| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: I6597543b6211fa5f7cf661f76c81778d7cddd3b0
|
|
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Includes: nss: upgrade to release 3.71
* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream
Conflicts:
download.lst
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
(cherry picked from commit c99f4359a2901bde5d6cfb623a47f99ba2d5e18a)
|
|
MS Word is putting spaces between field mark and field instruction
text. Writer preserves these spaces, but without xml:space="preserve"
they are not displayed by Word later.
Change-Id: I480e6febf0ee278b56e9dfc6e0430c5fd5bdfd71
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125875
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
see
<https://git.savannah.gnu.org/cgit/bison.git/commit/?id=f30067ed51f23802fc91761ede1506dfa72b2865>
"glr2.cc: log the execution of deferred actions" including "Rename argument yyn
as yyrule for clarity."
YYBISON was defined as 1 rather than as a representation of the Bison version
prior to
<https://git.savannah.gnu.org/cgit/bison.git/commit/?id=21c147b6e5372563b7c4741deadaddb9354f4b09>
"yacc.c: provide the Bison version as an integral macro", which shouldn't be a
problem here. And YYBISON is apparently completely undefined with
/usr/bin/bison on macOS.
(The preceding comment always mentioned "yyi" and "yyrmap" in apparent mismatch
with the actually used "yyn" and "yyr1" ever since
c25ec0608a167bcf1d891043f02273761c351701 "initial import", so just leave it
untouched.)
Change-Id: I4f901407aa21ed4abec84e661d813ee7599f02f0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122082
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 45227d9b79dc4f2a2aa6874cd4e3c02b7934b197)
|
|
Fixes CVE-2021-23222.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
|
|
35d248cab1f0d4800f72abb5cb6afb56f40d9083 forgot to fix one place where
control characters were in a presumed XML declaration.
Another place looks missing where comments are handled, but it's not
clear if these can be passed on to Writer.
Revert the previous fix from commit
b3325ef8cdfc2c82eec34e747106f75a9fccb7e4.
Change-Id: I11ad13de9122533626e512ce0384051e3e5bd97f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125306
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7116b890ccd6dd1721413b4de6591a8057668ef)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124563
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 2f01faaf88b6d172d7293f0c9e2a061d99b8ceb5)
fix misplaced line
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124630
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 4ed359093c991291216c39cffe14a60e607ec551)
Change-Id: I11fa665175ef067a36f4822676c02d4df1e1e250
|
|
Change-Id: I8f783473dd5d4679846c7c866cd1853ef7d919fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122628
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit bfc70a9f314bbb5b03247be25544e9b4cc467f8d)
|
|
Change-Id: I5a4ca534b24098342d8f465a32bc1887f40f5b63
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122629
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 4a93b7a2f8a3fc13fed800d93e2103b785abeb62)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122611
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ca844cbdc3e933e3082e9cde0632445916de819e)
Change-Id: Iba6f200cea92196986bd30564cf56ab5d8b954b1
|
|
when we do some operations that may delete paragraphs
Change-Id: I2165dd287771f06c6d0fd061dd7659b06db4bd72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121511
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit bc7baa18435000f47f90e47d3300710bcb4cf56b)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121230
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 72da4c623baf60eb2b7073697cd36ffb3022847d)
Change-Id: I6e09226fad1e566ba2758d0084042b603b84d221
|
|
use a SwUnoCursor for the LastAnchorPos around here, this is similar to
ofz#9858 Bad-cast
Change-Id: I194a39ae13c382740b0ba8145dcc33fb2107105d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120679
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit c1cd505c67a53a0a27589889b34641612d10946d)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119060
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ceb32f59d96a17c3007ed883fb44bc880673c8e0)
Change-Id: Id8ca0d277f485347e21bd8d6d68de2a7de13de48
|
|
no logic change intended
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118983
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 3a5383892e1f0e22558cd56cb77d56a09c515b7a)
Change-Id: Ib0174f8040faa3efde7b9c5ba9b062bac5a35da3
|
|
in:
sw/source/core/text/itrform2.cxx:2643 SwTextFormatter::NewFlyCntPortion
at: pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame)
(gdb) print m_pCurr
$2 = (SwLineLayout *) 0x55ea220a0020
after calling GetFlyFrame m_pCurr is unchanged and we will call
m_pCurr->MaxAscentDescent
on it.
But m_pCurr is deleted during GetFlyFrame by...
#18 0x00007f98c5cd337f in SwLineLayout::~SwLineLayout() (this=this@entry=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/portxt.hxx:26
#19 0x00007f98c5cd347a in SwParaPortion::~SwParaPortion() (this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#20 0x00007f98c5cd3485 in SwParaPortion::~SwParaPortion() (this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#21 0x00007f98c5d05e70 in std::default_delete<SwParaPortion>::operator()(SwParaPortion*) const (__ptr=<optimized out>, this=<optimized out>)
at /usr/include/c++/8/bits/unique_ptr.h:75
#22 0x00007f98c5d05e70 in std::unique_ptr<SwParaPortion, std::default_delete<SwParaPortion> >::reset(SwParaPortion*)
(__p=<optimized out>, this=<optimized out>) at /usr/include/c++/8/bits/unique_ptr.h:382
#23 0x00007f98c5d05e70 in SwTextLine::SetPara(SwParaPortion*, bool) (bDelete=true, pNew=0x0, this=<optimized out>)
at source/libo-core/sw/source/core/text/txtcache.hxx:45
#24 0x00007f98c5d05e70 in SwTextFrame::ClearPara() (this=this@entry=0x55ea21302b60) at source/libo-core/sw/source/core/text/txtcache.cxx:113
#25 0x00007f98c5d1be89 in SwTextFrame::Init() (this=this@entry=0x55ea21302b60) at source/libo-core/sw/source/core/text/txtfrm.cxx:757
#26 0x00007f98c5d2630c in SwTextFrame::Prepare(PrepareHint, void const*, bool)
(this=0x55ea21302b60, ePrep=PrepareHint::FlyFrameArrive, pVoid=<optimized out>, bNotify=<optimized out>)
at source/libo-core/sw/source/core/text/txtfrm.cxx:3086
#27 0x00007f98c5b1edb8 in SwFlyInContentFrame::NotifyBackground(SwPageFrame*, SwRect const&, PrepareHint)
(this=<optimized out>, rRect=..., eHint=<optimized out>) at source/libo-core/sw/inc/anchoredobject.hxx:205
#28 0x00007f98c5b261a6 in Notify(SwFlyFrame*, SwPageFrame*, SwRect const&, SwRect const*)
(pFly=pFly@entry=0x55ea21a18d60, pOld=0x0, rOld=SwRect = {...}, pOldPrt=pOldPrt@entry=0x7ffeb50390f8)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#29 0x00007f98c5b2ceca in SwFlyNotify::~SwFlyNotify() (this=0x7ffeb50390d0, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/layout/frmtool.cxx:648
#30 0x00007f98c5b1fa25 in SwFlyInContentFrame::MakeAll(OutputDevice*) (this=0x55ea21a18d60)
at source/libo-core/sw/source/core/inc/frmtool.hxx:419
#31 0x00007f98c5aec3a9 in SwFrame::PrepareMake(OutputDevice*) (this=0x55ea21a18d60, pRenderContext=0x55ea212bc4c0)
at source/libo-core/sw/source/core/layout/calcmove.cxx:375
#32 0x00007f98c5b17ad2 in SwFlyFrame::Calc(OutputDevice*) const (this=<optimized out>, pRenderContext=<optimized out>)
at source/libo-core/sw/source/core/layout/fly.cxx:2890
#33 0x00007f98c5b636c5 in SwObjectFormatter::FormatLayout_(SwLayoutFrame&) (this=this@entry=0x55ea2244d150, _rLayoutFrame=...)
at source/libo-core/include/rtl/ref.hxx:206
#34 0x00007f98c5b6413e in SwObjectFormatter::FormatObj_(SwAnchoredObject&) (this=this@entry=0x55ea2244d150, _rAnchoredObj=...)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:296
#35 0x00007f98c5b6705b in SwObjectFormatterTextFrame::DoFormatObj(SwAnchoredObject&, bool)
(this=0x55ea2244d150, _rAnchoredObj=..., _bCheckForMovedFwd=<optimized out>)
at source/libo-core/sw/source/core/layout/objectformattertxtfrm.cxx:136
#36 0x00007f98c5b6359f in SwObjectFormatter::FormatObj(SwAnchoredObject&, SwFrame*, SwPageFrame const*)
(_rAnchoredObj=..., _pAnchorFrame=<optimized out>, _pPageFrame=<optimized out>)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:190
#37 0x00007f98c5d717aa in SwTextFlyCnt::GetFlyFrame_(SwFrame const*) (this=this@entry=0x55ea214d8810, pCurrFrame=pCurrFrame@entry=0x55ea21302b60)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#38 0x00007f98c5cb511b in SwTextFlyCnt::GetFlyFrame(SwFrame const*) (pCurrFrame=0x55ea21302b60, this=0x55ea214d8810)
at source/libo-core/sw/inc/txtflcnt.hxx:48
#39 0x00007f98c5cb511b in SwTextFormatter::NewFlyCntPortion(SwTextFormatInfo&, SwTextAttr*) const
(this=this@entry=0x7ffeb503a6b0, rInf=..., pHint=0x55ea214d8810) at source/libo-core/sw/source/core/text/itrform2.cxx:2643
(gdb) print this
(SwLinePortion * const) 0x55ea220a0020
The SwTextFrame of SwTextFrame::ClearPara is the same pFrame/m_pFrame at SwTextFormatter::NewFlyCntPortion
ClearPara is not called if the SwTextFrame is "Locked", so try using that to protect GetFlyFrame
Change-Id: Ia9dcb1f345f6953d995f2acf1ec23492d1680364
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118784
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7e016df70d4ceb6c90ec5f1b129b50a65ff07505)
|
|
Change-Id: Ic6eec2f9829c415abd4f2628bc51efbf98f918fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118228
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit e803875fbb86b24b39fcd9adcf7df40ed255ea8f)
|
|
Change-Id: I7a462b821f286411d759b5259461fcdbf1741859
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117955
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 228cb26a6a1afe668dd17471bedf0ab52f133d5a)
|
|
Change-Id: I6c69375a89781fc0b87230203335c861efb562f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113518
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 8de38977838d5a044271cb170730e3d557659f17)
|
|
make a copy of m_pImpGraphicList because if we swap out a svg, the svg filter
may create more temp Graphics which are auto-added to m_pImpGraphicList
invalidating a loop over m_pImpGraphicList
#0 0x00007ffff0d25ae5 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:88
#1 0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&, rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>, pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#2 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#3 0x00007ffff0b6735c in Graphic::Graphic() (this=0x7fffffff84f0) at vcl/source/gdi/graph.cxx:182
#4 0x00007fffdc526600 in svgio::svgreader::SvgImageNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x555556817940, rTarget=...) at svgio/source/svgreader/svgimagenode.cxx:219
#5 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
#6 0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106
#7 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
#8 0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106
#9 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
#10 0x00007fffdc54d19f in svgio::svgreader::SvgSvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgsvgnode.cxx:304
#11 0x00007fffdc571373 in svgio::svgreader::(anonymous namespace)::XSvgParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&) (this=0x55555a69c6d0, xSVGStream=uno::Reference to (comphelper::SequenceInputStream *) 0x555557480668, aAbsolutePath="")
at svgio/source/svguno/xsvgparser.cxx:160
#12 0x00007ffff0cf849b in VectorGraphicData::ensureSequenceAndRange() (this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:196
#13 0x00007ffff0cf9124 in VectorGraphicData::getRange() const (this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:323
#14 0x00007ffff0b74da7 in ImpGraphic::ImplGetPrefSize() const (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:778
#15 0x00007ffff0b76623 in ImpGraphic::ImplWriteEmbedded(SvStream&) (this=0x5555588b00f0, rOStm=...)
at vcl/source/gdi/impgraph.cxx:1235
#16 0x00007ffff0b770a1 in ImpGraphic::ImplSwapOut(SvStream*) (this=0x5555588b00f0, xOStm=0x55555826b7d0)
at vcl/source/gdi/impgraph.cxx:1377
#17 0x00007ffff0b76bdb in ImpGraphic::ImplSwapOut() (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:1328
#18 0x00007ffff0d25c88 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:107
#19 0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&, rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>, pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#20 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#21 0x00007ffff0b6735c in Graphic::Graphic() (this=0x555556d5ea68) at vcl/source/gdi/graph.cxx:182
Change-Id: I4e1ffcb12ead0d53b7ca2f369154e9c753af77d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91650
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 6fa2891da4852716fe62d925ffdbeeb380a2ed66)
|
|
Change-Id: Idd74e0debd12e42ff97d79b56e76cde6fd98aa2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112745
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 236f3a8e60e05147a37f294774b0c07d40aff36f)
|
|
...as happens during UITest_chart
UITEST_TEST_NAME=tdf107097.tdf107097.test_tdf107097 ever since
86b192965ee8d625092b723337f6a65bdf34dcb7 "tdf#107097: sc: Add UItest" added that
test (see <https://ci.libreoffice.org/job/lo_ubsan/1919/>),
> /chart2/source/tools/XMLRangeHelper.cxx:136:52: runtime error: signed integer overflow: 15 * 308915776 cannot be represented in type 'int'
> #0 0x2ad74a554918 in (anonymous namespace)::lcl_getSingleCellAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::Cell&) /chart2/source/tools/XMLRangeHelper.cxx:136:52
> #1 0x2ad74a553482 in (anonymous namespace)::lcl_getCellAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::Cell&, rtl::OUString&) /chart2/source/tools/XMLRangeHelper.cxx:217:13
> #2 0x2ad74a5505da in (anonymous namespace)::lcl_getCellRangeAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::CellRange&) /chart2/source/tools/XMLRangeHelper.cxx:253:19
> #3 0x2ad74a54fde1 in chart::XMLRangeHelper::getCellRangeFromXMLString(rtl::OUString const&) /chart2/source/tools/XMLRangeHelper.cxx:328:15
> #4 0x2ad74a2aed4d in chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&) /chart2/source/tools/InternalDataProvider.cxx:1227:39
> #5 0x2ad74a2b0164 in non-virtual thunk to chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&) /chart2/source/tools/InternalDataProvider.cxx
> #6 0x2ad6c4784257 in (anonymous namespace)::lcl_ConvertRange(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::chart2::XChartDocument> const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:76:32
> #7 0x2ad6c4779a67 in SchXMLPlotAreaContext::startFastElement(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:233:34
> #8 0x2ad6c4c6328a in SvXMLImport::startFastElement(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) /xmloff/source/core/xmlimp.cxx:797:15
> #9 0x2ad704988b78 in (anonymous namespace)::Entity::startElement((anonymous namespace)::Event const*) /sax/source/fastparser/fastparser.cxx:468:27
> #10 0x2ad70496f681 in sax_fastparser::FastSaxParserImpl::consume((anonymous namespace)::EventList&) /sax/source/fastparser/fastparser.cxx:1026:25
> #11 0x2ad70496c65f in sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource const&) /sax/source/fastparser/fastparser.cxx:870:22
> #12 0x2ad7049905d1 in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) /sax/source/fastparser/fastparser.cxx:1482:13
> #13 0x2ad6c4c52b80 in SvXMLImport::parseStream(com::sun::star::xml::sax::InputSource const&) /xmloff/source/core/xmlimp.cxx:504:15
> #14 0x2ad749aafe1e in chart::XMLFilter::impl_ImportStream(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiComponentFactory> const&, com::sun::star::uno::Reference<com::sun::star::document::XGraphicStorageHandler> const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&) /chart2/source/model/filter/XMLFilter.cxx:473:34
> #15 0x2ad749aa9f01 in chart::XMLFilter::impl_Import(com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/filter/XMLFilter.cxx:375:35
> #16 0x2ad749aa0988 in chart::XMLFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/filter/XMLFilter.cxx:221:13
> #17 0x2ad749c2c76e in chart::ChartModel::impl_load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&) /chart2/source/model/main/ChartModel_Persistence.cxx:567:18
> #18 0x2ad749c30eea in chart::ChartModel::loadFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/main/ChartModel_Persistence.cxx:759:5
> #19 0x2ad74244b977 in OCommonEmbeddedObject::LoadDocumentFromStorage_Impl() /embeddedobj/source/commonembedding/persistence.cxx:535:19
> #20 0x2ad7423d7bde in OCommonEmbeddedObject::SwitchStateTo_Impl(int) /embeddedobj/source/commonembedding/embedobj.cxx:185:49
> #21 0x2ad7423e32ff in OCommonEmbeddedObject::changeState(int) /embeddedobj/source/commonembedding/embedobj.cxx:453:13
> #22 0x2ad7424b7057 in OCommonEmbeddedObject::getPreferredVisualRepresentation(long) /embeddedobj/source/commonembedding/visobj.cxx:168:9
> #23 0x2ad67e08fdb6 in comphelper::EmbeddedObjectContainer::GetGraphicReplacementStream(long, com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&, rtl::OUString*) /comphelper/source/container/embeddedobjectcontainer.cxx:1425:54
> #24 0x2ad6a447182c in svt::EmbeddedObjectRef::GetGraphicReplacementStream(long, com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&, rtl::OUString*) /svtools/source/misc/embedhlp.cxx:809:12
> #25 0x2ad6a446c7d4 in svt::EmbeddedObjectRef::GetGraphicStream(bool) const /svtools/source/misc/embedhlp.cxx:616:23
> #26 0x2ad6a4469e58 in svt::EmbeddedObjectRef::GetReplacement(bool) /svtools/source/misc/embedhlp.cxx:424:46
> #27 0x2ad6a446d4ea in svt::EmbeddedObjectRef::GetGraphic() const /svtools/source/misc/embedhlp.cxx:453:54
> #28 0x2ad69d4a9470 in SdrOle2Obj::GetGraphic() const /svx/source/svdraw/svdoole2.cxx:1635:33
> #29 0x2ad71b222d01 in ScDrawTransferObj::ScDrawTransferObj(std::unique_ptr<SdrModel, std::default_delete<SdrModel> >, ScDocShell*, TransferableObjectDescriptor const&) /sc/source/ui/app/drwtrans.cxx:191:107
> #30 0x2ad71d7da932 in ScDrawView::DoCopy() /sc/source/ui/view/drawvie4.cxx:364:56
> #31 0x2ad71c1fb75a in ScDrawShell::ExecDrawFunc(SfxRequest&) /sc/source/ui/drawfunc/drawsh5.cxx:328:20
> #32 0x2ad71c1b181f in SfxStubScDrawShellExecDrawFunc(SfxShell*, SfxRequest&) /workdir/SdiTarget/sc/sdi/scslots.hxx:2823:1
> #33 0x2ad68de39d05 in SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) /include/sfx2/shell.hxx:197:35
> #34 0x2ad68ddd1214 in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:16
> #35 0x2ad68dde721f in SfxDispatcher::Execute_(SfxShell&, SfxSlot const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
> #36 0x2ad68dd5edff in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> #37 0x2ad68e24a322 in SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:758:53
> #38 0x2ad68e245261 in SfxOfficeDispatch::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /sfx2/source/control/unoctitm.cxx:229:16
> #39 0x2ad67e465052 in comphelper::dispatchCommand(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /comphelper/source/misc/dispatchcommand.cxx:61:12
> #40 0x2ad67e4657c5 in comphelper::dispatchCommand(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /comphelper/source/misc/dispatchcommand.cxx:76:12
> #41 0x2ad6b39a49a6 in UITest::executeCommand(rtl::OUString const&) /vcl/source/uitest/uitest.cxx:24:12
> #42 0x2ad6b39b7240 in (anonymous namespace)::UITestUnoObj::executeCommand(rtl::OUString const&) /vcl/source/uitest/uno/uitest_uno.cxx:69:12
> #43 0x2ad6ee6508db in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) /bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #44 0x2ad6ee64abf2 in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) /bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #45 0x2ad6ee64773d in unoInterfaceProxyDispatch /bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #46 0x2ad6f3a7d2ca in binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const /binaryurp/source/incomingrequest.cxx:235:13
Creating a pivot chart apparently generates XML output containing
<chart:plot-area table:cell-range-address="PivotChart" ...>
which does not conform to ODF, see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-February/086884.html>
"Integer overflow in Calc lcl_getSingleCellAddressFromXMLString nColumn
computation" for details.
And, ignoring the signed-integer-overflow UB for now,
InternalDataProvider::convertRangeFromXML would always have returned an empty
OUString for an input of aXMLRange="PivotChart":
chart::XMLRangeHelper::getCellRangeFromXMLString with rXMLString="PivotChart"
calls lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so calls
lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so it
doesn't set rOutTableName, so lcl_getCellAddressFromXMLString returns
bResult=false, so chart::XMLRangeHelper::getCellRangeFromXMLString returns an
empty CellRange().
So, similar to 9e5314f19c9dcff35b5cee5c5a1b7f744e495b2e "tdf#107097 invoke
internal DP and correctly handle 'range' names" added special handling of
aXMLRange values starting with "PT@" to
InternalDataProvider::convertRangeFromXML, also add explicit special handling
for "PivotChart" (instead of relying on the later code returning an empty
string, but after invoking UB).
Change-Id: I1671f0ab3b3ab00dce8e348aa3b7141ebebaaad5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112207
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 6d43ba110084605462901bcee786c7ae4c1f3bdf)
|
|
Change-Id: I3264c0fd509e16cf4727847199f0be316d03d0e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111713
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 58f5c3b07701a14a61dc6b11f959faaf8aa98b9b)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110086
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 4e84a42add9c8ac27feb5e49a96e00ffcc8f0bc8)
Change-Id: I4f03c1cd8bc12f3fa09c815837b289ff088c91d3
|
|
sc/source/core/tool/interpr1.cxx:9578:39: runtime error: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int'
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108677
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 52de00024e84c063ab292890256cda59fe259ef5)
Change-Id: I2975ae1daab826f10f0e52e7d7421ac8dcc9fffc
|
|
Change-Id: I107d8abeac419ba4e70a5880054c9195c60464ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108527
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ab3829bf74667044d9b0f5b96903bbafda5171f6)
|
|
The changelogs tend to mention "crash in malformed files" a lot.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125034
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 03bc0f97205593547ddf1fc8d4fb396479bcab6d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124973
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 22beb8f80985ea73e2c98d14480e53da81673c67)
Change-Id: Iadc1d9cc23abd09a8fff58ba0cb7a7803236a542
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122485
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 8cecaa622700cecb5b5776bd3e5360ac6cc3dd63)
Change-Id: I4e86b163a9abef88f26c6c0ae91ae0a4008658f1
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118868
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7707339a7d10225ff2503a852f68427519ae26f6)
Change-Id: I2bfd5f806281e747702d423b7e59b5f88a7bea9c
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115444
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit de16265f55ff2e4e1beb574fcb5b7b894df234f9)
Change-Id: I38c85fb3e30ffd1f7fc0a11948fc01338f7bb205
|
|
Change-Id: I93b9a32a82098a7b45e899ef29349c48276aa724
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113067
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit d56414fddd0796e63d2d3ae63260de7c6952dc70)
|
|
Allows dropping 5 upstreamed patches.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109195
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 229ee7c0ff5a69f09d6ac87dd585a11a8aacdcab)
Change-Id: I5f77502c5a2d11288b060956e69fd7767f52ab97
|
|
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit b7c670984e4af1c73fa05731ca8029cec487bd52)
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109840
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit f341a9da2eb63ea40ccc5a17d7c9dc557682469f)
Change-Id: Ibc59469b74d54a2b307ea708ea5c4a752532f0b0
|
|
Change-Id: Idc7ed6bbcd3298138fb92c81ddf7dd6278d201dc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92472
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit 56c4444638c0ebb21711b02d1ff235a3ffd3f232)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124779
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 35eef8ec9b122a761400f3c6590ca1f9a187d772)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124701
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 105c258fcdd69f617de64b780ffcdb8304ff262c)
Change-Id: I398596f77aa47ab6d4db01b94422262048cffd3e
|
|
Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70)
|
|
Fixes CVE-2019-12900
Change-Id: If3fcfff78a61c60014ba6d96f1ee0c432ccc52a1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124758
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1289125532a029dc80e4ee3d0a49dca253f51888)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124762
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7208197a4ac718411fa6e3b4c770fdec8c67557d)
|
|
Change-Id: I15a3a9976aa0aee2884f6969c78a7d6370f0c4e7
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e63611fabd38c757809b510fbb71c077880b1081)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124196
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 3dfe381032fc61ea31106f103dee9db8277d4d25)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124420
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that
8 tests including testODFGood in CppunitTest/xmlsecurity_signing
fail because the crypto policy disallows SHA1 for signatures.
Apparently this particular policy bit was added in NSS 3.59:
https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
For signatures, maybe it's not a good idea to override system policy
for product builds, so do it locally in the tests, at least for now.
If similar problems turn up for encrypted documents in the future,
that should be fixed in product builds too of course, as encrypted
documents must always be decryptable.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123768
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 51e82016e8783a452fe5f7921d12c1bf20bfd6b5)
xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicy
The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1
is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually
in libnssutil3.so.
This causes a linking problem when upgrading the internal NSS to a
version that has NSS_USE_ALG_IN_ANY_SIGNATURE.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 395c0c0bbaceadf909e0189af99c6358487c7978)
Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123838
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fedora nss-3.69.0-1.fc34.x86_64 and Debian libnss3:amd64 2:3.70-1 no
longer support the old BerekelyDB databases, so convert them to the new
SQLite format for the benefit of --with-system-nss builds.
This worked to do the upgrade:
> certutil -N -d sql:test/new --empty-password
> LD_LIBRARY_PATH=instdir/program workdir/UnpackedTarball/nss/dist/out/bin/certutil --merge -d sql:test/new --source-dir dbm:test/signing-keys
Builds would fail running tests added in commit
40d70d427edddb589eda64fafc2e56536953d274
signing.cxx:551:Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123586
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 907784ccce7bd8b5121888cff7f5723a55d35358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123643
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7b4b03b9cf21ecd11bc82da5f29c4ff91ad242c9)
Change-Id: I00aa20703e117ebf583c3331b84e966c2cfc78cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123837
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't
actually run on WNT but that wasn't obvious because commit
149df1fec6472e30582162e17e04c75aee91d26a prevented running them in
Jenkins on master, they failed only in the libreoffice-7-1 backport.
xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion
Test name: testODFDoubleX509Certificate::TestBody
assertion failed
- Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)
- 2
This is an oddity where NSS claims the signature in the document is
valid but CryptoAPI claims it is invalid; the hashes passed into the
validation functions are the same. Just allow BROKEN as an additional
result value on WNT.
xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The problem here is that with NSS the tests use a custom NSS database
in test/signing-keys so we need to make these certificates available for
CryptoAPI too.
The following one-liner converts the NSS database to a PKCS#7 that can
be loaded by CrytpAPI:
> openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b
Then one might naively assume that something like this would allow these
certificates to be added temporarily as trusted CAs:
+ HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ;
+ HCERTSTORE const hExtra = CertOpenStore(
+ CERT_STORE_PROV_FILENAME_A,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
+ path);
+ if (hExtra != NULL && hRoot != NULL)
+ {
+ BOOL ret = CertAddStoreToCollection(
+ hRoot,
+ hExtra,
+ CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
+ 0);
+ SAL_DEBUG("XXX hExtra done " << ret);
+ }
There is no error from this, but it doesn't work.
Instead, check if CertGetCertificateChain() sets the
CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate
manually in the extra PKCS#7 store.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7d664ec788acdc378506a7ff8b1120cea24a6770)
Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123836
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
|
|
Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b
|
|
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
|
|
Exception looks like this:
java stack trace:
java.lang.UnsatisfiedLinkError: zulu11\bin\fontmanager.dll: Can't find depende
nt libraries
at java.base/java.lang.ClassLoader$NativeLibrary.load0(Native Method)
at java.base/java.lang.ClassLoader$NativeLibrary.load(ClassLoader.java:2442)
at java.base/java.lang.ClassLoader$NativeLibrary.loadLibrary(ClassLoader.java:2498)
at java.base/java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2694)
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2648)
at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
at java.base/java.lang.System.loadLibrary(System.java:1873)
at java.desktop/sun.font.FontManagerNativeLibrary$1.run(FontManagerNativeLibrary.java:57)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.desktop/sun.font.FontManagerNativeLibrary.<clinit>(FontManagerNativeLibrary.java:32)
at java.desktop/sun.font.SunFontManager$1.run(SunFontManager.java:279)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.desktop/sun.font.SunFontManager.<clinit>(SunFontManager.java:275)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at java.desktop/sun.font.FontManagerFactory$1.run(FontManagerFactory.java:82)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.desktop/sun.font.FontManagerFactory.getInstance(FontManagerFactory.java:74)
at java.desktop/sun.java2d.SunGraphicsEnvironment.getFontManagerForSGE(SunGraphicsEnvironment.ja
va:189)
at java.desktop/sun.java2d.SunGraphicsEnvironment.getAvailableFontFamilyNames(SunGraphicsEnviron
ment.java:223)
at java.desktop/sun.java2d.SunGraphicsEnvironment.getAvailableFontFamilyNames(SunGraphicsEnviron
ment.java:251)
Change-Id: I7a16bb5813d4c089ddb4de34a250280cf6fee137
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119880
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
(cherry picked from commit 48c5ba19e4f4a1ad5a88b5e6f0816c080e1253ec)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119970
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
First, a document is loaded, then about 4 pages of content are pasted into
it, in about 6 paste operations.
In an idle layout action, a page's worth of content moves forward; the
text frame at the bottom was split previously, and is joined.
The follow has the same upper as the master text frame, so this causes
the upper section frame to shrink:
SwRect::operator=(const SwRect & rRect) Zeile 256
SwFrameAreaDefinition::FrameAreaWriteAccess::~FrameAreaWriteAccess() Zeile 112
SwSectionFrame::Shrink_(__int64 nDist, bool bTst) Zeile 2327
SwFrame::Shrink(__int64 nDist, bool bTst, bool bInfo) Zeile 1562
SwContentFrame::Cut() Zeile 1339
SwTextFrame::JoinFrame() Zeile 677
SwContentFrame::MakeAll(OutputDevice * __formal) Zeile 1310
The ToMaximize(false) check doesn't help because the section frame
doesn't have a follow (or footnotes).
Then the text frame is formatted, resulting in one line but no height
for it, and a split after the one line.
The split causes a follow section frame to be created, calling
SwSectionFrame::SimpleFormat() on the master's upper:
SwFrameAreaDefinition::FramePrintAreaWriteAccess::~FramePrintAreaWriteAccess() Zeile 120
SwFrame::SetTopBottomMargins(__int64 nTop, __int64 nBot) Zeile 175
SwRectFnSet::SetYMargins(SwFrame & rFrame, __int64 nTop, __int64 nBottom) Zeile 1405
SwSectionFrame::SimpleFormat() Zeile 1192
SwSectionFrame::SwSectionFrame(SwSectionFrame & rSect, bool bMaster) Zeile 110
SwFrame::GetNextSctLeaf(MakePageType eMakePage) Zeile 1781
SwFrame::GetLeaf(MakePageType eMakePage, bool bFwd) Zeile 879
SwFlowFrame::MoveFwd(bool bMakePage, bool bPageBreak, bool bMoveAlways) Zeile 1977
SwContentFrame::MakeAll(OutputDevice * __formal) Zeile 1349
SwFrame::PrepareMake(OutputDevice * pRenderContext) Zeile 286
SwFrame::Calc(OutputDevice * pRenderContext) Zeile 1794
SwTextFrame::CalcFollow(o3tl::strong_int<long,Tag_TextFrameIndex> nTextOfst) Zeile 281
SwTextFrame::AdjustFollow_(SwTextFormatter & rLine, o3tl::strong_int<long,Tag_TextFrameIndex> nOffset, o3tl::strong_int<long,Tag_TextFrameIndex> nEnd, const unsigned char nMode) Zeile 608
Now the upper has space but at this point the master text frame is valid
and not invalidated, so it never grows into the available space.
There is a check to format again in case additional space is available
in SwTextFrame::CalcFollow() but peculiarly it's disabled if the upper
is a section frame since initial CVS import.
Removing this check appears to fix the problem.
Change-Id: Ifad545f7e79675af6e33d68c7fcdbc82bd4f8f57
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119419
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 44cc59db6f4f4f8b2ce5c993a31b5a019a8d7e97)
|
|
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d)
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
|
|
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
|
