sd/source/ui/app/sdmod1.cxx | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index 3d84ddb..8d42653 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -32,6 +32,7 @@
#include <sfx2/dispatch.hxx>
#include <sfx2/request.hxx>
#include <sfx2/templatedlg.hxx>
+#include <svl/stritem.hxx>
#include <editeng/eeitem.hxx>
#include <svx/svxids.hrc>
@@ -193,26 +194,32 @@ void SdModule::Execute(SfxRequest& rReq)
{
bool bIntercept = false;
::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() );
- if (pDocShell)
+ ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr;
+ if (pViewShell)
{
- ::sd::ViewShell* pViewShell = pDocShell->GetViewShell();
- if (pViewShell)
+ if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
{
- if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) )
+ // Prevent documents from opening while the slide
+ // show is running, except when this request comes
+ // from a shape interaction.
+ if (rReq.GetArgs() == nullptr)
{
- // Prevent documents from opening while the slide
- // show is running, except when this request comes
- // from a shape interaction.
- if (rReq.GetArgs() == nullptr)
- {
- bIntercept = true;
- }
+ bIntercept = true;
}
}
}
if (!bIntercept)
{
+ if (const SfxStringItem* pURLItem = rReq.GetArg<SfxStringItem>(SID_FILE_NAME))
+ {
+ if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(),
+ pViewShell->GetObjectShell(),
+ pViewShell->GetFrameWeld()))
+ {
+ return;
+ }
+ }
SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface());
}
else
--
2.43.0

View File

@ -0,0 +1,65 @@
From a255a9c69d35df27e92349ea5bb9cb8d6c46d97f Mon Sep 17 00:00:00 2001
From: rpmbuild <rpmbuild@fedoraproject.org>
Date: Fri, 8 Mar 2024 17:51:24 +0100
Subject: [PATCH] CVE-2023-6186 backporting
Add dialog text string STR_DANGEROUS_TO_OPEN
as per upstream commit 70009098fd70df021048c540d1796c928554b494
SfxViewFrame doesn't have GetFrameWeld() yet, get from Window.
---
include/sfx2/strings.hrc | 1 +
sc/source/core/data/global.cxx | 4 +++-
sw/source/uibase/wrtsh/wrtsh2.cxx | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 1db36e7..29950ba 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -103,6 +103,7 @@
#define STR_GB NC_("STR_GB", "GB")
#define STR_QUERY_LASTVERSION NC_("STR_QUERY_LASTVERSION", "Cancel all changes?")
#define STR_NO_WEBBROWSER_FOUND NC_("STR_NO_WEBBROWSER_FOUND", "Opening \"$(ARG1)\" failed with error code $(ARG2) and message: \"$(ARG3)\"\nMaybe no web browser could be found on your system. In that case, please check your Desktop Preferences or install a web browser (for example, Firefox) in the default location requested during the browser installation.")
+#define STR_DANGEROUS_TO_OPEN NC_("STR_DANGEROUS_TO_OPEN", "It might be dangerous to open \"$(ARG1)\".\nDo you really want to open it?")
#define STR_NO_ABS_URI_REF NC_("STR_NO_ABS_URI_REF", "\"$(ARG1)\" is not an absolute URL that can be passed to an external application to open it.")
#define STR_GID_INTERN NC_("STR_GID_INTERN", "Internal")
#define STR_GID_APPLICATION NC_("STR_GID_APPLICATION", "Application")
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index b16be6b..3295a38 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -37,6 +37,8 @@
#include <vcl/virdev.hxx>
#include <vcl/settings.hxx>
#include <vcl/svapp.hxx>
+#include <vcl/weld.hxx>
+#include <vcl/window.hxx>
#include <unotools/charclass.hxx>
#include <unotools/securityoptions.hxx>
#include <osl/diagnose.h>
@@ -823,7 +825,7 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetWindow().GetFrameWeld() : nullptr))
return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 41f427a..543644d 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -495,7 +495,7 @@ static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
OSL_ENSURE( pDShell, "No DocShell?!");
SfxViewFrame* pViewFrame = rView.GetViewFrame();
- if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetWindow().GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
--
2.43.0

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBEyzEr0BEADT441wUITsTwDA2nM3kmUhGrzTdxZB5xv/E1ZJCw63qWdmdTdW
NZDfNDuLs4r2VjlEoA3xGK6jgnQvyAoNj0yiEbW/JedHHgOiVdXDlkgkY58myafT
FXqDLzTXVrsNnay0GS8XrNjptZJPhEPBvNUdkqpA9B7RTkfaXj779Pf/AeFMZVLl
UAci5RA0NNF910GHwoXT6SEv2PGoawsphnfmMVdKh9wz7asbtKXEmotCwX3k045x
LsIVK5ANOi+BI9C3LkrrFJWw2XHqDW2ulwCJ0L5QNSjOuY/v8REODwIXamvvdZOz
XBKSIzDOalJqFCHls3YlGyFw1knr6BAOmVOm32YtNTCLbVA/iK55fZWnUCjD3a4G
xz4qpQYWfpxhOmlHpk5JkraSNHzCc7SB43DwcHF5ecXHttMhO8MoN/bAZBgCuLGF
EwNvwFbDwIWo07mlv7wD8i1rtUCvLywJc5YL2PbjCLfB1Q4YzDX1EWnjKdnAsxxK
ftrx1DFlxzUF+TaHbLTPttUcsWQaL8wITznoWIwdIWlo2woPgWIpUXMOYwYV31Oo
fgmroHa3V4NOvkke09uhaZawg5yZCoRFohhfKPqT1ZrJ9SnRbW/WR3VTVY76ht5k
RuV3eb2VWBmPU9zn56Tbe6dvFkBuzHH1JdECAqy1BzFcmQQFBebFzf1XAQARAQAB
tEhMaWJyZU9mZmljZSBCdWlsZCBUZWFtIChDT0RFIFNJR05JTkcgS0VZKSA8YnVp
bGRAZG9jdW1lbnRmb3VuZGF0aW9uLm9yZz6JAjcEEwEKACEFAkyzEr0CGwMFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ9DSh76/urqOc4w//X+74QlyRalcuLNw3
oJKB1+1z6xxhhpwg1kw5cMMrGu0w0YoPvLDKaiS02DdkIaXDECcQTOoEh7/bYbZq
6OtE1WyxqHYYOPK5yul5FRwZ5k5HZ7pDFcKCQ72UgWhz+QznRhgZ0jwEWl5Ln3rw
JpSynIvTXHmQogId0xmcrNQPyckzzugGx4qZFinSOmDGwTgG14NU3vat2iek37Ph
BLh5V8ohlEoccwwPejtKEWQudg0Q8K7uBuqLUhnJoZodEytqpOvtysuPtGxGXnmD
7oXtBVEF3X6eFRXDIp81cx2isHK4Krf4z4T9KUimNLHjWRa+ZQtp2pZLHQlblfsn
CUf6TYZ0Yi909EhcM/hxAgBZXellOCQ/8U2cJsTUyN5Dp1wbf6X0uK4uaed1/037
EGLAO6PP6WQz6jWd1/hhsQ5oAmdjkzlMFEfKNeIIDuKMOjXcTvM8/KRXhufwICvS
FBlSIveHfDFWCvOVgq0VjAY7NFMFKRUnRHB58qBamtyhOyscRIvT5QH8HYfUA/YN
l9FguczYUIQi3t+H1hoHIywdtmRuhYx5WlIUe8FO9QD5RMPbBjVbkCYgdHdxgnJD
KCoRGsoKlLB7UZc4Ak9j6plZbYtFRonm2MjU4zxblCFNuEqVQ0V/y6/OIGpBYF9Y
aEAtTgEJd9OmmDCM3d8O0zZHYma5Ag0ETLMSvQEQAMDp0HxSDWd+2Od/aJutCMFe
8tfw7+nP9gfHOCUqesb88QvRMJgVY6z1aNdMllxTKlsxUiuA6uNcrUAkzDp/qRWR
58rWIO642PLifng3urJ1cDbSKC+K4RHpQC+hXllMKLqq8dwNy1LO4fPo9SdtUF4B
ev6enKmo4yCiOGv2tvztPh9gMGYoDncaOsS0t2UPr2MMQIVUmmIzfJBkdOxbZiWO
doeNbWsYJHQaO+Ahal6SjPHKzhdjeXhZzHl1vqeDkV4MXHprrOwXNXwPiEpkZe2O
dc7yaMkQc0k8WRrfKHApbnwDx6Mi8HYaf+LvRq7P0eMO9osD1q44wQQvVzk199zp
MMHS5/kAv7RBNmDOSJQIZ4zT4lzRDODjMf01Ljn02zon12GfJo0WbbpmLulta7uj
HgMrUU54by8WPFGW0fljXiDX0EpkHhxUsUsfaNfBsFnE+sRxQjNF/ljvofkyApI2
1OjtEa9krwvgDqaXsL+a2076OsoFpORlTZ30REb0eRS6rEt8M+7s4xTaA7GFxlY/
N+bnaM8m+ItygfFHHW4H0wLbbgajDeooSTgaheVNF5V9HS0EkN4MNVvtJH7J6drd
iR1QVhX87n7+JtQzTtCOyfeKjaB+kcbAm/2VOFOeHdig5+BygpXt3IixVq72xmGz
h0jhY565MjXrqg5O3pvLABEBAAGJAh8EGAEKAAkFAkyzEr0CGwwACgkQ9DSh76/u
rqPaeg//avI2/a94XlSYtSZb2hVdW3qa9AEypQurqtVrKJfEKFV+ZQBPXbPRy8Mz
5LMEH1sfD6B4SVGIGJ8opSyieJkcKIke+GMekTWvSqDpFOgY2rw7eHNn/33ZJs3O
zQOyWz8smE/AIM/5lyiVGuSlU7RjYncf1V9bIBc91q9Edqk4IYUo/7W+yafC0VW/
8oHUFYjHNaujiOsEoLiXsh9Y0R/6Jxs6fvE4XbCANV/ecN5UX+9BBrNZNN/9GbNr
6CYGZ57M2f1Pgywy/XvOnEPnJ8aWXUyGLqq34KvMPFPSOeAmFbkFEsB4mdDMFaDw
rzziiZE/zS8/nKiH4X2JgmLgFsadEihdfYxeDcGbhREK/qA1f3bGnr1j05V07yko
2FFZdiOr4OgiT5ymgwVUXQ2Aiz+J/C8URjfpcPxetmuDQT9AYfgmMKPNVXPFWuNQ
dzN5GZbI+E1/cb5+uLNknvjngw2G4PR/4uPHX1HCSftlNawBqWzyun1k+B7/u3Oe
FebWXcdqSmZuLQ7l0Pkuz/Nlp6M6cKpceL+9zCgaiR5+v9h94VvtXKd/mw9ZLACc
VcOANiwCtsJP3lt7jRSHtkuUe6vUm5tLS582RfXxoI1BlPjNtG9xAQ3JKBHIXbal
T18pAFO3t74cxg3h0iI1G51F3oL0DwILP2MBBmardVEp5CMnB/M=
=1iQB
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
Release: 4%{?libo_prerelease}%{?dist}
Release: 18%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/
@ -213,7 +213,9 @@ BuildRequires: libnumbertext-devel
# java stuff
BuildRequires: ant
%if 0%{?fedora}
BuildRequires: bsh
%endif
BuildRequires: java-devel
BuildRequires: junit
BuildRequires: pentaho-reporting-flow-engine
@ -264,6 +266,42 @@ Patch22: 0005-cid-1460969-Uninitialized-scalar-field.patch
Patch23: 0006-tdf-137897-scRetypePassInputDlg-re-allow-password-re.patch
Patch24: 0007-tdf-137982-m_xFrame-is-already-disposed.patch
Patch25: 0008-Resolves-tdf-137215-restore-original-modality-before.patch
Patch26: 0001-rhbz-1882616-move-cursor-one-step-at-a-time-in-the-d.patch
Patch27: 0001-rhbz-1980800-allow-convert-to-csv-to-write-each-shee.patch
Patch28: 0001-Resolves-tdf-132739-two-style-tags-where-there-shoul.patch
Patch29: 0001-backports-to-ease-CVE-backporting.patch
Patch30: 0002-CVE-2021-25635.patch
Patch31: 0003-xmlsecurity-replace-XSecParser-implementation.patch
Patch32: 0004-CVE-2021-25634.patch
Patch33: 0005-CVE-2021-25633.patch
Patch34: 0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch
Patch35: 0001-Correctly-read-PNG-into-bitmaps-N32BitTcA.-formats-w.patch
Patch36: 0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch
Patch37: 0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch
Patch38: 0001-Fix-endianness-issues-in-OOX-crypto-routines.patch
Patch39: 0001-CVE-2021-25636.patch
Patch40: 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
Patch41: 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch
Patch42: 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch
Patch43: 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch
Patch44: 0001-CVE-2022-3140.patch
Patch45: 0001-CVE-2022-38745.patch
Patch46: 0001-Obtain-actual-0-parameter-count-for-OR-AND-and-1-par.patch
Patch47: 0002-Stack-check-safety-belt-before-fishing-in-muddy-wate.patch
Patch48: 0003-Always-push-a-result-even-if-it-s-only-an-error.patch
Patch49: 0001-set-Referer-on-loading-IFrames.patch
Patch50: 0002-put-floating-frames-under-managed-links-control.patch
Patch51: 0003-assume-IFrame-script-macro-support-isn-t-needed.patch
Patch52: 0001-disable-script-dump.patch
Patch53: 0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Patch54: 0001-CVE-2023-6186-add-some-protocols-that-don-t-make-sense-as-floating.patch
Patch55: 0002-CVE-2023-6186-warn-about-exotic-protocols-as-well.patch
Patch56: 0003-CVE-2023-6186-default-to-ignoring-libreoffice-special-purpose-prot.patch
Patch57: 0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Patch58: 0005-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-impress-dra.patch
Patch59: 0006-CVE-2023-6186-backporting.patch
Patch60: 0001-CVE-2024-3044-add-notify-for-script-use.patch
Patch61: 0001-CVE-2024-6472-remove-ability-to-trust-not-validated-macro-signatur.patch
%if 0%{?rhel}
# not upstreamed
@ -313,7 +351,9 @@ Summary: Core modules for LibreOffice
Requires: %{name}-%{fontname}-fonts = %{epoch}:%{version}-%{release}
Requires: %{name}-ure%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-data = %{epoch}:%{version}-%{release}
%ifnarch s390 s390x aarch64
Requires: %{name}-plugin%{?_isa} = %{epoch}:%{version}-%{release}
%endif
Requires: liberation-sans-fonts, liberation-serif-fonts, liberation-mono-fonts
Requires: dejavu-sans-fonts, dejavu-serif-fonts, dejavu-sans-mono-fonts
Requires: google-crosextra-caladea-fonts, google-crosextra-carlito-fonts
@ -1016,6 +1056,15 @@ sed -i -e /CppunitTest_sw_uiwriter/d sw/Module_sw.mk
sed -i -e /CppunitTest_sc_subsequent_filters_test/d sc/Module_sc.mk
%endif
sed -i -e /CppunitTest_sal_osl/d sal/Module_sal.mk
%ifarch s390x
sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
sed -i -e /CppunitTest_sw_htmlexport/d sw/Module_sw.mk
%endif
# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
git commit -q -a -m 'temporarily disable failing tests'
@ -1061,7 +1110,7 @@ SMP_MFLAGS=%{?_smp_mflags}
SMP_MFLAGS=$[${SMP_MFLAGS/-j/}]
%if 0%{?flatpak}
%define flatpakoptions --with-boost-libdir=%{_libdir} --with-beanshell-jar=/app/share/java/bsh.jar --with-commons-logging-jar=/app/share/java/commons-logging.jar --with-flute-jar=/app/share/java/flute.jar --with-jfreereport-jar=/app/share/java/flow-engine.jar --with-libbase-jar=/app/share/java/libbase.jar --with-libfonts-jar=/app/share/java/libfonts.jar --with-libformula-jar=/app/share/java/libformula.jar --with-liblayout-jar=/app/share/java/liblayout.jar --with-libloader-jar=/app/share/java/libloader.jar --with-librepository-jar=/app/share/java/librepository.jar --with-libserializer-jar=/app/share/java/libserializer.jar --with-libxml-jar=/app/share/java/libxml.jar --with-sac-jar=/app/share/java/sac.jar FIREBIRDCONFIG=%{_libdir}/fb_config QT4INC=%{_includedir}
%define flatpakoptions --with-boost-libdir=%{_libdir} --with-beanshell-jar=/app/share/java/bsh.jar --with-commons-logging-jar=/app/share/java/commons-logging.jar --with-external-dict-dir=/app/share/myspell --with-external-hyph-dir=/app/share/hyphen --with-external-thes-dir=/app/share/mythes --with-flute-jar=/app/share/java/flute.jar --with-jdk-home=/app/lib/jvm/java-1.8.0-openjdk --with-jfreereport-jar=/app/share/java/flow-engine.jar --with-libbase-jar=/app/share/java/libbase.jar --with-libfonts-jar=/app/share/java/libfonts.jar --with-libformula-jar=/app/share/java/libformula.jar --with-liblayout-jar=/app/share/java/liblayout.jar --with-libloader-jar=/app/share/java/libloader.jar --with-librepository-jar=/app/share/java/librepository.jar --with-libserializer-jar=/app/share/java/libserializer.jar --with-libxml-jar=/app/share/java/libxml.jar --with-sac-jar=/app/share/java/sac.jar FIREBIRDCONFIG=%{_libdir}/fb_config QT4INC=%{_includedir}
%endif
# TODO: enable coinmp?
@ -1107,7 +1156,13 @@ touch autogen.lastrun
ulimit -c unlimited || true
make verbose=true build-nocheck
if ! make verbose=true build-nocheck; then
echo "build attempt 1 failed"
if ! make verbose=true build-nocheck; then
echo "build attempt 2 failed"
make verbose=true GMAKE_OPTIONS=-rj1 build-nocheck
fi
fi
#generate the icons and mime type stuff
export DESTDIR=../output
@ -1333,7 +1388,12 @@ for file in *.desktop; do
$file
done
# rhbz#186515 do not show startcenter
sed -i -e /NoDisplay/s/false/true/ startcenter.desktop
desktop-file-edit --set-key=NoDisplay --set-value=true startcenter.desktop
%ifarch s390 s390x aarch64
for app in base calc draw impress math startcenter writer xsltfilter; do
desktop-file-edit --set-key=NoDisplay --set-value=true $app.desktop
done
%endif
# relocate the .desktop and icon files
install -m 0755 -d %{buildroot}%{_datadir}/applications
for app in base calc draw impress math startcenter writer xsltfilter; do
@ -1466,6 +1526,7 @@ appstream-util replace-screenshots %{buildroot}%{_datadir}/metainfo/libreoffice-
# org.libreoffice.LibreOffice.appdata.xml; first create the single file:
solenv/bin/assemble-flatpak-appdata-step1.sh \
%{buildroot}%{_datadir}/metainfo/ 0
%if 0%{?fedora}
# ...then update the screenshots in the single file (see above):
appstream-util replace-screenshots \
%{buildroot}%{_datadir}/metainfo/org.libreoffice.LibreOffice.appdata.xml \
@ -1474,6 +1535,7 @@ appstream-util replace-screenshots \
https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-calc/a.png \
https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-draw/a.png \
https://raw.githubusercontent.com/hughsie/fedora-appstream/master/screenshots-extra/libreoffice-impress/a.png
%endif
# ...then append the original files to the single file:
solenv/bin/assemble-flatpak-appdata-step2.sh \
%{buildroot}%{_datadir}/metainfo/ %{buildroot}%{_datadir}/metainfo/
@ -1493,8 +1555,8 @@ for jar in %{buildroot}%{baseinstdir}/program/classes/*.jar; do
done
%check
%ifnarch ppc64 s390x aarch64 armv7hl
make
%ifnarch ppc64 aarch64 armv7hl
make unitcheck slowcheck
# we don't need this anymore
rm -f %{buildroot}%{baseinstdir}/program/classes/smoketest.jar
%endif
@ -2246,6 +2308,62 @@ done
%{_includedir}/LibreOfficeKit
%changelog
* Thu Aug 15 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-18
- Fix CVE-2024-6472 remove ability to trust not validated macro signatures in
high security
* Fri Jun 07 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-17
- Fix CVE-2024-3044 add notify for script use
* Mon Mar 11 2024 Eike Rathke <erack@redhat.com> - 1:6.4.7.2-16
- Fix CVE-2023-6185 escape url passed to gstreamer
- Fix CVE-2023-6186 check link target protocols
* Mon Jun 19 2023 Stephan Bergmann <sbergman@redhat.com> - 1:6.4.7.2-15
- Resolves: rhbz#2210191 CVE-2023-0950 Array Index UnderFlow in Calc Formula
Parsing
- Resolves: rhbz#2210195 CVE-2023-2255 libreoffice: Remote documents loaded
without prompt via IFrame
- Resolves: rhbz#2208509 CVE-2023-1183 libreoffice: Arbitrary File Write
* Wed Apr 12 2023 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-14
- Resolves: rhbz#2182390 CVE-2022-38745 Empty entry in Java class path
* Mon Nov 21 2022 Stephan Bergmann <sbergman@redhat.com> - 1:6.4.7.2-13
- Resolves: rhbz#2031681 Failure saving to smb share
* Fri Oct 14 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-12
- Resolves: rhbz#2118928 CVE-2022-26305 Untrusted Macros
- Resolves: rhbz#2118924 CVE-2022-26307 Weak Master Keys
- Resolves: rhbz#2118920 CVE-2022-26306 Static Initialization Vector
- Resolves: rhbz#2134702 CVE-2022-3140 Macro URL arbitrary script execution
* Mon Mar 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-11
- Resolves: rhbz#2060559 CVE-2021-25636
* Mon Feb 07 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-10
- Related: rhbz#2029810 bump n-v-r
* Mon Jan 31 2022 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-9
- Related: rhbz#2029810 set NoDisplay=true for .desktop on s390x/aarch64
- Related: rhbz#2029810 don't Require any vclplug for s390x/aarch64
* Tue Dec 07 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-8
- Resolves: rhbz#2029810 enable make check on s390x
* Fri Oct 15 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-7
- Resolves: rhbz#2013858 CVE-2021-25633
- Resolves: rhbz#2014215 CVE-2021-25634
- Resolves: rhbz#2014209 CVE-2021-25635
* Mon Sep 06 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-6
- Resolves: rhbz#1980800 allow convert to csv to write each sheet to
separate file
- Resolves: rhbz#1992695 two style tags where there should be one
* Wed Feb 03 2021 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-5
- Resolves: rhbz#1924619 bad insertion of emoji
* Mon Nov 09 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.4.7.2-4
- Resolves: rhbz#1889801 rebuild for poppler