avmedia/source/viewer/mediawindow_impl.cxx | 11 comphelper/source/misc/storagehelper.cxx | 13 configure.ac | 4 desktop/source/app/cmdlineargs.cxx | 2 download.lst | 20 editeng/source/items/frmitems.cxx | 9 embeddedobj/source/commonembedding/persistence.cxx | 8 external/curl/0001-x509asn1-clean-up-GTime2str.patch | 60 external/curl/0001-x509asn1-unittests-and-fixes-for-gtime2str.patch | 319 +++++ external/curl/UnpackedTarball_curl.mk | 2 external/hunspell/0001-invalid-read-memory-access-624.patch | 25 external/hunspell/UnpackedTarball_hunspell.mk | 1 external/redland/ExternalProject_raptor.mk | 4 external/redland/UnpackedTarball_raptor.mk | 1 external/redland/raptor/CVE-2024-57823.patch.1 | 35 filter/source/graphicfilter/ieps/ieps.cxx | 22 forms/source/component/ImageControl.cxx | 7 forms/source/component/clickableimage.cxx | 11 include/o3tl/safeint.hxx | 8 include/toolkit/controls/unocontrols.hxx | 2 include/toolkit/helper/property.hxx | 1 include/tools/diagnose_ex.h | 30 package/CppunitTest_package2_test.mk | 3 package/inc/ByteGrabber.hxx | 1 package/inc/ZipFile.hxx | 35 package/inc/ZipPackage.hxx | 1 package/qa/cppunit/data/casing.docx |binary package/qa/cppunit/data/dd-deflated.docx |binary package/qa/cppunit/data/dd-stored.docx |binary package/qa/cppunit/data/dot-slash.docx |binary package/qa/cppunit/data/duplicate-files.odt |binary package/qa/cppunit/data/fail/ofz56826-1.zip |binary package/qa/cppunit/data/inner-gap.docx |binary package/qa/cppunit/data/overlap.docx |binary package/qa/cppunit/data/pass/no_usb_2024-11-06.xlsx |binary package/qa/cppunit/data/slash.odt |binary package/qa/cppunit/data/tdf163341.ods |binary package/qa/cppunit/data/tdf163364.ods |binary package/qa/cppunit/data/tdf163818.odg |binary package/qa/cppunit/data/two-zips.docx |binary package/qa/cppunit/data/two-zips.odt |binary package/qa/cppunit/data/unicode-path.docx |binary package/qa/cppunit/data/unicode-path.odt |binary package/qa/cppunit/data/zip64-eocd.docx |binary package/qa/cppunit/test_zippackage.cxx | 466 +++++++ package/source/zipapi/ByteGrabber.cxx | 18 package/source/zipapi/MemoryByteGrabber.hxx | 34 package/source/zipapi/XUnbufferedStream.cxx | 18 package/source/zipapi/XUnbufferedStream.hxx | 4 package/source/zipapi/ZipFile.cxx | 618 ++++++++-- package/source/zipapi/ZipOutputStream.cxx | 3 package/source/zippackage/ZipPackage.cxx | 60 package/source/zippackage/ZipPackageStream.cxx | 70 - package/source/zippackage/zipfileaccess.cxx | 6 sc/qa/unit/filters-test.cxx | 30 sfx2/source/appl/linkmgr2.cxx | 5 sfx2/source/doc/docmacromode.cxx | 12 sfx2/source/doc/objmisc.cxx | 6 sfx2/source/doc/objserv.cxx | 10 sfx2/source/doc/objstor.cxx | 2 shell/Library_syssh.mk | 4 shell/source/win32/SysShExec.cxx | 9 sw/source/filter/html/htmlgrin.cxx | 3 toolkit/source/awt/vclxwindows.cxx | 1 toolkit/source/controls/dialogcontrol.cxx | 4 toolkit/source/controls/unocontrols.cxx | 14 toolkit/source/helper/property.cxx | 2 tools/qa/cppunit/test_urlobj.cxx | 44 tools/source/fsys/urlobj.cxx | 31 unotools/source/misc/mediadescriptor.cxx | 3 vcl/qa/cppunit/pdfexport/pdfexport.cxx | 4 vcl/source/filter/graphicfilter.cxx | 8 vcl/source/gdi/embeddedfontshelper.cxx | 16 xmloff/source/forms/elementimport.cxx | 9 xmlsecurity/CppunitTest_xmlsecurity_signing.mk | 1 xmlsecurity/qa/unit/signing/data/signature-forgery-cdh-lfh.docx |binary xmlsecurity/qa/unit/signing/signing.cxx | 35 77 files changed, 1980 insertions(+), 205 deletions(-)
New commits: commit 278c4b76ebb4ff9d4870553ba30aa5510dbd80ad Author: Thorsten Behrens <[email protected]> AuthorDate: Mon Mar 10 15:43:09 2025 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:43:09 2025 +0100 Release 6.3.6.31 Change-Id: I31398f61d76871b892eb27e64fa99e558a2e92b3 diff --git a/configure.ac b/configure.ac index b0b84d481dc7..27843c71fb9c 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([LibreOffice],[6.3.6.30],[],[],[http://documentfoundation.org/]) +AC_INIT([LibreOffice],[6.3.6.31],[],[],[http://documentfoundation.org/]) dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just fine if it is installed dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails hard commit 60616f7416f2ea312b0ec50a9b497cd3904e1d49 Author: Caolán McNamara <[email protected]> AuthorDate: Tue Jul 16 14:04:42 2019 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 cid#1399432 Uncaught exception Change-Id: I6dd5ce2e3b5b9d30d4e7e56c837fd8ccff6c99a3 Reviewed-on: https://gerrit.libreoffice.org/75733 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> diff --git a/include/tools/diagnose_ex.h b/include/tools/diagnose_ex.h index 596e44c4694d..78be153362c3 100644 --- a/include/tools/diagnose_ex.h +++ b/include/tools/diagnose_ex.h @@ -133,6 +133,36 @@ inline css::uno::Any DbgGetCaughtException() */ TOOLS_DLLPUBLIC OString exceptionToString(css::uno::Any const & caughtEx); +/** + Logs an message along with a nicely formatted version of the current exception. + This must be called as the FIRST thing in a catch block. +*/ +#define TOOLS_WARN_EXCEPTION(area, stream) \ + do { \ + css::uno::Any tools_warn_exception( DbgGetCaughtException() ); \ + SAL_WARN(area, stream << " " << exceptionToString(tools_warn_exception)); \ + } while (false) + +/** + Logs an message along with a nicely formatted version of the current exception. + This must be called as the FIRST thing in a catch block. +*/ +#define TOOLS_WARN_EXCEPTION_IF(cond, area, stream) \ + do { \ + css::uno::Any tools_warn_exception( DbgGetCaughtException() ); \ + SAL_WARN_IF(cond, area, stream << " " << exceptionToString(tools_warn_exception)); \ + } while (false) + +/** + Logs an message along with a nicely formatted version of the current exception. + This must be called as the FIRST thing in a catch block. +*/ +#define TOOLS_INFO_EXCEPTION(area, stream) \ + do { \ + css::uno::Any tools_warn_exception( DbgGetCaughtException() ); \ + SAL_INFO(area, stream << " " << exceptionToString(tools_warn_exception)); \ + } while (false) + #endif /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ commit d4508f8b8c980bd8a44567bd689e6731f40500cc Author: Stephan Bergmann <[email protected]> AuthorDate: Tue Jun 11 14:15:47 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 Some missing "block untrusted referer links" for form controls ...where "Referer" is now passed in as an additional property, so that the relevant objects can decide whether to obtain graphics while loading a document Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit dc01a6e7efd3e4c41287dc10c7ea1fdfa1ab5cb5) diff --git a/forms/source/component/ImageControl.cxx b/forms/source/component/ImageControl.cxx index 82fcdbfadb0e..c3c5640bdea0 100644 --- a/forms/source/component/ImageControl.cxx +++ b/forms/source/component/ImageControl.cxx @@ -55,6 +55,7 @@ #include <comphelper/property.hxx> #include <comphelper/types.hxx> #include <cppuhelper/queryinterface.hxx> +#include <unotools/securityoptions.hxx> #include <unotools/ucbstreamhelper.hxx> #include <svl/urihelper.hxx> diff --git a/forms/source/component/clickableimage.cxx b/forms/source/component/clickableimage.cxx index 3501b42c2788..9c982a3932fa 100644 --- a/forms/source/component/clickableimage.cxx +++ b/forms/source/component/clickableimage.cxx @@ -47,6 +47,7 @@ #include <comphelper/types.hxx> #include <cppuhelper/exc_hlp.hxx> #include <svtools/imageresourceaccess.hxx> +#include <unotools/securityoptions.hxx> #define LOCAL_URL_PREFIX '#' @@ -770,8 +771,12 @@ namespace frm m_bProdStarted = false; - // Kick off download (caution: can be synchronous). - m_pMedium->Download(LINK(this, OClickableImageBaseModel, DownloadDoneLink)); + OUString referer; + getPropertyValue("Referer") >>= referer; + if (!SvtSecurityOptions().isUntrustedReferer(referer)) { + // Kick off download (caution: can be synchronous). + m_pMedium->Download(LINK(this, OClickableImageBaseModel, DownloadDoneLink)); + } } else { diff --git a/include/toolkit/controls/unocontrols.hxx b/include/toolkit/controls/unocontrols.hxx index 5feb07b266c6..b8b0deecf2f1 100644 --- a/include/toolkit/controls/unocontrols.hxx +++ b/include/toolkit/controls/unocontrols.hxx @@ -67,7 +67,7 @@ public: // appropriately ( e.g. NULL if non GraphicObject scheme ) or a valid // object if the rURL points to a valid object static css::uno::Reference< css::graphic::XGraphic > getGraphicAndGraphicObjectFromURL_nothrow( css::uno::Reference< css::graphic::XGraphicObject >& xOutGraphicObject, const OUString& _rURL ); - static css::uno::Reference< css::graphic::XGraphic > getGraphicFromURL_nothrow( const OUString& _rURL ); + static css::uno::Reference< css::graphic::XGraphic > getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer ); }; diff --git a/include/toolkit/helper/property.hxx b/include/toolkit/helper/property.hxx index 34d8918e9573..7eec86928d17 100644 --- a/include/toolkit/helper/property.hxx +++ b/include/toolkit/helper/property.hxx @@ -208,6 +208,7 @@ namespace uno { #define BASEPROPERTY_ACTIVE_SEL_TEXT_COLOR 167 #define BASEPROPERTY_INACTIVE_SEL_TEXT_COLOR 168 #define BASEPROPERTY_TYPEDITEMLIST 169 // AnySequence +#define BASEPROPERTY_REFERER 172 // These properties are not bound, they are always extracted from the BASEPROPERTY_FONTDESCRIPTOR property diff --git a/toolkit/source/awt/vclxwindows.cxx b/toolkit/source/awt/vclxwindows.cxx index 8c1c69d2f792..62908011b912 100644 --- a/toolkit/source/awt/vclxwindows.cxx +++ b/toolkit/source/awt/vclxwindows.cxx @@ -210,6 +210,7 @@ namespace toolkit void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds ) { + PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0); VCLXWindow::ImplGetPropertyIds( rIds ); } diff --git a/toolkit/source/controls/dialogcontrol.cxx b/toolkit/source/controls/dialogcontrol.cxx index d8da13850688..d8da06f8c4c5 100644 --- a/toolkit/source/controls/dialogcontrol.cxx +++ b/toolkit/source/controls/dialogcontrol.cxx @@ -421,7 +421,7 @@ void UnoDialogControl::PrepareWindowDescriptor( css::awt::WindowDescriptor& rDes ( !aImageURL.isEmpty() )) { OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL), uno::makeAny(aImageURL)); - xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl ); + xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" ); ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::makeAny( xGraphic ), true ); } } @@ -636,7 +636,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const Sequence< PropertyChang ( !aImageURL.isEmpty() )) { OUString absoluteUrl = getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)), uno::makeAny(aImageURL)); - xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl ); + xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" ); } ImplSetPropertyValue( GetPropertyName( BASEPROPERTY_GRAPHIC), uno::makeAny( xGraphic ), true ); break; diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx index 343579eeb98c..80b91aa6e1ef 100644 --- a/toolkit/source/controls/unocontrols.cxx +++ b/toolkit/source/controls/unocontrols.cxx @@ -40,6 +40,7 @@ #include <toolkit/helper/servicenames.hxx> #include <tools/urlobj.hxx> #include <toolkit/helper/macros.hxx> +#include <unotools/securityoptions.hxx> // for introspection #include <toolkit/awt/vclxwindows.hxx> @@ -76,11 +77,11 @@ uno::Reference< graphic::XGraphic > ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference< graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL ) { xOutGraphicObj = nullptr; - return ImageHelper::getGraphicFromURL_nothrow( _rURL ); + return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" ); } css::uno::Reference< css::graphic::XGraphic > -ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL ) +ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer ) { uno::Reference< graphic::XGraphic > xGraphic; if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) @@ -627,7 +628,11 @@ void SAL_CALL GraphicControlModel::setFastPropertyValue_NoBroadcast( sal_Int32 n mbAdjustingGraphic = true; OUString sImageURL; OSL_VERIFY( rValue >>= sImageURL ); - setDependentFastPropertyValue( BASEPROPERTY_GRAPHIC, uno::makeAny( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) ); + css::uno::Any any; + getFastPropertyValue(any, BASEPROPERTY_REFERER); + OUString referer; + any >>= referer; + setDependentFastPropertyValue( BASEPROPERTY_GRAPHIC, uno::makeAny( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) ); mbAdjustingGraphic = false; } break; diff --git a/toolkit/source/helper/property.cxx b/toolkit/source/helper/property.cxx index ad9ca0c89edf..8bac76e2a013 100644 --- a/toolkit/source/helper/property.cxx +++ b/toolkit/source/helper/property.cxx @@ -274,6 +274,8 @@ static ImplPropertyInfo* ImplGetPropertyInfos( sal_uInt16& rElementCount ) DECL_PROP_3 ( "InactiveSelectionBackgroundColor", INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ), DECL_PROP_3 ( "ActiveSelectionTextColor", ACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ), DECL_PROP_3 ( "InactiveSelectionTextColor", INACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ), + + DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID), }; rElementCount = SAL_N_ELEMENTS(aImplPropertyInfos); return aImplPropertyInfos; diff --git a/xmloff/source/forms/elementimport.cxx b/xmloff/source/forms/elementimport.cxx index 8adb230b5b62..1d98ea7f5e7b 100644 --- a/xmloff/source/forms/elementimport.cxx +++ b/xmloff/source/forms/elementimport.cxx @@ -567,6 +567,15 @@ namespace xmloff OSL_ENSURE(xPure.is(), OStringBuffer("OElementImport::createElement: service factory gave me no object (service name: ").append(OUStringToOString(m_sServiceName, RTL_TEXTENCODING_ASCII_US)).append(")!").getStr()); xReturn.set(xPure, UNO_QUERY); + if (auto const props = Reference<css::beans::XPropertySet>(xPure, css::uno::UNO_QUERY)) + { + try { + props->setPropertyValue( + "Referer", css::uno::Any(m_rFormImport.getGlobalContext().GetBaseURL())); + } catch (css::uno::Exception &) { + TOOLS_INFO_EXCEPTION("xmloff.forms", "setPropertyValue Referer failed"); + } + } } else OSL_FAIL("OElementImport::createElement: no service name to create an element!"); commit 5e91b348166139da40806e32c60d37b5b476e48e Author: Stephan Bergmann <[email protected]> AuthorDate: Thu Jan 9 19:43:23 2020 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 Introduce o3tl::make_unsigned to cast from signed to unsigned type ...without having to spell out a specific type to cast to (and also making it more obvious what the intend of such a cast is) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86502 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 6417668b3e12d9659ac5dc4a2f60aa8ad3bca675) Change-Id: Id9c68b856a4ee52e5a40d15dc9d83e95d1c231cd diff --git a/include/o3tl/safeint.hxx b/include/o3tl/safeint.hxx index ae28ca4b6570..6d8d1304fdf3 100644 --- a/include/o3tl/safeint.hxx +++ b/include/o3tl/safeint.hxx @@ -12,6 +12,7 @@ #include <sal/config.h> +#include <cassert> #include <limits> #include <type_traits> @@ -226,6 +227,13 @@ template<typename T> inline typename std::enable_if<std::is_unsigned<T>::value, #endif +template<typename T> constexpr std::enable_if_t<std::is_signed_v<T>, std::make_unsigned_t<T>> +make_unsigned(T value) +{ + assert(value >= 0); + return value; +} + } #endif commit f69290517177d9003f01b8906a8a0139661845a3 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Jan 30 20:37:38 2025 +0000 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 Filter out more unwanted command URIs Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/180970 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx index dc82f0588596..360dbfa58cb0 100644 --- a/desktop/source/app/cmdlineargs.cxx +++ b/desktop/source/app/cmdlineargs.cxx @@ -171,7 +171,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur if (nURIlen < 0) nURIlen = rest2.getLength(); auto const uri = rest2.copy(0, nURIlen); - if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) { + if (INetURLObject(uri).IsExoticProtocol()) { // Let the "Open" machinery process the full command URI (leading to failure, by intention, // as the "Open" machinery does not know about those command URI schemes): curEvt = CommandLineEvent::Open; commit 7f83c879031d0818f212086224d3e14cdde0cd07 Author: Caolán McNamara <[email protected]> AuthorDate: Tue Jan 7 08:59:25 2025 +0000 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 check if non-file uris could be interpreted as a file system pathname Change-Id: If283bec44ad1d648c68a5d0f028855e09c09017e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179868 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 400970acf4241632d084f66275161fc4b4ac1b21) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179990 Reviewed-by: Christian Lohmaier <[email protected]> (cherry picked from commit df54e1e3532584ee11c6ebb54a35302a5c5f6201) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181659 Reviewed-by: Michael Stahl <[email protected]> Tested-by: allotropia jenkins <[email protected]> diff --git a/shell/Library_syssh.mk b/shell/Library_syssh.mk index cd64791f1cd5..c81ea95ce79a 100644 --- a/shell/Library_syssh.mk +++ b/shell/Library_syssh.mk @@ -27,6 +27,10 @@ $(eval $(call gb_Library_use_system_win32_libs,syssh,\ $(eval $(call gb_Library_set_componentfile,syssh,shell/source/win32/syssh)) +$(eval $(call gb_Library_use_libraries,syssh,\ + tl \ +)) + $(eval $(call gb_Library_add_exception_objects,syssh,\ shell/source/win32/SysShExec \ shell/source/win32/SysShentry \ diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index dc0f48a8fa9a..8e92bbee3391 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -33,6 +33,7 @@ #include <cppuhelper/supportsservice.hxx> #include <o3tl/char16_t2wchar_t.hxx> #include <o3tl/runtimetooustring.hxx> +#include <tools/urlobj.hxx> #define WIN32_LEAN_AND_MEAN #include <windows.h> @@ -435,6 +436,14 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa } } } + } else { + // Filter out input that technically is a non-file URI, but could be interpreted by + // ShellExecuteExW as a file system pathname. + if (INetURLObject(aCommand, INetProtocol::File).GetProtocol() == INetProtocol::File) { + throw css::lang::IllegalArgumentException( + "XSystemShellExecute.execute URIS_ONLY with non-URI pathname " + aCommand, + static_cast< XSystemShellExecute* >(this), 0); + } } } commit fdfdf0127582eb22b9b7a895fd3c886cd03c6927 Author: Michael Stahl <[email protected]> AuthorDate: Wed Jan 15 10:55:05 2025 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 redland: disable all raptor parsers except for "rdfxml" It's the only one the unordf component invokes. CVE-2024-57823 CVE-2024-57822 affect the "ntriples" and "turtle" parsers. However it appears that the function raptor_uri_normalize_path() could also be called from raptor_libxml_* functions? Somewhat unclear, let's add the patch just in case. Change-Id: Idd7ebbc29c63e84ca2434b06c26f7aca34bdcaa5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/180272 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 2b50dc0e4482ac0ad27d69147b4175e05af4fba4) (cherry picked from commit 1ac4aa8db84ee647b471edbdd9a702e66fe52e78) diff --git a/external/redland/ExternalProject_raptor.mk b/external/redland/ExternalProject_raptor.mk index 4309df17b246..21598e0f1e9b 100644 --- a/external/redland/ExternalProject_raptor.mk +++ b/external/redland/ExternalProject_raptor.mk @@ -25,8 +25,8 @@ $(call gb_ExternalProject_get_state_target,raptor,build): $(if $(SYSBASE),$(if $(filter LINUX SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl))" \ CPPFLAGS="$(if $(SYSBASE),-I$(SYSBASE)/usr/include)" \ ./configure --disable-gtk-doc \ - --enable-parsers="rdfxml ntriples turtle trig guess rss-tag-soup" \ - --with-www=xml \ + --enable-parsers="rdfxml" \ + --without-www \ --without-xslt-config \ $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \ $(if $(filter INTEL ARM,$(CPUNAME)),ac_cv_c_bigendian=no)) \ diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk index 92bc586a3e60..81a769972c6b 100644 --- a/external/redland/UnpackedTarball_raptor.mk +++ b/external/redland/UnpackedTarball_raptor.mk @@ -31,6 +31,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\ external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \ external/redland/raptor/libtool.patch \ external/redland/raptor/raptor-libxml2-11.patch.1 \ + external/redland/raptor/CVE-2024-57823.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/redland/raptor/CVE-2024-57823.patch.1 b/external/redland/raptor/CVE-2024-57823.patch.1 new file mode 100644 index 000000000000..b06689304b0a --- /dev/null +++ b/external/redland/raptor/CVE-2024-57823.patch.1 @@ -0,0 +1,35 @@ +--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823 2014-07-26 23:07:37.000000000 +0200 ++++ raptor2-2.0.15/src/raptor_rfc2396.c 2025-01-13 12:59:22.175568228 +0100 +@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char* + } + + +-#if defined(RAPTOR_DEBUG) + if(path_len != strlen((const char*)path_buffer)) + RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.", (const char*)path_buffer, (long)strlen((const char*)path_buffer), (long)path_len); +-#endif + + /* Remove all "<component>/../" path components */ + +@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char* + if(!prev || !cur) + continue; + +-#if defined(RAPTOR_DEBUG) + if(path_len != strlen((const char*)path_buffer)) + RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len); +-#endif + + /* If the current one is '..' */ + if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') { +@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char* + } + + +-#if defined(RAPTOR_DEBUG) + if(path_len != strlen((const char*)path_buffer)) + RAPTOR_FATAL3("Path length %ld does not match calculated %ld.", (long)strlen((const char*)path_buffer), (long)path_len); +-#endif + + /* RFC3986 Appendix C.2 / 5.4.2 Abnormal Examples + * Remove leading /../ and /./ commit 7c64c62ea59457c46e4c2bb70617a0554824e4b7 Author: Stephan Bergmann <[email protected]> AuthorDate: Sat Dec 7 17:36:22 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 Fix check for further exotic protocols ...that were added in 59891cd3985469bc44dbd05c9fc704eeb07f0c78 "look at 'embedded' protocols for protocols that support them" Change-Id: I42836d6fd27cd99e39ab07e626053f002a2651f5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178047 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 8075798b22f2188530f57b8747589923bfd419ef) diff --git a/tools/qa/cppunit/test_urlobj.cxx b/tools/qa/cppunit/test_urlobj.cxx index 581a19478e67..a902d3223aab 100644 --- a/tools/qa/cppunit/test_urlobj.cxx +++ b/tools/qa/cppunit/test_urlobj.cxx @@ -338,6 +338,49 @@ namespace tools_urlobj obj.GetMainURL(INetURLObject::DecodeMechanism::NONE)); } + void testIsExoticProtocol() { + { + INetURLObject url(u"vnd.sun.star.pkg://slot%3A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.pkg://vnd.sun.star.pkg%3A%2F%2Fslot%253A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.pkg://http%3A%2F%2Fexample.net"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg, url.GetProtocol()); + CPPUNIT_ASSERT(!url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0/foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0?foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://slot%3A0#foo"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(url.IsExoticProtocol()); + } + { + INetURLObject url(u"vnd.sun.star.zip://http%3A%2F%2Fexample.net"); + CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol()); + CPPUNIT_ASSERT(!url.IsExoticProtocol()); + } + } + // Change the following lines only, if you add, remove or rename // member functions of the current class, // because these macros are need by auto register mechanism. @@ -355,6 +398,7 @@ namespace tools_urlobj CPPUNIT_TEST( urlobjTest_isSchemeEqualTo ); CPPUNIT_TEST( urlobjTest_isAnyKnownWebDAVScheme ); CPPUNIT_TEST( testSetExtension ); + CPPUNIT_TEST( testIsExoticProtocol ); CPPUNIT_TEST_SUITE_END( ); }; // class createPool diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 3f0a512e199d..3cec3a6e499b 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4964,10 +4964,21 @@ bool INetURLObject::IsExoticProtocol() const { return true; } - if (isSchemeEqualTo(u"vnd.sun.star.pkg") || isSchemeEqualTo(u"vnd.sun.star.zip")) + if (m_eScheme == INetProtocol::VndSunStarPkg) { + return INetURLObject(GetHost(INetURLObject::DecodeMechanism::WithCharset)) + .IsExoticProtocol(); + } + if (isSchemeEqualTo(u"vnd.sun.star.zip")) { - OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::WithCharset); - return sPayloadURL.startsWith(u"//") && INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol(); + OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::NONE); + if (!sPayloadURL.startsWith(u"//")) { + return false; + } + auto const find = [&sPayloadURL](auto c) { + auto const n = sPayloadURL.indexOf(c, 2); + return n == -1 ? sPayloadURL.getLength() : n; + }; + return INetURLObject(decode(sPayloadURL.copy(2, std::min(find('/'), find('?')) - 2), INetURLObject::DecodeMechanism::WithCharset)).IsExoticProtocol(); } return false; } commit 5e7123236ed2cb1166e11c03e70f75703db77736 Author: Caolán McNamara <[email protected]> AuthorDate: Fri Dec 6 14:41:19 2024 +0000 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 look at 'embedded' protocols too Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987 Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009) diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 615295f37ce4..3f0a512e199d 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4955,12 +4955,21 @@ OUString INetURLObject::CutExtension() bool INetURLObject::IsExoticProtocol() const { - return m_eScheme == INetProtocol::Slot || - m_eScheme == INetProtocol::Macro || - m_eScheme == INetProtocol::Uno || - m_eScheme == INetProtocol::VndSunStarExpand || - isSchemeEqualTo(u"vnd.sun.star.script") || - isSchemeEqualTo(u"service"); + if (m_eScheme == INetProtocol::Slot || + m_eScheme == INetProtocol::Macro || + m_eScheme == INetProtocol::Uno || + m_eScheme == INetProtocol::VndSunStarExpand || + isSchemeEqualTo(u"vnd.sun.star.script") || + isSchemeEqualTo(u"service")) + { + return true; + } + if (isSchemeEqualTo(u"vnd.sun.star.pkg") || isSchemeEqualTo(u"vnd.sun.star.zip")) + { + OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::WithCharset); + return sPayloadURL.startsWith(u"//") && INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol(); + } + return false; } /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ commit 320c2ea688d76447b4bde86ffb7f2e6522465186 Author: Caolán McNamara <[email protected]> AuthorDate: Fri Nov 15 12:30:39 2024 +0000 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 consider VndSunStarExpand an exotic protocol and generally don't bother with it when fetching data from urls Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176797 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit d6c89af2598e866aa9cb4fa3600691fb558befdb) diff --git a/avmedia/source/viewer/mediawindow_impl.cxx b/avmedia/source/viewer/mediawindow_impl.cxx index d76923bf09f8..a21ce909c33b 100644 --- a/avmedia/source/viewer/mediawindow_impl.cxx +++ b/avmedia/source/viewer/mediawindow_impl.cxx @@ -177,17 +177,20 @@ void MediaWindowImpl::dispose() uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString* pMimeType) { - uno::Reference<media::XPlayer> xPlayer; - if( rURL.isEmpty() ) - return xPlayer; + return nullptr; if (SvtSecurityOptions().isUntrustedReferer(rReferer)) { - return xPlayer; + return nullptr; } uno::Reference<uno::XComponentContext> xContext(::comphelper::getProcessComponentContext()); + if (INetURLObject(rURL).IsExoticProtocol()) + return nullptr; + + uno::Reference<media::XPlayer> xPlayer; + if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON) { diff --git a/editeng/source/items/frmitems.cxx b/editeng/source/items/frmitems.cxx index 4cb09608cf2e..a7a82836158e 100644 --- a/editeng/source/items/frmitems.cxx +++ b/editeng/source/items/frmitems.cxx @@ -3130,6 +3130,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co return nullptr; } + INetURLObject aGraphicURL( maStrLink ); + if (aGraphicURL.IsExoticProtocol()) + { + SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink); + return nullptr; + } + // tdf#94088 prepare graphic and state Graphic aGraphic; bool bGraphicLoaded = false; @@ -3150,8 +3157,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co // a 'data:' scheme url and try to load that (embedded graphics) if(!bGraphicLoaded) { - INetURLObject aGraphicURL( maStrLink ); - if( INetProtocol::Data == aGraphicURL.GetProtocol() ) { std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData()); diff --git a/embeddedobj/source/commonembedding/persistence.cxx b/embeddedobj/source/commonembedding/persistence.cxx index 8f76c4c4cb29..af280928ee89 100644 --- a/embeddedobj/source/commonembedding/persistence.cxx +++ b/embeddedobj/source/commonembedding/persistence.cxx @@ -54,6 +54,7 @@ #include <comphelper/mimeconfighelper.hxx> #include <comphelper/namedvaluecollection.hxx> #include <unotools/configmgr.hxx> +#include <tools/urlobj.hxx> #include <unotools/securityoptions.hxx> #include <tools/diagnose_ex.h> @@ -371,6 +372,13 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl() { sal_Int32 nLen = 2; uno::Sequence< beans::PropertyValue > aArgs( nLen ); + + if (INetURLObject(m_aLinkURL).IsExoticProtocol()) + { + SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << m_aLinkURL); + return nullptr; + } + aArgs[0].Name = "URL"; aArgs[0].Value <<= m_aLinkURL; aArgs[1].Name = "FilterName"; diff --git a/forms/source/component/ImageControl.cxx b/forms/source/component/ImageControl.cxx index 37b2eda2cb07..82fcdbfadb0e 100644 --- a/forms/source/component/ImageControl.cxx +++ b/forms/source/component/ImageControl.cxx @@ -394,6 +394,12 @@ void OImageControlModel::read(const Reference<XObjectInputStream>& _rxInStream) bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, ValueChangeInstigator _eInstigator ) { + OUString referer; + getPropertyValue("Referer") >>= referer; + if (SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) { + return false; + } + // create a stream for the image specified by the URL std::unique_ptr< SvStream > pImageStream; Reference< XInputStream > xImageStream; diff --git a/forms/source/component/clickableimage.cxx b/forms/source/component/clickableimage.cxx index f3803d275bb7..3501b42c2788 100644 --- a/forms/source/component/clickableimage.cxx +++ b/forms/source/component/clickableimage.cxx @@ -698,7 +698,7 @@ namespace frm // the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first INetURLObject aUrl(rURL); - if (INetProtocol::NotValid == aUrl.GetProtocol()) + if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol()) // we treat an invalid URL like we would treat no URL return; diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx index 6a6c282dc4ab..5089d255da8d 100644 --- a/sfx2/source/appl/linkmgr2.cxx +++ b/sfx2/source/appl/linkmgr2.cxx @@ -513,8 +513,11 @@ bool LinkManager::GetGraphicFromAny(const OUString& rMimeType, if (rValue.has<OUString>()) { OUString sURL = rValue.get<OUString>(); - if (!SvtSecurityOptions().isUntrustedReferer(rReferer)) + if (!SvtSecurityOptions().isUntrustedReferer(rReferer) && + !INetURLObject(sURL).IsExoticProtocol()) + { rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin); + } if (rGraphic.IsNone()) rGraphic.SetDefaultType(); rGraphic.setOriginURL(sURL); diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx index 7bf852b89271..ca6a8e553cfa 100644 --- a/sw/source/filter/html/htmlgrin.cxx +++ b/sw/source/filter/html/htmlgrin.cxx @@ -647,7 +647,8 @@ IMAGE_SETEVENT: // bPrcWidth / bPrcHeight means we have a percent size. If that's not the case and we have no // size from nWidth / nHeight either, then inspect the image header. - if ((!bPrcWidth && !nWidth) && (!bPrcHeight && !nHeight) && allowAccessLink(*m_xDoc)) + if ((!bPrcWidth && !nWidth) && (!bPrcHeight && !nHeight) && allowAccessLink(*m_xDoc) && + !aGraphicURL.IsExoticProtocol()) { GraphicDescriptor aDescriptor(aGraphicURL); if (aDescriptor.Detect(/*bExtendedInfo=*/true)) diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx index 937b05745273..343579eeb98c 100644 --- a/toolkit/source/controls/unocontrols.cxx +++ b/toolkit/source/controls/unocontrols.cxx @@ -38,6 +38,7 @@ #include <toolkit/controls/stdtabcontroller.hxx> #include <toolkit/helper/property.hxx> #include <toolkit/helper/servicenames.hxx> +#include <tools/urlobj.hxx> #include <toolkit/helper/macros.hxx> // for introspection @@ -82,7 +83,7 @@ css::uno::Reference< css::graphic::XGraphic > ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL ) { uno::Reference< graphic::XGraphic > xGraphic; - if ( _rURL.isEmpty() ) + if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) return xGraphic; try diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index 00ae62e7cc94..615295f37ce4 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4958,6 +4958,7 @@ bool INetURLObject::IsExoticProtocol() const return m_eScheme == INetProtocol::Slot || m_eScheme == INetProtocol::Macro || m_eScheme == INetProtocol::Uno || + m_eScheme == INetProtocol::VndSunStarExpand || isSchemeEqualTo(u"vnd.sun.star.script") || isSchemeEqualTo(u"service"); } diff --git a/unotools/source/misc/mediadescriptor.cxx b/unotools/source/misc/mediadescriptor.cxx index 22f18354cee4..f478e3d03f79 100644 --- a/unotools/source/misc/mediadescriptor.cxx +++ b/unotools/source/misc/mediadescriptor.cxx @@ -600,6 +600,9 @@ bool MediaDescriptor::impl_openStreamWithPostData( const css::uno::Reference< cs /*-----------------------------------------------*/ bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFile ) { + if (INetURLObject(sURL).IsExoticProtocol()) + return false; + OUString referer(getUnpackedValueOrDefault(PROP_REFERRER(), OUString())); if (SvtSecurityOptions().isUntrustedReferer(referer)) { return false; diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx index 87aeaefa0ec7..5c9ee63533a5 100644 --- a/vcl/source/filter/graphicfilter.cxx +++ b/vcl/source/filter/graphicfilter.cxx @@ -1007,10 +1007,16 @@ ErrCode GraphicFilter::CanImportGraphic( const OUString& rMainUrl, SvStream& rIS ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath, sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags ) { - ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR; SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" ); OUString aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) ); + if (rPath.IsExoticProtocol()) + { + SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl); + return ERRCODE_GRFILTER_FORMATERROR; + } + + ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR; std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE )); if (xStream) { commit 1a231bcd71590b0699aea843e2016ecc9b22a380 Author: Caolán McNamara <[email protected]> AuthorDate: Fri Nov 8 16:51:47 2024 +0000 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 be conservative on allowed temp font names Change-Id: Iefdc1a8c9b4c7e8c08c84f747f8287ac3c419839 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176236 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit f761d098e9a0960554aa4fc02f84a711b50a1cff) diff --git a/vcl/source/gdi/embeddedfontshelper.cxx b/vcl/source/gdi/embeddedfontshelper.cxx index 672e5d3c2fb8..69c2f6687cfd 100644 --- a/vcl/source/gdi/embeddedfontshelper.cxx +++ b/vcl/source/gdi/embeddedfontshelper.cxx @@ -17,6 +17,7 @@ #include <vcl/svapp.hxx> #include <vcl/embeddedfontshelper.hxx> #include <com/sun/star/io/XInputStream.hpp> +#include <comphelper/storagehelper.hxx> #include <fontsubset.hxx> #include <outdev.h> @@ -163,10 +164,6 @@ bool EmbeddedFontsHelper::addEmbeddedFont( const uno::Reference< io::XInputStrea OUString EmbeddedFontsHelper::fileUrlForTemporaryFont( const OUString& fontName, const char* extra ) { - OUString path = "${$BRAND_BASE_DIR/" LIBO_ETC_FOLDER "/" SAL_CONFIGFILE( "bootstrap") "::UserInstallation}"; - rtl::Bootstrap::expandMacros( path ); - path += "/user/temp/embeddedfonts/fromdocs/"; - osl::Directory::createPath( path ); OUString filename = fontName; static int uniqueCounter = 0; if( strcmp( extra, "?" ) == 0 ) @@ -174,6 +171,17 @@ OUString EmbeddedFontsHelper::fileUrlForTemporaryFont( const OUString& fontName, else filename += OStringToOUString( extra, RTL_TEXTENCODING_ASCII_US ); filename += ".ttf"; // TODO is it always ttf? + + if (!::comphelper::OStorageHelper::IsValidZipEntryFileName(filename, false)) + { + SAL_WARN( "vcl.fonts", "Cannot use filename: " << filename << " for temporary font"); + filename = "font" + OUString::number(uniqueCounter++) + ".ttf"; + } + + OUString path = "${$BRAND_BASE_DIR/" LIBO_ETC_FOLDER "/" SAL_CONFIGFILE( "bootstrap") "::UserInstallation}"; + rtl::Bootstrap::expandMacros( path ); + path += "/user/temp/embeddedfonts/fromdocs/"; + osl::Directory::createPath( path ); return path + filename; } commit ed277d2c1b0addc2f0ac971867fb5984b4760e60 Author: Michael Stahl <[email protected]> AuthorDate: Fri Aug 2 14:24:29 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 nss: upgrade to release 3.102.1 Not sure what moz#1905691 is but they did an ESR release for it... Change-Id: I271d592dd9d61157f4fbe819258c90414c1b4e52 (cherry picked from commit 9fccb6474079dc49c4903965faed9b44b464f4cd) diff --git a/download.lst b/download.lst index a67c2b8128dc..f6ef442c5c4c 100644 --- a/download.lst +++ b/download.lst @@ -183,8 +183,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := 566faa9283ff3d9a7d6c44272df6e4330e3e06ca4e841a68840d31b27c9161c4 -export NSS_TARBALL := nss-3.101-with-nspr-4.35.tar.gz +export NSS_SHA256SUM := ddfdec73fb4b0eedce5fc4de09de9ba14d2ddbfbf67e42372903e1510f2d3d65 +export NSS_TARBALL := nss-3.102.1-with-nspr-4.35.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 commit b9d3e2297e082670e7906f172b5424b1aac5fa3f Author: Xisco Fauli <[email protected]> AuthorDate: Tue Jun 11 09:50:36 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 nss: upgrade to 3.101 Downloaded from https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_101_RTM/src/nss-3.101-with-nspr-4.35.tar.gz Change-Id: I8314faf1af069a5dc438f0d53f327ae2193ca59d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168663 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins (cherry picked from commit 3f686bfe0e83de59b9f641b08e880c5319f9d8e1) diff --git a/download.lst b/download.lst index 841ca6246969..a67c2b8128dc 100644 --- a/download.lst +++ b/download.lst @@ -183,8 +183,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := 59bb55a59b02e4004fc26ad0aa1a13fe8d73c6c90c447dd2f2efb73fb81083ed -export NSS_TARBALL := nss-3.98-with-nspr-4.35.tar.gz +export NSS_SHA256SUM := 566faa9283ff3d9a7d6c44272df6e4330e3e06ca4e841a68840d31b27c9161c4 +export NSS_TARBALL := nss-3.101-with-nspr-4.35.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 commit d5baab455c2c69e3037745254f97ea166f1e0f0e Author: Caolán McNamara <[email protected]> AuthorDate: Mon Aug 22 15:05:40 2022 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 upgrade to hunspell 1.7.1 Change-Id: Ifff2f17d17ab2764f3703b008fcb096ff08c9315 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138690 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 46003cb1c4c770a9ba4eb9b2a55561c2ebeb3519) diff --git a/download.lst b/download.lst index 0db4f5942cfa..841ca6246969 100644 --- a/download.lst +++ b/download.lst @@ -100,8 +100,8 @@ export HARFBUZZ_SHA256SUM := f205699d5b91374008d6f8e36c59e419ae2d9a7bb8c5d9f3404 export HARFBUZZ_TARBALL := harfbuzz-2.3.1.tar.bz2 export HSQLDB_SHA256SUM := d30b13f4ba2e3b6a2d4f020c0dee0a9fb9fc6fbcc2d561f36b78da4bf3802370 export HSQLDB_TARBALL := 17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip -export HUNSPELL_SHA256SUM := 57be4e03ae9dd62c3471f667a0d81a14513e314d4d92081292b90435944ff951 -export HUNSPELL_TARBALL := hunspell-1.7.0.tar.gz +export HUNSPELL_SHA256SUM := b2d9c5369c2cc7f321cb5983fda2dbf007dce3d9e17519746840a6f0c4bf7444 +export HUNSPELL_TARBALL := hunspell-1.7.1.tar.gz export HYPHEN_SHA256SUM := 304636d4eccd81a14b6914d07b84c79ebb815288c76fe027b9ebff6ff24d5705 export HYPHEN_TARBALL := 5ade6ae2a99bc1e9e57031ca88d36dad-hyphen-2.8.8.tar.gz export ICU_SHA256SUM := 05c490b69454fce5860b7e8e2821231674af0a11d7ef2febea9a32512998cb9d diff --git a/external/hunspell/0001-invalid-read-memory-access-624.patch b/external/hunspell/0001-invalid-read-memory-access-624.patch deleted file mode 100644 index 66b55e7555bd..000000000000 --- a/external/hunspell/0001-invalid-read-memory-access-624.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ac938e2ecb48ab4dd21298126c7921689d60571b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <[email protected]> -Date: Tue, 12 Nov 2019 20:03:15 +0000 -Subject: [PATCH] invalid read memory access #624 - ---- - src/hunspell/suggestmgr.cxx | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx -index dba084e..c23f165 100644 ---- a/src/hunspell/suggestmgr.cxx -+++ b/src/hunspell/suggestmgr.cxx -@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( - int l2 = su2.size(); - // decapitalize dictionary word - if (complexprefixes) { -- if (su1[l1 - 1] == su2[l2 - 1]) -+ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) - return 1; - } else { - unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l; --- -2.23.0 - diff --git a/external/hunspell/UnpackedTarball_hunspell.mk b/external/hunspell/UnpackedTarball_hunspell.mk index 1cd24e225868..37a2d196fbf5 100644 --- a/external/hunspell/UnpackedTarball_hunspell.mk +++ b/external/hunspell/UnpackedTarball_hunspell.mk @@ -22,7 +22,6 @@ endif $(eval $(call gb_UnpackedTarball_set_patchlevel,hunspell,1)) $(eval $(call gb_UnpackedTarball_add_patches,hunspell, \ - external/hunspell/0001-invalid-read-memory-access-624.patch \ )) # vim: set noet sw=4 ts=4: commit 4ff64df28c766d91f40ed6eef77be4fd0136f159 Author: Michael Stahl <[email protected]> AuthorDate: Tue Sep 10 10:30:00 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:20 2025 +0100 expat: upgrade to release 2.6.3 Fixes CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 Change-Id: I17f7d9a5c540e7d2005515f1f4fd79e0a5c631ca Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173124 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit 4529ffc6439250bf3edc705117f9af1ad116dc36) diff --git a/download.lst b/download.lst index 4e29bb4fadd5..0db4f5942cfa 100644 --- a/download.lst +++ b/download.lst @@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a export ETONYEK_VERSION_MICRO := 9 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz -export EXPAT_SHA256SUM := ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364 -export EXPAT_TARBALL := expat-2.6.2.tar.xz +export EXPAT_SHA256SUM := 274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc +export EXPAT_TARBALL := expat-2.6.3.tar.xz export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017 commit cb82bd7346d796cbfd9916730519492df2af6585 Author: Xisco Fauli <[email protected]> AuthorDate: Sat Sep 7 00:42:57 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 Python: upgrade to 3.8.20 Downloaded from https://www.python.org/ftp/python/3.8.20/Python-3.8.20.tar.xz Change-Id: I142d52236bcd4011359889ce6e64898ca08999c7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172983 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit f61641cbd6a06f6669b7390599925a3133e17ce1) diff --git a/configure.ac b/configure.ac index 4866a9848474..b0b84d481dc7 100644 --- a/configure.ac +++ b/configure.ac @@ -8750,7 +8750,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=8 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.19 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.20 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index ff9928c53a46..4e29bb4fadd5 100644 --- a/download.lst +++ b/download.lst @@ -212,8 +212,8 @@ export POPPLER_SHA256SUM := d7a8f748211359cadb774ba3e18ecda6464b34027045c0648eb3 export POPPLER_TARBALL := poppler-22.09.0.tar.xz export POSTGRESQL_SHA256SUM := 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 export POSTGRESQL_TARBALL := postgresql-13.10.tar.bz2 -PYTHON_SHA256SUM := d2807ac69f69b84fd46a0b93bbd02a4fa48d3e70f4b2835ff0f72a2885040076 -PYTHON_TARBALL := Python-3.8.19.tar.xz +PYTHON_SHA256SUM := 6fb89a7124201c61125c0ab4cf7f6894df339a40c02833bfd28ab4d7691fafb4 +PYTHON_TARBALL := Python-3.8.20.tar.xz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c export QXP_TARBALL := libqxp-0.0.2.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed commit 910ade31fcfdd01c6d63490d98b13f4b54a3652f Author: Taichi Haradaguchi <[email protected]> AuthorDate: Fri Mar 22 13:43:14 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 Expat: upgrade to release 2.6.2 Fixes CVE-2024-28757 Change-Id: Id85044fa9d8eda922425e580e9d6979f6563e98a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165129 Tested-by: Taichi Haradaguchi <[email protected]> Reviewed-by: Taichi Haradaguchi <[email protected]> (cherry picked from commit 370ca73a45b291e172918b4c8fcbc37ccaa434cf) diff --git a/download.lst b/download.lst index 828ce4be1ebb..ff9928c53a46 100644 --- a/download.lst +++ b/download.lst @@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a export ETONYEK_VERSION_MICRO := 9 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz -export EXPAT_SHA256SUM := ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe -export EXPAT_TARBALL := expat-2.5.0.tar.xz +export EXPAT_SHA256SUM := ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364 +export EXPAT_TARBALL := expat-2.6.2.tar.xz export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017 commit 8514066bac5e02f817e34c33b6680f4c7c50dc5b Author: Michael Stahl <[email protected]> AuthorDate: Thu Aug 8 11:02:47 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 curl: add patch for CVE-2024-7264 Change-Id: I0e7e3533f8216f701e1439c2438e3c339c0003df (cherry picked from commit 7bc74494f7ff6b5e43abb9d1cba44effe784e799) diff --git a/external/curl/0001-x509asn1-clean-up-GTime2str.patch b/external/curl/0001-x509asn1-clean-up-GTime2str.patch new file mode 100644 index 000000000000..e020416d6865 --- /dev/null +++ b/external/curl/0001-x509asn1-clean-up-GTime2str.patch @@ -0,0 +1,60 @@ +From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <[email protected]> +Date: Tue, 30 Jul 2024 10:05:17 +0200 +Subject: [PATCH] x509asn1: clean up GTime2str + +Co-authored-by: Stefan Eissing +Reported-by: Dov Murik + +Closes #14307 +--- + lib/vtls/x509asn1.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c +index 1bc4243dd..e3a9fe423 100644 +--- a/lib/vtls/x509asn1.c ++++ b/lib/vtls/x509asn1.c +@@ -494,7 +494,7 @@ static CURLcode GTime2str(struct dynbuf *store, + /* Convert an ASN.1 Generalized time to a printable string. + Return the dynamically allocated string, or NULL if an error occurs. */ + +- for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++) ++ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++) + ; + + /* Get seconds digits. */ +@@ -513,17 +513,22 @@ static CURLcode GTime2str(struct dynbuf *store, + return NULL; + } + +- /* Scan for timezone, measure fractional seconds. */ ++ /* timezone follows optional fractional seconds. */ + tzp = fracp; +- fracl = 0; ++ fracl = 0; /* no fractional seconds detected so far */ + if(fracp < end && (*fracp == '.' || *fracp == ',')) { +- fracp++; +- do ++ /* Have fractional seconds, e.g. "[.,]\d+". How many? */ ++ tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ ++ while(tzp < end && ISDIGIT(*tzp)) + tzp++; +- while(tzp < end && *tzp >= '0' && *tzp <= '9'); +- /* Strip leading zeroes in fractional seconds. */ +- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) +- ; ++ if(tzp == fracp) /* never looped, no digit after [.,] */ ++ return NULL; ++ fracl = tzp - fracp - 1; /* number of fractional sec digits */ ++ DEBUGASSERT(fracl > 0); ++ /* Strip trailing zeroes in fractional seconds. ++ * May reduce fracl to 0 if only '0's are present. */ ++ while(fracl && fracp[fracl - 1] == '0') ++ fracl--; + } + + /* Process timezone. */ +-- +2.45.2 + diff --git a/external/curl/0001-x509asn1-unittests-and-fixes-for-gtime2str.patch b/external/curl/0001-x509asn1-unittests-and-fixes-for-gtime2str.patch new file mode 100644 index 000000000000..8eb4be5383fd --- /dev/null +++ b/external/curl/0001-x509asn1-unittests-and-fixes-for-gtime2str.patch @@ -0,0 +1,319 @@ +From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <[email protected]> +Date: Tue, 30 Jul 2024 16:40:48 +0200 +Subject: [PATCH] x509asn1: unittests and fixes for gtime2str + +Fix issues in GTime2str() and add unit test cases to verify correct +behaviour. + +Follow-up to 3c914bc6801 + +Closes #14316 +--- + lib/vtls/x509asn1.c | 32 +++++++--- + lib/vtls/x509asn1.h | 11 ++++ + tests/data/Makefile.inc | 2 +- + tests/data/test1656 | 22 +++++++ + tests/unit/Makefile.inc | 4 +- + tests/unit/unit1656.c | 133 ++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 194 insertions(+), 10 deletions(-) + create mode 100644 tests/data/test1656 + create mode 100644 tests/unit/unit1656.c + +diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c +index e3a9fe423..7f04af3b9 100644 +--- a/lib/vtls/x509asn1.c ++++ b/lib/vtls/x509asn1.c +@@ -518,12 +518,13 @@ static CURLcode GTime2str(struct dynbuf *store, + fracl = 0; /* no fractional seconds detected so far */ + if(fracp < end && (*fracp == '.' || *fracp == ',')) { + /* Have fractional seconds, e.g. "[.,]\d+". How many? */ +- tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ ++ fracp++; /* should be a digit char or BAD ARGUMENT */ ++ tzp = fracp; + while(tzp < end && ISDIGIT(*tzp)) + tzp++; + if(tzp == fracp) /* never looped, no digit after [.,] */ + return NULL; +- fracl = tzp - fracp - 1; /* number of fractional sec digits */ ++ fracl = tzp - fracp; /* number of fractional sec digits */ + DEBUGASSERT(fracl > 0); + /* Strip trailing zeroes in fractional seconds. + * May reduce fracl to 0 if only '0's are present. */ +@@ -532,18 +533,24 @@ static CURLcode GTime2str(struct dynbuf *store, + } + + /* Process timezone. */ +- if(tzp >= end) +- ; /* Nothing to do. */ ++ if(tzp >= end) { ++ tzp = ""; ++ tzl = 0; ++ } + else if(*tzp == 'Z') { +- tzp = " GMT"; +- end = tzp + 4; ++ sep = " "; ++ tzp = "GMT"; ++ tzl = 3; ++ } ++ else if((*tzp == '+') || (*tzp == '-')) { ++ sep = " UTC"; ++ tzl = end - tzp; + } + else { + sep = " "; +- tzp++; ++ tzl = end - tzp; + } + +- tzl = end - tzp; + return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", + beg, beg + 4, beg + 6, + beg + 8, beg + 10, sec1, sec2, +@@ -552,6 +559,15 @@ static CURLcode GTime2str(struct dynbuf *store, + sep, (int)tzl, tzp); + } + ++#if 0 /* def UNITTESTS */ ++/* used by unit1656.c */ ++CURLcode Curl_x509_GTime2str(struct dynbuf *store, ++ const char *beg, const char *end) ++{ ++ return GTime2str(store, beg, end); ++} ++#endif ++ + /* + * Convert an ASN.1 UTC time to a printable string. + * Return the dynamically allocated string, or NULL if an error occurs. +diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h +index 584446046..5b48596c7 100644 +--- a/lib/vtls/x509asn1.h ++++ b/lib/vtls/x509asn1.h +@@ -77,6 +77,17 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, + const char *beg, const char *end); + CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, + const char *beg, const char *end); ++ ++#ifdef UNITTESTS ++#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ ++ defined(USE_MBEDTLS) ++ ++/* used by unit1656.c */ ++CURLcode Curl_x509_GTime2str(struct dynbuf *store, ++ const char *beg, const char *end); ++#endif ++#endif ++ + #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL + * or USE_SECTRANSP */ + #endif /* HEADER_CURL_X509ASN1_H */ +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index d0e20df4b..792cb16ee 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -211,7 +211,7 @@ test1620 test1621 \ + \ + test1630 test1631 test1632 test1633 test1634 test1635 \ + \ +-test1650 test1651 test1652 test1653 test1654 test1655 \ ++test1650 test1651 test1652 test1653 test1654 test1655 test1656 \ + test1660 test1661 test1662 \ + \ + test1670 test1671 \ +diff --git a/tests/data/test1656 b/tests/data/test1656 +new file mode 100644 +index 000000000..2fab21be6 +--- /dev/null ++++ b/tests/data/test1656 +@@ -0,0 +1,22 @@ ++<testcase> ++<info> ++<keywords> ++unittest ++Curl_x509_GTime2str ++</keywords> ++</info> ++ ++# ++# Client-side ++<client> ++<server> ++none ++</server> ++<features> ++unittest ++</features> ++<name> ++Curl_x509_GTime2str unit tests ++</name> ++</client> ++</testcase> +diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc +index c402f8035..5b23c2559 100644 +--- a/tests/unit/Makefile.inc ++++ b/tests/unit/Makefile.inc +@@ -36,7 +36,7 @@ UNITPROGS = unit1300 unit1302 unit1303 unit1304 unit1305 unit1307 \ + unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \ + unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 \ + unit1620 unit1621 \ +- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \ ++ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \ + unit1660 unit1661 \ + unit2600 \ + unit3200 +diff --git a/tests/unit/Makefile.in b/tests/unit/Makefile.in +index c402f8035..5b23c2559 100644 +--- a/tests/unit/Makefile.in ++++ b/tests/unit/Makefile.in +@@ -821,6 +821,7 @@ unit1654_SOURCES = unit1654.c $(UNITFILES) + unit1653_SOURCES = unit1653.c $(UNITFILES) + unit1654_SOURCES = unit1654.c $(UNITFILES) + unit1655_SOURCES = unit1655.c $(UNITFILES) ++unit1656_SOURCES = unit1656.c $(UNITFILES) + unit1660_SOURCES = unit1660.c $(UNITFILES) + unit1661_SOURCES = unit1661.c $(UNITFILES) + unit2600_SOURCES = unit2600.c $(UNITFILES) +diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c +new file mode 100644 +index 000000000..644e72fc7 +--- /dev/null ++++ b/tests/unit/unit1656.c +@@ -0,0 +1,133 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Daniel Stenberg, <[email protected]>, et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++#include "curlcheck.h" ++ ++#include "vtls/x509asn1.h" ++ ++static CURLcode unit_setup(void) ++{ ++ return CURLE_OK; ++} ++ ++static void unit_stop(void) ++{ ++ ++} ++ ++#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ ++ defined(USE_MBEDTLS) ++ ++#ifndef ARRAYSIZE ++#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) ++#endif ++ ++struct test_spec { ++ const char *input; ++ const char *exp_output; ++ CURLcode exp_result; ++}; ++ ++static struct test_spec test_specs[] = { ++ { "190321134340", "1903-21-13 43:40:00", CURLE_OK }, ++ { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK }, ++ { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK }, ++ { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK }, ++ { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK }, ++ { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK }, ++ { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK }, ++ { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK }, ++ { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK }, ++ { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK }, ++ { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK }, ++ { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK }, ++ { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK }, ++ { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK }, ++ { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK }, ++ { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK }, ++ { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK }, ++ { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK }, ++ { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK }, ++ { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK }, ++}; ++ ++static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf) ++{ ++ CURLcode result; ++ const char *in = spec->input; ++ ++ Curl_dyn_reset(dbuf); ++ result = Curl_x509_GTime2str(dbuf, in, in + strlen(in)); ++ if(result != spec->exp_result) { ++ fprintf(stderr, "test %zu: expect result %d, got %d ", ++ i, spec->exp_result, result); ++ return FALSE; ++ } ++ else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) { ++ fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s' ", ++ i, in, spec->exp_output, Curl_dyn_ptr(dbuf)); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++UNITTEST_START ++{ ++ size_t i; ++ struct dynbuf dbuf; ++ bool all_ok = TRUE; ++ ++ Curl_dyn_init(&dbuf, 32*1024); ++ ++ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { ++ fprintf(stderr, "curl_global_init() failed "); ++ return TEST_ERR_MAJOR_BAD; ++ } ++ ++ for(i = 0; i < ARRAYSIZE(test_specs); ++i) { ++ if(!do_test(&test_specs[i], i, &dbuf)) ++ all_ok = FALSE; ++ } ++ fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails"); ++ ++ Curl_dyn_free(&dbuf); ++ curl_global_cleanup(); ++} ++UNITTEST_STOP ++ ++#else ++ ++UNITTEST_START ++{ ++ puts("not tested since Curl_x509_GTime2str() is not built-in"); ++} ++UNITTEST_STOP ++ ++#endif +-- +2.45.2 + diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index a8ac5b77c8ee..3bcc9c3796de 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -24,6 +24,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/zlib.patch.0 \ external/curl/CVE-2023-38545_7.87.0.patch \ external/curl/2b0994c29a721c91c57.patch \ + external/curl/0001-x509asn1-clean-up-GTime2str.patch \ + external/curl/0001-x509asn1-unittests-and-fixes-for-gtime2str.patch \ )) ifeq ($(SYSTEM_NSS),) commit 53a9499fa0892c61a8a37599248ee0bf7ce4467e Author: Sarper Akdemir <[email protected]> AuthorDate: Tue Jun 11 12:39:36 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 remove ability to trust not validated macro signatures in high security Giving the user the option to determine if they should trust an invalid signature in HIGH macro security doesn't make sense. CommonName of the signature is the most prominent feature presented and the CommonName of a certificate can be easily forged for an invalid signature, tricking the user into accepting an invalid signature. in the HIGH macro security setting only show the pop-up to enable/disable signed macro if the certificate signature can be validated. cherry-picked without UI/String altering bits for 24-2 Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667 Tested-by: Jenkins Reviewed-by: Sarper Akdemir <[email protected]> (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525 Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 6d014a38725f..06f7f2c97281 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -224,10 +224,18 @@ namespace sfx2 // check whether the document is signed with trusted certificate if ( nMacroExecutionMode != MacroExecMode::FROM_LIST ) { + SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); + // the trusted macro check will also retrieve the signature state ( small optimization ) - bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN ); + const SvtSecurityOptions aSecOption; + const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN + && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE + || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)) + && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN + || nSignatureState == SignatureState::OK); + + const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor); - SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); if ( nSignatureState == SignatureState::BROKEN ) { return disallowMacroExecution(); commit 714468782f874c3c4d87de315f9e9d49f632a46c Author: Xisco Fauli <[email protected]> AuthorDate: Wed Jul 24 18:27:38 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 libxml2: upgrade to 2.12.9 it fixes CVE-2024-40896 Downloaded from https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.9.tar.xz Change-Id: I73f2e480026b695f9fb7f684b11bc138046ab868 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170977 Tested-by: Jenkins Reviewed-by: Christian Lohmaier <[email protected]> (cherry picked from commit e43d83d5325e3f92f16118b27acb583b6a2fbb53) diff --git a/download.lst b/download.lst index cf3fcb3ec247..828ce4be1ebb 100644 --- a/download.lst +++ b/download.lst @@ -158,8 +158,8 @@ export LIBTOMMATH_SHA256SUM := 986025d7b374276fee2e30e99f3649e4ac0db8a02257a37ee export LIBTOMMATH_TARBALL := ltm-1.2.1.tar.xz export XMLSEC_SHA256SUM := 13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4 export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz -export LIBXML_SHA256SUM := a972796696afd38073e0f59c283c3a2f5a560b5268b4babc391b286166526b21 -export LIBXML_VERSION_MICRO := 5 +export LIBXML_SHA256SUM := 59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590 +export LIBXML_VERSION_MICRO := 9 export LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz export LIBXSLT_SHA256SUM := 2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0 export LIBXSLT_VERSION_MICRO := 39 commit 8c4584d97480b3b8f48f5fb07310e00634709215 Author: Caolán McNamara <[email protected]> AuthorDate: Tue Jul 9 13:08:23 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 use a throwaway TMPDIR for ghostscript-using helpers Change-Id: Iba5a475399589c9e2c4fd485d613f0dedfe0dc44 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170124 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit b0230fbd68924916ffad47958e0ca87bb532d7e3) diff --git a/filter/source/graphicfilter/ieps/ieps.cxx b/filter/source/graphicfilter/ieps/ieps.cxx index 8ab741e25317..7416b8f712c2 100644 --- a/filter/source/graphicfilter/ieps/ieps.cxx +++ b/filter/source/graphicfilter/ieps/ieps.cxx @@ -155,7 +155,15 @@ static oslProcessError runProcessWithPathSearch(const OUString &rProgName, rtl_uString* pArgs[], sal_uInt32 nArgs, oslProcess *pProcess, oslFileHandle *pIn, oslFileHandle *pOut, oslFileHandle *pErr) { - oslProcessError result; + // run things that directly or indirectly might call gs in a tmpdir of their own + utl::TempFile aTMPDirectory(nullptr, true); + aTMPDirectory.EnableKillingFile(true); + OUString sTmpDirEnv = "TMPDIR=" + aTMPDirectory.GetFileName(); + + rtl_uString* ustrEnvironment[1]; + ustrEnvironment[0] = sTmpDirEnv.pData; + + oslProcessError result = osl_Process_E_None; oslSecurity pSecurity = osl_getCurrentSecurity(); #ifdef _WIN32 /* @@ -178,15 +186,15 @@ static oslProcessError runProcessWithPathSearch(const OUString &rProgName, oslFileError err = osl_searchFileURL(rProgName.pData, path.pData, &url.pData); if (err != osl_File_E_None) - return osl_Process_E_NotFound; - - result = osl_executeProcess_WithRedirectedIO(url.pData, - pArgs, nArgs, osl_Process_HIDDEN, - pSecurity, nullptr, nullptr, 0, pProcess, pIn, pOut, pErr); + result = osl_Process_E_NotFound; + else + result = osl_executeProcess_WithRedirectedIO(url.pData, + pArgs, nArgs, osl_Process_HIDDEN, + pSecurity, nullptr, ustrEnvironment, 1, pProcess, pIn, pOut, pErr); #else result = osl_executeProcess_WithRedirectedIO(rProgName.pData, pArgs, nArgs, osl_Process_SEARCHPATH | osl_Process_HIDDEN, - pSecurity, nullptr, nullptr, 0, pProcess, pIn, pOut, pErr); + pSecurity, nullptr, ustrEnvironment, 1, pProcess, pIn, pOut, pErr); #endif osl_freeSecurityHandle( pSecurity ); return result; commit b3d5f2b99960c55634965dcd95710b3e047f58b8 Author: Michael Stahl <[email protected]> AuthorDate: Fri Nov 8 18:08:58 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 tdf#163818 package: fix recovery of zip entry local header with ... ... compressed size = 0. The problem is that vector::data() on a vector of size 0 returns nullptr, and osl_readFile into a nullptr buffer returns E_INVAL, which causes an exception to be thrown. Catch the exception, so that there is a chance to read the values from the data descriptor instead. (regression from commit 32cad89592ec04ab552399095c91dd76afb3002c and/or commit a6ad198d097fb4a503c8d5831d484ff46721134b) Change-Id: I9b2d9a930997146faf224d8033955b142fe93f58 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176289 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit 80cda6954adc88eac3b99171acafea004976915b) diff --git a/package/qa/cppunit/data/tdf163818.odg b/package/qa/cppunit/data/tdf163818.odg new file mode 100644 index 000000000000..a01424acc27d Binary files /dev/null and b/package/qa/cppunit/data/tdf163818.odg differ diff --git a/package/qa/cppunit/test_zippackage.cxx b/package/qa/cppunit/test_zippackage.cxx index 4eabcd9d424d..f7da6738ac97 100644 --- a/package/qa/cppunit/test_zippackage.cxx +++ b/package/qa/cppunit/test_zippackage.cxx @@ -432,6 +432,34 @@ CPPUNIT_TEST_FIXTURE(ZipPackageTest, testTdf163341) } } +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testTdf163818) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/tdf163818.odg")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::PACKAGE))) + }; + + // unclear if this should be allowed? + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + // recovery should work - except on this old branch, Zip64 code is missing so this file fails... + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue(u"RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + } +} + //CPPUNIT_TEST_SUITE_REGISTRATION(...); //CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index aa5c2955ab7d..45331b19b2f1 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -1622,14 +1622,27 @@ bool ZipFile::checkSizeAndCRC( const ZipEntry& aEntry ) { ::osl::MutexGuard aGuard( m_aMutexHolder->GetMutex() ); - sal_Int32 nCRC = 0; - sal_Int64 nSize = 0; + try + { + sal_Int32 nCRC = 0; + sal_Int64 nSize = 0; + + if( aEntry.nMethod == STORED ) + return ( getCRC( aEntry.nOffset, aEntry.nSize ) == aEntry.nCrc ); - if( aEntry.nMethod == STORED ) - return ( getCRC( aEntry.nOffset, aEntry.nSize ) == aEntry.nCrc ); + if (aEntry.nCompressedSize < 0) + { + SAL_WARN("package", "bogus compressed size of: " << aEntry.nCompressedSize); + return false; + } - getSizeAndCRC( aEntry.nOffset, aEntry.nCompressedSize, &nSize, &nCRC ); - return ( aEntry.nSize == nSize && aEntry.nCrc == nCRC ); + getSizeAndCRC( aEntry.nOffset, aEntry.nCompressedSize, &nSize, &nCRC ); + return ( aEntry.nSize == nSize && aEntry.nCrc == nCRC ); + } + catch (uno::Exception const&) + { + return false; + } } sal_Int32 ZipFile::getCRC( sal_Int64 nOffset, sal_Int64 nSize ) commit cf3b3d3a58cfc0f81a2f2d7a65be25e35ad530c2 Author: Michael Stahl <[email protected]> AuthorDate: Thu Nov 7 13:50:01 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 tdf#162944 package: try to detect Zip64 via version https://rzymek.github.io/post/excel-zip64/ claims that it's sufficient for the version number to be 45 (4.5 - File uses ZIP64 format extensions) for Excel to read a zip entry's data descriptor as Zip64, while the Zip APPNOTE seems to require a zip64 extended information extra field to be present (see 4.3.9.2). Let's try to use the "version needed to extract" to be able to read zip files produced by Apache POI Zip64Mode.Always. Change-Id: I20f10471e3a85eb42d21c0cb08e36e345ef8fc9a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176211 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit 0f39e6fbb48dae29778c305ddd576d698a8251ad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176220 Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit cc530b1789eff756eaaded4f21595af1a169b0ce) diff --git a/package/qa/cppunit/data/pass/no_usb_2024-11-06.xlsx b/package/qa/cppunit/data/pass/no_usb_2024-11-06.xlsx new file mode 100644 index 000000000000..edba1807717e Binary files /dev/null and b/package/qa/cppunit/data/pass/no_usb_2024-11-06.xlsx differ diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 6919cde5da0e..aa5c2955ab7d 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -766,7 +766,8 @@ sal_uInt64 ZipFile::readLOC(ZipEntry &rEntry) // Just verify the path and calculate the data offset and otherwise // rely on the central directory info. - aGrabber.ReadInt16(); // version - ignore any mismatch (Maven created JARs) + // version - ignore any mismatch (Maven created JARs) + sal_uInt16 const nVersion = aGrabber.ReadUInt16(); sal_uInt16 const nLocFlag = aGrabber.ReadUInt16(); // general purpose bit flag sal_uInt16 const nLocMethod = aGrabber.ReadUInt16(); // compression method // Do *not* compare timestamps, since MSO 2010 can produce documents @@ -832,6 +833,11 @@ sal_uInt64 ZipFile::readLOC(ZipEntry &rEntry) bBroken = true; // this version does NOT support Zip64 files } } + if (!isZip64 && 45 <= nVersion) + { + // for Excel compatibility, assume Zip64 - https://rzymek.github.io/post/excel-zip64/ + isZip64 = true; + } // Just plain ignore bits 1 & 2 of the flag field - they are either // purely informative, or even fully undefined (depending on method). commit f9c706d350ca1674eb9701d2f31c54467b18c29f Author: Michael Stahl <[email protected]> AuthorDate: Mon Oct 14 13:52:12 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 tdf#163341 package: fix reading Zip64 produced by stream-write-ods 1. Accept 0xFFFF as nEndDisk/nEndDirDisk - the Zip APPNOTE says that values that don't fit into 16 bits SHOULD be 0xFFFF but it doesn't prohibit values that do fit (like, uhm, 0) to be written as 0xFFFF (regression from commit ca21cc985d57fffe7c834159b17c095206304994) 2. Fix misuse of o3tl::make_unsigned - it requires non-negative value, just do signed compare instead 3. Fix bad conversion from pointer to optional in ZipFile::readExtraFields() which effectively prevented the offset from being read (regression from commit efae4fc42d5fe3c0a69757226f38efc10d101194) Change-Id: Ib5e7776a30834e507b297fb28266b5489d1ab68d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174898 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 279f42fa8b19d4fe81c3bba4c7af21aa8ab135b9) diff --git a/package/qa/cppunit/data/tdf163341.ods b/package/qa/cppunit/data/tdf163341.ods new file mode 100644 index 000000000000..5971e0123883 Binary files /dev/null and b/package/qa/cppunit/data/tdf163341.ods differ diff --git a/package/qa/cppunit/test_zippackage.cxx b/package/qa/cppunit/test_zippackage.cxx index 2e12ac379e73..4eabcd9d424d 100644 --- a/package/qa/cppunit/test_zippackage.cxx +++ b/package/qa/cppunit/test_zippackage.cxx @@ -412,6 +412,26 @@ CPPUNIT_TEST_FIXTURE(ZipPackageTest, testTdf163364) } } +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testTdf163341) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/tdf163341.ods")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::PACKAGE))) + }; + + // this Zip64 should load successfully + // on branches with Zip64 support, but not this old branch + try + { + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + } +} + //CPPUNIT_TEST_SUITE_REGISTRATION(...); //CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 2693d2b46f25..6919cde5da0e 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -1000,12 +1000,12 @@ std::tuple<sal_Int64, sal_Int64, sal_Int64> ZipFile::findCentralDirectory() aGrabber.seek(nEndPos + 4); sal_uInt16 const nEndDisk = aGrabber.ReadUInt16(); - if (nEndDisk != 0) + if (nEndDisk != 0 && nEndDisk != 0xFFFF) { // only single disk is supported! throw ZipException("invalid end (disk)" ); } sal_uInt16 const nEndDirDisk = aGrabber.ReadUInt16(); - if (nEndDirDisk != 0) + if (nEndDirDisk != 0 && nEndDisk != 0xFFFF) { throw ZipException("invalid end (directory disk)" ); } @@ -1087,12 +1087,12 @@ std::tuple<sal_Int64, sal_Int64, sal_Int64> ZipFile::findCentralDirectory() { throw ZipException("inconsistent Zip/Zip64 end (entries)"); } - if (o3tl::make_unsigned(nEndDirSize) != sal_uInt32(-1) + if (nEndDirSize != -1 && nEnd64DirSize != nEndDirSize) { throw ZipException("inconsistent Zip/Zip64 end (size)"); } - if (o3tl::make_unsigned(nEndDirOffset) != sal_uInt32(-1) + if (nEndDirOffset != -1 && nEnd64DirOffset != nEndDirOffset) { throw ZipException("inconsistent Zip/Zip64 end (offset)"); @@ -1379,7 +1379,7 @@ bool ZipFile::readExtraFields(MemoryByteGrabber& aMemGrabber, sal_Int16 nExtraLe isZip64 = true; } nReadSize = 16; - if (dataSize >= 24 /*&& roOffset*/) + if (dataSize >= 24) { isZip64 = true; #if 0 commit 32a5030acc97948444cb1c303c72eb0deeb025b3 Author: Michael Stahl <[email protected]> AuthorDate: Mon Oct 14 12:04:05 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 tdf#163364 package: ask to recover for this invalid ODF package Bugdoc has a data descriptor on a folder entry, which is very odd and entirely pointless. Which is also the first entry, so it's an invalid ODF package anyway. ZipPackageFolder throws UnknownPropertyException for "WasEncrypted", which results in General I/O error, but we want to ask the user if the file should be opened in recovery mode. (regression from commit 32cad89592ec04ab552399095c91dd76afb3002c) Change-Id: Iafe610d507cf92d2fd2e9c3040592c3e638a30dd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174889 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 3efad499bf4f7623610a54f9f14622de4954352f) diff --git a/package/qa/cppunit/data/tdf163364.ods b/package/qa/cppunit/data/tdf163364.ods new file mode 100644 index 000000000000..a772aebdbc7e Binary files /dev/null and b/package/qa/cppunit/data/tdf163364.ods differ diff --git a/package/qa/cppunit/test_zippackage.cxx b/package/qa/cppunit/test_zippackage.cxx index 57a2eb1fed74..2e12ac379e73 100644 --- a/package/qa/cppunit/test_zippackage.cxx +++ b/package/qa/cppunit/test_zippackage.cxx @@ -384,6 +384,34 @@ CPPUNIT_TEST_FIXTURE(ZipPackageTest, testZip64End) } } +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testTdf163364) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/tdf163364.ods")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::PACKAGE))) + }; + + // don't load corrupted zip file + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue("RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + // check that this doesn't crash, it doesn't matter if it succeeds or not + } +} + //CPPUNIT_TEST_SUITE_REGISTRATION(...); //CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx index 91ff9e008ead..438b8440aa92 100644 --- a/package/source/zippackage/ZipPackage.cxx +++ b/package/source/zippackage/ZipPackage.cxx @@ -175,6 +175,14 @@ void ZipPackage::checkZipEntriesWithDD() { uno::Reference<XPropertySet> xStream; getByHierarchicalName(rEntry.sPath) >>= xStream; + uno::Reference<XServiceInfo> const xStreamSI{xStream, uno::UNO_QUERY_THROW}; + if (!xStreamSI->supportsService("com.sun.star.packages.PackageStream")) + { + SAL_INFO("package", "entry STORED with data descriptor is folder: \"" << rEntry.sPath << "\""); + throw ZipIOException( + THROW_WHERE + "entry STORED with data descriptor is folder"); + } if (!xStream->getPropertyValue("WasEncrypted").get<bool>()) { SAL_INFO("package", "entry STORED with data descriptor but not encrypted: \"" << rEntry.sPath << "\""); commit d9e4942c59fa5ed161d0407290ae4a978448dbf5 Author: Michael Stahl <[email protected]> AuthorDate: Fri Jul 5 13:57:16 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Mon Mar 10 15:42:19 2025 +0100 package: add unit tests with invalid zip packages Change-Id: I687028391833ea48884912b0e5f586b95eee3244 diff --git a/package/CppunitTest_package2_test.mk b/package/CppunitTest_package2_test.mk index 546da10deda6..206d8c7e1fb8 100644 --- a/package/CppunitTest_package2_test.mk +++ b/package/CppunitTest_package2_test.mk @@ -13,6 +13,7 @@ $(eval $(call gb_CppunitTest_CppunitTest,package2_test)) $(eval $(call gb_CppunitTest_add_exception_objects,package2_test, \ package/qa/cppunit/test_package \ + package/qa/cppunit/test_zippackage \ )) $(eval $(call gb_CppunitTest_use_libraries,package2_test, \ @@ -28,7 +29,9 @@ $(eval $(call gb_CppunitTest_use_sdk_api,package2_test)) $(eval $(call gb_CppunitTest_use_components,package2_test,\ configmgr/source/configmgr \ + package/source/xstor/xstor \ package/util/package2 \ + sax/source/expatwrap/expwrap \ ucb/source/core/ucb1 \ ucb/source/ucp/file/ucpfile1 \ )) diff --git a/package/qa/cppunit/data/casing.docx b/package/qa/cppunit/data/casing.docx new file mode 100644 index 000000000000..d8d0dffc71a6 Binary files /dev/null and b/package/qa/cppunit/data/casing.docx differ diff --git a/package/qa/cppunit/data/dd-deflated.docx b/package/qa/cppunit/data/dd-deflated.docx new file mode 100644 index 000000000000..a4638147ce91 Binary files /dev/null and b/package/qa/cppunit/data/dd-deflated.docx differ diff --git a/package/qa/cppunit/data/dd-stored.docx b/package/qa/cppunit/data/dd-stored.docx new file mode 100644 index 000000000000..41c19338821d Binary files /dev/null and b/package/qa/cppunit/data/dd-stored.docx differ diff --git a/package/qa/cppunit/data/dot-slash.docx b/package/qa/cppunit/data/dot-slash.docx new file mode 100644 index 000000000000..d50cabcbdee2 Binary files /dev/null and b/package/qa/cppunit/data/dot-slash.docx differ diff --git a/package/qa/cppunit/data/duplicate-files.odt b/package/qa/cppunit/data/duplicate-files.odt new file mode 100644 index 000000000000..cc24f7024ad1 Binary files /dev/null and b/package/qa/cppunit/data/duplicate-files.odt differ diff --git a/package/qa/cppunit/data/inner-gap.docx b/package/qa/cppunit/data/inner-gap.docx new file mode 100644 index 000000000000..d8e9a232465c Binary files /dev/null and b/package/qa/cppunit/data/inner-gap.docx differ diff --git a/package/qa/cppunit/data/overlap.docx b/package/qa/cppunit/data/overlap.docx new file mode 100644 index 000000000000..2d5d115ed800 Binary files /dev/null and b/package/qa/cppunit/data/overlap.docx differ diff --git a/package/qa/cppunit/data/slash.odt b/package/qa/cppunit/data/slash.odt new file mode 100644 index 000000000000..22c6443499af Binary files /dev/null and b/package/qa/cppunit/data/slash.odt differ diff --git a/package/qa/cppunit/data/two-zips.docx b/package/qa/cppunit/data/two-zips.docx new file mode 100644 index 000000000000..720189b20ed9 Binary files /dev/null and b/package/qa/cppunit/data/two-zips.docx differ diff --git a/package/qa/cppunit/data/two-zips.odt b/package/qa/cppunit/data/two-zips.odt new file mode 100644 index 000000000000..36d90cb9d4d9 Binary files /dev/null and b/package/qa/cppunit/data/two-zips.odt differ diff --git a/package/qa/cppunit/data/unicode-path.docx b/package/qa/cppunit/data/unicode-path.docx new file mode 100644 index 000000000000..1855aa1e7408 Binary files /dev/null and b/package/qa/cppunit/data/unicode-path.docx differ diff --git a/package/qa/cppunit/data/unicode-path.odt b/package/qa/cppunit/data/unicode-path.odt new file mode 100644 index 000000000000..9edaaeb68809 Binary files /dev/null and b/package/qa/cppunit/data/unicode-path.odt differ diff --git a/package/qa/cppunit/data/zip64-eocd.docx b/package/qa/cppunit/data/zip64-eocd.docx new file mode 100644 index 000000000000..1a4dbd0d16b1 Binary files /dev/null and b/package/qa/cppunit/data/zip64-eocd.docx differ diff --git a/package/qa/cppunit/test_zippackage.cxx b/package/qa/cppunit/test_zippackage.cxx new file mode 100644 index 000000000000..57a2eb1fed74 --- /dev/null +++ b/package/qa/cppunit/test_zippackage.cxx @@ -0,0 +1,390 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include <unotest/bootstrapfixturebase.hxx> + +#include <com/sun/star/beans/NamedValue.hpp> +#include <com/sun/star/embed/StorageFormats.hpp> +#include <com/sun/star/packages/zip/ZipIOException.hpp> + +using namespace ::com::sun::star; + +class ZipPackageTest : public test::BootstrapFixtureBase +{ +}; + +OUString const ZipPackage("com.sun.star.packages.comp.ZipPackage"); + +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testDuplicate) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/duplicate-files.odt")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue("RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + // check that this doesn't crash, it doesn't matter if it succeeds or not + } +} + +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testUnicodeODT) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/unicode-path.odt")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + + // don't load corrupted zip file + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue("RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + // check that this doesn't crash, it doesn't matter if it succeeds or not + } +} + +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testUnicodeDOCX) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/unicode-path.docx")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + + // don't load corrupted zip file + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue("RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + // check that this doesn't crash, it doesn't matter if it succeeds or not + } +} + +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testAbsolutePathODT) +{ + auto const url(m_directories.getURLFromSrc(u"/package/qa/cppunit/data/slash.odt")); + uno::Sequence<uno::Any> const args{ + uno::Any(url), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + + // don't load corrupted zip file + CPPUNIT_ASSERT_THROW(m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext( + ZipPackage, args, m_xContext), + css::packages::zip::ZipIOException); + + try + { + uno::Sequence<uno::Any> const args2{ + uno::Any(url), uno::Any(beans::NamedValue("RepairPackage", uno::Any(true))), + uno::Any(beans::NamedValue("StorageFormat", uno::Any(embed::StorageFormats::ZIP))) + }; + m_xContext->getServiceManager()->createInstanceWithArgumentsAndContext(ZipPackage, args2, + m_xContext); + } + catch (css::packages::zip::ZipIOException const&) + { + // check that this doesn't crash, it doesn't matter if it succeeds or not + } +} + +CPPUNIT_TEST_FIXTURE(ZipPackageTest, testDotPathDOCX) +{ -e ... etc. - the rest is truncated
