From 9ff4174f91184dbd5ad42ebe21d0e150d888c290 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Tue, 6 Aug 2024 02:57:35 +0000
Subject: automatic import of libreoffice

---
 ...22-26305-compare-authors-using-Thumbprint.patch | 63 ++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch

(limited to '0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch')

diff --git a/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch b/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
new file mode 100644
index 0000000..5656d0d
--- /dev/null
+++ b/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
@@ -0,0 +1,63 @@
+From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Thu, 3 Mar 2022 14:22:37 +0000
+Subject: [PATCH 1/5] CVE-2022-26305 compare authors using Thumbprint
+
+Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
+Tested-by: Jenkins
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
+Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
+(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
+---
+ .../component/documentdigitalsignatures.cxx   | 23 +++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
+index b9066ea92cac..5a21c8421bec 100644
+--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
++++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
+@@ -19,9 +19,10 @@
+ 
+ #include <resourcemanager.hxx>
+ 
+-#include <digitalsignaturesdialog.hxx>
++#include <certificate.hxx>
+ #include <certificatechooser.hxx>
+ #include <certificateviewer.hxx>
++#include <digitalsignaturesdialog.hxx>
+ #include <macrosecurity.hxx>
+ #include <biginteger.hxx>
+ #include <strings.hrc>
+@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
+     Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
+ 
+     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
+-        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+-            return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
+-                && ( rAuthor[1] == sSerialNum );
++        [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
++            if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
++                return false;
++            if (rAuthor[1] != sSerialNum)
++                return false;
++
++            DocumentSignatureManager aSignatureManager(mxCtx, {});
++            if (!aSignatureManager.init())
++                return false;
++            uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
++
++            auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
++            auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
++            if (pAuthor && pCert)
++                return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
++
++            return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
+         });
+ }
+ 
+-- 
+2.37.3
+
-- 
cgit v1.2.3