Version in base suite: 7.4.7-1+deb12u4 Base version: libreoffice_7.4.7-1+deb12u4 Target version: libreoffice_7.4.7-1+deb12u5 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u4.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u5.dsc changelog | 7 + patches/do-not-trust-any-signature-on-repaired-package.diff | 79 ++++++++++++ patches/series | 1 3 files changed, 87 insertions(+) diff -Nru libreoffice-7.4.7/debian/changelog libreoffice-7.4.7/debian/changelog --- libreoffice-7.4.7/debian/changelog 2024-08-01 12:33:25.000000000 +0000 +++ libreoffice-7.4.7/debian/changelog 2024-08-22 16:44:46.000000000 +0000 @@ -1,3 +1,10 @@ +libreoffice (4:7.4.7-1+deb12u5) bookworm-security; urgency=medium + + * debian/patches/debian/patches/do-not-trust-any-signature-on-repaired-package.diff: + as name says (CVE-2024-7788) + + -- Rene Engelhard Thu, 22 Aug 2024 18:44:46 +0200 + libreoffice (4:7.4.7-1+deb12u4) bookworm-security; urgency=medium * remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff: diff -Nru libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff --- libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff 1970-01-01 00:00:00.000000000 +0000 +++ libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff 2024-08-22 16:44:28.000000000 +0000 @@ -0,0 +1,79 @@ +From 016eb8f0cd2effbe33ef5b144c33c74d4878155e Mon Sep 17 00:00:00 2001 +From: Michael Stahl +Date: Tue, 2 Jul 2024 13:24:38 +0200 +Subject: sfx2: SfxObjectShell should not trust any signature on repaired + package +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56 +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883 +Tested-by: Jenkins +Reviewed-by: Michael Stahl +(cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7) +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930 +Reviewed-by: Caolán McNamara +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910 +Tested-by: Jenkins CollaboraOffice +Reviewed-by: Miklos Vajna +--- + sfx2/source/doc/objmisc.cxx | 6 ++++++ + sfx2/source/doc/objserv.cxx | 10 ++++++++++ + sfx2/source/doc/objstor.cxx | 2 ++ + 3 files changed, 18 insertions(+) + +diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx +index 97a0839a59dd..1e86b854f074 100644 +--- a/sfx2/source/doc/objmisc.cxx ++++ b/sfx2/source/doc/objmisc.cxx +@@ -938,6 +938,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign ) + + void SfxObjectShell::CheckSecurityOnLoading_Impl() + { ++ if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE) ++ { // safety first: don't run any macros from broken package. ++ pImpl->aMacroMode.disallowMacroExecution(); ++ return; // do not get signature status - needs to be done after RepairPackage ++ } ++ + // make sure LO evaluates the macro signatures, so it can be preserved + GetScriptingSignatureState(); + +diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx +index f0bc6172ab1d..895bec13f0c0 100644 +--- a/sfx2/source/doc/objserv.cxx ++++ b/sfx2/source/doc/objserv.cxx +@@ -1837,6 +1837,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent ) + + uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent ); + *pState = DocumentSignatures::getSignatureState(aInfos); ++ ++ // repaired package cannot be trusted ++ if (*pState != SignatureState::NOSIGNATURES) ++ { ++ SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)}; ++ if (pRepairItem && pRepairItem->GetValue()) ++ { ++ *pState = SignatureState::BROKEN; ++ } ++ } + } + + if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED +diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx +index 9ef664d1cb2f..30b02aba97cc 100644 +--- a/sfx2/source/doc/objstor.cxx ++++ b/sfx2/source/doc/objstor.cxx +@@ -380,6 +380,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl() + { + // only for internal use + pImpl->m_xDocStorage.clear(); ++ pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; ++ pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; + pImpl->m_bIsInit = false; + ResetError(); + } +-- +cgit v1.2.3 + diff -Nru libreoffice-7.4.7/debian/patches/series libreoffice-7.4.7/debian/patches/series --- libreoffice-7.4.7/debian/patches/series 2024-08-01 12:04:38.000000000 +0000 +++ libreoffice-7.4.7/debian/patches/series 2024-08-22 16:44:43.000000000 +0000 @@ -62,3 +62,4 @@ Fix-backup-copy-creation-for-files-on-mounted-samba-shares.diff fix-32bit-build.diff remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff +do-not-trust-any-signature-on-repaired-package.diff