dgit.raspbian.org Git - libreoffice.git/log

Merge version 1:7.0.4-4+rpi1+deb11u12 and 1:7.0.4-4+deb11u13 to produce 1:7.0.4-4+rpi1+deb11u13

Merge libreoffice (1:7.0.4-4+deb11u13) import into refs/heads/workingbranch

[PATCH] Improve adbe.pkcs7.sha1 signature verification

For PDF signatures with SubFilter == adbe.pkcs7.sha1, we only
compared hash values and never actually checked SignatureValue
within SignerInfo.

Fix bugs introduced by 055fd58711d57af4d96214aebd71b713303d5527 and
e58ed17e35989350afe3e9fd77b24515df782eac by verifying the actual
(public-key) signature after the hash values compare equal.

Change-Id: I5fa3d60df214cc5efedd1c0eba6cf1b9faf05360
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183059
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 9f687b06fc25156a2a3f4d688b56542612995aa9)

Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://git.libreoffice.org/core/+/9f687b06fc25156a2a3f4d688b56542612995aa9%5E%21
Bug: https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866
Bug: https://github.com/advisories/GHSA-22mj-r7hq-f9h2
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-2866
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-2866

Gbp-Pq: Name CVE-2025-2866.patch

Filter out more unwanted command URIs

Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://git.libreoffice.org/core/+/7105fb698f897ddb38bd60315444c07356689e14%5E%21
Bug: https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080
Bug: https://github.com/advisories/ghsa-gcgr-r4x5-w79r
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-1080
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-1080

Gbp-Pq: Name CVE-2025-1080.patch

Disable test that fail on pbuilder

>  osl_Profile::oldtests::test_profile finished in: 1ms
>  (anonymous namespace)::Test::test finished in: 0ms
>  osl_File.cxx:269:Assertion
>  Test name: osl_FileBase::SystemPath_FileURL::getSystemPathFromFileURL_005
>  assertion failed
>  - Expression: (osl::FileBase::E_None == nError) || (nError ==
>  osl::FileBase::E_NOENT)
>  - In deleteTestDirectory function: remove Directory
>  file:///tmp/?????????zhgb18030
>
>  Failures !!!

Remove this test that fail on pbuilder but not on sbuild

Gbp-Pq: Name DisableTestThatFail.patch

[PATCH] Fix check for further exotic protocols

...that were added in 59891cd3985469bc44dbd05c9fc704eeb07f0c78 "look at
'embedded' protocols for protocols that support them"

Change-Id: I42836d6fd27cd99e39ab07e626053f002a2651f5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178047
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit 8075798b22f2188530f57b8747589923bfd419ef)

origin: https://github.com/LibreOffice/core/commit/eab0da77dfb4a54d14968eb72532e045bfffa0fb

Gbp-Pq: Name CVE-2024-12426_4.patch

[PATCH] look at 'embedded' protocols too

Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009)

origin: https://github.com/LibreOffice/core/commit/4915889ab56bc946264c257391ba6eeedfdfad95
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426

Gbp-Pq: Name CVE-2024-12426_3.patch

[PATCH] consider VndSunStarExpand an exotic protocol

and generally don't bother with it when fetching data
from urls

Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176797
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d6c89af2598e866aa9cb4fa3600691fb558befdb)

origin: https://github.com/LibreOffice/core/commit/a22d185ef7d141676e8a4db15471bfe6d283cb8c
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426

Gbp-Pq: Name CVE-2024-12426_2.patch

[PATCH] Some missing "block untrusted referer links" for form controls

...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a document

Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit dc01a6e7efd3e4c41287dc10c7ea1fdfa1ab5cb5)

[backport]
Prepare CVE-2024-12426 fixes

origin: https://github.com/LibreOffice/core/commit/a32a6301e4ba0c979f5a6b593062749654f3c320

Gbp-Pq: Name CVE-2024-12426_1.patch

[PATCH] be conservative on allowed temp font names

Change-Id: Iefdc1a8c9b4c7e8c08c84f747f8287ac3c419839
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176236
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit f761d098e9a0960554aa4fc02f84a711b50a1cff)

origin: https://github.com/LibreOffice/core/commit/02e3aea1b2cfa3c686aab10721f9a89ecc382732
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425
bug-gerrit: https://gerrit.libreoffice.org/c/core/+/176236

Gbp-Pq: Name CVE-2024-12425.patch

sfx2: SfxObjectShell should not trust any signature on repaired package

[ELTS]
cast pointer like with similar code in context

Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name do-not-trust-any-signature-on-repaired-package.diff

[PATCH] remove ability to trust not validated macro signatures in high security

Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.

in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.

cherry-picked without UI/String altering bits for 24-2

Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171306
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171314
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171317

Gbp-Pq: Name remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff

add notify for script use

Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165412
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Gbp-Pq: Name add-notify-for-script-use.diff

work-around-expired-certificiate-in-test

Gbp-Pq: Name work-around-expired-certificiate-in-test.diff

reuse AllowedLinkProtocolFromDocument in impress/draw

Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Gbp-Pq: Name reuse-AllowedLinkProtocolFromDocument-2.diff

reuse AllowedLinkProtocolFromDocument in writer

reorg calc hyperlink check to reuse elsewhere

Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)

reuse AllowedLinkProtocolFromDocument in writer

Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)

combine these hyperlink dispatchers into one call

Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)

we can have just one LoadURL for writer

Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)

Gbp-Pq: Name reuse-AllowedLinkProtocolFromDocument-1.diff

default to ignoring libreoffice special-purpose protocols in calc hyperlink

Change-Id: Ib9f62be3acc05f24ca234dec0fec21e24579e9de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158911
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159045
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit 672716d09c54cb6fdd59baa7da4b8393cf104cd2)

Gbp-Pq: Name ignore-LO-special-purpose-hyperlinks-per-default.diff

warn about exotic protocols as well

Change-Id: I50dcf4f36cd20d75f5ad3876353143268740a50f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151834
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159034
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit 2e1bcbb550d54278b366ec619cc5280d44d6aba4)

Gbp-Pq: Name warn-about-exotic-protocols-as-well.diff

add some protocols that don't make sense as floating frame targets

Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)

Gbp-Pq: Name floating-frame-targets-unneeded-protocols.diff

improve-macro-checks

Gbp-Pq: Name improve-macro-checks.diff

escape url passed to gstreamer

Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)

Gbp-Pq: Name escape-url-passed-to-gstreamer.diff

[PATCH] Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions

OR and AND for legacy infix notation are classified as binary
operators but in fact are functions with parameter count. In case
no argument is supplied, GetByte() returns 0 and for that case the
implicit binary operator 2 parameters were wrongly assumed.
Similar for functions expecting 1 parameter, without argument 1
was assumed. For "real" unary and binary operators the compiler
already checks parameters. Omit OR and AND and 1-parameter
functions from this implicit assumption and return the actual 0
count.

Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147132
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name sc-stack-parameter-count.diff

set Referer on loading IFrames

so tools, options, security, options,
"block any links from document not..."
applies to their contents.

Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name CVE-2023-2255.diff

Avoid unnecessary empty -Djava.class.path=

Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name avoid-empty-java.class.path.diff

[PATCH] Resolves: tdf#150011 Switch default currency HRK Croatian Kuna to EUR Euro

HR will join Euro area on 2023-01-01.

Change-Id: I3836804ff68419550091826ea2414bc0edd55a84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143346
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit c58bc31ece80ccdfc88bd043787869c5e460dbd8)

Gbp-Pq: Name hrk-euro-default.diff

These commands are always URLs already

Conflicts:
wizards/source/scriptforge/SF_Session.xba

Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
Tested-by: Jean-Pierre Ledure <jp@ledure.be>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name ZDI-CAN-17859.diff

fix-e_book_client_connect_direct_sync-sig

Gbp-Pq: Name fix-e_book_client_connect_direct_sync-sig.diff

add infobar to prompt to refresh to replace old format

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)

Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133906
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Gbp-Pq: Name 0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch

[PATCH 3/4] CVE-2022-26306 add Initialization Vectors to password storage

old ones default to the current all zero case and continue to work
as before

Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)

Gbp-Pq: Name 0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch

[PATCH 2/4] CVE-2022-26307 make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

Gbp-Pq: Name 0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch

[PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint

Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)

Gbp-Pq: Name 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch

[PATCH] only use X509Data

Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
Gbp-Pq: Name b0404f80577de9ff69e58390c6f6ef949fdb0139.patch

Resolves: tdf#150011 Add HRK Croatian Kuna conversion to EUR Euro

TODO: switch defaults before 2023-01-01 in
i18npool/source/localedata/data/hr_HR.xml

Change-Id: Ifc62aefbc8c9fe8bbf044f61ae4fd6eeff692185
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137371
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Gbp-Pq: Name hrk-euro.diff

xmlsecurity: improve handling of multiple X509Data elements

Combine everything related to a certificate in a new struct X509Data.

The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().

There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.

The main point of this is enforcing a constraint from xmldsig-core 4.5.4:

  All certificates appearing in an X509Data element MUST relate to the
  validation key by either containing it or being part of a certification
  chain that terminates in a certificate containing the validation key.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)

xmlsecurity: improve handling of multiple certificates per X509Data

It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.

How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.

One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().

Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)

xmlsecurity: add EqualDistinguishedNames()

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)

xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()

Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.

To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)

xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()

If the argument is null.

This function also should use EqualDistinguishedNames().

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)

Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-improve-handling-of-multiple-X509Data-elements.diff

default to CertificateValidity::INVALID

so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to

notably

commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100

jl137: #103420# better logging

turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does

Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name default-to-CertificateValidity::INVALID.diff

xmlsecurity: ignore elements in ds:Object that aren't signed

Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff

xmlsecurity: XSecParser confused about multiple timestamps

LO writes timestamp both to dc:date and xades:SigningTime elements.

The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.

Ideally something should check all read values for consistency.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)

xmlsecurity: remove XSecController::setPropertyId()

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)

Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-XSecParser-confused-about-multiple-timestamps.diff

xmlsecurity: replace XSecParser implementation

Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)

xmlsecurity: move XSecParser state into contexts

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)

xmlsecurity: move XSecParser Reference state into contexts

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)

Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name xmlsecurity-replace-XSecParser-implementation.diff

apparmor-updates

Gbp-Pq: Name apparmor-updates.diff

pdfium-m68k

don't break pdfium build on m68k

FIXME: Make this set by autoconf, most of the defines in build_config.h are not actually
used anyway in pdfium...

Gbp-Pq: Name pdfium-m68k.diff

unowinreg-static-libgcc

Gbp-Pq: Name unowinreg-static-libgcc.diff

fix-bluez-external

Gbp-Pq: Name fix-bluez-external.diff

add pdf to DRAWDOCS for bash-completion

Change-Id: I02195cb235774d205e9f9cc8821b897a841fa54f

Gbp-Pq: Name bash-completion-DRAWDOCS-pdf.diff

Upgrade liborcus to 0.16.0.

Change-Id: Iae29fb26417dfc161698a81bee84e81545969065
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102502
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
Gbp-Pq: Name liborcus-0.16.diff

Convert attribute value to UTF-8 when passing it to libxml2

Using toUtf8, requiring the OUString to actually contain well-formed data, but
which is likely OK for this test-code--only function, and is also what similar
dumpAsXml functions e.g. in editeng/source/items/textitem.cxx already use.

This appears to have been broken ever since the code's introduction in
553f10c71a2cc92f5f5890e24948f5277e3d2758 "add dumpAsXml() to more pool items",
and it would typically only have written the leading zero or one
(depending on the architecture's endianness) characters. (I ran across it on
big-endian s390x, where CppunitTest_sd_tiledrendering
SdTiledRenderingTest::testTdf104405 failed because of

> Entity: line 2: parser error : Input is not proper UTF-8, indicate encoding !
> Bytes: 0xCF 0x22 0x2F 0x3E
> ation=""/><SfxPoolItem whichId="4017" typeName="13SvxBulletItem" presentation="%
> ^

apparently reported from within libxml2.)

Change-Id: I4b116d3be84098bd8b8a13b6937da70a1ee02c7f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103236
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins
Gbp-Pq: Name bigendian.diff

[PATCH] Resolves: rhbz#1432468 disable opencl by default

Change-Id: Ie037fcabdd219f195425979dd721501fb5527573

Gbp-Pq: Name no-opencl-per-default.diff

disable-shortcuts_tab_navigation-uitest

Gbp-Pq: Name disable-shortcuts_tab_navigation-uitest.diff

fix-lo-xlate-lang-nb

Gbp-Pq: Name fix-lo-xlate-lang-nb.diff

sc-opengl-optional

Gbp-Pq: Name sc-opengl-optional.diff

add-access2base-doc

Gbp-Pq: Name add-access2base-doc.diff

Add safer float comparisons to bridgetest equals()

Bug-Ubuntu: https://launchpad.net/bugs/1832360

Gbp-Pq: Name fix-flaky-bridgetest.diff

fix rounding errors that cause autopkgtests to fail on i386

Gbp-Pq: Name fix-uicheck-tests-on-i386.patch

apparmor-opencl

apparmor: Add opencl support

AppArmor in Debian Buster now has OpenCL abstractions.

Include OpenCL abstractions to fix OpenCL usage in Calc.

Gbp-Pq: Name apparmor-opencl.diff

[PATCH] mariadb

Gbp-Pq: Name use-mariadb-java-instead-of-mysql-java.diff

disableClassPathURLCheck

Gbp-Pq: Name disableClassPathURLCheck.diff

apparmor-mesa

Gbp-Pq: Name apparmor-mesa.diff

[PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699

Gbp-Pq: Name apparmor-cleanups.diff

apparmor-allow-java.security

Gbp-Pq: Name apparmor-allow-java.security.diff

do-not-hide-test-output

Gbp-Pq: Name do-not-hide-test-output.diff

disable-java-in-odk-build-examples-on-zero-vm

Gbp-Pq: Name disable-java-in-odk-build-examples-on-zero-vm.diff

appstream-ignore-startcenter

Gbp-Pq: Name appstream-ignore-startcenter.diff

Hide startcenter and math from the shell

Bug-Ubuntu: https://launchpad.net/bugs/1696250
Forwarded: not-needed

Gbp-Pq: Name hide-math-desktop-file.patch

apparmor-complain

Gbp-Pq: Name apparmor-complain.diff

cppunit-optional

Gbp-Pq: Name cppunit-optional.diff

no-openssl

don't add -lssl etc if not needed (because we use system-postgresql)

Gbp-Pq: Name no-openssl.diff

system-officeotron-and-odfvalidator

Gbp-Pq: Name system-officeotron-and-odfvalidator.diff

no-packagekit-per-default

Gbp-Pq: Name no-packagekit-per-default.diff

hppa-is-32bit

Gbp-Pq: Name hppa-is-32bit.diff

javadoc-optional

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gbp-Pq: Name javadoc-optional.diff

fix-internal-hsqldb-build

Gbp-Pq: Name fix-internal-hsqldb-build.diff

disable-flaky-tests

14:13 < mst__> _rene_, the toolkit unoapi tests are known to be flaky (in some
               system dependent way) e.g. on the Win@6 tinderbox it always
               crashes
14:14 < mst__> _rene_, sc.ScAccessible* tests also fail on some systems some of
               the time

Gbp-Pq: Name disable-flaky-tests.diff

debian-hardened-buildflags-no-LO-fstack-protector-strong

don't hardcode -fstack-protector-strong in configure.ac/gbuild. We get the
hardening flags from dpkg-buildflags anyway.

Gbp-Pq: Name debian-hardened-buildflags-no-LO-fstack-protector-strong.diff

debian-hardened-buildflags-CPPFLAGS

Gbp-Pq: Name debian-hardened-buildflags-CPPFLAGS.diff

mediwiki-oor-replace

Gbp-Pq: Name mediwiki-oor-replace.diff

make-package-modules-not-suck

Gbp-Pq: Name make-package-modules-not-suck.diff

jdbc-driver-classpaths

Gbp-Pq: Name jdbc-driver-classpaths.diff

reportdesign-mention-package

Gbp-Pq: Name reportdesign-mention-package.diff

sensible-lomua

===================================================================

Gbp-Pq: Name sensible-lomua.diff

help-msg-add-package-info

Gbp-Pq: Name help-msg-add-package-info.diff

mention-java-common-package

Gbp-Pq: Name mention-java-common-package.diff

install-fixes

Gbp-Pq: Name install-fixes.diff

build-against-shared-lpsolve

Gbp-Pq: Name build-against-shared-lpsolve.diff

debian-debug

Gbp-Pq: Name debian-debug.diff

split-evoab

Gbp-Pq: Name split-evoab.diff

jurt-soffice-location

commit b71107fb12e3c3125e0cb62c5a4f6636a80c6408
Author:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
AuthorDate: Tue Jun 7 11:52:37 2011 +0200
Commit:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
CommitDate: Tue Jun 7 11:52:37 2011 +0200

    on debian-based systems, we know where our soffice binary is

Gbp-Pq: Name jurt-soffice-location.diff

debian-opt

Gbp-Pq: Name debian-opt.diff

no-check-if-root

Gbp-Pq: Name no-check-if-root.diff

libreoffice (1:7.0.4-4+deb11u13) bullseye-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * d/patches/CVE-2025-1080.patch: Add patch to fix CVE-2025-1080.
    - Filter out more unwanted command URIs to fix an arbitrary script
      execution via protocol.
  * d/patches/CVE-2025-2866.patch: Add patch to fix CVE-2025-2866.
    - For PDF signatures with SubFilter == adbe.pkcs7.sha1, verify the
      actual (public-key) signature after the hash values compare equal.

[dgit import unpatched libreoffice 1:7.0.4-4+deb11u13]

Import libreoffice_7.0.4-4+deb11u13.debian.tar.xz

[dgit import tarball libreoffice 1:7.0.4-4+deb11u13 libreoffice_7.0.4-4+deb11u13.debian.tar.xz]

Merge version 1:7.0.4-4+rpi1+deb11u11 and 1:7.0.4-4+deb11u12 to produce 1:7.0.4-4+rpi1+deb11u12

Merge libreoffice (1:7.0.4-4+deb11u12) import into refs/heads/workingbranch