configure.ac | 8 download.lst | 4 external/liborcus/UnpackedTarball_liborcus.mk | 13 external/liborcus/forcepoint-83.patch.1 | 38 ++ external/liborcus/forcepoint-84.patch.1 | 38 ++ external/liborcus/forcepoint-87.patch.1 | 27 ++ external/liborcus/forcepoint-95.patch.1 | 11 external/nss/ExternalProject_nss.mk | 3 external/zlib/UnpackedTarball_zlib.mk | 4 external/zlib/ubsan.patch | 11 include/sfx2/strings.hrc | 2 include/sfx2/viewfrm.hxx | 1 officecfg/registry/schema/org/openoffice/Office/Common.xcs | 16 + sc/qa/unit/data/xlsx/tdf147014.xlsx |binary sc/source/filter/oox/worksheethelper.cxx | 24 + sc/source/filter/xml/xmlcelli.cxx | 6 sfx2/source/view/viewfrm.cxx | 38 ++ svl/source/passwordcontainer/passwordcontainer.cxx | 170 +++++++++---- svl/source/passwordcontainer/passwordcontainer.hxx | 69 ++++- sw/qa/core/data/rtf/fail/forcepoint-82.rtf | 28 ++ sw/source/core/layout/tabfrm.cxx | 42 +-- sw/source/core/text/itratr.cxx | 2 sw/source/ui/config/optpage.cxx | 6 uui/source/iahndl-authentication.cxx | 5 vcl/source/helper/strhelper.cxx | 3 writerfilter/source/dmapper/DomainMapperTableManager.cxx | 2 26 files changed, 465 insertions(+), 106 deletions(-)
New commits: commit 74831af03d7e794048849ed7c5b17cf622d09447 Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Tue Apr 5 13:42:34 2022 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:42:34 2022 +0200 Bump version to 7.1.7.2.M2 Change-Id: I05998a6e72ff815322aba1e2059321d4401f4ea5 diff --git a/configure.ac b/configure.ac index aaef60bdf15f..75b0a0e0828a 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([LibreOffice],[7.1.7.2.M1],[],[],[http://documentfoundation.org/]) +AC_INIT([LibreOffice],[7.1.7.2.M2],[],[],[http://documentfoundation.org/]) dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just fine if it is installed dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails hard commit 5d97c87b1f957eccb75ec20eb789ac0940f7d2c2 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Sat Apr 2 20:20:10 2022 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:41:45 2022 +0200 forcepoint#100 drop SwBorderAttrAccess to allow cache entry to be removed for SwBorderAttr which gets deleted during this call also includes... Related: forcepoint#100 we don't need pAttrs for the duration of the full scope similar to the case of commit 6b1eae0334ba8bad7656a859695551ce51b62f95 Date: Fri May 18 08:26:14 2001 +0000 Fix #87058#: Locked boraderattribut the SwCache object cannot be deleted if its locked, leading to a leak, we don't need pAttrs for the entire scope here so we can defer to the end of the scope the reacquire the lock to set pAttrs and also includes... Related: forcepoint#100 don't reacquire after every release instead release when we have to, and only reacquire if necessary before use of pAttrs Change-Id: Ie52aab7e5933d76b0c055389798104e4d93f39e9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132462 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> Tested-by: Jenkins diff --git a/sw/source/core/layout/tabfrm.cxx b/sw/source/core/layout/tabfrm.cxx index d639e4d18d74..6b4af2dba96c 100644 --- a/sw/source/core/layout/tabfrm.cxx +++ b/sw/source/core/layout/tabfrm.cxx @@ -2021,8 +2021,6 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) pAccess.reset(); m_bCalcLowers |= pLayout->Resize( pLayout->GetBrowseWidthByTabFrame( *this ) ); - pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); - pAttrs = pAccess->Get(); } setFramePrintAreaValid(false); @@ -2057,6 +2055,12 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) const tools::Long nOldPrtWidth = aRectFnSet.GetWidth(getFramePrintArea()); const tools::Long nOldFrameWidth = aRectFnSet.GetWidth(getFrameArea()); const Point aOldPrtPos = aRectFnSet.GetPos(getFramePrintArea()); + + if (!pAccess) + { + pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); + pAttrs = pAccess->Get(); + } Format( getRootFrame()->GetCurrShell()->GetOut(), pAttrs ); SwHTMLTableLayout *pLayout = GetTable()->GetHTMLTableLayout(); @@ -2067,8 +2071,6 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) pAccess.reset(); m_bCalcLowers |= pLayout->Resize( pLayout->GetBrowseWidthByTabFrame( *this ) ); - pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); - pAttrs = pAccess->Get(); } if ( aOldPrtPos != aRectFnSet.GetPos(getFramePrintArea()) ) aNotify.SetLowersComplete( false ); @@ -2116,15 +2118,22 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) pAccess.reset(); m_bCalcLowers |= pHTMLLayout->Resize( pHTMLLayout->GetBrowseWidthByTabFrame( *this ) ); + } + + setFramePrintAreaValid(false); + if (!pAccess) + { pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); pAttrs = pAccess->Get(); } - - setFramePrintAreaValid(false); Format( getRootFrame()->GetCurrShell()->GetOut(), pAttrs ); } + + pAccess.reset(); + lcl_RecalcTable( *this, nullptr, aNotify ); + m_bLowersFormatted = true; if ( bKeep && KEEPTAB ) { @@ -2288,11 +2297,18 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) // 6. There is no section change behind the table (see IsKeep) // 7. The last table row wants to keep with its next. const SwRowFrame* pLastRow = static_cast<const SwRowFrame*>(GetLastLower()); - if (pLastRow - && IsKeep(pAttrs->GetAttrSet().GetKeep(), GetBreakItem(), true) - && pLastRow->ShouldRowKeepWithNext()) + if (pLastRow) { - bFormat = true; + if (!pAccess) + { + pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); + pAttrs = pAccess->Get(); + } + if (IsKeep(pAttrs->GetAttrSet().GetKeep(), GetBreakItem(), true) + && pLastRow->ShouldRowKeepWithNext()) + { + bFormat = true; + } } } @@ -2306,9 +2322,6 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) // is found, get its first content. const SwFrame* pTmpNxt = sw_FormatNextContentForKeep( this ); - pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); - pAttrs = pAccess->Get(); - // The last row wants to keep with the frame behind the table. // Check if the next frame is on a different page and valid. // In this case we do a magic trick: @@ -2554,9 +2567,6 @@ void SwTabFrame::MakeAll(vcl::RenderContext* pRenderContext) GetFollow()->MakeAll(pRenderContext); - pAccess = std::make_unique<SwBorderAttrAccess>(SwFrame::GetCache(), this); - pAttrs = pAccess->Get(); - GetFollow()->SetLowersFormatted(false); // #i43913# - lock follow table // to avoid its formatting during the format of commit 32abb87ad1c3e866ce88373efb4c8720ee8761d8 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Fri Mar 25 10:14:19 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:41:32 2022 +0200 forcepoint#95 read past end of malformed document Change-Id: I8b2c558c733af3d7662f668af47e962e252ee339 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132311 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 0b9892fee990b7f6d0457ab6191f87c3991580e6) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132414 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 3dbcef54ee52..e9ce3f16c356 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -15,10 +15,14 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,liborcus,1)) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,liborcus)) -# forcepoint-83.patch.1 submitted as -# https://gitlab.com/orcus/orcus/-/merge_requests/117 -# forcepoint-84.patch.1 submitted as -# https://gitlab.com/orcus/orcus/-/merge_requests/118 +# forcepoint-83.patch.1 merged as +# https://gitlab.com/orcus/orcus/-/commit/9f6400b8192e39fefd475a96222713e9e9c60038 +# forcepoint-84.patch.1 merged as +# https://gitlab.com/orcus/orcus/-/commit/223defe95d6f20f1bc5fd22fecc80a79a9519028 +# forcepoint-87.patch.1 merged as +# https://gitlab.com/orcus/orcus/-/commit/a718524ca424fb8a7e7931345a118342d1d4a507 +# forcepoint-95.patch.1 submitted as +# https://gitlab.com/orcus/orcus/-/merge_requests/124 $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/rpath.patch.0 \ @@ -34,6 +38,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/forcepoint-83.patch.1 \ external/liborcus/forcepoint-84.patch.1 \ external/liborcus/forcepoint-87.patch.1 \ + external/liborcus/forcepoint-95.patch.1 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/forcepoint-95.patch.1 b/external/liborcus/forcepoint-95.patch.1 new file mode 100644 index 000000000000..93dc822298b0 --- /dev/null +++ b/external/liborcus/forcepoint-95.patch.1 @@ -0,0 +1,11 @@ +--- a/include/orcus/sax_parser.hpp 2022-03-30 10:54:44.043568760 +0100 ++++ b/include/orcus/sax_parser.hpp 2022-03-30 10:54:55.645037322 +0100 +@@ -547,7 +547,7 @@ + + skip_space_and_control(); + +- char c = cur_char(); ++ char c = cur_char_checked(); + if (c != '=') + { + std::ostringstream os; commit e821ef238bb1c145711669a2075aa53b1b394db4 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Fri Mar 25 09:12:30 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:41:21 2022 +0200 forcepoint#87 Assertion 'mp_char <= mp_end' failed Change-Id: I434928cb2425a2e8eb9440dff67f52cda241b2d9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132097 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 32019baffa19a8f79cacf93d5dd5a95c7d416657) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132413 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> Tested-by: Caolán McNamara <caol...@redhat.com> diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 0c54dd5e5ef2..3dbcef54ee52 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -33,6 +33,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/allow-utf-8-in-xml-names.patch \ external/liborcus/forcepoint-83.patch.1 \ external/liborcus/forcepoint-84.patch.1 \ + external/liborcus/forcepoint-87.patch.1 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/forcepoint-87.patch.1 b/external/liborcus/forcepoint-87.patch.1 new file mode 100644 index 000000000000..ddc9118a43ed --- /dev/null +++ b/external/liborcus/forcepoint-87.patch.1 @@ -0,0 +1,27 @@ +From e4f3741197a3af6d434850d388483b523138a214 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com> +Date: Thu, 24 Mar 2022 21:31:14 +0000 +Subject: [PATCH] forcepoint#87 Assertion `mp_char <= mp_end' failed + +soffice.bin: ../../include/orcus/parser_base.hpp:65: bool orcus::parser_base::has_char() const: Assertion `mp_char <= mp_end' failed. +--- + src/parser/sax_parser_base.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp +index 46acb81d..cb7a9c04 100644 +--- a/src/parser/sax_parser_base.cpp ++++ b/src/parser/sax_parser_base.cpp +@@ -293,7 +293,8 @@ + + // Skip the closing quote. + assert(!has_char() || cur_char() == quote_char); +- next(); ++ if (has_char()) ++ next(); + } + + bool parser_base::value(pstring& str, bool decode) +-- +2.35.1 + commit b7529d0a56d744e7026bfd017f6abfeb707d6fb0 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Mar 24 08:56:39 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:41:05 2022 +0200 forcepoint#83 forcepoint#84 update to upstream fix Change-Id: I5add09b4379a1f86a720af75b758389424f4f50b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132055 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 2323fa29617e4919226517d50abbb9ad33b320ca) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132412 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/external/liborcus/forcepoint-83.patch.1 b/external/liborcus/forcepoint-83.patch.1 index bfd3bb86fcf9..644c0dcfff4e 100644 --- a/external/liborcus/forcepoint-83.patch.1 +++ b/external/liborcus/forcepoint-83.patch.1 @@ -1,4 +1,4 @@ -From 283b45ba3bcb22dc28303a09a96c9b94f86d1ba2 Mon Sep 17 00:00:00 2001 +From 4d58816e995a562f26f3cc5006ae9ddd46b1bbed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com> Date: Wed, 23 Mar 2022 16:44:00 +0000 Subject: [PATCH] forcepoint#83 Invalid read of size 1 @@ -17,22 +17,22 @@ Subject: [PATCH] forcepoint#83 Invalid read of size 1 ==343916== by 0x30E60945: (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) (filterdetect.cxx:83) ==343916== by 0x30E60ABE: non-virtual thunk to (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) (filterdetect.cxx:0) --- - include/orcus/sax_parser.hpp | 2 ++ - 1 file changed, 2 insertions(+) + include/orcus/sax_parser.hpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/orcus/sax_parser.hpp b/include/orcus/sax_parser.hpp -index 15e8d917..d0fc45b5 100644 +index 15e8d917..2e707568 100644 --- a/include/orcus/sax_parser.hpp +++ b/include/orcus/sax_parser.hpp -@@ -255,6 +255,8 @@ void sax_parser<_Handler,_Config>::element_open(std::ptrdiff_t begin_pos) +@@ -255,7 +255,7 @@ void sax_parser<_Handler,_Config>::element_open(std::ptrdiff_t begin_pos) while (true) { skip_space_and_control(); -+ if (!has_char()) -+ return; - char c = cur_char(); +- char c = cur_char(); ++ char c = cur_char_checked(); if (c == '/') { + // Self-closing element: <element/> -- 2.35.1 diff --git a/external/liborcus/forcepoint-84.patch.1 b/external/liborcus/forcepoint-84.patch.1 index 3bd8e26465a9..462fc8bd972d 100644 --- a/external/liborcus/forcepoint-84.patch.1 +++ b/external/liborcus/forcepoint-84.patch.1 @@ -1,4 +1,4 @@ -From 0fee6c0e3074be11874f1911a76f10eef5f59985 Mon Sep 17 00:00:00 2001 +From ec469f774bb91302c4df21eff1314dfd508d37c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com> Date: Wed, 23 Mar 2022 20:04:31 +0000 Subject: [PATCH] forcepoint#84 Invalid read of size 1 @@ -17,22 +17,22 @@ Subject: [PATCH] forcepoint#84 Invalid read of size 1 ==356879== by 0x11BE3855: orcus::orcus_xlsx::detect(unsigned char const*, unsigned long) (orcus_xlsx.cpp:188) ==356879== by 0x11AB2492: orcus::detect(unsigned char const*, unsigned long) (format_detection.cpp:60) --- - src/parser/sax_parser_base.cpp | 2 ++ - 1 file changed, 2 insertions(+) + src/parser/sax_parser_base.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp -index 46acb81d..11791edc 100644 +index 46acb81d..1cee821e 100644 --- a/src/parser/sax_parser_base.cpp +++ b/src/parser/sax_parser_base.cpp -@@ -298,6 +298,8 @@ +@@ -298,7 +298,7 @@ void parser_base::value_with_encoded_char(cell_buffer& buf, std::string_view& st bool parser_base::value(pstring& str, bool decode) { -+ if (!has_char()) -+ throw malformed_xml_error("value must be quoted", offset()); - char c = cur_char(); +- char c = cur_char(); ++ char c = cur_char_checked(); if (c != '"' && c != '\'') throw malformed_xml_error("value must be quoted", offset()); + -- 2.35.1 commit f9724e145119802635a279977988f709401786d0 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue Mar 22 17:22:22 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:40:47 2022 +0200 add Initialization Vectors to password storage old ones default to the current all zero case and continue to work as before Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index 922efc33cca7..8d87d00d5369 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -27,6 +27,11 @@ <info> <desc>Contains a container for passwords.</desc> </info> + <prop oor:name="InitializationVector" oor:type="xs:string"> + <info> + <desc>Contains an initialization vector for the password encryption.</desc> + </info> + </prop> <prop oor:name="Password" oor:type="xs:string" oor:localized="false"> <info> <desc>Contains a password encoded with the master password.</desc> @@ -954,6 +959,11 @@ </info> <value>false</value> </prop> + <prop oor:name="MasterInitializationVector" oor:type="xs:string"> + <info> + <desc>Contains an initialization vector for the master password encryption.</desc> + </info> + </prop> <prop oor:name="Master" oor:type="xs:string" oor:nillable="false"> <info> <desc>Contains the master password encrypted by itself.</desc> diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx index 0970d1f9b6dc..bb8fb468cad9 100644 --- a/svl/source/passwordcontainer/passwordcontainer.cxx +++ b/svl/source/passwordcontainer/passwordcontainer.cxx @@ -183,15 +183,18 @@ PassMap StorageItem::getInfo() Sequence< OUString > aNodeNames = ConfigItem::GetNodeNames( "Store" ); sal_Int32 aNodeCount = aNodeNames.getLength(); - Sequence< OUString > aPropNames( aNodeCount ); + Sequence< OUString > aPropNames( aNodeCount * 2); std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(), [](const OUString& rName) -> OUString { return "Store/Passwordstorage['" + rName + "']/Password"; }); + std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray() + aNodeCount, + [](const OUString& rName) -> OUString { + return "Store/Passwordstorage['" + rName + "']/InitializationVector"; }); Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames ); - if( aPropertyValues.getLength() != aNodeCount ) + if( aPropertyValues.getLength() != aNodeCount * 2) { OSL_FAIL( "Problems during reading" ); return aResult; @@ -207,14 +210,16 @@ PassMap StorageItem::getInfo() OUString aName = aUrlUsr[1]; OUString aEPasswd; + OUString aIV; aPropertyValues[aNodeInd] >>= aEPasswd; + aPropertyValues[aNodeInd + aNodeCount] >>= aIV; PassMap::iterator aIter = aResult.find( aUrl ); if( aIter != aResult.end() ) - aIter->second.emplace_back( aName, aEPasswd ); + aIter->second.emplace_back( aName, aEPasswd, aIV ); else { - NamePassRecord aNewRecord( aName, aEPasswd ); + NamePassRecord aNewRecord( aName, aEPasswd, aIV ); std::vector< NamePassRecord > listToAdd( 1, aNewRecord ); aResult.insert( PairUrlRecord( aUrl, listToAdd ) ); @@ -278,17 +283,19 @@ sal_Int32 StorageItem::getStorageVersion() return nResult; } -bool StorageItem::getEncodedMP( OUString& aResult ) +bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV ) { if( hasEncoded ) { aResult = mEncoded; + aResultIV = mEncodedIV; return true; } - Sequence< OUString > aNodeNames( 2 ); + Sequence< OUString > aNodeNames( 3 ); aNodeNames[0] = "HasMaster"; aNodeNames[1] = "Master"; + aNodeNames[2] = "MasterInitializationVector"; Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames ); @@ -300,23 +307,27 @@ bool StorageItem::getEncodedMP( OUString& aResult ) aPropertyValues[0] >>= hasEncoded; aPropertyValues[1] >>= mEncoded; + aPropertyValues[2] >>= mEncodedIV; aResult = mEncoded; + aResultIV = mEncodedIV; return hasEncoded; } -void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty ) +void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString& aEncodedIV, bool bAcceptEmpty ) { bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty ); ConfigItem::SetModified(); - ConfigItem::PutProperties( { "HasMaster", "Master", "StorageVersion" }, - { uno::Any(bHasMaster), uno::Any(aEncoded), uno::Any(nCurrentStorageVersion) } ); + ConfigItem::PutProperties( { "HasMaster", "Master", "MasterInitializationVector", "StorageVersion" }, + { uno::Any(bHasMaster), uno::Any(aEncoded), + uno::Any(aEncodedIV), uno::Any(nCurrentStorageVersion) } ); hasEncoded = bHasMaster; mEncoded = aEncoded; + mEncodedIV = aEncodedIV; } @@ -348,15 +359,13 @@ void StorageItem::update( const OUString& aURL, const NamePassRecord& aRecord ) return; } - std::vector < OUString > forIndex; - forIndex.push_back( aURL ); - forIndex.push_back( aRecord.GetUserName() ); + Sequence< beans::PropertyValue > sendSeq(2); - Sequence< beans::PropertyValue > sendSeq(1); + sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/InitializationVector"; + sendSeq[0].Value <<= aRecord.GetPersistentIV(); - sendSeq[0].Name = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password"; - - sendSeq[0].Value <<= aRecord.GetPersPasswords(); + sendSeq[1].Name = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/Password"; + sendSeq[1].Value <<= aRecord.GetPersPasswords(); ConfigItem::SetModified(); ConfigItem::SetSetProperties( "Store", sendSeq ); @@ -417,7 +426,7 @@ void SAL_CALL PasswordContainer::disposing( const EventObject& ) } } -std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode ) +std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode ) { if( !aMasterPasswd.isEmpty() ) { @@ -432,9 +441,16 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16)); + unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0}; + if (!aIV.isEmpty()) + { + for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) + iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16)); + } + rtlCipherError result = rtl_cipher_init ( aDecoder, rtl_Cipher_DirectionDecode, - code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 ); + code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 ); if( result == rtl_Cipher_E_None ) { @@ -467,7 +483,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin "Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode); } -OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPasswd ) +OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPasswd) { if( !aMasterPasswd.isEmpty() ) { @@ -484,9 +500,16 @@ OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16)); + unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0}; + if (!aIV.isEmpty()) + { + for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ ) + iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16)); + } + rtlCipherError result = rtl_cipher_init ( aEncoder, rtl_Cipher_DirectionEncode, - code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 ); + code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 ); if( result == rtl_Cipher_E_None ) { @@ -554,7 +577,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL, std::vector< NamePas if( aRecord.HasPasswords( PERSISTENT_RECORD ) ) { - aNPIter.SetPersPasswords( aRecord.GetPersPasswords() ); + aNPIter.SetPersPasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV() ); if( writeFile ) { @@ -587,7 +610,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const NamePassRecord& aRecord, b { try { - ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ); + ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV(), + GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ); aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(), aDecodedPasswords.end() ); } catch( NoMasterException& ) @@ -632,6 +656,19 @@ void SAL_CALL PasswordContainer::addPersistent( const OUString& Url, const OUStr PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler ); } +OUString PasswordContainer::createIV() +{ + rtlRandomPool randomPool = mRandomPool.get(); + unsigned char iv[RTL_DIGEST_LENGTH_MD5]; + rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5); + OUStringBuffer aBuffer; + for (sal_uInt8 i : iv) + { + aBuffer.append(OUString::number(i >> 4, 16)); + aBuffer.append(OUString::number(i & 15, 16)); + } + return aBuffer.makeStringAndClear(); +} void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserName, const Sequence< OUString >& Passwords, char Mode, const Reference< XInteractionHandler >& aHandler ) { @@ -639,7 +676,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserNam ::std::vector< OUString > aStorePass = comphelper::sequenceToContainer< std::vector<OUString> >( Passwords ); if( Mode == PERSISTENT_RECORD ) - aRecord.SetPersPasswords( EncodePasswords( aStorePass, GetMasterPassword( aHandler ) ) ); + { + OUString sIV = createIV(); + OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV, GetMasterPassword( aHandler ) ); + aRecord.SetPersPasswords( sEncodedPasswords, sIV ); + } else if( Mode == MEMORY_RECORD ) aRecord.SetMemPasswords( aStorePass ); else @@ -832,10 +873,10 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac if( m_aMasterPasswd.isEmpty() && aHandler.is() ) { - OUString aEncodedMP; + OUString aEncodedMP, aEncodedMPIV; bool bDefaultPassword = false; - if( !m_pStorageFile->getEncodedMP( aEncodedMP ) ) + if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) aRMode = PasswordRequestMode_PASSWORD_CREATE; else if ( aEncodedMP.isEmpty() ) { @@ -857,14 +898,15 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac m_aMasterPasswd = aPass; std::vector< OUString > aMaster( 1, m_aMasterPasswd ); - m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) ); + OUString sIV = createIV(); + m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, sIV, m_aMasterPasswd ), sIV ); } else { if (m_pStorageFile->getStorageVersion() == 0) aPass = ReencodeAsOldHash(aPass); - std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) ); + std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aEncodedMPIV, aPass, aRMode ) ); if( aRM.empty() || aPass != aRM[0] ) { bAskAgain = true; @@ -1021,7 +1063,8 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere { sal_Int32 oldLen = aUsers.getLength(); aUsers.realloc( oldLen + 1 ); - aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) ); + aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), aNP.GetPersistentIV(), + GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) ); } if( aUsers.hasElements() ) @@ -1038,12 +1081,12 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::Reference< task::XInteractionHandler >& xHandler ) { bool bResult = false; - OUString aEncodedMP; + OUString aEncodedMP, aEncodedMPIV; uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler; ::osl::MutexGuard aGuard( mMutex ); // the method should fail if there is no master password - if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) ) + if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) { if ( aEncodedMP.isEmpty() ) { @@ -1109,8 +1152,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference< bool bCanChangePassword = true; // if there is already a stored master password it should be entered by the user before the change happen - OUString aEncodedMP; - if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP ) ) + OUString aEncodedMP, aEncodedMPIV; + if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ) bCanChangePassword = authorizateWithMasterPassword( xTmpHandler ); if ( bCanChangePassword ) @@ -1129,7 +1172,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference< // store the new master password m_aMasterPasswd = aPass; std::vector< OUString > aMaster( 1, m_aMasterPasswd ); - m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) ); + OUString aIV = createIV(); + m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV, m_aMasterPasswd ), aIV ); // store all the entries with the new password for ( const auto& rURL : aPersistent ) @@ -1154,7 +1198,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword() if ( m_pStorageFile ) { m_aMasterPasswd.clear(); - m_pStorageFile->setEncodedMP( OUString() ); // let the master password be removed from configuration + m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the master password be removed from configuration } } @@ -1165,8 +1209,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword( ) if ( !m_pStorageFile ) throw uno::RuntimeException(); - OUString aEncodedMP; - return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) ); + OUString aEncodedMP, aEncodedMPIV; + return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) ); } sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow ) @@ -1213,8 +1257,8 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere bool bCanChangePassword = true; // if there is already a stored nondefault master password it should be entered by the user before the change happen - OUString aEncodedMP; - if( m_pStorageFile->getEncodedMP( aEncodedMP ) && !aEncodedMP.isEmpty() ) + OUString aEncodedMP, aEncodedMPIV; + if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && !aEncodedMP.isEmpty() ) bCanChangePassword = authorizateWithMasterPassword( xTmpHandler ); if ( bCanChangePassword ) @@ -1231,7 +1275,7 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere // store the empty string to flag the default master password m_aMasterPasswd = aPass; - m_pStorageFile->setEncodedMP( OUString(), true ); + m_pStorageFile->setEncodedMP( OUString(), OUString(), true ); // store all the entries with the new password for ( const auto& rURL : aPersistent ) @@ -1255,8 +1299,8 @@ sal_Bool SAL_CALL PasswordContainer::isDefaultMasterPasswordUsed() if ( !m_pStorageFile ) throw uno::RuntimeException(); - OUString aEncodedMP; - return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) && aEncodedMP.isEmpty() ); + OUString aEncodedMP, aEncodedMPIV; + return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() ); } diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx index bf43b5903602..0454437b9dc2 100644 --- a/svl/source/passwordcontainer/passwordcontainer.hxx +++ b/svl/source/passwordcontainer/passwordcontainer.hxx @@ -34,6 +34,7 @@ #include <unotools/configitem.hxx> #include <ucbhelper/interactionrequest.hxx> +#include <rtl/random.h> #include <rtl/ref.hxx> #include <osl/mutex.hxx> @@ -52,11 +53,12 @@ class NamePassRecord ::std::vector< OUString > m_aMemPass; // persistent passwords are encrypted in one string - bool m_bHasPersPass; + bool m_bHasPersPass; OUString m_aPersPass; + OUString m_aPersistentIV; void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList, - bool bHasPersistentList, const OUString& aPersistentList ) + bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV ) { m_bHasMemPass = bHasMemoryList; if ( bHasMemoryList ) @@ -64,7 +66,10 @@ class NamePassRecord m_bHasPersPass = bHasPersistentList; if ( bHasPersistentList ) + { m_aPersPass = aPersistentList; + m_aPersistentIV = aPersistentIV; + } } public: @@ -76,11 +81,12 @@ public: { } - NamePassRecord( const OUString& aName, const OUString& aPersistentList ) + NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV ) : m_aName( aName ) , m_bHasMemPass( false ) , m_bHasPersPass( true ) , m_aPersPass( aPersistentList ) + , m_aPersistentIV( aPersistentIV ) { } @@ -89,7 +95,8 @@ public: , m_bHasMemPass( false ) , m_bHasPersPass( false ) { - InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass ); + InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, + aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV ); } NamePassRecord& operator=( const NamePassRecord& aRecord ) @@ -100,7 +107,9 @@ public: m_aMemPass.clear(); m_aPersPass.clear(); - InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass ); + m_aPersistentIV.clear(); + InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, + aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV ); } return *this; } @@ -136,15 +145,24 @@ public: return OUString(); } + OUString GetPersistentIV() const + { + if ( m_bHasPersPass ) + return m_aPersistentIV; + + return OUString(); + } + void SetMemPasswords( const ::std::vector< OUString >& aMemList ) { m_aMemPass = aMemList; m_bHasMemPass = true; } - void SetPersPasswords( const OUString& aPersList ) + void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV ) { m_aPersPass = aPersList; + m_aPersistentIV = aPersIV; m_bHasPersPass = true; } @@ -159,6 +177,7 @@ public: { m_bHasPersPass = false; m_aPersPass.clear(); + m_aPersistentIV.clear(); } } @@ -182,6 +201,7 @@ private: PasswordContainer* mainCont; bool hasEncoded; OUString mEncoded; + OUString mEncodedIV; virtual void ImplCommit() override; @@ -202,8 +222,8 @@ public: sal_Int32 getStorageVersion(); - bool getEncodedMP( OUString& aResult ); - void setEncodedMP( const OUString& aResult, bool bAcceptEmpty = false ); + bool getEncodedMP( OUString& aResult, OUString& aResultIV ); + void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false ); void setUseStorage( bool bUse ); bool useStorage(); @@ -224,6 +244,29 @@ private: css::uno::Reference< css::lang::XComponent > mComponent; SysCredentialsConfig mUrlContainer; + class RandomPool + { + private: + rtlRandomPool m_aRandomPool; + public: + RandomPool() : m_aRandomPool(rtl_random_createPool()) + { + } + rtlRandomPool get() + { + return m_aRandomPool; + } + ~RandomPool() + { + // Clean up random pool memory + rtl_random_destroyPool(m_aRandomPool); + } + }; + + RandomPool mRandomPool; + + OUString createIV(); + /// @throws css::uno::RuntimeException css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence( const ::std::vector< NamePassRecord >& original, @@ -274,10 +317,10 @@ css::task::UrlRecord find( const css::uno::Reference< css::task::XInteractionHandler >& Handler ); /// @throws css::uno::RuntimeException - static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode ); + static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode ); /// @throws css::uno::RuntimeException - static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword ); + static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword ); public: PasswordContainer( const css::uno::Reference< css::uno::XComponentContext >& ); commit e8e084ad2932266d4e2573577250ffaaee431ab7 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Mar 23 20:08:19 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:38:34 2022 +0200 forcepoint#84 Invalid read of size 1 Change-Id: I1d0d74940cfa78a3c88cee737c9535acf03e0f19 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131991 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit d6a02a99eaa3690c0aa5c33fea3a4c710813a0de) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132315 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 4c42434ac9f8..0c54dd5e5ef2 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -15,6 +15,11 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,liborcus,1)) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,liborcus)) +# forcepoint-83.patch.1 submitted as +# https://gitlab.com/orcus/orcus/-/merge_requests/117 +# forcepoint-84.patch.1 submitted as +# https://gitlab.com/orcus/orcus/-/merge_requests/118 + $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/rpath.patch.0 \ external/liborcus/gcc9.patch.0 \ @@ -27,6 +32,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/allow-utf-8-in-xml-names.patch \ external/liborcus/forcepoint-83.patch.1 \ + external/liborcus/forcepoint-84.patch.1 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/forcepoint-84.patch.1 b/external/liborcus/forcepoint-84.patch.1 new file mode 100644 index 000000000000..3bd8e26465a9 --- /dev/null +++ b/external/liborcus/forcepoint-84.patch.1 @@ -0,0 +1,38 @@ +From 0fee6c0e3074be11874f1911a76f10eef5f59985 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com> +Date: Wed, 23 Mar 2022 20:04:31 +0000 +Subject: [PATCH] forcepoint#84 Invalid read of size 1 + +==356879== Invalid read of size 1 +==356879== at 0x11EC50B0: orcus::parser_base::cur_char() const (parser_base.hpp:79) +==356879== by 0x11EDD736: orcus::sax::parser_base::value(std::basic_string_view<char, std::char_traits<char> >&, bool) (sax_parser_base.cpp:303) +==356879== by 0x11B7C3D5: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::attribute() (sax_parser.hpp:563) +==356879== by 0x11B7B35E: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element_open(long) (sax_parser.hpp:292) +==356879== by 0x11B7A2F7: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element() (sax_parser.hpp:246) +==356879== by 0x11B7A1C7: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::body() (sax_parser.hpp:214) +==356879== by 0x11B7A009: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::parse() (sax_parser.hpp:182) +==356879== by 0x11B79FBB: orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::parse() (sax_ns_parser.hpp:277) +==356879== by 0x11B79798: orcus::sax_token_parser<orcus::xml_stream_handler>::parse() (sax_token_parser.hpp:215) +==356879== by 0x11B79436: orcus::xml_stream_parser::parse() (xml_stream_parser.cpp:68) +==356879== by 0x11BE3855: orcus::orcus_xlsx::detect(unsigned char const*, unsigned long) (orcus_xlsx.cpp:188) +==356879== by 0x11AB2492: orcus::detect(unsigned char const*, unsigned long) (format_detection.cpp:60) +--- + src/parser/sax_parser_base.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp +index 46acb81d..11791edc 100644 +--- a/src/parser/sax_parser_base.cpp ++++ b/src/parser/sax_parser_base.cpp +@@ -298,6 +298,8 @@ + + bool parser_base::value(pstring& str, bool decode) + { ++ if (!has_char()) ++ throw malformed_xml_error("value must be quoted", offset()); + char c = cur_char(); + if (c != '"' && c != '\'') + throw malformed_xml_error("value must be quoted", offset()); +-- +2.35.1 + commit 27b774e04543cf3b6147538fa5febef85372c34d Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Mar 23 13:03:30 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:38:18 2022 +0200 add infobar to prompt to refresh to replace old format Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307 Reviewed-by: Sophie Gautier <so...@libreoffice.org> Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com> diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc index cb627807d8c8..317dd88061df 100644 --- a/include/sfx2/strings.hrc +++ b/include/sfx2/strings.hrc @@ -292,6 +292,8 @@ #define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.") #define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.") #define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW", "Show Signatures") +#define STR_REFRESH_MASTER_PASSWORD NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it") +#define STR_REFRESH_PASSWORD NC_("STR_REFRESH_PASSWORD", "Refresh Password") #define STR_CLOSE_PANE NC_("STR_CLOSE_PANE", "Close Pane") diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx index aedd362f8781..dc01c088f1f7 100644 --- a/include/sfx2/viewfrm.hxx +++ b/include/sfx2/viewfrm.hxx @@ -64,6 +64,7 @@ protected: DECL_LINK(WhatsNewHandler, weld::Button&, void); DECL_LINK(SwitchReadOnlyHandler, weld::Button&, void); DECL_LINK(SignDocumentHandler, weld::Button&, void); + DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, weld::Button&, void); SAL_DLLPRIVATE void KillDispatcher_Impl(); virtual ~SfxViewFrame() override; diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx index 46a7c4d9dc42..a209ae7dea34 100644 --- a/sfx2/source/view/viewfrm.cxx +++ b/sfx2/source/view/viewfrm.cxx @@ -33,6 +33,7 @@ #include <com/sun/star/frame/XLayoutManager.hpp> #include <com/sun/star/frame/XComponentLoader.hpp> #include <com/sun/star/drawing/XShapes.hpp> +#include <com/sun/star/task/PasswordContainer.hpp> #include <officecfg/Office/Common.hxx> #include <officecfg/Setup.hxx> #include <toolkit/helper/vclunohelper.hxx> @@ -1413,6 +1414,22 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint ) batch->commit(); } + if (officecfg::Office::Common::Passwords::HasMaster::get() && + officecfg::Office::Common::Passwords::StorageVersion::get() == 0) + { + // master password stored in deprecated format + VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar = + AppendInfoBar("oldmasterpassword", "", + SfxResId(STR_REFRESH_MASTER_PASSWORD), InfobarType::DANGER, false); + if (pOldMasterPasswordInfoBar) + { + weld::Button& rButton = pOldMasterPasswordInfoBar->addButton(); + rButton.set_label(SfxResId(STR_REFRESH_PASSWORD)); + rButton.connect_clicked(LINK(this, + SfxViewFrame, RefreshMasterPasswordHdl)); + } + } + // read-only infobar if necessary const SfxViewShell *pVSh; const SfxShell *pFSh; @@ -1561,6 +1578,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, weld::Button&, void) GetDispatcher()->Execute(SID_SIGNATURE); } +IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, weld::Button&, void) +{ + bool bChanged = false; + try + { + Reference< task::XPasswordContainer2 > xMasterPasswd( + task::PasswordContainer::create(comphelper::getProcessComponentContext())); + + css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface(); + css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow(); + + uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(), + xContainerWindow)); + bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler); + } + catch (const Exception&) + {} + if (bChanged) + RemoveInfoBar(u"oldmasterpassword"); +} + void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh ) { m_pImpl->bResizeInToOut = true; commit 2c9d00b5ae0b643290a7d985635e7ce2407565f1 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Mar 23 10:45:15 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:36:06 2022 +0200 forcepoint#82 back() called on empty vector Change-Id: I8017777a58f1fef41d1545899868e333c2184c5c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131867 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/sw/qa/core/data/rtf/fail/forcepoint-82.rtf b/sw/qa/core/data/rtf/fail/forcepoint-82.rtf new file mode 100644 index 000000000000..54b1dee42c5b --- /dev/null +++ b/sw/qa/core/data/rtf/fail/forcepoint-82.rtf @@ -0,0 +1,28 @@ +{\rtf1 +{\trowd +\clbrdrl\brdrs\brdrw10\clbrdrr\brdrs\brdrw10\clbrdrt\brdrs\brdrw10\clbrdrb\brdrs\brdrw10\cellx2000 +\pard +Text 1 +\itap0 +\cell +\row} +\pard +\par +\itap0 +{\trowd +\clbrdrl\brdrs\brdrw10\clbrdrr\brdrs\brdrw10\clbrdrt\brdrs\brdrw10\clbrdrb\brdrs\brdrw10\cellx2000 +\pard +Text 2 +\itap0 +\cell +\row} +\itap-1 +{\trowd +\clbrdrl\brdrs\brdrw2147483649\clbrdrr\brdrs\brdrw9\clbrdrt\brdrs\brdrw10\clbrdrb\brdrs\brdrw185\cellx1000 +\nestrow} +\itap0 +\cell +\row} +\itap0 +\par +} \ No newline at end of file diff --git a/writerfilter/source/dmapper/DomainMapperTableManager.cxx b/writerfilter/source/dmapper/DomainMapperTableManager.cxx index a4dda411ef72..6548bd95b656 100644 --- a/writerfilter/source/dmapper/DomainMapperTableManager.cxx +++ b/writerfilter/source/dmapper/DomainMapperTableManager.cxx @@ -389,6 +389,8 @@ bool DomainMapperTableManager::sprm(Sprm & rSprm) DomainMapperTableManager::IntVectorPtr const & DomainMapperTableManager::getCurrentGrid( ) { + if (m_aTableGrid.empty()) + throw std::out_of_range("no current grid"); return m_aTableGrid.back( ); } commit 321dc5e52536f2c7d73c70dfbce164fac7762f3d Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Wed Mar 23 16:49:03 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:35:52 2022 +0200 forcepoint#83 Invalid read of size 1 Change-Id: I1576dfd8c9731d943107764aeb66bb1c2294ad5f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131989 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 710d126a8c17..4c42434ac9f8 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/allow-utf-8-in-xml-names.patch \ + external/liborcus/forcepoint-83.patch.1 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/forcepoint-83.patch.1 b/external/liborcus/forcepoint-83.patch.1 new file mode 100644 index 000000000000..bfd3bb86fcf9 --- /dev/null +++ b/external/liborcus/forcepoint-83.patch.1 @@ -0,0 +1,38 @@ +From 283b45ba3bcb22dc28303a09a96c9b94f86d1ba2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com> +Date: Wed, 23 Mar 2022 16:44:00 +0000 +Subject: [PATCH] forcepoint#83 Invalid read of size 1 + +==343916== Invalid read of size 1 +==343916== at 0x11A7B2F0: orcus::parser_base::cur_char() const (parser_base.hpp:79) +==343916== by 0x11B7B112: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element_open(long) (sax_parser.hpp:258) +==343916== by 0x11B7A2C7: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element() (sax_parser.hpp:246) +==343916== by 0x11B7A197: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::body() (sax_parser.hpp:214) +==343916== by 0x11B79FD9: orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::parse() (sax_parser.hpp:182) +==343916== by 0x11B79F8B: orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::parse() (sax_ns_parser.hpp:277) +==343916== by 0x11B79768: orcus::sax_token_parser<orcus::xml_stream_handler>::parse() (sax_token_parser.hpp:215) +==343916== by 0x11B79406: orcus::xml_stream_parser::parse() (xml_stream_parser.cpp:68) +==343916== by 0x11BE3805: orcus::orcus_xlsx::detect(unsigned char const*, unsigned long) (orcus_xlsx.cpp:188) +==343916== by 0x11AB2482: orcus::detect(unsigned char const*, unsigned long) (format_detection.cpp:60) +==343916== by 0x30E60945: (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) (filterdetect.cxx:83) +==343916== by 0x30E60ABE: non-virtual thunk to (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) (filterdetect.cxx:0) +--- + include/orcus/sax_parser.hpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/orcus/sax_parser.hpp b/include/orcus/sax_parser.hpp +index 15e8d917..d0fc45b5 100644 +--- a/include/orcus/sax_parser.hpp ++++ b/include/orcus/sax_parser.hpp +@@ -255,6 +255,8 @@ void sax_parser<_Handler,_Config>::element_open(std::ptrdiff_t begin_pos) + while (true) + { + skip_space_and_control(); ++ if (!has_char()) ++ return; + char c = cur_char(); + if (c == '/') + { +-- +2.35.1 + commit 70d72a9160e9fed04a284708450d0b458ea2091b Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Mar 24 14:32:22 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:35:38 2022 +0200 forcepoint#86 RES_TXTATR_UNKNOWN_CONTAINER item put at invalid index RES_CHRATR_BEGIN is 1, presumably RES_TXTATR_UNKNOWN_CONTAINER should be stored in the last index Change-Id: Id37fff41cbbccbc26fe5ccce6027014af7362729 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132040 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/sw/source/core/text/itratr.cxx b/sw/source/core/text/itratr.cxx index bc39bccc995e..b69953288328 100644 --- a/sw/source/core/text/itratr.cxx +++ b/sw/source/core/text/itratr.cxx @@ -443,7 +443,7 @@ static void InsertCharAttrs(SfxPoolItem const** pAttrs, SfxItemSet const& rItems } else if (nWhich == RES_TXTATR_UNKNOWN_CONTAINER) { - pAttrs[RES_CHRATR_END] = pItem; + pAttrs[RES_CHRATR_END - RES_CHRATR_BEGIN] = pItem; } } } commit 5156ff3ba73edf42bb36201fe82830e7b7415d59 Author: Aron Budea <aron.bu...@collabora.com> AuthorDate: Sun Feb 13 06:57:16 2022 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:35:16 2022 +0200 tdf#147014 Image missing due to integer overflow 32-bit awt::Point/Size/Rectangle cannot fit size of 1M rows with larger (eg. 5x the usual) height, and could overflow. This causes problems in 64-bit Linux builds and, since the following commit, in 64-bit Windows builds: 3d90997fb6f232d8008df4d166d7b97b869c200f For now, clamp possibly overflowing values to 32-bit. Change-Id: Ifda7265703388abdfb47f523da4f0c5822358404 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129876 Tested-by: Jenkins Reviewed-by: Luboš Luňák <l.lu...@collabora.com> Reviewed-by: Aron Budea <aron.bu...@collabora.com> Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132168 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132205 diff --git a/sc/qa/unit/data/xlsx/tdf147014.xlsx b/sc/qa/unit/data/xlsx/tdf147014.xlsx new file mode 100644 index 000000000000..df4428795d9d Binary files /dev/null and b/sc/qa/unit/data/xlsx/tdf147014.xlsx differ diff --git a/sc/source/filter/oox/worksheethelper.cxx b/sc/source/filter/oox/worksheethelper.cxx index 93b6fe88f429..071b391af066 100644 --- a/sc/source/filter/oox/worksheethelper.cxx +++ b/sc/source/filter/oox/worksheethelper.cxx @@ -75,6 +75,7 @@ #include <editeng/eeitem.hxx> #include <editeng/editobj.hxx> #include <editeng/flditem.hxx> +#include <tools/gen.hxx> namespace oox::xls { @@ -95,6 +96,18 @@ void lclUpdateProgressBar( const ISegmentProgressBarRef& rxProgressBar, double f rxProgressBar->setPosition( fPosition ); } +// TODO Needed because input might be >32-bit (in 64-bit builds), +// or a negative, already overflown value (in 32-bit builds) +sal_Int32 lclClampToNonNegativeInt32( tools::Long aVal ) +{ + if ( aVal > SAL_MAX_INT32 || aVal < 0 ) + { + SAL_WARN( "sc.filter", "Overflow detected, " << aVal << " does not fit into sal_Int32, or is negative." ); + return SAL_MAX_INT32; + } + return static_cast<sal_Int32>( aVal ); +} + } // namespace ColumnModel::ColumnModel() : @@ -537,9 +550,9 @@ const awt::Size& WorksheetGlobals::getDrawPageSize() const awt::Point WorksheetGlobals::getCellPosition( sal_Int32 nCol, sal_Int32 nRow ) const { - awt::Point aPoint; - PropertySet aCellProp( getCell( ScAddress( nCol, nRow, getSheetIndex() ) ) ); - aCellProp.getProperty( aPoint, PROP_Position ); + const tools::Rectangle aMMRect( getScDocument().GetMMRect( nCol, nRow, nCol, nRow, getSheetIndex() ) ); + awt::Point aPoint( lclClampToNonNegativeInt32( aMMRect.Left() ), + lclClampToNonNegativeInt32( aMMRect.Top() ) ); return aPoint; } @@ -1358,8 +1371,9 @@ void WorksheetGlobals::groupColumnsOrRows( sal_Int32 nFirstColRow, sal_Int32 nLa void WorksheetGlobals::finalizeDrawings() { // calculate the current drawing page size (after rows/columns are imported) - PropertySet aRangeProp( getCellRange( ScRange( 0, 0, getSheetIndex(), mrMaxApiPos.Col(), mrMaxApiPos.Row(), getSheetIndex() ) ) ); - aRangeProp.getProperty( maDrawPageSize, PROP_Size ); + const Size aPageSize( getScDocument().GetMMRect( 0, 0, mrMaxApiPos.Col(), mrMaxApiPos.Row(), getSheetIndex() ).GetSize() ); + maDrawPageSize.Width = lclClampToNonNegativeInt32( aPageSize.Width() ); + maDrawPageSize.Height = lclClampToNonNegativeInt32( aPageSize.Height() ); // import DML and VML if( !maDrawingPath.isEmpty() ) commit af1b5d6b04183b07f79d47e3892c6d8c28b91adb Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Mar 24 09:33:44 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:34:13 2022 +0200 forcepoint#85 Conditional jump or move depends on uninitialised value ==398461== by 0xCDC7960: (anonymous namespace)::CopyUntil(char16_t*&, char16_t const*&, char16_t, bool) (strhelper.cxx:88) ==398461== by 0xCDC839F: psp::WhitespaceToSpace(rtl::OUString const&, bool) (strhelper.cxx:294) ==398461== by 0xCB54980: vcl::PDFWriterImpl::setOutlineItemText(int, rtl::OUString const&) (pdfwriter_impl.cxx:9875) ==398461== by 0xCB547FF: vcl::PDFWriterImpl::createOutlineItem(int, rtl::OUString const&, int) (pdfwriter_impl.cxx:9851) ==398461== by 0xCAF39B0: vcl::PDFWriter::CreateOutlineItem(int, rtl::OUString const&, int) (pdfwriter.cxx:383) ==398461== by 0xCABD7C8: vcl::GlobalSyncData::PlayGlobalActions(vcl::PDFWriter&) (pdfextoutdevdata.cxx:250) ==398461== by 0xCAC0628: vcl::PDFExtOutDevData::PlayGlobalActions(vcl::PDFWriter&) (pdfextoutdevdata.cxx:616) ==398461== by 0x3D06EA0F: PDFExport::Export(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (pdfexport.cxx:1004) Change-Id: I6bc086997851ee06531a4a9ae263e2b26edfba84 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132036 Tested-by: Jenkins Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> diff --git a/vcl/source/helper/strhelper.cxx b/vcl/source/helper/strhelper.cxx index 96e10b4865e8..782c9ce123e1 100644 --- a/vcl/source/helper/strhelper.cxx +++ b/vcl/source/helper/strhelper.cxx @@ -83,7 +83,8 @@ void CopyUntil( sal_Unicode*& pTo, const sal_Unicode*& pFrom, sal_Unicode cUntil *pTo = *pFrom; pTo++; } - pFrom++; + if( *pFrom ) + pFrom++; } while( *pFrom && *pFrom != cUntil ); // copy the terminating character unless zero or protector if( ! isProtect( *pFrom ) || bIncludeUntil ) commit e95917792c44454adca2a2f1629d94462b1cc3fc Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Mar 21 20:58:34 2022 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:33:17 2022 +0200 make hash encoding match decoding Seeing as old versions of the hash may be in the users config, add a StorageVersion field to the office config Passwords section which defaults to 0 to indicate the old hash is in use. Try the old varient when StorageVersion is 0. When a new encoded master password it set write StorageVersion of 1 to indicate a new hash is in use and use the new style when StorageVersion is 1. Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index 9097c23c3c6a..922efc33cca7 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -942,6 +942,12 @@ </info> <value>false</value> </prop> + <prop oor:name="StorageVersion" oor:type="xs:int" oor:nillable="false"> + <info> + <desc>Specifies what version of encoding scheme the password container uses.</desc> + </info> + <value>0</value> + </prop> <prop oor:name="HasMaster" oor:type="xs:boolean" oor:nillable="false"> <info> <desc>Specifies if there is a valid master password.</desc> diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx index 51fb129cddb1..0970d1f9b6dc 100644 --- a/svl/source/passwordcontainer/passwordcontainer.cxx +++ b/svl/source/passwordcontainer/passwordcontainer.cxx @@ -17,6 +17,7 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <sal/log.hxx> #include "passwordcontainer.hxx" @@ -259,6 +260,23 @@ bool StorageItem::useStorage() return aResult; } +sal_Int32 StorageItem::getStorageVersion() +{ + Sequence<OUString> aNodeNames { "StorageVersion" }; + + Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames ); + + if( aPropertyValues.getLength() != aNodeNames.getLength() ) + { + OSL_FAIL( "Problems during reading" ); + return 0; + } + + sal_Int32 nResult = 0; + aPropertyValues[0] >>= nResult; + + return nResult; +} bool StorageItem::getEncodedMP( OUString& aResult ) { @@ -291,18 +309,11 @@ bool StorageItem::getEncodedMP( OUString& aResult ) void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty ) { - Sequence< OUString > sendNames(2); - Sequence< uno::Any > sendVals(2); - - sendNames[0] = "HasMaster"; - sendNames[1] = "Master"; - bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty ); - sendVals[0] <<= bHasMaster; - sendVals[1] <<= aEncoded; ConfigItem::SetModified(); - ConfigItem::PutProperties( sendNames, sendVals ); + ConfigItem::PutProperties( { "HasMaster", "Master", "StorageVersion" }, + { uno::Any(bHasMaster), uno::Any(aEncoded), uno::Any(nCurrentStorageVersion) } ); hasEncoded = bHasMaster; mEncoded = aEncoded; @@ -800,6 +811,18 @@ OUString PasswordContainer::RequestPasswordFromUser( PasswordRequestMode aRMode, return aResult; } +// Mangle the key to match an old bug +static OUString ReencodeAsOldHash(const OUString& rPass) +{ + OUStringBuffer aBuffer; + for (int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ++ind) + { + unsigned char i = static_cast<char>(rPass.copy(ind * 2, 2).toUInt32(16)); + aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4))); + aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15))); + } + return aBuffer.makeStringAndClear(); +} OUString const & PasswordContainer::GetMasterPassword( const Reference< XInteractionHandler >& aHandler ) { @@ -838,6 +861,9 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac } else { + if (m_pStorageFile->getStorageVersion() == 0) + aPass = ReencodeAsOldHash(aPass); + std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) ); if( aRM.empty() || aPass != aRM[0] ) { @@ -1042,6 +1068,10 @@ sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::R do { aPass = RequestPasswordFromUser( aRMode, xTmpHandler ); + + if (m_pStorageFile->getStorageVersion() == 0) + aPass = ReencodeAsOldHash(aPass); + bResult = ( !aPass.isEmpty() && aPass == m_aMasterPasswd ); aRMode = PasswordRequestMode_PASSWORD_REENTER; // further questions with error notification } while( !bResult && !aPass.isEmpty() ); diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx index 46ffec888602..bf43b5903602 100644 --- a/svl/source/passwordcontainer/passwordcontainer.hxx +++ b/svl/source/passwordcontainer/passwordcontainer.hxx @@ -168,6 +168,10 @@ public: typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord; typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap; +// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of +// how password details are saved changes. Enables migration from previous +// schemes. +constexpr sal_Int32 nCurrentStorageVersion = 1; class PasswordContainer; @@ -196,6 +200,8 @@ public: void remove( const OUString& url, const OUString& rec ); void clear(); + sal_Int32 getStorageVersion(); + bool getEncodedMP( OUString& aResult ); void setEncodedMP( const OUString& aResult, bool bAcceptEmpty = false ); void setUseStorage( bool bUse ); diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx index ad975d3f9ae7..951f0b8a1c6b 100644 --- a/uui/source/iahndl-authentication.cxx +++ b/uui/source/iahndl-authentication.cxx @@ -436,8 +436,9 @@ executeMasterPasswordDialog( OUStringBuffer aBuffer; for (sal_uInt8 i : aKey) { - aBuffer.append(static_cast< sal_Unicode >('a' + (i >> 4))); - aBuffer.append(static_cast< sal_Unicode >('a' + (i & 15))); + // match PasswordContainer::DecodePasswords aMasterPasswd.copy(index * 2, 2).toUInt32(16)); + aBuffer.append(OUString::number(i >> 4, 16)); + aBuffer.append(OUString::number(i & 15, 16)); } rInfo.SetPassword(aBuffer.makeStringAndClear()); } commit 8ea1e24b66b64bdcb4b9ac7640cdbe2a484d2800 Author: Luboš Luňák <l.lu...@collabora.com> AuthorDate: Tue Mar 22 16:46:55 2022 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:31:41 2022 +0200 warn on too many rows/column when loading ODS There's a warning when loading XLSX, but not when loading ODS. Now that 7.4 is going to support 16k columns, that would be a useful warning, either if we raise the limits again, or backported to 7.2/7.3 . Change-Id: I204bca32e1ff37332b86361d3d81d3fee29c15ec Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131945 Tested-by: Jenkins Reviewed-by: Eike Rathke <er...@redhat.com> diff --git a/sc/source/filter/xml/xmlcelli.cxx b/sc/source/filter/xml/xmlcelli.cxx index 6068fd901905..f17e1a231672 100644 --- a/sc/source/filter/xml/xmlcelli.cxx +++ b/sc/source/filter/xml/xmlcelli.cxx @@ -1189,7 +1189,10 @@ void ScXMLTableRowCellContext::AddTextAndValueCell( const ScAddress& rCellPos, // it makes no sense to import data after the last supported column // fdo#58539 & gnome#627150 if(rCurrentPos.Col() > pDoc->MaxCol()) + { + rXMLImport.SetRangeOverflowType(SCWARN_IMPORT_COLUMN_OVERFLOW); break; + } if (i > 0) rTables.AddColumn(false); @@ -1202,7 +1205,10 @@ void ScXMLTableRowCellContext::AddTextAndValueCell( const ScAddress& rCellPos, // it makes no sense to import data after last supported row // fdo#58539 & gnome#627150 if(rCurrentPos.Row() > pDoc->MaxRow()) + { + rXMLImport.SetRangeOverflowType(SCWARN_IMPORT_ROW_OVERFLOW); break; + } if( (rCurrentPos.Col() == 0) && (j > 0) ) { commit 1d9ca9a14900d712cc4f8564721fbb16f620234a Author: Noel Grandin <noel.gran...@collabora.co.uk> AuthorDate: Wed Mar 23 16:49:05 2022 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:30:25 2022 +0200 tdf#147641 default font size for captions always reset regression from commit 65d2d2647ead42e5bbb7800f14c047f383fe450b Author: Noel Grandin <noel.gran...@collabora.co.uk> Date: Thu Nov 8 16:10:51 2018 +0200 loplugin:singlevalfields in sw where I incorrectly reduced a boolean expression Change-Id: I7f3b4552dc27dcd5e118233b5c0ca75e4eb06fc5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131980 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk> (cherry picked from commit 323ff2749b6be5f6ef98c6250afce4fa89e3aa1c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131995 Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com> diff --git a/sw/source/ui/config/optpage.cxx b/sw/source/ui/config/optpage.cxx index 26ae3fb628bd..81b021561028 100644 --- a/sw/source/ui/config/optpage.cxx +++ b/sw/source/ui/config/optpage.cxx @@ -596,9 +596,9 @@ bool SwStdFontTabPage::FillItemSet( SfxItemSet* ) bool bStandardHeightChanged = m_xStandardHeightLB->get_value_changed_from_saved(); bool bTitleHeightChanged = m_xTitleHeightLB->get_value_changed_from_saved(); - bool bListHeightChanged = m_xListHeightLB->get_value_changed_from_saved() && !m_bListHeightDefault; - bool bLabelHeightChanged = m_xLabelHeightLB->get_value_changed_from_saved() && !m_bLabelHeightDefault; - bool bIndexHeightChanged = m_xIndexHeightLB->get_value_changed_from_saved() && !m_bIndexHeightDefault; + bool bListHeightChanged = m_xListHeightLB->get_value_changed_from_saved(); + bool bLabelHeightChanged = m_xLabelHeightLB->get_value_changed_from_saved(); + bool bIndexHeightChanged = m_xIndexHeightLB->get_value_changed_from_saved(); m_pFontConfig->SetFontStandard(sStandard, m_nFontGroup); m_pFontConfig->SetFontOutline(sTitle, m_nFontGroup); commit f3eae75ed4672a833ba71dbdd3e3867e965ffd49 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Thu Mar 31 12:13:23 2022 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:29:36 2022 +0200 zlib: upgrade to release 1.2.12 Fixes CVE-2018-25032 external/zlib/ubsan.patch: remove, fixed upstream Change-Id: I2aa9a9008b9cf7efd970c5fff0df7029204204f8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132358 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bfb6c4c65781a610d21409d974227d73f264f41a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132192 Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/download.lst b/download.lst index fcc06ceb31d7..12575e132190 100644 --- a/download.lst +++ b/download.lst @@ -267,8 +267,8 @@ export WPS_VERSION_MICRO := 12 export WPS_TARBALL := libwps-0.4.$(WPS_VERSION_MICRO).tar.xz export XSLTML_SHA256SUM := 75823776fb51a9c526af904f1503a7afaaab900fba83eda64f8a41073724c870 export XSLTML_TARBALL := a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip -export ZLIB_SHA256SUM := 4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066 -export ZLIB_TARBALL := zlib-1.2.11.tar.xz +export ZLIB_SHA256SUM := 7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18 +export ZLIB_TARBALL := zlib-1.2.12.tar.xz export ZMF_SHA256SUM := 27051a30cb057fdb5d5de65a1f165c7153dc76e27fe62251cbb86639eb2caf22 export ZMF_TARBALL := libzmf-0.0.2.tar.xz diff --git a/external/zlib/UnpackedTarball_zlib.mk b/external/zlib/UnpackedTarball_zlib.mk index e74039d25089..dd9fc1c31445 100644 --- a/external/zlib/UnpackedTarball_zlib.mk +++ b/external/zlib/UnpackedTarball_zlib.mk @@ -18,8 +18,4 @@ $(eval $(call gb_UnpackedTarball_set_post_action,zlib,\ $(eval $(call gb_UnpackedTarball_set_patchlevel,zlib,0)) -$(eval $(call gb_UnpackedTarball_add_patches,zlib, \ - external/zlib/ubsan.patch \ -)) - # vim: set noet sw=4 ts=4: diff --git a/external/zlib/ubsan.patch b/external/zlib/ubsan.patch deleted file mode 100644 index 2d7ff8d67967..000000000000 --- a/external/zlib/ubsan.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- trees.c -+++ trees.c -@@ -870,7 +870,7 @@ - bi_windup(s); /* align on byte boundary */ - put_short(s, (ush)stored_len); - put_short(s, (ush)~stored_len); -- zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len); -+ if (stored_len != 0) zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len); - s->pending += stored_len; - #ifdef ZLIB_DEBUG - s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; commit 92e5b15dd5adb8522052eb53ca2e1fc048400ea2 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Thu Mar 31 20:33:02 2022 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Apr 5 13:29:24 2022 +0200 nss: build with zlib module on WNT Change-Id: Ie875b4a8df1697de83a8f22cb1170a49792c47e6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132367 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 1c748fefc3c5b42e3548a1a7f5017a579982005a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132376 Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/configure.ac b/configure.ac index 06d77468a501..aaef60bdf15f 100644 --- a/configure.ac +++ b/configure.ac @@ -8833,7 +8833,11 @@ else SYSTEM_ZLIB= BUILD_TYPE="$BUILD_TYPE ZLIB" ZLIB_CFLAGS="-I${WORKDIR}/UnpackedTarball/zlib" - ZLIB_LIBS="-L${WORKDIR}/LinkTarget/StaticLibrary -lzlib" + if test "$COM" = "MSC"; then + ZLIB_LIBS="${WORKDIR}/LinkTarget/StaticLibrary/zlib.lib" + else + ZLIB_LIBS="-L${WORKDIR}/LinkTarget/StaticLibrary -lzlib" + fi fi AC_SUBST(ZLIB_CFLAGS) AC_SUBST(ZLIB_LIBS) diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index a9c4fcadfc95..8a43505a0819 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -27,10 +27,11 @@ $(call gb_ExternalProject_get_state_target,nss,build): \ MOZ_DEBUG_FLAGS=" " \ OPT_CODE_SIZE=0) \ OS_TARGET=WIN95 \ + USE_SYSTEM_ZLIB=1 \ $(if $(filter X86_64,$(CPUNAME)),USE_64=1) \ $(if $(filter ARM64,$(CPUNAME)),USE_64=1) \ LIB="$(ILIB)" \ - XCFLAGS="$(SOLARINC)" \ + XCFLAGS="$(SOLARINC) $(ZLIB_CFLAGS)" \ $(if $(CROSS_COMPILING),\ CROSS_COMPILE=1 \ $(if $(filter ARM64,$(CPUNAME)),CPU_ARCH=aarch64) \