Version in base suite: 7.4.7-1+deb12u4

Base version: libreoffice_7.4.7-1+deb12u4
Target version: libreoffice_7.4.7-1+deb12u5
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u4.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libr/libreoffice/libreoffice_7.4.7-1+deb12u5.dsc

 changelog                                                   |    7 +
 patches/do-not-trust-any-signature-on-repaired-package.diff |   79 ++++++++++++
 patches/series                                              |    1 
 3 files changed, 87 insertions(+)

diff -Nru libreoffice-7.4.7/debian/changelog libreoffice-7.4.7/debian/changelog
--- libreoffice-7.4.7/debian/changelog	2024-08-01 12:33:25.000000000 +0000
+++ libreoffice-7.4.7/debian/changelog	2024-08-22 16:44:46.000000000 +0000
@@ -1,3 +1,10 @@
+libreoffice (4:7.4.7-1+deb12u5) bookworm-security; urgency=medium
+
+  * debian/patches/debian/patches/do-not-trust-any-signature-on-repaired-package.diff:
+    as name says (CVE-2024-7788) 
+
+ -- Rene Engelhard <rene@debian.org>  Thu, 22 Aug 2024 18:44:46 +0200
+
 libreoffice (4:7.4.7-1+deb12u4) bookworm-security; urgency=medium
 
   * remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff:
diff -Nru libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff
--- libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-7.4.7/debian/patches/do-not-trust-any-signature-on-repaired-package.diff	2024-08-22 16:44:28.000000000 +0000
@@ -0,0 +1,79 @@
+From 016eb8f0cd2effbe33ef5b144c33c74d4878155e Mon Sep 17 00:00:00 2001
+From: Michael Stahl <michael.stahl@allotropia.de>
+Date: Tue, 2 Jul 2024 13:24:38 +0200
+Subject: sfx2: SfxObjectShell should not trust any signature on repaired
+ package
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883
+Tested-by: Jenkins
+Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
+(cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7)
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930
+Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910
+Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
+Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
+---
+ sfx2/source/doc/objmisc.cxx |  6 ++++++
+ sfx2/source/doc/objserv.cxx | 10 ++++++++++
+ sfx2/source/doc/objstor.cxx |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
+index 97a0839a59dd..1e86b854f074 100644
+--- a/sfx2/source/doc/objmisc.cxx
++++ b/sfx2/source/doc/objmisc.cxx
+@@ -938,6 +938,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign )
+ 
+ void SfxObjectShell::CheckSecurityOnLoading_Impl()
+ {
++    if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE)
++    {   // safety first: don't run any macros from broken package.
++        pImpl->aMacroMode.disallowMacroExecution();
++        return; // do not get signature status - needs to be done after RepairPackage
++    }
++
+     // make sure LO evaluates the macro signatures, so it can be preserved
+     GetScriptingSignatureState();
+ 
+diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
+index f0bc6172ab1d..895bec13f0c0 100644
+--- a/sfx2/source/doc/objserv.cxx
++++ b/sfx2/source/doc/objserv.cxx
+@@ -1837,6 +1837,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
+ 
+         uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent );
+         *pState = DocumentSignatures::getSignatureState(aInfos);
++
++        // repaired package cannot be trusted
++        if (*pState != SignatureState::NOSIGNATURES)
++        {
++            SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)};
++            if (pRepairItem && pRepairItem->GetValue())
++            {
++                *pState = SignatureState::BROKEN;
++            }
++        }
+     }
+ 
+     if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED
+diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
+index 9ef664d1cb2f..30b02aba97cc 100644
+--- a/sfx2/source/doc/objstor.cxx
++++ b/sfx2/source/doc/objstor.cxx
+@@ -380,6 +380,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl()
+ {
+     // only for internal use
+     pImpl->m_xDocStorage.clear();
++    pImpl->nDocumentSignatureState = SignatureState::UNKNOWN;
++    pImpl->nScriptingSignatureState = SignatureState::UNKNOWN;
+     pImpl->m_bIsInit = false;
+     ResetError();
+ }
+-- 
+cgit v1.2.3
+
diff -Nru libreoffice-7.4.7/debian/patches/series libreoffice-7.4.7/debian/patches/series
--- libreoffice-7.4.7/debian/patches/series	2024-08-01 12:04:38.000000000 +0000
+++ libreoffice-7.4.7/debian/patches/series	2024-08-22 16:44:43.000000000 +0000
@@ -62,3 +62,4 @@
 Fix-backup-copy-creation-for-files-on-mounted-samba-shares.diff
 fix-32bit-build.diff
 remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff
+do-not-trust-any-signature-on-repaired-package.diff