diff --git a/SOURCES/0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch b/SOURCES/0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch new file mode 100644 index 0000000..964aea4 --- /dev/null +++ b/SOURCES/0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch @@ -0,0 +1,50 @@ +From 78fd31b17931e1217d3b11fcbd13a41d79d99055 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Wed, 23 Sep 2020 11:41:05 +0200 +Subject: [PATCH] Convert attribute value to UTF-8 when passing it to libxml2 + +Using toUtf8, requiring the OUString to actually contain well-formed data, but +which is likely OK for this test-code--only function, and is also what similar +dumpAsXml functions e.g. in editeng/source/items/textitem.cxx already use. + +This appears to have been broken ever since the code's introduction in +553f10c71a2cc92f5f5890e24948f5277e3d2758 "add dumpAsXml() to more pool items", +and it would typically only have written the leading zero or one +(depending on the architecture's endianness) characters. (I ran across it on +big-endian s390x, where CppunitTest_sd_tiledrendering +SdTiledRenderingTest::testTdf104405 failed because of + +> Entity: line 2: parser error : Input is not proper UTF-8, indicate encoding ! +> Bytes: 0xCF 0x22 0x2F 0x3E +> ation=""/> +Date: Wed, 23 Sep 2020 12:01:35 +0200 +Subject: [PATCH] Correctly read PNG into bitmaps N32BitTcA... formats (where + alpha comes first) + +This appears to be a regression introduced with +86ea64f216819696cd86d1926aff0a138ace2baf "Support for native 32bit Bitmap in VCL +and SVP (cairo) backend". It caused CppunitTest_vcl_png_test to fail on +(big-endian) Linux s390x with + +> vcl/qa/cppunit/png/PngFilterTest.cxx:176:PngFilterTest::testPng +> equality assertion failed +> - Expected: c[ff000040] +> - Actual : c[0000ff40] + +where eFormat happens to be ScanlineFormat::N32BitTcArgb, vs. +ScanlineFormat::N32BitTcBgra on e.g. Linux x86-64 (and which thus didn't notice +the lack of support for N32BitTcA... formats where alpha goes first instead of +last). + +Change-Id: Id6030468718f6ef831b42f2b5ad7ba2c4c46a805 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103240 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +(cherry picked from commit 0387077e6647d7a30fd36d4ec41dfc559afe45c3) +--- + vcl/source/filter/png/PngImageReader.cxx | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/vcl/source/filter/png/PngImageReader.cxx b/vcl/source/filter/png/PngImageReader.cxx +index 958cae34eb46..6e9f3825face 100644 +--- a/vcl/source/filter/png/PngImageReader.cxx ++++ b/vcl/source/filter/png/PngImageReader.cxx +@@ -188,6 +188,8 @@ bool reader(SvStream& rStream, BitmapEx& rBitmapEx, bool bUseBitmap32) + for (auto& rRow : aRows) + rRow.resize(aRowSizeBytes, 0); + ++ auto const alphaFirst = (eFormat == ScanlineFormat::N32BitTcAbgr ++ || eFormat == ScanlineFormat::N32BitTcArgb); + for (int pass = 0; pass < nNumberOfPasses; pass++) + { + for (png_uint_32 y = 0; y < height; y++) +@@ -199,10 +201,17 @@ bool reader(SvStream& rStream, BitmapEx& rBitmapEx, bool bUseBitmap32) + for (size_t i = 0; i < aRowSizeBytes; i += 4) + { + sal_Int8 alpha = pRow[i + 3]; ++ if (alphaFirst) ++ { ++ pScanline[iColor++] = alpha; ++ } + pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 0], alpha); + pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 1], alpha); + pScanline[iColor++] = vcl::bitmap::premultiply(pRow[i + 2], alpha); +- pScanline[iColor++] = alpha; ++ if (!alphaFirst) ++ { ++ pScanline[iColor++] = alpha; ++ } + } + } + } +-- +2.33.1 + diff --git a/SOURCES/0001-Fix-endianness-issues-in-OOX-crypto-routines.patch b/SOURCES/0001-Fix-endianness-issues-in-OOX-crypto-routines.patch new file mode 100644 index 0000000..bae5223 --- /dev/null +++ b/SOURCES/0001-Fix-endianness-issues-in-OOX-crypto-routines.patch @@ -0,0 +1,116 @@ +From 96b088a62174a70441ebe959495756e9d86203a2 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Thu, 24 Sep 2020 14:51:16 +0200 +Subject: [PATCH] Fix endianness issues in OOX crypto routines + +...without which CppunitTest_sw_ooxmlencryption failed on (big-endian) s390x: + +* The 32-bit segment counter in AgileEngine::de-/encrypt apparently needs to be + stored in LSB format (at least, if it is, CppunitTest_sw_ooxmlencryption + ultimately succeeded, whereas otherwise it failed). + +* The UTF-16 string in Standard2007Engine::calculateEncryptionKey apparently + needs to be in LSB format (at least, if it is, CppunitTest_sw_ooxmlencryption + ultimately succeeded, whereas otherwise it failed). + +* The various 32-bit values in the EncryptionStandardHeader and + EncryptionVerifierAES data structures apparently need to be written out in LSB + format in Standard2007Engine::writeEncryptionInfo, given that they are always + read in LSB format in Standard2007Engine::readEncryptionInfo. + +Change-Id: I3a1efbfe324b1bbd539b88dc5d40bb44f9676ffa +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103315 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +(cherry picked from commit 646a69757b928aeaf6e0d0d41c4b30c02803a3a3) +--- + oox/source/crypto/AgileEngine.cxx | 16 +++++++++----- + oox/source/crypto/Standard2007Engine.cxx | 28 +++++++++++++++++------- + 2 files changed, 30 insertions(+), 14 deletions(-) + +diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx +index 7c2a0e9c93d2..0fc972bf2ca5 100644 +--- a/oox/source/crypto/AgileEngine.cxx ++++ b/oox/source/crypto/AgileEngine.cxx +@@ -457,9 +457,11 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream, + + while ((inputLength = aInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0) + { +- sal_uInt8* segmentBegin = reinterpret_cast(&segment); +- sal_uInt8* segmentEnd = segmentBegin + sizeof(segment); +- std::copy(segmentBegin, segmentEnd, saltWithBlockKey.begin() + saltSize); ++ auto p = saltWithBlockKey.begin() + saltSize; ++ p[0] = segment & 0xFF; ++ p[1] = (segment >> 8) & 0xFF; ++ p[2] = (segment >> 16) & 0xFF; ++ p[3] = segment >> 24; + + hashCalc(hash, saltWithBlockKey, mInfo.hashAlgorithm); + +@@ -800,9 +802,11 @@ void AgileEngine::encrypt(css::uno::Reference & rxInputS + inputLength : oox::core::roundUp(inputLength, sal_uInt32(mInfo.blockSize)); + + // Update Key +- sal_uInt8* segmentBegin = reinterpret_cast(&nSegment); +- sal_uInt8* segmentEnd = segmentBegin + nSegmentByteSize; +- std::copy(segmentBegin, segmentEnd, saltWithBlockKey.begin() + saltSize); ++ auto p = saltWithBlockKey.begin() + saltSize; ++ p[0] = nSegment & 0xFF; ++ p[1] = (nSegment >> 8) & 0xFF; ++ p[2] = (nSegment >> 16) & 0xFF; ++ p[3] = nSegment >> 24; + + hashCalc(hash, saltWithBlockKey, mInfo.hashAlgorithm); + +diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx +index 38c4e03baf15..e96fc8f841f2 100644 +--- a/oox/source/crypto/Standard2007Engine.cxx ++++ b/oox/source/crypto/Standard2007Engine.cxx +@@ -79,12 +79,12 @@ bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword) + std::vector initialData(saltSize + passwordByteLength); + std::copy(saltArray, saltArray + saltSize, initialData.begin()); + +- const sal_uInt8* passwordByteArray = reinterpret_cast(rPassword.getStr()); +- +- std::copy( +- passwordByteArray, +- passwordByteArray + passwordByteLength, +- initialData.begin() + saltSize); ++ auto p = initialData.begin() + saltSize; ++ for (sal_Int32 i = 0; i != rPassword.getLength(); ++i) { ++ auto c = rPassword[i]; ++ *p++ = c & 0xFF; ++ *p++ = c >> 8; ++ } + + // use "hash" vector for result of sha1 hashing + // calculate SHA1 hash of initialData +@@ -223,11 +223,23 @@ void Standard2007Engine::writeEncryptionInfo(BinaryXOutputStream& rStream) + sal_uInt32 headerSize = encryptionHeaderSize + cspNameSize; + rStream.WriteUInt32(headerSize); + +- rStream.writeMemory(&mInfo.header, encryptionHeaderSize); ++ rStream.WriteUInt32(mInfo.header.flags); ++ rStream.WriteUInt32(mInfo.header.sizeExtra); ++ rStream.WriteUInt32(mInfo.header.algId); ++ rStream.WriteUInt32(mInfo.header.algIdHash); ++ rStream.WriteUInt32(mInfo.header.keyBits); ++ rStream.WriteUInt32(mInfo.header.providedType); ++ rStream.WriteUInt32(mInfo.header.reserved1); ++ rStream.WriteUInt32(mInfo.header.reserved2); + rStream.writeUnicodeArray(lclCspName); + rStream.WriteUInt16(0); + +- rStream.writeMemory(&mInfo.verifier, sizeof(msfilter::EncryptionVerifierAES)); ++ rStream.WriteUInt32(mInfo.verifier.saltSize); ++ rStream.writeMemory(&mInfo.verifier.salt, sizeof mInfo.verifier.salt); ++ rStream.writeMemory(&mInfo.verifier.encryptedVerifier, sizeof mInfo.verifier.encryptedVerifier); ++ rStream.WriteUInt32(mInfo.verifier.encryptedVerifierHashSize); ++ rStream.writeMemory( ++ &mInfo.verifier.encryptedVerifierHash, sizeof mInfo.verifier.encryptedVerifierHash); + } + + void Standard2007Engine::encrypt(css::uno::Reference & rxInputStream, +-- +2.33.1 + diff --git a/SOURCES/0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch b/SOURCES/0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch new file mode 100644 index 0000000..17afff6 --- /dev/null +++ b/SOURCES/0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch @@ -0,0 +1,59 @@ +From 9f393ee10ae198063bbe3b71c2c87262e7880a34 Mon Sep 17 00:00:00 2001 +From: Stephan Bergmann +Date: Wed, 23 Sep 2020 11:53:11 +0200 +Subject: [PATCH] Read MOSDocumentLockFile UTF-16 string data with same + endianness +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +...as MSODocumentLockFile::WriteEntryToStream has written it to (i.e., +always as UTF-16LE, assuming that is actually the right format to use). The +discrepancy between writing and reading the string data appears to be present +ever since the code's introduction in 5db1e20b8b0942dac2d50f3cd34532bb61147020 +"Introduce new lockfile handler for MSO like lockfiles". + +This caused CppunitTest_svl_lockfiles to fail on (big-endian) s390x Linux with + +> svl/qa/unit/lockfiles/test_lockfiles.cxx:578:(anonymous namespace)::LockfileTest::testWordLockFileRT +> equality assertion failed +> - Expected: LockFile Test +> - Actual : 䰀漀挀欀䘀椀氀攀 吀攀猀琀 + +etc. + +Change-Id: I97267aa14a3a926e7fd7bb1d2ce7d2de05d52a64 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103238 +Tested-by: Jenkins +Reviewed-by: Stephan Bergmann +(cherry picked from commit 1b9fa11a0869246fe0433b79aab30dd216cf92b6) +--- + svl/source/misc/msodocumentlockfile.cxx | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/svl/source/misc/msodocumentlockfile.cxx b/svl/source/misc/msodocumentlockfile.cxx +index 9650db03999f..0c857ffb53ec 100644 +--- a/svl/source/misc/msodocumentlockfile.cxx ++++ b/svl/source/misc/msodocumentlockfile.cxx +@@ -228,8 +228,16 @@ LockFileEntry MSODocumentLockFile::GetLockData() + nUTF16Len = *++pBuf; // use Excel/PowerPoint position + + if (nUTF16Len > 0 && nUTF16Len <= 52) // skip wrong format +- aResult[LockFileComponent::OOOUSERNAME] +- = OUString(reinterpret_cast(pBuf + 2), nUTF16Len); ++ { ++ OUStringBuffer str(nUTF16Len); ++ sal_uInt8 const* p = reinterpret_cast(pBuf + 2); ++ for (int i = 0; i != nUTF16Len; ++i) ++ { ++ str.append(sal_Unicode(p[0] | (sal_uInt32(p[1]) << 8))); ++ p += 2; ++ } ++ aResult[LockFileComponent::OOOUSERNAME] = str.makeStringAndClear(); ++ } + } + } + return aResult; +-- +2.33.1 + diff --git a/SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch b/SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch index 3baded8..c7c1592 100644 --- a/SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch +++ b/SOURCES/0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch @@ -1,7 +1,7 @@ -From fd2574fc4f095e5a46a5277d260782c570afc8e8 Mon Sep 17 00:00:00 2001 +From 78f208c5aa615ccf6738d2a174564269e5f3e0ab Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Tue, 30 Mar 2021 17:37:31 +0200 -Subject: [PATCH 6/6] xmlsecurity: replace OOXMLSecParser implementation +Subject: [PATCH] xmlsecurity: replace OOXMLSecParser implementation This is similar to 12b15be8f4f930a04d8056b9219ac969b42a9784 and following commits, but OOXMLSecParser has some differences to XSecParser, such as @@ -18,8 +18,8 @@ Change-Id: I56e39d9609db8fcad50ca1632ff482c1f0a30ff5 --- include/xmloff/xmlnmspe.hxx | 3 + xmlsecurity/source/helper/ooxmlsecparser.cxx | 1473 +++++++++++++++--- - xmlsecurity/source/helper/ooxmlsecparser.hxx | 74 +- - 3 files changed, 1314 insertions(+), 236 deletions(-) + xmlsecurity/source/helper/ooxmlsecparser.hxx | 78 +- + 3 files changed, 1314 insertions(+), 240 deletions(-) diff --git a/include/xmloff/xmlnmspe.hxx b/include/xmloff/xmlnmspe.hxx index 302a134f92fe..bebb1d656b40 100644 @@ -1565,7 +1565,7 @@ index a25872fc057d..42f226f57d14 100644 if (m_xNextHandler.is()) m_xNextHandler->characters(rChars); diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx -index d3c199147255..540028b22fc9 100644 +index d3c199147255..21ff01ff26da 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.hxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx @@ -15,6 +15,10 @@ @@ -1579,7 +1579,7 @@ index d3c199147255..540028b22fc9 100644 class XSecController; class XMLSignatureHelper; -@@ -25,38 +29,62 @@ class OOXMLSecParser: public cppu::WeakImplHelper +@@ -25,38 +29,58 @@ class OOXMLSecParser: public cppu::WeakImplHelper css::lang::XInitialization > { @@ -1654,10 +1654,10 @@ index d3c199147255..540028b22fc9 100644 - bool m_bInSignatureLineId; - OUString m_aSignatureLineId; - - /// Last seen . - OUString m_aReferenceURI; - /// Already called addStreamReference() for this reference. - bool m_bReferenceUnresolved; +- /// Last seen . +- OUString m_aReferenceURI; +- /// Already called addStreamReference() for this reference. +- bool m_bReferenceUnresolved; XMLSignatureHelper& m_rXMLSignatureHelper; + OUString HandleIdAttr(css::uno::Reference const& xAttrs); @@ -1666,5 +1666,5 @@ index d3c199147255..540028b22fc9 100644 explicit OOXMLSecParser(XMLSignatureHelper& rXMLSignatureHelper, XSecController* pXSecController); virtual ~OOXMLSecParser() override; -- -2.32.0 +2.33.1 diff --git a/SPECS/libreoffice.spec b/SPECS/libreoffice.spec index c49d9ac..a75c22a 100644 --- a/SPECS/libreoffice.spec +++ b/SPECS/libreoffice.spec @@ -54,7 +54,7 @@ Summary: Free Software Productivity Suite Name: libreoffice Epoch: 1 Version: %{libo_version}.2 -Release: 7%{?libo_prerelease}%{?dist} +Release: 8%{?libo_prerelease}%{?dist} License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 URL: http://www.libreoffice.org/ @@ -275,6 +275,10 @@ Patch31: 0003-xmlsecurity-replace-XSecParser-implementation.patch Patch32: 0004-CVE-2021-25634.patch Patch33: 0005-CVE-2021-25633.patch Patch34: 0006-xmlsecurity-replace-OOXMLSecParser-implementation.patch +Patch35: 0001-Correctly-read-PNG-into-bitmaps-N32BitTcA.-formats-w.patch +Patch36: 0001-Read-MOSDocumentLockFile-UTF-16-string-data-with-sam.patch +Patch37: 0001-Convert-attribute-value-to-UTF-8-when-passing-it-to-.patch +Patch38: 0001-Fix-endianness-issues-in-OOX-crypto-routines.patch %if 0%{?rhel} # not upstreamed @@ -1027,6 +1031,11 @@ sed -i -e /CppunitTest_sw_uiwriter/d sw/Module_sw.mk sed -i -e /CppunitTest_sc_subsequent_filters_test/d sc/Module_sc.mk %endif sed -i -e /CppunitTest_sal_osl/d sal/Module_sal.mk +%ifarch s390x +sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk +sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk +sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk +%endif git commit -q -a -m 'temporarily disable failing tests' @@ -1506,8 +1515,8 @@ for jar in %{buildroot}%{baseinstdir}/program/classes/*.jar; do done %check -%ifnarch ppc64 s390x aarch64 armv7hl -make +%ifnarch ppc64 aarch64 armv7hl +make unitcheck slowcheck # we don't need this anymore rm -f %{buildroot}%{baseinstdir}/program/classes/smoketest.jar %endif @@ -2259,6 +2268,9 @@ done %{_includedir}/LibreOfficeKit %changelog +* Tue Dec 07 2021 Caolán McNamara - 1:6.4.7.2-8 +- Resolves: rhbz#2029810 enable make check on s390x + * Fri Oct 15 2021 Caolán McNamara - 1:6.4.7.2-7 - Resolves: rhbz#2013858 CVE-2021-25633 - Resolves: rhbz#2014215 CVE-2021-25634