download.lst | 4 ++--
package/source/zipapi/ZipFile.cxx | 16 +++++++++++++---
2 files changed, 15 insertions(+), 5 deletions(-)
New commits:
commit 45cf2a911ef5a0fb61bef314f78bc56b801024e7
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Wed Jun 5 11:40:19 2024 +0200
Commit: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Thu Jun 27 16:39:55 2024 +0200
openssl: upgrade to 3.0.14
Downloaded from https://www.openssl.org/source/openssl-3.0.14.tar.gz
Change-Id: Ib75738f257210532d0f01f429ec3b78a1a2410a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168456
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
Tested-by: Jenkins
(cherry picked from commit b3a70a28b0becc9c872f2a92c35dfdaac4822600)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168434
Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
diff --git a/download.lst b/download.lst
index f4a0a29d97ec..7fe185574866 100644
--- a/download.lst
+++ b/download.lst
@@ -508,8 +508,8 @@ OPENLDAP_TARBALL := openldap-2.6.7.tgz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-OPENSSL_SHA256SUM :=
88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
-OPENSSL_TARBALL := openssl-3.0.13.tar.gz
+OPENSSL_SHA256SUM :=
eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca
+OPENSSL_TARBALL := openssl-3.0.14.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit b4857738bb7734e88a985fab6a38d0be37cb21ba
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Jun 14 18:18:12 2024 +0200
Commit: Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Thu Jun 27 16:39:43 2024 +0200
tdf#160888 package: fix opening password protected scripting library
The problem is that XBufferedThreadedStream does not implement
XSeekable, so the new code in ZipFile::checkValidPassword() throws an
exception, and then joining the UnzippingThread hangs.
Implementing XSeekable doesn't appear to help, as the mutex that
is used by XBufferedThreadedStream and the UnzippingThread is already
locked by checkValidPassword() [fixably] and by getDataStream().
So just disable threading for AEAD streams, these are read immediately
anyway so threading isn't much of a benefit.
(regression from commit 2f512aaa6c39390a5a0eb1d1e37f070127d068a4)
Change-Id: I16027d5b03ba6e102bc143c22383eb7f08590e5f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168893
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 31698044cd1fe7a7662740b97ea58f9904b3bb0e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168946
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index 3d382bd3a305..72788b625d00 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -557,8 +557,6 @@ uno::Reference<io::XInputStream>
ZipFile::checkValidPassword(
ZipEntry const& rEntry, ::rtl::Reference<EncryptionData> const& rData,
rtl::Reference<comphelper::RefCountedMutex> const& rMutex)
{
- ::osl::MutexGuard aGuard( m_aMutexHolder->GetMutex() );
-
if (rData.is() && rData->m_nEncAlg == xml::crypto::CipherID::AES_GCM_W3C)
{
try // the only way to find out: decrypt the whole stream, which will
@@ -579,6 +577,8 @@ uno::Reference<io::XInputStream>
ZipFile::checkValidPassword(
}
else if (rData.is() && rData->m_aKey.hasElements())
{
+ ::osl::MutexGuard aGuard( m_aMutexHolder->GetMutex() );
+
css::uno::Reference < css::io::XSeekable > xSeek(xStream,
UNO_QUERY_THROW);
xSeek->seek( rEntry.nOffset );
sal_Int64 nSize = rEntry.nMethod == DEFLATED ? rEntry.nCompressedSize
: rEntry.nSize;
@@ -733,8 +733,18 @@ uno::Reference< XInputStream >
ZipFile::createStreamForZipEntry(
static const sal_Int32 nThreadingThreshold = 10000;
// "encrypted-package" is the only data stream, no point in threading it
- if (rEntry.sPath != "encrypted-package" && nThreadingThreshold <
xSrcStream->available())
+ if (nThreadingThreshold < xSrcStream->available()
+ && rEntry.sPath != "encrypted-package"
+ // tdf#160888 no threading for AEAD streams:
+ // 1. the whole stream must be read immediately to verify tag
+ // 2. XBufferedThreadedStream uses same m_aMutexHolder->GetMutex()
+ // => caller cannot read without deadlock
+ && (nStreamMode != UNBUFF_STREAM_DATA
+ || !rData.is()
+ || rData->m_nEncAlg != xml::crypto::CipherID::AES_GCM_W3C))
+ {
xBufStream = new XBufferedThreadedStream(xSrcStream,
xSrcStream->getSize());
+ }
else
#endif
xBufStream = new XBufferedStream(xSrcStream);
