summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Sarper Akdemir [Tue, 11 Jun 2024 10:39:36 +0000 (12:39 +0200)]
[PATCH] remove ability to trust not validated macro signatures in high security
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit
2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317
Gbp-Pq: Name remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff
Caolán McNamara [Wed, 27 Mar 2024 17:07:20 +0000 (17:07 +0000)]
add notify for script use
Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165412
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Gbp-Pq: Name add-notify-for-script-use.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
work-around-expired-certificiate-in-test
Gbp-Pq: Name work-around-expired-certificiate-in-test.diff
Caolán McNamara [Wed, 22 Nov 2023 21:14:41 +0000 (21:14 +0000)]
reuse AllowedLinkProtocolFromDocument in impress/draw
Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Gbp-Pq: Name reuse-AllowedLinkProtocolFromDocument-2.diff
Caolán McNamara [Wed, 15 Nov 2023 11:39:24 +0000 (11:39 +0000)]
reuse AllowedLinkProtocolFromDocument in writer
reorg calc hyperlink check to reuse elsewhere
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
e6a7537762e19fde446441edd10d301f9b37ce75)
reuse AllowedLinkProtocolFromDocument in writer
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
32535dfa82200b54296838b52285c054fbe5e51d)
combine these hyperlink dispatchers into one call
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
0df175ccc6ea542bc5801f631ff72bed187042eb)
we can have just one LoadURL for writer
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit
e32b8601dbd63cf01497889601d6c9c1241106d6)
Gbp-Pq: Name reuse-AllowedLinkProtocolFromDocument-1.diff
Caolán McNamara [Fri, 3 Nov 2023 17:26:25 +0000 (17:26 +0000)]
default to ignoring libreoffice special-purpose protocols in calc hyperlink
Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit
672716d09c54cb6fdd59baa7da4b8393cf104cd2)
Gbp-Pq: Name ignore-LO-special-purpose-hyperlinks-per-default.diff
Caolán McNamara [Sat, 4 Nov 2023 19:57:51 +0000 (19:57 +0000)]
warn about exotic protocols as well
Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
1305f70cff8a81a58a5a6d9c96c5bb032005389e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit
2e1bcbb550d54278b366ec619cc5280d44d6aba4)
Gbp-Pq: Name warn-about-exotic-protocols-as-well.diff
Caolán McNamara [Fri, 3 Nov 2023 17:14:26 +0000 (17:14 +0000)]
add some protocols that don't make sense as floating frame targets
Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit
11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
bab433911bdecb344f7ea94dbd00690241a08c54)
Gbp-Pq: Name floating-frame-targets-unneeded-protocols.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
improve-macro-checks
Gbp-Pq: Name improve-macro-checks.diff
Caolán McNamara [Fri, 3 Nov 2023 14:20:07 +0000 (14:20 +0000)]
escape url passed to gstreamer
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
f41dcadf6492a6ffd32696d50f818e44355b9ad9)
Gbp-Pq: Name escape-url-passed-to-gstreamer.diff
Eike Rathke [Thu, 16 Feb 2023 19:20:31 +0000 (20:20 +0100)]
[PATCH] Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions
OR and AND for legacy infix notation are classified as binary
operators but in fact are functions with parameter count. In case
no argument is supplied, GetByte() returns 0 and for that case the
implicit binary operator 2 parameters were wrongly assumed.
Similar for functions expecting 1 parameter, without argument 1
was assumed. For "real" unary and binary operators the compiler
already checks parameters. Omit OR and AND and 1-parameter
functions from this implicit assumption and return the actual 0
count.
Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit
e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit
d6599a2af131994487d2d9223a4fd32a8c3ddc49)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147132
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name sc-stack-parameter-count.diff
Caolán McNamara [Tue, 11 Apr 2023 09:13:37 +0000 (10:13 +0100)]
set Referer on loading IFrames
so tools, options, security, options,
"block any links from document not..."
applies to their contents.
Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name CVE-2023-2255.diff
Stephan Bergmann [Mon, 21 Feb 2022 10:55:21 +0000 (11:55 +0100)]
Avoid unnecessary empty -Djava.class.path=
Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name avoid-empty-java.class.path.diff
Eike Rathke [Sun, 27 Nov 2022 16:11:49 +0000 (17:11 +0100)]
[PATCH] Resolves: tdf#150011 Switch default currency HRK Croatian Kuna to EUR Euro
HR will join Euro area on 2023-01-01.
Change-Id: I3836804ff68419550091826ea2414bc0edd55a84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143346
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit
c58bc31ece80ccdfc88bd043787869c5e460dbd8)
Gbp-Pq: Name hrk-euro-default.diff
Stephan Bergmann [Tue, 30 Aug 2022 12:04:52 +0000 (14:04 +0200)]
These commands are always URLs already
Conflicts:
wizards/source/scriptforge/SF_Session.xba
Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
Tested-by: Jean-Pierre Ledure <jp@ledure.be>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name ZDI-CAN-17859.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
fix-e_book_client_connect_direct_sync-sig
Gbp-Pq: Name fix-e_book_client_connect_direct_sync-sig.diff
Caolán McNamara [Wed, 23 Mar 2022 13:03:30 +0000 (13:03 +0000)]
add infobar to prompt to refresh to replace old format
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit
c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Gbp-Pq: Name 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch
Caolán McNamara [Tue, 22 Mar 2022 17:22:22 +0000 (17:22 +0000)]
[PATCH 3/4] CVE-2022-26306 add Initialization Vectors to password storage
old ones default to the current all zero case and continue to work
as before
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit
ab77587ec300f5c30084471000663c46ddf25dad)
Gbp-Pq: Name 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch
Caolán McNamara [Mon, 21 Mar 2022 20:58:34 +0000 (20:58 +0000)]
[PATCH 2/4] CVE-2022-26307 make hash encoding match decoding
Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.
Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.
Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit
e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
Gbp-Pq: Name 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch
Caolán McNamara [Thu, 3 Mar 2022 14:22:37 +0000 (14:22 +0000)]
[PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit
65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
Gbp-Pq: Name 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
Caolán McNamara [Mon, 20 Dec 2021 17:05:44 +0000 (17:05 +0000)]
[PATCH] only use X509Data
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit
be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
Gbp-Pq: Name
b0404f80577de9ff69e58390c6f6ef949fdb0139.patch
Eike Rathke [Fri, 22 Jul 2022 20:12:02 +0000 (22:12 +0200)]
Resolves: tdf#150011 Add HRK Croatian Kuna conversion to EUR Euro
TODO: switch defaults before 2023-01-01 in
i18npool/source/localedata/data/hr_HR.xml
Change-Id: Ifc62aefbc8c9fe8bbf044f61ae4fd6eeff692185
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137371
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Gbp-Pq: Name hrk-euro.diff
Michael Stahl [Thu, 25 Feb 2021 13:17:48 +0000 (14:17 +0100)]
xmlsecurity: improve handling of multiple X509Data elements
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-improve-handling-of-multiple-X509Data-elements.diff
Caolán McNamara [Mon, 8 Feb 2021 17:05:28 +0000 (17:05 +0000)]
default to CertificateValidity::INVALID
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit
1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name default-to-CertificateValidity::INVALID.diff
Michael Stahl [Fri, 19 Feb 2021 16:56:21 +0000 (17:56 +0100)]
xmlsecurity: ignore elements in ds:Object that aren't signed
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff
Michael Stahl [Thu, 18 Feb 2021 18:22:31 +0000 (19:22 +0100)]
xmlsecurity: XSecParser confused about multiple timestamps
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
d2a345e1163616fe3201ef1d6c758e2e819214e0)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-XSecParser-confused-about-multiple-timestamps.diff
Michael Stahl [Fri, 12 Feb 2021 15:42:51 +0000 (16:42 +0100)]
xmlsecurity: replace XSecParser implementation
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
12b15be8f4f930a04d8056b9219ac969b42a9784)
xmlsecurity: move XSecParser state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
59df9e70ce1a7ec797b836bda7f9642912febc53)
xmlsecurity: move XSecParser Reference state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit
cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-replace-XSecParser-implementation.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
apparmor-updates
Gbp-Pq: Name apparmor-updates.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
pdfium-m68k
don't break pdfium build on m68k
FIXME: Make this set by autoconf, most of the defines in build_config.h are not actually
used anyway in pdfium...
Gbp-Pq: Name pdfium-m68k.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
unowinreg-static-libgcc
Gbp-Pq: Name unowinreg-static-libgcc.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
fix-bluez-external
Gbp-Pq: Name fix-bluez-external.diff
Rene Engelhard [Tue, 3 Nov 2020 19:34:01 +0000 (20:34 +0100)]
add pdf to DRAWDOCS for bash-completion
Change-Id: I02195cb235774d205e9f9cc8821b897a841fa54f
Gbp-Pq: Name bash-completion-DRAWDOCS-pdf.diff
Kohei Yoshida [Thu, 10 Sep 2020 01:23:48 +0000 (21:23 -0400)]
Upgrade liborcus to 0.16.0.
Change-Id: Iae29fb26417dfc161698a81bee84e81545969065
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102502
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
Gbp-Pq: Name liborcus-0.16.diff
Stephan Bergmann [Wed, 23 Sep 2020 09:41:05 +0000 (11:41 +0200)]
Convert attribute value to UTF-8 when passing it to libxml2
Using toUtf8, requiring the OUString to actually contain well-formed data, but
which is likely OK for this test-code--only function, and is also what similar
dumpAsXml functions e.g. in editeng/source/items/textitem.cxx already use.
This appears to have been broken ever since the code's introduction in
553f10c71a2cc92f5f5890e24948f5277e3d2758 "add dumpAsXml() to more pool items",
and it would typically only have written the leading zero or one
(depending on the architecture's endianness) characters. (I ran across it on
big-endian s390x, where CppunitTest_sd_tiledrendering
SdTiledRenderingTest::testTdf104405 failed because of
> Entity: line 2: parser error : Input is not proper UTF-8, indicate encoding !
> Bytes: 0xCF 0x22 0x2F 0x3E
> ation=""/><SfxPoolItem whichId="4017" typeName="13SvxBulletItem" presentation="%
> ^
apparently reported from within libxml2.)
Change-Id: I4b116d3be84098bd8b8a13b6937da70a1ee02c7f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103236
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins
Gbp-Pq: Name bigendian.diff
Caolán McNamara [Mon, 27 Mar 2017 10:47:01 +0000 (11:47 +0100)]
[PATCH] Resolves: rhbz#
1432468 disable opencl by default
Change-Id: Ie037fcabdd219f195425979dd721501fb5527573
Gbp-Pq: Name no-opencl-per-default.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
disable-shortcuts_tab_navigation-uitest
Gbp-Pq: Name disable-shortcuts_tab_navigation-uitest.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
fix-lo-xlate-lang-nb
Gbp-Pq: Name fix-lo-xlate-lang-nb.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
sc-opengl-optional
Gbp-Pq: Name sc-opengl-optional.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
add-access2base-doc
Gbp-Pq: Name add-access2base-doc.diff
Marcus Tomlinson [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
Add safer float comparisons to bridgetest equals()
Bug-Ubuntu: https://launchpad.net/bugs/
1832360
Gbp-Pq: Name fix-flaky-bridgetest.diff
Olivier Tilloy [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
fix rounding errors that cause autopkgtests to fail on i386
Gbp-Pq: Name fix-uicheck-tests-on-i386.patch
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
apparmor-opencl
apparmor: Add opencl support
AppArmor in Debian Buster now has OpenCL abstractions.
Include OpenCL abstractions to fix OpenCL usage in Calc.
Gbp-Pq: Name apparmor-opencl.diff
Markus Koschany [Fri, 9 Nov 2018 22:06:15 +0000 (23:06 +0100)]
[PATCH] mariadb
Gbp-Pq: Name use-mariadb-java-instead-of-mysql-java.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
disableClassPathURLCheck
Gbp-Pq: Name disableClassPathURLCheck.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
apparmor-mesa
Gbp-Pq: Name apparmor-mesa.diff
Vincas Dargis [Sat, 4 Aug 2018 14:40:05 +0000 (17:40 +0300)]
[PATCH] apparmor: use dri-enumerate abstraction
Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.
Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699
Gbp-Pq: Name apparmor-cleanups.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
apparmor-allow-java.security
Gbp-Pq: Name apparmor-allow-java.security.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
do-not-hide-test-output
Gbp-Pq: Name do-not-hide-test-output.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
disable-java-in-odk-build-examples-on-zero-vm
Gbp-Pq: Name disable-java-in-odk-build-examples-on-zero-vm.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
appstream-ignore-startcenter
Gbp-Pq: Name appstream-ignore-startcenter.diff
Olivier Tilloy [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
Hide startcenter and math from the shell
Bug-Ubuntu: https://launchpad.net/bugs/
1696250
Forwarded: not-needed
Gbp-Pq: Name hide-math-desktop-file.patch
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
apparmor-complain
Gbp-Pq: Name apparmor-complain.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
cppunit-optional
Gbp-Pq: Name cppunit-optional.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
no-openssl
don't add -lssl etc if not needed (because we use system-postgresql)
Gbp-Pq: Name no-openssl.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
system-officeotron-and-odfvalidator
Gbp-Pq: Name system-officeotron-and-odfvalidator.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
no-packagekit-per-default
Gbp-Pq: Name no-packagekit-per-default.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
hppa-is-32bit
Gbp-Pq: Name hppa-is-32bit.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
javadoc-optional
Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.
Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.
Gbp-Pq: Name javadoc-optional.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
fix-internal-hsqldb-build
Gbp-Pq: Name fix-internal-hsqldb-build.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
disable-flaky-tests
14:13 < mst__> _rene_, the toolkit unoapi tests are known to be flaky (in some
system dependent way) e.g. on the Win@6 tinderbox it always
crashes
14:14 < mst__> _rene_, sc.ScAccessible* tests also fail on some systems some of
the time
Gbp-Pq: Name disable-flaky-tests.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
debian-hardened-buildflags-no-LO-fstack-protector-strong
don't hardcode -fstack-protector-strong in configure.ac/gbuild. We get the
hardening flags from dpkg-buildflags anyway.
Gbp-Pq: Name debian-hardened-buildflags-no-LO-fstack-protector-strong.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
debian-hardened-buildflags-CPPFLAGS
Gbp-Pq: Name debian-hardened-buildflags-CPPFLAGS.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
mediwiki-oor-replace
Gbp-Pq: Name mediwiki-oor-replace.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
make-package-modules-not-suck
Gbp-Pq: Name make-package-modules-not-suck.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
jdbc-driver-classpaths
Gbp-Pq: Name jdbc-driver-classpaths.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
reportdesign-mention-package
Gbp-Pq: Name reportdesign-mention-package.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
sensible-lomua
===================================================================
Gbp-Pq: Name sensible-lomua.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
help-msg-add-package-info
Gbp-Pq: Name help-msg-add-package-info.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
mention-java-common-package
Gbp-Pq: Name mention-java-common-package.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
install-fixes
Gbp-Pq: Name install-fixes.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
build-against-shared-lpsolve
Gbp-Pq: Name build-against-shared-lpsolve.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
debian-debug
Gbp-Pq: Name debian-debug.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
split-evoab
Gbp-Pq: Name split-evoab.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
jurt-soffice-location
commit
b71107fb12e3c3125e0cb62c5a4f6636a80c6408
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
AuthorDate: Tue Jun 7 11:52:37 2011 +0200
Commit: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
CommitDate: Tue Jun 7 11:52:37 2011 +0200
on debian-based systems, we know where our soffice binary is
Gbp-Pq: Name jurt-soffice-location.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
debian-opt
Gbp-Pq: Name debian-opt.diff
Debian LibreOffice Maintainers [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
no-check-if-root
Gbp-Pq: Name no-check-if-root.diff
Bastien Roucariès [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
libreoffice (1:7.0.4-4+deb11u12) bullseye-security; urgency=medium
* LTS team upload
* Fix CVE-2024-12425:
Path traversal leading to arbitrary .ttf file write
Various file formats can contain embedded font files which
are extracted to temporary files which are added to
LibreOffice's font lists.
Prior to this fix, an attacker could craft a document
with embedded font file path names which could cause
LibreOffice to write the contents of the embedded font
to a filename in an arbitrary location the user has
permission to write to. Albeit always with a
".ttf" suffix.
* Fix CVE-2024-12426
URL fetching can be used to exfiltrate arbitrary INI
file values and environment variables
URLs could be constructed which expanded environmental
variables or INI file values, so potentially sensitive
information could be exfiltrated to a remote server on
opening a document containing such links.
Prior to this fix, documents could include links that
made use of an internal feature that expands environmental
variables and INI file values in URLS. In the fixed version,
the expansion feature is not available in document hosted urls.
* Remove CJK test that fail on some builder (flaky test)
[dgit import unpatched libreoffice 1:7.0.4-4+deb11u12]
Bastien Roucariès [Mon, 13 Jan 2025 22:18:17 +0000 (22:18 +0000)]
Import libreoffice_7.0.4-4+deb11u12.debian.tar.xz
[dgit import tarball libreoffice 1:7.0.4-4+deb11u12 libreoffice_7.0.4-4+deb11u12.debian.tar.xz]
Rene Engelhard [Thu, 31 Dec 2020 12:00:06 +0000 (13:00 +0100)]
Import libreoffice_7.0.4.orig.tar.xz
[dgit import orig libreoffice_7.0.4.orig.tar.xz]
Rene Engelhard [Thu, 31 Dec 2020 12:00:06 +0000 (13:00 +0100)]
Import libreoffice_7.0.4.orig-helpcontent2.tar.xz
[dgit import orig libreoffice_7.0.4.orig-helpcontent2.tar.xz]
Rene Engelhard [Thu, 31 Dec 2020 12:00:06 +0000 (13:00 +0100)]
Import libreoffice_7.0.4.orig-translations.tar.xz
[dgit import orig libreoffice_7.0.4.orig-translations.tar.xz]
projects / libreoffice.git / log