Rebased ref, commits from common ancestor:
commit 1dbc9853fd68d7838eb3908e07e9b72c121ee61a
Author: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
AuthorDate: Tue Sep 29 09:22:04 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
Release 5.4.11
Change-Id: I94f4cb91b1cf92722ff43d3561ba0cf2405a6a29
diff --git a/configure.ac b/configure.ac
index 83fe089baf59..af7fc01b8195 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for
the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no
idea.
-AC_INIT([LibreOffice],[5.4.10.0],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[5.4.11.0],[],[],[http://documentfoundation.org/])
AC_PREREQ([2.59])
commit dbfba365dc9f619e82f6e77e5e85ae4bb0e138d4
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Sep 4 17:17:48 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
xmlsecurity: pdf incremental updates that are non-commenting are invalid
I.e. it's OK to add incremental updates for annotation/commenting
purposes and that doesn't invalite existing signatures. Everything else
does.
(cherry picked from commit 61834cd574568613f0b0a2ee099a60fa5a8d9804)
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
vcl/source/pdf/PDFiumLibrary.cxx
Conflicts:
xmlsecurity/qa/unit/signing/signing.cxx
Change-Id: I4607c242b3c6f6b01517b02407e9e7a095e2e069
diff --git a/include/tools/stream.hxx b/include/tools/stream.hxx
index 0bc3766807fa..608f7f0adde0 100644
--- a/include/tools/stream.hxx
+++ b/include/tools/stream.hxx
@@ -257,6 +257,7 @@ public:
SvStream& WriteOString(const OString& rStr)
{ return WriteCharPtr(rStr.getStr()); }
SvStream& WriteStream( SvStream& rStream );
+ sal_uInt64 WriteStream( SvStream& rStream, sal_uInt64 nSize );
SvStream& WriteBool( bool b )
{ return WriteUChar(static_cast<unsigned char>(b)); }
diff --git a/include/vcl/filter/PDFiumLibrary.hxx
b/include/vcl/filter/PDFiumLibrary.hxx
index b9bceabb8acf..ffc70874c19b 100644
--- a/include/vcl/filter/PDFiumLibrary.hxx
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -17,11 +17,16 @@
#include <memory>
#include <rtl/instance.hxx>
#include <vcl/dllapi.h>
+#include <vcl/checksum.hxx>
+
+#include <fpdf_doc.h>
namespace vcl
{
namespace pdf
{
+class PDFiumDocument;
+
class VCL_DLLPUBLIC PDFium final
{
private:
@@ -33,6 +38,49 @@ public:
~PDFium();
};
+class VCL_DLLPUBLIC PDFiumPage final
+{
+private:
+ FPDF_PAGE mpPage;
+
+private:
+ PDFiumPage(const PDFiumPage&) = delete;
+ PDFiumPage& operator=(const PDFiumPage&) = delete;
+
+public:
+ PDFiumPage(FPDF_PAGE pPage)
+ : mpPage(pPage)
+ {
+ }
+
+ ~PDFiumPage()
+ {
+ if (mpPage)
+ FPDF_ClosePage(mpPage);
+ }
+
+ /// Get bitmap checksum of the page, without annotations/commenting.
+ BitmapChecksum getChecksum();
+};
+
+class VCL_DLLPUBLIC PDFiumDocument final
+{
+private:
+ FPDF_DOCUMENT mpPdfDocument;
+
+private:
+ PDFiumDocument(const PDFiumDocument&) = delete;
+ PDFiumDocument& operator=(const PDFiumDocument&) = delete;
+
+public:
+ PDFiumDocument(FPDF_DOCUMENT pPdfDocument);
+ ~PDFiumDocument();
+
+ int getPageCount();
+
+ std::unique_ptr<PDFiumPage> openPage(int nIndex);
+};
+
struct PDFiumLibrary : public rtl::StaticWithInit<std::shared_ptr<PDFium>,
PDFiumLibrary>
{
std::shared_ptr<PDFium> operator()() { return std::make_shared<PDFium>(); }
diff --git a/tools/source/stream/stream.cxx b/tools/source/stream/stream.cxx
index 488348719892..b83729e35fbf 100644
--- a/tools/source/stream/stream.cxx
+++ b/tools/source/stream/stream.cxx
@@ -1176,6 +1176,27 @@ SvStream& SvStream::WriteStream( SvStream& rStream )
return *this;
}
+sal_uInt64 SvStream::WriteStream( SvStream& rStream, sal_uInt64 nSize )
+{
+ const sal_uInt32 cBufLen = 0x8000;
+ std::unique_ptr<char[]> pBuf( new char[ cBufLen ] );
+ sal_uInt32 nCurBufLen = cBufLen;
+ sal_uInt32 nCount;
+ sal_uInt64 nWriteSize = nSize;
+
+ do {
+ if ( nSize >= nCurBufLen )
+ nWriteSize -= nCurBufLen;
+ else
+ nCurBufLen = nWriteSize;
+ nCount = rStream.ReadBytes( pBuf.get(), nCurBufLen );
+ WriteBytes( pBuf.get(), nCount );
+ }
+ while( nWriteSize && nCount == nCurBufLen );
+
+ return nSize - nWriteSize;
+}
+
OUString SvStream::ReadUniOrByteString( rtl_TextEncoding eSrcCharSet )
{
// read UTF-16 string directly from stream ?
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
index 5f487b15f48b..02c86622dfaf 100644
--- a/vcl/source/pdf/PDFiumLibrary.cxx
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -15,6 +15,9 @@
#include <vcl/filter/PDFiumLibrary.hxx>
#include <fpdf_doc.h>
+#include <vcl/bitmap.hxx>
+#include <vcl/bitmapaccess.hxx>
+
namespace vcl
{
namespace pdf
@@ -31,6 +34,57 @@ PDFium::PDFium()
PDFium::~PDFium() { FPDF_DestroyLibrary(); }
+PDFiumDocument::PDFiumDocument(FPDF_DOCUMENT pPdfDocument)
+ : mpPdfDocument(pPdfDocument)
+{
+}
+
+PDFiumDocument::~PDFiumDocument()
+{
+ if (mpPdfDocument)
+ FPDF_CloseDocument(mpPdfDocument);
+}
+
+std::unique_ptr<PDFiumPage> PDFiumDocument::openPage(int nIndex)
+{
+ std::unique_ptr<PDFiumPage> pPDFiumPage;
+ FPDF_PAGE pPage = FPDF_LoadPage(mpPdfDocument, nIndex);
+ if (pPage)
+ {
+ pPDFiumPage = std::make_unique<PDFiumPage>(pPage);
+ }
+ return pPDFiumPage;
+}
+
+int PDFiumDocument::getPageCount() { return FPDF_GetPageCount(mpPdfDocument); }
+
+BitmapChecksum PDFiumPage::getChecksum()
+{
+ size_t nPageWidth = FPDF_GetPageWidth(mpPage);
+ size_t nPageHeight = FPDF_GetPageHeight(mpPage);
+ FPDF_BITMAP pPdfBitmap = FPDFBitmap_Create(nPageWidth, nPageHeight,
/*alpha=*/1);
+ if (!pPdfBitmap)
+ {
+ return 0;
+ }
+
+ // Intentionally not using FPDF_ANNOT here, annotations/commenting is OK
to not affect the
+ // checksum, signature verification wants this.
+ FPDF_RenderPageBitmap(pPdfBitmap, mpPage, /*start_x=*/0, /*start_y=*/0,
nPageWidth, nPageHeight,
+ /*rotate=*/0, /*flags=*/0);
+ Bitmap aBitmap(Size(nPageWidth, nPageHeight), 24);
+ {
+ Bitmap::ScopedWriteAccess pWriteAccess(aBitmap);
+ const auto pPdfBuffer = static_cast<const
sal_uInt8*>(FPDFBitmap_GetBuffer(pPdfBitmap));
+ const int nStride = FPDFBitmap_GetStride(pPdfBitmap);
+ for (size_t nRow = 0; nRow < nPageHeight; ++nRow)
+ {
+ const sal_uInt8* pPdfLine = pPdfBuffer + (nStride * nRow);
+ pWriteAccess->CopyScanline(nRow, pPdfLine,
ScanlineFormat::N32BitTcBgra, nStride);
+ }
+ }
+ return aBitmap.GetChecksum();
+}
}
} // end vcl::pdf
diff --git a/xmlsecurity/Library_xmlsecurity.mk
b/xmlsecurity/Library_xmlsecurity.mk
index 77d3bd81dc3b..85950d1dcd4b 100644
--- a/xmlsecurity/Library_xmlsecurity.mk
+++ b/xmlsecurity/Library_xmlsecurity.mk
@@ -20,7 +20,10 @@ $(eval $(call gb_Library_add_defs,xmlsecurity,\
-DXMLSECURITY_DLLIMPLEMENTATION \
))
-$(eval $(call gb_Library_use_externals,xmlsecurity,boost_headers))
+$(eval $(call gb_Library_use_externals,xmlsecurity,\
+ boost_headers \
+ $(if $(filter PDFIUM,$(BUILD_TYPE)),pdfium) \
+))
$(eval $(call
gb_Library_set_precompiled_header,xmlsecurity,$(SRCDIR)/xmlsecurity/inc/pch/precompiled_xmlsecurity))
diff --git
a/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
b/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
new file mode 100644
index 000000000000..f2b1a71096b2
Binary files /dev/null and
b/xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdf
differ
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 2b6e60e7c0bd..29e35738c62b 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -88,6 +88,8 @@ public:
void testPDFGood();
/// Test a typical PDF where the signature is bad.
void testPDFBad();
+ /// Test a maliciously manipulated signed pdf
+ void testPDFHideAndReplace();
/// Test a typical PDF which is not signed.
void testPDFNo();
#endif
@@ -113,6 +115,7 @@ public:
#if HAVE_FEATURE_PDFIMPORT
CPPUNIT_TEST(testPDFGood);
CPPUNIT_TEST(testPDFBad);
+ CPPUNIT_TEST(testPDFHideAndReplace);
CPPUNIT_TEST(testPDFNo);
#endif
CPPUNIT_TEST(test96097Calc);
@@ -458,6 +461,22 @@ void SigningTest::testPDFBad()
CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN),
static_cast<int>(pObjectShell->GetDocumentSignatureState()));
}
+void SigningTest::testPDFHideAndReplace()
+{
+ createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY)
+ + "hide-and-replace-shadow-file-signed-2.pdf");
+ SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(mxComponent.get());
+ CPPUNIT_ASSERT(pBaseModel);
+ SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell();
+ CPPUNIT_ASSERT(pObjectShell);
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: 2 (BROKEN)
+ // - Actual : 6 (NOTVALIDATED_PARTIAL_OK)
+ // i.e. a non-commenting update after a signature was not marked as
invalid.
+ CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN),
+
static_cast<int>(pObjectShell->GetDocumentSignatureState()));
+}
+
void SigningTest::testPDFNo()
{
createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "no.pdf");
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx
b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 5cec868a012b..edcb72d9a9ad 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -21,11 +21,15 @@
#include <filter/msfilter/mscodec.hxx>
#include <rtl/character.hxx>
#include <rtl/strbuf.hxx>
+#include <config_features.h>
+
+#include <vcl/filter/PDFiumLibrary.hxx>
#include <rtl/string.hxx>
#include <sal/log.hxx>
#include <sal/types.h>
#include <sax/tools/converter.hxx>
#include <tools/zcodec.hxx>
+#include <tools/stream.hxx>
#include <unotools/calendarwrapper.hxx>
#include <unotools/datetime.hxx>
#include <vcl/pdfwriter.hxx>
@@ -49,6 +53,8 @@
#include <comphelper/windowserrorstring.hxx>
#endif
+#include <vcl/bitmap.hxx>
+
using namespace com::sun::star;
namespace
@@ -392,6 +398,66 @@ bool VerifyNonDetachedSignature(SvStream& rStream,
std::vector<std::pair<size_t,
return false;
}
#endif
+
+/// Collects the checksum of each page of one version of the PDF.
+void AnalyizeSignatureStream(SvMemoryStream& rStream,
std::vector<BitmapChecksum>& rPageChecksums)
+{
+#if HAVE_FEATURE_PDFIUM
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
+ vcl::pdf::PDFiumDocument aPdfDocument(
+ FPDF_LoadMemDocument(rStream.GetData(), rStream.GetSize(),
/*password=*/nullptr));
+
+ int nPageCount = aPdfDocument.getPageCount();
+ for (int nPage = 0; nPage < nPageCount; ++nPage)
+ {
+ std::unique_ptr<vcl::pdf::PDFiumPage>
pPdfPage(aPdfDocument.openPage(nPage));
+ if (!pPdfPage)
+ {
+ return;
+ }
+
+ BitmapChecksum nPageChecksum = pPdfPage->getChecksum();
+ rPageChecksums.push_back(nPageChecksum);
+ }
+#else
+ (void)rStream;
+#endif
+}
+
+/**
+ * Checks if incremental updates after singing performed valid modifications
only.
+ * Annotations/commenting is OK, other changes are not.
+ */
+bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement*
pSignature)
+{
+ size_t nSignatureEOF = 0;
+ if (!GetEOFOfSignature(pSignature, nSignatureEOF))
+ {
+ return false;
+ }
+
+ SvMemoryStream aSignatureStream;
+ sal_uInt64 nPos = rStream.Tell();
+ rStream.Seek(0);
+ aSignatureStream.WriteStream(rStream, nSignatureEOF);
+ rStream.Seek(nPos);
+ aSignatureStream.Seek(0);
+ std::vector<BitmapChecksum> aSignedPages;
+ AnalyizeSignatureStream(aSignatureStream, aSignedPages);
+
+ SvMemoryStream aFullStream;
+ nPos = rStream.Tell();
+ rStream.Seek(0);
+ aFullStream.WriteStream(rStream);
+ rStream.Seek(nPos);
+ aFullStream.Seek(0);
+ std::vector<BitmapChecksum> aAllPages;
+ AnalyizeSignatureStream(aFullStream, aAllPages);
+
+ // Fail if any page looks different after signing and at the end.
Annotations/commenting doesn't
+ // count, though.
+ return aSignedPages == aAllPages;
+}
}
bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement*
pSignature,
@@ -499,6 +565,12 @@ bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignat
}
rInformation.bPartialDocumentSignature = !IsCompleteSignature(rStream,
rDocument, pSignature);
+ if (!IsValidSignature(rStream, pSignature))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: invalid incremental
update detected");
+ return false;
+ }
+
// At this point there is no obviously missing info to validate the
// signature.
std::vector<unsigned char> aSignature =
vcl::filter::PDFDocument::DecodeHexString(pContents);
diff --git a/xmlsecurity/workben/pdfverify.cxx
b/xmlsecurity/workben/pdfverify.cxx
index ea48350246a6..d0b5405b015b 100644
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -20,6 +20,7 @@
#include <vcl/pngwrite.hxx>
#include <vcl/svapp.hxx>
#include <vcl/graphicfilter.hxx>
+#include <comphelper/scopeguard.hxx>
#include <xmlsecurity/pdfio/pdfdocument.hxx>
@@ -72,11 +73,11 @@ int pdfVerify(int nArgc, char** pArgv)
uno::Reference<lang::XMultiServiceFactory>
xMultiServiceFactory(xMultiComponentFactory, uno::UNO_QUERY);
comphelper::setProcessServiceFactory(xMultiServiceFactory);
+ InitVCL();
+ comphelper::ScopeGuard g([] { DeInitVCL(); });
if (nArgc > 3 && OString(pArgv[3]) == "-p")
{
- InitVCL();
generatePreview(pArgv[1], pArgv[2]);
- DeInitVCL();
return 0;
}
commit 78ac90cd3e2a4fe66897e1c84cdf51365749afad
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Jul 24 11:29:27 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
xmlsecurity: detect unsigned incremental update between signatures
(cherry picked from commit 7468d5df5ec79783eae84b62bdc5ecf12f0ca255)
Conflicts:
vcl/source/filter/ipdf/pdfdocument.cxx
xmlsecurity/source/pdfio/pdfdocument.cxx
Change-Id: I269ed858852ee7d1275adf340c8cc1565fc30693
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99480
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
diff --git a/include/vcl/filter/pdfdocument.hxx
b/include/vcl/filter/pdfdocument.hxx
index 9297ef4a9e5e..6c247fefcd72 100644
--- a/include/vcl/filter/pdfdocument.hxx
+++ b/include/vcl/filter/pdfdocument.hxx
@@ -379,6 +379,8 @@ public:
std::vector<PDFObjectElement*> GetSignatureWidgets();
/// Remove the nth signature from read document in the edit buffer.
bool RemoveSignature(size_t nPosition);
+ /// Get byte offsets of the end of incremental updates.
+ const std::vector<size_t>& GetEOFs() const;
//@}
};
diff --git a/include/xmlsecurity/pdfio/pdfdocument.hxx
b/include/xmlsecurity/pdfio/pdfdocument.hxx
index 6f3b0f263add..2d652397aad2 100644
--- a/include/xmlsecurity/pdfio/pdfdocument.hxx
+++ b/include/xmlsecurity/pdfio/pdfdocument.hxx
@@ -29,7 +29,7 @@ namespace pdfio
* @param bLast If this is the last signature in the file, so it covers the
whole file physically.
* @return If we can determinate a result.
*/
-XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignature, SignatureInformation& rInformation,
bool bLast);
+XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignature, SignatureInformation& rInformation,
vcl::filter::PDFDocument& rDocument);
} // namespace pdfio
} // namespace xmlsecurity
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx
b/vcl/source/filter/ipdf/pdfdocument.cxx
index 2c4c9288a32c..b01ad824a2c5 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -160,6 +160,8 @@ bool PDFDocument::RemoveSignature(size_t nPosition)
return m_aEditBuffer.good();
}
+const std::vector<size_t>& PDFDocument::GetEOFs() const { return m_aEOFs; }
+
sal_uInt32 PDFDocument::GetNextSignature()
{
sal_uInt32 nRet = 0;
@@ -1969,7 +1971,16 @@ bool PDFCommentElement::Read(SvStream& rStream)
m_aComment = aBuf.makeStringAndClear();
if (m_aComment.startsWith("%%EOF"))
- m_rDoc.PushBackEOF(rStream.Tell());
+ {
+ sal_uInt64 nPos = rStream.Tell();
+ if (ch == '\r')
+ {
+ // If the comment ends with a \r\n, count the \n as well
to match Adobe Acrobat
+ // behavior.
+ nPos += 1;
+ }
+ m_rDoc.PushBackEOF(nPos);
+ }
SAL_INFO("vcl.filter", "PDFCommentElement::Read: m_aComment is '"
<< m_aComment << "'");
return true;
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/partial-in-between.pdf
b/xmlsecurity/qa/unit/pdfsigning/data/partial-in-between.pdf
new file mode 100644
index 000000000000..211a111cb394
Binary files /dev/null and
b/xmlsecurity/qa/unit/pdfsigning/data/partial-in-between.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 55289fc05176..f0c45d0d7b63 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -66,6 +66,7 @@ public:
void testPDFPAdESGood();
/// Test a valid signature that does not cover the whole file.
void testPartial();
+ void testPartialInBetween();
/// Test writing a PAdES signature.
void testSigningCertificateAttribute();
/// Test that we accept files which are supposed to be good.
@@ -87,6 +88,7 @@ public:
CPPUNIT_TEST(testPDF14LOWin);
CPPUNIT_TEST(testPDFPAdESGood);
CPPUNIT_TEST(testPartial);
+ CPPUNIT_TEST(testPartialInBetween);
CPPUNIT_TEST(testSigningCertificateAttribute);
CPPUNIT_TEST(testGood);
CPPUNIT_TEST(testTokenize);
@@ -132,8 +134,8 @@ std::vector<SignatureInformation>
PDFSigningTest::verify(const OUString& rURL, s
for (size_t i = 0; i < aSignatures.size(); ++i)
{
SignatureInformation aInfo(i);
- bool bLast = i == aSignatures.size() - 1;
- CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream,
aSignatures[i], aInfo, bLast));
+ CPPUNIT_ASSERT(
+ xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i],
aInfo, aVerifyDocument));
aRet.push_back(aInfo);
if (!rExpectedSubFilter.isEmpty())
@@ -235,7 +237,8 @@ void PDFSigningTest::testPDFRemove()
std::vector<vcl::filter::PDFObjectElement*> aSignatures =
aDocument.GetSignatureWidgets();
CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size());
SignatureInformation aInfo(0);
- CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream,
aSignatures[0], aInfo, /*bLast=*/true));
+ CPPUNIT_ASSERT(
+ xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0],
aInfo, aDocument));
}
// Remove the signature and write out the result as remove.pdf.
@@ -452,6 +455,18 @@ void PDFSigningTest::testUnknownSubFilter()
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size());
}
+void PDFSigningTest::testPartialInBetween()
+{
+ std::vector<SignatureInformation> aInfos
+ = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) +
"partial-in-between.pdf", 2,
+ /*rExpectedSubFilter=*/OString());
+ CPPUNIT_ASSERT(!aInfos.empty());
+ SignatureInformation& rInformation = aInfos[0];
+ // Without the accompanying fix in place, this test would have failed, as
unsigned incremental
+ // update between two signatures were not detected.
+ CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
+}
+
CPPUNIT_TEST_SUITE_REGISTRATION(PDFSigningTest);
CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 9bb6e59d0380..884974f4d17a 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -52,8 +52,7 @@ bool PDFSignatureHelper::ReadAndVerifySignature(const
uno::Reference<io::XInputS
{
SignatureInformation aInfo(i);
- bool bLast = i == aSignatures.size() - 1;
- if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i],
aInfo, bLast))
+ if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i],
aInfo, aDocument))
SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
m_aSignatureInfos.push_back(aInfo);
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx
b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 5420196df7d8..5cec868a012b 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -51,6 +51,118 @@
using namespace com::sun::star;
+namespace
+{
+/// Turns an array of floats into offset + length pairs.
+bool GetByteRangesFromPDF(vcl::filter::PDFArrayElement& rArray,
+ std::vector<std::pair<size_t, size_t>>& rByteRanges)
+{
+ size_t nByteRangeOffset = 0;
+ const std::vector<vcl::filter::PDFElement*>& rByteRangeElements =
rArray.GetElements();
+ for (size_t i = 0; i < rByteRangeElements.size(); ++i)
+ {
+ auto pNumber =
dynamic_cast<vcl::filter::PDFNumberElement*>(rByteRangeElements[i]);
+ if (!pNumber)
+ {
+ SAL_WARN("xmlsecurity.pdfio",
+ "ValidateSignature: signature offset and length has to be
a number");
+ return false;
+ }
+
+ if (i % 2 == 0)
+ {
+ nByteRangeOffset = pNumber->GetValue();
+ continue;
+ }
+ size_t nByteRangeLength = pNumber->GetValue();
+ rByteRanges.emplace_back(nByteRangeOffset, nByteRangeLength);
+ }
+
+ return true;
+}
+
+/// Determines the last position that is covered by a signature.
+bool GetEOFOfSignature(vcl::filter::PDFObjectElement* pSignature, size_t& rEOF)
+{
+ vcl::filter::PDFObjectElement* pValue = pSignature->LookupObject("V");
+ if (!pValue)
+ {
+ return false;
+ }
+
+ auto pByteRange =
dynamic_cast<vcl::filter::PDFArrayElement*>(pValue->Lookup("ByteRange"));
+ if (!pByteRange || pByteRange->GetElements().size() < 2)
+ {
+ return false;
+ }
+
+ std::vector<std::pair<size_t, size_t>> aByteRanges;
+ if (!GetByteRangesFromPDF(*pByteRange, aByteRanges))
+ {
+ return false;
+ }
+
+ rEOF = aByteRanges[1].first + aByteRanges[1].second;
+ return true;
+}
+
+/// Checks if there are unsigned incremental updates between the signatures or
after the last one.
+bool IsCompleteSignature(SvStream& rStream, vcl::filter::PDFDocument&
rDocument,
+ vcl::filter::PDFObjectElement* pSignature)
+{
+ std::set<size_t> aSignedEOFs;
+ for (const auto& i : rDocument.GetSignatureWidgets())
+ {
+ size_t nEOF = 0;
+ if (!GetEOFOfSignature(i, nEOF))
+ {
+ return false;
+ }
+
+ aSignedEOFs.insert(nEOF);
+ }
+
+ size_t nSignatureEOF = 0;
+ if (!GetEOFOfSignature(pSignature, nSignatureEOF))
+ {
+ return false;
+ }
+
+ const std::vector<size_t>& rAllEOFs = rDocument.GetEOFs();
+ bool bFoundOwn = false;
+ for (const auto& rEOF : rAllEOFs)
+ {
+ if (rEOF == nSignatureEOF)
+ {
+ bFoundOwn = true;
+ continue;
+ }
+
+ if (!bFoundOwn)
+ {
+ continue;
+ }
+
+ if (aSignedEOFs.find(rEOF) == aSignedEOFs.end())
+ {
+ // Unsigned incremental update found.
+ return false;
+ }
+ }
+
+ // Make sure we find the incremental update of the signature itself.
+ if (!bFoundOwn)
+ {
+ return false;
+ }
+
+ // No additional content after the last incremental update.
+ rStream.Seek(STREAM_SEEK_TO_END);
+ size_t nFileEnd = rStream.Tell();
+ return std::find(rAllEOFs.begin(), rAllEOFs.end(), nFileEnd) !=
rAllEOFs.end();
+}
+}
+
namespace xmlsecurity
{
namespace pdfio
@@ -282,7 +394,8 @@ bool VerifyNonDetachedSignature(SvStream& rStream,
std::vector<std::pair<size_t,
#endif
}
-bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement*
pSignature, SignatureInformation& rInformation, bool bLast)
+bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement*
pSignature,
+ SignatureInformation& rInformation,
vcl::filter::PDFDocument& rDocument)
{
vcl::filter::PDFObjectElement* pValue = pSignature->LookupObject("V");
if (!pValue)
@@ -361,24 +474,9 @@ bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignat
// Build a list of offset-length pairs, representing the signed bytes.
std::vector<std::pair<size_t, size_t>> aByteRanges;
- size_t nByteRangeOffset = 0;
- const std::vector<vcl::filter::PDFElement*>& rByteRangeElements =
pByteRange->GetElements();
- for (size_t i = 0; i < rByteRangeElements.size(); ++i)
+ if (!GetByteRangesFromPDF(*pByteRange, aByteRanges))
{
- auto pNumber =
dynamic_cast<vcl::filter::PDFNumberElement*>(rByteRangeElements[i]);
- if (!pNumber)
- {
- SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: signature offset
and length has to be a number");
- return false;
- }
-
- if (i % 2 == 0)
- {
- nByteRangeOffset = pNumber->GetValue();
- continue;
- }
- size_t nByteRangeLength = pNumber->GetValue();
- aByteRanges.push_back(std::make_pair(nByteRangeOffset,
nByteRangeLength));
+ return false;
}
// Detect if the byte ranges don't cover everything, but the signature
itself.
@@ -399,11 +497,7 @@ bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignat
SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: second range start
is not the end of the signature");
return false;
}
- rStream.Seek(STREAM_SEEK_TO_END);
- size_t nFileEnd = rStream.Tell();
- if (bLast && (aByteRanges[1].first + aByteRanges[1].second) != nFileEnd)
- // Second range end is not the end of the file.
- rInformation.bPartialDocumentSignature = true;
+ rInformation.bPartialDocumentSignature = !IsCompleteSignature(rStream,
rDocument, pSignature);
// At this point there is no obviously missing info to validate the
// signature.
diff --git a/xmlsecurity/workben/pdfverify.cxx
b/xmlsecurity/workben/pdfverify.cxx
index 7b64e42c2a49..ea48350246a6 100644
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -149,8 +149,8 @@ int pdfVerify(int nArgc, char** pArgv)
for (size_t i = 0; i < aSignatures.size(); ++i)
{
SignatureInformation aInfo(i);
- bool bLast = i == aSignatures.size() - 1;
- if (!xmlsecurity::pdfio::ValidateSignature(aStream,
aSignatures[i], aInfo, bLast))
+ if (!xmlsecurity::pdfio::ValidateSignature(aStream,
aSignatures[i], aInfo,
+ aDocument))
{
SAL_WARN("xmlsecurity.pdfio", "failed to determine digest
match");
return 1;
@@ -158,6 +158,8 @@ int pdfVerify(int nArgc, char** pArgv)
bool bSuccess = aInfo.nStatus ==
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
std::cerr << "signature #" << i << ": digest match? " <<
bSuccess << std::endl;
+ std::cerr << "signature #" << i << ": partial? " <<
aInfo.bPartialDocumentSignature
+ << std::endl;
}
}
commit 7d13f2ec91a3d5b615f384e19e5708ce056a6a36
Author: Tomaž Vajngerl <tomaz.vajng...@collabora.co.uk>
AuthorDate: Sun May 31 11:50:20 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
pdfium: only init pdfium library once and destroy on LO exit
With more and more usage of PDFium, it is hard to keep track of
the life-time of the PDFium library, so it can happen that a
FPDF_DestroyLibrary happens when we still have another instance
where PDFium is still use. The result of this is a crash. To
prevent this, just initialize the library once and delete, when
on LO exit.
This can be improved in the future to only keep the library
active when in actual use.
[ Leaving out the vector graphic search bits, the motivation is to just
have this in libreoffice-7-0, so that recent pdf sig verify improvements
can be backported. ]
(cherry picked from commit 067a8a954c8e1d8d6465a4ab5fb61e93f16c26c2)
Conflicts:
vcl/source/graphic/VectorGraphicSearch.cxx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102317
Tested-by: Miklos Vajna <vmik...@collabora.com>
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit b7de766b4dc5b4810277069bcf53a9f3737e87da)
Conflicts:
svx/source/svdraw/svdpdf.cxx
svx/source/svdraw/svdpdf.hxx
vcl/Library_vcl.mk
vcl/qa/cppunit/pdfexport/pdfexport.cxx
vcl/source/filter/ipdf/pdfread.cxx
(cherry picked from commit 12025e528ef50af9e3176a19465f860723e30871)
Change-Id: I5c7e5de7f8b97d10efb394c67c7a61b976c8d57c
diff --git a/include/vcl/filter/PDFiumLibrary.hxx
b/include/vcl/filter/PDFiumLibrary.hxx
new file mode 100644
index 000000000000..b9bceabb8acf
--- /dev/null
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ */
+
+#pragma once
+
+#include <config_features.h>
+
+#if HAVE_FEATURE_PDFIUM
+
+#include <memory>
+#include <rtl/instance.hxx>
+#include <vcl/dllapi.h>
+
+namespace vcl
+{
+namespace pdf
+{
+class VCL_DLLPUBLIC PDFium final
+{
+private:
+ PDFium(const PDFium&) = delete;
+ PDFium& operator=(const PDFium&) = delete;
+
+public:
+ PDFium();
+ ~PDFium();
+};
+
+struct PDFiumLibrary : public rtl::StaticWithInit<std::shared_ptr<PDFium>,
PDFiumLibrary>
+{
+ std::shared_ptr<PDFium> operator()() { return std::make_shared<PDFium>(); }
+};
+}
+} // namespace vcl::pdf
+
+#endif // HAVE_FEATURE_PDFIUM
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/Library_vcl.mk b/vcl/Library_vcl.mk
index a0113a2e85d4..af4b5f897e64 100644
--- a/vcl/Library_vcl.mk
+++ b/vcl/Library_vcl.mk
@@ -304,6 +304,7 @@ $(eval $(call gb_Library_add_exception_objects,vcl,\
vcl/source/gdi/wall \
vcl/source/gdi/scrptrun \
vcl/source/gdi/CommonSalLayout \
+ vcl/source/pdf/PDFiumLibrary \
vcl/source/bitmap/bitmapfilter \
vcl/source/bitmap/bitmapscalesuper \
vcl/source/bitmap/BitmapScaleConvolution \
diff --git a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
index 1a88b97e5364..ce5b28ffe705 100644
--- a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
+++ b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
@@ -28,6 +28,8 @@
#include <fpdfview.h>
#endif
+#include <vcl/filter/PDFiumLibrary.hxx>
+
using namespace ::com::sun::star;
namespace
@@ -43,6 +45,7 @@ class PdfExportTest : public test::BootstrapFixture, public
unotest::MacrosTest
#if HAVE_FEATURE_PDFIUM
FPDF_PAGE mpPdfPage = nullptr;
FPDF_DOCUMENT mpPdfDocument = nullptr;
+ std::shared_ptr<vcl::pdf::PDFium> mpPDFium;
#endif
public:
@@ -97,12 +100,7 @@ void PdfExportTest::setUp()
mxDesktop.set(frame::Desktop::create(mxComponentContext));
#if HAVE_FEATURE_PDFIUM
- FPDF_LIBRARY_CONFIG config;
- config.version = 2;
- config.m_pUserFontPaths = nullptr;
- config.m_pIsolate = nullptr;
- config.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&config);
+ mpPDFium = vcl::pdf::PDFiumLibrary::get();
#endif
}
@@ -111,7 +109,6 @@ void PdfExportTest::tearDown()
#if HAVE_FEATURE_PDFIUM
FPDF_ClosePage(mpPdfPage);
FPDF_CloseDocument(mpPdfDocument);
- FPDF_DestroyLibrary();
#endif
if (mxComponent.is())
diff --git a/vcl/source/filter/ipdf/pdfread.cxx
b/vcl/source/filter/ipdf/pdfread.cxx
index f1a7e2b52a17..85a31fe27ebd 100644
--- a/vcl/source/filter/ipdf/pdfread.cxx
+++ b/vcl/source/filter/ipdf/pdfread.cxx
@@ -19,6 +19,8 @@
#include <vcl/bitmapaccess.hxx>
+#include <vcl/filter/PDFiumLibrary.hxx>
+
using namespace com::sun::star;
namespace
@@ -58,12 +60,7 @@ double pointToPixel(double fPoint)
/// Does PDF to bitmap conversion using pdfium.
bool generatePreview(SvStream& rStream, Graphic& rGraphic)
{
- FPDF_LIBRARY_CONFIG aConfig;
- aConfig.version = 2;
- aConfig.m_pUserFontPaths = nullptr;
- aConfig.m_pIsolate = nullptr;
- aConfig.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&aConfig);
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
// Read input into a buffer.
SvMemoryStream aInBuffer;
@@ -108,7 +105,6 @@ bool generatePreview(SvStream& rStream, Graphic& rGraphic)
FPDFBitmap_Destroy(pPdfBitmap);
FPDF_ClosePage(pPdfPage);
FPDF_CloseDocument(pPdfDocument);
- FPDF_DestroyLibrary();
return true;
}
@@ -145,13 +141,8 @@ bool getCompatibleStream(SvStream& rInStream, SvStream&
rOutStream)
rOutStream.WriteStream(rInStream);
else
{
- // Downconvert to PDF-1.4.
- FPDF_LIBRARY_CONFIG aConfig;
- aConfig.version = 2;
- aConfig.m_pUserFontPaths = nullptr;
- aConfig.m_pIsolate = nullptr;
- aConfig.m_v8EmbedderSlot = 0;
- FPDF_InitLibraryWithConfig(&aConfig);
+ // Downconvert to PDF-1.5.
+ auto pPdfium = vcl::pdf::PDFiumLibrary::get();
// Read input into a buffer.
SvMemoryStream aInBuffer;
@@ -168,7 +159,6 @@ bool getCompatibleStream(SvStream& rInStream, SvStream&
rOutStream)
return false;
FPDF_CloseDocument(pPdfDocument);
- FPDF_DestroyLibrary();
aWriter.m_aStream.Seek(STREAM_SEEK_TO_BEGIN);
rOutStream.WriteStream(aWriter.m_aStream);
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
new file mode 100644
index 000000000000..5f487b15f48b
--- /dev/null
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ */
+
+#include <config_features.h>
+
+#if HAVE_FEATURE_PDFIUM
+
+#include <vcl/filter/PDFiumLibrary.hxx>
+#include <fpdf_doc.h>
+
+namespace vcl
+{
+namespace pdf
+{
+PDFium::PDFium()
+{
+ FPDF_LIBRARY_CONFIG aConfig;
+ aConfig.version = 2;
+ aConfig.m_pUserFontPaths = nullptr;
+ aConfig.m_pIsolate = nullptr;
+ aConfig.m_v8EmbedderSlot = 0;
+ FPDF_InitLibraryWithConfig(&aConfig);
+}
+
+PDFium::~PDFium() { FPDF_DestroyLibrary(); }
+
+}
+} // end vcl::pdf
+
+#endif // HAVE_FEATURE_PDFIUM
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 02fae795d1cd008a3cb0844fef3f7297893fdeac
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Wed Sep 2 12:37:18 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
xmlsecurity: avoid saying OK when the signature is partial
That's reserved for valid signatures (digest match, certificate
validates and the signature covers the whole document).
Also avoid "invalid" in the dialog when the digest matches and the
signature is just incomplete.
This now uses wording which is closer to Acrobat and also uses the same
wording on the infobar and in the dialog.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101926
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102188
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 46efad443472679b93b282c8e08b807d7e8f1a78)
Conflicts:
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
Change-Id: I26e4781d555b65cf29aa8df2232e286917235dc1
diff --git a/sfx2/source/view/view.src b/sfx2/source/view/view.src
index 94f8a5ecbd1f..f42bedaefb68 100644
--- a/sfx2/source/view/view.src
+++ b/sfx2/source/view/view.src
@@ -144,12 +144,12 @@ String STR_SIGNATURE_INVALID
String STR_SIGNATURE_NOTVALIDATED
{
- Text[ en-US ] = "The signature is OK, but the certificate could not be
validated.";
+ Text[ en-US ] = "At least one signature has problems: the certificate
could not be validated.";
};
String STR_SIGNATURE_PARTIAL_OK
{
- Text[ en-US ] = "The signature is OK, but the document is only partially
signed.";
+ Text[ en-US ] = "At least one signature has problems: the document is only
partially signed.";
};
String STR_SIGNATURE_OK
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 3ca748019cf7..2eeaef132adb 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -518,6 +518,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
size_t nInfos = maSignatureManager.maCurrentSignatureInformations.size();
size_t nValidSigs = 0, nValidCerts = 0;
bool bAllNewSignatures = true;
+ bool bSomePartial = false;
if( nInfos )
{
@@ -595,7 +596,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
{
if (maSignatureManager.mxStore.is())
{
- // XML based.
+ // ZIP based.
bSigValid =
DocumentSignatureHelper::checkIfAllFilesAreSigned(
aElementsToBeVerified, rInfo, mode);
}
@@ -607,6 +608,10 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
if( bSigValid )
nValidSigs++;
+ else
+ {
+ bSomePartial = true;
+ }
}
Image aImage;
@@ -660,8 +665,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
bool bShowInvalidState = nInfos && !bAllSigsValid;
- m_pSigsInvalidImg->Show( bShowInvalidState );
- m_pSigsInvalidFI->Show( bShowInvalidState );
+ m_pSigsInvalidImg->Show( bShowInvalidState && !bSomePartial);
+ m_pSigsInvalidFI->Show( bShowInvalidState && !bSomePartial);
bool bShowNotValidatedState = nInfos && bAllSigsValid && !bAllCertsValid;
@@ -670,8 +675,8 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
//bAllNewSignatures is always true if we are not in document mode
bool bShowOldSignature = nInfos && bAllSigsValid && bAllCertsValid &&
!bAllNewSignatures;
- m_pSigsOldSignatureImg->Show(bShowOldSignature);
- m_pSigsOldSignatureFI->Show(bShowOldSignature);
+ m_pSigsOldSignatureImg->Show(bShowOldSignature || bSomePartial);
+ m_pSigsOldSignatureFI->Show(bShowOldSignature || bSomePartial);
SignatureHighlightHdl( nullptr );
}
diff --git a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
index 487bebdf8764..330a0f27bff0 100644
--- a/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
+++ b/xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui
@@ -297,7 +297,7 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="hexpand">True</property>
- <property name="label" translatable="yes">Not all parts of
the document are signed</property>
+ <property name="label" translatable="yes">At least one
signature has problems: the document is only partially signed.</property>
<property name="xalign">0</property>
</object>
<packing>
@@ -310,7 +310,7 @@
<property name="can_focus">False</property>
<property name="no_show_all">True</property>
<property name="hexpand">True</property>
- <property name="label" translatable="yes">Certificate
could not be validated</property>
+ <property name="label" translatable="yes">At least one
signature has problems: the certificate could not be validated.</property>
<property name="xalign">0</property>
</object>
<packing>
commit ce6ad5a046d0c626ff34875fad42c5776d849b9f
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Mon Aug 31 13:34:17 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:24 2020 +0200
xmlsecurity: fix infobar vs signature dialog inconsistency
The infobar mentioned if a signature is partial, but the dialog just has
a bool UI for signatures. Then present "good, but partial" as "bad".
(cherry picked from commit 3ba1144cb96c710e665ffb3ada26fb6a48a03472)
Change-Id: I698190aa77702000b11d635bd038d9c9a91614ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101844
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8696c20cbf5c816ded9fee469616cb693b4572b0)
Conflicts:
xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index 5a49151608d3..3ca748019cf7 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -593,8 +593,17 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox()
if ( bSigValid )
{
- bSigValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
- aElementsToBeVerified, rInfo, mode);
+ if (maSignatureManager.mxStore.is())
+ {
+ // XML based.
+ bSigValid =
DocumentSignatureHelper::checkIfAllFilesAreSigned(
+ aElementsToBeVerified, rInfo, mode);
+ }
+ else
+ {
+ // Assume PDF.
+ bSigValid = !rInfo.bPartialDocumentSignature;
+ }
if( bSigValid )
nValidSigs++;
commit e446a011084332ddfc85bf5c20fa3454fb4316ca
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Tue Apr 16 22:08:42 2019 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
tdf#124776: don't use SearchPathW to get full path of executable
... use GetModuleFileNameW() for that.
We call SetDllDirectoryW and SetSearchPathMode to improve security of
the process, and exclude some paths (including current directory) from
search when using API that looks for binaries whose names are not fully
qualified.
So the sequence is this:
1. Program is started using relative executable path like
"instdir\program\soffice";
2. sal_detail_initialize is called, which calls the two mentioned
hardening functions;
3. sal_detail_initialize calls osl_setCommandArgs, which in turn calls
osl_createCommandArgs_Impl;
4. The latter uses SearchPathW with empty path and first program arg
"instdir\program\soffice" to find fully qualified program path.
That now naturally fails, because current path is not searched.
But to find the process name, we need no search: we can simply use
GetModuleFileNameW() with NULL passed as module handle. Let's use that.
Note that we can't use _wpgmptr/_get_wpgmptr, because we don't use wide
entry point like wmain.
LHM-Stuff
---------
Dieser Patch löst das Problem wenn Symbols eingeschaltet ist, danach
konnte LO nicht mit scalc.exe, swriter.exe, .. gestartet werden den es
ist damit abgestürzt. (Dumpfile war im LO-Verzeichnis)
Reviewed-on: https://gerrit.libreoffice.org/70844
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
(cherry picked from commit c650217cc543080928a26de4bfc07ebb0be5c6ca)
Change-Id: I7a0013a0505f7bdd38164b09b045bfade9686664
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89689
Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/sal/osl/w32/process.cxx b/sal/osl/w32/process.cxx
index 6d86ae58bad8..94792e4cc09e 100644
--- a/sal/osl/w32/process.cxx
+++ b/sal/osl/w32/process.cxx
@@ -350,10 +350,8 @@ static rtl_uString ** osl_createCommandArgs_Impl (int
argc, char **)
{
/* Ensure absolute path */
::osl::LongPathBuffer< sal_Unicode > aBuffer( MAX_LONG_PATH );
- DWORD dwResult = 0;
-
- dwResult = SearchPath (
- nullptr, reinterpret_cast<LPCWSTR>(ppArgs[0]->buffer),
L".exe", aBuffer.getBufSizeInSymbols(),
::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), nullptr);
+ DWORD dwResult
+ = GetModuleFileNameW(nullptr, o3tl::toW(aBuffer),
aBuffer.getBufSizeInSymbols());
if ((0 < dwResult) && (dwResult < aBuffer.getBufSizeInSymbols()))
{
/* Replace argv[0] with its absolute path */
commit adfce32e57f33efb3cce54e3f13e2527e3b62743
Author: Thorsten Behrens <thorsten.behr...@cib.de>
AuthorDate: Thu Sep 10 00:18:08 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
Check range before accessing Calc sort userlist
Change-Id: I74df0bc6db978e06e8014ac1bc0d76a66c7f4fe8
diff --git a/sc/source/core/data/table3.cxx b/sc/source/core/data/table3.cxx
index 9f63f8f2ff10..de6f6f01d1c4 100644
--- a/sc/source/core/data/table3.cxx
+++ b/sc/source/core/data/table3.cxx
@@ -1533,9 +1533,9 @@ short ScTable::CompareCell(
bool bNaturalSort = aSortParam.bNaturalSort; // natural sort
bool bCaseSens = aSortParam.bCaseSens; // case
sensitivity
- if (bUserDef)
+ ScUserList* pList = ScGlobal::GetUserList();
+ if (bUserDef && pList && pList->size() > aSortParam.nUserIndex)
{
- ScUserList* pList = ScGlobal::GetUserList();
const ScUserListData& rData =
(*pList)[aSortParam.nUserIndex];
if ( bNaturalSort )
commit 0708a8200f8aeb9a05972d6550f38ae9691f9c1b
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Fri Aug 7 18:57:00 2020 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
diff --git a/download.lst b/download.lst
index dea9f67a0727..1f6503badec7 100644
--- a/download.lst
+++ b/download.lst
@@ -164,8 +164,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd
export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz
-export NSS_SHA256SUM :=
861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
-export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
+export NSS_SHA256SUM :=
ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
+export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/UnpackedTarball_nss.mk
b/external/nss/UnpackedTarball_nss.mk
index b77939f20f31..e77f92341d91 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -21,7 +21,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/clang-cl.patch.0 \
external/nss/nss.vs2015.patch \
external/nss/nss.vs2015.pdb.patch \
- external/nss/nss.nspr-parallel-win-debug_build.patch \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
$(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch
b/external/nss/nss.nspr-parallel-win-debug_build.patch
deleted file mode 100644
index 86b55e1ccf7f..000000000000
--- a/external/nss/nss.nspr-parallel-win-debug_build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Änderung: 4866:23940b78e965
-Nutzer: Jan-Marek Glogowski <glo...@fbihome.de>
-Datum: Fri May 01 22:50:55 2020 +0000
-Dateien: pr/tests/Makefile.in
-Beschreibung:
-Bug 290526 Write separate PDBs for test OBJs r=glandium
-
-Quite often when running a parallel NSS build, I get the following
-compiler error message, resulting in a build failure, despite
-compiling with the -FS flag:
-
-.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
-Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
-ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
-dieselbe .PDB-Datei schreiben.
-
-The failing source file is always one of the last test object
-files. But the actual problem is not the compiler accessing the
-PDB file, but the linker already linking the first test
-executables accessing the shared PDB; at least that's my guess.
-
-So instead of using a shared PDB for all test object files, this
-uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
-test's object file. The linker works fine with the shared OBJ PDB.
-
-Differential Revision: https://phabricator.services.mozilla.com/D68693
-
-
-diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
---- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
-+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
-@@ -211,6 +211,7 @@
- else
- EXTRA_LIBS += ws2_32.lib
- LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
-+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
- ifdef PROFILE
- LDOPTS += -PROFILE -MAP
- endif # profile
-
commit 4825924fe48fba508f5969e8bfd232e7534bf964
Author: Jan-Marek Glogowski <glo...@fbihome.de>
AuthorDate: Wed Jun 26 18:09:19 2019 +0200
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
NSS: enable parallel build
Since NSS 3.53, the Makefile based build should be fixed (upstream
bug 290526). The only missing patch is a minimal NSPR fix for the
"NSPR, configure + make, parallel, Windows, MS VS, debug" build.
That patch isn't incuded in the NSPR 4.25 release (but it's already
in the mercurial repo for NSPR 4.26).
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95218
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
(cherry picked from commit b56e8d6def26a0430853835e997f1be841840a61)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100419
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit c1bce55faebd9ad8751d7b6b9a7f77dff7b3d507)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100589
(cherry picked from commit 3e4dbb1708d4b3b7619602b63602b884a7bb2caa)
Change-Id: I8eaa3792a12bdff734e56ac3f552991478957e23
diff --git a/download.lst b/download.lst
index f46a38121016..dea9f67a0727 100644
--- a/download.lst
+++ b/download.lst
@@ -164,8 +164,8 @@ export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM :=
00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd
export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz
-export NSS_SHA256SUM :=
07d4276168f59bb3038c7826dabb5fbfbab8336ddf65e4e6e43bce89ada78c64
-export NSS_TARBALL := nss-3.47.1-with-nspr-4.23.tar.gz
+export NSS_SHA256SUM :=
861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
+export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/ExternalProject_nss.mk
b/external/nss/ExternalProject_nss.mk
index f555975ee7fa..01b6b4e07794 100644
--- a/external/nss/ExternalProject_nss.mk
+++ b/external/nss/ExternalProject_nss.mk
@@ -29,11 +29,11 @@ ifeq ($(OS),WNT)
$(call gb_ExternalProject_get_state_target,nss,build): $(call
gb_ExternalProject_get_state_target,nss,configure) $(call
gb_ExternalExecutable_get_dependencies,python)
$(call gb_ExternalProject_run,build,\
$(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \
- MOZ_MSVCVERSION=9 OS_TARGET=WIN95 \
+ OS_TARGET=WIN95 \
$(if $(filter X86_64,$(CPUNAME)),USE_64=1) \
LIB="$(ILIB)" \
XCFLAGS="-arch:SSE $(SOLARINC)" \
- $(MAKE) -j1 nss_build_all RC="rc.exe $(SOLARINC)" \
+ $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \
NSINSTALL='$(call
gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \
,nss)
@@ -53,7 +53,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call
gb_ExternalProject
$(if $(filter IOS-ARM,$(OS)-$(CPUNAME)),CPU_ARCH=arm) \
NSINSTALL="$(call
gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py")
\
NSDISTMODE=copy \
- $(MAKE) -j1 AR="$(AR)" \
+ $(MAKE) AR="$(AR)" \
RANLIB="$(RANLIB)" \
NMEDIT="$(NM)edit" \
CCC="$(CXX)" \
diff --git a/external/nss/UnpackedTarball_nss.mk
b/external/nss/UnpackedTarball_nss.mk
index 463451ecd924..b77939f20f31 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -12,32 +12,32 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,nss))
$(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL)))
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/nss.patch \
- external/nss/nss.aix.patch \
- external/nss/nss-3.13.5-zlib-werror.patch \
- external/nss/nss_macosx.patch \
- external/nss/nss-win32-make.patch.1 \
- $(if $(filter WNT,$(OS)),external/nss/nss.windows.patch \
- external/nss/nss.nowerror.patch \
- external/nss/nss.vs2015.patch) \
+ external/nss/nss.patch \
+ external/nss/nss.aix.patch \
+ external/nss/nss-3.13.5-zlib-werror.patch \
+ external/nss/nss_macosx.patch \
+ external/nss/nss-win32-make.patch.1 \
external/nss/ubsan.patch.0 \
external/nss/clang-cl.patch.0 \
- $(if $(filter IOS,$(OS)), \
+ external/nss/nss.vs2015.patch \
+ external/nss/nss.vs2015.pdb.patch \
+ external/nss/nss.nspr-parallel-win-debug_build.patch \
+ $(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
- $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
- external/nss/nss.cygwin64.in32bit.patch) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.vs2015.pdb.patch) \
+ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
+ external/nss/nss.cygwin64.in32bit.patch) \
$(if $(findstring 120_70,$(VCVER)_$(WINDOWS_SDK_VERSION)), \
external/nss/nss-winXP-sdk.patch.1) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.utf8bom.patch.1) \
+ $(if $(filter WNT,$(OS)), \
+ external/nss/nss.windows.patch \
+ external/nss/nss.nowerror.patch \
+ external/nss/nss.utf8bom.patch.1) \
))
ifeq ($(COM_IS_CLANG),TRUE)
ifneq ($(filter -fsanitize=%,$(CC)),)
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/asan.patch.1 \
+ external/nss/asan.patch.1 \
))
endif
endif
diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py
index 31b3de3450c5..80e9c1679373 100644
--- a/external/nss/nsinstall.py
+++ b/external/nss/nsinstall.py
@@ -155,7 +155,12 @@ def nsinstall(argv):
target = args.pop()
# ensure target directory
if not os.path.isdir(target):
- os.makedirs(target)
+ try:
+ os.makedirs(target)
+ except FileExistsError:
+ if not os.path.isdir(target):
+ sys.stderr.write('nsinstall: ' + target + ' is not a directoy!\n')
+ return 1
copy_all_entries(args, target)
return 0
diff --git a/external/nss/nss-3.13.5-zlib-werror.patch
b/external/nss/nss-3.13.5-zlib-werror.patch
index 6cda50023f1b..0cdbf7808f81 100644
--- a/external/nss/nss-3.13.5-zlib-werror.patch
+++ b/external/nss/nss-3.13.5-zlib-werror.patch
@@ -1,9 +1,10 @@
--- a/a/nss/lib/zlib/gzguts.h 2010-08-22 03:07:03.000000000 +0200
+++ b/b/nss/lib/zlib/gzguts.h 2012-07-17 08:52:14.821552788 +0200
-@@ -26,6 +26,9 @@
- # include <limits.h>
+@@ -26,6 +26,10 @@
+ # define write _write
+ # define close _close
#endif
- #include <fcntl.h>
++
+#ifndef _WIN32
+#include <unistd.h>
+#endif
diff --git a/external/nss/nss-win32-make.patch.1
b/external/nss/nss-win32-make.patch.1
index bc5a759275e2..7ba3df451ee6 100644
--- a/external/nss/nss-win32-make.patch.1
+++ b/external/nss/nss-win32-make.patch.1
@@ -1,7 +1,7 @@
--- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200
+++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200
@@ -259,7 +259,7 @@
- @$(MAKE_OBJDIR)
+ $(LIBRARY): $(OBJS) | $$(@D)/d
rm -f $@
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
- $(AR) $(subst /,\\,$(OBJS))
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch
b/external/nss/nss.nspr-parallel-win-debug_build.patch
new file mode 100644
index 000000000000..86b55e1ccf7f
--- /dev/null
+++ b/external/nss/nss.nspr-parallel-win-debug_build.patch
@@ -0,0 +1,40 @@
+Änderung: 4866:23940b78e965
+Nutzer: Jan-Marek Glogowski <glo...@fbihome.de>
+Datum: Fri May 01 22:50:55 2020 +0000
+Dateien: pr/tests/Makefile.in
+Beschreibung:
+Bug 290526 Write separate PDBs for test OBJs r=glandium
+
+Quite often when running a parallel NSS build, I get the following
+compiler error message, resulting in a build failure, despite
+compiling with the -FS flag:
+
+.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
+Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
+ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
+dieselbe .PDB-Datei schreiben.
+
+The failing source file is always one of the last test object
+files. But the actual problem is not the compiler accessing the
+PDB file, but the linker already linking the first test
+executables accessing the shared PDB; at least that's my guess.
+
+So instead of using a shared PDB for all test object files, this
+uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
+test's object file. The linker works fine with the shared OBJ PDB.
+
+Differential Revision: https://phabricator.services.mozilla.com/D68693
+
+
+diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
+--- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
++++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
+@@ -211,6 +211,7 @@
+ else
+ EXTRA_LIBS += ws2_32.lib
+ LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
++ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
+ ifdef PROFILE
+ LDOPTS += -PROFILE -MAP
+ endif # profile
+
diff --git a/external/nss/nss.windows.patch b/external/nss/nss.windows.patch
index 9dbeaa946520..901846e7bc1f 100644
--- a/external/nss/nss.windows.patch
+++ b/external/nss/nss.windows.patch
@@ -18,8 +18,8 @@
-core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter
/%,$(1)),$(1),$(PWD)/$(1)))'
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(shell
cygpath -m $(1))),$(1),$(shell cygpath -m $(PWD)/$(1))))'
- $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
- @$(MAKE_OBJDIR)
+ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c | $$(@D)/d
+ ifdef USE_NT_C_SYNTAX
--- a/a/nspr/pr/include/md/_win95.h
+++ b/b/nspr/pr/include/md/_win95.h
@@ -312,7 +312,7 @@
commit 6a3b094d1c62b67cdfe82e61bcd6069a0fd973da
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Jan 15 17:16:02 2020 +0100
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
Remove a fragment from a file URL early on
...as ShellExecuteExW would ignore it anyway
Change-Id: I969db094bb7d2ea230ac8c36eb23d71a90fbe466
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86868
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit 14b36a16b225bf7c988f118d499a7287c47cd83e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86877
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
(cherry picked from commit 51da0d22ff42b20ab38130b7874651ef136ecceb)
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 6648d3f8d8a8..f18022897e7f 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -281,6 +281,7 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
static_cast< XSystemShellExecute* >( this ),
3 );
+ OUString preprocessed_command(aCommand);
if ((nFlags & URIS_ONLY) != 0)
{
css::uno::Reference< css::uri::XUriReference > uri(
@@ -294,8 +295,10 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
static_cast< cppu::OWeakObject * >(this), 0);
}
if (uri->getScheme().equalsIgnoreAsciiCase("file")) {
+ // ShellExecuteExW appears to ignore the fragment of a file URL
anyway, so remove it:
+ uri->clearFragment();
+ preprocessed_command = uri->getUriReference();
OUString pathname;
- uri->clearFragment(); // getSystemPathFromFileURL fails for URLs
with fragment
auto const e1
=
osl::FileBase::getSystemPathFromFileURL(uri->getUriReference(), pathname);
if (e1 != osl::FileBase::E_None) {
@@ -399,7 +402,6 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
and names no existing file (remember the jump mark
sign '#' is a valid file name character we remove
the jump mark, else ShellExecuteEx fails */
- OUString preprocessed_command(aCommand);
if (is_system_path(preprocessed_command))
{
if (has_jump_mark(preprocessed_command) &&
!is_existing_file(preprocessed_command))
commit 325832af93c65ae318da5f224bc9939780d5a7a5
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Tue Mar 24 10:48:04 2020 +0100
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:23 2020 +0200
icu: add patch to fix CVE-2020-10531
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90971
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit 002d1152dc418f7d624409e76cd9d4ac0b42c7f8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90975
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit 63b573faf984875cda7a879e696ea75fae81df57)
Change-Id: I0aca4af1bd79f28bf1c920a4d05e80948106aaac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90998
Tested-by: Michael Stahl <michael.st...@cib.de>
Reviewed-by: Michael Stahl <michael.st...@cib.de>
diff --git a/external/icu/ExternalProject_icu.mk
b/external/icu/ExternalProject_icu.mk
index 205817938539..838bef127e0e 100644
--- a/external/icu/ExternalProject_icu.mk
+++ b/external/icu/ExternalProject_icu.mk
@@ -13,7 +13,10 @@ $(eval $(call gb_ExternalProject_register_targets,icu,\
build \
))
-icu_CPPFLAGS:="-DHAVE_GCC_ATOMICS=$(if $(filter
TRUE,$(GCC_HAVE_BUILTIN_ATOMIC)),1,0)"
+# -I to find o3tl headers
+icu_CPPFLAGS:=" \
+ -DHAVE_GCC_ATOMICS=$(if $(filter TRUE,$(GCC_HAVE_BUILTIN_ATOMIC)),1,0) \
+ -I$(SRCDIR)/include"
ifeq ($(OS),WNT)
diff --git a/external/icu/UnpackedTarball_icu.mk
b/external/icu/UnpackedTarball_icu.mk
index 304d71399561..4aebd830051b 100644
--- a/external/icu/UnpackedTarball_icu.mk
+++ b/external/icu/UnpackedTarball_icu.mk
@@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\
external/icu/icu4c-changeset-39671.patch.1 \
external/icu/icu4c-changeset-40324.patch.1 \
external/icu/icu4c-59-icu13329-xlocale.patch.1 \
+ external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 \
))
$(eval $(call
gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict))
diff --git a/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2
b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2
new file mode 100644
index 000000000000..d3b34db670c5
--- /dev/null
+++ b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2
@@ -0,0 +1,37 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ft...@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+---
+ icu4c/source/common/unistr.cpp | 6 ++-
+ icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
+ icu4c/source/test/intltest/ustrtest.h | 1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
+index 901bb3358ba..077b4d6ef20 100644
+--- a/icu4c/source/common/unistr.cpp
++++ b/icu4c/source/common/unistr.cpp
+@@ -31,6 +31,7 @@
+ #include "ustr_imp.h"
+ #include "umutex.h"
+ #include "uassert.h"
++#include <o3tl/safeint.hxx>
+
+ #if 0
+
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t
srcStart, int32_t srcLeng
+ }
+
+ int32_t oldLength = length();
+- int32_t newLength = oldLength + srcLength;
++ int32_t newLength;
++ if (o3tl::checked_add(oldLength, srcLength, newLength)) {
++ setToBogus();
++ return *this;
++ }
+ // optimize append() onto a large-enough, owned string
+ if((newLength <= getCapacity() && isBufferWritable()) ||
+ cloneArrayIfNeeded(newLength, getGrowCapacity(newLength))) {
commit 556fe7ed616f3e11e6ce714b885994eb084110d3
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Fri Jan 3 22:40:07 2020 +0300
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:41:22 2020 +0200
tdf#93389: keep encryption information for autorecovered MS formats
The autorecovery data is stored in ODF, regardless of the original
document format. When restoring, type detection generates ODF data,
which is stored in the media descriptor attached to document, even
after real filter was restored (see AutoRecovery::implts_openDocs).
If real filter is not ODF, then at the save time, it doesn't find
necessary information in encryption data, and makes not encrypted
package.
This patch adds both MS binary data, and OOXML data, to existing
ODF data for recovered password-protected documents (regardless of
their real filter).
TODO: only add required information to encryption data: pass real
filter name to DocPasswordHelper::requestAndVerifyDocPassword from
AutoRecovery::implts_openDocs.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86201
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
(cherry picked from commit dd198398b6e5c84ab1255a90ef96e6445b66a64f)
Conflicts:
comphelper/source/misc/docpasswordhelper.cxx
(cherry picked from commit 6017cdff264afc3b98beeba1330d6df28102fe7a)
Change-Id: I4717f067ad3c40167312b99eefef5584a467bfed
diff --git a/comphelper/source/misc/docpasswordhelper.cxx
b/comphelper/source/misc/docpasswordhelper.cxx
index d5b063315b0d..05cbb6c7a145 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -20,6 +20,8 @@
#include <algorithm>
#include <comphelper/docpasswordhelper.hxx>
+#include <comphelper/propertysequence.hxx>
+#include <comphelper/storagehelper.hxx>
#include <comphelper/sequence.hxx>
#include <comphelper/storagehelper.hxx>
#include <com/sun/star/beans/PropertyValue.hpp>
@@ -361,6 +363,25 @@ Sequence< sal_Int8 >
DocPasswordHelper::GetXLHashAsSequence(
OUString aPassword;
DocPasswordVerifierResult eResult =
DocPasswordVerifierResult::WrongPassword;
+ sal_Int32 nMediaEncDataCount = rMediaEncData.getLength();
+
+ // tdf#93389: if the document is being restored from autorecovery, we need
to add encryption
+ // data also for real document type.
+ // TODO: get real filter name here (from CheckPasswd_Impl), to only add
necessary data
+ bool bForSalvage = false;
+ if (nMediaEncDataCount)
+ {
+ for (auto& val : rMediaEncData)
+ {
+ if (val.Name == "ForSalvage")
+ {
+ --nMediaEncDataCount; // don't consider this element below
+ val.Value >>= bForSalvage;
+ break;
+ }
+ }
+ }
+
// first, try provided default passwords
if( pbIsDefaultPassword )
*pbIsDefaultPassword = false;
@@ -385,7 +406,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
// try media encryption data (skip, if result is OK or ABORT)
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
- if( rMediaEncData.getLength() > 0 )
+ if (nMediaEncDataCount)
{
eResult = rVerifier.verifyEncryptionData( rMediaEncData );
if( eResult == DocPasswordVerifierResult::OK )
@@ -449,6 +470,26 @@ Sequence< sal_Int8 >
DocPasswordHelper::GetXLHashAsSequence(
if (!bHasEncryptionData)
aEncData = comphelper::concatSequences(
aEncData,
OStorageHelper::CreatePackageEncryptionData(aPassword));
+
+ if (bForSalvage)
+ {
+ // TODO: add individual methods for different target filter, and
only call what's needed
+
+ // 1. Prepare binary MS formats encryption data
+ auto aUniqueID = GenerateRandomByteSequence(16);
+ auto aEnc97Key = GenerateStd97Key(aPassword.getStr(), aUniqueID);
+ // 2. Add MS binary and OOXML encryption data to result
+ uno::Sequence< beans::NamedValue > aContainer(3);
+ aContainer[0].Name = "STD97EncryptionKey";
+ aContainer[0].Value <<= aEnc97Key;
+ aContainer[1].Name = "STD97UniqueID";
+ aContainer[1].Value <<= aUniqueID;
+ aContainer[2].Name = "OOXPassword";
+ aContainer[2].Value <<= aPassword;
+
+ aEncData = comphelper::concatSequences(
+ aEncData, aContainer);
+ }
}
return (eResult == DocPasswordVerifierResult::OK) ? aEncData :
uno::Sequence< beans::NamedValue >();
diff --git a/package/source/xstor/owriteablestream.cxx
b/package/source/xstor/owriteablestream.cxx
index 9c4c6f3cc680..a5cb9d0383a0 100644
--- a/package/source/xstor/owriteablestream.cxx
+++ b/package/source/xstor/owriteablestream.cxx
@@ -79,9 +79,11 @@ struct WSInternalData_Impl
namespace package
{
-bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap&
aHash1, const ::comphelper::SequenceAsHashMap& aHash2 )
+bool PackageEncryptionDataLessOrEqual( const ::comphelper::SequenceAsHashMap&
aHash1, const ::comphelper::SequenceAsHashMap& aHash2 )
{
- bool bResult = !aHash1.empty() && aHash1.size() == aHash2.size();
+ // tdf#93389: aHash2 may contain more than in aHash1, if it contains also
data for other package
+ // formats (as in case of autorecovery)
+ bool bResult = !aHash1.empty() && aHash1.size() <= aHash2.size();
for ( ::comphelper::SequenceAsHashMap::const_iterator aIter =
aHash1.begin();
bResult && aIter != aHash1.end();
++aIter )
@@ -1164,7 +1166,7 @@ uno::Reference< io::XStream >
OWriteStream_Impl::GetStream( sal_Int32 nStreamMod
if ( m_bHasCachedEncryptionData )
{
- if ( !::package::PackageEncryptionDatasEqual( m_aEncryptionData,
aEncryptionData ) )
+ if ( !::package::PackageEncryptionDataLessOrEqual( m_aEncryptionData,
aEncryptionData ) )
throw packages::WrongPasswordException();
// the correct key must be set already
diff --git a/package/source/xstor/owriteablestream.hxx
b/package/source/xstor/owriteablestream.hxx
index dde8375155bd..0ef32efe2adf 100644
--- a/package/source/xstor/owriteablestream.hxx
+++ b/package/source/xstor/owriteablestream.hxx
@@ -62,7 +62,8 @@ struct MutexHolder
};
namespace package {
- bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap&
aHash1, const ::comphelper::SequenceAsHashMap& aHash2 );
+ // all data in aHash1 is contained in aHash2
+ bool PackageEncryptionDataLessOrEqual( const
::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap&
aHash2 );
}
struct WSInternalData_Impl;
diff --git a/package/source/xstor/xstorage.cxx
b/package/source/xstor/xstorage.cxx
index db5ddcd8ba5a..ab528b157d14 100644
--- a/package/source/xstor/xstorage.cxx
+++ b/package/source/xstor/xstorage.cxx
@@ -858,7 +858,7 @@ void OStorage_Impl::CopyStorageElement( SotElement_Impl*
pElement,
SAL_INFO("package.xstor", "No Encryption: " <<
rNoEncryptionException.Message);
}
- if (bHasCommonEncryptionData &&
::package::PackageEncryptionDatasEqual(pElement->m_xStream->GetCachedEncryptionData(),
aCommonEncryptionData))
+ if (bHasCommonEncryptionData &&
::package::PackageEncryptionDataLessOrEqual(pElement->m_xStream->GetCachedEncryptionData(),
aCommonEncryptionData))
{
// If the stream can be opened with the common storage password
// it must be stored with the common storage password as well
diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx
index ca6901737e27..ae4534ee1e49 100644
--- a/sfx2/source/appl/appopen.cxx
+++ b/sfx2/source/appl/appopen.cxx
@@ -48,6 +48,7 @@
#include <comphelper/processfactory.hxx>
#include <comphelper/storagehelper.hxx>
#include <comphelper/string.hxx>
+#include <comphelper/sequence.hxx>
#include <comphelper/synchronousdispatch.hxx>
#include <vcl/wrkwin.hxx>
@@ -237,6 +238,21 @@ sal_uInt32 CheckPasswd_Impl
if ( pEncryptionDataItem )
pEncryptionDataItem->GetValue() >>=
aEncryptionData;
+ // tdf#93389: if recoverying a document,
encryption data should contain
+ // entries for the real filter, not only for
recovery ODF, to keep it
+ // encrypted. Pass this in encryption data.
+ // TODO: pass here the real filter (from
AutoRecovery::implts_openDocs)
+ // to marshal this to requestAndVerifyDocPassword
+ if (pSet->GetItemState(SID_DOC_SALVAGE, false) ==
SfxItemState::SET)
+ {
+ uno::Sequence< beans::NamedValue >
aContainer(1);
+ aContainer[0].Name = "ForSalvage";
+ aContainer[0].Value <<= true;
+
+ aEncryptionData = comphelper::concatSequences(
+ aEncryptionData, aContainer);
+ }
+
SfxDocPasswordVerifier aVerifier( xStorage );
aEncryptionData =
::comphelper::DocPasswordHelper::requestAndVerifyDocPassword(
aVerifier, aEncryptionData, aPassword,
xInteractionHandler, pFile->GetOrigURL(),
comphelper::DocPasswordRequestType::Standard );
commit 1d211d8e540a13e5a6a1d02633766360c29d9f4b
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Fri Nov 29 13:07:57 2019 +0300
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Thu Oct 1 08:40:28 2020 +0200
tdf#118639: store ODF encryption data for autorecovery
When saving autorecovery information, ODF is used. If the original
document is password-protected, its autorecovery is also generated
password-protected (since ef87ff6680f79362a431db6e7ef2f40cfc576219).
But when the stored encryption data for non-ODF document does not
contain "PackageSHA256UTF8EncryptionKey" value, following
ZipPackage::GetEncryptionKey fails, so the whole save fails.
So just generate and append ODF encryption keys where we still have
user password.
Reviewed-on: https://gerrit.libreoffice.org/84052
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
(cherry picked from commit 63634738dd03cc74806ce6843c16ff5e51a371a0)
Reviewed-on: https://gerrit.libreoffice.org/84133
Reviewed-by: Xisco Faulí <xiscofa...@libreoffice.org>
(cherry picked from commit e569dc9824e95617d921bb8f115d243aea0125b9)
Reviewed-on: https://gerrit.libreoffice.org/84232
Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com>
Change-Id: I776e28de784489521e4941d1075690f90c056014
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94355
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/comphelper/source/misc/docpasswordhelper.cxx
b/comphelper/source/misc/docpasswordhelper.cxx
index 042421ac29d0..d5b063315b0d 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -20,6 +20,8 @@
#include <algorithm>
#include <comphelper/docpasswordhelper.hxx>
+#include <comphelper/sequence.hxx>
+#include <comphelper/storagehelper.hxx>
#include <com/sun/star/beans/PropertyValue.hpp>
#include <com/sun/star/task/XInteractionHandler.hpp>
@@ -356,6 +358,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
bool* pbIsDefaultPassword )
{
css::uno::Sequence< css::beans::NamedValue > aEncData;
+ OUString aPassword;
DocPasswordVerifierResult eResult =
DocPasswordVerifierResult::WrongPassword;
// first, try provided default passwords
@@ -369,8 +372,12 @@ Sequence< sal_Int8 >
DocPasswordHelper::GetXLHashAsSequence(
if( !aIt->isEmpty() )
{
eResult = rVerifier.verifyPassword( *aIt, aEncData );
- if( pbIsDefaultPassword )
- *pbIsDefaultPassword = eResult ==
DocPasswordVerifierResult::OK;
+ if (eResult == DocPasswordVerifierResult::OK)
+ {
+ aPassword = *aIt;
+ if (pbIsDefaultPassword)
+ *pbIsDefaultPassword = true;
+ }
}
}
}
@@ -390,7 +397,11 @@ Sequence< sal_Int8 >
DocPasswordHelper::GetXLHashAsSequence(
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
if( !rMediaPassword.isEmpty() )
+ {
eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = rMediaPassword;
+ }
}
// request a password (skip, if result is OK or ABORT)
@@ -406,6 +417,8 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
{
if( !pRequest->getPassword().isEmpty() )
eResult = rVerifier.verifyPassword(
pRequest->getPassword(), aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = pRequest->getPassword();
}
else
{
@@ -418,6 +431,26 @@ Sequence< sal_Int8 >
DocPasswordHelper::GetXLHashAsSequence(
{
}
+ if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty())
+ {
+ const beans::NamedValue* pIter = aEncData.getConstArray();
+ const beans::NamedValue* pEnd = pIter + aEncData.getLength();
+ bool bHasEncryptionData = false;
+ for (; pIter != pEnd; ++pIter)
+ {
+ if (pIter->Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8)
+ {
+ bHasEncryptionData = true;
+ break;
+ }
+ }
+ // tdf#118639: We need ODF encryption data for autorecovery, where
password
+ // will already be unavailable, so generate and append it here
+ if (!bHasEncryptionData)
+ aEncData = comphelper::concatSequences(
+ aEncData,
OStorageHelper::CreatePackageEncryptionData(aPassword));
+ }
+
return (eResult == DocPasswordVerifierResult::OK) ? aEncData :
uno::Sequence< beans::NamedValue >();
}
diff --git a/sfx2/source/dialog/filedlghelper.cxx
b/sfx2/source/dialog/filedlghelper.cxx
index 2026be6ad82e..96552e94f72f 100644
--- a/sfx2/source/dialog/filedlghelper.cxx
+++ b/sfx2/source/dialog/filedlghelper.cxx
@@ -2644,6 +2644,8 @@ ErrCode RequestPassword(const std::shared_ptr<const
SfxFilter>& pCurrentFilter,
{
if ( pPasswordRequest->getPassword().getLength() )
{
+ css::uno::Sequence< css::beans::NamedValue > aEncryptionData;
+
// TODO/LATER: The filters should show the password dialog
themself in future
if ( bMSType )
{
@@ -2652,7 +2654,7 @@ ErrCode RequestPassword(const std::shared_ptr<const
SfxFilter>& pCurrentFilter,
{
::comphelper::SequenceAsHashMap aHashData;
aHashData[ OUString( "OOXPassword" ) ] <<=
pPasswordRequest->getPassword();
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA,
uno::makeAny( aHashData.getAsConstNamedValueList() ) ) );
+ aEncryptionData = aHashData.getAsConstNamedValueList();
}
else
{
@@ -2665,7 +2667,7 @@ ErrCode RequestPassword(const std::shared_ptr<const
SfxFilter>& pCurrentFilter,
aHashData[ OUString( "STD97EncryptionKey" ) ] <<=
aEncryptionKey;
aHashData[ OUString( "STD97UniqueID" ) ] <<=
aUniqueID;
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA,
uno::makeAny( aHashData.getAsConstNamedValueList() ) ) );
+ aEncryptionData = aHashData.getAsConstNamedValueList();
}
else
{
@@ -2673,10 +2675,14 @@ ErrCode RequestPassword(const std::shared_ptr<const
SfxFilter>& pCurrentFilter,
}
}
}
- else
- {
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny(
::comphelper::OStorageHelper::CreatePackageEncryptionData(
pPasswordRequest->getPassword() ) ) ) );
- }
+
+ // tdf#118639: We need ODF encryption data for autorecovery where
password will already
+ // be unavailable, even for non-ODF documents, so append it here
unconditionally
+ pSet->Put(SfxUnoAnyItem(
+ SID_ENCRYPTIONDATA,
+ uno::makeAny(comphelper::concatSequences(
+ aEncryptionData,
comphelper::OStorageHelper::CreatePackageEncryptionData(
+ pPasswordRequest->getPassword())))));
}
if ( pPasswordRequest->getRecommendReadOnly() )
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
