Age | Commit message (Collapse) | Author |
|
Change-Id: Idcc660c92221380dd8311d81ba10e8c1019b49fa
|
|
Duplicate ds:X509Certificate elements cause:
warn:xmlsecurity.comp:9604:3820:xmlsecurity/source/helper/xmlsignaturehelper.cxx:658: X509Data do not form a chain: certificate in cycle:
(regression from 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113746
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ae08aa8a095832ae2a88eac14f9680ac8d3a13b6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113752
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 0ab3a264ba8d732cffa42a069c9aa50dab44e99f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113754
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Change-Id: I3d319a2f74dbec17b73f1c7bb8f4efe4e335f0ac
|
|
This is similar to 12b15be8f4f930a04d8056b9219ac969b42a9784 and following
commits, but OOXMLSecParser has some differences to XSecParser, such as
using a ds:Manifest, and requires a couple extra namespaces.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113381
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit cc1d19f7bbaefa5fb22ebd1344112755068b93c9)
Change-Id: I56e39d9609db8fcad50ca1632ff482c1f0a30ff5
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113058
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
|
|
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242)
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
|
|
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)
xmlsecurity: move XSecParser state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)
xmlsecurity: move XSecParser Reference state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ad5930e87e788780a255523f106deb1dde5d7b37)
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94093
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 943fbfad668da76f7d0ebd4f4d8cdd67224d2f01)
plus one line in xsecverify.cxx from:
commit f59d9e7ea09482c2e9e5f52a8d0445e4cebc3df5
Author: Noel Grandin <noel.grandin@collabora.co.uk>
AuthorDate: Fri Apr 3 15:53:49 2020 +0200
new loplugin:unusedvariableplus
a particularly aggressive checker, which is why it is off by default
Change-Id: I5fdb554a1b116824843f35645bc1cea3ca91e0f2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113052
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113051
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112412
(cherry picked from commit 52a23d595b820cab27d76d0e7c129f2757c762d6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113050
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109552
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 1dc71daf7fa7204a98c75dac680af664ab9c8edb)
Change-Id: Ie40801df8866b52c1458e020ffa9cba120720af7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110281
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
...where the members of aRectangle passed into gtv_calc_header_bar_draw_text
(and unconditionally used there, see the definition further up in this file) are
only set for ROW and COLUMN types. Lets assume that no other types can happen
here? (This is part of libreofficekit/Executable_gtktiledviewer.mk, see
libreofficekit/README for how to execute it.)
Change-Id: I487be241e564127183751758710140ab24941f63
Reviewed-on: https://gerrit.libreoffice.org/84424
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 281f3d5c418e50a2858619633ebca290bd626c03)
|
|
Change-Id: I16da6f6f78dfd0a4bc17017275a6644d6e4340c8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106533
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 48d052a9f1bdbd34e1819b45ab83f51b84911702)
|
|
Change-Id: Ic2bd8b49762266ad48263bd68a143b46fb5fd66f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104863
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 9bf58fd45814f10ecf6131aeeec86123a383723f)
|
|
Change-Id: I11393c730986585aeea229ebeec6417e4a0578d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104510
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7f55db80c6fe42c162bbf51404e638a66b6ae9ab)
|
|
Change-Id: Ifbde8fc055a91e23db08508a34ce4664d2f1f96f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103906
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit fb0c3f9d8964f8c0f40238559c32d9d73cba6b55)
|
|
Change-Id: I048e5d88d5926a4afa75afab18db5ca6354e2454
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103641
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 9a1202edab0cfe95572f12a8c49ef756ead49bf2)
|
|
Change-Id: Id77d90197e98d29787a40966f248dd769c9dac28
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90175
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 1e95c2c17a49349caba1e62b4de3752c5f767f01)
|
|
Change-Id: I443869f848925911ed46e2f547f0dc652b1ff290
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88214
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 08695569fd4fccc1722e7e3c7e0a234699199196)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87802
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit fec7e3422f4d1c5b9382518a11d0bb99b12e41c9)
Change-Id: I76c1c815ab5aaf4548c886a69989fcabe3de5248
|
|
Change-Id: If658720502739e6ad88c3cf73ac6674e0313a48b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87648
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 090cf1e3bbe0ffaf56f22b152b73578483be2f42)
|
|
this is the first honggfuzz (honggfuzz_asan_libreoffice) report I've seen to date
Change-Id: Iac733aa63c7c94d9454b9c8596340dc2286393c0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87803
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 0754e581b0d8569dd08cf26f88678754f249face)
|
|
File "/home/tdf/lode/jenkins/workspace/android_aarch64/external/nss/nsinstall.py", line 112, in nsinstall
os.makedirs(args[0])
File "/opt/rh/rh-python38/root/usr/lib64/python3.8/os.py", line 223, in makedirs
mkdir(name, mode)
FileExistsError: [Errno 17] File exists: '../../../../dist/public/dbm'
../../../coreconf/rules.mk:119: recipe for target '../../../../dist/public/dbm/d' failed
Change-Id: I4273e6d3d5fa520353fff8738823ef281fe237ed
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109619
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 6f5186a94dcd1989cdd819e35163af0542912559)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109587
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 01fffa977e28b2a671f195daa3a1aaa4cbe3b258)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109765
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Recent GCC 10 trunk warns (when LO is configured with --enable-optimized):
> In file included from lt-script-db.c:24:
> lt-script-db.c: In function ‘lt_script_db_parse.constprop’:
> lt-messages.h:105:2: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
> 105 | lt_message_printf(LT_MSG_WARNING, \
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 106 | LT_MSG_FLAG_NONE, \
> | ~~~~~~~~~~~~~~~~~~~
> 107 | 0, \
> | ~~~~~~
> 108 | __VA_ARGS__)
> | ~~~~~~~~~~~~
> lt-script-db.c:137:4: note: in expansion of macro ‘lt_warning’
> 137 | lt_warning("No subtag node: description = '%s'",
> | ^~~~~~~~~~
> lt-script-db.c:137:47: note: format string is defined here
> 137 | lt_warning("No subtag node: description = '%s'",
> | ^~
Change-Id: I2924f7aab84f4f2640f277ee5c2689753627ae78
Reviewed-on: https://gerrit.libreoffice.org/83869
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 047e8ae5d189f030d565b13f97a4d6a45b00e6be)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105557
Tested-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Change-Id: I0aca4af1bd79f28bf1c920a4d05e80948106aaac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90971
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 002d1152dc418f7d624409e76cd9d4ac0b42c7f8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90975
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 63b573faf984875cda7a879e696ea75fae81df57)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90988
|
|
...as ShellExecuteExW would ignore it anyway
Change-Id: I969db094bb7d2ea230ac8c36eb23d71a90fbe466
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86868
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 14b36a16b225bf7c988f118d499a7287c47cd83e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86877
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056
and expat CVE-2019-15903.
python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a
mystery why --with-system-expat is used everywhere but on MacOSX,
where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no
obvious reason, so try to remove the special case and get rid of the
patch.
Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96
Reviewed-on: https://gerrit.libreoffice.org/83117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076)
Reviewed-on: https://gerrit.libreoffice.org/83189
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can be
seen with failed builds like
<https://ci.libreoffice.org//job/lo_tb_master_mac/35209>:
[...]
> [build PAT] openssl
> [build C ] UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c
> [build C ] UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c
> [build DEP] LNK:Library/libclucene.dylib
> [build LNK] Library/libclucene.dylib
> In file included from /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21:
> /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11: fatal error: 'openssl/opensslconf.h' file not found
> # include <openssl/opensslconf.h>
> ^~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26)
|
|
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100864
Tested-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100903
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Since NSS 3.53, the Makefile based build should be fixed (upstream
bug 290526). The only missing patch is a minimal NSPR fix for the
"NSPR, configure + make, parallel, Windows, MS VS, debug" build.
That patch isn't incuded in the NSPR 4.25 release (but it's already
in the mercurial repo for NSPR 4.26).
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95218
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit b56e8d6def26a0430853835e997f1be841840a61)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100419
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit c1bce55faebd9ad8751d7b6b9a7f77dff7b3d507)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100589
(cherry picked from commit 3e4dbb1708d4b3b7619602b63602b884a7bb2caa)
Change-Id: I8eaa3792a12bdff734e56ac3f552991478957e23
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100863
Tested-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100902
Tested-by: Andras Timar <andras.timar@collabora.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
... which previously failed with
cd freebl; make libs
error: unknown target CPU 'armv8-a'
and
cd freebl; make libs
error: unknown target CPU 'armv8-a+crypto'
respectively.
Change-Id: Ib8a6bfc615c4fb15a1e5dd3e55bba187ff34a891
Reviewed-on: https://gerrit.libreoffice.org/84369
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95600
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Henry Castro <hcastro@collabora.com>
|
|
Fixes CVE-2019-11745.
Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream.
Reviewed-on: https://gerrit.libreoffice.org/83673
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit a6238c3fba80889f9090d997e2a4979b78b34ac7)
Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94379
Tested-by: Andras Timar <andras.timar@collabora.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Change-Id: I51c03e13fba4619a881ade27d149722698859815
Reviewed-on: https://gerrit.libreoffice.org/81886
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
|
|
Following https://cgit.freedesktop.org/libreoffice/core/commit/?id=02623af4f5e0049ec5988df8ff6c7ff0f32f3fb1
See details here:
http://document-foundation-mail-archive.969070.n3.nabble.com/fatal-error-LNK1561-on-nss-Visual-Studio-2017-td4256601.html
Change-Id: I75f2c8a5409e484a8a5a12a6f12d5c20b244d2b2
Reviewed-on: https://gerrit.libreoffice.org/67092
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/81222
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
|
|
We don't run them and building them takes a while, especially with -j1.
Old time: 2m35,809s
New time: 1m12,858s
(With ccache disabled.) I.e. 47% of baseline.
Change-Id: I3e2d75b27be3c5995b5e6db9812c9f82d33f42fd
Reviewed-on: https://gerrit.libreoffice.org/65843
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/81221
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
|
|
Change-Id: I59145513f596b583c80f5e9a843956b3175aa3d2
|
|
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121029
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2019-18197.
Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1)
Reviewed-on: https://gerrit.libreoffice.org/83377
(cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473)
Reviewed-on: https://gerrit.libreoffice.org/83419
Tested-by: Michael Stahl <michael.stahl@cib.de>
|
|
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115935
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
... which is, surprisingly enough, required to build the latest libxslt.
Reviewed-on: https://gerrit.libreoffice.org/83311
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit d1bf39a78ed239d4493f0470ca937852265e79d6)
Reviewed-on: https://gerrit.libreoffice.org/83347
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit e9dc4662d4ba3bde91407911f1bc1a7aa25fa0ce)
Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
Reviewed-on: https://gerrit.libreoffice.org/83418
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Tested-by: Michael Stahl <michael.stahl@cib.de>
|
|
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d)
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119427
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119426
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: I26f4a835e2f148b7855a27843f5606820dfe2532
|
|
Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: I0fdbe2871d74836d530a69532bf22c17f642c922
|
|
Change-Id: I3b6b3faea7986f3e5a6ae4790580d03bc9c955fc
Reviewed-on: https://gerrit.libreoffice.org/81545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 2eadd46ab81058087af95bdfc1fea28fcdb65998)
Reviewed-on: https://gerrit.libreoffice.org/83363
Reviewed-by: Rasmus Thomsen <oss@cogitri.dev>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94380
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Where option "-R" means, according to the open(1) man page: "Reveals the file(s)
in the Finder instead of opening them." This appears to always reveal in
Finder, even for *.app "application directories", so should not affect
CVE-2019-9847.)
Change-Id: I775db7bf71c09adc6570931a977b82dfee8dc95a
Reviewed-on: https://gerrit.libreoffice.org/82749
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 1ff1466b055890b2ca0ff3a47262bc048ad78542)
Reviewed-on: https://gerrit.libreoffice.org/82756
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114213
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093)
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108956
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543
CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873
CVE-2019-10872 CVE-2019-10871 CVE-2019-10018
remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
Reviewed-on: https://gerrit.libreoffice.org/83308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 28e52c49452320ac76489d0f93ca5692456e5331)
Reviewed-on: https://gerrit.libreoffice.org/83336
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit f3b2d61376c6d7ae262f58406d89ef0caa8b0aaf)
Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94381
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93789
Tested-by: René Engelhard <rene@debian.org>
Tested-by: Jenkins
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
(cherry picked from commit b42ab78fb871924896b3cc38a7b2f1257151f711)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96639
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit d40f36bf47814c324a1ec467c566255fb187444b)
Change-Id: I89b4635a6a3e3a5522172d6f4c3f14e6c14994b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108955
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|