Age | Commit message (Collapse) | Author |
|
it is only used from one place, and that place already locks a mutex
around all usage
Change-Id: I85a8d89220bee7806db5457d69cfcf2f11c1734d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171947
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
... data descriptor; only allow it for encrypted ODF entries, which
requires reading the manifest first.
Change-Id: If36d31a4cb93e7af78f48be3ed899ad9d9bb28f0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171911
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Iae873ec8175922e210398ef8e0f83e148a795c2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170783
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
|
|
lets see if this works instead.
Change-Id: Ib0a5df7deed2972cfed7c3afbe5c65229c208f26
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171056
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Turns out there's a TexMaths extension that contains files with names
differing only in case.
https://ask.libreoffice.org/t/zipexception-when-installing-an-extension/108256
There isn't a separate ZipPackage mode for OXT so just don't check in
the ZIP mode.
Change-Id: I7680c93f5f24ac566a59b131b36d855bd85100b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170616
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Check it contains same as central directory header, also check data
descriptor if available. Also check there are no gaps or overlaps.
This causes 3 fuzzer generated test documents to fail to load; adapt
tests.
Change-Id: If5813652f3bd03e90fdf95eb97e1e1523455b2b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170571
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
This is required for OOXML, but not for ODF.
Unclear if there are use cases for this with ODF, can add some
conditions if it turns out to be a problem.
Change-Id: I3810da5c2273574135d133b4a9bbad98dc97af44
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170223
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I829eb449e8a0947341f066399be549f56b0f02da
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169882
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Seeing as since:
commit e9531b792ddf0cfc2db11713b574c5fc7ae09e2c
Date: Tue Feb 6 14:39:47 2024 +0100
sal: rtlRandomPool: require OS random device, abort if not present
Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).
we don't use the initial arg to rtl_random_getBytes anymore, drop the
requirement to have one. Then simplify our usages of that, and
addtionally deprecate rtl_random_createPool and rtl_random_destroyPool.
Change-Id: I13dcc067714a8a741a4e8f2bfcf2006373f832c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167067
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: I16405f13298934945cc1d5d4a50d403b37c3234e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162912
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
and
cid#1545605 COPY_INSTEAD_OF_MOVE
cid#1545587 COPY_INSTEAD_OF_MOVE
Change-Id: Iafb1d81dbacfefe70fbddd84b29e827dc137ef07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161077
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
1. ManifestImport should attach KeyInfo to the first file-entry, not to
a "/" entry which may not exist or may be preceded by another
file-entry which requires the KeyInfo to decrypt
(regression from commit 91f35f22f0447769c08ca89e27a39b40df18fffa)
2. manifest:key-size on manifest:key-derivation is unfortunately
specified to have a default value of 16, but with AES256 the actual
size is 32, and for GPG the ManifestExport forgot to export it
Change-Id: I05dd2c9e219ba7f20ba33bf0b35d47a9e3df74cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161072
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
https://www.rfc-editor.org/rfc/rfc9106.html
* add css::xml::crypto::KDFID constant group
* add "KeyDerivationFunction" to setEncryptionAlgorithms sequence
* Argon2 is used by default for wholesome ODF encryption, but
$LO_ARGON2_DISABLE can be set to use PBKDF2
* extend various structs in package
* use 3 new ODF attributes "loext:argon2-iterations" "loext:argon2-memory"
"loext:argon2-lanes" to store the arguments
* use this URL for now:
"urn:org:documentfoundation:names:experimental:office:manifest:argon2id"
* use default arguments according to second recommendation from "7.4.
Recommendations" of RFC9106; 64 MiB RAM should hopefully not be too
much even for 32 bit builds
Change-Id: I683118cc5e0706bd6544db6fb909096768ac9920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161009
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
... ODF wholesome encrypted package.
There can only be "mimetype", "encrypted-package", and files in
"META-INF".
Change-Id: I5eb46ba29a1a62e25af09e189e0a075a871c71c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160718
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
AEAD provides the verification of the password automatically, by reading
the entire stream the tag at the end will be verified.
The existing attributes manifest:checksum-type/manifest:checksum leak
information about the plain text.
This was mitigated with the addChaffWhenEncryptedStorage() functions
(see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better
solution that also works for non-XML streams is to simply omit the
attributes; authenticated encryption provides better verification
without any leak.
* "ChecksumAlgorithm" property can be set to void now to remove the
checksum
* change a bunch of members in EncryptionData, ZipPackage,
ZipPackageStream to optional
* change ZipFile::checkValidPassword() to open the stream and return it
Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
... and use it in the new experimental ODF encryption mode.
https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
Unfortunately it turned out that NSS PK11_CipherOp() does not work with
CKM_AES_GCM because it is initialized with "context->multi = PR_FALSE"
in sftk_CryptInit(), so the one-step functions PK11_Encrypt() and
PK11_Decrypt() have to be used.
NSS 3.52 also changed a parameter struct definition - see
https://fedoraproject.org/wiki/Changes/NssGCMParams - which is not a
problem for RHEL or SUSE system NSS since those are rebased, but it
is likely a problem for less well maintained Ubuntu LTS, so use
the old struct definition which evidently still works with NSS 3.94.
NSS 3.52 also added a new PK11_AEADOp() API but it looks like this
doesn't support incremental encryption either.
Change-Id: Ibd4a672db74b65b1218926ba35ff8d2f70444c7e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160505
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...in include files. This is a mix of automatic rewriting in include files and
manual fixups (mostly addressing loplugin:redundantfcast) in source files that
include those.
Change-Id: I1f3cc1e67b9cabd2e9d61a4d9e9a01e587ea35cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158337
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: Ief95f111350808f010539bb733a553007d30a9df
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152006
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I4709a2fb0bbb0fcc4c7d57dad53c899e7ba79cb4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150971
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: If93883ba9feb22e6da2d56af4ebb2f4eafe58de1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149162
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Implemented import + export for "Zip64 Extended Information Extra Field",
(in "Local file header" and "Central directory file header")
and for Data descriptor.
Focused only to be able to handle files with over 4GB uncompressed size,
in the zip archive.
The 64k filecount, and the 4GB compressed size limit is probably still present
Tried to follow pkware .ZIP File Format Specification,
Some cases were not clear to me and/or some zip compressing tool may not
perfectly follow the standard, like 'extra field' should be 28 bytes long,
but its reader now can read shorter (or longer) 'extra field'.
Replaced some 32bit codes with 64bit codes, in stream handling, in deflater.
Tested with an ods file that contained a content.xml that bigger then 4BG+
(import + export + reimport) on windows.
I think 4GB+ files import/export would be too slow fot unittest.
So, for unit test, used the small but zip64 format files,
that was attached to the bugzilla tickets
Note: It helps with Bug 128244 too (1 of the unittest tests it),
but that ods file missing manifest.xml, so LO won't be able to import it.
Change-Id: Idfeb90594388fd34ae719677f5d268ca9a484fb1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147306
Tested-by: Jenkins
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
|
|
Change-Id: I0c49ebcb0ed16ab5b90c0cfa1417f002b5dad7b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145632
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I4ecfbb0e90cca7e81556fb27fd552669bed0405c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145631
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
to use in places where we know we can use the TempFileFast mechanism.
Speeds up export to EPUB from 43s to 17s on my windows machine.
This is essentially a copy of OTempFileService, but it does not
implement XTempFile (because these temp files have no name on Windows).
Also remove a couple of calls to Flush() (which is not necessary now),
and TellEnd(), which is a little slow on Windows.
Change-Id: Iced300bf8121eae08c7a011d62ec68b93330d84c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141598
Tested-by: Noel Grandin <noel.grandin@collabora.co.uk>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ia38b2784222701d669f244523ce9a27c4068c5ab
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140639
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...so that its TOOLS_WARN_EXCEPTION can be used in
comphelper/source/misc/logging.cxx in a follow-up commit. (And while at it,
rename from diangose_ex.h to the more appropriate diagnose_ex.hxx. The
comphelper module is sufficiently low-level for this immediate use case, so use
that at least for now; o3tl might be even more suitable but doesn't have a
Library until now. Also, for the immediate use case it would have sufficed to
only break DbgGetCaughtException, exceptionToString, TOOLS_WARN_EXCEPTION,
TOOLS_WARN_EXCEPTION_IF, and TOOLS_INFO_EXCEPTION out of
include/tools/diagnose_ex.h into an additional new
include/comphelper/diagnose_ex.hxx, but its probably easier overall to just move
the complete include file as is.)
Change-Id: I9f3222d4ccf1a9ac29d7eb9ba1530d53e2affaee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138451
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: Id12d7b38d278c9fb18b30c6d921713a53168b048
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136337
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
All call sites already effectively asked for an unsigned return type, including:
* The ThreadPool ctor took an nWorkers argument of type sal_Int32, but
internally stores that as std::size_t mnMaxWorkers.
* ZipOutputStream::reduceScheduledThreadTasksToGivenNumberOrLess apparently
benefits from an unsigned nThreadTasks parameter, getting rid of various casts
in its implementation that were necessary to silence signed vs. unsigned
comparison warnings.
The only drawback is that
comphelper::ThreadPool::getPreferredConcurrency() * 4
in package/source/zippackage/ZipPackageStream.cxx would now silently wrap around
instead of causing UB on overflow (which could be detected with appropriate
tools). Ideally, it would use some o3tl::saturating_mul if we had that, so add
a TODO comment for now.
While std::thread::hardware_concurrency returns unsigned, it looked more natural
to go with std::size_t here, as some call sites already used that (see above),
so the implementation of ThreadPool::getPreferredConcurrency is a natural place
to hide clamping std::thread::hardware_concurrency() to std::size_t (in the
unlikely case that std::size_t is of smaller rank than unsigned).
This required addition of o3tl::clamp_to_unsigned in o3tl/safeint.hxx.
Change-Id: I0a04a8b32e63ebfeb39f924c4b38520455a6fb38
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135309
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I336fd329b577b6fa141265d8bc7ce67784bd7306
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133210
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
That these are only flagged when building against libc++ and not against
libstdc++ is a consequence of the plugin's dependence on implementation details
of the relevant classes, but so be it.
Change-Id: I6b96f81939edab2b8e618aa53c9fe23492edfbbd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131562
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
look for potentially trivial destructors that can then be elided
Change-Id: I435c251bd4291b5864c20d68f88676faac7c43fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131318
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
See tdf#42949 for motivation
Change-Id: I6b4b05a5e59b256653c4caf5297fffd601b45083
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128845
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
by just using the tempfile service as intended, we can stay
on the "happy path" which means that, on Windows, if there is
sufficient system RAM, the temporary file never even hits
the disk.
Change-Id: I3b27cf09bd40a4cfee01c23273af05860708a16f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128258
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I4a9f0f4ae95ec236ef32462c1aaa8d774be15378
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125938
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I91ce2f65513ea9ae74841c6b0286c01d4e6dd82f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125812
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I88831f290e1923db6fb5a733746bfa3bc7fbc7e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122148
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ib03dadcd69a65493ddd9c0437fc654beef039ad8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120341
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I0295bd8d72686996afb9d361db12b6014594b402
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120340
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I8418bd3eb6a8013f55f4283c7d96755d95a60c1a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119305
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I96ea49da6708041ac19e147f192c7e996d44b8ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119276
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I5c82c0b216dd680d5cbac154a276bbd09fa32477
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117667
Tested-by: Jenkins
Reviewed-by: Andrea Gelmini <andrea.gelmini@gelma.net>
|
|
This is a small struct, no sense in allocating it separately
Change-Id: I709daebbde648a79f175f74c207bdf4871ae6ff1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117604
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ia9d04447f927e270a55500e7f35723a729bc01dd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113801
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
By convention, it should be the first include in C/CXX files;
so use of pch should not break that.
Change-Id: Ic329c5f39e8f48ad1778724368e262e48972342b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112123
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: I044dd21b63d7eb03224675584fa143009c6b6008
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108418
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I3e22c2000da03f6f3345353846213203993aa865
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107192
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I3ff80c6c636003d468f384e0d6fbfb5233e0b4da
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105696
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
Change-Id: I6b3b6ef1530a192f4b6bf87aa9688687063683ea
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100591
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
See tdf#74608 for motivation.
Change-Id: I17627bdd2f4f595343ad9bf524dc57cd03170b2a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98921
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
ZipOutputEntryBase::processDeflated() was calling isDeflaterFinished()
to find out whether to finalize and dispose m_xCipherContext.
With ZipOutputEntryParallel this was always true, so the context
was disposed after the first call. That was originally correct, because
originally processDeflated() was called just once at the very end, but
353d4528b8ad8abca9a13f3016632e42bab7afde changed to calling it several
times.
Change-Id: I1e4a0c887e4ba7ac7b20fa315169eaa911335fde
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98625
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|