dgit.raspbian.org Git - libreoffice.git/commit

author	Caolán McNamara <caolanm@redhat.com>
	Mon, 21 Mar 2022 20:58:34 +0000 (20:58 +0000)
committer	Rene Engelhard <rene@debian.org>
	Mon, 1 Apr 2024 09:06:03 +0000 (11:06 +0200)
commit	e76678aa0c0092ad482c17ad380fce7c31c28c3a
tree	723159be991b9a3f49b16958b3c28c355b7ba3ac	tree \| snapshot
parent	354fe195bb944fe36be2137197ab682e0a25793a	commit \| diff

[PATCH 2/4] CVE-2022-26307 make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

Gbp-Pq: Name 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch

officecfg/registry/schema/org/openoffice/Office/Common.xcs		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.cxx		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.hxx		diff \| blob \| history
uui/source/iahndl-authentication.cxx		diff \| blob \| history