| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
LIBREOFFICE-311XVJ95
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130670
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit b44bd9ef8e2efdb66558917200e1f179b9db1c58)
Change-Id: I159f516daafad3e4088677fe2c8c6f5423b3e264
(cherry picked from commit f9350f9a8404fd9eb5b6963022f0069e89ddd061)
|
|
|
|
|
|
|
|
|
|
|
|
| |
LIBREOFFICE-WB8DT2Q9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130668
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit 4b6956ca146f25b746f63c176b377d3c15d204ff)
Change-Id: I98529325bbd3ff475ba84b4991eb17240440df4b
(cherry picked from commit 918c4a49fa841f0d234b18234d946684fe6378af)
|
|
|
|
|
|
|
|
|
|
|
| |
LIBREOFFICE-509JU93T
Change-Id: I526edb182fed4fa023cce58e78a650a7c2046ed3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130326
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 32e8d3e45698a3cc09f66460b460db1d10ac50b5)
(cherry picked from commit 0635bbb035940dcedb17713a958f81265d69e67e)
|
|
|
|
|
|
|
|
|
|
|
| |
LIBREOFFICE-SK4E5D8N
Change-Id: I44f25a47ab6ffeb9d2b679874c8c96af1319eb2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130317
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ccaabe8e8100a3a0600456c5a65221ca2b263c95)
(cherry picked from commit aa993b7667136ff858a7c8d6f3d1bac8f255151a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and
use std::vector
LIBREOFFICE-U78X8I5G
Change-Id: I436b4c13a4ce07f5e9e5d374163bc4de55cd2cde
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129766
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8e94ec9d93fe3e1057fb1aaa2f0419114c4ea11c)
(cherry picked from commit 0361cc74c7e0619f8b25a5584accb56d0c45f97a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this initially went wrong at:
commit b4fb7a437bb0ce987702b12008737756623618ac
Date: Mon May 23 21:38:40 2011 +0100
fix up some more endian
LIBREOFFICE-SBQ5TJRS
Change-Id: Ie418f530f55288351f73f3c0cbab9ac48e6b6964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129259
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 6694e3ea9c2f05a20245d94c5c1eda955cb3aacc)
(cherry picked from commit aaad67afccf1c59bf7d8fe7ab5207ff903f1c515)
|
|
|
|
|
|
|
|
|
|
|
| |
LIBREOFFICE-SBQ5TJRS
Change-Id: I71f35bc120fdd70298685131f29a6bb822d50f11
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129261
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 17dd787a4ca9c17883e0bdfc75c89c2fa7ec169e)
(cherry picked from commit b268215d10f7da6d01c223b260970198c00cb610)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I454bff4acfcd85701a7f094a8bd76898825e9ce2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128388
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 444477a07bcaf59181dbbc719b913566091deadc)
ofz: Use-of-uninitialized-value
Change-Id: I6b768b80d972c5379005efecfb803463ca648b4b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128644
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7b37a1a5144a3a4c8b0803b7e2da81e9e108bf66)
ofz: Undefined-Shift
Change-Id: Ib935359071ef9e390aa3d6c9713ed48241ad18e6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129066
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit e863b90a0e5fc90c3b824e4b0012f9389b87a3ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129183
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 7c8b41bc322720dc9434fbef1f10a6740913165e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129416
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 7664ec93edc190ae0bc18b5793763fde5cec8d62)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: Ic5f41e4f1f6b20a8cd8887807296f33adb48b728
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128439
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bb03203848ef1c30786ad084440b5d317a466127)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129415
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit b3288c52844bec9e33a7ae725332f95c84384ac7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 0ce93b38af84453aba8002c098ac168b0fadfc97)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e63611fabd38c757809b510fbb71c077880b1081)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124196
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 3dfe381032fc61ea31106f103dee9db8277d4d25)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124420
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ee48ce9886d884730a91c695b5d0668c6d90c740)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that
8 tests including testODFGood in CppunitTest/xmlsecurity_signing
fail because the crypto policy disallows SHA1 for signatures.
Apparently this particular policy bit was added in NSS 3.59:
https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
For signatures, maybe it's not a good idea to override system policy
for product builds, so do it locally in the tests, at least for now.
If similar problems turn up for encrypted documents in the future,
that should be fixed in product builds too of course, as encrypted
documents must always be decryptable.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123768
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 51e82016e8783a452fe5f7921d12c1bf20bfd6b5)
xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicy
The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1
is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually
in libnssutil3.so.
This causes a linking problem when upgrading the internal NSS to a
version that has NSS_USE_ALG_IN_ANY_SIGNATURE.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 395c0c0bbaceadf909e0189af99c6358487c7978)
Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123838
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 0f3431026dbff0251efeb0b92be335841a08cc5d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora nss-3.69.0-1.fc34.x86_64 and Debian libnss3:amd64 2:3.70-1 no
longer support the old BerekelyDB databases, so convert them to the new
SQLite format for the benefit of --with-system-nss builds.
This worked to do the upgrade:
> certutil -N -d sql:test/new --empty-password
> LD_LIBRARY_PATH=instdir/program workdir/UnpackedTarball/nss/dist/out/bin/certutil --merge -d sql:test/new --source-dir dbm:test/signing-keys
Builds would fail running tests added in commit
40d70d427edddb589eda64fafc2e56536953d274
signing.cxx:551:Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123586
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 907784ccce7bd8b5121888cff7f5723a55d35358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123643
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7b4b03b9cf21ecd11bc82da5f29c4ff91ad242c9)
Change-Id: I00aa20703e117ebf583c3331b84e966c2cfc78cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123837
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 755155498b13c8724831276808c930adba891f5c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't
actually run on WNT but that wasn't obvious because commit
149df1fec6472e30582162e17e04c75aee91d26a prevented running them in
Jenkins on master, they failed only in the libreoffice-7-1 backport.
xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion
Test name: testODFDoubleX509Certificate::TestBody
assertion failed
- Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)
- 2
This is an oddity where NSS claims the signature in the document is
valid but CryptoAPI claims it is invalid; the hashes passed into the
validation functions are the same. Just allow BROKEN as an additional
result value on WNT.
xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The problem here is that with NSS the tests use a custom NSS database
in test/signing-keys so we need to make these certificates available for
CryptoAPI too.
The following one-liner converts the NSS database to a PKCS#7 that can
be loaded by CrytpAPI:
> openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b
Then one might naively assume that something like this would allow these
certificates to be added temporarily as trusted CAs:
+ HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ;
+ HCERTSTORE const hExtra = CertOpenStore(
+ CERT_STORE_PROV_FILENAME_A,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
+ path);
+ if (hExtra != NULL && hRoot != NULL)
+ {
+ BOOL ret = CertAddStoreToCollection(
+ hRoot,
+ hExtra,
+ CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
+ 0);
+ SAL_DEBUG("XXX hExtra done " << ret);
+ }
There is no error from this, but it doesn't work.
Instead, check if CertGetCertificateChain() sets the
CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate
manually in the extra PKCS#7 store.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7d664ec788acdc378506a7ff8b1120cea24a6770)
Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123836
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 7c622c58cda433964dd73544d56a81a7c88e3f5d)
|
|
|
|
|
| |
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
(cherry picked from commit 8193373a700c4b5acfc6285fac25eff06b6ffb1b)
|
|
|
|
|
| |
Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b
(cherry picked from commit cec50077eaef32890d9565237277a607c7721c83)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2022-23308
Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130259
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130296
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130157
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130294
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2021-30560
Change-Id: I334662ddc40955780321133be9aee23858e04dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130023
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit d74fbedd96c9563e1f6bb245dc7e136b30bc5e84)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130080
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129072
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8b537d5b40c617c29cf7ca19e63ab882525cf3aa)
Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129212
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128110
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124779
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 35eef8ec9b122a761400f3c6590ca1f9a187d772)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124701
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 105c258fcdd69f617de64b780ffcdb8304ff262c)
Change-Id: I398596f77aa47ab6d4db01b94422262048cffd3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124838
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2021-23222.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125334
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit b7c670984e4af1c73fa05731ca8029cec487bd52)
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124953
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124837
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d)
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119423
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
|
|
|
|
|
|
| |
Backport of changes to commit after it was cherry-picked to this branch
Change-Id: I13b6c3ad5de386cf74e2b346f10889bc46a8ad4e
|
|
|
|
| |
Change-Id: I3e9ac109b6dbdd4dd6a3b6281699e58563f4805c
|
|
|
|
|
|
|
| |
More partial application of commit
ed40d477b2412d4f23540052ca0748028c6103e6
Change-Id: If0bd069b6943486b0bd7b6a82304b082b98ad946
|
|
|
|
|
|
|
| |
Fix packaging breakage on Linux - Repository.mk also implicitely
adds lib to packaging.
Change-Id: I7912128afbcc177b4d66b4be975bc90331b6d67a
|
|
|
|
|
|
| |
Allows adding custom jump list categories to Windows Task Bar
Change-Id: I13b6c3ad5de386cf74e2b346f10889bc46a8ad4e
|
|
|
|
|
|
| |
Partial backport of commit 996610352fd0fc5d57a9231fa7fb3d43533863d6
Change-Id: I1221757d54a90357c5fb8b3ee3fc967fce9c76c6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inspired from:
author Julien Nabet <serval2412@yahoo.fr> 2020-05-29 23:58:59 +0200
committer Mike Kaganski <mike.kaganski@collabora.com> 2020-06-03 23:04:27 +0200
commit 95e5d37b6e62eb39f2d5337e124e86b3d0c3f399 (patch)
tree 5488826b390c04a2b32d2f9aa43f49a64f52db3d
parent 3d3cb4328ece843b3e31b8411f9d16bbedb57a7b (diff)
Improve COM library management in ADO
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95498
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 08e02ae9606f6cb7ef49745ebe177089ed6d39fa)
Change-Id: If0b136cdcc89baa6bc90912d42b3ba07fa6c0efb
|
|
|
|
|
|
| |
Partial backport of ed40d477b2412d4f23540052ca0748028c6103e6
Change-Id: I3a852a5172d363c2f37f8c4066e1e2f6a18e7c37
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-generated configure file gets confused & claims not finding C89-
compatible compiler for gcc-wrapper-building libassuan with msvc
underneath.
Work-around the problem by telling toolchain right off that this
_is_ a std c compliant compiler.
Change-Id: I4fa23673b790bc70a9294951df545c27f5236f81
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127641
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 1bb0e177124d5d6661b72df6c7d848fb23639652)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132061
Tested-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible that flags on the fly are all valid when it is moved off page
when SwLayAction::FormatContent() returns and then it may not be positioned
again, keeping its (wrong) position on the old page and will appear to be
invisible unless you click on it.
(regression from commits c799de145f7e289f31e3669646e5bd12814e6c5e
and eb85de8e6b61fb3fcb6c03ae0145f7fe5478bccf)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130535
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit b14bb255199e7d6db6ec9155b5d9237cb35fdba7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130548
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 2bed04d49fda2e2005699b3ef884c5295e56d8ca)
Change-Id: If07d5af7b47eb288bef71d1b9e3459197b50fdc9
|
|
|
|
| |
Change-Id: I4248fb283d4399a8501a979cae7e6bcc6d8e8a2d
|
|
|
|
| |
Change-Id: Id7e69e764664978cc97016803773c1077cd15979
|
|
|
|
|
|
|
|
| |
Change-Id: Ibddfc30a5f0828ab77235ec1155f1c2e1eef24ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116506
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e6c25186c8584f68b5f8074004556bd855200fff)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the document is loaded via UI, the first layout action is triggered
from resizing the Window and the table is positioned properly on the
first try.
If the document is loaded via --convert-to, only getRendererCount()
formats the content of the table, and positioning goes wrong.
Somehow the 2 rows of the table in the fly end up on the same Y
position, because when the text frame in the 1st row is formatted
and grows from 0 to 230, the already-valid position of the cell
frame in the 2nd row is not invalidated.
This happens since the earliest version checked, OOo 3.4 beta.
This fix is somewhat similar to commit
068c133ac41c97652909b88c432e3b73010efc3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129851
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e7874c936dd1ff9b3423eb7477cbee2494535176)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129845
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 06bb600ce3445abe095b8011ec7e66b33badb4ef)
Change-Id: I3259c440265cfe40dc7731cb4830bfe2487acf38
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For unknown reasons, this loops since commit
32902f66e7749b2d06d13f50416be5323a0c0ea9a
"sw_redlinehide: make layout based Show/Hide mode the default"
The problem is that when page 1 is layouted for the first time, it
splits into 6 pages, and then the SwTabFrame 47 decides that it wants
to move its follow flow line because it fits onto page 1.
Then splitting the SwTabFrame again fails, but for this
RemoveFollowFlowLine() was called a 2nd time and removed the one on
page 3.
The result is a layout with content on page 1, nothing on page 2, 3
and again content on page 4. This seems to reoccur every time page 1
is formatted.
But the first RemoveFollowFlowLine() was wrong because
CalcHeightOfFirstContentLine() returns 0 because
lcl_CalcHeightOfFirstContentLine() didn't handle the case of
SwSectionFrame containing SwTabFrame.
This is similar to commit e024cad7c1365da6a198656c3ca0c32b28938e87
doing the same thing for text frames in section.
Change-Id: I23fb4d1d56622039f461bb2d357a9c88db140605
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129800
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit b4271e028686d729189afc5e42a9c310f81144f3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129828
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 60811f97c753360393f52aa747837db15a722162)
|
|
|
|
| |
Change-Id: I3ea3698f6e8473dad3211a1b18788a9a49c039e7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not interrupt the idle layout processing unnecessarily, because if it
is continually interrupted before making enough progress then it will
keep resuming at the same page, never finishing, constantly using CPU.
This is achieved with two changes:
- Revert "tdf#123583 use TaskStopwatch for Writer Idle loop"
(commit 383032c50a3e3354f04200ce984a47ab9d2c5c67) which
introduced a stopwatch timer to interrupt idle processing every 50ms.
This reversion restores the previous behaviour where idle processing
is interrupted only when there is an input event.
- Filter out TIMER events so that they do not interrupt the idle loop;
this fixes both tdf#123583 and tdf#141556
Conflicts:
sw/source/core/inc/layact.hxx
sw/source/core/layout/layact.cxx
Change-Id: Ic989631e5f32199209d64b66b72059253fc0167a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113825
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 0fedac18214a6025401c4c426466a5166553e8ec)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114944
(cherry picked from commit b33148071ae6256845352f8625e58b1ab95be41c)
|
|
|
|
| |
Change-Id: I360c95365dbe553dc589a0a7da99189f1148a754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't see much of a point in the extra CheckIdleEnd() function.
We already check IsInterrupt() almost everywhere, so move that
check in there.
An other strange thing is the Idle job, which should just be
interrupted by keyboard events (using SetInputType(, which this
patch removes). Unlucky for me this code was there in the initial
import. I can just say that othing obvious breaks...
Change-Id: Ia5955d1eaf2ab612f2c4b63b0e458ed92507b75c
Reviewed-on: https://gerrit.libreoffice.org/77040
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit 383032c50a3e3354f04200ce984a47ab9d2c5c67)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(that had been added with 6e13585508ca3c9b66c6571ad1eb42bfcb66ef0b "Add a
TaskStopwatch to interrupt idle loops"). For each StopwatchIdle, m_nIters
counts the calls to Invoke before it calls Stop (which it calls based on
tools::Time::GetSystemTicks calculations). But the number of such
GetSystemTicks() spent in each Invoke is nondeterministic (it can e.g. be
affected by the overall system load), so a2Idle may Stop prior to a1Idle and
thus have a lower nIter2 than nIter1.
Change-Id: I416eee9774c3605be25e9832b24dec7d9dcb00c2
Reviewed-on: https://gerrit.libreoffice.org/77561
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 92e42a0fde32e3f2dbe2c786a0e41547e4912b4b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have multiple pending Idles, they will interrupt / starve
each other, because there will be an instant pending timeout for
the next Idle.
This patch introduces a time slice to tasks, so long running events
can use a TaskStopwatch to do the real interrupt after running out
of their time slice. Apart from the time, this breaks when AnyInput
is available, except for the timer event.
This class just helps to track the time, as the scheduler is coop,
not preemptive.
Change-Id: I9d0b4a5aa388ebdf496b355d100152d890224524
Reviewed-on: https://gerrit.libreoffice.org/75568
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit 6e13585508ca3c9b66c6571ad1eb42bfcb66ef0b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On loading, this hits loop control
warn:legacy.osl:580715:580715:sw/source/core/layout/layact.cxx:543: LoopControl_1 in SwLayAction::InternalAction
This is because there's a fly frame 404 anchored at the last text
frame 353 on page 2 inside the nested table 347.
ShouldBwdMoved() sees that there is space on the bottom of page 2 and
hence the follow flow row joined, but then it immediately splits again
in the same way as before due to the fly with WrapTextMode_NONE.
But then the outer table's cell 273 (upper of 347) is invalidated
again, hence the loop.
Try to check for overlapping flys in SwTabFrame::ShouldBwdMoved()
by reusing CalcFlyOffsets(), which is ... not quite ideal, but perhaps
better than copy-pasting half of it to a new function.
This should have less side effects than the previous fix, but a problem
remains that clicking on the shape on bottom of page 2 causes the layout
to go wonky, but that was also the case with previous fix.
Note there's a check of SwLayouter::DoesRowContainMovedFwdFrame() there
already, but that doesn't help because it will only detect when the fly
itself was moved forward, but in this case the fly remains on the page.
Also likely it wouldn't be a good idea to move a text frame forward if
the only thing of it that fits on a page is an anchored fly (i.e. its
follow has mnOffset=0) because that can be intentional.
Change-Id: I0376f7dcb784c006990336233c97f5093aaccb77
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117473
Tested-by: Jenkins
Tested-by: László Németh <nemeth@numbertext.org>
Reviewed-by: László Németh <nemeth@numbertext.org>
(cherry picked from commit f1439db62eb36ef5fbc9111b87dc4e0f24b3cb86)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117602
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 35a0bfa7bf52ca713ea8e57cd982d16723be920d)
|