rpms / libreoffice

Clone
Source Code
GIT

Blame SOURCES/0001-backports-to-ease-CVE-backporting.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   c8-containeronly-stream-flatpak
  2.   SOURCES
  3.   0001-backports-to-ease-CVE-backporting.patch
Blob History Raw
0c7e3c 
From c2cf13da3bbf756ef3f78251c40d45fc23c27f36 Mon Sep 17 00:00:00 2001
0c7e3c 
From: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
0c7e3c 
Date: Wed, 29 Apr 2020 07:42:24 +0200
0c7e3c 
Subject: [PATCH 1/6] backports to ease CVE backporting
0c7e3c
0c7e3c 
Remove unnecessary if block
0c7e3c
0c7e3c 
And format code inside
0c7e3c
0c7e3c 
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
0c7e3c 
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
0c7e3c 
Tested-by: Jenkins
0c7e3c 
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
0c7e3c 
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
0c7e3c
0c7e3c 
space out the namespace constant values
0c7e3c
0c7e3c 
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88938
0c7e3c 
(cherry picked from commit 5352d45dd4a04f8f02cf7f6ad4169126d3b3586a)
0c7e3c
0c7e3c 
Change-Id: I30f54bfc1389e91b18e4fee8b83e1b297419899b
0c7e3c 
---
0c7e3c 
 include/xmloff/xmlnmspe.hxx                   |  16 +--
0c7e3c 
 .../component/documentdigitalsignatures.cxx   | 130 +++++++++---------
0c7e3c 
 .../source/helper/xmlsignaturehelper.cxx      |   1 +
0c7e3c 
 3 files changed, 75 insertions(+), 72 deletions(-)
0c7e3c
0c7e3c 
diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx
0c7e3c 
index a00628b6b999..b079053c38d3 100644
0c7e3c 
--- a/include/xmloff/xmlnmspe.hxx
0c7e3c 
+++ b/include/xmloff/xmlnmspe.hxx
0c7e3c 
@@ -69,7 +69,7 @@ XML_NAMESPACE( XML_NAMESPACE_VERSIONS_LIST,   37U )
0c7e3c
0c7e3c 
 // namespaces for odf extended formats
0c7e3c
0c7e3c 
-#define XML_NAMESPACE_EXT_BASE 38U
0c7e3c 
+#define XML_NAMESPACE_EXT_BASE 50U
0c7e3c 
 #define XML_NAMESPACE_EXT( prefix, index ) \
0c7e3c 
 const sal_uInt16 prefix = (XML_NAMESPACE_EXT_BASE+index);
0c7e3c
0c7e3c 
@@ -82,7 +82,7 @@ XML_NAMESPACE_EXT( XML_NAMESPACE_LO_EXT,           5U )
0c7e3c
0c7e3c 
 // namespaces for OOo formats
0c7e3c
0c7e3c 
-#define XML_NAMESPACE_OOO_BASE 44U
0c7e3c 
+#define XML_NAMESPACE_OOO_BASE 60U
0c7e3c 
 #define XML_NAMESPACE_OOO( prefix, index ) \
0c7e3c 
 const sal_uInt16 prefix = (XML_NAMESPACE_OOO_BASE+index);
0c7e3c
0c7e3c 
@@ -100,7 +100,7 @@ XML_NAMESPACE_OOO( XML_NAMESPACE_CONFIG_OOO,        10U )
0c7e3c 
 XML_NAMESPACE_OOO( XML_NAMESPACE_FORM_OOO,          11U )
0c7e3c 
 XML_NAMESPACE_OOO( XML_NAMESPACE_SCRIPT_OOO,        12U )
0c7e3c
0c7e3c 
-#define XML_NAMESPACE_COMPAT_BASE 57U
0c7e3c 
+#define XML_NAMESPACE_COMPAT_BASE 80U
0c7e3c 
 #define XML_NAMESPACE_COMPAT( prefix, index ) \
0c7e3c 
 const sal_uInt16 prefix = (XML_NAMESPACE_COMPAT_BASE+index);
0c7e3c
0c7e3c 
@@ -108,14 +108,14 @@ XML_NAMESPACE_COMPAT( XML_NAMESPACE_SVG_COMPAT,      0U )
0c7e3c 
 XML_NAMESPACE_COMPAT( XML_NAMESPACE_FO_COMPAT,       1U )
0c7e3c 
 XML_NAMESPACE_COMPAT( XML_NAMESPACE_SMIL_COMPAT,     2U )
0c7e3c
0c7e3c 
-#define XML_NAMESPACE_OASIS_BASE 60U
0c7e3c 
+#define XML_NAMESPACE_OASIS_BASE 90U
0c7e3c 
 #define XML_NAMESPACE_OASIS( prefix, index ) \
0c7e3c 
 const sal_uInt16 prefix = (XML_NAMESPACE_OASIS_BASE+index);
0c7e3c
0c7e3c 
 XML_NAMESPACE_OASIS( XML_NAMESPACE_DB_OASIS,         0U )
0c7e3c 
 XML_NAMESPACE_OASIS( XML_NAMESPACE_REPORT_OASIS,     1U )
0c7e3c
0c7e3c 
-#define XML_OLD_NAMESPACE_BASE 62U
0c7e3c 
+#define XML_OLD_NAMESPACE_BASE 100U
0c7e3c 
 #define XML_OLD_NAMESPACE( prefix, index ) \
0c7e3c 
 const sal_uInt16 prefix = (XML_OLD_NAMESPACE_BASE+index);
0c7e3c
0c7e3c 
@@ -134,9 +134,9 @@ XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_CHART,         10U )
0c7e3c 
 XML_OLD_NAMESPACE( XML_OLD_NAMESPACE_SMIL,          11U )
0c7e3c
0c7e3c 
 // experimental namespaces
0c7e3c 
-XML_NAMESPACE( XML_NAMESPACE_FIELD,           100U )
0c7e3c 
-XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT,        103U )  // CSS Text Level 3
0c7e3c 
-XML_NAMESPACE( XML_NAMESPACE_FORMX,           101U )  // form interop extensions
0c7e3c 
+XML_NAMESPACE( XML_NAMESPACE_FIELD,           120U )
0c7e3c 
+XML_NAMESPACE( XML_NAMESPACE_CSS3TEXT,        123U )  // CSS Text Level 3
0c7e3c 
+XML_NAMESPACE( XML_NAMESPACE_FORMX,           121U )  // form interop extensions
0c7e3c
0c7e3c
0c7e3c 
 #endif // INCLUDED_XMLOFF_XMLNMSPE_HXX
0c7e3c 
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
0c7e3c 
index dcfaad0af773..52cb938a8e0a 100644
0c7e3c 
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
0c7e3c 
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
0c7e3c 
@@ -500,85 +500,87 @@ DocumentDigitalSignatures::ImplVerifySignatures(
0c7e3c 
     Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
0c7e3c 
     css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
0c7e3c
0c7e3c 
-    if ( nInfos )
0c7e3c 
+    for (int n = 0; n < nInfos; ++n)
0c7e3c 
     {
0c7e3c 
-        for( int n = 0; n < nInfos; ++n )
0c7e3c 
-        {
0c7e3c 
-            DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
0c7e3c 
-                m_sODFVersion, aSignInfos[n]);
0c7e3c 
-            const std::vector< OUString > aElementsToBeVerified =
0c7e3c 
-                DocumentSignatureHelper::CreateElementList(
0c7e3c 
-                rxStorage, eMode, mode);
0c7e3c 
+        DocumentSignatureAlgorithm mode
0c7e3c 
+            = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
0c7e3c 
+        const std::vector<OUString> aElementsToBeVerified
0c7e3c 
+            = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
0c7e3c
0c7e3c 
-            const SignatureInformation& rInfo = aSignInfos[n];
0c7e3c 
-            css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
0c7e3c 
+        const SignatureInformation& rInfo = aSignInfos[n];
0c7e3c 
+        css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
0c7e3c
0c7e3c 
-            if (rInfo.ouGpgCertificate.isEmpty()) // X.509
0c7e3c 
+        if (rInfo.ouGpgCertificate.isEmpty()) // X.509
0c7e3c 
+        {
0c7e3c 
+            if (!rInfo.ouX509Certificate.isEmpty())
0c7e3c 
+                rSigInfo.Signer = xSecEnv->createCertificateFromAscii(rInfo.ouX509Certificate);
0c7e3c 
+            if (!rSigInfo.Signer.is())
0c7e3c 
+                rSigInfo.Signer = xSecEnv->getCertificate(
0c7e3c 
+                    rInfo.ouX509IssuerName,
0c7e3c 
+                    xmlsecurity::numericStringToBigInteger(rInfo.ouX509SerialNumber));
0c7e3c 
+
0c7e3c 
+            // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
0c7e3c 
+            // to find the parent certificate. It does not take into account that there can be several certificates
0c7e3c 
+            // with the same subject name.
0c7e3c 
+            try
0c7e3c 
             {
0c7e3c 
-                if (!rInfo.ouX509Certificate.isEmpty())
0c7e3c 
-                    rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
0c7e3c 
-                if (!rSigInfo.Signer.is())
0c7e3c 
-                    rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
0c7e3c 
-                                                               xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
0c7e3c 
-
0c7e3c 
-                // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
0c7e3c 
-                // to find the parent certificate. It does not take into account that there can be several certificates
0c7e3c 
-                // with the same subject name.
0c7e3c 
-
0c7e3c 
-                try {
0c7e3c 
-                    rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
0c7e3c 
-                                                                            Sequence<Reference<css::security::XCertificate> >());
0c7e3c 
-                } catch (SecurityException& ) {
0c7e3c 
-                    OSL_FAIL("Verification of certificate failed");
0c7e3c 
-                    rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
0c7e3c 
-                }
0c7e3c 
+                rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
0c7e3c 
+                    rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
0c7e3c 
             }
0c7e3c 
-            else if (xGpgSecEnv.is()) // GPG
0c7e3c 
+            catch (SecurityException&)
0c7e3c 
             {
0c7e3c 
-                // TODO not ideal to retrieve cert by keyID, might
0c7e3c 
-                // collide, or PGPKeyID format might change - can't we
0c7e3c 
-                // keep the xCert itself in rInfo?
0c7e3c 
-                rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
0c7e3c 
-                rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
0c7e3c 
-                                                                           Sequence<Reference<css::security::XCertificate> >());
0c7e3c 
+                OSL_FAIL("Verification of certificate failed");
0c7e3c 
+                rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
0c7e3c 
             }
0c7e3c 
+        }
0c7e3c 
+        else if (xGpgSecEnv.is()) // GPG
0c7e3c 
+        {
0c7e3c 
+            // TODO not ideal to retrieve cert by keyID, might
0c7e3c 
+            // collide, or PGPKeyID format might change - can't we
0c7e3c 
+            // keep the xCert itself in rInfo?
0c7e3c 
+            rSigInfo.Signer = xGpgSecEnv->getCertificate(
0c7e3c 
+                rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(""));
0c7e3c 
+            rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
0c7e3c 
+                rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
0c7e3c 
+        }
0c7e3c
0c7e3c 
-            // Time support again (#i38744#)
0c7e3c 
-            Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
0c7e3c 
-            tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
0c7e3c 
-                        rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
0c7e3c 
-            rSigInfo.SignatureDate = aDate.GetDate();
0c7e3c 
-            rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
0c7e3c 
+        // Time support again (#i38744#)
0c7e3c 
+        Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
0c7e3c 
+        tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
0c7e3c 
+                          rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
0c7e3c 
+        rSigInfo.SignatureDate = aDate.GetDate();
0c7e3c 
+        rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
0c7e3c
0c7e3c 
-            rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
0c7e3c 
+        rSigInfo.SignatureIsValid
0c7e3c 
+            = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
0c7e3c
0c7e3c 
-            // Signature line info (ID + Images)
0c7e3c 
-            if (!rInfo.ouSignatureLineId.isEmpty())
0c7e3c 
-                rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
0c7e3c 
+        // Signature line info (ID + Images)
0c7e3c 
+        if (!rInfo.ouSignatureLineId.isEmpty())
0c7e3c 
+            rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
0c7e3c
0c7e3c 
-            if (rInfo.aValidSignatureImage.is())
0c7e3c 
-                rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
0c7e3c 
+        if (rInfo.aValidSignatureImage.is())
0c7e3c 
+            rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
0c7e3c
0c7e3c 
-            if (rInfo.aInvalidSignatureImage.is())
0c7e3c 
-                rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
0c7e3c 
-
0c7e3c 
-            // OOXML intentionally doesn't sign metadata.
0c7e3c 
-            if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
0c7e3c 
-            {
0c7e3c 
-                 rSigInfo.SignatureIsValid =
0c7e3c 
-                      DocumentSignatureHelper::checkIfAllFilesAreSigned(
0c7e3c 
-                      aElementsToBeVerified, rInfo, mode);
0c7e3c 
-            }
0c7e3c 
-            if (eMode == DocumentSignatureMode::Content)
0c7e3c 
-            {
0c7e3c 
-                if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
0c7e3c 
-                    rSigInfo.PartialDocumentSignature = true;
0c7e3c 
-                else
0c7e3c 
-                    rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
0c7e3c 
-            }
0c7e3c 
+        if (rInfo.aInvalidSignatureImage.is())
0c7e3c 
+            rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
0c7e3c
0c7e3c 
+        // OOXML intentionally doesn't sign metadata.
0c7e3c 
+        if (rSigInfo.SignatureIsValid
0c7e3c 
+            && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
0c7e3c 
+        {
0c7e3c 
+            rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
0c7e3c 
+                aElementsToBeVerified, rInfo, mode);
0c7e3c 
+        }
0c7e3c 
+        if (eMode == DocumentSignatureMode::Content)
0c7e3c 
+        {
0c7e3c 
+            if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
0c7e3c 
+                rSigInfo.PartialDocumentSignature = true;
0c7e3c 
+            else
0c7e3c 
+                rSigInfo.PartialDocumentSignature
0c7e3c 
+                    = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
0c7e3c 
         }
0c7e3c 
     }
0c7e3c 
+
0c7e3c 
     return aInfos;
0c7e3c
0c7e3c 
 }
0c7e3c 
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
0c7e3c 
index 6ec834053a17..22c056e70da1 100644
0c7e3c 
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
0c7e3c 
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
0c7e3c 
@@ -402,6 +402,7 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorageStream(const css::uno::Ref
0c7e3c 
     catch(const uno::Exception&)
0c7e3c 
     {
0c7e3c 
         DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper");
0c7e3c 
+        mbError = true;
0c7e3c 
     }
0c7e3c
0c7e3c 
     mpXSecController->releaseSignatureReader();
0c7e3c 
--
0c7e3c 
2.32.0
0c7e3c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation