From af932f67370d8f692fc6e05c47c1422767f18a62 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 22 Sep 2023 18:26:40 +0300 Subject: [PATCH] import libreoffice-7.1.8.1-11.el9 --- .gitignore | 8 + .libreoffice.metadata | 8 + SOURCES/0001-CVE-2021-25636.patch | 69 + ...305-compare-authors-using-Thumbprint.patch | 63 + SOURCES/0001-CVE-2022-38745.patch | 93 + ...on-t-use-Library_tl-in-URE-libraries.patch | 364 ++ ...pl-copy-ctor-doesn-t-exactly-copy-Ed.patch | 53 + ...01-Get-rid-of-apache-commons-logging.patch | 1309 +++++ ...parameter-count-for-OR-AND-and-1-par.patch | 77 + ...001-Replace-inet_ntoa-with-inet_ntop.patch | 162 + ...bz-1432468-disable-opencl-by-default.patch | 26 + ...81661-gtk-critical-gtk_tree_view_scr.patch | 51 + ...250-don-t-share-adjustments-between-.patch | 123 + ...567-restore-focus-to-the-usual-frame.patch | 63 + ...0-gdrive-support-w-oAuth-and-Drive-A.patch | 1262 +++++ ...truction-of-a-hardcoded-IPv4-address.patch | 39 + ...trap-should-not-depend-on-Library_co.patch | 32 + ...g-about-missing-.note.gnu.property-s.patch | 143 + SOURCES/0001-disable-libe-book-support.patch | 145 + SOURCES/0001-disable-script-dump.patch | 99 + ...ble-tip-of-the-day-dialog-by-default.patch | 26 + ...uldn-t-get-prefixed-to-become-libreo.patch | 45 + SOURCES/0001-don-t-suppress-crashes.patch | 35 + ...-fix-comparison-when-searching-cache.patch | 40 + SOURCES/0001-fix-detecting-qrcodegen.patch | 40 + ...missing-gdk_threads_enter-calls-in-e.patch | 118 + ...pp-cpp-work-for-gcc-cpp-as-a-ucpp-re.patch | 111 + ...desktop-include-Spreadsheet-category.patch | 39 + SOURCES/0001-rhbz-1918152-fix-FTBFS.patch | 26 + ...ow-convert-to-csv-to-write-each-shee.patch | 428 ++ .../0001-set-Referer-on-loading-IFrames.patch | 91 + ...n-t-use-undo-array-s-m_pOutlineNodes.patch | 72 + ...07-make-hash-encoding-match-decoding.patch | 183 + ...ty-belt-before-fishing-in-muddy-wate.patch | 72 + ...g-frames-under-managed-links-control.patch | 896 +++ ...-a-result-even-if-it-s-only-an-error.patch | 50 + ...dd-Initialization-Vectors-to-passwor.patch | 583 ++ ...me-script-macro-support-isn-t-needed.patch | 53 + ...7-add-infobar-to-prompt-to-refresh-t.patch | 113 + ...140-Filter-out-unwanted-command-URIs.patch | 292 + ...CAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc | 51 + SOURCES/libreoffice-7.1.8.1.tar.xz.asc | 16 + SOURCES/libreoffice-base-symbolic.svg | 27 + SOURCES/libreoffice-calc-symbolic.svg | 27 + SOURCES/libreoffice-draw-symbolic.svg | 26 + SOURCES/libreoffice-help-7.1.8.1.tar.xz.asc | 16 + SOURCES/libreoffice-impress-symbolic.svg | 25 + SOURCES/libreoffice-main-symbolic.svg | 24 + SOURCES/libreoffice-math-symbolic.svg | 25 + SOURCES/libreoffice-multiliblauncher.sh | 16 + ...ibreoffice-translations-7.1.8.1.tar.xz.asc | 16 + SOURCES/libreoffice-writer-symbolic.svg | 28 + SPECS/libreoffice.spec | 4843 +++++++++++++++++ 53 files changed, 12642 insertions(+) create mode 100644 .gitignore create mode 100644 .libreoffice.metadata create mode 100644 SOURCES/0001-CVE-2021-25636.patch create mode 100644 SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch create mode 100644 SOURCES/0001-CVE-2022-38745.patch create mode 100644 SOURCES/0001-Don-t-use-Library_tl-in-URE-libraries.patch create mode 100644 SOURCES/0001-EditTextObjectImpl-copy-ctor-doesn-t-exactly-copy-Ed.patch create mode 100644 SOURCES/0001-Get-rid-of-apache-commons-logging.patch create mode 100644 SOURCES/0001-Obtain-actual-0-parameter-count-for-OR-AND-and-1-par.patch create mode 100644 SOURCES/0001-Replace-inet_ntoa-with-inet_ntop.patch create mode 100644 SOURCES/0001-Resolves-rhbz-1432468-disable-opencl-by-default.patch create mode 100644 SOURCES/0001-Resolves-rhbz-2081661-gtk-critical-gtk_tree_view_scr.patch create mode 100644 SOURCES/0001-Resolves-tdf-140250-don-t-share-adjustments-between-.patch create mode 100644 SOURCES/0001-Resolves-tdf-145567-restore-focus-to-the-usual-frame.patch create mode 100644 SOURCES/0001-Revert-tdf-101630-gdrive-support-w-oAuth-and-Drive-A.patch create mode 100644 SOURCES/0001-Simplify-construction-of-a-hardcoded-IPv4-address.patch create mode 100644 SOURCES/0001-URE-Library_boostrap-should-not-depend-on-Library_co.patch create mode 100644 SOURCES/0001-annocheck-warning-about-missing-.note.gnu.property-s.patch create mode 100644 SOURCES/0001-disable-libe-book-support.patch create mode 100644 SOURCES/0001-disable-script-dump.patch create mode 100644 SOURCES/0001-disble-tip-of-the-day-dialog-by-default.patch create mode 100644 SOURCES/0001-document-new-shouldn-t-get-prefixed-to-become-libreo.patch create mode 100644 SOURCES/0001-don-t-suppress-crashes.patch create mode 100644 SOURCES/0001-fix-comparison-when-searching-cache.patch create mode 100644 SOURCES/0001-fix-detecting-qrcodegen.patch create mode 100644 SOURCES/0001-gtk3-workaround-missing-gdk_threads_enter-calls-in-e.patch create mode 100644 SOURCES/0001-make-with-idlc-cpp-cpp-work-for-gcc-cpp-as-a-ucpp-re.patch create mode 100644 SOURCES/0001-math.desktop-include-Spreadsheet-category.patch create mode 100644 SOURCES/0001-rhbz-1918152-fix-FTBFS.patch create mode 100644 SOURCES/0001-rhbz-1980800-allow-convert-to-csv-to-write-each-shee.patch create mode 100644 SOURCES/0001-set-Referer-on-loading-IFrames.patch create mode 100644 SOURCES/0001-tdf-121546-sw-don-t-use-undo-array-s-m_pOutlineNodes.patch create mode 100644 SOURCES/0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch create mode 100644 SOURCES/0002-Stack-check-safety-belt-before-fishing-in-muddy-wate.patch create mode 100644 SOURCES/0002-put-floating-frames-under-managed-links-control.patch create mode 100644 SOURCES/0003-Always-push-a-result-even-if-it-s-only-an-error.patch create mode 100644 SOURCES/0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch create mode 100644 SOURCES/0003-assume-IFrame-script-macro-support-isn-t-needed.patch create mode 100644 SOURCES/0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch create mode 100644 SOURCES/0005-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch create mode 100644 SOURCES/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc create mode 100644 SOURCES/libreoffice-7.1.8.1.tar.xz.asc create mode 100644 SOURCES/libreoffice-base-symbolic.svg create mode 100644 SOURCES/libreoffice-calc-symbolic.svg create mode 100644 SOURCES/libreoffice-draw-symbolic.svg create mode 100644 SOURCES/libreoffice-help-7.1.8.1.tar.xz.asc create mode 100644 SOURCES/libreoffice-impress-symbolic.svg create mode 100644 SOURCES/libreoffice-main-symbolic.svg create mode 100644 SOURCES/libreoffice-math-symbolic.svg create mode 100644 SOURCES/libreoffice-multiliblauncher.sh create mode 100644 SOURCES/libreoffice-translations-7.1.8.1.tar.xz.asc create mode 100644 SOURCES/libreoffice-writer-symbolic.svg create mode 100644 SPECS/libreoffice.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..527f1de --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +SOURCES/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip +SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll +SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip +SOURCES/dtoa-20180411.tgz +SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf +SOURCES/libreoffice-7.1.8.1.tar.xz +SOURCES/libreoffice-help-7.1.8.1.tar.xz +SOURCES/libreoffice-translations-7.1.8.1.tar.xz diff --git a/.libreoffice.metadata b/.libreoffice.metadata new file mode 100644 index 0000000..1305b8b --- /dev/null +++ b/.libreoffice.metadata @@ -0,0 +1,8 @@ +7168b0f40aa5c72267899601c116d2348d2f56ec SOURCES/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip +0619ed3a89644bef318df67db12045b2b590585b SOURCES/185d60944ea767075d27247c3162b3bc-unowinreg.dll +2d49e11b0b711970f494294dc3698f05eb294853 SOURCES/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip +083509db5ad9d1680830be9add727d58b54ca0d3 SOURCES/dtoa-20180411.tgz +dd55efd721df8a013709e27836bdf26623e5320e SOURCES/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf +58642377b80001f41884b2fff3d74fe66426b182 SOURCES/libreoffice-7.1.8.1.tar.xz +48afe3a1a30861904bf31b387d6bc56360f5ac19 SOURCES/libreoffice-help-7.1.8.1.tar.xz +cb1238f7b182c8bfb16086d2eb9305b43b8a6d16 SOURCES/libreoffice-translations-7.1.8.1.tar.xz diff --git a/SOURCES/0001-CVE-2021-25636.patch b/SOURCES/0001-CVE-2021-25636.patch new file mode 100644 index 0000000..9ec1f6a --- /dev/null +++ b/SOURCES/0001-CVE-2021-25636.patch @@ -0,0 +1,69 @@ +From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Mon, 20 Dec 2021 17:05:44 +0000 +Subject: [PATCH] only use X509Data + +Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 +Tested-by: Jenkins +Reviewed-by: Miklos Vajna +(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178 +Reviewed-by: Adolfo Jayme Barrientos +(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139) +--- + .../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++ + xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +index c699c950f351..9f816479f9dd 100644 +--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx ++++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +@@ -22,6 +22,8 @@ + #include + #include + ++#include ++ + #include + #include + +@@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( + // We do certificate verification ourselves. + pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + ++ // limit possible key data to valid X509 certificates only, no KeyValues ++ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0) ++ throw RuntimeException("failed to limit allowed key data"); ++ + //Verify signature + //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) + //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if +diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +index b41d754f7407..975c17272dc7 100644 +--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx ++++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +@@ -20,6 +20,8 @@ + #include + #include + ++#include ++ + #include + #include + #include +@@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate( + // We do certificate verification ourselves. + pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + ++ // limit possible key data to valid X509 certificates only, no KeyValues ++ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) ++ throw RuntimeException("failed to limit allowed key data"); ++ + //Verify signature + int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode ); + +-- +2.35.1 + diff --git a/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch b/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch new file mode 100644 index 0000000..5656d0d --- /dev/null +++ b/SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch @@ -0,0 +1,63 @@ +From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Thu, 3 Mar 2022 14:22:37 +0000 +Subject: [PATCH 1/5] CVE-2022-26305 compare authors using Thumbprint + +Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 +Tested-by: Jenkins +Reviewed-by: Miklos Vajna +(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 +Reviewed-by: Michael Stahl +(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) +--- + .../component/documentdigitalsignatures.cxx | 23 +++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx +index b9066ea92cac..5a21c8421bec 100644 +--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx ++++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx +@@ -19,9 +19,10 @@ + + #include + +-#include ++#include + #include + #include ++#include + #include + #include + #include +@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted( + Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors(); + + return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(), +- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { +- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()) +- && ( rAuthor[1] == sSerialNum ); ++ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { ++ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())) ++ return false; ++ if (rAuthor[1] != sSerialNum) ++ return false; ++ ++ DocumentSignatureManager aSignatureManager(mxCtx, {}); ++ if (!aSignatureManager.init()) ++ return false; ++ uno::Reference xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]); ++ ++ auto pAuthor = dynamic_cast(xAuthor.get()); ++ auto pCert = dynamic_cast(xCert.get()); ++ if (pAuthor && pCert) ++ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint(); ++ ++ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint(); + }); + } + +-- +2.37.3 + diff --git a/SOURCES/0001-CVE-2022-38745.patch b/SOURCES/0001-CVE-2022-38745.patch new file mode 100644 index 0000000..01dde2d --- /dev/null +++ b/SOURCES/0001-CVE-2022-38745.patch @@ -0,0 +1,93 @@ +From dbf825c25195e29a00228f31112c5aaa2102f692 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Mon, 21 Feb 2022 11:55:21 +0100 +Subject: [PATCH] Avoid unnecessary empty -Djava.class.path= + +Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +--- + .../plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16 +++++++++++++--- + jvmfwk/source/framework.cxx | 8 ++++++-- + jvmfwk/source/fwkbase.cxx | 3 +++ + 3 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +index f47b0a3..843f6d1 100644 +--- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx ++++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +@@ -713,17 +713,22 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + // all versions below 1.5.1 + options.emplace_back("abort", reinterpret_cast(abort_handler)); + bool hasStackSize = false; ++#ifdef UNX ++ // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) ++ // in the class path in order to have applet support: ++ OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); ++#endif + for (int i = 0; i < cOptions; i++) + { + OString opt(arOptions[i].optionString); + #ifdef UNX +- // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) +- // in the class path in order to have applet support: + if (opt.startsWith("-Djava.class.path=")) + { +- OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); + if (!sAddPath.isEmpty()) ++ { + opt += OStringChar(SAL_PATHSEPARATOR) + sAddPath; ++ sAddPath.clear(); ++ } + } + #endif + if (opt == "-Xint") { +@@ -768,6 +773,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( + } + #endif + } ++#ifdef UNX ++ if (!sAddPath.isEmpty()) { ++ options.emplace_back("-Djava.class.path=" + sAddPath, nullptr); ++ } ++#endif + + std::unique_ptr sarOptions(new JavaVMOption[options.size()]); + for (std::vector