| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: Ibffc5edd3c0937994c405f82ba8656c24c154342
|
|
Change-Id: I314880b70c68a3f62705c688be575e22fe9c7f62
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112412
(cherry picked from commit 52a23d595b820cab27d76d0e7c129f2757c762d6)
(cherry picked from commit ff80b0f3126506b4baac67ce67e224a7c3a68c8d)
Conflicts:
xmlsecurity/source/helper/xmlsignaturehelper.cxx
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
|
|
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
(cherry picked from commit a32e305bcdc7d47efa033da74309856deb41d37e)
|
|
(cherry picked from commit 3c3299621628c11bf9f0f38e1259938b391c31e0)
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
(cherry picked from commit d81b142abfa17162f6f40b928a0b2b90ac897e2c)
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113058
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8558bc8a0702bf41e020018f469b9feccd99f92d)
Conflicts:
include/svl/sigstruct.hxx
xmlsecurity/inc/xmlsignaturehelper.hxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecsign.cxx
xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
(cherry picked from commit ed914263f07acabcea8681418d9d277d62e22ed5)
Conflicts:
include/svl/sigstruct.hxx
svl/source/crypto/cryptosign.cxx
sw/source/core/edit/edfcol.cxx
xmlsecurity/inc/xsecctl.hxx
xmlsecurity/source/component/documentdigitalsignatures.cxx
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
xmlsecurity/source/helper/xmlsignaturehelper.cxx
xmlsecurity/source/helper/xsecctl.cxx
xmlsecurity/source/helper/xsecverify.cxx
xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
|
|
(cherry picked from commit 0559f8ee41d9f6d6fff342cdcaf878c769c48161)
Conflicts:
xmlsecurity/source/helper/ooxmlsecexporter.cxx
Change-Id: I3faa33c98ec56197a1528f443c3850c70e171c4b
(cherry picked from commit 4c9ff57c34dcfc4decf6a6053b5c0f91ce49c97e)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242)
(cherry picked from commit 5b365c7cf8f39a801249947dbd1082261d148b61)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecverify.cxx
(cherry picked from commit ed79a68e39a01a51340bde747804808d9defb2fc)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecsign.cxx
(cherry picked from commit d3f1d1272259b220f5f69d7c5a71b85c34a65531)
Conflicts:
include/svl/sigstruct.hxx
xmlsecurity/inc/xsecctl.hxx
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecverify.cxx
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
|
|
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)
xmlsecurity: move XSecParser state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)
xmlsecurity: move XSecParser Reference state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ad5930e87e788780a255523f106deb1dde5d7b37)
Conflicts:
xmlsecurity/source/helper/xsecparser.cxx
xmlsecurity/source/helper/xsecparser.hxx
(cherry picked from commit 6870dcf864d47626937a27423fef7aabc8ef29ee)
Conflicts:
include/xmloff/xmlimp.hxx
xmloff/source/core/xmlimp.cxx
xmlsecurity/source/helper/xsecparser.cxx
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
|
|
Using nested install is bad because (1) MS advises against it (though it
most possibly doesn't relate to our specific case, when we install the
vc redist exe package in UI part, so actually only a single MSI session
is active at any time); (2) because it adds some extra interactions
(user sees something "unrelated" being installed, which raises concerns;
additional admin authentication required); and (3) because it runs in
InstallUISequence, thus only installing the UCRT when doing interactive
installation (unattended installs, including GPO, need to install UCRT
separately).
This patch aims to incorporate the original UCRT MSU (Windows Update)
packages (https://support.microsoft.com/en-us/help/2999226) available as
a zip archive from
https://www.microsoft.com/en-us/download/details.aspx?id=48234
- the same as used in VC redists for VS 2015 and 2017. This obsoletes
the separate installation of the redist; since we also have the redist
as merge module in our MSI, that is enough (and removes redundancy).
The MSUs are installed using wusa.exe in a custom action (deferred,
non-impersonating).
As a small bonus, embedding MSUs instead of redist EXE allows us to
shrink the size of installer a little (~10 MB).
As deferred custom actions cannot access current installer database,
we workaround this by using initial immediate impersonating action to
extract the binaries into a temporary location. To ensure that the file
gets removed upon completion (both successful and failed), we use an
additional cleanup action.
Commit 61b1d631331551b43bc7d619be33bfbfeff7cad6 is effectively reverted.
This commit also includes changes from commits from master:
8faa1bc61fa8f09365d483364aea2b1c2751b587
1f8a3657216e44796cb94087450552aa977ebdae
378c1576d2890625ebbd18ec9ccff560eeb1619f
Change-Id: I1529356fdcc67ff24b232c01ddf8bb3a31bb00bd
Reviewed-on: https://gerrit.libreoffice.org/53332
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
|
|
Change-Id: Ic9b40aab27728943675fb820b59634d79ba81435
|
|
Change-Id: Ie736220197663b22a39840459c21230192925e3e
|
|
- move actual variables into com_MSC_class.mk
- use export ... && to set the variables, so they affect all subsequent
commands, not just the first one
- clear MAKE as well, as that is apparently used by nmake, but can
only point to GNU make
- set CC, because nmake apparently can interpret C:/Progra~1/.../cl.exe
etc. etc. as a "C:" command with some additional arguments which only
changes the current directory, without even invoking the shell, which
tends to cause profanities to be uttered for extended periods of time
Change-Id: Ia7b1e6a70d6ac116d4ef0312d2aa1a4747fb8cbf
Reviewed-on: https://gerrit.libreoffice.org/44159
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121029
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can be
seen with failed builds like
<https://ci.libreoffice.org//job/lo_tb_master_mac/35209>:
[...]
> [build PAT] openssl
> [build C ] UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c
> [build C ] UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c
> [build DEP] LNK:Library/libclucene.dylib
> [build LNK] Library/libclucene.dylib
> In file included from /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21:
> /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11: fatal error: 'openssl/opensslconf.h' file not found
> # include <openssl/opensslconf.h>
> ^~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4)
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4
|
|
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119426
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
|
|
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115935
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
At the moment the ProductVersion-Path has always the same format,
with this patch, when the format the same, then no change is need for
the next Version.
Change-Id: I6a52fd20751ba139dd5ed6e3802f29c5e8f02975
Reviewed-on: https://gerrit.libreoffice.org/60041
Tested-by: Jenkins
Reviewed-by: Juergen Funk (CIB) <juergen.funk_ml@cib.de>
|
|
... moving libxslt includes first:
C:\PROGRA~2\MICROS~2\Windows\v7.1A\include\winnt.h(519): warning C4005: 'DECLARE_HANDLE': macro redefinition
C:\LO\lode\dev\core\include\sal/main.h(87): note: see previous definition of 'DECLARE_HANDLE'
C:\PROGRA~2\MICROS~2\Windows\v7.1A\include\windef.h(280): error C2371: 'HINSTANCE': redefinition; different basic types
C:\LO\lode\dev\core\include\sal/main.h(89): note: see declaration of 'HINSTANCE'
Change-Id: Ia9a89835c2d0b0c3dadde6258b5f3ea013541626
|
|
Change-Id: I0e5314312bbefd3bd59cd39f0f8b876de8463e25
|
|
Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110970
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
(cherry picked from commit f456c4dacf700e064e112ef068ff7edb04239754)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110922
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f19d95986756412e5d72047656eec17a720c5e57)
Change-Id: Iff416a9c5930ad5903f7ee51a2abbc94d5f40800
|
|
... which obviously are rejected by SHGetFileInfoW and SHParseDisplayName
that it calls internally.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87565
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87737
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit fc043d38c256243fb782cc48e7708feaeabba4ae)
Change-Id: I2f5f3c675ea6aa1c2d92eef30be4399a8d600255
|
|
Change-Id: Ifa662be39ac7d35241ee31956e2556b7ba3b5a02
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106558
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 696739056f37430154d6333b8f7228d1c44d09b3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106520
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit ec5adc39cbea6d754ef68ab3d03fb16066b27e40)
|
|
Change-Id: Iad3719ad03fa1bdec2e31b4cc972594791cd5788
Reviewed-on: https://gerrit.libreoffice.org/44515
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
At least Fedora 28 glibc-2.27-8.fc28 no longer provides the nis development
headers and libraries. (It only still contains some binaries for backwards
compatibility, in the libnsl sub-package: "This package provides the legacy
version of libnsl library, for accessing NIS services.")
There is probably no real need to have nis.cpython-*m.so contained in
external/python3/ExternalPackage_python3.mk (it probably just happened to build
fine when that list was originally created, so was included).
Change-Id: Ic6128fd872432005c0ded76640c5b56781ca69a1
Reviewed-on: https://gerrit.libreoffice.org/52535
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Looks like Python 3.5 is EOL, so backport the patch.
Change-Id: I9ba397b3ed7e5f4ee4f78b144d822ce260ca9fb4
|
|
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093)
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108956
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93789
Tested-by: René Engelhard <rene@debian.org>
Tested-by: Jenkins
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
(cherry picked from commit b42ab78fb871924896b3cc38a7b2f1257151f711)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96639
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit d40f36bf47814c324a1ec467c566255fb187444b)
Change-Id: I89b4635a6a3e3a5522172d6f4c3f14e6c14994b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108955
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: I7a3684932b8f9c403a3368b42fa4d8039c67f1a9
Reviewed-on: https://gerrit.libreoffice.org/84384
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86905
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
Tested-by: Tomáš Chvátal <tchvatal@suse.com>
(cherry picked from commit 035830400393e075fca364a444e04c40516730b2)
|
|
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
|
|
Since NSS 3.53, the Makefile based build should be fixed (upstream
bug 290526). The only missing patch is a minimal NSPR fix for the
"NSPR, configure + make, parallel, Windows, MS VS, debug" build.
That patch isn't incuded in the NSPR 4.25 release (but it's already
in the mercurial repo for NSPR 4.26).
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95218
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit b56e8d6def26a0430853835e997f1be841840a61)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100419
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit c1bce55faebd9ad8751d7b6b9a7f77dff7b3d507)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100589
(cherry picked from commit 3e4dbb1708d4b3b7619602b63602b884a7bb2caa)
Change-Id: I8eaa3792a12bdff734e56ac3f552991478957e23
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90971
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 002d1152dc418f7d624409e76cd9d4ac0b42c7f8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90975
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 63b573faf984875cda7a879e696ea75fae81df57)
Change-Id: I0aca4af1bd79f28bf1c920a4d05e80948106aaac
|
|
...as ShellExecuteExW would ignore it anyway
Change-Id: I969db094bb7d2ea230ac8c36eb23d71a90fbe466
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86868
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 14b36a16b225bf7c988f118d499a7287c47cd83e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86877
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit 51da0d22ff42b20ab38130b7874651ef136ecceb)
|
|
Fixes CVE-2019-11745.
Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream.
Reviewed-on: https://gerrit.libreoffice.org/83673
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit a6238c3fba80889f9090d997e2a4979b78b34ac7)
Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08
|
|
fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543
CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873
CVE-2019-10872 CVE-2019-10871 CVE-2019-10018
remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
Reviewed-on: https://gerrit.libreoffice.org/83308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 28e52c49452320ac76489d0f93ca5692456e5331)
Reviewed-on: https://gerrit.libreoffice.org/83336
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit f3b2d61376c6d7ae262f58406d89ef0caa8b0aaf)
Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35
|
|
Reviewed-on: https://gerrit.libreoffice.org/81545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 2eadd46ab81058087af95bdfc1fea28fcdb65998)
Reviewed-on: https://gerrit.libreoffice.org/83363
Reviewed-by: Rasmus Thomsen <oss@cogitri.dev>
(cherry picked from commit 928a372775a0758aa76eb10e568d5c106a8586eb)
Change-Id: I3b6b3faea7986f3e5a6ae4790580d03bc9c955fc
|
|
Fixes CVE-2019-18197.
Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1)
Reviewed-on: https://gerrit.libreoffice.org/83377
(cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473)
Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
|
|
Change-Id: Ifc64dae74df341e107857e43223ead04b9c1061e
Reviewed-on: https://gerrit.libreoffice.org/66309
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 3f720ac5ff65ddb2c0a06e48d0e2e9bec29f3a43)
Reviewed-on: https://gerrit.libreoffice.org/66364
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit efe7b735104343e5e0182e1b004aca9c7b79a901)
|
|
Reviewed-on: https://gerrit.libreoffice.org/44422
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit c110dabbf0fcddf9da2e61d66ca093cf6e6c57a1)
Change-Id: Idee2f18dccdf309027142137683ac86735f575cc
|
|
* drop most of libxslt-internal-symbols.patch, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/41947
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
(cherry picked from commit 1d7b3cbe1f08319eddf88aac04923ae44873f246)
Change-Id: I59cf57a4d3139ad5fa0e5ce1a6cdaaa568ae3a40
|
|
... which is, surprisingly enough, required to build the latest libxslt.
Reviewed-on: https://gerrit.libreoffice.org/83311
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit d1bf39a78ed239d4493f0470ca937852265e79d6)
Reviewed-on: https://gerrit.libreoffice.org/83347
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit e9dc4662d4ba3bde91407911f1bc1a7aa25fa0ce)
Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
|
|
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056
and expat CVE-2019-15903.
python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a
mystery why --with-system-expat is used everywhere but on MacOSX,
where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no
obvious reason, so try to remove the special case and get rid of the
patch.
Reviewed-on: https://gerrit.libreoffice.org/83117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076)
Reviewed-on: https://gerrit.libreoffice.org/83189
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 0d4b1f624349361e5bf11b58ccc9e0e295c0e4aa)
Remove external/python3/python-3.5.7-c99.patch.1 - was apparently
reverted upstream.
Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96
|
|
... if link updates are allowed in the current document and that
intermediate document resides in a trusted location.
This works with both, the "Always (from trusted locations)" and
the "On request" settings under Tools -> Options -> Calc ->
General. It can't work with documents residing in a non-trusted
location as there is no way to allow updates on demand for a such
loaded document (hidden via formulas).
Reviewed-on: https://gerrit.libreoffice.org/77588
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 54bf84746a2a9a2e2aaf0df9e429b0cfd538f640)
Reviewed-on: https://gerrit.libreoffice.org/77604
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 14825a8b7f00ee4c148f2583856e5102312cabbd)
(cherry picked from commit f136b30fa3e991b780e4b1ed704d04256d0cfca0)
Change-Id: Ie483f7743db7c6d5cf947dc16a9c3660855f3423
(cherry picked from commit 86a3ea14d959f8a5409ea4883d9bf19e48046947)
|
|
Reviewed-on: https://gerrit.libreoffice.org/78978
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 4436a29401beffd0893ecae70cd09c7a49f49f22)
Change-Id: Ia98c9718ccd8e18b5f56851027bde944164f05c4
|
|
Reviewed-on: https://gerrit.libreoffice.org/44552
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit 34a7a9fd7649655256a85b5701d461af5ccc2016)
Change-Id: Ic92002ec4f5edc48ca1bb3ac84836c4e6d19833c
|
|
Change-Id: I8280a81eef2ced0ff0ace51ea9f094421abafe13
Reviewed-on: https://gerrit.libreoffice.org/78108
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 761e6dd25782420bf06e4a2ff3205a79b6cbb136)
Reviewed-on: https://gerrit.libreoffice.org/78129
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit ffad51e9e625a22f1efab3da7886baf4134b444f)
|
|
Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346
Reviewed-on: https://gerrit.libreoffice.org/77706
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728)
Reviewed-on: https://gerrit.libreoffice.org/77724
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 52f7aa318722bd17c77ee5c4fa8307936e7b53af)
|
