| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I943f755d95b90ef8aeb7d5b339f617ff50db4e29
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170673
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I09dd13334e0d3da5f6004312bae69b5c77120434
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167904
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
The commit broke the display of all columns except the first one in all
backends except gtk3.
Also it's not clear why those columns are deemed superfluous;
see discussion in tdf#161871
This reverts commit 9f327102c435887bbae650b3a573f44500b6f534.
Change-Id: Idc3496122137f98c23bb7df8e36b17281fc948d3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170491
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Usuccessful signing sessions (e.g. abort when password is requested)
left their key in the context.
On the next try, the former key would also be used to sign.
Change-Id: I55b9201df229cae40863a0a19b238029607d1848
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170388
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
Tested-by: Jenkins
|
|
Change-Id: I3f46c1d7e68dbf79ddbc9dc50d2735ebe1727b14
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170445
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: I0a57204c1885ca300d22832e5469d8918aec9ba6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170384
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Change-Id: I0318485c3c0159277e47096e0c7e0df8ed109ea4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169865
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Change-Id: Ia6374adeb4ef15f6d3d0d3bca365b269562bb640
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169597
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
|
|
Change-Id: Ib672cd1968de7bb99cd5f8737a09ce02b0490bf8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167995
Tested-by: Jenkins
Tested-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Change-Id: I710ff75d387b2d452cb80911c9f0092948453ef8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167751
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Jenkins
|
|
Change-Id: Ifb936c230f68447b3bb5993705adb5e5b790371f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167668
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Jenkins
|
|
Change-Id: I19824cd8fdc3ac5b5afb4e769527bf71513212fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167553
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: I6ef2f39cca9e657a05b9b55d8ff87607261dd1ea
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167369
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Jenkins
|
|
Seeing as since:
commit e9531b792ddf0cfc2db11713b574c5fc7ae09e2c
Date: Tue Feb 6 14:39:47 2024 +0100
sal: rtlRandomPool: require OS random device, abort if not present
Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).
we don't use the initial arg to rtl_random_getBytes anymore, drop the
requirement to have one. Then simplify our usages of that, and
addtionally deprecate rtl_random_createPool and rtl_random_destroyPool.
Change-Id: I13dcc067714a8a741a4e8f2bfcf2006373f832c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167067
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
…by a simple/static $(gb_UnpackedTarball_workdir)/foo
see also 0c4c84a14b01c71c76a9c45a7f26aec4d64f3e4f
Change-Id: I8e6aa55c85534c4446556548910c950ddbe7c6fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167163
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Jenkins
|
|
Change-Id: I68acd56b28b0f989a4010cd939f2452970d158ff
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167103
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
mvUserData is still needed to keep it's content from being deleted.
Revert "Drop unused instance variable."
This reverts commit 687ae6ca01177a04f9ea715a1f1cd70f385a0840.
Change-Id: I689cfdaf8d4d62a3b53ff7fb318dc8c70b9e1c2d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167020
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Tested-by: Jenkins
|
|
Change-Id: I52867ef0a094e546a307b98089c259f9e8bbdabf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166984
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: Iee32e4348526e54e0cc45a54e55eddb6479248e0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166968
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Change-Id: I7f52b318b083535422202dacbee928333cb3ac78
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166639
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Change-Id: I13117b36bb063b0afc498ef237b9255c0a900131
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166638
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
Tested-by: Jenkins
|
|
Unify the terms used in the View Certificate dialog.
Change-Id: I820e4f246d2efc235794745bbd889540a39231eb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166175
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I95b84eff5d8bb288aa704620db328d89062efdf4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165689
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
At least the Emscripten build was hit again by what had been fixed with
bddb0d87e809c96ee810de0e553f02bbe158907d "Missing include", after
a0c53ab43840d1c84d7d246b2cbc73c3a8862155 "tdf#146619 Remove unused #includes
from C/C++ files".
Change-Id: I632ab297bc51aa07019e4bb0cb4ef8f6372a1374
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165795
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
the 'xmlsecurity' module was cleaned
Change-Id: If8fae797ed5586888022ecb09bab690d68ae7bd9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165593
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
Change-Id: I3e20fda4b841458e979258dd5dc83c7f89f48083
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165497
Tested-by: Julien Nabet <serval2412@yahoo.fr>
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
Change-Id: I198af12fd6dbe3b218239e3532862cb70b571853
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165040
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
...presumably since 50897e3fe001aeae5a6091ede155088461c798f3 "Drop transitional
header xmlsecurity/xmlsec-wrapper.h",
> xmlsecurity/source/xmlsec/xmlsec_init.cxx:29:9: error: use of undeclared identifier 'xmlSecInit'
> 29 | if( xmlSecInit() < 0 ) {
> | ^
> xmlsecurity/source/xmlsec/xmlsec_init.cxx:55:9: error: use of undeclared identifier 'xmlSecShutdown'
> 55 | xmlSecShutdown() ;
> | ^
etc.
Change-Id: I1aab4bb3601102c4ac0025833b03fa35adc9434e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165465
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
It was introduced with
commit ec52e5e5a204862905b555cdc1f7393aede1f7d8
and the reason of that was the XMLSEC_NO_SIZE_T behavior consolidation.
But this was removed later with
commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b
Change-Id: Ib5350d9ab5554d1412821b762cd3ee7906b65b64
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165440
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
'xmlsecurity' module was cleaned.
Add some headers from xmlsec-wrapper.h in preparation
for its removal
Change-Id: Id66e6d40d4d5d980626832c0e2f6255fc31b4bcf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164639
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
Encrypting with untrusted public keys increases the risk of
"man-in-the-middle" attacks so emphasize this risk.
Change-Id: I48cbb7b002c5f17bdac3372bf94c1bc18ea68566
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165396
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
gpgme contexts uses the "auto" trust model by default which only
allows encrypting with keys that have their trust level set to
"Ultimate". The gpg command, however, gives the user the option
to encrypt with a certificate that has a lower trust level so
emulate that bahavior by asking the user if they want to trust
the certificate for just this operation only.
Also, abort saving if no certificates are selected which is an
indication that the user cancelled the Select Certificate dialog.
Change-Id: I20951b1e31b2dcf8adb82243742f8c00fbaca8c2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165260
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
level
Change-Id: I191fd5d676d6d54fb0ef15652420afdceab2fc78
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164810
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
|
|
Change-Id: I9a2c3b5d93453730baccec37fa0a3ac91808bad9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164873
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
This is effectively unused since:
commit d22ab7b444a4e16dc2bd1f7d15fa36a848eaaaed
Change-Id: I6f646b7daf845035196fc9dde4ff270b8143d37a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164645
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
The cui module has its own UserData struct and when building with
--enable-mergelibs=more, this data collision will cause a crash
when deleting a UserData instance in the xmlsecurity module because
the cui module already has its own, unrelated UserData struct.
Change-Id: I6418b049c72a2e902c9b5076b72fd240f65a593d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164404
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I2810d22e8f5e1c81647b9e9b15519de65939630a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163895
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
using the bin/find-can-be-private-symbols.py script
to find classes with large numbers of exported symbols
that can hidden.
before
exported = 58104
imported = 30810
unused_exports = 35433
after
exported = 55094
imported = 31073
unused_exports = 32423
Change-Id: Idd0a70ee3740afd5ca1a86771e0e2ff8090d102d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163456
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Idb292c508029efeb23ed969c9fad566154cb424c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162354
Tested-by: Jenkins
Tested-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Reusing the same instance will, in the following case, lead to a
crash. It appears that the CertificateChooser is getting disposed
somewhere as mpDialogImpl in its base class ends up being null:
1. Create an empty Writer document and add a digital signature
in the Digital Signatures dialog
2. File > Save As the document, check the "Encrypt with GPG key"
checkbox, press Encrypt, and crash in Dialog::ImplStartExecute()
Change-Id: I9aaa1bd449622e018b502d68c53d397255a1b61a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163065
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
|
|
looks like the new row gets sorted immediately when added as an empty
row into the first row, so accessing it by index later to set it text/id
get an unexpected result.
pause sorting while inserting the entries and enable it again when
finished for the easiest fix.
Change-Id: Ib028b193afbf2b9026841b19419e012b70448e39
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162993
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Add the following applications to the macOS GUI servers list:
- Trusted Key Manager - CertEurope
- SCInterface Manager and SmartCard tools
Change-Id: Iec78171c6e82f0a072f5f06b79606560a8cc03cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162942
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
Most, if not all, of the Linux certificate manager applications are
not available on macOS so create a separate list for macOS.
Also, fix uncloseable windows due to uncaught exceptions thrown by
XSystemShellExecute::execute(). Failure to catch such exceptions
would cause the document window to be uncloseable and the application
to be unquittable.
Change-Id: I9bc6dc9c6c9d054252b634874045cb066023214a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162887
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
... everywhere it is used to generate material for encryption.
Change-Id: Id3390376bb2f3a5fa1bbfd735850fce886ef7db2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162873
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
The new tests fail with:
> core/xmlsecurity/qa/unit/signing/signing2.cxx:
> 252: Assertion
> Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody
> equality assertion failed
> - Expected: 1
> - Actual : 4
This is because only the first test that runs sees the testing CA
certificates that are copied in MacrosTest::setUpNssGpg(); when the
second test runs, they have somehow vanished.
This is because apparently SQLite on MacOSX, unlike on Linux, monitors
the file descriptors of its database files, and then invalidates itself
when setUpNssGpg() via osl::File::copy() renames and unlinks the
existing database files:
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11)
Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions
setUpX509() which only does something on the 1st invocation, and
setUpGpg()/tearDownGpg() which may be invoked per-test (they could also
be run once for the whole test suite, but not obvious how to do that);
PDF related tests don't need GPG.
Presumably this is (along with the WNT-specific problem fixed in commit
3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the
tests not only accept the expected result of SignatureState::OK but also
SignatureState::NOTVALIDATED.
Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...which had always cut off an existing path ever since
92b6ffcd9f687cc54a0fc3801ca85c7e4d77512f "Allow selecting a custom certificate
manager", for reasons that are unclear to me.
So if an existing setting contains at least one slash (or backslash, on
Windows), try to use it as-is; otherwise, keep searching for it in aPath. (And,
in any case, make sure to report back the given value in sExecutable.)
Change-Id: I8b2b6ac7a449d7afd02e029ff46d4c79e6b824e1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162703
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
Obsoleted by commit 2484de6728bd11bb7949003d112f1ece2223c7a1 (Remove
non-const Sequence::begin()/end() in internal code, 2021-10-15) and
commit fb3c04bd1930eedacd406874e1a285d62bbf27d9 (Drop non-const
Sequence::operator[] in internal code, 2021-11-05).
Change-Id: Idbafef5d34c0d4771cbbf75b9db9712e504164cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162640
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: I825ae7a5e4b80d390804a7bb2cfdfc3b1843bd07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162066
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Commit 4d6e9d5e155da1dde05233eb87691e2a454162f6 added 2 tests that
always fail on WNT, unfortunately Jenkins doesn't actually run the
tests.
There are 3 certificates involved:
"Xmlsecurity RSA Test Root CA"
"Xmlsecurity Intermediate Root CA"
"Xmlsecurity RSA Test example Alice"
In the signature XML, there are 3 elements that contain or reference
certificates:
1. X509Data - xmlsecurity produces only the signing certificate here
2. xd:SigningCertificate (XAdES) - again only the signing certificate
3. xd:EncapsulatedX509Certificate (XAdES) - xmlsecurity produces the
full certificate chain here
All of these elements *could* contain the full certificate chain, but in
LO-produced XML signatures only 3. does.
The problem is that the function CheckUnitTestStore() that looks up
a certificate in a unit-test-specific CA store via
$LIBO_TEST_CRYPTOAPI_PKCS7 can only handle a root certificate, it does
not recursively retrieve and check a certificate chain.
The SecurityEnvironment_MSCryptImpl::verifyCertificate() already has a
parameter "seqCerts" to pass in the full certificate chain, but due to
the way the data from the XML is processed, it gets passed only the
content of the X509Data element(s), which, for LO-produced signatures,
do not contain the full certificate chain.
Instead of improving the unit-test-specific function, let's try to get
all the certificates out of the XML signature, and then pass them to
verifyCertificate().
Of course this requires some consistency checks so that the verification
can't be fooled by different certificates in different XML elements.
Change-Id: I8ca541887ceac2dfb6af5d96a5565cfa58d7f682
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162170
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I24c429c7cb8283a384b72499d1c3f4c2f1457c33
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162155
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
