Age | Commit message (Collapse) | Author |
|
Change-Id: Ib7161ceef3662269a6fb95a34f21652daff26bd7
|
|
(cherry picked from commit 3c3299621628c11bf9f0f38e1259938b391c31e0)
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113058
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8558bc8a0702bf41e020018f469b9feccd99f92d)
Conflicts:
include/svl/sigstruct.hxx
xmlsecurity/inc/xmlsignaturehelper.hxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecsign.cxx
xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
|
|
(cherry picked from commit 0559f8ee41d9f6d6fff342cdcaf878c769c48161)
Conflicts:
xmlsecurity/source/helper/ooxmlsecexporter.cxx
Change-Id: I3faa33c98ec56197a1528f443c3850c70e171c4b
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242)
(cherry picked from commit 5b365c7cf8f39a801249947dbd1082261d148b61)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecverify.cxx
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecsign.cxx
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
|
|
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)
xmlsecurity: move XSecParser state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)
xmlsecurity: move XSecParser Reference state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ad5930e87e788780a255523f106deb1dde5d7b37)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecparser.hxx
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94093
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 943fbfad668da76f7d0ebd4f4d8cdd67224d2f01)
plus one line in xsecverify.cxx from:
commit f59d9e7ea09482c2e9e5f52a8d0445e4cebc3df5
Author: Noel Grandin <noel.grandin@collabora.co.uk>
AuthorDate: Fri Apr 3 15:53:49 2020 +0200
new loplugin:unusedvariableplus
a particularly aggressive checker, which is why it is off by default
Change-Id: I5fdb554a1b116824843f35645bc1cea3ca91e0f2
|
|
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112412
(cherry picked from commit 52a23d595b820cab27d76d0e7c129f2757c762d6)
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
|
|
Using nested install is bad because (1) MS advises against it (though it
most possibly doesn't relate to our specific case, when we install the
vc redist exe package in UI part, so actually only a single MSI session
is active at any time); (2) because it adds some extra interactions
(user sees something "unrelated" being installed, which raises concerns;
additional admin authentication required); and (3) because it runs in
InstallUISequence, thus only installing the UCRT when doing interactive
installation (unattended installs, including GPO, need to install UCRT
separately).
This patch aims to incorporate the original UCRT MSU (Windows Update)
packages (https://support.microsoft.com/en-us/help/2999226) available as
a zip archive from
https://www.microsoft.com/en-us/download/details.aspx?id=48234
- the same as used in VC redists for VS 2015 and 2017. This obsoletes
the separate installation of the redist; since we also have the redist
as merge module in our MSI, that is enough (and removes redundancy).
The MSUs are installed using wusa.exe in a custom action (deferred,
non-impersonating).
As a small bonus, embedding MSUs instead of redist EXE allows us to
shrink the size of installer a little (~10 MB).
As deferred custom actions cannot access current installer database,
we workaround this by using initial immediate impersonating action to
extract the binaries into a temporary location. To ensure that the file
gets removed upon completion (both successful and failed), we use an
additional cleanup action.
Commit 61b1d631331551b43bc7d619be33bfbfeff7cad6 is effectively reverted.
This commit also includes changes from commits from master:
8faa1bc61fa8f09365d483364aea2b1c2751b587
1f8a3657216e44796cb94087450552aa977ebdae
378c1576d2890625ebbd18ec9ccff560eeb1619f
Change-Id: I1529356fdcc67ff24b232c01ddf8bb3a31bb00bd
Reviewed-on: https://gerrit.libreoffice.org/53332
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
|
|
Fixes CVE-2019-7317.
Reviewed-on: https://gerrit.libreoffice.org/71663
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit e2abbc0062398ea67cb13cb5b0b7bfdce78e652c)
Change-Id: I3374f5cbd6552e2c1569d63ee680d0c1d9389621
|
|
Change-Id: I4b382271df21c58de0e102af6e0b07a88a1d9610
Reviewed-on: https://gerrit.libreoffice.org/62448
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 6253b1a29c8c1bcd7fd9efb07ca1a12fb0fc1746)
|
|
Change-Id: Ie736220197663b22a39840459c21230192925e3e
|
|
This is an adaptation of upstream patch
https://github.com/gpg/libgpg-error/commit/7865041c77f4f7005282f10f9b6666b19072fbdf
plus a fix to Makefile.in
Change-Id: I5bf946cf93e5849b8a3428064ab86f6255be97da
Reviewed-on: https://gerrit.libreoffice.org/75022
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit af3b993ebea2f653fabba981d4c22b9aa779b32a)
Reviewed-on: https://gerrit.libreoffice.org/75075
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 87215115618de0c12d287a300fc5fde993886089)
Reviewed-on: https://gerrit.libreoffice.org/76308
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 8edc7023a14d26a7a6201f154b5c0e8edb47b1d9)
|
|
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121029
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can be
seen with failed builds like
<https://ci.libreoffice.org//job/lo_tb_master_mac/35209>:
[...]
> [build PAT] openssl
> [build C ] UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c
> [build C ] UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c
> [build DEP] LNK:Library/libclucene.dylib
> [build LNK] Library/libclucene.dylib
> In file included from /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21:
> /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11: fatal error: 'openssl/opensslconf.h' file not found
> # include <openssl/opensslconf.h>
> ^~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4)
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4
|
|
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119426
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115935
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
At the moment the ProductVersion-Path has always the same format,
with this patch, when the format the same, then no change is need for
the next Version.
Change-Id: I6a52fd20751ba139dd5ed6e3802f29c5e8f02975
Reviewed-on: https://gerrit.libreoffice.org/60041
Tested-by: Jenkins
Reviewed-by: Juergen Funk (CIB) <juergen.funk_ml@cib.de>
|
|
Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: Iff416a9c5930ad5903f7ee51a2abbc94d5f40800
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110970
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
(cherry picked from commit f456c4dacf700e064e112ef068ff7edb04239754)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110922
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f19d95986756412e5d72047656eec17a720c5e57)
|
|
... which obviously are rejected by SHGetFileInfoW and SHParseDisplayName
that it calls internally.
Change-Id: I2f5f3c675ea6aa1c2d92eef30be4399a8d600255
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87565
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87737
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit fc043d38c256243fb782cc48e7708feaeabba4ae)
|
|
Change-Id: Ifa662be39ac7d35241ee31956e2556b7ba3b5a02
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106558
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 696739056f37430154d6333b8f7228d1c44d09b3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106520
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit ec5adc39cbea6d754ef68ab3d03fb16066b27e40)
|
|
Looks like Python 3.5 is EOL, so backport the patch.
Change-Id: I9ba397b3ed7e5f4ee4f78b144d822ce260ca9fb4
|
|
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093)
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108956
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93789
Tested-by: René Engelhard <rene@debian.org>
Tested-by: Jenkins
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
(cherry picked from commit b42ab78fb871924896b3cc38a7b2f1257151f711)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96639
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit d40f36bf47814c324a1ec467c566255fb187444b)
Change-Id: I89b4635a6a3e3a5522172d6f4c3f14e6c14994b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108955
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: I7a3684932b8f9c403a3368b42fa4d8039c67f1a9
Reviewed-on: https://gerrit.libreoffice.org/84384
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86905
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
Tested-by: Tomáš Chvátal <tchvatal@suse.com>
(cherry picked from commit 035830400393e075fca364a444e04c40516730b2)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90971
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 002d1152dc418f7d624409e76cd9d4ac0b42c7f8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90975
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 63b573faf984875cda7a879e696ea75fae81df57)
Change-Id: I0aca4af1bd79f28bf1c920a4d05e80948106aaac
|
|
...as ShellExecuteExW would ignore it anyway
Change-Id: I969db094bb7d2ea230ac8c36eb23d71a90fbe466
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86868
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 14b36a16b225bf7c988f118d499a7287c47cd83e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86875
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit e033f200d74202d64f4a928c2d7b3b1cadd1c8e8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88203
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543
CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873
CVE-2019-10872 CVE-2019-10871 CVE-2019-10018
remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
Reviewed-on: https://gerrit.libreoffice.org/83308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 28e52c49452320ac76489d0f93ca5692456e5331)
Reviewed-on: https://gerrit.libreoffice.org/83336
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit f3b2d61376c6d7ae262f58406d89ef0caa8b0aaf)
Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35
|
|
Reviewed-on: https://gerrit.libreoffice.org/81545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 2eadd46ab81058087af95bdfc1fea28fcdb65998)
Reviewed-on: https://gerrit.libreoffice.org/83363
Reviewed-by: Rasmus Thomsen <oss@cogitri.dev>
(cherry picked from commit 928a372775a0758aa76eb10e568d5c106a8586eb)
Change-Id: I3b6b3faea7986f3e5a6ae4790580d03bc9c955fc
|
|
Fixes CVE-2019-18197.
Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1)
Reviewed-on: https://gerrit.libreoffice.org/83377
(cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473)
Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
|
|
Change-Id: Ifc64dae74df341e107857e43223ead04b9c1061e
Reviewed-on: https://gerrit.libreoffice.org/66309
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 3f720ac5ff65ddb2c0a06e48d0e2e9bec29f3a43)
Reviewed-on: https://gerrit.libreoffice.org/66364
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
... which is, surprisingly enough, required to build the latest libxslt.
Reviewed-on: https://gerrit.libreoffice.org/83311
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit d1bf39a78ed239d4493f0470ca937852265e79d6)
Reviewed-on: https://gerrit.libreoffice.org/83347
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit e9dc4662d4ba3bde91407911f1bc1a7aa25fa0ce)
Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
|
|
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056
and expat CVE-2019-15903.
python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a
mystery why --with-system-expat is used everywhere but on MacOSX,
where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no
obvious reason, so try to remove the special case and get rid of the
patch.
Reviewed-on: https://gerrit.libreoffice.org/83117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076)
Reviewed-on: https://gerrit.libreoffice.org/83189
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 0d4b1f624349361e5bf11b58ccc9e0e295c0e4aa)
Remove external/python3/python-3.5.7-c99.patch.1 - was apparently
reverted upstream.
Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96
|
|
... if link updates are allowed in the current document and that
intermediate document resides in a trusted location.
This works with both, the "Always (from trusted locations)" and
the "On request" settings under Tools -> Options -> Calc ->
General. It can't work with documents residing in a non-trusted
location as there is no way to allow updates on demand for a such
loaded document (hidden via formulas).
Reviewed-on: https://gerrit.libreoffice.org/77588
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 54bf84746a2a9a2e2aaf0df9e429b0cfd538f640)
Reviewed-on: https://gerrit.libreoffice.org/77604
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 14825a8b7f00ee4c148f2583856e5102312cabbd)
(cherry picked from commit f136b30fa3e991b780e4b1ed704d04256d0cfca0)
Change-Id: Ie483f7743db7c6d5cf947dc16a9c3660855f3423
(cherry picked from commit 86a3ea14d959f8a5409ea4883d9bf19e48046947)
|
|
Change-Id: Ia98c9718ccd8e18b5f56851027bde944164f05c4
Reviewed-on: https://gerrit.libreoffice.org/78978
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 4436a29401beffd0893ecae70cd09c7a49f49f22)
|
|
Change-Id: I8280a81eef2ced0ff0ace51ea9f094421abafe13
Reviewed-on: https://gerrit.libreoffice.org/78108
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 761e6dd25782420bf06e4a2ff3205a79b6cbb136)
Reviewed-on: https://gerrit.libreoffice.org/78129
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit ffad51e9e625a22f1efab3da7886baf4134b444f)
|
|
Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346
Reviewed-on: https://gerrit.libreoffice.org/77706
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728)
Reviewed-on: https://gerrit.libreoffice.org/77724
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 52f7aa318722bd17c77ee5c4fa8307936e7b53af)
Reviewed-on: https://gerrit.libreoffice.org/78146
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: I392be4282be8ed67e3451b28d2c9f22acd4c87fc
Reviewed-on: https://gerrit.libreoffice.org/77564
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 3c076e54f736980e208f5c27ecf179aa90aea103)
Reviewed-on: https://gerrit.libreoffice.org/77572
Tested-by: Jenkins
(cherry picked from commit 5445f7ffd09e891b220dabb19cd013bcf591fc08)
Reviewed-on: https://gerrit.libreoffice.org/78145
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: Ifd733625a439685ad307603eb2b00bf463eb9ca9
Reviewed-on: https://gerrit.libreoffice.org/77373
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 87959e5deea6d33cd35dbb3b8423056f9566710e)
Reviewed-on: https://gerrit.libreoffice.org/77377
(cherry picked from commit c03acb9b8a97254cfcf7c45ef920b93b7f1dd344)
Reviewed-on: https://gerrit.libreoffice.org/77404
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: Ic97649ed6d4be595b308922c7bdc880cbb60b239
Reviewed-on: https://gerrit.libreoffice.org/77102
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 75903a0298218f89a199a5ac151ee0166f4469d7)
Reviewed-on: https://gerrit.libreoffice.org/77115
|
|
Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77023
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 28c6af3ddc283ca9c5712359a9abcb385c1575b4)
Reviewed-on: https://gerrit.libreoffice.org/77091
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
Change-Id: I470c4b24192c3e3c9b556a9bbb3b084359e0033b
Reviewed-on: https://gerrit.libreoffice.org/77006
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 315c51731384230194af26b86a976bf5d06c9dcc)
|
|
This only fixes part that the URL refuses to open the target file.
Honoring fragment isn't fixed here, since it's the system call to
ShellExecuteExW that in this case internally converts the file URL
into a system path, and strips the fragment from it.
Regression from commit d59ec4cd1660410fa1b18c50d2d83b1417a82ddc.
Change-Id: I6c9ed27e9a5bd7f2780dd3be96f816a6e825e043
Reviewed-on: https://gerrit.libreoffice.org/76778
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit 2207269a84c7c9920af3385b837ce67978c720b4)
Reviewed-on: https://gerrit.libreoffice.org/76848
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit dd2b7919058fc0e23a7117d39110d3ecaaad1fb2)
Reviewed-on: https://gerrit.libreoffice.org/76881
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 72861eaf7cf9af3e7764b13d9e74edc5548806d2)
|
|
... which can be constructed with an arbitrary URI text string not
an svExternal* token type, until link updates are allowed.
Reviewed-on: https://gerrit.libreoffice.org/75422
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit b824b23860b2cf533d4f2428d4a750bd72576181)
Reviewed-on: https://gerrit.libreoffice.org/76304
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Change-Id: I2ce4de415ff99ace04c083c36c1383d76a4ef40d
|
|
Change-Id: I85b2185e550f2a133ceb485241ef513b40593e34
Reviewed-on: https://gerrit.libreoffice.org/75301
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit 03c708bf085f91480c014d7fa31e7a317b2c7b8f)
Reviewed-on: https://gerrit.libreoffice.org/76303
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
Reviewed-on: https://gerrit.libreoffice.org/76378
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 7942929685fafb0f9c82feb8da7279e5103c87f0)
Reviewed-on: https://gerrit.libreoffice.org/76451
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|