commit af932f67370d8f692fc6e05c47c1422767f18a62 Author: MSVSphere Packaging Team Date: Fri Sep 22 18:26:40 2023 +0300 import libreoffice-7.1.8.1-11.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..527f1de --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +SOURCES/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip +SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll +SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip +SOURCES/dtoa-20180411.tgz +SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf +SOURCES/libreoffice-7.1.8.1.tar.xz +SOURCES/libreoffice-help-7.1.8.1.tar.xz +SOURCES/libreoffice-translations-7.1.8.1.tar.xz diff --git a/.libreoffice.metadata b/.libreoffice.metadata new file mode 100644 index 0000000..1305b8b --- /dev/null +++ b/.libreoffice.metadata @@ -0,0 +1,8 @@ +7168b0f40aa5c72267899601c116d2348d2f56ec SOURCES/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip +0619ed3a89644bef318df67db12045b2b590585b SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll +2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip +083509db5ad9d1680830be9add727d58b54ca0d3 SOURCES/dtoa-20180411.tgz +dd55efd721df8a013709e27836bdf26623e5320e SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf +58642377b80001f41884b2fff3d74fe66426b182 SOURCES/libreoffice-7.1.8.1.tar.xz +48afe3a1a30861904bf31b387d6bc56360f5ac19 SOURCES/libreoffice-help-7.1.8.1.tar.xz +cb1238f7b182c8bfb16086d2eb9305b43b8a6d16 SOURCES/libreoffice-translations-7.1.8.1.tar.xz diff --git a/SOURCES/0001-CVE-2021-25636.patch b/SOURCES/0001-CVE-2021-25636.patch new file mode 100644 index 0000000..9ec1f6a --- /dev/null +++ b/SOURCES/0001-CVE-2021-25636.patch @@ -0,0 +1,69 @@ +From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Mon, 20 Dec 2021 17:05:44 +0000 +Subject: [PATCH] only use X509Data + +Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 +Tested-by: Jenkins +Reviewed-by: Miklos Vajna +(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178 +Reviewed-by: Adolfo Jayme Barrientos +(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139) +--- + .../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++ + xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +index c699c950f351..9f816479f9dd 100644 +--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx ++++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +@@ -22,6 +22,8 @@ + #include + #include + ++#include ++ + #include + #include + +@@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( + // We do certificate verification ourselves. + pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + ++ // limit possible key data to valid X509 certificates only, no KeyValues ++ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0) ++ throw RuntimeException("failed to limit allowed key data"); ++ + //Verify signature + //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) + //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if +diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +index b41d754f7407..975c17272dc7 100644 +--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx ++++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +@@ -20,6 +20,8 @@ + #include + #include + ++#include ++ + #include + #include + #include +@@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate( + // We do certificate verification ourselves. + pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + ++ // limit possible key data to valid X509 certificates only, no KeyValues ++ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) ++ throw RuntimeException("failed to limit allowed key data"); ++ + //Verify signature + int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode ); + +-- +2.35.1 + diff --git a/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch b/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch new file mode 100644 index 0000000..5656d0d --- /dev/null +++ b/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch @@ -0,0 +1,63 @@ +From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Thu, 3 Mar 2022 14:22:37 +0000 +Subject: [PATCH 1/5] CVE-2022-26305 compare authors using Thumbprint + +Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 +Tested-by: Jenkins +Reviewed-by: Miklos Vajna +(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 +Reviewed-by: Michael Stahl +(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) +--- + .../component/documentdigitalsignatures.cxx | 23 +++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx +index b9066ea92cac..5a21c8421bec 100644 +--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx ++++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx +@@ -19,9 +19,10 @@ + + #include + +-#include ++#include + #include + #include ++#include + #include + #include + #include +@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted( + Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors(); + + return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(), +- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { +- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()) +- && ( rAuthor[1] == sSerialNum ); ++ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { ++ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())) ++ return false; ++ if (rAuthor[1] != sSerialNum) ++ return false; ++ ++ DocumentSignatureManager aSignatureManager(mxCtx, {}); ++ if (!aSignatureManager.init()) ++ return false; ++ uno::Reference xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]); ++ ++ auto pAuthor = dynamic_cast(xAuthor.get()); ++ auto pCert = dynamic_cast(xCert.get()); ++ if (pAuthor && pCert) ++ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint(); ++ ++ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint(); + }); + } + +-- +2.37.3 + diff --git a/SOURCES/0001-CVE-2022-38745.patch b/SOURCES/0001-CVE-2022-38745.patch new file mode 100644 index 0000000..01dde2d --- /dev/null +++ b/SOURCES/0001-CVE-2022-38745.patch @@ -0,0 +1,93 @@ +From dbf825c25195e29a00228f31112c5aaa2102f692 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Mon, 21 Feb 2022 11:55:21 +0100 +Subject: [PATCH] Avoid unnecessary empty -Djava.class.path= + +Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +--- + .../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++--- + jvmfwk/source/framework.cxx | 8 ++++++-- + jvmfwk/source/fwkbase.cxx | 3 +++ + 3 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +index f47b0a3..843f6d1 100644 +--- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx ++++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +@@ -713,17 +713,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + // all versions below 1.5.1 + options.emplace_back("abort", reinterpret_cast(abort_handler)); + bool hasStackSize = false; ++#ifdef UNX ++ // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) ++ // in the class path in order to have applet support: ++ OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); ++#endif + for (int i = 0; i < cOptions; i++) + { + OString opt(arOptions[i].optionString); + #ifdef UNX +- // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) +- // in the class path in order to have applet support: + if (opt.startsWith("-Djava.class.path=")) + { +- OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); + if (!sAddPath.isEmpty()) ++ { + opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath; ++ sAddPath.clear(); ++ } + } + #endif + if (opt == "-Xint") { +@@ -768,6 +773,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + } + #endif + } ++#ifdef UNX ++ if (!sAddPath.isEmpty()) { ++ options.emplace_back("-Djava.class.path=" + sAddPath, nullptr); ++ } ++#endif + + std::unique_ptr sarOptions(new JavaVMOption[options.size()]); + for (std::vector