Age | Commit message (Collapse) | Author |
|
Change-Id: I2810d22e8f5e1c81647b9e9b15519de65939630a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163895
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
(for std::unique_ptr, with recent libstdc++ 12 trunk)
Change-Id: I61b7823dd740ea7cdfe0d7403a50ac73b24d1c4e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120229
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Seen in a fedora:40 container, using --with-system-libcmis,
--with-system-liblangtag and --with-system-xmlsec.
Change-Id: I9d748d3dc0b70dbfdfcb6b99c9ce8440bda6f326
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159980
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit c8f7408db73d2f2ccacb25a2b4fef8dfebdfc6cb)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161661
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 764890a53cea2ccb6d2fb6d8c7edb5e1c91ecdc0)
(cherry picked from commit 81cc1e539114cf826f82c3d3718fe0dfacf66a9a)
|
|
what I'm really after is some vexating not-reproducible oss-fuzz msan
warnings when using libxml2 in the fodt2pdf fuzzer. So lets upgrade
libxml2 to the latest, which requires bumping libxslt, and then requires
a newer liblangtag because of no longer implicit includes that it
depended on.
xmlKeepBlanksDefaultValue and xmlSubstituteEntitiesDefault are
deprecated, we should get around to updating those uses
Change-Id: I8fda0dffda0a7ea65407d246a3121875cb8ad4a4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161598
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 6875c975f80d8b813b1829a530162869a1e2d92e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163751
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 050a2db3964d5f02e2dd149cb7f76342457a6719)
|
|
Change-Id: Idd92510b66f63b68faa8a8d4fef01a18874e9905
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit e63611fabd38c757809b510fbb71c077880b1081)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124196
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 3dfe381032fc61ea31106f103dee9db8277d4d25)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124420
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that
8 tests including testODFGood in CppunitTest/xmlsecurity_signing
fail because the crypto policy disallows SHA1 for signatures.
Apparently this particular policy bit was added in NSS 3.59:
https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
For signatures, maybe it's not a good idea to override system policy
for product builds, so do it locally in the tests, at least for now.
If similar problems turn up for encrypted documents in the future,
that should be fixed in product builds too of course, as encrypted
documents must always be decryptable.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123768
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 51e82016e8783a452fe5f7921d12c1bf20bfd6b5)
xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicy
The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1
is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually
in libnssutil3.so.
This causes a linking problem when upgrading the internal NSS to a
version that has NSS_USE_ALG_IN_ANY_SIGNATURE.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 395c0c0bbaceadf909e0189af99c6358487c7978)
Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123838
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fedora nss-3.69.0-1.fc34.x86_64 and Debian libnss3:amd64 2:3.70-1 no
longer support the old BerekelyDB databases, so convert them to the new
SQLite format for the benefit of --with-system-nss builds.
This worked to do the upgrade:
> certutil -N -d sql:test/new --empty-password
> LD_LIBRARY_PATH=instdir/program workdir/UnpackedTarball/nss/dist/out/bin/certutil --merge -d sql:test/new --source-dir dbm:test/signing-keys
Builds would fail running tests added in commit
40d70d427edddb589eda64fafc2e56536953d274
signing.cxx:551:Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123586
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 907784ccce7bd8b5121888cff7f5723a55d35358)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123643
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 7b4b03b9cf21ecd11bc82da5f29c4ff91ad242c9)
Change-Id: I00aa20703e117ebf583c3331b84e966c2cfc78cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123837
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't
actually run on WNT but that wasn't obvious because commit
149df1fec6472e30582162e17e04c75aee91d26a prevented running them in
Jenkins on master, they failed only in the libreoffice-7-1 backport.
xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion
Test name: testODFDoubleX509Certificate::TestBody
assertion failed
- Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)
- 2
This is an oddity where NSS claims the signature in the document is
valid but CryptoAPI claims it is invalid; the hashes passed into the
validation functions are the same. Just allow BROKEN as an additional
result value on WNT.
xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The problem here is that with NSS the tests use a custom NSS database
in test/signing-keys so we need to make these certificates available for
CryptoAPI too.
The following one-liner converts the NSS database to a PKCS#7 that can
be loaded by CrytpAPI:
> openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b
Then one might naively assume that something like this would allow these
certificates to be added temporarily as trusted CAs:
+ HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ;
+ HCERTSTORE const hExtra = CertOpenStore(
+ CERT_STORE_PROV_FILENAME_A,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
+ path);
+ if (hExtra != NULL && hRoot != NULL)
+ {
+ BOOL ret = CertAddStoreToCollection(
+ hRoot,
+ hExtra,
+ CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
+ 0);
+ SAL_DEBUG("XXX hExtra done " << ret);
+ }
There is no error from this, but it doesn't work.
Instead, check if CertGetCertificateChain() sets the
CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate
manually in the extra PKCS#7 store.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 7d664ec788acdc378506a7ff8b1120cea24a6770)
Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123836
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442
|
|
Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b
|
|
This is similar to 12b15be8f4f930a04d8056b9219ac969b42a9784 and following
commits, but OOXMLSecParser has some differences to XSecParser, such as
using a ds:Manifest, and requires a couple extra namespaces.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113381
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit cc1d19f7bbaefa5fb22ebd1344112755068b93c9)
Change-Id: I56e39d9609db8fcad50ca1632ff482c1f0a30ff5
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)
xmlsecurity: improve handling of multiple certificates per X509Data
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
xmlsecurity: add EqualDistinguishedNames()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)
xmlsecurity: avoid exception in DigitalSignaturesDialog::getCertificate()
Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.
To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111664
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)
xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
If the argument is null.
This function also should use EqualDistinguishedNames().
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f)
|
|
I added these files more or less recently and they have long lines. Use
clang-format to break at a sane column limit.
Change-Id: Id4ef832e4843fc81f4a497385e49ccb835a7197f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94503
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 868acbd97b58b200731ca25ece4019de734e5726)
|
|
And format code inside
Change-Id: Ied0d98935134bf6f7bc8c929645ad5faac9affa3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93116
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
(cherry picked from commit cf36fe5eb41910c26d58fb25e54ccf2e0ee01365)
|
|
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111909
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242)
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)
xmlsecurity: remove XSecController::setPropertyId()
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02)
|
|
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)
xmlsecurity: move XSecParser state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)
xmlsecurity: move XSecParser Reference state into contexts
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111907
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit ad5930e87e788780a255523f106deb1dde5d7b37)
|
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94093
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 943fbfad668da76f7d0ebd4f4d8cdd67224d2f01)
plus one line in xsecverify.cxx from:
commit f59d9e7ea09482c2e9e5f52a8d0445e4cebc3df5
Author: Noel Grandin <noel.grandin@collabora.co.uk>
AuthorDate: Fri Apr 3 15:53:49 2020 +0200
new loplugin:unusedvariableplus
a particularly aggressive checker, which is why it is off by default
Change-Id: I5fdb554a1b116824843f35645bc1cea3ca91e0f2
|
|
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112412
(cherry picked from commit 52a23d595b820cab27d76d0e7c129f2757c762d6)
|
|
(cherry picked from commit f231dacde9df1c4aa5f4e0970535c4f4093364a7)
Conflicts:
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Change-Id: I950b49a6e7181639daf27348ddfa0f36586baa65
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105926
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit fcab45e0e22f4cf46e71856dba7ae5abd6f99bc5)
|
|
Change-Id: I580972220bc39abe16288fa62c717e4ab25833d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105015
Tested-by: Jenkins
Tested-by: René Engelhard <rene@debian.org>
Reviewed-by: René Engelhard <rene@debian.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit b9e5d5347e5dece693fe56b88570abc07a30a8ba)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107064
Tested-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
(cherry picked from commit 586f6abee92af3cdabdce034b607b9a046ed3946)
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
vcl/source/pdf/PDFiumLibrary.cxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Change-Id: I626fca7c03079fb0374c577dcfe024e7db6ed5b3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105785
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 00479937dc071246cc27f33fd6397668448a7ed9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107062
Tested-by: Michael Stahl <michael.stahl@cib.de>
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Change-Id: I9446ada6f4deb37760cbecbc01be16e2236dcff7
|
|
Change-Id: I35fb8d499eed66f9a5e208a4778a1f0f12637079
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93630
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
As already stated in the comments of the signing unit tests,
disabling macro security will not only ignore the signatures, but
actually drop the macro signature, as these are never evaluated
and as a result can't be restored for the new document.
Change-Id: Ie41a9e72d3367c2eed58a52387bb67d8c41abff3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90435
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 929d46bbf42aefc1f6cf046c2b9cf3d7c4e1efc5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90393
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
I.e. it's OK to add incremental updates for annotation/commenting
purposes and that doesn't invalite existing signatures. Everything else
does.
(cherry picked from commit 61834cd574568613f0b0a2ee099a60fa5a8d9804)
[ Also disable a pdfium assert on Windows, only on this branch, where it
fails during CppunitTest_xmlsecurity_pdfsigning for reasons unclear to
me. ]
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
vcl/source/pdf/PDFiumLibrary.cxx
Change-Id: I4607c242b3c6f6b01517b02407e9e7a095e2e069
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102325
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
That's reserved for valid signatures (digest match, certificate
validates and the signature covers the whole document).
Also avoid "invalid" in the dialog when the digest matches and the
signature is just incomplete.
This now uses wording which is closer to Acrobat and also uses the same
wording on the infobar and in the dialog.
Change-Id: I26e4781d555b65cf29aa8df2232e286917235dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101926
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102188
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
The infobar mentioned if a signature is partial, but the dialog just has
a bool UI for signatures. Then present "good, but partial" as "bad".
(cherry picked from commit 3ba1144cb96c710e665ffb3ada26fb6a48a03472)
Change-Id: I698190aa77702000b11d635bd038d9c9a91614ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101844
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
(cherry picked from commit 7468d5df5ec79783eae84b62bdc5ecf12f0ca255)
Conflicts:
vcl/source/filter/ipdf/pdfdocument.cxx
xmlsecurity/source/pdfio/pdfdocument.cxx
Change-Id: I269ed858852ee7d1275adf340c8cc1565fc30693
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99382
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
This was supposed to be implemented by commit
a7bf6488ebb544e1efaed0a1e53073df9cc2064d
"ODF1.3: import new OpenPGP encryption markup"
but it turns out that the ODF 1.3 cs01 schema differs from the
implementation:
in ODF 1.3 cs01 we have
<manifest:encrypted-key>
<manifest:encryption-method .../>
<manifest:keyinfo>
<manifest:PGPData>
</manifest:PGPData>
</manifest:keyinfo>
<manifest:CipherData>
</manifest:CipherData>
</manifest:encrypted-key>
whereas the implementation expects
<manifest:keyinfo>
<manifest:encrypted-key>
<manifest:encryption-method .../>
<manifest:PGPData>
</manifest:PGPData>
<manifest:CipherData>
</manifest:CipherData>
</manifest:encrypted-key>
</manifest:keyinfo>
Ideally the inner manifest:keyinfo should be manifest:KeyInfo but
not sure if that really matters.
Change-Id: I407321c857e7b3ed9f4d04568ca2ea116764b3da
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94309
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 4f1b0f7d5235140611305b784b58f95fc5b8bd81)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94586
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
The problem was that the whole Subject info was returned from
X.509 certs if they did not start with one of "CN", "OU", "O", "E"
Instead of extending this list with random keys, pass the type of cert
and only return the whole Subject info if it's an OpenGPG one, and
process the info unconditionally if it's X.509 like before the OpenGPG
integration
Change-Id: I1aa5d7285e48b0f4a769a073cdfb7732e482792c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92675
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
(cherry picked from commit bedba76adb9b1421a7d939cfef44b8194e987888)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93129
|
|
* Don't hide the option dialogs "Macro security" push button.
I don't see any reason, why these settings should be hidden, if
macros are disabled or settings locked. At least a user can now
check, what is going on (still nothing shows disabled macros for
a document in the UI AFAIK).
* Don't scale the lock icons of the trusted list boxes.
This just uses the same alignments, which the macro security
level lock image uses, otherwise the image is scaled to fit the
whole space of its layout cell.
* Don't disable the trusted list boxes.
If the setting is locked, it's sufficient to disable all the
buttons, which allow modification (so View can stay enabled).
This way you can still scroll the list. Correct button handling
is already implemented and works for me.
* Catch exceptions of broken certificate data.
If your config contains certificates, which can't be correctly
decoded, the NSS backend will throw an exception, which kills
the dialog, but not the nested loop, resulting in a locked LO.
Also show an error dialog with the broken base64-encoded data.
Change-Id: I79002e0ce85cf9a9017caf858407f2f635a3a074
Reviewed-on: https://gerrit.libreoffice.org/85056
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit b3348ce498b3d54b3e5e6518954ad9d5e917b8f2)
Reviewed-on: https://gerrit.libreoffice.org/85282
|
|
Change-Id: Ida35d27a4aaae1c137e3ed072dff62b7c7e894ca
Reviewed-on: https://gerrit.libreoffice.org/82399
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: Ice9a57eedb166672dbdfae6da2a172ab77566a19
Reviewed-on: https://gerrit.libreoffice.org/81983
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
tweak the plugin to be more permissive, then validate by hand
afterwards
Change-Id: I40c5c911fe6ff7e45baaca372abf7dac211d9654
Reviewed-on: https://gerrit.libreoffice.org/81942
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
update the script and make private standalone functions
Change-Id: Icb26ce258107700c90f89ad4e0d3329d075a2eb1
Reviewed-on: https://gerrit.libreoffice.org/81879
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...to find StringLiteral on the RHS of +=. Which revealed that the
VisitCompoundStmt/checkForCompoundAssign logic needed to be fixed, too, so that
s += side_effect();
s += "literal";
s += side_effect();
only gets combined to
s += side_effect() + "literal";
s += side_effect();
and not all the way to
s += side_effect() + "literal" + side_effect();
Change-Id: I432e3458b933a7d0ad6141c747b675cc8b0f0ba4
Reviewed-on: https://gerrit.libreoffice.org/81804
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
E.g. #ifdef LIBO_INTERNAL_ONLY is always true for code that builds
with our PCHs.
Change-Id: I3cf311ea3621b909105754cfea2cb0116b8b67f5
Reviewed-on: https://gerrit.libreoffice.org/80961
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Replace them with default initialization or calloc
Change-Id: I747f53c2ced2d0473fd5a5ede4f8520a0633dcc1
Reviewed-on: https://gerrit.libreoffice.org/80805
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
This extends the filter comparison from commit c3a1c83ff5af
("tdf#42316 preserve macro signature of templates").
The original patch just stripped "_template" from the source
filter to find equal document types, which just enables the
"template => document" case. This patch also strips the
"_template" from the target filter, which fixes the "document
or template => template" cases.
This also extends the signing save tests:
* OTT 1.2 => OTT 1.2 - preserve
* ODT 1.2 => OTT 1.2 - preserve
* OTT 1.0 => OTT 1.0 - preserve
* ODT 1.0 => OTT 1.0 - preserve
* OTT 1.0 => OTT 1.2 - drop
Change-Id: Ie297258a4d9f9aa4beb25786c6ba240b6f16f49b
Reviewed-on: https://gerrit.libreoffice.org/80654
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
|
|
which defeat the *StringConcat optimisation.
Also make StringConcat conversions treat a nullptr as an empty string,
to match the O*String(char*) constructors.
Change-Id: If45f5b4b6a535c97bfeeacd9ec472a7603a52e5b
Reviewed-on: https://gerrit.libreoffice.org/80724
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Required a workaround for loplugin:indentation, until
<https://reviews.llvm.org/D68581> "Include leading attributes in DeclStmt's
SourceRange" lands in Clang.
Change-Id: I7192969d40fa4c50bbd603d059532b9344865248
Reviewed-on: https://gerrit.libreoffice.org/80596
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I114a6b028eb59a1ae38c31bc20439a35643fe972
Reviewed-on: https://gerrit.libreoffice.org/80159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Change-Id: I12517651fb3f777fd08e384992bb3e84b340ad85
Reviewed-on: https://gerrit.libreoffice.org/80382
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I2bbfb1445b8d2e748f642cdf4723d41b7f072e2b
Reviewed-on: https://gerrit.libreoffice.org/80305
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Id1a82cea4444255fdb693e126b7571a406094624
Reviewed-on: https://gerrit.libreoffice.org/79916
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|