Age | Commit message (Collapse) | Author |
|
Change-Id: I4319fc1e2d13aff3fbdda4fa738401d912853ba1
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122485
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 8cecaa622700cecb5b5776bd3e5360ac6cc3dd63)
Change-Id: I4e86b163a9abef88f26c6c0ae91ae0a4008658f1
|
|
Change-Id: Ie43b9dcad8048e91c27710fc73ff784ac7e3c141
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118868
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7707339a7d10225ff2503a852f68427519ae26f6)
Change-Id: I2bfd5f806281e747702d423b7e59b5f88a7bea9c
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115444
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit de16265f55ff2e4e1beb574fcb5b7b894df234f9)
Change-Id: I38c85fb3e30ffd1f7fc0a11948fc01338f7bb205
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113067
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit d56414fddd0796e63d2d3ae63260de7c6952dc70)
Change-Id: I93b9a32a82098a7b45e899ef29349c48276aa724
|
|
Allows dropping 5 upstreamed patches.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109195
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 229ee7c0ff5a69f09d6ac87dd585a11a8aacdcab)
Change-Id: I5f77502c5a2d11288b060956e69fd7767f52ab97
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130439
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit fe5d3fbfe63fe8b433776bd3a0508dd712b868b0)
sw: really prevent footnote frame against delete while it's moved
This reverts commit fe5d3fbfe63fe8b433776bd3a0508dd712b868b0
It turns out that checking a single column's IsMovingFootnotes() is not
enough - as frames can move both forwards and backwards the entire chain
of columns would need to be checked.
(Most callers of MoveLowerFootnotes() move forwards, but one place in
tabfrm.cxx moves from a follow to master.)
But it turns out that this is probably the wrong way in any case: most
likely the intention in FormatAnchorFrameAndItsPrevs() is to format
previous frames in the same layout environment, so if there is a section
or column inside a footnote then this upper should be formatted, while
if the footnote is inside a section or column this upper should not be
formatted; this should make calls during MoveFootnotes_() safe as it
should prevent the formatting of frames in the footnote boss moving a
footnote that is already being moved.
So tweak the fix in commit fa1bcc22921941b2cd8a0b32fe0d15655d12d607
a little to make it more general.
Also it was previously possible that for a section with columns,
both the section branch and the column branch was taken, which seems
supperfluous.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130544
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 3f569ffc9238e6bf2915e78bf21c844ca5f1270d)
add a layout test to exercise UXTSOREL
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130493
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 10d46c0498b89350645cf45e744a528d3d8f1ac1)
use Bitstream Vera Sans for consistent results with LIBREOFFICE-UXTSOREL.rtf
instead of Palatino Linotype which will typically get substituted
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133460
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ff27c0e35ebfdbe998c372b7a36df8b5577e1fd4)
Change-Id: I39487640322339fe4d511e845d9c6bced2ba9dad
|
|
mostly https: //support.google.com/mail/answer/6590?hl=en#zippy=%2Cmessages-that-have-attachments
but see also:
https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows
Change-Id: Ibe3abbdcdb6f82a73d245318ef97d86789d00523
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130394
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130382
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit 8b72ddb734e0f4457d0233ae9e56dd76526f1dc9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130492
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 5e8f64e50f97d39e83a3358697be14db03566878)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130265
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 04bb6f736f92b93497bed28b7420fac97753f95e)
Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130087
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 3dab7bc9dd8763d68fc2e6496e8069c7823685c2)
Change-Id: Ie189ae4d37ffc33e58bb405f2521d1ae02a9997b
|
|
if there is embedded data use office-binary-data to transport it
instead of a temp file
https: //issues.oasis-open.org/browse/OFFICE-3933
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129076
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e95d5d5666505cb05e9660f24f6c7ae039451ef8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129759
(cherry picked from commit bfff5c7dadf9628926fbb5cd0394fcfc4464eb0b)
Change-Id: Ia1cebf0770c99210df09f03dbb507451d9cf7764
|
|
Change-Id: Ie7853ea8bd083d1056872cfad4323ff6cede235f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129071
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 45c15e1112e03b8b211ed0968ed1b16d5ed4ddfe)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129758
(cherry picked from commit 63fcec3105b060cffde5e94fe688c8a59418e4c0)
|
|
* Update translations from branch 'feature/cib_contract138c'
to 3caabbbf1c795b0fce31603269f99d656a01ff0c
- Add translation df05d27336927373bf83664a90156fbe505fc546
Change-Id: I8f691b27668b6942d29d44320e326f95a4a2239b
|
|
Fixes CVE-2022-29824.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133813
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f670422a01e7336ba8a554331f3781ec7f5c4e8c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133831
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit e2104950ccd738cde5865ace63af5b3501df7362)
(cherry picked from commit 522d59947c0f952c1cf0c978a09cca06e78aaca3)
Change-Id: I31d6ec794b01dee0bb17022ef2e18d2acd8255df
|
|
Fixes CVE-2018-25032
external/zlib/ubsan.patch: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132358
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bfb6c4c65781a610d21409d974227d73f264f41a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132191
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit b91ebecaaa1582a7cbeda519eb6097a6a866135f)
Change-Id: I2aa9a9008b9cf7efd970c5fff0df7029204204f8
|
|
Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781
plus 6 more CVEs that shouldn't affect LO.
Remove obsolete configure-eval-fix.patch.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 58a3bf5199818e30ef4207213f29692d81b519c6)
upgrade to curl-7.81.0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 40a84af1bdd7b3c414a8a78ca32b0951c03f9976)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134246
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit f668663d63d5b0f37d4727b54585c3b67ab92162)
Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1
fbd7ff5acf390df1d95d6b8be0dc7751e4753bbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134393
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a08d1dc4ee904428ef6f78208cc2508d3fc3717b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134392
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
old ones default to the current all zero case and continue to work
as before
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Use range-based loops, STL and comphelper functions
Reviewed-on: https://gerrit.libreoffice.org/75563
Tested-by: Jenkins
Reviewed-by: Arkadiy Illarionov <qarkai@gmail.com>
(cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362)
Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)
Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
|
|
Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.
Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
svl: fix crash if user cancels/closes master password dialog
(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)
Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133905
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
These fail in jenkins but pass when built locally in a
Centos7 container.
pdfsigning.cxx:482:Assertion
Test name: PDFSigningTest::testBadCertP1
equality assertion failed
- Expected: 0
- Actual : 1
pdfsigning.cxx:498:Assertion
Test name: testBadCertP3Stamp::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
|
|
(cherry picked from commit f231dacde9df1c4aa5f4e0970535c4f4093364a7)
Conflicts:
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105926
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit fcab45e0e22f4cf46e71856dba7ae5abd6f99bc5)
Change-Id: I950b49a6e7181639daf27348ddfa0f36586baa65
Conflicts:
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
(cherry-picked from 363997c76749219b900f47043d1b17ba8ec9bccd)
Change-Id: I7096222bc2547046d988e0ba28df725859270790
|
|
external: update pdfium to 4203
(cherry picked from commit 4488be8a9279be0bd0aebd476589a49d2b95da6e)
Update one mention of pdfium-4137.tar.bz2
...left behind by 4488be8a9279be0bd0aebd476589a49d2b95da6e "external: update
pdfium to 4203"
(cherry picked from commit ba4b3d5f7a0fe8d0d985e98897e041d59093d8b0)
external: update pdfium to 4260
(cherry picked from commit f19381e46930bb496e7331754843920933fb4be2)
external: update pdfium to 4306
(cherry picked from commit fe531957e3dcd42927cf15ab31d04473433d81f9)
Conflicts:
include/vcl/pdf/PDFAnnotationSubType.hxx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105913
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit b4f50e78e9cd391964128bd0d1446d4dca110cef)
Change-Id: Ic10cf99fa412f8f0b3475e82d0a1839a7f04bd08
|
|
The problem here is that we never actually hit the maExportGraphics
cache in SvXMLGraphicHelper, even though we are passing the same image
down repeatedly.
There are two bugs here:
(1) BitmapEx::operator== does not return true if we instantiate 2
Graphic objects from the same XGraphic, so change it to use the more
expensive operator==. To mitigate the cost, move the expensive checks to
the bottom of the method.
(2) in order to use an object in std::unordered_map, the object must
implement an equality function and a hash function. If two objects are
equal THEY MUST have the same hash value. Using the Impl* as the hash
value does not satisfy that condition, so rather use the checksum, which
does.
After these fixes, the save time drops to less than a second.
Also make the checksum method look more like the operator== method,
and add a checksum calculation method for SVG data that more accurately
reflects the underlying SVG data.
Change-Id: I4ca0c7bee60b2efa6fe42301e582c7b278022b46
Reviewed-on: https://gerrit.libreoffice.org/72615
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 319c57d2af5d26d3910db4b02dca145d8881af44)
|
|
Just because this image is transparent, does not mean it is equal to the
other image.
Similarly, just because this image has transparency color, does not mean
the other image has valid transparency color.
Also move the cheaper mbAlpha check before the more expensive
ShallowEquals check.
there since
commit 8ab086b6cc054501bfbf7ef6fa509c393691e860
Date: Mon Sep 18 16:07:07 2000 +0000
initial import
Change-Id: I63033bc8e7fed991513a171e637768e826eafad9
Reviewed-on: https://gerrit.libreoffice.org/71572
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 36f306d8891ef8cba53676e4a2a30434718228e4)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2c8c221b88f2e2bb5b29a6c1bcce1ea75e98136a)
|
|
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
(cherry picked from commit 0268fd5a52c11f5701b10c9f9a92681c56254f17)
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e63611fabd38c757809b510fbb71c077880b1081)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124196
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 3dfe381032fc61ea31106f103dee9db8277d4d25)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124420
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ee48ce9886d884730a91c695b5d0668c6d90c740)
|
|
With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that
8 tests including testODFGood in CppunitTest/xmlsecurity_signing
fail because the crypto policy disallows SHA1 for signatures.
Apparently this particular policy bit was added in NSS 3.59:
https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
For signatures, maybe it's not a good idea to override system policy
for product builds, so do it locally in the tests, at least for now.
If similar problems turn up for encrypted documents in the future,
that should be fixed in product builds too of course, as encrypted
documents must always be decryptable.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123768
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 51e82016e8783a452fe5f7921d12c1bf20bfd6b5)
xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicy
The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1
is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually
in libnssutil3.so.
This causes a linking problem when upgrading the internal NSS to a
version that has NSS_USE_ALG_IN_ANY_SIGNATURE.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 395c0c0bbaceadf909e0189af99c6358487c7978)
Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123838
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 0f3431026dbff0251efeb0b92be335841a08cc5d)
|
|
Fedora nss-3.69.0-1.fc34.x86_64 and Debian libnss3:amd64 2:3.70-1 no
longer support the old BerekelyDB databases, so convert them to the new
SQLite format for the benefit of --with-system-nss builds.
This worked to do the upgrade:
> certutil -N -d sql:test/new --empty-password
> LD_LIBRARY_PATH=instdir/program workdir/UnpackedTarball/nss/dist/out/bin/certutil --merge -d sql:test/new --source-dir dbm:test/signing-keys
Builds would fail running tests added in commit
40d70d427edddb589eda64fafc2e56536953d274
signing.cxx:551:Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123586
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 907784ccce7bd8b5121888cff7f5723a55d35358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123643
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7b4b03b9cf21ecd11bc82da5f29c4ff91ad242c9)
Change-Id: I00aa20703e117ebf583c3331b84e966c2cfc78cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123837
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 755155498b13c8724831276808c930adba891f5c)
|
|
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't
actually run on WNT but that wasn't obvious because commit
149df1fec6472e30582162e17e04c75aee91d26a prevented running them in
Jenkins on master, they failed only in the libreoffice-7-1 backport.
xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion
Test name: testODFDoubleX509Certificate::TestBody
assertion failed
- Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)
- 2
This is an oddity where NSS claims the signature in the document is
valid but CryptoAPI claims it is invalid; the hashes passed into the
validation functions are the same. Just allow BROKEN as an additional
result value on WNT.
xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The problem here is that with NSS the tests use a custom NSS database
in test/signing-keys so we need to make these certificates available for
CryptoAPI too.
The following one-liner converts the NSS database to a PKCS#7 that can
be loaded by CrytpAPI:
> openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b
Then one might naively assume that something like this would allow these
certificates to be added temporarily as trusted CAs:
+ HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ;
+ HCERTSTORE const hExtra = CertOpenStore(
+ CERT_STORE_PROV_FILENAME_A,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
+ path);
+ if (hExtra != NULL && hRoot != NULL)
+ {
+ BOOL ret = CertAddStoreToCollection(
+ hRoot,
+ hExtra,
+ CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
+ 0);
+ SAL_DEBUG("XXX hExtra done " << ret);
+ }
There is no error from this, but it doesn't work.
Instead, check if CertGetCertificateChain() sets the
CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate
manually in the extra PKCS#7 store.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7d664ec788acdc378506a7ff8b1120cea24a6770)
Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123836
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 7c622c58cda433964dd73544d56a81a7c88e3f5d)
|
|
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123438
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 956c638025e3c0bbe816f710da64769cf5874f4f)
|
|
Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123437
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 3aabce61782c9561a0e1680fe1ecc58ac87be0ee)
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112412
(cherry picked from commit 52a23d595b820cab27d76d0e7c129f2757c762d6)
(cherry picked from commit ed6db8f42484f135137939cf38dc40fc3f0913b1)
|
|
add a check for $container
Change-Id: Ib6921c6d771622fb5f4acb82d10aa6fb34e1bbac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96538
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit e19b67dcf5e987e58ce4252d8d1c8313d111df85)
|
|
Change-Id: I66dc674aab8dc86c95495754400c5e64b2583599
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86223
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 6fbfb54086c10f0107dc7026eaeffd177eda56c3)
|
|
This reverts commit df1033d3e5692ea11dc2ac9ea08e8a245996dab1.
|
|
It had started to fail for me now with
> ~/gcc/trunk/inst/bin/g++ -DHAVE_CONFIG_H -I. -I. -O -MT CoinFinite.lo -MD -MP -MF .deps/CoinFinite.Tpo -c CoinFinite.cpp -fPIC -DPIC -o .libs/CoinFinite.o
> CoinFinite.cpp: In function 'bool CoinFinite(double)':
> CoinFinite.cpp:38:19: error: 'DBL_MAX' was not declared in this scope
> 38 | return val != DBL_MAX && val != -DBL_MAX;
> | ^~~~~~~
> CoinFinite.cpp:8:1: note: 'DBL_MAX' is defined in header '<cfloat>'; did you forget to '#include <cfloat>'?
> 7 | #include "CoinUtilsConfig.h"
> +++ |+#include <cfloat>
> 8 |
because of a missing -DCOINUTILS_BUILD. Which in turn was caused by
workdir/UnpackedTarball/coinmp/CoinUtils/configure (see
workdir/UnpackedTarball/coinmp/CoinUtils/config.log), which first tries to
determine an ac_declaration that would apparently be a suitable declaration of
`exit` without actually including <stdlib.h> in a C++ file. It settles on
> configure:3551: ~/gcc/trunk/inst/bin/g++ -c -g -O2 conftest.cc >&5
> conftest.cc:15:17: warning: 'void std::exit(int)' has not been declared within 'std'
> 15 | extern "C" void std::exit (int) throw (); using std::exit;
> | ^~~
> <built-in>: note: only here as a 'friend'
> configure:3557: $? = 0
(which generates a warning, but no error with the given g++ invocation). The
determined ac_declaration value is then included in confdefs.h, causing the
later
> configure:4014: ~/gcc/trunk/inst/bin/g++ -o conftest -O3 -pipe -DNDEBUG -pedantic-errors -Wparentheses -Wreturn-type -Wcast-qual -Wall -Wpointer-arith -Wwrite-strings -Wconversion -Wno-unknown-pragmas -Wno-long-long -DCOINUTILS_BUILD -Wl,-z,origin -Wl,-rpath,\$$ORIGIN conftest.cc >&5
> conftest.cc:15:17: error: 'void std::exit(int)' has not been declared within 'std'
> 15 | extern "C" void std::exit (int) throw (); using std::exit;
> | ^~~
> <built-in>: note: only here as a 'friend'
> configure:4020: $? = 1
> configure: failed program was:
> | /* confdefs.h. */
> |
> | #define PACKAGE_NAME "CoinUtils"
> | #define PACKAGE_TARNAME "coinutils"
> | #define PACKAGE_VERSION "2.9.11"
> | #define PACKAGE_STRING "CoinUtils 2.9.11"
> | #define PACKAGE_BUGREPORT "http://projects.coin-or.org/CoinUtils"
> | #define COINUTILS_VERSION "2.9.11"
> | #define COINUTILS_VERSION_MAJOR 2
> | #define COINUTILS_VERSION_MINOR 9
> | #define COINUTILS_VERSION_RELEASE 11
> | #define COIN_COINUTILS_VERBOSITY 0
> | #define COIN_COINUTILS_CHECKLEVEL 0
> | #ifdef __cplusplus
> | extern "C" void std::exit (int) throw (); using std::exit;
> | #endif
> | /* end confdefs.h. */
> |
> | int
> | main ()
> | {
> | int i=0; i++;
> | ;
> | return 0;
> | }
> configure:4045: WARNING: The flags CXXFLAGS="-O3 -pipe -DNDEBUG -pedantic-errors -Wparentheses -Wreturn-type -Wcast-qual -Wall -Wpointer-arith -Wwrite-strings -Wconversion -Wno-unknown-pragmas -Wno-long-long -DCOINUTILS_BUILD" do not work. I will now just try '-O', but you might want to set CXXFLAGS manually.
to fail, because its g++ invocation including -pedantic-errors turns that
> 'void std::exit(int)' has not been declared within 'std'
warning into an error.
There were similar build failures in the Cgl,
> ~/gcc/trunk/inst/bin/g++ -DHAVE_CONFIG_H -I. -I. -I~/lo/core/workdir/UnpackedTarball/coinmp/CoinUtils/src -DCOIN_HAS_CLP -O -MT ClpCholeskyDense.lo -MD -MP -MF .deps/ClpCholeskyDense.Tpo -c ClpCholeskyDense.cpp -fPIC -DPIC -o .libs/ClpCholeskyDense.o
> In file included from ClpCholeskyDense.cpp:11:
> ClpHelperFunctions.hpp:16:4: error: #error "don't have header file for math"
> 16 | # error "don't have header file for math"
> | ^~~~~
> In file included from ClpCholeskyDense.cpp:11:
> ClpHelperFunctions.hpp: In function 'double CoinSqrt(double)':
> ClpHelperFunctions.hpp:81:13: error: 'sqrt' was not declared in this scope
> 81 | return sqrt(x);
> | ^~~~
and Clp,
> ~/gcc/trunk/inst/bin/g++ -DHAVE_CONFIG_H -I. -I. -I.. -I./.. -I./../CglGomory -I~/lo/core/workdir/UnpackedTarball/coinmp/CoinUtils/src -I~/lo/core/workdir/UnpackedTarball/coinmp/Osi/src/Osi -I~/lo/core/workdir/UnpackedTarball/coinmp/CoinUtils/src -I~/lo/core/workdir/UnpackedTarball/coinmp/Clp/src/OsiClp -I~/lo/core/workdir/UnpackedTarball/coinmp/Clp/src -I~/lo/core/workdir/UnpackedTarball/coinmp/CoinUtils/src -I~/lo/core/workdir/UnpackedTarball/coinmp/Osi/src/Osi -O -MT CglLandPValidator.lo -MD -MP -MF .deps/CglLandPValidator.Tpo -c CglLandPValidator.cpp -fPIC -DPIC -o .libs/CglLandPValidator.o
> CglLandPValidator.cpp: In member function 'int LAP::Validator::cleanCut(OsiRowCut&, const double*, const OsiSolverInterface&, const CglParam&, const double*, const double*)':
> CglLandPValidator.cpp:66:22: error: 'fabs' was not declared in this scope; did you mean 'labs'?
> 66 | double val = fabs(elems[i]);
> | ^~~~
> | labs
> CglLandPValidator.cpp: In member function 'int LAP::Validator::cleanCut2(OsiRowCut&, const double*, const OsiSolverInterface&, const CglParam&, const double*, const double*)':
> CglLandPValidator.cpp:189:23: error: 'fabs' was not declared in this scope; did you mean 'labs'?
> 189 | double smallest = fabs(rhs);
> | ^~~~
> | labs
subdirectories, and which happened to get solved by the same approach of
removing problematic ac_declaration values from configure.
I am not sure what all that magic of determining that ac_declaration value is
supposed to be good for. There appears to be no trace of it in the
corresponding configure.ac sources, so it likely was automatically added by some
dated autotools (all three configure files mention "Generated by GNU
Autoconf 2.59"). At least on a cursory look, the determined ac_declaration
appears to only be used in configure itself, and not leak into the actual coinmp
build stage, so dropping the problematic ac_declaration values is hopefully
harmless. These three subdirectories were all that failed for me, but there
might still be silent issues in other subdirectories when a problematic
ac_declaration value would negatively affect other configure checks. (An
alternative approach could be to regenerate all the configure files from their
configure.ac sources with a recent autotools. But at least some of the existing
external/coinmp/*.patch* already change such configure files, which would need
to be adapted.)
Change-Id: I0a33b0f654800e8288d3ca28e26a64efc23a3f6b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103756
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 762aacc4e055fffbc605be81f66f2274dccb4be8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114999
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 802b76340082e817efe67a5be4a021cb998a28a2)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115502
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 14b706520cc45a5b4b20da58deda5802384270f0)
|
|
...and GCC 11 trunk g++ now defaults to C++17, so compilation started to fail
with that compiler
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99082
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit ad607d898f9826c6fa144783c93541a10ad4740c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114998
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 656085bf2757437a088058871573385ff45f8ef5)
Change-Id: I792e4c7ff59ad88e5571163d5b2362fdb349667d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115501
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 841534cb8404a379207165aa5dc4496d6cb98319)
|
|
In at least soltools, jurt and gperf generated files, build with GCC and
sccache 0.2.16-alpha.0 reports spurious -Werror=implicit-fallthrough=
due to comments and these go away by configuring sccache with
rewrite_includes_only = true.
But his results in
cc1: error: ‘-fdirectives-only’ is incompatible with ‘-Wunused-macros’
so disable that like for clang-with-icecream builds.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111716
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 6fb9f368c6824a8ff7bc5bc5cf66fc2df7d055b7)
Change-Id: I6dec38e86aa6e22591d7a700a8daddf3fed88b16
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113048
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 6cb7dc556281162d2fcb55eee646d59e3acdeb30)
|
|
This reverts commit 5c494aa3c72b1f833999bdc55a7cdf9403678f87.
Not helpful in itself, revert until all xmlsecurity is backported
|
|
Change-Id: I12721fe0b61e8e0210d50cd6d9e384192a227c01
|
|
LIBREOFFICE-OWMTGGWJ
Change-Id: I8f744e1ab2684a0f0995abcc3e753a684a3b970a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130982
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 19add15932e579c931480eed42eeea52d0551897)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131369
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8727f47611af8dfb5ac186cc47e7b38741ccfb76)
|
|
LIBREOFFICE-N4LA0OHZ
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130766
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ee2a192923bf709d05c174848e7054cd411b205a)
(cherry picked from commit 3d3c6462eeef581af2b936071c3ef432858b04a5)
(cherry picked from commit 503d84cabb68233a12a3a9602253f4345be86ad7)
Change-Id: I0d24277665a317f047b286fe0f0878b3814ded65
|
|
LIBREOFFICE-KYYAZMB9
Change-Id: Ic0d95bd39a01dc1e5e0fec83dcc2c40b3f23b747
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130462
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 21ea1eacd214dbaac8d0ce7f437580d535871415)
(cherry picked from commit 1f3e7bc9e47b83f009b8085effa61467101aa102)
|
|
LIBREOFFICE-N4LA0OHZ
Change-Id: I7f863151f753ad5605c4f1f280cfd79aa4c6bce4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130772
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 02837024ea8d3d52c92420858327b309f2e96487)
(cherry picked from commit 9fc1be2594ceac46e9a769d7ee2a2004869603ac)
|
|
LIBREOFFICE-311XVJ95
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130670
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit b44bd9ef8e2efdb66558917200e1f179b9db1c58)
Change-Id: I159f516daafad3e4088677fe2c8c6f5423b3e264
(cherry picked from commit f9350f9a8404fd9eb5b6963022f0069e89ddd061)
|
|
LIBREOFFICE-WB8DT2Q9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130668
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit 4b6956ca146f25b746f63c176b377d3c15d204ff)
Change-Id: I98529325bbd3ff475ba84b4991eb17240440df4b
(cherry picked from commit 918c4a49fa841f0d234b18234d946684fe6378af)
|