dgit.raspbian.org Git - libreoffice.git/commit

author	Caolán McNamara <caolanm@redhat.com>
	Mon, 21 Mar 2022 20:58:34 +0000 (20:58 +0000)
committer	Bastien Roucariès <rouca@debian.org>
	Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)
commit	65192b534249bedf6792ec3d2f9820600293fdee
tree	82e25705895b7de9f6dd543f365ba43e36020ea1	tree \| snapshot
parent	e183fae9d0f2dc55054978da7d3e496774c89bda	commit \| diff

[PATCH 2/4] CVE-2022-26307 make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

Gbp-Pq: Name 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch

officecfg/registry/schema/org/openoffice/Office/Common.xcs		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.cxx		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.hxx		diff \| blob \| history
uui/source/iahndl-authentication.cxx		diff \| blob \| history