source

Michael Stahl (via logerrit) Mon, 11 Dec 2023 04:14:50 -0800

 external/curl/2b0994c29a721c91c57.patch    |   48 +++++++++++++++++++++++++++++
 external/curl/UnpackedTarball_curl.mk      |    1 
 unotools/source/config/securityoptions.cxx |    4 +-
 3 files changed, 52 insertions(+), 1 deletion(-)


New commits:
commit 2eba604fdae1bf5b8432b764b3cafe5072cc5fe6
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Dec 11 13:13:23 2023 +0100
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Mon Dec 11 13:13:23 2023 +0100

    curl: add patch for CVE-2023-46218
    
    Change-Id: I215bcc26b87d638189423eeaaa6c5b8d5b146bd4

diff --git a/external/curl/2b0994c29a721c91c57.patch 
b/external/curl/2b0994c29a721c91c57.patch
new file mode 100644
index 000000000000..0bcc24c06aa5
--- /dev/null
+++ b/external/curl/2b0994c29a721c91c57.patch
@@ -0,0 +1,48 @@
+From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Thu, 23 Nov 2023 08:15:47 +0100
+Subject: [PATCH] cookie: lowercase the domain names before PSL checks
+
+Reported-by: Harry Sintonen
+
+Closes #12387
+---
+ lib/cookie.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 568cf537ad1b1..9095cea3e97f2 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data,
+    * dereference it.
+    */
+   if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
+-    const psl_ctx_t *psl = Curl_psl_use(data);
+-    int acceptable;
+-
+-    if(psl) {
+-      acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
+-      Curl_psl_release(data);
++    bool acceptable = FALSE;
++    char lcase[256];
++    char lcookie[256];
++    size_t dlen = strlen(domain);
++    size_t clen = strlen(co->domain);
++    if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
++      const psl_ctx_t *psl = Curl_psl_use(data);
++      if(psl) {
++        /* the PSL check requires lowercase domain name and pattern */
++        Curl_strntolower(lcase, domain, dlen + 1);
++        Curl_strntolower(lcookie, co->domain, clen + 1);
++        acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
++        Curl_psl_release(data);
++      }
++      else
++        acceptable = !bad_domain(domain, strlen(domain));
+     }
+-    else
+-      acceptable = !bad_domain(domain, strlen(domain));
+ 
+     if(!acceptable) {
+       infof(data, "cookie '%s' dropped, domain '%s' must not "
diff --git a/external/curl/UnpackedTarball_curl.mk 
b/external/curl/UnpackedTarball_curl.mk
index 30ecbbd90eb7..e0cb3bc4f12e 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\
        external/curl/zlib.patch.0 \
        external/curl/configurable-z-option.patch.0 \
        external/curl/CVE-2023-38545_7.87.0.patch \
+       external/curl/2b0994c29a721c91c57.patch \
 ))
 
 ifeq ($(SYSTEM_NSS),)
commit 4bc3c3926dc9625a6c95c34eb47aa19906d4bd82
Author:     Noel Grandin <noel.gran...@collabora.co.uk>
AuthorDate: Thu Dec 7 15:11:45 2023 +0200
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Mon Dec 11 13:11:03 2023 +0100

    tdf#158577 Allow locking down adding new trusted authors
    
    regression from
        commit 6ed8c5a0f19901ab413c6610649326b2475c3a8c
        Author: Noel Grandin <noelgran...@gmail.com>
        Date:   Sun Jul 25 21:35:05 2021 +0200
        use officecfg for security options
    
    where I forgot to go back and complete a piece that was initially
    a little tricky.
    
    Change-Id: I2df8529ec7047bdcd9d7f655303fd72eeaa50cc6
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160429
    Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@allotropia.de>
    Tested-by: Jenkins
    Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
    (cherry picked from commit c0e438eaceb47932e61b9223e048e4eda3ed7636)

diff --git a/unotools/source/config/securityoptions.cxx 
b/unotools/source/config/securityoptions.cxx
index 7c9282fefff1..b4e1cf0fca84 100644
--- a/unotools/source/config/securityoptions.cxx
+++ b/unotools/source/config/securityoptions.cxx
@@ -78,7 +78,9 @@ bool IsReadOnly( EOption eOption )
             bReadonly = 
officecfg::Office::Common::Security::Scripting::MacroSecurityLevel::isReadOnly();
             break;
         case SvtSecurityOptions::EOption::MacroTrustedAuthors:
-            bReadonly = false; // TODO? 
officecfg::Office::Common::Security::Scripting::TrustedAuthors::isReadOnly();
+            // the officecfg does not expose isReadOnly for a 
ConfigurationSet, so we have to code this ourself
+            bReadonly =
+              
comphelper::detail::ConfigurationWrapper::get().isReadOnly(u"/org.openoffice.Office.Common/Security/Scripting/TrustedAuthors"_ustr);
             break;
         case SvtSecurityOptions::EOption::CtrlClickHyperlink:
             bReadonly = 
officecfg::Office::Common::Security::Scripting::HyperlinksWithCtrlClick::isReadOnly();

core.git: Branch 'distro/allotropia/zeta-7-4' - 2 commits - external/curl unotools/source

Reply via email to