Rebased ref, commits from common ancestor:
commit f9f820e2400a8aa4d27169bd9a7b5b95ca3a9791
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Mon Oct 19 10:20:20 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 10:20:20 2020 +0200
Release 6.3.6.7
Change-Id: Iea58b785d62006d0f1ee2e21c110acc402d499f7
diff --git a/configure.ac b/configure.ac
index f84c7b3fcbd2..8b9786155e77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for
the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no
idea.
-AC_INIT([LibreOffice],[6.3.6.6],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.3.6.7],[],[],[http://documentfoundation.org/])
dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just
fine if it is installed
dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails
hard
commit 91cb51348d186ed3e5b5443a6bf49fd3e1af54bc
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Fri Aug 7 18:57:00 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 10:03:11 2020 +0200
nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
diff --git a/download.lst b/download.lst
index 378213dc851b..00f73f95375b 100644
--- a/download.lst
+++ b/download.lst
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM :=
861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
-export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
+export NSS_SHA256SUM :=
ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
+export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/UnpackedTarball_nss.mk
b/external/nss/UnpackedTarball_nss.mk
index 8801c7cdad63..1cad5852fa89 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/nss.vs2015.pdb.patch \
external/nss/nss.bzmozilla1238154.patch \
external/nss/macos-dlopen.patch.0 \
- external/nss/nss.nspr-parallel-win-debug_build.patch \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
$(if $(filter ANDROID,$(OS)), \
diff --git a/external/nss/macos-dlopen.patch.0
b/external/nss/macos-dlopen.patch.0
index 8c484e4c6841..1889b8df7cd3 100644
--- a/external/nss/macos-dlopen.patch.0
+++ b/external/nss/macos-dlopen.patch.0
@@ -1,14 +1,14 @@
--- nspr/pr/src/linking/prlink.c
+++ nspr/pr/src/linking/prlink.c
-@@ -793,7 +793,7 @@
- /* ensure the file exists if it contains a slash character i.e. path
*/
- /* DARWIN's dlopen ignores the provided path and checks for the */
- /* plain filename in DYLD_LIBRARY_PATH */
-- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL ||
-+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name,
"@loader_path/", 13) == 0 ||
- PR_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- h = dlopen(name, dl_flags);
- }
+@@ -799,7 +799,7 @@
+ * The reason is that DARWIN's dlopen ignores the provided path
+ * and checks for the plain filename in DYLD_LIBRARY_PATH,
+ * which could load an unexpected version of a library. */
+- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) {
++ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name,
"@loader_path/", 13) == 0) {
+ /* no slash, allow to load from any location */
+ okToLoad = PR_TRUE;
+ } else {
--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
+++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
@@ -224,7 +224,11 @@
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch
b/external/nss/nss.nspr-parallel-win-debug_build.patch
deleted file mode 100644
index 86b55e1ccf7f..000000000000
--- a/external/nss/nss.nspr-parallel-win-debug_build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Änderung: 4866:23940b78e965
-Nutzer: Jan-Marek Glogowski <glo...@fbihome.de>
-Datum: Fri May 01 22:50:55 2020 +0000
-Dateien: pr/tests/Makefile.in
-Beschreibung:
-Bug 290526 Write separate PDBs for test OBJs r=glandium
-
-Quite often when running a parallel NSS build, I get the following
-compiler error message, resulting in a build failure, despite
-compiling with the -FS flag:
-
-.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
-Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
-ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
-dieselbe .PDB-Datei schreiben.
-
-The failing source file is always one of the last test object
-files. But the actual problem is not the compiler accessing the
-PDB file, but the linker already linking the first test
-executables accessing the shared PDB; at least that's my guess.
-
-So instead of using a shared PDB for all test object files, this
-uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
-test's object file. The linker works fine with the shared OBJ PDB.
-
-Differential Revision: https://phabricator.services.mozilla.com/D68693
-
-
-diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
---- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
-+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
-@@ -211,6 +211,7 @@
- else
- EXTRA_LIBS += ws2_32.lib
- LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
-+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
- ifdef PROFILE
- LDOPTS += -PROFILE -MAP
- endif # profile
-
commit e6b97b418f87848a6b74357fee09a92efbede78b
Author: Jan-Marek Glogowski <glo...@fbihome.de>
AuthorDate: Wed Jun 26 18:09:19 2019 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 10:03:01 2020 +0200
NSS: enable parallel build
Since NSS 3.53, the Makefile based build should be fixed (upstream
bug 290526). The only missing patch is a minimal NSPR fix for the
"NSPR, configure + make, parallel, Windows, MS VS, debug" build.
That patch isn't incuded in the NSPR 4.25 release (but it's already
in the mercurial repo for NSPR 4.26).
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95218
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
(cherry picked from commit b56e8d6def26a0430853835e997f1be841840a61)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100419
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit c1bce55faebd9ad8751d7b6b9a7f77dff7b3d507)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100589
(cherry picked from commit 3e4dbb1708d4b3b7619602b63602b884a7bb2caa)
Change-Id: I8eaa3792a12bdff734e56ac3f552991478957e23
diff --git a/download.lst b/download.lst
index bbd17e14e3cf..378213dc851b 100644
--- a/download.lst
+++ b/download.lst
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM :=
07d4276168f59bb3038c7826dabb5fbfbab8336ddf65e4e6e43bce89ada78c64
-export NSS_TARBALL := nss-3.47.1-with-nspr-4.23.tar.gz
+export NSS_SHA256SUM :=
861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
+export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/ExternalProject_nss.mk
b/external/nss/ExternalProject_nss.mk
index 211fa1d64437..722da93fa51f 100644
--- a/external/nss/ExternalProject_nss.mk
+++ b/external/nss/ExternalProject_nss.mk
@@ -19,11 +19,11 @@ ifeq ($(OS),WNT)
$(call gb_ExternalProject_get_state_target,nss,build): $(call
gb_ExternalExecutable_get_dependencies,python)
$(call gb_ExternalProject_run,build,\
$(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \
- MOZ_MSVCVERSION=9 OS_TARGET=WIN95 \
+ OS_TARGET=WIN95 \
$(if $(filter X86_64,$(CPUNAME)),USE_64=1) \
LIB="$(ILIB)" \
XCFLAGS="-arch:SSE $(SOLARINC)" \
- $(MAKE) -j1 nss_build_all RC="rc.exe $(SOLARINC)" \
+ $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \
NSINSTALL='$(call
gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \
NSS_DISABLE_GTESTS=1 \
,nss)
@@ -46,7 +46,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call
gb_ExternalExecuta
$(if $(filter iOS-ARM,$(OS)-$(CPUNAME)),CPU_ARCH=arm) \
NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM)
--host=$(HOST_PLATFORM)") \
NSDISTMODE=copy \
- $(MAKE) -j1 AR="$(AR)" \
+ $(MAKE) AR="$(AR)" \
RANLIB="$(RANLIB)" \
NMEDIT="$(NM)edit" \
COMMA=$(COMMA) \
diff --git a/external/nss/UnpackedTarball_nss.mk
b/external/nss/UnpackedTarball_nss.mk
index 0e174879a702..8801c7cdad63 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -12,34 +12,34 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,nss))
$(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL)))
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/nss.patch \
- external/nss/nss.aix.patch \
- external/nss/nss-3.13.5-zlib-werror.patch \
- external/nss/nss_macosx.patch \
- external/nss/nss-win32-make.patch.1 \
- $(if $(filter WNT,$(OS)),external/nss/nss.windows.patch \
- external/nss/nss.nowerror.patch \
- external/nss/nss.vs2015.patch) \
+ external/nss/nss.patch \
+ external/nss/nss.aix.patch \
+ external/nss/nss-3.13.5-zlib-werror.patch \
+ external/nss/nss_macosx.patch \
+ external/nss/nss-win32-make.patch.1 \
external/nss/ubsan.patch.0 \
external/nss/clang-cl.patch.0 \
+ external/nss/nss.vs2015.patch \
+ external/nss/nss.vs2015.pdb.patch \
+ external/nss/nss.bzmozilla1238154.patch \
+ external/nss/macos-dlopen.patch.0 \
+ external/nss/nss.nspr-parallel-win-debug_build.patch \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
- $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
- external/nss/nss.cygwin64.in32bit.patch) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.vs2015.pdb.patch) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.utf8bom.patch.1) \
- $(if $(filter ANDROID,$(OS)), \
- external/nss/nss-android.patch.1) \
- external/nss/nss.bzmozilla1238154.patch \
- external/nss/macos-dlopen.patch.0 \
+ $(if $(filter ANDROID,$(OS)), \
+ external/nss/nss-android.patch.1) \
+ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
+ external/nss/nss.cygwin64.in32bit.patch) \
+ $(if $(filter WNT,$(OS)), \
+ external/nss/nss.windows.patch \
+ external/nss/nss.nowerror.patch \
+ external/nss/nss.utf8bom.patch.1) \
))
ifeq ($(COM_IS_CLANG),TRUE)
ifneq ($(filter -fsanitize=%,$(CC)),)
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/asan.patch.1 \
+ external/nss/asan.patch.1 \
))
endif
endif
diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py
index 31b3de3450c5..80e9c1679373 100644
--- a/external/nss/nsinstall.py
+++ b/external/nss/nsinstall.py
@@ -155,7 +155,12 @@ def nsinstall(argv):
target = args.pop()
# ensure target directory
if not os.path.isdir(target):
- os.makedirs(target)
+ try:
+ os.makedirs(target)
+ except FileExistsError:
+ if not os.path.isdir(target):
+ sys.stderr.write('nsinstall: ' + target + ' is not a directoy!\n')
+ return 1
copy_all_entries(args, target)
return 0
diff --git a/external/nss/nss-3.13.5-zlib-werror.patch
b/external/nss/nss-3.13.5-zlib-werror.patch
index 6cda50023f1b..0cdbf7808f81 100644
--- a/external/nss/nss-3.13.5-zlib-werror.patch
+++ b/external/nss/nss-3.13.5-zlib-werror.patch
@@ -1,9 +1,10 @@
--- a/a/nss/lib/zlib/gzguts.h 2010-08-22 03:07:03.000000000 +0200
+++ b/b/nss/lib/zlib/gzguts.h 2012-07-17 08:52:14.821552788 +0200
-@@ -26,6 +26,9 @@
- # include <limits.h>
+@@ -26,6 +26,10 @@
+ # define write _write
+ # define close _close
#endif
- #include <fcntl.h>
++
+#ifndef _WIN32
+#include <unistd.h>
+#endif
diff --git a/external/nss/nss-win32-make.patch.1
b/external/nss/nss-win32-make.patch.1
index bc5a759275e2..7ba3df451ee6 100644
--- a/external/nss/nss-win32-make.patch.1
+++ b/external/nss/nss-win32-make.patch.1
@@ -1,7 +1,7 @@
--- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200
+++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200
@@ -259,7 +259,7 @@
- @$(MAKE_OBJDIR)
+ $(LIBRARY): $(OBJS) | $$(@D)/d
rm -f $@
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
- $(AR) $(subst /,\\,$(OBJS))
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch
b/external/nss/nss.nspr-parallel-win-debug_build.patch
new file mode 100644
index 000000000000..86b55e1ccf7f
--- /dev/null
+++ b/external/nss/nss.nspr-parallel-win-debug_build.patch
@@ -0,0 +1,40 @@
+Änderung: 4866:23940b78e965
+Nutzer: Jan-Marek Glogowski <glo...@fbihome.de>
+Datum: Fri May 01 22:50:55 2020 +0000
+Dateien: pr/tests/Makefile.in
+Beschreibung:
+Bug 290526 Write separate PDBs for test OBJs r=glandium
+
+Quite often when running a parallel NSS build, I get the following
+compiler error message, resulting in a build failure, despite
+compiling with the -FS flag:
+
+.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
+Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
+ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
+dieselbe .PDB-Datei schreiben.
+
+The failing source file is always one of the last test object
+files. But the actual problem is not the compiler accessing the
+PDB file, but the linker already linking the first test
+executables accessing the shared PDB; at least that's my guess.
+
+So instead of using a shared PDB for all test object files, this
+uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
+test's object file. The linker works fine with the shared OBJ PDB.
+
+Differential Revision: https://phabricator.services.mozilla.com/D68693
+
+
+diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
+--- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
++++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
+@@ -211,6 +211,7 @@
+ else
+ EXTRA_LIBS += ws2_32.lib
+ LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
++ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
+ ifdef PROFILE
+ LDOPTS += -PROFILE -MAP
+ endif # profile
+
diff --git a/external/nss/nss.windows.patch b/external/nss/nss.windows.patch
index 9dbeaa946520..901846e7bc1f 100644
--- a/external/nss/nss.windows.patch
+++ b/external/nss/nss.windows.patch
@@ -18,8 +18,8 @@
-core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter
/%,$(1)),$(1),$(PWD)/$(1)))'
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(shell
cygpath -m $(1))),$(1),$(shell cygpath -m $(PWD)/$(1))))'
- $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
- @$(MAKE_OBJDIR)
+ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c | $$(@D)/d
+ ifdef USE_NT_C_SYNTAX
--- a/a/nspr/pr/include/md/_win95.h
+++ b/b/nspr/pr/include/md/_win95.h
@@ -312,7 +312,7 @@
commit a2ffe5b7257ad31d70c243fe7a1a8d35eababb35
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Sep 4 17:17:48 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 09:52:28 2020 +0200
xmlsecurity: pdf incremental updates that are non-commenting are invalid
I.e. it's OK to add incremental updates for annotation/commenting
purposes and that doesn't invalite existing signatures. Everything else
does.
(cherry picked from commit 61834cd574568613f0b0a2ee099a60fa5a8d9804)
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
vcl/source/pdf/PDFiumLibrary.cxx
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: I4607c242b3c6f6b01517b02407e9e7a095e2e069
diff --git a/include/vcl/filter/PDFiumLibrary.hxx
b/include/vcl/filter/PDFiumLibrary.hxx
index b9bceabb8acf..ffc70874c19b 100644
--- a/include/vcl/filter/PDFiumLibrary.hxx
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -17,11 +17,16 @@
#include <memory>
#include <rtl/instance.hxx>
#include <vcl/dllapi.h>
+#include <vcl/checksum.hxx>
+
+#include <fpdf_doc.h>
namespace vcl
{
namespace pdf
{
+class PDFiumDocument;
+
class VCL_DLLPUBLIC PDFium final
{
private:
@@ -33,6 +38,49 @@ public:
~PDFium();
};
+class VCL_DLLPUBLIC PDFiumPage final
+{
+private:
+ FPDF_PAGE mpPage;
+
+private:
+ PDFiumPage(const PDFiumPage&) = delete;
+ PDFiumPage& operator=(const PDFiumPage&) = delete;
+
+public:
+ PDFiumPage(FPDF_PAGE pPage)
+ : mpPage(pPage)
+ {
+ }
+
+ ~PDFiumPage()
+ {
+ if (mpPage)
+ FPDF_ClosePage(mpPage);
+ }
+
+ /// Get bitmap checksum of the page, without annotations/commenting.
+ BitmapChecksum getChecksum();
+};
+
+class VCL_DLLPUBLIC PDFiumDocument final
+{
+private:
+ FPDF_DOCUMENT mpPdfDocument;
+
+private:
+ PDFiumDocument(const PDFiumDocument&) = delete;
+ PDFiumDocument& operator=(const PDFiumDocument&) = delete;
+
+public:
+ PDFiumDocument(FPDF_DOCUMENT pPdfDocument);
+ ~PDFiumDocument();
+
+ int getPageCount();
+
+ std::unique_ptr<PDFiumPage> openPage(int nIndex);
+};
+
struct PDFiumLibrary : public rtl::StaticWithInit<std::shared_ptr<PDFium>,
PDFiumLibrary>
{
std::shared_ptr<PDFium> operator()() { return std::make_shared<PDFium>(); }
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
index 604807524bf9..70e62ece2f11 100644
--- a/vcl/source/pdf/PDFiumLibrary.cxx
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -14,6 +14,9 @@
#include <vcl/filter/PDFiumLibrary.hxx>
#include <fpdf_doc.h>
+#include <vcl/checksum.hxx>
+#include <vcl/bitmap.hxx>
+#include <bitmapwriteaccess.hxx>
namespace vcl::pdf
{
@@ -29,6 +32,57 @@ PDFium::PDFium()
PDFium::~PDFium() { FPDF_DestroyLibrary(); }
+PDFiumDocument::PDFiumDocument(FPDF_DOCUMENT pPdfDocument)
+ : mpPdfDocument(pPdfDocument)
+{
+}
+
+PDFiumDocument::~PDFiumDocument()
+{
+ if (mpPdfDocument)
+ FPDF_CloseDocument(mpPdfDocument);
+}
+
+std::unique_ptr<PDFiumPage> PDFiumDocument::openPage(int nIndex)
+{
+ std::unique_ptr<PDFiumPage> pPDFiumPage;
+ FPDF_PAGE pPage = FPDF_LoadPage(mpPdfDocument, nIndex);
+ if (pPage)
+ {
+ pPDFiumPage = std::make_unique<PDFiumPage>(pPage);
+ }
+ return pPDFiumPage;
+}
+
+int PDFiumDocument::getPageCount() { return FPDF_GetPageCount(mpPdfDocument); }
+
+BitmapChecksum PDFiumPage::getChecksum()
+{
+ size_t nPageWidth = FPDF_GetPageWidth(mpPage);
+ size_t nPageHeight = FPDF_GetPageHeight(mpPage);
+ FPDF_BITMAP pPdfBitmap = FPDFBitmap_Create(nPageWidth, nPageHeight,
/*alpha=*/1);
+ if (!pPdfBitmap)
+ {
+ return 0;
+ }
+
+ // Intentionally not using FPDF_ANNOT here, annotations/commenting is OK
to not affect the
+ // checksum, signature verification wants this.
+ FPDF_RenderPageBitmap(pPdfBitmap, mpPage, /*start_x=*/0, /*start_y=*/0,
nPageWidth, nPageHeight,
+ /*rotate=*/0, /*flags=*/0);
+ Bitmap aBitmap(Size(nPageWidth, nPageHeight), 24);
+ {
+ BitmapScopedWriteAccess pWriteAccess(aBitmap);
+ const auto pPdfBuffer =
static_cast<ConstScanline>(FPDFBitmap_GetBuffer(pPdfBitmap));
+ const int nStride = FPDFBitmap_GetStride(pPdfBitmap);
+ for (size_t nRow = 0; nRow < nPageHeight; ++nRow)
+ {
+ ConstScanline pPdfLine = pPdfBuffer + (nStride * nRow);
+ pWriteAccess->CopyScanline(nRow, pPdfLine,
ScanlineFormat::N32BitTcBgra, nStride);
+ }
+ }
+ return aBitmap.GetChecksum();
+}
} // end vcl::pdf
#endif // HAVE_FEATURE_PDFIUM
diff --git a/xmlsecurity/Library_xmlsecurity.mk
b/xmlsecurity/Library_xmlsecurity.mk
index 5a80e6e17591..600d8127c682 100644
--- a/xmlsecurity/Library_xmlsecurity.mk
+++ b/xmlsecurity/Library_xmlsecurity.mk
@@ -20,7 +20,10 @@ $(eval $(call gb_Library_add_defs,xmlsecurity,\
-DXMLSECURITY_DLLIMPLEMENTATION \
))
-$(eval $(call gb_Library_use_externals,xmlsecurity,boost_headers))
+$(eval $(call gb_Library_use_externals,xmlsecurity,\
+ boost_headers \
+ $(if $(filter PDFIUM,$(BUILD_TYPE)),pdfium) \
+))
$(eval $(call
gb_Library_set_precompiled_header,xmlsecurity,$(SRCDIR)/xmlsecurity/inc/pch/precompiled_xmlsecurity))
diff --git
a/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
b/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
new file mode 100644
index 000000000000..f2b1a71096b2
Binary files /dev/null and
b/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
differ
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 4225f92eacf5..f9d3e148c05b 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -618,6 +618,22 @@ CPPUNIT_TEST_FIXTURE(SigningTest, testPDFBad)
static_cast<int>(pObjectShell->GetDocumentSignatureState()));
}
+CPPUNIT_TEST_FIXTURE(SigningTest, testPDFHideAndReplace)
+{
+ createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY)
+ + "hide-and-replace-shadow-file-signed-2.pdf");
+ SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+ CPPUNIT_ASSERT(pBaseModel);
+ SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+ CPPUNIT_ASSERT(pObjectShell);
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: 2 (BROKEN)
+ // - Actual : 6 (NOTVALIDATED_PARTIAL_OK)
+ // i.e. a non-commenting update after a signature was not marked as
invalid.
+ CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN),
+
static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+}
+
/// Test a typical PDF which is not signed.
CPPUNIT_TEST_FIXTURE(SigningTest, testPDFNo)
{
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx
b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 7cf2c137c1c4..557180071a2c 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -12,6 +12,9 @@
#include <memory>
#include <vector>
+#include <config_features.h>
+
+#include <vcl/filter/PDFiumLibrary.hxx>
#include <rtl/string.hxx>
#include <rtl/ustrbuf.hxx>
#include <sal/log.hxx>
@@ -20,6 +23,7 @@
#include <svl/sigstruct.hxx>
#include <svl/cryptosign.hxx>
#include <vcl/filter/pdfdocument.hxx>
+#include <vcl/bitmap.hxx>
using namespace com::sun::star;
@@ -133,6 +137,66 @@ bool IsCompleteSignature(SvStream& rStream,
vcl::filter::PDFDocument& rDocument,
size_t nFileEnd = rStream.Tell();
return std::find(rAllEOFs.begin(), rAllEOFs.end(), nFileEnd) !=
rAllEOFs.end();
}
+
+/// Collects the checksum of each page of one version of the PDF.
+void AnalyizeSignatureStream(SvMemoryStream& rStream,
std::vector<BitmapChecksum>& rPageChecksums)
+{
+#if HAVE_FEATURE_PDFIUM
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
+ vcl::pdf::PDFiumDocument aPdfDocument(
+ FPDF_LoadMemDocument(rStream.GetData(), rStream.GetSize(),
/*password=*/nullptr));
+
+ int nPageCount = aPdfDocument.getPageCount();
+ for (int nPage = 0; nPage < nPageCount; ++nPage)
+ {
+ std::unique_ptr<vcl::pdf::PDFiumPage>
pPdfPage(aPdfDocument.openPage(nPage));
+ if (!pPdfPage)
+ {
+ return;
+ }
+
+ BitmapChecksum nPageChecksum = pPdfPage->getChecksum();
+ rPageChecksums.push_back(nPageChecksum);
+ }
+#else
+ (void)rStream;
+#endif
+}
+
+/**
+ * Checks if incremental updates after singing performed valid modifications
only.
+ * Annotations/commenting is OK, other changes are not.
+ */
+bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement*
pSignature)
+{
+ size_t nSignatureEOF = 0;
+ if (!GetEOFOfSignature(pSignature, nSignatureEOF))
+ {
+ return false;
+ }
+
+ SvMemoryStream aSignatureStream;
+ sal_uInt64 nPos = rStream.Tell();
+ rStream.Seek(0);
+ aSignatureStream.WriteStream(rStream, nSignatureEOF);
+ rStream.Seek(nPos);
+ aSignatureStream.Seek(0);
+ std::vector<BitmapChecksum> aSignedPages;
+ AnalyizeSignatureStream(aSignatureStream, aSignedPages);
+
+ SvMemoryStream aFullStream;
+ nPos = rStream.Tell();
+ rStream.Seek(0);
+ aFullStream.WriteStream(rStream);
+ rStream.Seek(nPos);
+ aFullStream.Seek(0);
+ std::vector<BitmapChecksum> aAllPages;
+ AnalyizeSignatureStream(aFullStream, aAllPages);
+
+ // Fail if any page looks different after signing and at the end.
Annotations/commenting doesn't
+ // count, though.
+ return aSignedPages == aAllPages;
+}
}
namespace xmlsecurity
@@ -247,6 +311,11 @@ bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignat
return false;
}
rInformation.bPartialDocumentSignature = !IsCompleteSignature(rStream,
rDocument, pSignature);
+ if (!IsValidSignature(rStream, pSignature))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: invalid incremental
update detected");
+ return false;
+ }
// At this point there is no obviously missing info to validate the
// signature.
diff --git a/xmlsecurity/workben/pdfverify.cxx
b/xmlsecurity/workben/pdfverify.cxx
index 2754ea2f58c1..bc2978bb7c84 100644
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -22,6 +22,7 @@
#include <vcl/svapp.hxx>
#include <vcl/graphicfilter.hxx>
#include <vcl/filter/pdfdocument.hxx>
+#include <comphelper/scopeguard.hxx>
#include <pdfio/pdfdocument.hxx>
@@ -79,11 +80,11 @@ int pdfVerify(int nArgc, char** pArgv)
uno::UNO_QUERY);
comphelper::setProcessServiceFactory(xMultiServiceFactory);
+ InitVCL();
+ comphelper::ScopeGuard g([] { DeInitVCL(); });
if (nArgc > 3 && OString(pArgv[3]) == "-p")
{
- InitVCL();
generatePreview(pArgv[1], pArgv[2]);
- DeInitVCL();
return 0;
}
commit a9717332788698207139df1fb01d675fc6179ee3
Author: Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk>
AuthorDate: Sun May 31 11:50:20 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 09:50:39 2020 +0200
pdfium: only init pdfium library once and destroy on LO exit
With more and more usage of PDFium, it is hard to keep track of
the life-time of the PDFium library, so it can happen that a
FPDF_DestroyLibrary happens when we still have another instance
where PDFium is still use. The result of this is a crash. To
prevent this, just initialize the library once and delete, when
on LO exit.
This can be improved in the future to only keep the library
active when in actual use.
[ Leaving out the vector graphic search bits, the motivation is to just
have this in libreoffice-7-0, so that recent pdf sig verify improvements
can be backported. ]
(cherry picked from commit 067a8a954c8e1d8d6465a4ab5fb61e93f16c26c2)
Conflicts:
vcl/source/graphic/VectorGraphicSearch.cxx
svx/source/svdraw/svdpdf.cxx
svx/source/svdraw/svdpdf.hxx
vcl/Library_vcl.mk
vcl/qa/cppunit/pdfexport/pdfexport.cxx
vcl/source/filter/ipdf/pdfread.cxx
Change-Id: I5c7e5de7f8b97d10efb394c67c7a61b976c8d57c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102317
Tested-by: Miklos Vajna <vmik...@collabora.com>
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit b7de766b4dc5b4810277069bcf53a9f3737e87da)
diff --git a/include/vcl/filter/PDFiumLibrary.hxx
b/include/vcl/filter/PDFiumLibrary.hxx
new file mode 100644
index 000000000000..b9bceabb8acf
--- /dev/null
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ */
+
+#pragma once
+
+#include <config_features.h>
+
+#if HAVE_FEATURE_PDFIUM
+
+#include <memory>
+#include <rtl/instance.hxx>
+#include <vcl/dllapi.h>
+
+namespace vcl
+{
+namespace pdf
+{
+class VCL_DLLPUBLIC PDFium final
+{
+private:
+ PDFium(const PDFium&) = delete;
+ PDFium& operator=(const PDFium&) = delete;
+
+public:
+ PDFium();
+ ~PDFium();
+};
+
+struct PDFiumLibrary : public rtl::StaticWithInit<std::shared_ptr<PDFium>,
PDFiumLibrary>
+{
+ std::shared_ptr<PDFium> operator()() { return std::make_shared<PDFium>(); }
+};
+}
+} // namespace vcl::pdf
+
+#endif // HAVE_FEATURE_PDFIUM
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/Library_vcl.mk b/vcl/Library_vcl.mk
index c8391717c492..f3ae97dc37c4 100644
--- a/vcl/Library_vcl.mk
+++ b/vcl/Library_vcl.mk
@@ -306,6 +306,7 @@ $(eval $(call gb_Library_add_exception_objects,vcl,\
vcl/source/gdi/wall \
vcl/source/gdi/scrptrun \
vcl/source/gdi/CommonSalLayout \
+ vcl/source/pdf/PDFiumLibrary \
vcl/source/graphic/GraphicLoader \
vcl/source/graphic/GraphicObject \
vcl/source/graphic/GraphicObject2 \
diff --git a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
index ff5f877b050b..b338ebe28422 100644
--- a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
+++ b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
@@ -35,6 +35,8 @@
#include <fpdfview.h>
#include <vcl/graphicfilter.hxx>
+#include <vcl/filter/PDFiumLibrary.hxx>
+
using namespace ::com::sun::star;
static std::ostream& operator<<(std::ostream& rStrm, const Color& rColor)
@@ -80,6 +82,7 @@ class PdfExportTest : public test::BootstrapFixture, public
unotest::MacrosTest
SvMemoryStream maMemory;
// Export the document as PDF, then parse it with PDFium.
DocumentHolder exportAndParse(const OUString& rURL, const
utl::MediaDescriptor& rDescriptor);
+ std::shared_ptr<vcl::pdf::PDFium> mpPDFium;
public:
PdfExportTest();
@@ -204,18 +207,11 @@ void PdfExportTest::setUp()
mxComponentContext.set(comphelper::getComponentContext(getMultiServiceFactory()));
mxDesktop.set(frame::Desktop::create(mxComponentContext));
- FPDF_LIBRARY_CONFIG config;
- config.version = 2;
- config.m_pUserFontPaths = nullptr;
- config.m_pIsolate = nullptr;
- config.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&config);
+ mpPDFium = vcl::pdf::PDFiumLibrary::get();
}
void PdfExportTest::tearDown()
{
- FPDF_DestroyLibrary();
-
if (mxComponent.is())
mxComponent->dispose();
diff --git a/vcl/source/filter/ipdf/pdfread.cxx
b/vcl/source/filter/ipdf/pdfread.cxx
index edd354f19e5b..13882f07a991 100644
--- a/vcl/source/filter/ipdf/pdfread.cxx
+++ b/vcl/source/filter/ipdf/pdfread.cxx
@@ -21,6 +21,8 @@
#include <bitmapwriteaccess.hxx>
#include <unotools/ucbstreamhelper.hxx>
+#include <vcl/filter/PDFiumLibrary.hxx>
+
using namespace com::sun::star;
namespace
@@ -51,12 +53,7 @@ size_t generatePreview(SvStream& rStream,
std::vector<Bitmap>& rBitmaps, sal_uIn
sal_uInt64 nSize, const size_t nFirstPage, int nPages,
const double fResolutionDPI = 96.)
{
- FPDF_LIBRARY_CONFIG aConfig;
- aConfig.version = 2;
- aConfig.m_pUserFontPaths = nullptr;
- aConfig.m_pIsolate = nullptr;
- aConfig.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&aConfig);
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
// Read input into a buffer.
SvMemoryStream aInBuffer;
@@ -112,7 +109,6 @@ size_t generatePreview(SvStream& rStream,
std::vector<Bitmap>& rBitmaps, sal_uIn
}
FPDF_CloseDocument(pPdfDocument);
- FPDF_DestroyLibrary();
return rBitmaps.size();
}
@@ -152,12 +148,7 @@ bool getCompatibleStream(SvStream& rInStream, SvStream&
rOutStream, sal_uInt64 n
else
{
// Downconvert to PDF-1.5.
- FPDF_LIBRARY_CONFIG aConfig;
- aConfig.version = 2;
- aConfig.m_pUserFontPaths = nullptr;
- aConfig.m_pIsolate = nullptr;
- aConfig.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&aConfig);
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
// Read input into a buffer.
SvMemoryStream aInBuffer;
@@ -178,7 +169,6 @@ bool getCompatibleStream(SvStream& rInStream, SvStream&
rOutStream, sal_uInt64 n
return false;
FPDF_CloseDocument(pPdfDocument);
- FPDF_DestroyLibrary();
aWriter.m_aStream.Seek(STREAM_SEEK_TO_BEGIN);
rOutStream.WriteStream(aWriter.m_aStream);
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
new file mode 100644
index 000000000000..604807524bf9
--- /dev/null
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ */
+
+#include <config_features.h>
+
+#if HAVE_FEATURE_PDFIUM
+
+#include <vcl/filter/PDFiumLibrary.hxx>
+#include <fpdf_doc.h>
+
+namespace vcl::pdf
+{
+PDFium::PDFium()
+{
+ FPDF_LIBRARY_CONFIG aConfig;
+ aConfig.version = 2;
+ aConfig.m_pUserFontPaths = nullptr;
+ aConfig.m_pIsolate = nullptr;
+ aConfig.m_v8EmbedderSlot = 0;
+ FPDF_InitLibraryWithConfig(&aConfig);
+}
+
+PDFium::~PDFium() { FPDF_DestroyLibrary(); }
+
+} // end vcl::pdf
+
+#endif // HAVE_FEATURE_PDFIUM
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit f6b3e481e6e6c7b5233b790e92464f5e02098a5c
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Wed Sep 2 12:37:18 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 09:49:47 2020 +0200
xmlsecurity: avoid saying OK when the signature is partial
That's reserved for valid signatures (digest match, certificate
validates and the signature covers the whole document).
Also avoid "invalid" in the dialog when the digest matches and the
signature is just incomplete.
This now uses wording which is closer to Acrobat and also uses the same
wording on the infobar and in the dialog.
Conflicts:
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
Change-Id: I26e4781d555b65cf29aa8df2232e286917235dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101926
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102188
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 46efad443472679b93b282c8e08b807d7e8f1a78)
diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 98e547d2b515..cdf3e440aea9 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -262,8 +262,8 @@
#define STR_READONLY_SIGN NC_("STR_READONLY_SIGN", "Sign
Document")
#define STR_SIGNATURE_BROKEN NC_("STR_SIGNATURE_BROKEN",
"This document has an invalid signature.")
#define STR_SIGNATURE_INVALID NC_("STR_SIGNATURE_INVALID",
"The signature was valid, but the document has been modified")
-#define STR_SIGNATURE_NOTVALIDATED
NC_("STR_SIGNATURE_NOTVALIDATED", "The signature is OK, but the certificate
could not be validated.")
-#define STR_SIGNATURE_PARTIAL_OK
NC_("STR_SIGNATURE_PARTIAL_OK", "The signature is OK, but the document is only
partially signed.")
+#define STR_SIGNATURE_NOTVALIDATED
NC_("STR_SIGNATURE_NOTVALIDATED", "At least one signature has problems: the
certificate could not be validated.")
+#define STR_SIGNATURE_PARTIAL_OK
NC_("STR_SIGNATURE_PARTIAL_OK", "At least one signature has problems: the
document is only partially signed.")
#define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK
NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be
validated and the document is only partially signed.")
#define STR_SIGNATURE_OK NC_("STR_SIGNATURE_OK", "This
document is digitally signed and the signature is valid.")
#define STR_SIGNATURE_SHOW NC_("STR_SIGNATURE_SHOW",
"Show Signatures")
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index edd013aeea70..a691bd0f1ae1 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -529,6 +529,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
size_t nInfos =
maSignatureManager.getCurrentSignatureInformations().size();
size_t nValidSigs = 0, nValidCerts = 0;
bool bAllNewSignatures = true;
+ bool bSomePartial = false;
if( nInfos )
{
@@ -605,7 +606,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
{
if (maSignatureManager.getStore().is())
{
- // XML based.
+ // ZIP based.
bSigValid =
DocumentSignatureHelper::checkIfAllFilesAreSigned(
aElementsToBeVerified, rInfo, mode);
}
@@ -617,6 +618,10 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
if( bSigValid )
nValidSigs++;
+ else
+ {
+ bSomePartial = true;
+ }
}
OUString sImage;
@@ -670,8 +675,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
bool bShowInvalidState = nInfos && !bAllSigsValid;
- m_xSigsInvalidImg->set_visible( bShowInvalidState );
- m_xSigsInvalidFI->set_visible( bShowInvalidState );
+ m_xSigsInvalidImg->set_visible( bShowInvalidState && !bSomePartial );
+ m_xSigsInvalidFI->set_visible( bShowInvalidState && !bSomePartial );
bool bShowNotValidatedState = nInfos && bAllSigsValid && !bAllCertsValid;
@@ -680,8 +685,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
//bAllNewSignatures is always true if we are not in document mode
bool bShowOldSignature = nInfos && bAllSigsValid && bAllCertsValid &&
!bAllNewSignatures;
- m_xSigsOldSignatureImg->set_visible(bShowOldSignature);
- m_xSigsOldSignatureFI->set_visible(bShowOldSignature);
+ m_xSigsOldSignatureImg->set_visible(bShowOldSignature || bSomePartial);
+ m_xSigsOldSignatureFI->set_visible(bShowOldSignature || bSomePartial);
SignatureHighlightHdl(*m_xSignaturesLB);
}
diff --git a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
index d144f2d8d790..fc86ae079347 100644
--- a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
+++ b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
@@ -404,7 +404,7 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="hexpand">True</property>
- <property name="label" translatable="yes"
context="digitalsignaturesdialog|oldsignatureft">Not all parts of the document
are signed</property>
+ <property name="label" translatable="yes"
context="digitalsignaturesdialog|oldsignatureft">At least one signature has
problems: the document is only partially signed.</property>
<property name="xalign">0</property>
</object>
<packing>
@@ -417,7 +417,7 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="hexpand">True</property>
- <property name="label" translatable="yes"
context="digitalsignaturesdialog|notvalidatedft">Certificate could not be
validated</property>
+ <property name="label" translatable="yes"
context="digitalsignaturesdialog|notvalidatedft">At least one signature has
problems: the certificate could not be validated.</property>
<property name="xalign">0</property>
</object>
<packing>
commit fb02f58d18941646870906c6194f9793be1f8ac6
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Mon Aug 31 13:34:17 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon Oct 19 09:49:43 2020 +0200
xmlsecurity: fix infobar vs signature dialog inconsistency
The infobar mentioned if a signature is partial, but the dialog just has
a bool UI for signatures. Then present "good, but partial" as "bad".
(cherry picked from commit 3ba1144cb96c710e665ffb3ada26fb6a48a03472)
Conflicts:
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
Change-Id: I698190aa77702000b11d635bd038d9c9a91614ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101844
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8696c20cbf5c816ded9fee469616cb693b4572b0)
(cherry picked from commit d39b44aa2c188a42c8adda825e334e376f0a9e10)
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index b893a593944c..edd013aeea70 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -603,8 +603,17 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
if ( bSigValid )
{
- bSigValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
- aElementsToBeVerified, rInfo, mode);
+ if (maSignatureManager.getStore().is())
+ {
+ // XML based.
+ bSigValid =
DocumentSignatureHelper::checkIfAllFilesAreSigned(
+ aElementsToBeVerified, rInfo, mode);
+ }
+ else
+ {
+ // Assume PDF.
+ bSigValid = !rInfo.bPartialDocumentSignature;
+ }
if( bSigValid )
nValidSigs++;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
