[Libreoffice-commits] core.git: Branch 'feature/cib_contract57d' - 5 commits - download.lst external/pdfium external/redland include/vcl shell/source vcl/CppunitTest_vcl_filter_ipdf.mk vcl/Module_vcl.mk vcl/qa vcl/source xmlsecurity/inc xmlsecurity/qa xmlsecurity/source xmlsecurity/workben

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Tue Dec 22 12:08:37 UTC 2020


Rebased ref, commits from common ancestor:
commit 40b47f849d055a49e3b79b210f1c8293bbcd3baa
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Tue Jul 16 23:32:31 2019 +0200
Commit:     Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Tue Dec 22 15:03:01 2020 +0300

    external: update pdfium to 3849
    
    Reviewed-on: https://gerrit.libreoffice.org/75736
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>
    (cherry picked from commit 0ee0ca3036629b69bf20b448d74991fd133f08ac)
    
    Change-Id: I616f57bd9de72b078500a290bf9ff89c71773f26

diff --git a/download.lst b/download.lst
index 00f73f95375b..211b193431ee 100644
--- a/download.lst
+++ b/download.lst
@@ -200,8 +200,8 @@ export OWNCLOUD_ANDROID_LIB_SHA256SUM := b18b3e3ef7fae6a79b62f2bb43cc47a5346b633
 export OWNCLOUD_ANDROID_LIB_TARBALL := owncloud-android-library-0.9.4-no-binary-deps.tar.gz
 export PAGEMAKER_SHA256SUM := 66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
 export PAGEMAKER_TARBALL := libpagemaker-0.0.4.tar.xz
-export PDFIUM_SHA256SUM := e3faddcf741336c64ca2e6f72b23e9e60979969b2cf67c878c9a5bc38328cfc4
-export PDFIUM_TARBALL := pdfium-3794.tar.bz2
+export PDFIUM_SHA256SUM := 43ef702b65a21d66fc580b1b9c77893e33fe07dd764a17c2aac08ecec534c8ad
+export PDFIUM_TARBALL := pdfium-3849.tar.bz2
 export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
 export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
 export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
diff --git a/external/pdfium/Library_pdfium.mk b/external/pdfium/Library_pdfium.mk
index c24894304078..34c2e9a3fd43 100644
--- a/external/pdfium/Library_pdfium.mk
+++ b/external/pdfium/Library_pdfium.mk
@@ -87,7 +87,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
 
 # formfiller
 $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
-    UnpackedTarball/pdfium/fpdfsdk/formfiller/cba_fontmap \
     UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_checkbox \
     UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_combobox \
     UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_formfiller \
@@ -165,7 +164,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fpdfapi/cmaps/Korea1/cmaps_korea1 \
     UnpackedTarball/pdfium/core/fpdfapi/cmaps/fpdf_cmaps \
     UnpackedTarball/pdfium/core/fpdfapi/cpdf_modulemgr \
-    UnpackedTarball/pdfium/core/fpdfapi/cpdf_pagerendercontext \
+    UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pagerendercontext \
     UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_pagecontentgenerator \
     UnpackedTarball/pdfium/core/fpdfapi/font/cpdf_cidfont \
     UnpackedTarball/pdfium/core/fpdfapi/font/cpdf_font \
@@ -272,11 +271,13 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_page_object_avail \
     UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_cross_ref_avail \
     UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_pagecontentmanager \
-    UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_transparency \
+    UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transparency \
     UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_dibbase \
     UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_object_stream \
     UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_cross_ref_table \
     UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_stringarchivestream \
+    UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_occontext \
+    UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_contentstream_write_utils \
 ))
 
 # fpdfdoc
@@ -303,7 +304,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_metadata \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_nametree \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_numbertree \
-    UnpackedTarball/pdfium/core/fpdfdoc/cpdf_occontext \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_pagelabel \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_variabletext \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_viewerpreferences \
@@ -314,6 +314,8 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fpdfdoc/ctypeset \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_structelement \
     UnpackedTarball/pdfium/core/fpdfdoc/cpdf_structtree \
+    UnpackedTarball/pdfium/core/fpdfdoc/cba_fontmap \
+    UnpackedTarball/pdfium/core/fpdfdoc/cpdf_color_utils \
 ))
 
 # fpdftext
@@ -326,7 +328,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
 
 # fxcodec
 $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
-    UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec \
+    UnpackedTarball/pdfium/core/fxcodec/fx_codec \
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_ArithDecoder \
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_ArithIntDecoder \
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_BitStream \
@@ -343,18 +345,21 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Segment \
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_SymbolDict \
     UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_TrdProc \
-    UnpackedTarball/pdfium/core/fxcodec/bmp/fx_bmp \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_scanlinedecoder \
     UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gif \
     UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gifcontext \
     UnpackedTarball/pdfium/core/fxcodec/gif/cfx_lzwdecompressor \
-    UnpackedTarball/pdfium/core/fxcodec/codec/cfx_codec_memory \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_faxmodule \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_iccmodule \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_jbig2module \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_jpxmodule \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_jpegmodule \
-    UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_flatemodule \
+    UnpackedTarball/pdfium/core/fxcodec/cfx_codec_memory \
+    UnpackedTarball/pdfium/core/fxcodec/fax/faxmodule \
+    UnpackedTarball/pdfium/core/fxcodec/scanlinedecoder \
+    UnpackedTarball/pdfium/core/fxcodec/jbig2/jbig2module \
+    UnpackedTarball/pdfium/core/fxcodec/jpeg/jpegmodule \
+    UnpackedTarball/pdfium/core/fxcodec/jpx/cjpx_decoder \
+    UnpackedTarball/pdfium/core/fxcodec/jpx/jpx_decode_utils \
+    UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_DocumentContext \
+    UnpackedTarball/pdfium/core/fxcodec/basic/basicmodule \
+    UnpackedTarball/pdfium/core/fxcodec/jpx/jpxmodule \
+    UnpackedTarball/pdfium/core/fxcodec/flate/flatemodule \
+    UnpackedTarball/pdfium/core/fxcodec/icc/iccmodule \
 ))
 
 # fxcrt
@@ -403,12 +408,12 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fxcrt/fx_random \
     UnpackedTarball/pdfium/core/fxcrt/fx_string \
     UnpackedTarball/pdfium/core/fxcrt/widestring \
-    UnpackedTarball/pdfium/core/fxcrt/cfx_seekablemultistream \
     UnpackedTarball/pdfium/core/fxcrt/css/cfx_cssdata \
     UnpackedTarball/pdfium/core/fxcrt/fx_codepage \
     UnpackedTarball/pdfium/core/fxcrt/fx_number \
     UnpackedTarball/pdfium/core/fxcrt/cfx_utf8encoder \
     UnpackedTarball/pdfium/core/fxcrt/cfx_readonlymemorystream \
+    UnpackedTarball/pdfium/core/fxcrt/observed_ptr \
 ))
 
 # fxge
@@ -445,7 +450,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fxge/agg/fx_agg_driver \
     UnpackedTarball/pdfium/core/fxge/cfx_cliprgn \
     UnpackedTarball/pdfium/core/fxge/cfx_color \
-    UnpackedTarball/pdfium/core/fxge/cfx_facecache \
+    UnpackedTarball/pdfium/core/fxge/cfx_glyphcache \
     UnpackedTarball/pdfium/core/fxge/cfx_folderfontinfo \
     UnpackedTarball/pdfium/core/fxge/cfx_font \
     UnpackedTarball/pdfium/core/fxge/cfx_fontcache \
@@ -458,7 +463,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fxge/cfx_renderdevice \
     UnpackedTarball/pdfium/core/fxge/cfx_substfont \
     UnpackedTarball/pdfium/core/fxge/cfx_unicodeencoding \
-    UnpackedTarball/pdfium/core/fxge/cttfontdesc \
     UnpackedTarball/pdfium/core/fxge/fx_ge_fontmap \
     UnpackedTarball/pdfium/core/fxge/fx_ge_linux \
     UnpackedTarball/pdfium/core/fxge/cfx_glyphbitmap \
@@ -466,6 +470,9 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
     UnpackedTarball/pdfium/core/fxge/text_glyph_pos \
     UnpackedTarball/pdfium/core/fxge/fx_font \
     UnpackedTarball/pdfium/core/fxge/dib/cfx_dibbase \
+    UnpackedTarball/pdfium/core/fxge/dib/cfx_cmyk_to_srgb \
+    UnpackedTarball/pdfium/core/fxge/text_char_pos \
+    UnpackedTarball/pdfium/core/fxge/cfx_face \
 ))
 
 # javascript, build with pdf_enable_v8 disabled.
diff --git a/external/pdfium/ubsan.patch b/external/pdfium/ubsan.patch
index 9939b6e9e4b6..1d03c28a4d15 100644
--- a/external/pdfium/ubsan.patch
+++ b/external/pdfium/ubsan.patch
@@ -10,9 +10,9 @@
      m_String[offset + nLen] = 0;
    }
  
---- core/fxge/cfx_facecache.cpp
-+++ core/fxge/cfx_facecache.cpp
-@@ -183,7 +183,8 @@ std::unique_ptr<CFX_GlyphBitmap> CFX_FaceCache::RenderGlyph(
+--- core/fxge/cfx_glyphcache.cpp
++++ core/fxge/cfx_glyphcache.cpp
+@@ -183,7 +183,8 @@ std::unique_ptr<CFX_GlyphBitmap> CFX_GlyphCache::RenderGlyph(
        }
      }
    } else {
diff --git a/external/pdfium/windows7.patch.1 b/external/pdfium/windows7.patch.1
index 00603c0570cb..f6dfdc62b014 100644
--- a/external/pdfium/windows7.patch.1
+++ b/external/pdfium/windows7.patch.1
@@ -1,5 +1,5 @@
 diff --git a/third_party/base/win/win_util.cc b/third_party/base/win/win_util.cc
-index 9c90b9d62..356eca74d 100644
+index ae2dba84d..7a3718848 100644
 --- a/third_party/base/win/win_util.cc
 +++ b/third_party/base/win/win_util.cc
 @@ -12,28 +12,7 @@ namespace base {
diff --git a/vcl/qa/cppunit/pdfexport/pdfexport.cxx b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
index b338ebe28422..28b9fc9f3bcc 100644
--- a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
+++ b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
@@ -354,7 +354,7 @@ void PdfExportTest::testTdf105461()
             continue;
 
         unsigned int nRed = 0, nGreen = 0, nBlue = 0, nAlpha = 0;
-        FPDFPath_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
+        FPDFPageObj_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
         if (Color(nRed, nGreen, nBlue) == COL_YELLOW)
             ++nYellowPathCount;
     }
@@ -409,7 +409,7 @@ void PdfExportTest::testTdf107868()
             continue;
 
         unsigned int nRed = 0, nGreen = 0, nBlue = 0, nAlpha = 0;
-        FPDFPath_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
+        FPDFPageObj_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
         if (Color(nRed, nGreen, nBlue) == COL_WHITE)
             ++nWhitePathCount;
     }
@@ -909,7 +909,7 @@ void PdfExportTest::testTdf108963()
             continue;
 
         unsigned int nRed = 0, nGreen = 0, nBlue = 0, nAlpha = 0;
-        FPDFPath_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
+        FPDFPageObj_GetFillColor(pPdfPageObject, &nRed, &nGreen, &nBlue, &nAlpha);
         if (Color(nRed, nGreen, nBlue) == COL_YELLOW)
         {
             ++nYellowPathCount;
commit efaa0538e43cdff16e59a989d2aa8df71e2bbbd3
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Oct 19 16:50:07 2020 +0200
Commit:     Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Tue Dec 22 15:01:51 2020 +0300

    xmlsecurity: handle MDP permission during PDF verify
    
    (cherry picked from commit 586f6abee92af3cdabdce034b607b9a046ed3946)
    
    Conflicts:
            include/vcl/filter/PDFiumLibrary.hxx
            vcl/source/pdf/PDFiumLibrary.cxx
            xmlsecurity/source/helper/pdfsignaturehelper.cxx
    
    Change-Id: I626fca7c03079fb0374c577dcfe024e7db6ed5b3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105785
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    (cherry picked from commit 00479937dc071246cc27f33fd6397668448a7ed9)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107062
    Tested-by: Michael Stahl <michael.stahl at cib.de>
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>

diff --git a/include/vcl/filter/PDFiumLibrary.hxx b/include/vcl/filter/PDFiumLibrary.hxx
index ffc70874c19b..783b9a6da8b4 100644
--- a/include/vcl/filter/PDFiumLibrary.hxx
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -60,7 +60,7 @@ public:
     }
 
     /// Get bitmap checksum of the page, without annotations/commenting.
-    BitmapChecksum getChecksum();
+    BitmapChecksum getChecksum(int nMDPPerm);
 };
 
 class VCL_DLLPUBLIC PDFiumDocument final
diff --git a/include/vcl/filter/pdfdocument.hxx b/include/vcl/filter/pdfdocument.hxx
index 5db8b7bd9ed7..f14205e914b4 100644
--- a/include/vcl/filter/pdfdocument.hxx
+++ b/include/vcl/filter/pdfdocument.hxx
@@ -399,6 +399,7 @@ public:
     size_t GetObjectOffset(size_t nIndex) const;
     const std::vector<std::unique_ptr<PDFElement>>& GetElements();
     std::vector<PDFObjectElement*> GetPages();
+    PDFObjectElement* GetCatalog();
     /// Remember the end location of an EOF token.
     void PushBackEOF(size_t nOffset);
     /// Look up object based on object number, possibly by parsing object streams.
@@ -424,6 +425,11 @@ public:
     bool Write(SvStream& rStream);
     /// Get a list of signatures embedded into this document.
     std::vector<PDFObjectElement*> GetSignatureWidgets();
+    /**
+     * Get the value of the "modification detection and prevention" permission:
+     * Valid values are 1, 2 and 3: only 3 allows annotations after signing.
+     */
+    int GetMDPPerm();
     /// Remove the nth signature from read document in the edit buffer.
     bool RemoveSignature(size_t nPosition);
     /// Get byte offsets of the end of incremental updates.
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx
index c63273c625b1..41995d693c69 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -1857,10 +1857,8 @@ static void visitPages(PDFObjectElement* pPages, std::vector<PDFObjectElement*>&
     pPages->setVisiting(false);
 }
 
-std::vector<PDFObjectElement*> PDFDocument::GetPages()
+PDFObjectElement* PDFDocument::GetCatalog()
 {
-    std::vector<PDFObjectElement*> aRet;
-
     PDFReferenceElement* pRoot = nullptr;
 
     PDFTrailerElement* pTrailer = nullptr;
@@ -1880,11 +1878,18 @@ std::vector<PDFObjectElement*> PDFDocument::GetPages()
 
     if (!pRoot)
     {
-        SAL_WARN("vcl.filter", "PDFDocument::GetPages: trailer has no Root key");
-        return aRet;
+        SAL_WARN("vcl.filter", "PDFDocument::GetCatalog: trailer has no Root key");
+        return nullptr;
     }
 
-    PDFObjectElement* pCatalog = pRoot->LookupObject();
+    return pRoot->LookupObject();
+}
+
+std::vector<PDFObjectElement*> PDFDocument::GetPages()
+{
+    std::vector<PDFObjectElement*> aRet;
+
+    PDFObjectElement* pCatalog = GetCatalog();
     if (!pCatalog)
     {
         SAL_WARN("vcl.filter", "PDFDocument::GetPages: trailer has no catalog");
@@ -1957,6 +1962,71 @@ std::vector<PDFObjectElement*> PDFDocument::GetSignatureWidgets()
     return aRet;
 }
 
+int PDFDocument::GetMDPPerm()
+{
+    int nRet = 3;
+
+    std::vector<PDFObjectElement*> aSignatures = GetSignatureWidgets();
+    if (aSignatures.empty())
+    {
+        return nRet;
+    }
+
+    for (const auto& pSignature : aSignatures)
+    {
+        vcl::filter::PDFObjectElement* pSig = pSignature->LookupObject("V");
+        if (!pSig)
+        {
+            SAL_WARN("vcl.filter", "PDFDocument::GetMDPPerm: can't find signature object");
+            continue;
+        }
+
+        auto pReference = dynamic_cast<PDFArrayElement*>(pSig->Lookup("Reference"));
+        if (!pReference || pReference->GetElements().empty())
+        {
+            continue;
+        }
+
+        auto pFirstReference = dynamic_cast<PDFDictionaryElement*>(pReference->GetElements()[0]);
+        if (!pFirstReference)
+        {
+            SAL_WARN("vcl.filter",
+                     "PDFDocument::GetMDPPerm: reference array doesn't contain a dictionary");
+            continue;
+        }
+
+        PDFElement* pTransformParams = pFirstReference->LookupElement("TransformParams");
+        auto pTransformParamsDict = dynamic_cast<PDFDictionaryElement*>(pTransformParams);
+        if (!pTransformParamsDict)
+        {
+            auto pTransformParamsRef = dynamic_cast<PDFReferenceElement*>(pTransformParams);
+            if (pTransformParamsRef)
+            {
+                PDFObjectElement* pTransformParamsObj = pTransformParamsRef->LookupObject();
+                if (pTransformParamsObj)
+                {
+                    pTransformParamsDict = pTransformParamsObj->GetDictionary();
+                }
+            }
+        }
+
+        if (!pTransformParamsDict)
+        {
+            continue;
+        }
+
+        auto pP = dynamic_cast<PDFNumberElement*>(pTransformParamsDict->LookupElement("P"));
+        if (!pP)
+        {
+            return 2;
+        }
+
+        return pP->GetValue();
+    }
+
+    return nRet;
+}
+
 std::vector<unsigned char> PDFDocument::DecodeHexString(PDFHexStringElement const* pElement)
 {
     return svl::crypto::DecodeHexString(pElement->GetValue());
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
index 70e62ece2f11..9bfe3c2439fc 100644
--- a/vcl/source/pdf/PDFiumLibrary.cxx
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -56,7 +56,7 @@ std::unique_ptr<PDFiumPage> PDFiumDocument::openPage(int nIndex)
 
 int PDFiumDocument::getPageCount() { return FPDF_GetPageCount(mpPdfDocument); }
 
-BitmapChecksum PDFiumPage::getChecksum()
+BitmapChecksum PDFiumPage::getChecksum(int nMDPPerm)
 {
     size_t nPageWidth = FPDF_GetPageWidth(mpPage);
     size_t nPageHeight = FPDF_GetPageHeight(mpPage);
@@ -66,10 +66,14 @@ BitmapChecksum PDFiumPage::getChecksum()
         return 0;
     }
 
-    // Intentionally not using FPDF_ANNOT here, annotations/commenting is OK to not affect the
-    // checksum, signature verification wants this.
+    int nFlags = 0;
+    if (nMDPPerm != 3)
+    {
+        // Annotations/commenting should affect the checksum, signature verification wants this.
+        nFlags = FPDF_ANNOT;
+    }
     FPDF_RenderPageBitmap(pPdfBitmap, mpPage, /*start_x=*/0, /*start_y=*/0, nPageWidth, nPageHeight,
-                          /*rotate=*/0, /*flags=*/0);
+                          /*rotate=*/0, nFlags);
     Bitmap aBitmap(Size(nPageWidth, nPageHeight), 24);
     {
         BitmapScopedWriteAccess pWriteAccess(aBitmap);
diff --git a/xmlsecurity/inc/pdfio/pdfdocument.hxx b/xmlsecurity/inc/pdfio/pdfdocument.hxx
index f7e36492e746..87fa1d51286b 100644
--- a/xmlsecurity/inc/pdfio/pdfdocument.hxx
+++ b/xmlsecurity/inc/pdfio/pdfdocument.hxx
@@ -36,7 +36,7 @@ namespace pdfio
 XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream,
                                              vcl::filter::PDFObjectElement* pSignature,
                                              SignatureInformation& rInformation,
-                                             vcl::filter::PDFDocument& rDocument);
+                                             vcl::filter::PDFDocument& rDocument, int nMDPPerm);
 
 } // namespace pdfio
 } // namespace xmlsecurity
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf
new file mode 100644
index 000000000000..04d9950582b0
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 8a7cbbdc3730..aaca2c5acc63 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -96,8 +96,9 @@ std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, s
     for (size_t i = 0; i < aSignatures.size(); ++i)
     {
         SignatureInformation aInfo(i);
-        CPPUNIT_ASSERT(
-            xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, aVerifyDocument));
+        int nMDPPerm = aVerifyDocument.GetMDPPerm();
+        xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, aVerifyDocument,
+                                              nMDPPerm);
         aRet.push_back(aInfo);
 
         if (!rExpectedSubFilter.isEmpty())
@@ -241,8 +242,9 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testPDFRemove)
         std::vector<vcl::filter::PDFObjectElement*> aSignatures = aDocument.GetSignatureWidgets();
         CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size());
         SignatureInformation aInfo(0);
-        CPPUNIT_ASSERT(
-            xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo, aDocument));
+        int nMDPPerm = aDocument.GetMDPPerm();
+        CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo,
+                                                             aDocument, nMDPPerm));
     }
 
     // Remove the signature and write out the result as remove.pdf.
@@ -410,6 +412,21 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testPartialInBetween)
     CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
 }
 
+CPPUNIT_TEST_FIXTURE(PDFSigningTest, testBadCertP1)
+{
+    std::vector<SignatureInformation> aInfos
+        = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad-cert-p1.pdf", 1,
+                 /*rExpectedSubFilter=*/OString());
+    CPPUNIT_ASSERT(!aInfos.empty());
+    SignatureInformation& rInformation = aInfos[0];
+    // Without the accompanying fix in place, this test would have failed with:
+    // - Expected: 0 (SecurityOperationStatus_UNKNOWN)
+    // - Actual  : 1 (SecurityOperationStatus_OPERATION_SUCCEEDED)
+    // i.e. annotation after a P1 signature was not considered as a bad modification.
+    CPPUNIT_ASSERT_EQUAL(xml::crypto::SecurityOperationStatus::SecurityOperationStatus_UNKNOWN,
+                         rInformation.nStatus);
+}
+
 /// Test writing a PAdES signature.
 CPPUNIT_TEST_FIXTURE(PDFSigningTest, testSigningCertificateAttribute)
 {
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index f10f29c61840..b0795cb8f33f 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -52,11 +52,14 @@ bool PDFSignatureHelper::ReadAndVerifySignature(
 
     m_aSignatureInfos.clear();
 
+    int nMDPPerm = aDocument.GetMDPPerm();
+
     for (size_t i = 0; i < aSignatures.size(); ++i)
     {
         SignatureInformation aInfo(i);
 
-        if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, aDocument))
+        if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, aDocument,
+                                                   nMDPPerm))
             SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
 
         m_aSignatureInfos.push_back(aInfo);
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 557180071a2c..9d056de0a15c 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -139,7 +139,8 @@ bool IsCompleteSignature(SvStream& rStream, vcl::filter::PDFDocument& rDocument,
 }
 
 /// Collects the checksum of each page of one version of the PDF.
-void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum>& rPageChecksums)
+void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum>& rPageChecksums,
+                             int nMDPPerm)
 {
 #if HAVE_FEATURE_PDFIUM
     auto pPdfium = vcl::pdf::PDFiumLibrary::get();
@@ -155,7 +156,7 @@ void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum
             return;
         }
 
-        BitmapChecksum nPageChecksum = pPdfPage->getChecksum();
+        BitmapChecksum nPageChecksum = pPdfPage->getChecksum(nMDPPerm);
         rPageChecksums.push_back(nPageChecksum);
     }
 #else
@@ -165,9 +166,9 @@ void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum
 
 /**
  * Checks if incremental updates after singing performed valid modifications only.
- * Annotations/commenting is OK, other changes are not.
+ * nMDPPerm decides if annotations/commenting is OK, other changes are always not.
  */
-bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature)
+bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature, int nMDPPerm)
 {
     size_t nSignatureEOF = 0;
     if (!GetEOFOfSignature(pSignature, nSignatureEOF))
@@ -182,7 +183,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
     rStream.Seek(nPos);
     aSignatureStream.Seek(0);
     std::vector<BitmapChecksum> aSignedPages;
-    AnalyizeSignatureStream(aSignatureStream, aSignedPages);
+    AnalyizeSignatureStream(aSignatureStream, aSignedPages, nMDPPerm);
 
     SvMemoryStream aFullStream;
     nPos = rStream.Tell();
@@ -191,7 +192,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
     rStream.Seek(nPos);
     aFullStream.Seek(0);
     std::vector<BitmapChecksum> aAllPages;
-    AnalyizeSignatureStream(aFullStream, aAllPages);
+    AnalyizeSignatureStream(aFullStream, aAllPages, nMDPPerm);
 
     // Fail if any page looks different after signing and at the end. Annotations/commenting doesn't
     // count, though.
@@ -204,7 +205,8 @@ namespace xmlsecurity
 namespace pdfio
 {
 bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature,
-                       SignatureInformation& rInformation, vcl::filter::PDFDocument& rDocument)
+                       SignatureInformation& rInformation, vcl::filter::PDFDocument& rDocument,
+                       int nMDPPerm)
 {
     vcl::filter::PDFObjectElement* pValue = pSignature->LookupObject("V");
     if (!pValue)
@@ -311,7 +313,7 @@ bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignat
         return false;
     }
     rInformation.bPartialDocumentSignature = !IsCompleteSignature(rStream, rDocument, pSignature);
-    if (!IsValidSignature(rStream, pSignature))
+    if (!IsValidSignature(rStream, pSignature, nMDPPerm))
     {
         SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: invalid incremental update detected");
         return false;
diff --git a/xmlsecurity/workben/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx
index bc2978bb7c84..cd5c9ac5812b 100644
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -156,11 +156,12 @@ int pdfVerify(int nArgc, char** pArgv)
         else
         {
             std::cerr << "found " << aSignatures.size() << " signatures" << std::endl;
+            int nMDPPerm = aDocument.GetMDPPerm();
             for (size_t i = 0; i < aSignatures.size(); ++i)
             {
                 SignatureInformation aInfo(i);
                 if (!xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo,
-                                                           aDocument))
+                                                           aDocument, nMDPPerm))
                 {
                     SAL_WARN("xmlsecurity.pdfio", "failed to determine digest match");
                     return 1;
commit 350031af03b4799fb0a005236198666e00af5300
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Fri Oct 16 18:15:21 2020 +0200
Commit:     Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Tue Dec 22 14:57:42 2020 +0300

    vcl pdf tokenizer: fix handling of dict -> array -> dict tokens
    
    Needed to be able to parse the /Reference key of signatures.
    
    (cherry picked from commit 056c1284d6a68525002c54bef10834cc135385db)
    
    Conflicts:
            vcl/qa/cppunit/filter/ipdf/ipdf.cxx
    
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105626
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    (cherry picked from commit 8f46af565680bef0ff8ca32781e6d813a7446543)
    
    Change-Id: I6b81089a3f58a2de461ad92ca5a891c284f8686a
    
    Conflicts:
            vcl/Module_vcl.mk
    
    Change-Id: I6451277f9a0042bd30f66d26dcf4cd16f142e2b7

diff --git a/vcl/CppunitTest_vcl_filter_ipdf.mk b/vcl/CppunitTest_vcl_filter_ipdf.mk
new file mode 100644
index 000000000000..403836ac781a
--- /dev/null
+++ b/vcl/CppunitTest_vcl_filter_ipdf.mk
@@ -0,0 +1,49 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#*************************************************************************
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+#*************************************************************************
+
+$(eval $(call gb_CppunitTest_CppunitTest,vcl_filter_ipdf))
+
+$(eval $(call gb_CppunitTest_use_externals,vcl_filter_ipdf,\
+	boost_headers \
+	pdfium \
+))
+
+$(eval $(call gb_CppunitTest_add_exception_objects,vcl_filter_ipdf, \
+    vcl/qa/cppunit/filter/ipdf/ipdf \
+))
+
+$(eval $(call gb_CppunitTest_use_libraries,vcl_filter_ipdf, \
+    comphelper \
+    cppu \
+    sal \
+    sfx \
+    svx \
+    test \
+    tl \
+    unotest \
+    utl \
+    vcl \
+))
+
+$(eval $(call gb_CppunitTest_use_sdk_api,vcl_filter_ipdf))
+
+$(eval $(call gb_CppunitTest_use_ure,vcl_filter_ipdf))
+$(eval $(call gb_CppunitTest_use_vcl,vcl_filter_ipdf))
+
+$(eval $(call gb_CppunitTest_use_rdb,vcl_filter_ipdf,services))
+
+$(eval $(call gb_CppunitTest_use_custom_headers,vcl_filter_ipdf,\
+	officecfg/registry \
+))
+
+$(eval $(call gb_CppunitTest_use_configuration,vcl_filter_ipdf))
+
+# vim: set noet sw=4 ts=4:
diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk
index 78604ab0e9c4..013803bdd569 100644
--- a/vcl/Module_vcl.mk
+++ b/vcl/Module_vcl.mk
@@ -252,6 +252,11 @@ $(eval $(call gb_Module_add_screenshot_targets,vcl,\
 ifneq ($(DISPLAY),)
 $(eval $(call gb_Module_add_slowcheck_targets,vcl,\
     CppunitTest_vcl_gen \
+endif
+
+ifneq (,$(filter PDFIUM,$(BUILD_TYPE)))
+$(eval $(call gb_Module_add_slowcheck_targets,vcl,\
+    CppunitTest_vcl_filter_ipdf \
 ))
 endif
 
diff --git a/vcl/qa/cppunit/filter/ipdf/data/dict-array-dict.pdf b/vcl/qa/cppunit/filter/ipdf/data/dict-array-dict.pdf
new file mode 100644
index 000000000000..73de3117b9a6
--- /dev/null
+++ b/vcl/qa/cppunit/filter/ipdf/data/dict-array-dict.pdf
@@ -0,0 +1,55 @@
+%PDF-1.7
+% ò¤ô
+1 0 obj <<
+  /Type /Catalog
+  /Pages 2 0 R
+>>
+endobj
+2 0 obj <<
+  /Type /Pages
+  /MediaBox [0 0 200 300]
+  /Count 1
+  /Kids [3 0 R]
+>>
+endobj
+3 0 obj <<
+  /Type /Page
+  /Parent 2 0 R
+  /Contents 4 0 R
+  /Key[<</InnerKey 42>>]
+>>
+endobj
+4 0 obj <<
+  /Length 188
+>>
+stream
+q
+0 0 0 rg
+0 290 10 10 re B*
+10 150 50 30 re B*
+0 0 1 rg
+190 290 10 10 re B*
+70 232 50 30 re B*
+0 1 0 rg
+190 0 10 10 re B*
+130 150 50 30 re B*
+1 0 0 rg
+0 0 10 10 re B*
+70 67 50 30 re B*
+Q
+endstream
+endobj
+xref
+0 5
+0000000000 65535 f 
+0000000015 00000 n 
+0000000068 00000 n 
+0000000157 00000 n 
+0000000251 00000 n 
+trailer <<
+  /Root 1 0 R
+  /Size 5
+>>
+startxref
+491
+%%EOF
diff --git a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
new file mode 100644
index 000000000000..917630265a0f
--- /dev/null
+++ b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <test/bootstrapfixture.hxx>
+#include <unotest/macros_test.hxx>
+
+#include <com/sun/star/drawing/XDrawPagesSupplier.hpp>
+#include <com/sun/star/drawing/XDrawView.hpp>
+#include <com/sun/star/frame/Desktop.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/view/XSelectionSupplier.hpp>
+#include <com/sun/star/xml/crypto/SEInitializer.hpp>
+
+#include <comphelper/propertyvalue.hxx>
+#include <osl/file.hxx>
+#include <unotools/tempfile.hxx>
+#include <sfx2/sfxbasemodel.hxx>
+#include <svx/svdview.hxx>
+#include <sfx2/viewsh.hxx>
+#include <sfx2/objsh.hxx>
+#include <vcl/filter/PDFiumLibrary.hxx>
+#include <vcl/filter/pdfdocument.hxx>
+
+using namespace ::com::sun::star;
+
+namespace
+{
+char const DATA_DIRECTORY[] = "/vcl/qa/cppunit/filter/ipdf/data/";
+}
+
+/// Covers vcl/source/filter/ipdf/ fixes.
+class VclFilterIpdfTest : public test::BootstrapFixture, public unotest::MacrosTest
+{
+public:
+    void setUp() override;
+
+    void testDictArrayDict();
+
+    CPPUNIT_TEST_SUITE(VclFilterIpdfTest);
+    CPPUNIT_TEST(testDictArrayDict);
+    CPPUNIT_TEST_SUITE_END();
+};
+
+void VclFilterIpdfTest::setUp()
+{
+    test::BootstrapFixture::setUp();
+
+    mxDesktop.set(frame::Desktop::create(m_xContext));
+}
+
+void VclFilterIpdfTest::testDictArrayDict()
+{
+    // Load a file that has markup like this:
+    // 3 0 obj <<
+    //   /Key[<</InnerKey 42>>]
+    // >>
+    OUString aSourceURL = m_directories.getURLFromSrc(DATA_DIRECTORY) + "dict-array-dict.pdf";
+    SvFileStream aFile(aSourceURL, StreamMode::READ);
+    vcl::filter::PDFDocument aDocument;
+    CPPUNIT_ASSERT(aDocument.Read(aFile));
+    std::vector<vcl::filter::PDFObjectElement*> aPages = aDocument.GetPages();
+    CPPUNIT_ASSERT(!aPages.empty());
+    vcl::filter::PDFObjectElement* pPage = aPages[0];
+    auto pKey = dynamic_cast<vcl::filter::PDFArrayElement*>(pPage->Lookup("Key"));
+
+    // Without the accompanying fix in place, this test would have failed, because the value of Key
+    // was a dictionary element, not an array element.
+    CPPUNIT_ASSERT(pKey);
+}
+
+CPPUNIT_TEST_SUITE_REGISTRATION(VclFilterIpdfTest);
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx
index 84de016d15ef..c63273c625b1 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -2228,8 +2228,17 @@ size_t PDFDictionaryElement::Parse(const std::vector<std::unique_ptr<PDFElement>
                 if (nexti >= i) // ensure we go forwards and not endlessly loop
                 {
                     i = nexti;
-                    rDictionary[aName] = pDictionary;
-                    aName.clear();
+                    if (pArray)
+                    {
+                        // Dictionary value inside an array.
+                        pArray->PushBack(pDictionary);
+                    }
+                    else
+                    {
+                        // Dictionary toplevel value.
+                        rDictionary[aName] = pDictionary;
+                        aName.clear();
+                    }
                 }
             }
         }
commit 5bf7de370d4b967807c6b4562f6d46f2a7a59cc3
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Wed Nov 25 09:13:12 2020 +0100
Commit:     Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Tue Dec 22 14:51:14 2020 +0300

    Better handling of Java files
    
    Change-Id: Ifa662be39ac7d35241ee31956e2556b7ba3b5a02
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106558
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/shell/source/unix/exec/shellexec.cxx b/shell/source/unix/exec/shellexec.cxx
index 313007787489..0810b0534112 100644
--- a/shell/source/unix/exec/shellexec.cxx
+++ b/shell/source/unix/exec/shellexec.cxx
@@ -150,6 +150,10 @@ void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aPar
             {
                 throw css::lang::IllegalArgumentException(
                     "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0);
+            } else if (pathname.endsWithIgnoreAsciiCase(".class")
+                       || pathname.endsWithIgnoreAsciiCase(".jar"))
+            {
+                dir = true;
             }
         }
 
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index c4091616f7d8..394f7a4f42d3 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -407,7 +407,8 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa
                 }
                 if (!(checkExtension(ext, env)
                       && checkExtension(
-                          ext, ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY")))
+                          ext,
+                          ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;.JAR")))
                 {
                     throw css::lang::IllegalArgumentException(
                         "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0);
commit 6113b47b161c00af5a940c79b7c60c3c5965c89b
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Nov 23 14:33:06 2020 +0000
Commit:     Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Tue Dec 22 14:49:24 2020 +0300

    CVE-2020-25713 raptor2: malformed input file can lead to a segfault
    
    due to an out of bounds array access in
    raptor_xml_writer_start_element_common
    
    use a better fix than the initial suggestion
    
    See:
    https: //bugs.mageia.org/show_bug.cgi?id=27605
    https: //www.openwall.com/lists/oss-security/2020/11/13/1
    Change-Id: Ida4783a61412ffce868eacf81310da338d3e2df1
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106249
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>
    Tested-by: Jenkins

diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk
index 517b11a3d14f..fbdc8b6f5510 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
 	$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
 	external/redland/raptor/xml2-config.patch \
 	external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 \
+	external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \
 	external/redland/raptor/libtool.patch \
 ))
 
diff --git a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
new file mode 100644
index 000000000000..1fb279df3e4d
--- /dev/null
+++ b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm at redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+           
+           /* check it wasn't an earlier declaration too */
+           for(j = 0; j < nspace_declarations_count; j++)
+-            if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++            if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+               declare_me = 0;
+               break;
+             }
+-- 
+2.28.0
+


More information about the Libreoffice-commits mailing list