aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2022-10-21 00:38:37 +0200
committerKevin Daudt <kdaudt@alpinelinux.org>2022-11-02 17:12:18 +0000
commit6665b8c225ce1e1dd95aaebf179d1a37ef7e0b54 (patch)
treea5791a6900e484f33d8bc7436d22e9e77be7870d
parentb829a564573443738b1b1c8e91a3c59b56a4a72f (diff)
downloadaports-6665b8c225ce1e1dd95aaebf179d1a37ef7e0b54.tar.gz
aports-6665b8c225ce1e1dd95aaebf179d1a37ef7e0b54.tar.bz2
aports-6665b8c225ce1e1dd95aaebf179d1a37ef7e0b54.tar.xz
community/libreoffice: security upgrade to 7.2.7.2
and patch CVE-2022-3140
-rw-r--r--community/libreoffice/APKBUILD30
-rw-r--r--community/libreoffice/CVE-2022-3140.patch292
2 files changed, 317 insertions, 5 deletions
diff --git a/community/libreoffice/APKBUILD b/community/libreoffice/APKBUILD
index 762832b345..47f041b781 100644
--- a/community/libreoffice/APKBUILD
+++ b/community/libreoffice/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=libreoffice
-pkgver=7.2.2.2
-pkgrel=2
+pkgver=7.2.7.2
+pkgrel=0
pkgdesc="LibreOffice - Meta package for the full office suite"
url="https://www.libreoffice.org/"
# missing openjdk11 on riscv64
@@ -147,6 +147,8 @@ source="https://download.documentfoundation.org/libreoffice/src/$_v/libreoffice-
$_addsrcurl/libcmis-0.5.2.tar.xz
https://dev-www.libreoffice.org/extern/185d60944ea767075d27247c3162b3bc-unowinreg.dll
https://dev-www.libreoffice.org/extern/f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
+ CVE-2022-3140.patch
+
linux-musl.patch
fix-execinfo.patch
disable-liborcus-unittest.patch
@@ -160,6 +162,23 @@ source="https://download.documentfoundation.org/libreoffice/src/$_v/libreoffice-
"
# secfixes:
+# 7.2.7.2-r0:
+# - CVE-2022-3140
+# - CVE-2022-26305
+# - CVE-2022-26306
+# - CVE-2022-26307
+# - CVE-2021-25636
+# 7.2.2.2-r0:
+# - CVE-2021-25631
+# - CVE-2021-25632
+# - CVE-2021-25633
+# - CVE-2021-25634
+# - CVE-2021-25635
+# 6.4.4.2-r0:
+# - CVE-2020-12802
+# - CVE-2020-12803
+# 6.4.3.2-r0:
+# - CVE-2020-12801
# 6.3.1.2-r0:
# - CVE-2019-9854
# - CVE-2019-9855
@@ -517,9 +536,9 @@ sdk() {
}
sha512sums="
-9adc14aa2aa24e1e91b32f0663d3fed8421baf78c3d310e8cc52ae70ea338b9d58406344d22d2c2fa6f91f10ae91945ef2d5713036f9144705bdb4c19ad69ca7 libreoffice-7.2.2.2.tar.xz
-a7f1ce0bdb1feb4b23d63a865f8ccdbcb451e511381852246487dd972b1f9be90b56f1ba9956de9ed7159ca55d0621cf03a0b2424c3a163a5407929ae3e08821 libreoffice-dictionaries-7.2.2.2.tar.xz
-3bfda8085b7276104a949140098c56d0ceee054913bfd640961e74439529e729e4d73aed4e1c300ecfdc3f84820ca931f640b8f53b9270567adfead14055413b libreoffice-translations-7.2.2.2.tar.xz
+b73efc86b6827ad3df6c6c562fe96c65f96b2559bda2c977ddcc02c7a59986acc776d1decac767abac41095a2e4475e9584a5a1b8d88f7327520b9af6d58421a libreoffice-7.2.7.2.tar.xz
+ce1c0f8a52568e3a0438a49b7786960b111b110c8ed6ca5ab38cc620c6cb3383e4a3556eb5b88340b9304dfa9c173510dca8c76e77d1e26fc8c62b0ec318251d libreoffice-dictionaries-7.2.7.2.tar.xz
+584f2829244228c2f0cb437d06a43a8b016ad5e495e762fe625178b51fbd84764bdc0e8722826fe0b670f41a44225a86af9e1251d54e2573df4cb958be22b953 libreoffice-translations-7.2.7.2.tar.xz
a231eba4a1baca11766ef292ab45e302081115477fe23018652882923308856835cf8c9ecba61a5cf22543474ccef3136965d794a90c9e4e9e6dcc21f9af6e1a 17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip
9fe106bbdb55365f589246e5a0d10bbe9b35224132b66a1823dc6361633a67f2acc0e8c393dc7ed70d086858d16d242b8806b8b2184c98e3d20d0be85bed9c44 3404ab6b1792ae5f16bbd603bd1e1d03-libformula-1.1.7.zip
4a48f1e32907fb2dee601cda3cd7a0d7198b2d51f2a572b647f1e93f901fd511eef3567676e52dfb1723a2cdfbc01f2015ca0bb22903b0bc1476dd618cc9aa8a 35c94d2df8893241173de1d16b6034c0-swingExSrc.zip
@@ -544,6 +563,7 @@ c1a15ebbfe817ec79d4b3f1c97d096bf8511737d7d35d97302856ccfb3de14a1cd16bd31000415d9
295ab15115e75b1f6074f17d3538afe0de9b2b77ab454f5c63cb05e8df11886d82942fbf21ba01486052e3f6c75b0636b99d8e660cd3472dc4b87c31d3cd557b libcmis-0.5.2.tar.xz
854b8ae29b57b40ba6bb6ff66e723a0e8dad053fcc2849f0ad763cd8a31352f4aeba9636fd4e3f0f2a0cd985a6f49b4261b9ace68d6be821ed42cfa7a73eb13c 185d60944ea767075d27247c3162b3bc-unowinreg.dll
6a6d131dad5191614950a49323ae6d9385afe331983c1c85fde82ce6ee816051d95dde9ef90658b8f0a8a0a21754e72ff724bf41f6b96c046b7b4c2660f7095b f543e6e2d7275557a839a164941c0a86e5f2c3f2a0042bfc434c88c6dde9e140-opens___.ttf
+bca3f1fa082cb591443dceb0a73de0bf3cb2e27dc5e9bc544fe28fe1531da2b087b7747af3a1e044452125853cf78eb817dd0d963eb06df6b3621432a5cb8e16 CVE-2022-3140.patch
6d9979b571744900c143dcd4cd27d0ab5c01aab02deed4fc297c3de9b4374436a7641a35a0f9793e31e336a63371a9454ea4d390aff758aa4535c536a4be675a linux-musl.patch
bd02f5ab103dfd2189df01c6e14e0c0d13c4ec8497c4b9ab00f49a1e7af341bbc93fb2001b69ffec14c79f9394b14af70bf6ceab8e3af53e8a84ec61c61d555d fix-execinfo.patch
121827c1eaa0d09a8ccc757e18c7306fef0b8a22335a1910606d1a59891b8ae33fbe85581baa8b2da79dafd27d952d89c4402f0ffb37cb4f702418d50abf0c90 disable-liborcus-unittest.patch
diff --git a/community/libreoffice/CVE-2022-3140.patch b/community/libreoffice/CVE-2022-3140.patch
new file mode 100644
index 0000000000..a98175a885
--- /dev/null
+++ b/community/libreoffice/CVE-2022-3140.patch
@@ -0,0 +1,292 @@
+From 9f589fbfc5acc84bfcd8210c5b082b4e6521070b Mon Sep 17 00:00:00 2001
+From: Stephan Bergmann <sbergman@redhat.com>
+Date: Tue, 30 Aug 2022 14:04:52 +0200
+Subject: [PATCH] Filter out unwanted command URIs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+(cherry picked from commit 27d29f7df428885865a8e2313283839b20f2a34b)
+Conflicts:
+ desktop/source/app/cmdlineargs.cxx
+
+Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139182
+Tested-by: Jenkins
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+(cherry picked from commit da291e2960b75153f41d440a1b41961567432e8c)
+
+These commands are always URLs already
+
+Change-Id: I5083765c879689d7f933bbe00ad70bb68e635a21
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139042
+Tested-by: Jean-Pierre Ledure <jp@ledure.be>
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+(cherry picked from commit e61701e1ee6763de72b397e6ade1124eca9400f3)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138980
+Reviewed-by: Caolán McNamara <caolanm@redhat.com>
+(cherry picked from commit 5b4025bb56999f5c895c6f7e0b52f521800d65b0)
+
+check IFrame "FrameURL" target
+
+similiar to
+
+commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
+Date: Wed Aug 7 17:37:11 2019 +0100
+
+ warn on load when a document binds an event to a macro
+
+Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+(cherry picked from commit c7450d0b9d02c64ae3da467d329040787039767e)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139117
+Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+(cherry picked from commit f5e3b0a7966d7d28817292adbb58fb43f28b7c6d)
+
+check impress/calc IFrame "FrameURL" target
+
+similar to
+
+commit c7450d0b9d02c64ae3da467d329040787039767e
+Date: Tue Aug 30 17:01:08 2022 +0100
+
+ check IFrame "FrameURL" target
+
+Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139495
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+(cherry picked from commit d0312786571221c2dd4f63fa69f6f0489d7d39ec)
+---
+ desktop/source/app/cmdlineargs.cxx | 10 +++++++++-
+ sfx2/source/appl/macroloader.cxx | 9 +++++++--
+ sfx2/source/doc/iframe.cxx | 21 ++++++++++++++++-----
+ sfx2/source/inc/macroloader.hxx | 2 ++
+ sw/source/filter/html/htmlplug.cxx | 7 ++++++-
+ sw/source/filter/xml/xmltexti.cxx | 9 +++++++--
+ wizards/source/access2base/DoCmd.xba | 2 +-
+ wizards/source/scriptforge/SF_Session.xba | 2 +-
+ xmloff/source/draw/ximpshap.cxx | 4 ++++
+ 9 files changed, 53 insertions(+), 13 deletions(-)
+
+diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
+index 4d5a3bb78396..93d9e8742ba8 100644
+--- a/desktop/source/app/cmdlineargs.cxx
++++ b/desktop/source/app/cmdlineargs.cxx
+@@ -28,6 +28,7 @@
+ #include "cmdlineargs.hxx"
+ #include <osl/thread.hxx>
+ #include <tools/stream.hxx>
++#include <tools/urlobj.hxx>
+ #include <rtl/ustring.hxx>
+ #include <rtl/process.h>
+ #include <comphelper/lok.hxx>
+@@ -166,7 +167,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
+ }
+ if (nURIlen < 0)
+ nURIlen = rest2.getLength();
+- arg = rest2.copy(0, nURIlen);
++ auto const uri = rest2.copy(0, nURIlen);
++ if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
++ // Let the "Open" machinery process the full command URI (leading to failure, by intention,
++ // as the "Open" machinery does not know about those command URI schemes):
++ curEvt = CommandLineEvent::Open;
++ } else {
++ arg = uri;
++ }
+ return curEvt;
+ }
+
+diff --git a/sfx2/source/appl/macroloader.cxx b/sfx2/source/appl/macroloader.cxx
+index 46090f712665..ad70ef5fa0f6 100644
+--- a/sfx2/source/appl/macroloader.cxx
++++ b/sfx2/source/appl/macroloader.cxx
+@@ -68,10 +68,10 @@ css::uno::Sequence<OUString> SAL_CALL SfxMacroLoader::getSupportedServiceNames()
+ return { "com.sun.star.frame.ProtocolHandler" };
+ }
+
+-SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
++SfxObjectShell* SfxMacroLoader::GetObjectShell(const Reference <XFrame>& xFrame)
+ {
+ SfxObjectShell* pDocShell = nullptr;
+- Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
++
+ if ( xFrame.is() )
+ {
+ SfxFrame* pFrame=nullptr;
+@@ -88,6 +88,11 @@ SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
+ return pDocShell;
+ }
+
++SfxObjectShell* SfxMacroLoader::GetObjectShell_Impl()
++{
++ Reference < XFrame > xFrame( m_xFrame.get(), UNO_QUERY );
++ return SfxMacroLoader::GetObjectShell(xFrame);
++}
+
+ uno::Reference<frame::XDispatch> SAL_CALL SfxMacroLoader::queryDispatch(
+ const util::URL& aURL ,
+diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
+index e37607c91a46..3f9036a79b04 100644
+--- a/sfx2/source/doc/iframe.cxx
++++ b/sfx2/source/doc/iframe.cxx
+@@ -38,10 +38,12 @@
+ #include <officecfg/Office/Common.hxx>
+ #include <svl/itemprop.hxx>
+ #include <sfx2/frmdescr.hxx>
++#include <sfx2/objsh.hxx>
+ #include <sfx2/sfxdlg.hxx>
+ #include <toolkit/helper/vclunohelper.hxx>
+ #include <vcl/window.hxx>
+ #include <tools/debug.hxx>
++#include <macroloader.hxx>
+
+ using namespace ::com::sun::star;
+
+@@ -157,6 +159,19 @@ sal_Bool SAL_CALL IFrameObject::load(
+ {
+ if ( officecfg::Office::Common::Misc::PluginsEnabled::get() )
+ {
++ util::URL aTargetURL;
++ aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
++ uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
++ xTrans->parseStrict( aTargetURL );
++
++ if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro)
++ {
++ uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
++ SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);
++ if (pDoc && !pDoc->AdjustMacroMode())
++ return false;
++ }
++
+ DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
+ VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() );
+ VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() );
+@@ -179,16 +194,12 @@ sal_Bool SAL_CALL IFrameObject::load(
+ if ( xFramesSupplier.is() )
+ mxFrame->setCreator( xFramesSupplier );
+
+- util::URL aTargetURL;
+- aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
+- uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) );
+- xTrans->parseStrict( aTargetURL );
+-
+ uno::Sequence < beans::PropertyValue > aProps(2);
+ aProps[0].Name = "PluginMode";
+ aProps[0].Value <<= sal_Int16(2);
+ aProps[1].Name = "ReadOnly";
+ aProps[1].Value <<= true;
++
+ uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 );
+ if ( xDisp.is() )
+ xDisp->dispatch( aTargetURL, aProps );
+diff --git a/sfx2/source/inc/macroloader.hxx b/sfx2/source/inc/macroloader.hxx
+index 051486c09adf..62a6555ff877 100644
+--- a/sfx2/source/inc/macroloader.hxx
++++ b/sfx2/source/inc/macroloader.hxx
+@@ -79,6 +79,8 @@ public:
+ virtual void SAL_CALL addStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
+
+ virtual void SAL_CALL removeStatusListener( const css::uno::Reference< css::frame::XStatusListener >& xControl, const css::util::URL& aURL ) override;
++
++ static SfxObjectShell* GetObjectShell(const css::uno::Reference<css::frame::XFrame>& xFrame);
+ };
+
+ #endif
+diff --git a/sw/source/filter/html/htmlplug.cxx b/sw/source/filter/html/htmlplug.cxx
+index 65e0419f4ed9..90036cfac67a 100644
+--- a/sw/source/filter/html/htmlplug.cxx
++++ b/sw/source/filter/html/htmlplug.cxx
+@@ -1090,7 +1090,12 @@ void SwHTMLParser::InsertFloatingFrame()
+ bool bHasBorder = aFrameDesc.HasFrameBorder();
+ Size aMargin = aFrameDesc.GetMargin();
+
+- xSet->setPropertyValue("FrameURL", uno::makeAny( aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ) ) );
++ OUString sHRef = aFrameDesc.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE );
++
++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
++ NotifyMacroEventRead();
++
++ xSet->setPropertyValue("FrameURL", uno::makeAny( sHRef ) );
+ xSet->setPropertyValue("FrameName", uno::makeAny( aName ) );
+
+ if ( eScroll == ScrollingMode::Auto )
+diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
+index cf0c7e6a85ba..eaf45dd91cd4 100644
+--- a/sw/source/filter/xml/xmltexti.cxx
++++ b/sw/source/filter/xml/xmltexti.cxx
+@@ -857,9 +857,14 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertFloatingFra
+ uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
+ if ( xSet.is() )
+ {
++ OUString sHRef = URIHelper::SmartRel2Abs(
++ INetURLObject( GetXMLImport().GetBaseURL() ), rHRef );
++
++ if (INetURLObject(sHRef).GetProtocol() == INetProtocol::Macro)
++ GetXMLImport().NotifyMacroEventRead();
++
+ xSet->setPropertyValue("FrameURL",
+- makeAny( URIHelper::SmartRel2Abs(
+- INetURLObject( GetXMLImport().GetBaseURL() ), rHRef ) ) );
++ makeAny( rHRef ) );
+
+ xSet->setPropertyValue("FrameName",
+ makeAny( rName ) );
+diff --git a/wizards/source/access2base/DoCmd.xba b/wizards/source/access2base/DoCmd.xba
+index 089486a872fa..20051553c47f 100644
+--- a/wizards/source/access2base/DoCmd.xba
++++ b/wizards/source/access2base/DoCmd.xba
+@@ -2655,7 +2655,7 @@ Private Sub _ShellExecute(sCommand As String)
+
+ Dim oShell As Object
+ Set oShell = createUnoService(&quot;com.sun.star.system.SystemShellExecute&quot;)
+- oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
++ oShell.execute(sCommand, &quot;&quot; , com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
+
+ End Sub &apos; _ShellExecute V0.8.5
+
+diff --git a/wizards/source/scriptforge/SF_Session.xba b/wizards/source/scriptforge/SF_Session.xba
+index a41bffa51377..7c709897947a 100644
+--- a/wizards/source/scriptforge/SF_Session.xba
++++ b/wizards/source/scriptforge/SF_Session.xba
+@@ -513,7 +513,7 @@ Check:
+ Try:
+ Set oShell = SF_Utils._GetUNOService(&quot;SystemShellExecute&quot;)
+ sCommand = SF_FileSystem._ConvertToUrl(Command)
+- oShell.execute(sCommand, Parameters, com.sun.star.system.SystemShellExecuteFlags.DEFAULTS)
++ oShell.execute(sCommand, Parameters, com.sun.star.system.SystemShellExecuteFlags.URIS_ONLY)
+ bReturn = True
+
+ Finally:
+diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx
+index 65a7e2fb0eef..4afa4e039776 100644
+--- a/xmloff/source/draw/ximpshap.cxx
++++ b/xmloff/source/draw/ximpshap.cxx
+@@ -87,6 +87,7 @@
+ #include <basegfx/polygon/b2dpolypolygon.hxx>
+ #include <basegfx/polygon/b2dpolypolygontools.hxx>
+ #include <basegfx/vector/b2dvector.hxx>
++#include <tools/urlobj.hxx>
+ #include <o3tl/any.hxx>
+ #include <o3tl/safeint.hxx>
+
+@@ -3231,6 +3232,9 @@ void SdXMLFloatingFrameShapeContext::StartElement( const css::uno::Reference< cs
+
+ if( !maHref.isEmpty() )
+ {
++ if (INetURLObject(maHref).GetProtocol() == INetProtocol::Macro)
++ GetImport().NotifyMacroEventRead();
++
+ xProps->setPropertyValue("FrameURL", Any(maHref) );
+ }
+ }
+--
+2.37.3
+