dgit.raspbian.org Git - libreoffice.git/commit

author	Caolán McNamara <caolanm@redhat.com>
	Mon, 21 Mar 2022 20:58:34 +0000 (20:58 +0000)
committer	Rene Engelhard <rene@debian.org>
	Wed, 24 May 2023 18:05:03 +0000 (19:05 +0100)
commit	40a0968716047a3484b9cee2a28b125674abec84
tree	8aaf3c5497f76d667340bae0e515874085ee1f12	tree \| snapshot
parent	7a61f3b31bcca47303c6962e0a0659001fe24ca6	commit \| diff

[PATCH 2/4] CVE-2022-26307 make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

Gbp-Pq: Name 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch

officecfg/registry/schema/org/openoffice/Office/Common.xcs		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.cxx		diff \| blob \| history
svl/source/passwordcontainer/passwordcontainer.hxx		diff \| blob \| history
uui/source/iahndl-authentication.cxx		diff \| blob \| history