configure.ac | 2 download.lst | 20 +++---- external/curl/configurable-z-option.patch.0 | 2 external/curl/curl-msvc-disable-protocols.patch.1 | 6 +- external/curl/curl-msvc.patch.1 | 18 +++--- external/curl/zlib.patch.0 | 8 +- external/libxslt/ExternalPackage_libxslt.mk | 2 external/libxslt/UnpackedTarball_libxslt.mk | 1 external/libxslt/libxslt-1.1.26-memdump.patch | 10 --- include/sfx2/docmacromode.hxx | 1 sfx2/source/doc/docmacromode.cxx | 24 ++++++++ sfx2/source/doc/objmisc.cxx | 6 ++ sfx2/source/doc/objserv.cxx | 10 +++ sfx2/source/doc/objstor.cxx | 3 + sfx2/source/view/frmload.cxx | 3 + ucb/source/ucp/webdav-curl/CurlSession.cxx | 9 --- xmlsecurity/CppunitTest_xmlsecurity_signing.mk | 1 xmlsecurity/qa/unit/signing/data/signature-forgery-cdh-lfh.docx |binary xmlsecurity/qa/unit/signing/signing.cxx | 27 ++++++++++ 19 files changed, 102 insertions(+), 51 deletions(-)
New commits: commit d8f8c351519e779770c5defcb25e359d875b84c7 Author: Xisco Fauli <[email protected]> AuthorDate: Sat Sep 7 00:42:57 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:09 2025 +0200 Python: upgrade to 3.8.20 Downloaded from https://www.python.org/ftp/python/3.8.20/Python-3.8.20.tar.xz Change-Id: I142d52236bcd4011359889ce6e64898ca08999c7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172983 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Jenkins (cherry picked from commit f61641cbd6a06f6669b7390599925a3133e17ce1) (cherry picked from commit 61830423954845315bcd750228aff665f45ad635) diff --git a/configure.ac b/configure.ac index 6eec99b2abea..4f5b3401fd5e 100644 --- a/configure.ac +++ b/configure.ac @@ -9955,7 +9955,7 @@ if test \( "$cross_compiling" = yes -a -z "$PYTHON_FOR_BUILD" \) -o "$enable_pyt SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=8 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.19 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.20 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index 6bd799cafdf8..8b4a93a4cc04 100644 --- a/download.lst +++ b/download.lst @@ -470,8 +470,8 @@ POSTGRESQL_TARBALL := postgresql-13.14.tar.bz2 # three static lines # so that git cherry-pick # will not run into conflicts -PYTHON_SHA256SUM := d2807ac69f69b84fd46a0b93bbd02a4fa48d3e70f4b2835ff0f72a2885040076 -PYTHON_TARBALL := Python-3.8.19.tar.xz +PYTHON_SHA256SUM := 6fb89a7124201c61125c0ab4cf7f6894df339a40c02833bfd28ab4d7691fafb4 +PYTHON_TARBALL := Python-3.8.20.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 08441b577015955c0520f2b2f533f0733b25530d Author: Xisco Fauli <[email protected]> AuthorDate: Wed Jul 31 11:44:49 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:09 2025 +0200 curl: upgrade to 8.9.1 Downloaded from https://curl.se/download/curl-8.9.1.tar.xz Change-Id: I7a8ddd798c41ee6c9163b771b6c57f100fdc8af0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171292 Tested-by: Jenkins Reviewed-by: Taichi Haradaguchi <[email protected]> Signed-off-by: Xisco Fauli <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172834 Reviewed-by: Christian Lohmaier <[email protected]> Tested-by: Christian Lohmaier <[email protected]> (cherry picked from commit 75e59e74507b9e474ae1c594a0f6bd248632e11b) (cherry picked from commit a794e0fd35174d3b5db21a983836857f29759867) diff --git a/download.lst b/download.lst index 08de642e6a26..6bd799cafdf8 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412 -CURL_TARBALL := curl-8.9.0.tar.xz +CURL_SHA256SUM := f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5 +CURL_TARBALL := curl-8.9.1.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 810f476956e22dd5e3fde57bb3d32d6b2a900af7 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Jul 24 12:43:09 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:09 2025 +0200 curl: upgrade to 8.9.0 Downloaded from https://curl.se/download/curl-8.9.0.tar.xz Change-Id: Id8198dcc73e1679e8f672459b19d84606ae3e762 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170934 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins (cherry picked from commit 282da64a8fbcc71b59479bf13820a0b93c5f5889) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170945 Reviewed-by: Christian Lohmaier <[email protected]> Signed-off-by: Xisco Fauli <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172833 Tested-by: Christian Lohmaier <[email protected]> (cherry picked from commit c4de251aef472f961334885985cf44bd080c8ba4) (cherry picked from commit 70470233ab9119a6b4c0d4a6f9daf3403abb353d) diff --git a/download.lst b/download.lst index 78b727db24a3..08de642e6a26 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 0f58bb95fc330c8a46eeb3df5701b0d90c9d9bfcc42bd1cd08791d12551d4400 -CURL_TARBALL := curl-8.8.0.tar.xz +CURL_SHA256SUM := ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412 +CURL_TARBALL := curl-8.9.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/configurable-z-option.patch.0 b/external/curl/configurable-z-option.patch.0 index 84516ad21917..5be2445e28c1 100644 --- a/external/curl/configurable-z-option.patch.0 +++ b/external/curl/configurable-z-option.patch.0 @@ -6,7 +6,7 @@ CC_NODEBUG = $(CC) /O2 /DNDEBUG -CC_DEBUG = $(CC) /Od /Gm /Zi /D_DEBUG /GZ +CC_DEBUG = $(CC) /Od /Gm $(DEBUG_FLAGS_VALUE) /D_DEBUG /GZ - CFLAGS = /I. /I../lib /I../include /nologo /W4 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL + CFLAGS = /I. /I../lib /I../include /nologo /W4 /GX /YX /FD /c /DBUILDING_LIBCURL !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG @@ -64,7 +64,7 @@ diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 54ad026ec8c7..2295b1b53ecf 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -6,22 +6,22 @@ MSVC: using SOLARINC !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd --CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL -+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /FD /c /DBUILDING_LIBCURL ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /FD /c /DBUILDING_LIBCURL $(SOLARINC) !ENDIF LFLAGS = /nologo /machine:$(MACHINE) -@@ -426,11 +426,11 @@ +@@ -428,11 +428,11 @@ # CURL_XX macros are for the curl.exe command !IF "$(DEBUG)"=="yes" --RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc -+RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +-RC_FLAGS = /d_DEBUG /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /d_DEBUG /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG) - CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /d_DEBUG /Fo $@ $(CURL_SRC_DIR) !ELSE --RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc -+RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +-RC_FLAGS = /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_NODEBUG) $(RTLIB) - CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /Fo $@ $(CURL_SRC_DIR) !ENDIF diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b4442ba262d1..ff3ed07b4465 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -38,8 +38,8 @@ if test -z "$OPT_ZLIB" ; then if test -n "$PKG_CONFIG"; then -@@ -23344,6 +23359,7 @@ - printf "%s " "$as_me: found both libz and libz.h header" >&6;} +@@ -23903,6 +23903,7 @@ + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE zlib" curl_zlib_msg="enabled" fi + fi @@ -80,8 +80,8 @@ if test -z "$OPT_ZLIB" ; then CURL_CHECK_PKGCONFIG(zlib) -@@ -1336,6 +1347,7 @@ - AC_MSG_NOTICE([found both libz and libz.h header]) +@@ -1395,6 +1395,7 @@ + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE zlib" curl_zlib_msg="enabled" fi + fi commit ea73f26a015ecb87f828347a5255d18b427e35aa Author: Xisco Fauli <[email protected]> AuthorDate: Wed May 22 11:46:17 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 curl: Upgrade to 8.8.0 Downloaded from https://curl.se/download/curl-8.8.0.tar.xz Change-Id: Ib6ecbdb774f4d2643d8e848d8826704a51884eac Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167929 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> Signed-off-by: Xisco Fauli <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172832 Reviewed-by: Taichi Haradaguchi <[email protected]> (cherry picked from commit 49d26c78ff63f52d33ba6bc7242ba2a322e8a11f) (cherry picked from commit 7ba0c90d29d9df5359edf40d0140a890e998d8fa) diff --git a/download.lst b/download.lst index 24ee5e80023e..78b727db24a3 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd -CURL_TARBALL := curl-8.7.1.tar.xz +CURL_SHA256SUM := 0f58bb95fc330c8a46eeb3df5701b0d90c9d9bfcc42bd1cd08791d12551d4400 +CURL_TARBALL := curl-8.8.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index 71ff0c01a028..55970b2757b3 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,9 +2,9 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -654,4 +654,20 @@ - # define ENABLE_IPV6 1 - #endif +@@ -509,4 +509,20 @@ + /* If you want to build curl with the built-in manual */ + #define USE_MANUAL 1 +#define CURL_DISABLE_DICT 1 +#define CURL_DISABLE_FILE 1 commit cca7ef8db81041b4e0e813dfec904e3758382c76 Author: Xisco Fauli <[email protected]> AuthorDate: Thu Mar 28 11:40:25 2024 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 curl: upgrade to release 8.7.1 Change-Id: I0064b4cf6baf1ccd951c95945539961fe72c2a28 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165455 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 2c1a7cb13629177f824ed35138907aef10714e89) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165489 Reviewed-by: Taichi Haradaguchi <[email protected]> (cherry picked from commit c3020e41cf95e974f0ff12c78ca841eb8cc4e9f3) diff --git a/download.lst b/download.lst index 2e626a1c67d3..24ee5e80023e 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15 -CURL_TARBALL := curl-8.6.0.tar.xz +CURL_SHA256SUM := 6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd +CURL_TARBALL := curl-8.7.1.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 951623f19757c51443bb09853777042f582b6889 Author: Xisco Fauli <[email protected]> AuthorDate: Fri Mar 14 08:54:38 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 expat: upgrade to 2.7.0 Downloaded from https://github.com/libexpat/libexpat/releases/download/R_2_7_0/expat-2.7.0.tar.xz Change-Id: I714d00fe5e1b3073ec3034065057ae9795060eec Reviewed-on: https://gerrit.libreoffice.org/c/core/+/182894 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 82c0b78f16dc4a5969b130c0d2519cf9d05e4794) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/182899 Reviewed-by: Taichi Haradaguchi <[email protected]> (cherry picked from commit c2db0ee8f7f537898838d17bbf532b3e2b2b28b7) (cherry picked from commit 915fc6504171393d97caea5644b94775d16eaa2f) diff --git a/download.lst b/download.lst index 5f1bc656d26e..2e626a1c67d3 100644 --- a/download.lst +++ b/download.lst @@ -106,8 +106,8 @@ ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -EXPAT_SHA256SUM := a695629dae047055b37d50a0ff4776d1d45d0a4c842cf4ccee158441f55ff7ee -EXPAT_TARBALL := expat-2.6.4.tar.xz +EXPAT_SHA256SUM := 25df13dd2819e85fb27a1ce0431772b7047d72af81ae78dc26b4c6e0805f48d1 +EXPAT_TARBALL := expat-2.7.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 8c0f79dcd1eb4cf8756055793e24835f4c435efe Author: Xisco Fauli <[email protected]> AuthorDate: Fri Nov 8 12:13:15 2024 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 expat: upgrade to 2.6.4 Downloaded from https://github.com/libexpat/libexpat/releases/download/R_2_6_4/expat-2.6.4.tar.xz Change-Id: I9ae3b6e586847e8ba0439f1c42baa13a1e2cf427 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176228 Reviewed-by: Christian Lohmaier <[email protected]> Tested-by: Jenkins (cherry picked from commit 3384fcc9172507f280ffd07df2a8de34fc1bf6ab) (cherry picked from commit 2bf87813c708fc743b21b27ff6094206e79944b4) diff --git a/download.lst b/download.lst index 911944eebff1..5f1bc656d26e 100644 --- a/download.lst +++ b/download.lst @@ -106,8 +106,8 @@ ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -EXPAT_SHA256SUM := 274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc -EXPAT_TARBALL := expat-2.6.3.tar.xz +EXPAT_SHA256SUM := a695629dae047055b37d50a0ff4776d1d45d0a4c842cf4ccee158441f55ff7ee +EXPAT_TARBALL := expat-2.6.4.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit e82be22682771121443c2693fe8daa6d74326daa Author: Xisco Fauli <[email protected]> AuthorDate: Thu Mar 13 09:44:07 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 libxslt: upgrade to 1.1.43 Downloaded from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.43.tar.xz Change-Id: Iadab2934e3b1e8178a4912ef9a56c4a3c158c7ba Reviewed-on: https://gerrit.libreoffice.org/c/core/+/182855 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> Signed-off-by: Xisco Fauli <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/182864 Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 95dcf9b37e763d61ff08300820eed45216c0c6e1) (cherry picked from commit eea3cac9168b7f161254d9c8c5b2e4a0b6eddc4a) diff --git a/download.lst b/download.lst index f4e5926a2a39..911944eebff1 100644 --- a/download.lst +++ b/download.lst @@ -350,8 +350,8 @@ LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXSLT_SHA256SUM := 85ca62cac0d41fc77d3f6033da9df6fd73d20ea2fc18b0a3609ffb4110e1baeb -LIBXSLT_VERSION_MICRO := 42 +LIBXSLT_SHA256SUM := 5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a +LIBXSLT_VERSION_MICRO := 43 LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick diff --git a/external/libxslt/ExternalPackage_libxslt.mk b/external/libxslt/ExternalPackage_libxslt.mk index b11ee72bfe1a..6d34589ea71a 100644 --- a/external/libxslt/ExternalPackage_libxslt.mk +++ b/external/libxslt/ExternalPackage_libxslt.mk @@ -25,7 +25,7 @@ $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.dl endif else # OS!=WNT $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libxslt.so.1,libxslt/.libs/libxslt.so.1.1.$(LIBXSLT_VERSION_MICRO))) -$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.23)) +$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.24)) endif endif # DISABLE_DYNLOADING commit 74c02f123e9f31bbb6f761a92f3323cb606ad923 Author: Xisco Fauli <[email protected]> AuthorDate: Fri Jul 5 11:01:05 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 libxslt: upgrade to 1.1.42 Downloaded from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.42.tar.xz Change-Id: I77de8a0922c5271161640eae5c92b425c5be82c0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170011 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins Signed-off-by: Xisco Fauli <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/182863 Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit d08fc71633e0c341718924db27576aeae2f3ea4c) (cherry picked from commit 10aa187d02abac48ff97efe5c0ab9911010f40e0) diff --git a/download.lst b/download.lst index 69fdaffaa4dd..f4e5926a2a39 100644 --- a/download.lst +++ b/download.lst @@ -350,8 +350,8 @@ LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXSLT_SHA256SUM := 3ad392af91115b7740f7b50d228cc1c5fc13afc1da7f16cb0213917a37f71bda -LIBXSLT_VERSION_MICRO := 41 +LIBXSLT_SHA256SUM := 85ca62cac0d41fc77d3f6033da9df6fd73d20ea2fc18b0a3609ffb4110e1baeb +LIBXSLT_VERSION_MICRO := 42 LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick diff --git a/external/libxslt/ExternalPackage_libxslt.mk b/external/libxslt/ExternalPackage_libxslt.mk index 42b2004728e5..b11ee72bfe1a 100644 --- a/external/libxslt/ExternalPackage_libxslt.mk +++ b/external/libxslt/ExternalPackage_libxslt.mk @@ -25,7 +25,7 @@ $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.dl endif else # OS!=WNT $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libxslt.so.1,libxslt/.libs/libxslt.so.1.1.$(LIBXSLT_VERSION_MICRO))) -$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.22)) +$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.23)) endif endif # DISABLE_DYNLOADING commit 4a6b7ffbcf57a0cb0035374f4e914aa7f1101c9a Author: Stephan Bergmann <[email protected]> AuthorDate: Thu Jun 20 15:46:51 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 Fix build ...after 4eb9cde4db28616e0b0c9cd6825830ab7d2f3c96 "libxslt: uprade to 1.1.41", > external/libxslt/ExternalPackage_libxslt.mk:28: *** file workdir_for_build/UnpackedTarball/libxslt/libexslt/.libs/libexslt.so.0.8.21 does not exist in the tarball. Stop. at least during an Emscripten cross-build Change-Id: I7fcde7f8708fba68d5d9b751420e402c5da41f3d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169288 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit dcaf9c147a1cfea268db49952171338555379794) (cherry picked from commit 0e7b6e802e3f6d4b5fcd244df6ef5ae1fe3e3c81) diff --git a/external/libxslt/ExternalPackage_libxslt.mk b/external/libxslt/ExternalPackage_libxslt.mk index c1a8ee1217f1..42b2004728e5 100644 --- a/external/libxslt/ExternalPackage_libxslt.mk +++ b/external/libxslt/ExternalPackage_libxslt.mk @@ -25,7 +25,7 @@ $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.dl endif else # OS!=WNT $(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libxslt.so.1,libxslt/.libs/libxslt.so.1.1.$(LIBXSLT_VERSION_MICRO))) -$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.21)) +$(eval $(call gb_ExternalPackage_add_file,libxslt,$(LIBO_LIB_FOLDER)/libexslt.so.0,libexslt/.libs/libexslt.so.0.8.22)) endif endif # DISABLE_DYNLOADING commit cab5b247c5c540389ac0006a1841616a73137e95 Author: Xisco Fauli <[email protected]> AuthorDate: Thu Jun 20 12:22:55 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:08 2025 +0200 libxslt: uprade to 1.1.41 Downloaded from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.41.tar.xz Change-Id: Ib06a013d85cc47a901fbe55a880f3ad6a5edcea8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169265 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins (cherry picked from commit 4eb9cde4db28616e0b0c9cd6825830ab7d2f3c96) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169147 (cherry picked from commit 63310b0eb7ef1c93118b0451366c895634330241) (cherry picked from commit 25b529ade3bcca43e9657defc3bbe488ae574ee4) diff --git a/download.lst b/download.lst index ad8c85b39799..69fdaffaa4dd 100644 --- a/download.lst +++ b/download.lst @@ -350,8 +350,8 @@ LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXSLT_SHA256SUM := 194715db023035f65fb566402f2ad2b5eab4c29d541f511305c40b29b1f48d13 -LIBXSLT_VERSION_MICRO := 40 +LIBXSLT_SHA256SUM := 3ad392af91115b7740f7b50d228cc1c5fc13afc1da7f16cb0213917a37f71bda +LIBXSLT_VERSION_MICRO := 41 LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit ec9cec0d0ab94e47077c52ef5324d31cf0831e6d Author: Xisco Fauli <[email protected]> AuthorDate: Thu Jun 13 13:39:46 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxslt: upgrade to 1.1.40 Downloaded from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.40.tar.xz * libxslt-1.1.26-memdump.patch is no longer needed Change-Id: I72829ce590d7fd73a1364139bf3c373d6cd4d1b4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168782 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit cdde0d59ac67cd9a26671822b02d04b07b2dd754) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168798 (cherry picked from commit 2260cb9b24563c39a416aecb54294cf0a18f7686) (cherry picked from commit 984257eb9585506080f8f9a40e25197ba0bbfc1e) diff --git a/download.lst b/download.lst index 7edc886e6649..ad8c85b39799 100644 --- a/download.lst +++ b/download.lst @@ -350,8 +350,8 @@ LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXSLT_SHA256SUM := 2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0 -LIBXSLT_VERSION_MICRO := 39 +LIBXSLT_SHA256SUM := 194715db023035f65fb566402f2ad2b5eab4c29d541f511305c40b29b1f48d13 +LIBXSLT_VERSION_MICRO := 40 LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick diff --git a/external/libxslt/UnpackedTarball_libxslt.mk b/external/libxslt/UnpackedTarball_libxslt.mk index 7d39cb1e3478..edfb266f2f17 100644 --- a/external/libxslt/UnpackedTarball_libxslt.mk +++ b/external/libxslt/UnpackedTarball_libxslt.mk @@ -19,7 +19,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\ $(if $(gb_Module_CURRENTMODULE_SYMBOLS_ENABLED),\ external/libxslt/libxslt-msvc-sym.patch.2, \ external/libxslt/libxslt-msvc.patch.2) \ - external/libxslt/libxslt-1.1.26-memdump.patch \ external/libxslt/rpath.patch.0 \ )) diff --git a/external/libxslt/libxslt-1.1.26-memdump.patch b/external/libxslt/libxslt-1.1.26-memdump.patch deleted file mode 100644 index 28724f749a38..000000000000 --- a/external/libxslt/libxslt-1.1.26-memdump.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- misc/libxslt-1.1.26/xsltproc/xsltproc.c 2009-08-23 14:53:33.000000000 +0200 -+++ misc/build/libxslt-1.1.26/xsltproc/xsltproc.c 2013-01-18 14:16:12.202767222 +0100 -@@ -877,7 +877,6 @@ - xsltFreeSecurityPrefs(sec); - xsltCleanupGlobals(); - xmlCleanupParser(); -- xmlMemoryDump(); - return(errorno); - } - commit c116a4378e1c496f9b0e43db8e3019a6d3cb1578 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Feb 19 10:56:10 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxml2: upgrade to 2.12.10 Downloaded from https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.10.tar.xz Change-Id: If12c5f81feaff5c938a1a308660009fe4504b3d7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181877 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit cbf28a9456eaa6c8573f8c5e479d6665fded2a97) (cherry picked from commit 93e3deb53dee808dbbec5e64f52397aaa9246d14) diff --git a/download.lst b/download.lst index 310f795dca95..7edc886e6649 100644 --- a/download.lst +++ b/download.lst @@ -344,8 +344,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.37.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590 -LIBXML_VERSION_MICRO := 9 +LIBXML_SHA256SUM := c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995 +LIBXML_VERSION_MICRO := 10 LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit 56ce5f7a9ba60aa41cea14cb276ba39a0c7b51b4 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Jul 24 18:27:38 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxml2: upgrade to 2.12.9 it fixes CVE-2024-40896 Downloaded from https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.9.tar.xz Change-Id: I73f2e480026b695f9fb7f684b11bc138046ab868 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170949 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit a3482be66de6c0a3975f6cf98162b6ea67d98dd0) diff --git a/download.lst b/download.lst index 4e82385b2ad3..310f795dca95 100644 --- a/download.lst +++ b/download.lst @@ -344,8 +344,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.37.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93 -LIBXML_VERSION_MICRO := 8 +LIBXML_SHA256SUM := 59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590 +LIBXML_VERSION_MICRO := 9 LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit ca64c87add9aafc0eff15c342ef008c96106fe82 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Jun 12 14:31:26 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxml2: upgrade to 2.12.8 Downloaded from https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.8.tar.xz Change-Id: Ie6c0d102b44eaec14fabaf932ba140a113ff5073 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168718 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit a96d0ef1bd9727c0723e903b8337f43a7618f089) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168721 Reviewed-by: Christian Lohmaier <[email protected]> (cherry picked from commit 09d55f39db8b0d175b56466348ee90a4951a26e2) diff --git a/download.lst b/download.lst index 90e44e418786..4e82385b2ad3 100644 --- a/download.lst +++ b/download.lst @@ -344,8 +344,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.37.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56 -LIBXML_VERSION_MICRO := 7 +LIBXML_SHA256SUM := 43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93 +LIBXML_VERSION_MICRO := 8 LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit 232fb9c7d7798e5f7efb33d323b7027a12a3f00c Author: Xisco Fauli <[email protected]> AuthorDate: Mon May 13 12:45:05 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxml2: upgrade to 2.12.7 * Fixes CVE-2024-34459 Downloaded from https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.7.tar.xz Change-Id: Ie45ad54b3f781a54a278e2542fccafb8d06542bb Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167585 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 02dc762466c655e9ca6fb7cef92b1495915b34ed) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167460 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 6f33df3f243d6012730fccd644f3c386526a3363) diff --git a/download.lst b/download.lst index 84e8ea88c2e4..90e44e418786 100644 --- a/download.lst +++ b/download.lst @@ -344,8 +344,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.37.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb -LIBXML_VERSION_MICRO := 6 +LIBXML_SHA256SUM := 24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56 +LIBXML_VERSION_MICRO := 7 LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit a2b38cee535555dba146732403c62f76d60e24d9 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Mar 20 10:26:11 2024 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 libxml2: upgrade to release 2.12.6 Change-Id: I7372b276f74bc760c99580ffc509fde1031cb3a6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165049 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 832b98cedda2cd1631651f9397a871fb50d9cb1f) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165183 Reviewed-by: Taichi Haradaguchi <[email protected]> (cherry picked from commit 880076e806ead26ede716b48fd2502235dc41c08) diff --git a/download.lst b/download.lst index 706f2b8abc50..84e8ea88c2e4 100644 --- a/download.lst +++ b/download.lst @@ -344,8 +344,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.37.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := a972796696afd38073e0f59c283c3a2f5a560b5268b4babc391b286166526b21 -LIBXML_VERSION_MICRO := 5 +LIBXML_SHA256SUM := 889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb +LIBXML_VERSION_MICRO := 6 LIBXML_TARBALL := libxml2-2.12.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit 1000fa4d5931225231af3ea65ae1ab22eb11624d Author: Michael Stahl <[email protected]> AuthorDate: Fri Mar 21 15:48:41 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:07 2025 +0200 tdf#165851 sfx2: fix loading template with expand URL from configuration Expand trusted URLs from configuration or extension. (regression from commit 836d73a65180d89a077e36457f1f3aa1698c2058) Change-Id: I7c2f8a59b44ae62e25ac26eb568f3f80c77a01ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183208 Tested-by: allotropia jenkins <[email protected]> Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit d50687cdb3a5efb75acda6b864ed8d005b46d7ac) diff --git a/sfx2/source/view/frmload.cxx b/sfx2/source/view/frmload.cxx index 82aa65fa8538..7bcce1de8e2f 100644 --- a/sfx2/source/view/frmload.cxx +++ b/sfx2/source/view/frmload.cxx @@ -47,6 +47,7 @@ #include <com/sun/star/uno/XComponentContext.hpp> #include <com/sun/star/util/XCloseable.hpp> +#include <comphelper/getexpandeduri.hxx> #include <comphelper/interaction.hxx> #include <comphelper/namedvaluecollection.hxx> #include <cppuhelper/exc_hlp.hxx> @@ -417,6 +418,8 @@ bool SfxFrameLoader_Impl::impl_determineTemplateDocument( ::comphelper::NamedVal sTemplateURL = SfxObjectFactory::GetStandardTemplate( sServiceName ); else sTemplateURL = SfxObjectFactory::GetStandardTemplate( SfxObjectShell::GetServiceNameFromFactory( sURL ) ); + // tdf#165851 expand trusted urls from configuration here + sTemplateURL = comphelper::getExpandedUri(m_aContext, sTemplateURL); } if ( !sTemplateURL.isEmpty() ) commit a6b810b954c5aec588efbac626842598811b81f8 Author: Sarper Akdemir <[email protected]> AuthorDate: Tue Jun 11 12:39:36 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:06 2025 +0200 remove ability to trust not validated macro signatures in high security Giving the user the option to determine if they should trust an invalid signature in HIGH macro security doesn't make sense. CommonName of the signature is the most prominent feature presented and the CommonName of a certificate can be easily forged for an invalid signature, tricking the user into accepting an invalid signature. in the HIGH macro security setting only show the pop-up to enable/disable signed macro if the certificate signature can be validated. cherry-picked without UI/String altering bits for 24-2 Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667 Tested-by: Jenkins Reviewed-by: Sarper Akdemir <[email protected]> (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit da570d9adb324b143ab5a05683fc17a1c90feaec) diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx index 688297f26598..0954126e36f3 100644 --- a/include/sfx2/docmacromode.hxx +++ b/include/sfx2/docmacromode.hxx @@ -264,6 +264,7 @@ namespace sfx2 bool hasMacroLibrary() const; bool hasUnsignedContentError() const; + bool hasInvalidSignaturesError() const; /** determines whether the given document storage has sub storages containing scripts or macros. diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 37871e0e170a..bbea501200b5 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -72,10 +72,13 @@ namespace sfx2 { IMacroDocumentAccess& m_rDocumentAccess; bool m_bHasUnsignedContentError; + /// Is true when macros was disabled due to invalid signatures (when macro security is high) + bool m_bHasInvalidSignaturesError; explicit DocumentMacroMode_Data( IMacroDocumentAccess& rDocumentAccess ) :m_rDocumentAccess( rDocumentAccess ) ,m_bHasUnsignedContentError( false ) + ,m_bHasInvalidSignaturesError( false ) { } }; @@ -212,13 +215,26 @@ namespace sfx2 // confirmation when macros are unsigned or untrusted. FROM_LIST_AND_SIGNED_NO_WARN // should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN should only allow // trusted signed macros at this point; so it may only ask for confirmation to add - // certificates to trusted, and shouldn't show UI when trusted list is read-only. + // certificates to trusted, and shouldn't show UI when trusted list is read-only + // or the macro signature can't be validated. const bool bAllowUI = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN && eAutoConfirm == eNoAutoConfirm && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE || !SvtSecurityOptions::IsReadOnly( - SvtSecurityOptions::EOption::MacroTrustedAuthors)); + SvtSecurityOptions::EOption::MacroTrustedAuthors)) + && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN + || nSignatureState == SignatureState::OK); + + if (nMacroExecutionMode == MacroExecMode::FROM_LIST_AND_SIGNED_WARN + && nSignatureState != SignatureState::NOSIGNATURES + && nSignatureState != SignatureState::OK) + { + // set the flag so that we can show the appropriate error & buttons + // for invalid signatures in the infobar for high macro security. + m_xData->m_bHasInvalidSignaturesError = true; + } + const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ? rxInteraction : nullptr); if (bHasTrustedMacroSignature) @@ -407,6 +423,10 @@ namespace sfx2 return m_xData->m_bHasUnsignedContentError; } + bool DocumentMacroMode::hasInvalidSignaturesError() const + { + return m_xData->m_bHasInvalidSignaturesError; + } bool DocumentMacroMode::storageHasMacros( const Reference< XStorage >& rxStorage ) { commit 41f39d5a60ffba6c34c72ca7272a0ce6f19bfba2 Author: Thorsten Behrens <[email protected]> AuthorDate: Thu May 16 17:52:41 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:06 2025 +0200 backport curl_easy_setopt changes This reverts commit d95ac1c608caba9cabaa503f1a5589285547aed5. Change-Id: I4bc104272d4c41efab1a7e5eae78267675c1b32b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167753 Tested-by: Jenkins Reviewed-by: Andras Timar <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167805 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 2cb47c0acae68bb1b7f7aa5ffa9e63fd39b748be) diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx index 260bfd97c446..9f1e515ae27a 100644 --- a/ucb/source/ucp/webdav-curl/CurlSession.cxx +++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx @@ -15,7 +15,6 @@ #include "webdavresponseparser.hxx" #include <comphelper/attributelist.hxx> -#include <comphelper/lok.hxx> #include <comphelper/scopeguard.hxx> #include <comphelper/string.hxx> @@ -711,14 +710,6 @@ CurlSession::CurlSession(uno::Reference<uno::XComponentContext> xContext, rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_FORBID_REUSE, 1L); assert(rc == CURLE_OK); } - // If WOPI-like host has self-signed certificate, it's not possible to insert images - // to the document, so here is a compromise. The user has already accepted the self - // signed certificate in the browser, when we get here. - if (comphelper::LibreOfficeKit::isActive()) - { - rc = curl_easy_setopt(m_pCurl.get(), CURLOPT_SSL_VERIFYPEER, 0L); - assert(rc == CURLE_OK); - } } CurlSession::~CurlSession() {} commit cc13906aa72dddf82af95af3a696dccb9a45687d Author: Michael Stahl <[email protected]> AuthorDate: Wed Jul 3 18:00:38 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:49:06 2025 +0200 xmlsecurity: add unit test with docx that can only be opened with repair Change-Id: I4f705dd2124383a90b69d04d8b2de0e37f83a495 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170053 Tested-by: Michael Stahl <[email protected]> Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 81e0b7e7c05d324fb77da7eda0d736fac5526b3e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173628 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins (cherry picked from commit 67b3f0c3f587c4c13b8b14705bdb832b226eb77d) (cherry picked from commit 392aa64e591c274fea515aa8e2e54dd0d8282d1e) diff --git a/xmlsecurity/CppunitTest_xmlsecurity_signing.mk b/xmlsecurity/CppunitTest_xmlsecurity_signing.mk index 7339800107a7..37d1c2a7dea7 100644 --- a/xmlsecurity/CppunitTest_xmlsecurity_signing.mk +++ b/xmlsecurity/CppunitTest_xmlsecurity_signing.mk @@ -26,6 +26,7 @@ $(eval $(call gb_CppunitTest_use_libraries,xmlsecurity_signing, \ subsequenttest \ test \ tl \ + ucbhelper \ unotest \ utl \ vcl \ diff --git a/xmlsecurity/qa/unit/signing/data/signature-forgery-cdh-lfh.docx b/xmlsecurity/qa/unit/signing/data/signature-forgery-cdh-lfh.docx new file mode 100644 index 000000000000..532705ecf0b5 Binary files /dev/null and b/xmlsecurity/qa/unit/signing/data/signature-forgery-cdh-lfh.docx differ diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 1286a0bff8b5..5f8bcb4e0de8 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -21,6 +21,7 @@ #include <test/unoapixml_test.hxx> #include <com/sun/star/beans/XPropertySet.hpp> +#include <com/sun/star/document/BrokenPackageRequest.hpp> #include <com/sun/star/embed/XStorage.hpp> #include <com/sun/star/embed/XTransactedObject.hpp> #include <com/sun/star/frame/XStorable.hpp> @@ -48,6 +49,7 @@ #include <biginteger.hxx> #include <certificate.hxx> #include <xsecctl.hxx> +#include <ucbhelper/interceptedinteraction.hxx> #include <sfx2/docfile.hxx> #include <sfx2/docfilt.hxx> #include <officecfg/Office/Common.hxx> @@ -1179,6 +1181,31 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testODFUntrustedGoodGPG) SignatureState::NOTVALIDATED, nActual); } +CPPUNIT_TEST_FIXTURE(SigningTest, testInvalidZIP) +{ + // set RepairPackage via interaction handler, same as soffice does + // - if it's passed to load the behavior is different, oddly enough. + std::vector<::ucbhelper::InterceptedInteraction::InterceptedRequest> interceptions{ + { css::uno::Any(css::document::BrokenPackageRequest()), + cppu::UnoType<css::task::XInteractionApprove>::get(), 0 }, + }; + ::rtl::Reference<ucbhelper::InterceptedInteraction> pIH(new ucbhelper::InterceptedInteraction); + pIH->setInterceptions(std::move(interceptions)); + + uno::Sequence<beans::PropertyValue> args = { comphelper::makePropertyValue( + u"InteractionHandler", uno::Reference<task::XInteractionHandler>(pIH)) }; + loadWithParams(createFileURL(u"signature-forgery-cdh-lfh.docx"), args); + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get()); + CPPUNIT_ASSERT(pBaseModel); + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + CPPUNIT_ASSERT(pObjectShell); + // the problem was that the document Zip structure is interpreted + // misleadingly in RepairPackage case, but signature was still returned + // as partially valid. + CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), + static_cast<int>(pObjectShell->GetDocumentSignatureState())); +} + /// Test a typical broken ODF signature where one stream is corrupted. CPPUNIT_TEST_FIXTURE(SigningTest, testODFBrokenStreamGPG) { commit 841d6f86e7bb7f19edf885b0c7b88988e33d9a31 Author: Michael Stahl <[email protected]> AuthorDate: Thu Jul 4 12:10:29 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:36:51 2025 +0200 sfx2: fix signature infobar being shown for every repaired document (regression from commit 8b333575ee680664fa3d83249ccec90881754ad7) So it should only be set if the state is still UNKNOWN. But SfxObjectShell::ImplGetSignatureState() is called before the repair dialog is shown, so make sure that the second import (with RepairPackage) finds both members as SignatureState::UNKOWN. Change-Id: Ic914016dde6425a4d95fba7f6f66411305553930 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169989 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 8d869b5fe47842df52965804db87db0941f4f2a0) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169997 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 127194ebbcbf644148fee81773babaf23eab78d8) diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 11deb52935d9..0465d43ebff5 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -943,6 +943,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign ) void SfxObjectShell::CheckSecurityOnLoading_Impl() { + if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE) + { // safety first: don't run any macros from broken package. + pImpl->aMacroMode.disallowMacroExecution(); + return; // do not get signature status - needs to be done after RepairPackage + } + // make sure LO evaluates the macro signatures, so it can be preserved GetScriptingSignatureState(); diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index 6a5e8c92da05..82951922ff4b 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1844,19 +1844,22 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent ) { SignatureState* pState = bScriptingContent ? &pImpl->nScriptingSignatureState : &pImpl->nDocumentSignatureState; - // repaired package cannot be trusted - SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)}; - if (pRepairItem && pRepairItem->GetValue()) - { - *pState = SignatureState::BROKEN; - } - if ( *pState == SignatureState::UNKNOWN ) { *pState = SignatureState::NOSIGNATURES; uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent ); *pState = DocumentSignatures::getSignatureState(aInfos); + + // repaired package cannot be trusted + if (*pState != SignatureState::NOSIGNATURES) + { + SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)}; + if (pRepairItem && pRepairItem->GetValue()) + { + *pState = SignatureState::BROKEN; + } + } } if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index d4e612b2779f..d88396c27e46 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -381,6 +381,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl() // only for internal use pImpl->m_xDocStorage.clear(); pImpl->mxObjectContainer.reset(); + pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; + pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; pImpl->m_bIsInit = false; ResetError(); } commit 4c58b5f6676b2b2195b08aa8e73ca65962d1137b Author: Mike Kaganski <[email protected]> AuthorDate: Thu Feb 1 13:35:43 2024 +0600 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:35:58 2025 +0200 tdf#159496: clear mxObjectContainer in PrepareSecondTryLoad_Impl The problem here is that the object container has own reference to the storage object. In SfxBaseModel::load, when preparing for a second try, the storage gets disposed, and a cleanup is performed; but previously, the reference to the disposed storage was used in the object container, and thus generated a failure when it was used to import the OLE. Clearing it allows to re-create it properly, with the updated storage. Change-Id: I08b7503d79240ccc51b253fe1f4e99a0232995b1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162866 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> (cherry picked from commit 6bddbe51cee5c4aea023cc68771800f46a4aad2f) diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index 91e4bb9ff61a..d4e612b2779f 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -380,6 +380,7 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl() { // only for internal use pImpl->m_xDocStorage.clear(); + pImpl->mxObjectContainer.reset(); pImpl->m_bIsInit = false; ResetError(); } commit 4b4bbc204b515b856cec3cf6eac81e05bfa08f5d Author: Michael Stahl <[email protected]> AuthorDate: Tue Jul 2 13:24:38 2024 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Thu Jun 26 15:35:58 2025 +0200 sfx2: SfxObjectShell should not trust any signature on repaired package Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 05b9e388448b1c8c10b18c22898c4725dd176fed) diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index 1964b473f2cc..6a5e8c92da05 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1844,6 +1844,13 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent ) { SignatureState* pState = bScriptingContent ? &pImpl->nScriptingSignatureState : &pImpl->nDocumentSignatureState; + // repaired package cannot be trusted + SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)}; + if (pRepairItem && pRepairItem->GetValue()) + { + *pState = SignatureState::BROKEN; + } + if ( *pState == SignatureState::UNKNOWN ) { *pState = SignatureState::NOSIGNATURES;
