configure.ac | 6
desktop/source/app/cmdlineargs.cxx | 10
download.lst | 32
drawinglayer/source/tools/emfphelperdata.cxx | 31
external/curl/ExternalPackage_curl.mk | 2
external/curl/ExternalProject_curl.mk | 4
external/curl/clang-cl.patch.0 | 2
external/curl/curl-7.26.0_win-proxy.patch | 20
external/curl/curl-msvc-disable-protocols.patch.1 | 4
external/curl/curl-msvc.patch.1 | 4
external/curl/curl-nss.patch.1 | 11
external/curl/zlib.patch.0 | 20
external/libxml2/ExternalPackage_libxml2.mk | 2
external/libxml2/libxml2-android.patch | 6
external/libxslt/UnpackedTarball_libxslt.mk | 1
external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69 -
external/libxslt/rpath.patch.0 | 2
external/nss/ExternalProject_nss.mk | 3
external/nss/asan.patch.1 | 4
external/nss/nss.patch | 6
external/poppler/StaticLibrary_poppler.mk | 5
external/poppler/UnpackedTarball_poppler.mk | 2
external/poppler/disable-freetype.patch.1 | 41 +
external/poppler/gcc7-EntityInfo.patch.1 | 48 +
external/poppler/poppler-c++11.patch.1 | 13
external/poppler/poppler-config.patch.1 | 27
external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch | 29
external/zlib/UnpackedTarball_zlib.mk | 7
external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch | 32
hwpfilter/source/htags.cxx | 26
hwpfilter/source/hwpfile.cxx | 2
hwpfilter/source/hwpfile.h | 4
hwpfilter/source/hwpreader.cxx | 64 -
include/sfx2/strings.hrc | 2
include/sfx2/viewfrm.hxx | 1
jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx | 16
jvmfwk/source/framework.cxx | 8
jvmfwk/source/fwkbase.cxx | 6
lotuswordpro/source/filter/lwpdrawobj.cxx | 123 +--
officecfg/registry/schema/org/openoffice/Office/Common.xcs | 16
sc/inc/documentimport.hxx | 2
sc/inc/mtvelements.hxx | 1
sc/inc/table.hxx | 2
sc/source/core/data/document.cxx | 9
sc/source/core/data/documentimport.cxx | 14
sc/source/core/data/mtvelements.cxx | 5
sc/source/core/data/table2.cxx | 17
sc/source/core/data/table3.cxx | 4
sc/source/core/tool/interpr7.cxx | 3
sc/source/filter/lotus/op.cxx | 11
sc/source/filter/oox/sheetdatabuffer.cxx | 13
sdext/Executable_xpdfimport.mk | 4
sfx2/source/appl/macroloader.cxx | 9
sfx2/source/doc/iframe.cxx | 20
sfx2/source/inc/macroloader.hxx | 2
sfx2/source/view/viewfrm.cxx | 40 +
shell/source/win32/SysShExec.cxx | 8
svl/source/passwordcontainer/passwordcontainer.cxx | 199 ++++-
svl/source/passwordcontainer/passwordcontainer.hxx | 69 +
sw/qa/core/data/ooxml/fail/LIBREOFFICE-DBDAZAEC.docx |binary
sw/qa/extras/layout/data/LIBREOFFICE-N4LA0OHZ.rtf | 347
++++++++++
sw/qa/extras/layout/layout.cxx | 5
sw/source/core/layout/tabfrm.cxx | 1
sw/source/core/unocore/unodraw.cxx | 2
sw/source/filter/html/htmlplug.cxx | 7
sw/source/filter/ww8/wrtw8sty.cxx | 28
sw/source/filter/ww8/wrtww8.hxx | 4
sw/source/filter/xml/xmltexti.cxx | 9
test/source/xmltesttools.cxx | 2
unoxml/source/xpath/xpathobject.cxx | 2
uui/source/iahndl-authentication.cxx | 5
vcl/source/fontsubset/sft.cxx | 2
vcl/source/gdi/svmconverter.cxx | 20
wizards/source/access2base/DoCmd.xba | 2
writerfilter/source/dmapper/DomainMapperTableManager.cxx | 2
xmloff/source/draw/ximpshap.cxx | 4
xmlsecurity/source/component/documentdigitalsignatures.cxx | 13
77 files changed, 1198 insertions(+), 400 deletions(-)
New commits:
commit e48eeecc7ba75baf29298f16590648d647964898
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Oct 26 11:07:49 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
curl: upgrade to release 7.86.0
Fixes CVE-2022-32221 which could affect libcmis, CVE-2022-42915,
and 2 more CVEs that probably don't affect LO.
* remove --without-ssl:
On the one hand, on GNU/Linux this now results in:
configure: error: --without-ssl has been set together with an explicit
option to use an ssl library
On the other hand, using the more obvious --without-openssl yields a link
failure on Android on the nss check in configure:
configure:28220: checking for SSL_VersionRangeSet in -lnss
/home/cl/Android/Sdk/ndk/20.1.5948944/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9.x/../../../../aarch64-linux-android/bin/ld:
warning: liblog.so, needed by
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so,
not found (try using -rpath or -rpath-link)
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so:
undefined reference to `__android_log_write'
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so:
undefined reference to `__android_log_assert'
... so add the -llog for android in curl-nss.patch.1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141866
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit a76a88203d8508f38b10d9bbb94c3bba2485fcaf)
Change-Id: I3931a1eec2d681c2ce0e5695039492772e9fcc81
diff --git a/download.lst b/download.lst
index 48181c486520..80660018dad7 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6
-export CURL_TARBALL := curl-7.85.0.tar.xz
+export CURL_SHA256SUM :=
2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b
+export CURL_TARBALL := curl-7.86.0.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index 2bf98e2b2e3e..5ef2cd66ac5d 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -43,7 +43,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
$(if $(filter IOS MACOSX,$(OS)),\
--with-secure-transport,\
$(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")
--with-nss-deprecated,--without-nss)) \
- --without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
+ --without-openssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
--without-libidn2 --without-libpsl --without-librtmp \
--without-libssh2 --without-metalink --without-nghttp2 \
diff --git a/external/curl/curl-7.26.0_win-proxy.patch
b/external/curl/curl-7.26.0_win-proxy.patch
index c5498c3fdebb..f58736f2b46f 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -12,18 +12,18 @@
--- curl-7.26.0/lib/url.c
+++ misc/build/curl-7.26.0/lib/url.c
@@ -78,6 +78,10 @@
- bool curl_win32_idn_to_ascii(const char *in, char **out);
+ bool Curl_win32_idn_to_ascii(const char *in, char **out);
#endif /* USE_LIBIDN2 */
+#ifdef _WIN32
+#include <WinHttp.h>
+#endif
+
+ #include "doh.h"
#include "urldata.h"
#include "netrc.h"
-
@@ -4586,6 +4590,21 @@
- }
+ #ifndef CURL_DISABLE_PROXY
#ifndef CURL_DISABLE_HTTP
+#ifdef _WIN32
@@ -72,7 +72,7 @@
+ }
+ }
+
-+ if(!check_noproxy(conn->host.name, no_proxy)) {
++ if(!Curl_check_noproxy(conn->host.name, no_proxy)) {
+ /* Look for the http proxy setting */
+ char *tok;
+ char *saveptr;
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index 016cd109c7a2..5ef25748d7eb 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,12 +1,17 @@
diff -ur curl.org/configure curl/configure
--- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
+++ curl/configure 2016-03-13 15:16:44.132000076 +0100
-@@ -27985,7 +27985,7 @@
+@@ -27985,7 +27985,12 @@
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation
flags for NSS." >&2;}
addld="-L$OPT_NSS/lib"
- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3"
++ case $host_os in
++ *android*)
++ addlib="${addlib} -llog"
++ ;;
++ esac
addcflags="-I$OPT_NSS/include"
version="unknown"
nssprefix=$OPT_NSS
commit 4233c72fc654cea43829454a46fadce0c10a712e
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Thu Sep 22 20:25:53 2022 +0900
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
curl: upgrade to release 7.85.0
Fixes CVE-2022-35252
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140411
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 31a8de10e8f60d79d6eb588a049567b89a48f0b1)
Change-Id: I549240f6ae31ae94f925422517cd03ef2e3b5732
diff --git a/download.lst b/download.lst
index d9806be057ed..48181c486520 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4
-export CURL_TARBALL := curl-7.83.1.tar.xz
+export CURL_SHA256SUM :=
88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6
+export CURL_TARBALL := curl-7.85.0.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0
index 2fbb10c2a9aa..5dfb19d5ba59 100644
--- a/external/curl/clang-cl.patch.0
+++ b/external/curl/clang-cl.patch.0
@@ -1,6 +1,6 @@
--- winbuild/MakefileBuild.vc
+++ winbuild/MakefileBuild.vc
-@@ -60,7 +60,7 @@
+@@ -52,7 +52,7 @@
!ELSE
CC_NODEBUG = $(CC) /O2 /DNDEBUG
CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1
b/external/curl/curl-msvc-disable-protocols.patch.1
index a6d06c69b004..89c4ff576f85 100644
--- a/external/curl/curl-msvc-disable-protocols.patch.1
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -2,7 +2,7 @@ disable protocols nobody needs in MSVC build
--- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200
+++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200
-@@ -733,4 +733,20 @@
+@@ -616,4 +616,20 @@
# define ENABLE_IPV6 1
#endif
@@ -25,7 +25,7 @@ disable protocols nobody needs in MSVC build
#endif /* HEADER_CURL_CONFIG_WIN32_H */
--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 23:41:21.393200000
+0200
+++ curl/winbuild/MakefileBuild.vc 2017-10-23 23:34:16.028000000 +0200
-@@ -431,7 +431,7 @@
+@@ -562,7 +562,7 @@
EXE_OBJS = $(CURL_OBJS) $(CURL_DIROBJ)\curl.res
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index a5b79a8e9c49..54ad026ec8c7 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -2,7 +2,7 @@ MSVC: using SOLARINC
--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 16:36:07.713550851
+0200
+++ curl/winbuild/MakefileBuild.vc 2017-10-23 16:38:19.301547594 +0200
-@@ -60,7 +60,7 @@
+@@ -52,7 +52,7 @@
!ELSE
CC_NODEBUG = $(CC) /O2 /DNDEBUG
CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
@@ -11,7 +11,7 @@ MSVC: using SOLARINC
!ENDIF
LFLAGS = /nologo /machine:$(MACHINE)
-@@ -300,11 +300,11 @@
+@@ -426,11 +426,11 @@
# CURL_XX macros are for the curl.exe command
!IF "$(DEBUG)"=="yes"
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index d4dad7eba77e..016cd109c7a2 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,7 +1,7 @@
diff -ur curl.org/configure curl/configure
--- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
+++ curl/configure 2016-03-13 15:16:44.132000076 +0100
-@@ -28216,7 +28216,7 @@
+@@ -27985,7 +27985,7 @@
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation
flags for NSS." >&2;}
addld="-L$OPT_NSS/lib"
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index e0f579f8675a..b8e242a3aaea 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,6 +1,6 @@
--- configure
+++ configure
-@@ -22699,7 +22699,6 @@
+@@ -22808,7 +22808,6 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS
clean_LIBS=$LIBS
@@ -8,7 +8,7 @@
# Check whether --with-zlib was given.
if test ${with_zlib+y}
-@@ -22709,6 +22708,7 @@
+@@ -22818,6 +22818,7 @@
if test "$OPT_ZLIB" = "no" ; then
@@ -16,7 +16,7 @@
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;}
else
-@@ -22716,6 +22716,21 @@
+@@ -22825,6 +825,21 @@
OPT_ZLIB=""
fi
@@ -38,7 +38,7 @@
if test -z "$OPT_ZLIB" ; then
if test -n "$PKG_CONFIG"; then
-@@ -23011,6 +23026,7 @@
+@@ -23120,6 +23120,7 @@
printf "%s\n" "$as_me: found both libz and libz.h header" >&6;}
curl_zlib_msg="enabled"
fi
@@ -48,7 +48,7 @@
if test x"$AMFIXLIB" = x1; then
--- configure.ac
+++ configure.ac
-@@ -880,19 +880,30 @@
+@@ -1222,19 +1222,30 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS
clean_LIBS=$LIBS
@@ -80,7 +80,7 @@
if test -z "$OPT_ZLIB" ; then
CURL_CHECK_PKGCONFIG(zlib)
-@@ -975,6 +986,7 @@
+@@ -1316,6 +1316,7 @@
AC_MSG_NOTICE([found both libz and libz.h header])
curl_zlib_msg="enabled"
fi
commit 368a8e85e71d2a2ae758e60f0e15618d71a23708
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Oct 17 11:33:50 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
libxml2: upgrade to release 2.10.3
Fixes CVE-2022-40304 and CVE-2022-40303.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141448
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 39b5701976ff3d489c3212d6e2a116d6244c8ad1)
Change-Id: I5be3fd20ccf57596808a26b742aca325ac16f29b
diff --git a/download.lst b/download.lst
index 39478193fc41..d9806be057ed 100644
--- a/download.lst
+++ b/download.lst
@@ -154,8 +154,8 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2
export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz
-export LIBXML_SHA256SUM :=
d240abe6da9c65cb1900dd9bf3a3501ccf88b3c2a1cb98317d03f272dda5b265
-export LIBXML_VERSION_MICRO := 2
+export LIBXML_SHA256SUM :=
5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c
+export LIBXML_VERSION_MICRO := 3
export LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz
export LIBXSLT_SHA256SUM :=
8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79
export LIBXSLT_VERSION_MICRO := 35
commit 47350a7ea8d33bcf045f71da2aa6c8d155eba2f0
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Wed Sep 21 16:43:27 2022 +0900
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
update expat to 2.4.9
Fixes CVE-2022-40674
(https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140173
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 1bff2caff1bbb39fe431c455aeab1f0234200d8d)
Change-Id: I459cf5f5de31e7cf5420d3df6b11893d5c4ca4dd
diff --git a/download.lst b/download.lst
index bc350c9a39d8..39478193fc41 100644
--- a/download.lst
+++ b/download.lst
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM :=
e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
export ETONYEK_VERSION_MICRO := 9
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM :=
de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b
-export EXPAT_TARBALL := expat-2.4.6.tar.xz
+export EXPAT_SHA256SUM :=
6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354
+export EXPAT_TARBALL := expat-2.4.9.tar.xz
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
commit d3e60eda5c17dbcf544a6e46667aa047bf2ab863
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Sep 14 15:54:49 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
poppler: upgrade to release 22.09.0
Fixes CVE-2022-38784
Add external/poppler/disable-freetype.patch.1 to get rid of some new
code that unconditionally requires freetype, to avoid building that on
WNT/MACOSX.
Change-Id: I854d1865286b6fb4112cdf37898cda0203c52f2e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139941
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 8fce9a0a41b1bbebd325fc9d98a79d8decd3950c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139967
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
(cherry picked from commit bdbb450ed0ded86fb50d6b19a2cce0f11ca74b07)
diff --git a/download.lst b/download.lst
index 4f7cb5735a59..bc350c9a39d8 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM :=
7d3493056b5b86413e5c693c2cae02c5c06cd8e618d14c2c31e2c84b67b2313e
-export POPPLER_TARBALL := poppler-22.01.0.tar.xz
+export POPPLER_SHA256SUM :=
d7a8f748211359cadb774ba3e18ecda6464b34027045c0648eb30d5852a41e2e
+export POPPLER_TARBALL := poppler-22.09.0.tar.xz
export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
diff --git a/external/poppler/UnpackedTarball_poppler.mk
b/external/poppler/UnpackedTarball_poppler.mk
index 0f29d38e097c..c08daa992060 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -16,6 +16,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,poppler,\
external/poppler/poppler-c++11.patch.1 \
external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1
\
external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1
\
+ external/poppler/disable-freetype.patch.1 \
+ external/poppler/gcc7-EntityInfo.patch.1 \
))
# std::make_unique is only available in C++14
diff --git a/external/poppler/disable-freetype.patch.1
b/external/poppler/disable-freetype.patch.1
new file mode 100644
index 000000000000..d59006eba979
--- /dev/null
+++ b/external/poppler/disable-freetype.patch.1
@@ -0,0 +1,41 @@
+disable freetype dependent code
+
+--- poppler/poppler/Form.cc.orig 2022-09-14 15:46:48.588316681 +0200
++++ poppler/poppler/Form.cc 2022-09-14 15:48:01.468274551 +0200
+@@ -46,7 +46,7 @@
+ #include <cstdlib>
+ #include <cstring>
+ #include <cctype>
+-#include "goo/ft_utils.h"
++//#include "goo/ft_utils.h"
+ #include "goo/gmem.h"
+ #include "goo/gfile.h"
+ #include "goo/GooString.h"
+@@ -77,8 +77,8 @@
+ #include "fofi/FoFiTrueType.h"
+ #include "fofi/FoFiIdentifier.h"
+
+-#include <ft2build.h>
+-#include FT_FREETYPE_H
++//#include <ft2build.h>
++//#include FT_FREETYPE_H
+
+ // return a newly allocated char* containing an UTF16BE string of size length
+ char *pdfDocEncodingToUTF16(const std::string &orig, int *length)
+@@ -2730,6 +2730,8 @@
+
+ Form::AddFontResult Form::addFontToDefaultResources(const std::string
&filepath, int faceIndex, const std::string &fontFamily, const std::string
&fontStyle)
+ {
++ return {};
++#if 0
+ if (!GooString::endsWith(filepath, ".ttf") &&
!GooString::endsWith(filepath, ".ttc") && !GooString::endsWith(filepath,
".otf")) {
+ error(errIO, -1, "We only support embedding ttf/ttc/otf fonts for
now. The font file for {0:s} {1:s} was {2:s}", fontFamily.c_str(),
fontStyle.c_str(), filepath.c_str());
+ return {};
+@@ -2939,6 +2941,7 @@
+ }
+
+ return { dictFontName, fontDictRef };
++#endif
+ }
+
+ std::string Form::getFallbackFontForChar(Unicode uChar, const GfxFont
&fontToEmulate) const
diff --git a/external/poppler/gcc7-EntityInfo.patch.1
b/external/poppler/gcc7-EntityInfo.patch.1
new file mode 100644
index 000000000000..b450bff93af9
--- /dev/null
+++ b/external/poppler/gcc7-EntityInfo.patch.1
@@ -0,0 +1,48 @@
+gcc 7.3.1 says:
+
+workdir/UnpackedTarball/poppler/poppler/CertificateInfo.cc:42:34: error:
function ‘X509CertificateInfo::EntityInfo&
X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo&&)’
defaulted on its redeclaration with an exception-specification that differs
from the implicit exception-specification ‘’
+
+--- poppler/poppler/CertificateInfo.h.orig 2022-09-14 19:32:12.426351385
+0200
++++ poppler/poppler/CertificateInfo.h 2022-09-14 19:32:18.947347812 +0200
+@@ -70,7 +70,7 @@
+ ~EntityInfo();
+
+ EntityInfo(EntityInfo &&) noexcept;
+- EntityInfo &operator=(EntityInfo &&) noexcept;
++ EntityInfo &operator=(EntityInfo &&) /*noexcept*/;
+
+ EntityInfo(const EntityInfo &) = delete;
+ EntityInfo &operator=(const EntityInfo &) = delete;
+--- poppler/poppler/CertificateInfo.cc.orig 2022-09-14 19:31:10.225385467
+0200
++++ poppler/poppler/CertificateInfo.cc 2022-09-14 19:31:12.572384182 +0200
+@@ -39,7 +39,7 @@
+
+ X509CertificateInfo::EntityInfo::EntityInfo(X509CertificateInfo::EntityInfo
&&other) noexcept = default;
+
+-X509CertificateInfo::EntityInfo
&X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo
&&other) noexcept = default;
++X509CertificateInfo::EntityInfo
&X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo
&&other) /*noexcept*/ = default;
+
+ X509CertificateInfo::X509CertificateInfo() : ku_extensions(KU_NONE),
cert_version(-1), is_self_signed(false) { }
+
+--- poppler/poppler/GfxFont.cc.orig 2022-09-14 20:24:32.569607333 +0200
++++ poppler/poppler/GfxFont.cc 2022-09-14 20:24:52.323596186 +0200
+@@ -180,7 +180,7 @@
+
+ GfxFontLoc::GfxFontLoc(GfxFontLoc &&other) noexcept = default;
+
+-GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) noexcept = default;
++GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) /*noexcept*/ = default;
+
+ void GfxFontLoc::setPath(GooString *pathA)
+ {
+--- poppler/poppler/GfxFont.h.orig 2022-09-14 20:24:30.784608340 +0200
++++ poppler/poppler/GfxFont.h 2022-09-14 20:25:08.850586861 +0200
+@@ -124,7 +124,7 @@
+ GfxFontLoc(const GfxFontLoc &) = delete;
+ GfxFontLoc(GfxFontLoc &&) noexcept;
+ GfxFontLoc &operator=(const GfxFontLoc &) = delete;
+- GfxFontLoc &operator=(GfxFontLoc &&other) noexcept;
++ GfxFontLoc &operator=(GfxFontLoc &&other) /*noexcept*/;
+
+ // Set the 'path' string from a GooString on the heap.
+ // Ownership of the object is taken.
diff --git a/external/poppler/poppler-c++11.patch.1
b/external/poppler/poppler-c++11.patch.1
index 9e607b381de0..05b47bc91299 100644
--- a/external/poppler/poppler-c++11.patch.1
+++ b/external/poppler/poppler-c++11.patch.1
@@ -18,7 +18,7 @@ remove usage of newfangled C++ that baseline toolchains don't
support
- const std::string modeStr = mode + "e"s;
+ const std::string modeStr = mode + std::string("e");
FILE *file = fopen(path, modeStr.c_str());
- if (file != nullptr)
+ if (file != nullptr) {
return file;
--- poppler/goo/gmem.h.orig 2019-01-16 11:25:28.161920038 +0100
+++ poppler/goo/gmem.h 2019-01-16 11:25:53.756882295 +0100
@@ -29,3 +29,14 @@ remove usage of newfangled C++ that baseline toolchains
don't support
+#include <o3tl/make_unique.hxx>
+
#endif // GMEM_H
+--- poppler/goo/gfile.cc.orig2 2022-09-15 12:33:24.163562177 +0200
++++ poppler/goo/gfile.cc 2022-09-15 12:33:49.501547336 +0200
+@@ -50,6 +50,8 @@
+ #include "gfile.h"
+ #include "gdir.h"
+
++#include <o3tl/make_unique.hxx>
++
+ // Some systems don't define this, so just make it something reasonably
+ // large.
+ #ifndef PATH_MAX
diff --git a/external/poppler/poppler-config.patch.1
b/external/poppler/poppler-config.patch.1
index 2a24d4510197..455a88e2afc4 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -16,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,223 @@
+@@ -0,0 +1,220 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -105,9 +105,6 @@ index 0fbd336a..451213f8 100644
+#define HAVE_TIMEGM 1
+#endif
+
-+/* Define if you have the iconv() function and it works. */
-+/* #undef HAVE_ICONV */
-+
+/* Define to 1 if you have the `z' library (-lz). */
+/* #undef HAVE_LIBZ */
+
@@ -176,7 +173,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 21.11.0"
++#define PACKAGE_STRING "poppler 22.09.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -185,7 +182,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "21.11.0"
++#define PACKAGE_VERSION "22.09.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -203,7 +200,7 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "21.11.0"
++#define VERSION "22.09.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -229,7 +226,7 @@ index 0fbd336a..451213f8 100644
+#define popen _popen
+#define pclose _pclose
+#define strncasecmp _strnicmp
-+// error C4005: "strcasecmp": macro redefinition #define strcasecmp
_stricmp
++#define strcasecmp _stricmp
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
@@ -250,7 +247,7 @@ index 0fbd336a..451213f8 100644
+//
+// poppler-config.h
+//
-+// Copyright 1996-2011 Glyph & Cog, LLC
++// Copyright 1996-2011, 2022 Glyph & Cog, LLC
+//
+//========================================================================
+
@@ -284,7 +281,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "21.11.0"
++#define POPPLER_VERSION "22.09.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -376,8 +373,8 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2021 The Poppler Developers -
http://poppler.freedesktop.org";
-+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC"
++#define popplerCopyright "Copyright 2005-2022 The Poppler Developers -
http://poppler.freedesktop.org";
++#define xpdfCopyright "Copyright 1996-2011, 2022 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
+// Win32 stuff
@@ -436,9 +433,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "21.11.0"
-+#define POPPLER_VERSION_MAJOR 21
-+#define POPPLER_VERSION_MINOR 11
++#define POPPLER_VERSION "22.09.0"
++#define POPPLER_VERSION_MAJOR 22
++#define POPPLER_VERSION_MINOR 9
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
diff --git a/sdext/Executable_xpdfimport.mk b/sdext/Executable_xpdfimport.mk
index dde84963a1fb..fd07f7b43956 100644
--- a/sdext/Executable_xpdfimport.mk
+++ b/sdext/Executable_xpdfimport.mk
@@ -22,4 +22,8 @@ $(eval $(call gb_Executable_add_exception_objects,xpdfimport,\
sdext/source/pdfimport/xpdfwrapper/wrapper_gpl \
))
+$(eval $(call gb_Executable_use_system_win32_libs,xpdfimport,\
+ shell32 \
+))
+
# vim:set noet sw=4 ts=4:
commit 5aa2acaba54bb14289513b8acae1e72c1269d4d1
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jan 13 19:41:59 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
upgrade poppler to 22.01.0
and popppler-data to 0.4.11
Change-Id: Ibd8c28f36408a670b5853f1b266c6b8c36916a61
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128398
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 9dbfda4cea569459e42203771754b902c1a09759)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139966
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Noel Grandin <noel.gran...@collabora.co.uk>
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
(cherry picked from commit 486a1004982b4072b488e8c42a7e09afd8043c2e)
diff --git a/download.lst b/download.lst
index a8bd9f95b6c1..4f7cb5735a59 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM :=
31b76b5cac0a48612fdd154c02d9eca01fd38fb8eaa77c1196840ecdeb53a584
-export POPPLER_TARBALL := poppler-21.11.0.tar.xz
+export POPPLER_SHA256SUM :=
7d3493056b5b86413e5c693c2cae02c5c06cd8e618d14c2c31e2c84b67b2313e
+export POPPLER_TARBALL := poppler-22.01.0.tar.xz
export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
diff --git a/external/poppler/StaticLibrary_poppler.mk
b/external/poppler/StaticLibrary_poppler.mk
index aab71eac9a6a..7eb541650373 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -100,6 +100,8 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Decrypt \
UnpackedTarball/poppler/poppler/Dict \
UnpackedTarball/poppler/poppler/Error \
+ UnpackedTarball/poppler/poppler/FDPDFDocBuilder \
+ UnpackedTarball/poppler/poppler/FILECacheLoader \
UnpackedTarball/poppler/poppler/FileSpec \
UnpackedTarball/poppler/poppler/FontEncodingTables \
UnpackedTarball/poppler/poppler/Form \
@@ -110,6 +112,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/GfxState \
UnpackedTarball/poppler/poppler/GlobalParams \
UnpackedTarball/poppler/poppler/Hints \
+ UnpackedTarball/poppler/poppler/ImageEmbeddingUtils \
UnpackedTarball/poppler/poppler/JArithmeticDecoder \
UnpackedTarball/poppler/poppler/JBIG2Stream \
UnpackedTarball/poppler/poppler/JSInfo \
@@ -146,8 +149,6 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/TextOutputDev \
UnpackedTarball/poppler/poppler/PageLabelInfo \
UnpackedTarball/poppler/poppler/SecurityHandler \
- UnpackedTarball/poppler/poppler/StdinCachedFile \
- UnpackedTarball/poppler/poppler/StdinPDFDocBuilder \
UnpackedTarball/poppler/poppler/Sound \
UnpackedTarball/poppler/poppler/ViewerPreferences \
UnpackedTarball/poppler/poppler/Movie \
commit 03b6c2a2569fed50a225765f7533ef012a26d50b
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Sep 14 11:10:57 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
zlib: add patch for CVE-2022-37434
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 521e920dda79f44a0ad637b6062f3dcb574f884b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139849
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 832e2a266005d8ef5f9bcc7f51b545d5dc4ce165)
Change-Id: If09c419ba00fc9be021249e4d4da27d1650b9080
diff --git a/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch
b/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch
new file mode 100644
index 000000000000..c5c95a92b28a
--- /dev/null
+++ b/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch
@@ -0,0 +1,29 @@
+From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
+From: Mark Adler <f...@madler.net>
+Date: Mon, 8 Aug 2022 10:50:09 -0700
+Subject: [PATCH] Fix extra field processing bug that dereferences NULL
+ state->head.
+
+The recent commit to fix a gzip header extra field processing bug
+introduced the new bug fixed here.
+---
+ inflate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7a7289749..2a3c4fe98 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,10 +763,10 @@ int flush;
+ copy = state->length;
+ if (copy > have) copy = have;
+ if (copy) {
+- len = state->head->extra_len - state->length;
+ if (state->head != Z_NULL &&
+ state->head->extra != Z_NULL &&
+- len < state->head->extra_max) {
++ (len = state->head->extra_len - state->length) <
++ state->head->extra_max) {
+ zmemcpy(state->head->extra + len, next,
+ len + copy > state->head->extra_max ?
+ state->head->extra_max - len : copy);
diff --git a/external/zlib/UnpackedTarball_zlib.mk
b/external/zlib/UnpackedTarball_zlib.mk
index fa476b918b7c..10ee74b9568a 100644
--- a/external/zlib/UnpackedTarball_zlib.mk
+++ b/external/zlib/UnpackedTarball_zlib.mk
@@ -16,4 +16,11 @@ $(eval $(call gb_UnpackedTarball_set_post_action,zlib,\
cp $(addsuffix .c,adler32 compress crc32 deflate inffast inflate
inftrees trees zutil) x64 \
))
+$(eval $(call gb_UnpackedTarball_set_patchlevel,zlib,1))
+
+$(eval $(call gb_UnpackedTarball_add_patches,zlib,\
+ external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch \
+ external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch \
+))
+
# vim: set noet sw=4 ts=4:
diff --git a/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch
b/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch
new file mode 100644
index 000000000000..dc84d3a1d385
--- /dev/null
+++ b/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch
@@ -0,0 +1,32 @@
+From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <f...@madler.net>
+Date: Sat, 30 Jul 2022 15:51:11 -0700
+Subject: [PATCH] Fix a bug when getting a gzip header extra field with
+ inflate().
+
+If the extra field was larger than the space the user provided with
+inflateGetHeader(), and if multiple calls of inflate() delivered
+the extra header data, then there could be a buffer overflow of the
+provided space. This commit assures that provided space is not
+exceeded.
+---
+ inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7be8c6366..7a7289749 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+ copy = state->length;
+ if (copy > have) copy = have;
+ if (copy) {
++ len = state->head->extra_len - state->length;
+ if (state->head != Z_NULL &&
+- state->head->extra != Z_NULL) {
+- len = state->head->extra_len - state->length;
++ state->head->extra != Z_NULL &&
++ len < state->head->extra_max) {
+ zmemcpy(state->head->extra + len, next,
+ len + copy > state->head->extra_max ?
+ state->head->extra_max - len : copy);
commit 5f74cecd4005def9e01cc9ff13f991cb5958556d
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Sep 14 10:27:02 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
libxml2: upgrade to release 2.10.2
Fixes CVE-2022-2309
Change-Id: I180218be275d3b6d38f8f74aa51c57e50d2734ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139911
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit d621a8839cebf96fe3ac374026f344f8e68bf011)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139954
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index a9e0c24dc7ee..a8bd9f95b6c1 100644
--- a/download.lst
+++ b/download.lst
@@ -154,9 +154,9 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2
export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz
-export LIBXML_SHA256SUM :=
60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee
-export LIBXML_VERSION_MICRO := 14
-export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.xz
+export LIBXML_SHA256SUM :=
d240abe6da9c65cb1900dd9bf3a3501ccf88b3c2a1cb98317d03f272dda5b265
+export LIBXML_VERSION_MICRO := 2
+export LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz
export LIBXSLT_SHA256SUM :=
8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79
export LIBXSLT_VERSION_MICRO := 35
export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz
diff --git a/external/libxml2/ExternalPackage_libxml2.mk
b/external/libxml2/ExternalPackage_libxml2.mk
index d38eb68df0cb..6338fb20b9df 100644
--- a/external/libxml2/ExternalPackage_libxml2.mk
+++ b/external/libxml2/ExternalPackage_libxml2.mk
@@ -21,7 +21,7 @@ else # COM=MSC
$(eval $(call
gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.dll,win32/bin.msvc/libxml2.dll))
endif
else # OS!=WNT
-$(eval $(call
gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.9.$(LIBXML_VERSION_MICRO)))
+$(eval $(call
gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.10.$(LIBXML_VERSION_MICRO)))
endif
endif # DISABLE_DYNLOADING
diff --git a/external/libxml2/libxml2-android.patch
b/external/libxml2/libxml2-android.patch
index 42af83274026..acf9b17e02db 100644
--- a/external/libxml2/libxml2-android.patch
+++ b/external/libxml2/libxml2-android.patch
@@ -2,9 +2,9 @@
+++ misc/build/libxml2-2.7.6/Makefile.in
@@ -1635,7 +1635,7 @@
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
- check: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) check-recursive
--all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+ check: check-recursive
+-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \
+all-am: Makefile $(LTLIBRARIES) \
config.h
install-binPROGRAMS: install-libLTLIBRARIES
diff --git a/sc/source/core/tool/interpr7.cxx b/sc/source/core/tool/interpr7.cxx
index d67d131d8d22..384f49bff9bd 100644
--- a/sc/source/core/tool/interpr7.cxx
+++ b/sc/source/core/tool/interpr7.cxx
@@ -220,6 +220,7 @@ void ScInterpreter::ScFilterXML()
case XPATH_STRING:
PushString(OUString::createFromAscii(reinterpret_cast<char*>(pXPathObj->stringval)));
break;
+#if LIBXML_VERSION < 21000 || defined(LIBXML_XPTR_LOCS_ENABLED)
case XPATH_POINT:
PushNoValue();
break;
@@ -229,13 +230,13 @@ void ScInterpreter::ScFilterXML()
case XPATH_LOCATIONSET:
PushNoValue();
break;
+#endif
case XPATH_USERS:
PushNoValue();
break;
case XPATH_XSLT_TREE:
PushNoValue();
break;
-
}
}
}
diff --git a/test/source/xmltesttools.cxx b/test/source/xmltesttools.cxx
index ab373ccae96c..f61476c39f7a 100644
--- a/test/source/xmltesttools.cxx
+++ b/test/source/xmltesttools.cxx
@@ -106,9 +106,11 @@ OUString XmlTestTools::getXPathContent(xmlDocPtr pXmlDoc,
const OString& rXPath)
return OUString::number(pXmlObj->floatval);
case XPATH_STRING:
return convert(pXmlObj->stringval);
+#if LIBXML_VERSION < 21000 || defined(LIBXML_XPTR_LOCS_ENABLED)
case XPATH_POINT:
case XPATH_RANGE:
case XPATH_LOCATIONSET:
+#endif
case XPATH_USERS:
case XPATH_XSLT_TREE:
CPPUNIT_FAIL("Unsupported XPath type");
diff --git a/unoxml/source/xpath/xpathobject.cxx
b/unoxml/source/xpath/xpathobject.cxx
index 2a055f10cdc4..6da7ed351f80 100644
--- a/unoxml/source/xpath/xpathobject.cxx
+++ b/unoxml/source/xpath/xpathobject.cxx
@@ -44,12 +44,14 @@ namespace XPath
return XPathObjectType_XPATH_NUMBER;
case XPATH_STRING:
return XPathObjectType_XPATH_STRING;
+#if LIBXML_VERSION < 21000 || defined(LIBXML_XPTR_LOCS_ENABLED)
case XPATH_POINT:
return XPathObjectType_XPATH_POINT;
case XPATH_RANGE:
return XPathObjectType_XPATH_RANGE;
case XPATH_LOCATIONSET:
return XPathObjectType_XPATH_LOCATIONSET;
+#endif
case XPATH_USERS:
return XPathObjectType_XPATH_USERS;
case XPATH_XSLT_TREE:
commit eb4ce9dbbb2a06d8c29a673c97a93dd101da5c80
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Sep 6 11:38:55 2022 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:53 2022 +0200
check impress/calc IFrame "FrameURL" target
similar to
commit c7450d0b9d02c64ae3da467d329040787039767e
Date: Tue Aug 30 17:01:08 2022 +0100
check IFrame "FrameURL" target
Conflicts:
xmloff/source/draw/ximpshap.cxx
Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
index d032906fa486..2e107b2c330b 100644
--- a/xmloff/source/draw/ximpshap.cxx
+++ b/xmloff/source/draw/ximpshap.cxx
@@ -83,6 +83,7 @@
#include <basegfx/polygon/b2dpolygontools.hxx>
#include <basegfx/polygon/b2dpolypolygontools.hxx>
#include <basegfx/vector/b2dvector.hxx>
+#include <tools/urlobj.hxx>
#include <o3tl/safeint.hxx>
#include <config_features.h>
@@ -3249,6 +3250,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const
css::uno::Reference< cs
if( !maHref.isEmpty() )
{
+ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
+ GetImport().NotifyMacroEventRead();
+
xProps->setPropertyValue("FrameURL", Any(maHref) );
}
}
commit 3721d05d6da3dfafcfaec09d69d7b7da7538d8c9
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Thu Sep 1 17:33:51 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
Filter out unwanted command URIs
Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
Conflicts:
desktop/source/app/cmdlineargs.cxx
diff --git a/desktop/source/app/cmdlineargs.cxx
b/desktop/source/app/cmdlineargs.cxx
index 490bf183de33..3280695c9829 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -29,6 +29,7 @@
#include <tools/stream.hxx>
#include <vcl/svapp.hxx>
#include <rtl/uri.hxx>
+#include <tools/urlobj.hxx>
#include <rtl/ustring.hxx>
#include <rtl/process.h>
#include <comphelper/lok.hxx>
@@ -163,7 +164,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString&
arg, CommandLineEvent cur
}
if (nURIlen < 0)
nURIlen = rest2.getLength();
- arg = rest2.copy(0, nURIlen);
+ auto const uri = rest2.copy(0, nURIlen);
+ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+ // Let the "Open" machinery process the full command URI (leading to
failure, by intention,
+ // as the "Open" machinery does not know about those command URI
schemes):
+ curEvt = CommandLineEvent::Open;
+ } else {
+ arg = uri;
+ }
return curEvt;
}
commit aaed2dbf5892ee22c04634615b4f78ec20f1dc6b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Aug 30 17:01:08 2022 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
check IFrame "FrameURL" target
similiar to
commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
Date: Wed Aug 7 17:37:11 2019 +0100
warn on load when a document binds an event to a macro
Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
Conflicts:
sfx2/source/doc/iframe.cxx
sw/source/filter/html/htmlplug.cxx
sw/source/filter/xml/xmltexti.cxx
diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx
index a910138908fd..113a85241115 100644
--- a/sfx2/source/appl/macroloader.cxx
+++ b/sfx2/source/appl/macroloader.cxx
@@ -73,10 +73,10 @@ css::uno::Sequence<OUString> SAL_CALL
SfxMacroLoader::getSupportedServiceNames()
return aSeq;
}
-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>&
xFrame)
{
SfxObjectShell* pDocShell = nullptr;
- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
+
if ( xFrame.is() )
{
SfxFrame* pFrame=nullptr;
@@ -93,6 +93,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
return pDocShell;
}
+SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+{
+ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
+ return SfxMacroLoader::GetObjectShell(xFrame);
+}
uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch(
const util::URL& aURL ,
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 7d7fdb02ad98..f1e03e7898a2 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -39,10 +39,12 @@
#include <svl/ownlist.hxx>
#include <svl/itemprop.hxx>
#include <sfx2/frmdescr.hxx>
+#include <sfx2/objsh.hxx>
#include <sfx2/sfxdlg.hxx>
#include <sfx2/sfxsids.hrc>
#include <toolkit/helper/vclunohelper.hxx>
#include <vcl/window.hxx>
+#include <macroloader.hxx>
using namespace ::com::sun::star;
@@ -158,6 +160,19 @@ sal_Bool SAL_CALL IFrameObject::load(
{
if ( SvtMiscOptions().IsPluginsEnabled() )
{
+ util::URL aTargetURL;
+ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL(
INetURLObject::DecodeMechanism::NONE );
+ uno::Reference < util::XURLTransformer > xTrans(
util::URLTransformer::create( mxContext ) );
+ xTrans->parseStrict( aTargetURL );
+
+ if (INetURLObject(aTargetURL.Complete).GetProtocol() ==
INetProtocol::Macro)
+ {
+ uno::Reference<frame::XFramesSupplier> xParentFrame =
xFrame->getCreator();
+ SfxObjectShell* pDoc =
SfxMacroLoader::GetObjectShell(xParentFrame);
+ if (pDoc && !pDoc->AdjustMacroMode())
+ return false;
+ }
+
DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow(
xFrame->getContainerWindow() );
VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create(
pParent, maFrmDescr.IsFrameBorderOn() );
@@ -180,11 +195,6 @@ sal_Bool SAL_CALL IFrameObject::load(
if ( xFramesSupplier.is() )
mxFrame->setCreator( xFramesSupplier );
- util::URL aTargetURL;
- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL(
INetURLObject::DecodeMechanism::NONE );
- uno::Reference < util::XURLTransformer > xTrans(
util::URLTransformer::create( mxContext ) );
- xTrans->parseStrict( aTargetURL );
-
uno::Sequence < beans::PropertyValue > aProps(2);
aProps[0].Name = "PluginMode";
aProps[0].Value <<= sal_Int16(2);
diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx
index 94fa5165fdd9..e2d5f8fd76c4 100644
--- a/sfx2/source/inc/macroloader.hxx
+++ b/sfx2/source/inc/macroloader.hxx
@@ -81,6 +81,8 @@ public:
virtual void SAL_CALL addStatusListener( const css::uno::Reference<
css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
virtual void SAL_CALL removeStatusListener( const css::uno::Reference<
css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
+
+ static SfxObjectShell* GetObjectShell(const
css::uno::Reference<css::frame::XFrame>& xFrame);
};
#endif
diff --git a/sw/source/filter/html/htmlplug.cxx
b/sw/source/filter/html/htmlplug.cxx
index 19ef7252094a..955eeab36ee9 100644
--- a/sw/source/filter/html/htmlplug.cxx
+++ b/sw/source/filter/html/htmlplug.cxx
@@ -1006,7 +1006,12 @@ void SwHTMLParser::InsertFloatingFrame()
bool bHasBorder = aFrameDesc.HasFrameBorder();
Size aMargin = aFrameDesc.GetMargin();
- xSet->setPropertyValue("FrameURL", uno::makeAny(
aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) );
+ OUString sHRef = aFrameDesc.GetURL().GetMainURL(
INetURLObject::DecodeMechanism::NONE );
+
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ NotifyMacroEventRead();
+
+ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
xSet->setPropertyValue("FrameName", uno::makeAny( aName ) );
if ( eScroll == ScrollingMode::Auto )
diff --git a/sw/source/filter/xml/xmltexti.cxx
b/sw/source/filter/xml/xmltexti.cxx
index 22fc47f12edc..0cca4df7a49e 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -854,9 +854,14 @@ uno::Reference< XPropertySet >
SwXMLTextImportHelper::createAndInsertFloatingFra
uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(),
uno::UNO_QUERY );
if ( xSet.is() )
{
+ OUString sHRef = URIHelper::SmartRel2Abs(
+ INetURLObject( GetXMLImport().GetBaseURL() ),
rHRef );
+
+ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
+ GetXMLImport().NotifyMacroEventRead();
+
xSet->setPropertyValue("FrameURL",
- makeAny( URIHelper::SmartRel2Abs(
- INetURLObject( GetXMLImport().GetBaseURL() ),
rHRef ) ) );
+ makeAny( sHRef ) );
xSet->setPropertyValue("FrameName",
makeAny( rName ) );
commit e1ccdf22b8aa34c94add22f696bbffd66deb06b9
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Tue Aug 30 14:04:52 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
These commands are always URLs already
Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
Tested-by: Jean-Pierre Ledure <j...@ledure.be>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
Conflicts:
wizards/source/scriptforge/SF_Session.xba
diff --git a/wizards/source/access2base/DoCmd.xba
b/wizards/source/access2base/DoCmd.xba
index c640af7c5478..79b109ddf47f 100644
--- a/wizards/source/access2base/DoCmd.xba
+++ b/wizards/source/access2base/DoCmd.xba
@@ -2649,7 +2649,7 @@ Private Sub _ShellExecute(sCommand As String)
Dim oShell As Object
Set oShell =
createUnoService("com.sun.star.system.SystemShellExecute")
- oShell.execute(sCommand, "" ,
com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
+ oShell.execute(sCommand, "" ,
com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
End Sub ' _ShellExecute
V0.8.5
commit 4d25e8c7416f5730d355ec9901c63d2230fce23d
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jun 1 12:14:44 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
nss: upgrade to release 3.79
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations"
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135248
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit bb5216e345c42be440bce60b127af517c036c8ef)
Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
diff --git a/download.lst b/download.lst
index 0dbca6da1775..a9e0c24dc7ee 100644
--- a/download.lst
+++ b/download.lst
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM :=
07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9
-export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz
+export NSS_SHA256SUM :=
5369ed274a19f480ec94e1faef04da63e3cbac1a82e15bb1751e58b2f274b835
+export NSS_TARBALL := nss-3.79-with-nspr-4.34.tar.gz
export ODFGEN_SHA256SUM :=
55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
export ODFGEN_VERSION_MICRO := 8
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1
index 7dfd6ed4e782..ce584a34a3b5 100644
--- a/external/nss/asan.patch.1
+++ b/external/nss/asan.patch.1
@@ -7,6 +7,6 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk
# against the libsanitizer runtime built into the main executable.
-ZDEFS_FLAG = -Wl,-z,defs
+ZDEFS_FLAG =
- DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+ DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index d9aaee5199bb..66fbe37dc5ed 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -87,9 +87,9 @@
# Also, -z defs conflicts with Address Sanitizer, which emits relocations
# against the libsanitizer runtime built into the main executable.
ZDEFS_FLAG = -Wl,-z,defs
--DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG))
-+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG))
++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
# On Maemo, we need to use the -rpath-link flag for even the standard system
@@ -177,8 +177,13 @@
commit 9f495074b0788c03cf0568a1489dd406b7499d2f
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu May 12 11:43:59 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
curl: upgrade to release 7.83.1
Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781
plus 6 more CVEs that shouldn't affect LO.
Remove obsolete configure-eval-fix.patch.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 58a3bf5199818e30ef4207213f29692d81b519c6)
upgrade to curl-7.81.0
Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 40a84af1bdd7b3c414a8a78ca32b0951c03f9976)
Change-Id: Ifbd7ff5acf390df1d95d6b8be0dc7751e4753bbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134246
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f668663d63d5b0f37d4727b54585c3b67ab92162)
diff --git a/download.lst b/download.lst
index 245ebcd3e5d7..0dbca6da1775 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689
-export CURL_TARBALL := curl-7.79.1.tar.xz
+export CURL_SHA256SUM :=
2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4
+export CURL_TARBALL := curl-7.83.1.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/ExternalPackage_curl.mk
b/external/curl/ExternalPackage_curl.mk
index 1fb360c85ca9..3308074b363c 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -20,7 +20,7 @@ $(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dyli
else ifeq ($(OS),AIX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0))
+$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.8.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index 81886b36fbc5..2bf98e2b2e3e 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -42,7 +42,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
./configure \
$(if $(filter IOS MACOSX,$(OS)),\
--with-secure-transport,\
- $(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call
gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
+ $(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")
--with-nss-deprecated,--without-nss)) \
--without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
--without-libidn2 --without-libpsl --without-librtmp \
diff --git a/external/curl/curl-7.26.0_win-proxy.patch
b/external/curl/curl-7.26.0_win-proxy.patch
index 5bb98fa04741..c5498c3fdebb 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -31,7 +31,7 @@
+{
+ int bufSize;
+ char *out = NULL;
-+ if(wStr != NULL) {
++ if(wStr) {
+ bufSize = WideCharToMultiByte(
+ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL);
+ out = (char *)malloc(bufSize * sizeof(char));
@@ -63,10 +63,10 @@
+ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass);
+
+ /* Convert the ieNoProxy into a proper no_proxy value */
-+ if(NULL != ieNoProxy) {
++ if(ieNoProxy) {
+ no_proxy = strdup(ieNoProxy);
+ pos = strpbrk(no_proxy, "; ");
-+ while(NULL != pos) {
++ while(pos) {
+ no_proxy[pos-no_proxy] = ',';
+ pos = strpbrk(no_proxy, "; ");
+ }
@@ -77,9 +77,9 @@
+ char *tok;
+ char *saveptr;
+
-+ if(NULL != ieProxy) {
++ if(ieProxy) {
+ tok = strtok_s(ieProxy, ";", &saveptr);
-+ if(strchr(tok, '=') == NULL) {
++ if(!strchr(tok, '=')) {
+ proxy = strdup(ieProxy);
+ }
+ else {
@@ -90,7 +90,7 @@
+ }
+ tok = strtok_s(NULL, ";", &saveptr);
+ }
-+ while(NULL != tok);
++ while(tok);
+ }
+ }
+ }
commit 4cf9cb10c44e5260d2b1f78bd3c3b8bf08ea9879
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Oct 20 10:41:42 2021 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
upgrade curl to 7.79.1
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit a08d1dc4ee904428ef6f78208cc2508d3fc3717b)
diff --git a/download.lst b/download.lst
index 977ba18f284c..245ebcd3e5d7 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
-export CURL_TARBALL := curl-7.78.0.tar.xz
+export CURL_SHA256SUM :=
0606f74b1182ab732a17c11613cbbaf7084f2e6cca432642d0e3ad7c224c3689
+export CURL_TARBALL := curl-7.79.1.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index 69fde5f7f236..d4dad7eba77e 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,9 +1,9 @@
diff -ur curl.org/configure curl/configure
--- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
+++ curl/configure 2016-03-13 15:16:44.132000076 +0100
-@@ -24009,7 +24009,7 @@
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
- $as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags
for NSS." >&2;}
+@@ -28216,7 +28216,7 @@
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
+ printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation
flags for NSS." >&2;}
addld="-L$OPT_NSS/lib"
- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3"
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index f4a0ad4b152f..e0f579f8675a 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,22 +1,22 @@
--- configure
+++ configure
-@@ -20709,7 +20709,6 @@
+@@ -22699,7 +22699,6 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS
clean_LIBS=$LIBS
-ZLIB_LIBS=""
# Check whether --with-zlib was given.
- if test "${with_zlib+set}" = set; then :
-@@ -20718,6 +20719,7 @@
+ if test ${with_zlib+y}
+@@ -22709,6 +22708,7 @@
if test "$OPT_ZLIB" = "no" ; then
+ ZLIB_LIBS=""
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
- $as_echo "$as_me: WARNING: zlib disabled" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
+ printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;}
else
-@@ -20725,6 +20725,21 @@
+@@ -22716,6 +22716,21 @@
OPT_ZLIB=""
fi
@@ -38,8 +38,8 @@
if test -z "$OPT_ZLIB" ; then
if test -n "$PKG_CONFIG"; then
-@@ -21005,6 +21020,7 @@
- $as_echo "$as_me: found both libz and libz.h header" >&6;}
+@@ -23011,6 +23026,7 @@
+ printf "%s\n" "$as_me: found both libz and libz.h header" >&6;}
curl_zlib_msg="enabled"
fi
+ fi
commit 04f02cac4aa9456f099249791e1a16781607188e
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Mar 31 20:33:02 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
nss: build with zlib module on WNT
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132367
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 1c748fefc3c5b42e3548a1a7f5017a579982005a)
Change-Id: Ie875b4a8df1697de83a8f22cb1170a49792c47e6
diff --git a/configure.ac b/configure.ac
index b99299994e7a..2baf87888593 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7616,7 +7616,11 @@ else
SYSTEM_ZLIB=
BUILD_TYPE="$BUILD_TYPE ZLIB"
ZLIB_CFLAGS="-I${WORKDIR}/UnpackedTarball/zlib"
- ZLIB_LIBS="-L${WORKDIR}/LinkTarget/StaticLibrary -lzlib"
+ if test "$COM" = "MSC"; then
+ ZLIB_LIBS="${WORKDIR}/LinkTarget/StaticLibrary/zlib.lib"
+ else
+ ZLIB_LIBS="-L${WORKDIR}/LinkTarget/StaticLibrary -lzlib"
+ fi
fi
AC_SUBST(ZLIB_CFLAGS)
AC_SUBST(ZLIB_LIBS)
diff --git a/external/nss/ExternalProject_nss.mk
b/external/nss/ExternalProject_nss.mk
index 132ce96ce9da..a404284ac837 100644
--- a/external/nss/ExternalProject_nss.mk
+++ b/external/nss/ExternalProject_nss.mk
@@ -23,9 +23,10 @@ $(call gb_ExternalProject_get_state_target,nss,build): \
$(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \
OS_TARGET=WIN95 \
NSS_DISABLE_AVX2=1 \
+ USE_SYSTEM_ZLIB=1 \
$(if $(filter X86_64,$(CPUNAME)),USE_64=1) \
LIB="$(ILIB)" \
- XCFLAGS="-arch:SSE $(SOLARINC)" \
+ XCFLAGS="-arch:SSE $(SOLARINC) $(ZLIB_CFLAGS)" \
$(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \
NSINSTALL='$(call
gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \
,nss)
commit 0436bb316217c13622f8f8eb511f3c0c601ab514
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Mar 31 12:13:23 2022 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
zlib: upgrade to release 1.2.12
Fixes CVE-2018-25032
external/zlib/ubsan.patch: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132358
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bfb6c4c65781a610d21409d974227d73f264f41a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132191
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit b91ebecaaa1582a7cbeda519eb6097a6a866135f)
Change-Id: I2aa9a9008b9cf7efd970c5fff0df7029204204f8
diff --git a/download.lst b/download.lst
index ac564211eada..977ba18f284c 100644
--- a/download.lst
+++ b/download.lst
@@ -249,8 +249,8 @@ export WPS_VERSION_MICRO := 9
export WPS_TARBALL := libwps-0.4.$(WPS_VERSION_MICRO).tar.xz
export XSLTML_SHA256SUM :=
75823776fb51a9c526af904f1503a7afaaab900fba83eda64f8a41073724c870
export XSLTML_TARBALL := a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip
-export ZLIB_SHA256SUM :=
4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066
-export ZLIB_TARBALL := zlib-1.2.11.tar.xz
+export ZLIB_SHA256SUM :=
7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18
+export ZLIB_TARBALL := zlib-1.2.12.tar.xz
export ZMF_SHA256SUM :=
27051a30cb057fdb5d5de65a1f165c7153dc76e27fe62251cbb86639eb2caf22
export ZMF_TARBALL := libzmf-0.0.2.tar.xz
commit 7c8760657ecbb21c01941a9378d2d438a85e62e5
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Mar 23 13:03:30 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
add infobar to prompt to refresh to replace old format
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <so...@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 2e9726d0565a..4ce5f5076b23 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -263,6 +263,8 @@
#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK
NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be
validated and the document is only partially signed.")
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This
document is digitally signed and the signature is valid.")
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW",
"Show Signatures")
+#define STR_REFRESH_MASTER_PASSWORD
NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an
outdated format, you should refresh it")
+#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD",
"Refresh Password")
#define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close
Pane")
#define STR_SFX_DOCK NC_("STR_SFX_DOCK", "Dock")
diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
index 3fafd9e1762d..6a17fa9f9bbb 100644
--- a/include/sfx2/viewfrm.hxx
+++ b/include/sfx2/viewfrm.hxx
@@ -79,6 +79,7 @@ protected:
DECL_LINK(GetInvolvedHandler, Button*, void);
DECL_LINK(SwitchReadOnlyHandler, Button*, void);
DECL_LINK(SignDocumentHandler, Button*, void);
+ DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
SAL_DLLPRIVATE void KillDispatcher_Impl();
virtual ~SfxViewFrame() override;
diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
index 510e7238a417..2fc204e67914 100644
--- a/sfx2/source/view/viewfrm.cxx
+++ b/sfx2/source/view/viewfrm.cxx
@@ -29,6 +29,7 @@
#include <com/sun/star/frame/XLoadable.hpp>
#include <com/sun/star/frame/XLayoutManager.hpp>
#include <com/sun/star/frame/XComponentLoader.hpp>
+#include <com/sun/star/task/PasswordContainer.hpp>
#include <officecfg/Office/Common.hxx>
#include <officecfg/Setup.hxx>
#include <toolkit/helper/vclunohelper.hxx>
@@ -1228,6 +1229,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/,
const SfxHint& rHint )
batch->commit();
}
+ if (officecfg::Office::Common::Passwords::HasMaster::get() &&
+
officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
+ {
+ // master password stored in deprecated format
+ VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
+ AppendInfoBar("oldmasterpassword",
+ SfxResId(STR_REFRESH_MASTER_PASSWORD),
InfoBarType::Danger);
+ if (pOldMasterPasswordInfoBar)
+ {
+ VclPtrInstance<PushButton> const xBtn(&GetWindow());
+ xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
+ xBtn->SetSizePixel(xBtn->GetOptimalSize());
+ xBtn->SetClickHdl(LINK(this,
+ SfxViewFrame, RefreshMasterPasswordHdl));
+ pOldMasterPasswordInfoBar->addButton(xBtn);
+ }
+ }
+
// read-only infobar if necessary
const SfxViewShell *pVSh;
const SfxShell *pFSh;
@@ -1379,6 +1398,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler,
Button*, void)
GetDispatcher()->Execute(SID_SIGNATURE);
}
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
+{
+ bool bChanged = false;
+ try
+ {
+ Reference< task::XPasswordContainer2 > xMasterPasswd(
+
task::PasswordContainer::create(comphelper::getProcessComponentContext()));
+
+ css::uno::Reference<css::frame::XFrame> xFrame =
GetFrame().GetFrameInterface();
+ css::uno::Reference<css::awt::XWindow> xContainerWindow =
xFrame->getContainerWindow();
+
+ uno::Reference<task::XInteractionHandler>
xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
+
xContainerWindow));
+ bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
+ }
+ catch (const Exception&)
+ {}
+ if (bChanged)
+ RemoveInfoBar(u"oldmasterpassword");
+}
+
void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
{
m_pImpl->bResizeInToOut = true;
commit bd199f4a18bbaed069124772566eb9cb94f96ac0
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Mar 22 17:22:22 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
add Initialization Vectors to password storage
old ones default to the current all zero case and continue to work
as before
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
(cherry picked from commit 713296ecd30bab02d41fcd23f19afed28d916701)
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index bf9360b28b8c..fb627eba4317 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -27,6 +27,11 @@
<info>
<desc>Contains a container for passwords.</desc>
</info>
+ <prop oor:name="InitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the password
encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Password" oor:type="xs:string" oor:localized="false">
<info>
<desc>Contains a password encoded with the master password.</desc>
@@ -924,6 +929,11 @@
</info>
<value>false</value>
</prop>
+ <prop oor:name="MasterInitializationVector" oor:type="xs:string">
+ <info>
+ <desc>Contains an initialization vector for the master password
encryption.</desc>
+ </info>
+ </prop>
<prop oor:name="Master" oor:type="xs:string" oor:nillable="false">
<info>
<desc>Contains the master password encrypted by itself.</desc>
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx
b/svl/source/passwordcontainer/passwordcontainer.cxx
index c21f748a0c29..6f819fd009f1 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -185,15 +185,18 @@ PassMap StorageItem::getInfo()
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
sal_Int32 aNodeCount = aNodeNames.getLength();
- Sequence< OUString > aPropNames( aNodeCount );
+ Sequence< OUString > aPropNames( aNodeCount * 2);
std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
[](const OUString& rName) -> OUString {
return "Store/Passwordstorage['" + rName + "']/Password"; });
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray()
+ aNodeCount,
+ [](const OUString& rName) -> OUString {
+ return "Store/Passwordstorage['" + rName +
"']/InitializationVector"; });
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
- if( aPropertyValues.getLength() != aNodeCount )
+ if( aPropertyValues.getLength() != aNodeCount * 2)
{
OSL_FAIL( "Problems during reading" );
return aResult;
@@ -209,14 +212,16 @@ PassMap StorageItem::getInfo()
OUString aName = aUrlUsr[1];
OUString aEPasswd;
+ OUString aIV;
aPropertyValues[aNodeInd] >>= aEPasswd;
+ aPropertyValues[aNodeInd + aNodeCount] >>= aIV;
PassMap::iterator aIter = aResult.find( aUrl );
if( aIter != aResult.end() )
- aIter->second.emplace_back( aName, aEPasswd );
+ aIter->second.emplace_back( aName, aEPasswd, aIV );
else
{
- NamePassRecord aNewRecord( aName, aEPasswd );
+ NamePassRecord aNewRecord( aName, aEPasswd, aIV );
std::vector< NamePassRecord > listToAdd( 1, aNewRecord );
aResult.insert( PairUrlRecord( aUrl, listToAdd ) );
@@ -280,17 +285,19 @@ sal_Int32 StorageItem::getStorageVersion()
return nResult;
}
-bool StorageItem::getEncodedMP( OUString& aResult )
+bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV )
{
if( hasEncoded )
{
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return true;
}
- Sequence< OUString > aNodeNames( 2 );
+ Sequence< OUString > aNodeNames( 3 );
aNodeNames[0] = "HasMaster";
aNodeNames[1] = "Master";
+ aNodeNames[2] = "MasterInitializationVector";
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
@@ -302,32 +309,37 @@ bool StorageItem::getEncodedMP( OUString& aResult )
aPropertyValues[0] >>= hasEncoded;
aPropertyValues[1] >>= mEncoded;
+ aPropertyValues[2] >>= mEncodedIV;
aResult = mEncoded;
+ aResultIV = mEncodedIV;
return hasEncoded;
}
-void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
+void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString&
aEncodedIV, bool bAcceptEmpty )
{
- Sequence< OUString > sendNames(3);
- Sequence< uno::Any > sendVals(3);
+ Sequence< OUString > sendNames(4);
+ Sequence< uno::Any > sendVals(4);
sendNames[0] = "HasMaster";
sendNames[1] = "Master";
- sendNames[2] = "StorageVersion";
+ sendNames[2] = "MasterInitializationVector";
+ sendNames[3] = "StorageVersion";
bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
sendVals[0] <<= bHasMaster;
sendVals[1] <<= aEncoded;
- sendVals[2] <<= nCurrentStorageVersion;
+ sendVals[2] <<= aEncodedIV;
+ sendVals[3] <<= nCurrentStorageVersion;
ConfigItem::SetModified();
ConfigItem::PutProperties( sendNames, sendVals );
hasEncoded = bHasMaster;
mEncoded = aEncoded;
+ mEncodedIV = aEncodedIV;
}
@@ -363,11 +375,13 @@ void StorageItem::update( const OUString& aURL, const
NamePassRecord& aRecord )
forIndex.push_back( aURL );
forIndex.push_back( aRecord.GetUserName() );
- Sequence< beans::PropertyValue > sendSeq(1);
+ Sequence< beans::PropertyValue > sendSeq(2);
- sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) +
"']/Password";
+ sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL,
aRecord.GetUserName() } ) + "']/InitializationVector";
+ sendSeq[0].Value <<= aRecord.GetPersistentIV();
- sendSeq[0].Value <<= aRecord.GetPersPasswords();
+ sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( forIndex ) +
"']/Password";
+ sendSeq[1].Value <<= aRecord.GetPersPasswords();
ConfigItem::SetModified();
ConfigItem::SetSetProperties( "Store", sendSeq );
@@ -429,7 +443,7 @@ void SAL_CALL PasswordContainer::disposing( const
EventObject& )
}
}
-std::vector< OUString > PasswordContainer::DecodePasswords( const OUString&
aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
+std::vector< OUString > PasswordContainer::DecodePasswords( const OUString&
aLine, const OUString& aIV, const OUString& aMasterPasswd,
css::task::PasswordRequestMode mode )
{
if( !aMasterPasswd.isEmpty() )
{
@@ -444,9 +458,16 @@ std::vector< OUString >
PasswordContainer::DecodePasswords( const OUString& aLin
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2
).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2
).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aDecoder, rtl_Cipher_DirectionDecode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -479,7 +500,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords(
const OUString& aLin
"Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode);
}
-OUString PasswordContainer::EncodePasswords(const std::vector< OUString >&
lines, const OUString& aMasterPasswd )
+OUString PasswordContainer::EncodePasswords(const std::vector< OUString >&
lines, const OUString& aIV, const OUString& aMasterPasswd)
{
if( !aMasterPasswd.isEmpty() )
{
@@ -496,9 +517,16 @@ OUString PasswordContainer::EncodePasswords(const
std::vector< OUString >& lines
for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2
).toUInt32(16));
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
+ if (!aIV.isEmpty())
+ {
+ for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
+ iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2
).toUInt32(16));
+ }
+
rtlCipherError result = rtl_cipher_init (
aEncoder, rtl_Cipher_DirectionEncode,
- code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
+ code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
if( result == rtl_Cipher_E_None )
{
@@ -566,7 +594,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL,
std::vector< NamePas
if( aRecord.HasPasswords( PERSISTENT_RECORD ) )
{
- aNPIter.SetPersPasswords( aRecord.GetPersPasswords() );
+ aNPIter.SetPersPasswords( aRecord.GetPersPasswords(),
aRecord.GetPersistentIV() );
if( writeFile )
{
@@ -599,7 +627,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const
NamePassRecord& aRecord, b
{
try
{
- ::std::vector< OUString > aDecodedPasswords = DecodePasswords(
aRecord.GetPersPasswords(), GetMasterPassword( aHandler ),
css::task::PasswordRequestMode_PASSWORD_ENTER );
+ ::std::vector< OUString > aDecodedPasswords = DecodePasswords(
aRecord.GetPersPasswords(), aRecord.GetPersistentIV(),
+
GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(),
aDecodedPasswords.end() );
}
catch( NoMasterException& )
@@ -644,6 +673,19 @@ void SAL_CALL PasswordContainer::addPersistent( const
OUString& Url, const OUStr
PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler );
}
+OUString PasswordContainer::createIV()
+{
+ rtlRandomPool randomPool = mRandomPool.get();
+ unsigned char iv[RTL_DIGEST_LENGTH_MD5];
+ rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
+ OUStringBuffer aBuffer;
+ for (sal_uInt8 i : iv)
+ {
+ aBuffer.append(OUString::number(i >> 4, 16));
+ aBuffer.append(OUString::number(i & 15, 16));
+ }
+ return aBuffer.makeStringAndClear();
+}
void PasswordContainer::PrivateAdd( const OUString& Url, const OUString&
UserName, const Sequence< OUString >& Passwords, char Mode, const Reference<
XInteractionHandler >& aHandler )
{
@@ -651,7 +693,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url,
const OUString& UserNam
::std::vector< OUString > aStorePass = comphelper::sequenceToContainer<
std::vector<OUString> >( Passwords );
if( Mode == PERSISTENT_RECORD )
- aRecord.SetPersPasswords( EncodePasswords( aStorePass,
GetMasterPassword( aHandler ) ) );
+ {
+ OUString sIV = createIV();
+ OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV,
GetMasterPassword( aHandler ) );
+ aRecord.SetPersPasswords( sEncodedPasswords, sIV );
+ }
else if( Mode == MEMORY_RECORD )
aRecord.SetMemPasswords( aStorePass );
else
@@ -844,10 +890,10 @@ OUString const & PasswordContainer::GetMasterPassword(
const Reference< XInterac
if( m_aMasterPasswd.isEmpty() && aHandler.is() )
{
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
bool bDefaultPassword = false;
- if( !m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
aRMode = PasswordRequestMode_PASSWORD_CREATE;
else if ( aEncodedMP.isEmpty() )
{
@@ -869,14 +915,15 @@ OUString const & PasswordContainer::GetMasterPassword(
const Reference< XInterac
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords(
aMaster, m_aMasterPasswd ) );
+ OUString sIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords(
aMaster, sIV, m_aMasterPasswd ), sIV );
}
else
{
if (m_pStorageFile->getStorageVersion() == 0)
aPass = ReencodeAsOldHash(aPass);
- std::vector< OUString > aRM( DecodePasswords(
aEncodedMP, aPass, aRMode ) );
+ std::vector< OUString > aRM( DecodePasswords(
aEncodedMP, aEncodedMPIV, aPass, aRMode ) );
if( aRM.empty() || aPass != aRM[0] )
{
bAskAgain = true;
@@ -1033,7 +1080,8 @@ Sequence< UrlRecord > SAL_CALL
PasswordContainer::getAllPersistent( const Refere
{
sal_Int32 oldLen = aUsers.getLength();
aUsers.realloc( oldLen + 1 );
- aUsers[ oldLen ] = UserRecord( aNP.GetUserName(),
comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(),
GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER )
) );
+ aUsers[ oldLen ] = UserRecord( aNP.GetUserName(),
comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(),
aNP.GetPersistentIV(),
+
GetMasterPassword( xHandler ),
css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
}
if( aUsers.getLength() )
@@ -1050,12 +1098,12 @@ Sequence< UrlRecord > SAL_CALL
PasswordContainer::getAllPersistent( const Refere
sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const
uno::Reference< task::XInteractionHandler >& xHandler )
{
bool bResult = false;
- OUString aEncodedMP;
+ OUString aEncodedMP, aEncodedMPIV;
uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler;
::osl::MutexGuard aGuard( mMutex );
// the method should fail if there is no master password
- if( m_pStorageFile && m_pStorageFile->useStorage() &&
m_pStorageFile->getEncodedMP( aEncodedMP ) )
+ if( m_pStorageFile && m_pStorageFile->useStorage() &&
m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
{
if ( aEncodedMP.isEmpty() )
{
@@ -1124,8 +1172,8 @@ sal_Bool SAL_CALL
PasswordContainer::changeMasterPassword( const uno::Reference<
bool bCanChangePassword = true;
// if there is already a stored master password it should be entered
by the user before the change happen
- OUString aEncodedMP;
- if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP(
aEncodedMP ) )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1144,7 +1192,8 @@ sal_Bool SAL_CALL
PasswordContainer::changeMasterPassword( const uno::Reference<
// store the new master password
m_aMasterPasswd = aPass;
std::vector< OUString > aMaster( 1, m_aMasterPasswd );
- m_pStorageFile->setEncodedMP( EncodePasswords( aMaster,
m_aMasterPasswd ) );
+ OUString aIV = createIV();
+ m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV,
m_aMasterPasswd ), aIV );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1169,7 +1218,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword()
if ( m_pStorageFile )
{
m_aMasterPasswd.clear();
- m_pStorageFile->setEncodedMP( OUString() ); // let the master password
be removed from configuration
+ m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the
master password be removed from configuration
}
}
@@ -1180,8 +1229,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( )
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP ) );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) );
}
sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow )
@@ -1228,8 +1277,8 @@ sal_Bool SAL_CALL
PasswordContainer::useDefaultMasterPassword( const uno::Refere
bool bCanChangePassword = true;
// if there is already a stored nondefault master password it should
be entered by the user before the change happen
- OUString aEncodedMP;
- if( m_pStorageFile->getEncodedMP( aEncodedMP ) &&
!aEncodedMP.isEmpty() )
+ OUString aEncodedMP, aEncodedMPIV;
+ if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) &&
!aEncodedMP.isEmpty() )
bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
if ( bCanChangePassword )
@@ -1246,7 +1295,7 @@ sal_Bool SAL_CALL
PasswordContainer::useDefaultMasterPassword( const uno::Refere
// store the empty string to flag the default master password
m_aMasterPasswd = aPass;
- m_pStorageFile->setEncodedMP( OUString(), true );
+ m_pStorageFile->setEncodedMP( OUString(), OUString(), true );
// store all the entries with the new password
for ( const auto& rURL : aPersistent )
@@ -1270,8 +1319,8 @@ sal_Bool SAL_CALL
PasswordContainer::isDefaultMasterPasswordUsed()
if ( !m_pStorageFile )
throw uno::RuntimeException();
- OUString aEncodedMP;
- return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP ) && aEncodedMP.isEmpty() );
+ OUString aEncodedMP, aEncodedMPIV;
+ return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP(
aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() );
}
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx
b/svl/source/passwordcontainer/passwordcontainer.hxx
index c947c8534876..db6cc4a02e43 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -36,6 +36,7 @@
#include <unotools/configitem.hxx>
#include <ucbhelper/interactionrequest.hxx>
+#include <rtl/random.h>
#include <rtl/ref.hxx>
#include <osl/mutex.hxx>
@@ -54,11 +55,12 @@ class NamePassRecord
::std::vector< OUString > m_aMemPass;
// persistent passwords are encrypted in one string
- bool m_bHasPersPass;
+ bool m_bHasPersPass;
OUString m_aPersPass;
+ OUString m_aPersistentIV;
void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >&
aMemoryList,
- bool bHasPersistentList, const OUString& aPersistentList )
+ bool bHasPersistentList, const OUString& aPersistentList,
const OUString& aPersistentIV )
{
m_bHasMemPass = bHasMemoryList;
if ( bHasMemoryList )
@@ -66,7 +68,10 @@ class NamePassRecord
m_bHasPersPass = bHasPersistentList;
if ( bHasPersistentList )
+ {
m_aPersPass = aPersistentList;
+ m_aPersistentIV = aPersistentIV;
+ }
}
public:
@@ -78,11 +83,12 @@ public:
{
}
- NamePassRecord( const OUString& aName, const OUString& aPersistentList )
+ NamePassRecord( const OUString& aName, const OUString& aPersistentList,
const OUString& aPersistentIV )
: m_aName( aName )
, m_bHasMemPass( false )
, m_bHasPersPass( true )
, m_aPersPass( aPersistentList )
+ , m_aPersistentIV( aPersistentIV )
{
}
@@ -91,7 +97,8 @@ public:
, m_bHasMemPass( false )
, m_bHasPersPass( false )
{
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass,
aRecord.m_aPersistentIV );
}
NamePassRecord& operator=( const NamePassRecord& aRecord )
@@ -100,7 +107,9 @@ public:
m_aMemPass.clear();
m_aPersPass.clear();
- InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+ m_aPersistentIV.clear();
+ InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+ aRecord.m_bHasPersPass, aRecord.m_aPersPass,
aRecord.m_aPersistentIV );
return *this;
}
@@ -136,15 +145,24 @@ public:
return OUString();
}
+ OUString GetPersistentIV() const
+ {
+ if ( m_bHasPersPass )
+ return m_aPersistentIV;
+
+ return OUString();
+ }
+
void SetMemPasswords( const ::std::vector< OUString >& aMemList )
{
m_aMemPass = aMemList;
m_bHasMemPass = true;
}
- void SetPersPasswords( const OUString& aPersList )
+ void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
{
m_aPersPass = aPersList;
+ m_aPersistentIV = aPersIV;
m_bHasPersPass = true;
}
@@ -159,6 +177,7 @@ public:
{
m_bHasPersPass = false;
m_aPersPass.clear();
+ m_aPersistentIV.clear();
}
}
@@ -182,6 +201,7 @@ private:
PasswordContainer* mainCont;
bool hasEncoded;
OUString mEncoded;
+ OUString mEncodedIV;
virtual void ImplCommit() override;
@@ -202,8 +222,8 @@ public:
sal_Int32 getStorageVersion();
- bool getEncodedMP( OUString& aResult );
- void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
+ bool getEncodedMP( OUString& aResult, OUString& aResultIV );
+ void setEncodedMP( const OUString& aResult, const OUString& aResultIV,
bool bAcceptEmpty = false );
void setUseStorage( bool bUse );
bool useStorage();
@@ -224,6 +244,29 @@ private:
css::uno::Reference< css::lang::XComponent > mComponent;
SysCredentialsConfig mUrlContainer;
+ class RandomPool
+ {
+ private:
+ rtlRandomPool m_aRandomPool;
+ public:
+ RandomPool() : m_aRandomPool(rtl_random_createPool())
+ {
+ }
+ rtlRandomPool get()
+ {
+ return m_aRandomPool;
+ }
+ ~RandomPool()
+ {
+ // Clean up random pool memory
+ rtl_random_destroyPool(m_aRandomPool);
+ }
+ };
+
+ RandomPool mRandomPool;
+
+ OUString createIV();
+
/// @throws css::uno::RuntimeException
css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
const ::std::vector< NamePassRecord >&
original,
@@ -274,10 +317,10 @@ css::task::UrlRecord find(
const css::uno::Reference<
css::task::XInteractionHandler >& Handler );
/// @throws css::uno::RuntimeException
- static ::std::vector< OUString > DecodePasswords( const OUString& aLine,
const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
+ static ::std::vector< OUString > DecodePasswords( const OUString& aLine,
const OUString& aIV, const OUString& aMasterPassword,
css::task::PasswordRequestMode mode );
/// @throws css::uno::RuntimeException
- static OUString EncodePasswords(const std::vector< OUString >& lines,
const OUString& aMasterPassword );
+ static OUString EncodePasswords(const std::vector< OUString >& lines,
const OUString& aIV, const OUString& aMasterPassword );
public:
PasswordContainer( const css::uno::Reference<
css::lang::XMultiServiceFactory >& );
commit 32f502517207de52ac465667909dbdd2f236bce6
Author: Arkadiy Illarionov <qar...@gmail.com>
AuthorDate: Sat Jul 13 21:29:10 2019 +0300
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Fri Oct 28 23:21:52 2022 +0200
Simplify Sequence iterations in svl [only passwordcontainer.cxx]
Use range-based loops, STL and comphelper functions
Reviewed-on: https://gerrit.libreoffice.org/75563
Tested-by: Jenkins
Reviewed-by: Arkadiy Illarionov <qar...@gmail.com>
(cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362)
Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx
b/svl/source/passwordcontainer/passwordcontainer.cxx
index cc4540617537..c21f748a0c29 100644
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
@@ -186,22 +186,20 @@ PassMap StorageItem::getInfo()
Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" );
sal_Int32 aNodeCount = aNodeNames.getLength();
Sequence< OUString > aPropNames( aNodeCount );
- sal_Int32 aNodeInd;
- for( aNodeInd = 0; aNodeInd < aNodeCount; ++aNodeInd )
- {
- aPropNames[aNodeInd] = "Store/Passwordstorage['" +
aNodeNames[aNodeInd] + "']/Password";
- }
+ std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
+ [](const OUString& rName) -> OUString {
+ return "Store/Passwordstorage['" + rName + "']/Password"; });
Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
... etc. - the rest is truncated
