AgeCommit message (Collapse)AuthorFilesLines
2015-03-16Bump version to 4.3-5cp-4.3-5Andras Timar1-1/+1
Change-Id: I490b671b94b74d1cbddf2a5cff4227383e612414
2015-03-16disable PDF timestamping UI on WindowsAndras Timar1-0/+6
Change-Id: Ied4520670478d04fce3620c4f3375b1a435f98af
2015-03-16sw: fix buildMiklos Vajna1-1/+1
Change-Id: I9a6209e02c2609c7594763ba01e84f0e598b4873
2015-03-16handle one more place with MSO 2007 vs OOXML spec for chartsMarkus Mohrhard2-2/+6
Change-Id: I7dbc3017f2bba7b186174be2e4fd8c9ce7005d34 (cherry picked from commit 708d201884c4940647dc65e43e887803f06dce87)
2015-03-16fdo#52540, fdo#88051: fix Graphite layoutLászló Németh1-2/+5
The previous fixes were incomplete solutions (see the new test cases of the bug reports). Change-Id: I928f09d94edf68d268de9046c16582e6f016d561
2015-03-16fdo#37156 insert table copy as nested table in non-starting cell positionLászló Németh1-1/+6
Cherry-picked from 7600a2942ce2b9dac66836105bed6620d55abec2 Change-Id: I7584ed179e92abcb10ef0e3a7e4e0d30d24f86bf
2015-03-13import the document properties before the documentMarkus Mohrhard1-12/+12
That allows us to potentially change the import depending on the producer of the document. This becomes necessary to handle MSO 2007 chart drawingml streams correctly. (cherry picked from commit a2fa9e2468aa5c4fd4b610c5d0ebc8959e87a072) Conflicts: sc/source/filter/oox/excelfilter.cxx Conflicts: sc/source/filter/oox/excelfilter.cxx Change-Id: I9be8b019fae69cd206203591982a89648965692f
2015-03-13detect MSO 2007 OOXML documentsMarkus Mohrhard2-3/+42
(cherry picked from commit 15174177091367332b57cd79575e2f7dd27388b2) Conflicts: oox/source/core/xmlfilterbase.cxx Conflicts: oox/source/core/xmlfilterbase.cxx Change-Id: I4052c6f1e5dde71ce4cede1ec9a313f461861d71
2015-03-13handle MSO 2007 vs OOXML in auto title chart importMarkus Mohrhard4-8/+12
Conflicts: oox/source/drawingml/chart/chartspacefragment.cxx oox/source/drawingml/chart/chartspacemodel.cxx Change-Id: Ie143751d22404dac8f31c8ecef90a0e185e07973
2015-03-12Fix crash when timestamping PDF signatureTor Lillqvist1-2/+7
Using the NSS API for CMS and ASN.1-based stuff in general correctly is extremely hard. It is very easy to do things slightly wrong. Of course no compiler warnings are produced. You just get code that happens to work by accident when compiled with one compiler, but not another, or depending on contents of uninitialised memory, or the phase of the moon. The problem was that the "values" field of a NSSCMSAttribute struct apparently is supposed to point to *two* SECItem pointers, one pointing to the actual value, and a NULL one. Anyway, now valgrind finally does not complain about any use of uninitialised memory. Most likely my earlier recent commits to this file were not necessary after all. They just seemed to help by accident, at least at one stage. But whatever... Change-Id: Ic98401b5d151bbb2398f809f47699f670e9720fa
2015-03-12Don't bother with macros that are dummy on Unix in Unix-only codeTor Lillqvist1-11/+5
In NSS's <secasn1t.h>, for non-Windows: #define SEC_ASN1_SUB(x) x #define SEC_ASN1_XTRN 0 #define SEC_ASN1_MKSUB(x) Change-Id: Ie42d881cebffdd060309d6a15d8d9c319c260699
2015-03-11Fix compilation error with gcc 4.7Tor Lillqvist1-55/+55
Change-Id: I07080c0d42029b7e44f4a6104c18dd75c7356ae0
2015-03-11Fix signature overflow check in the NSS caseTor Lillqvist1-11/+11
We didn't actually check this correctly at all, but gladly overwrote the allocated part of the output PDF, thus obviously rendering it invalid. The parameter passed to PORT_NewArea is a default chunk size, not a maximum anything, so it was misleading, even if not wrong as such, to pass MAX_SIGNATURE_CONTENT_LENGTH to it. Use 10000 instead. No need to do the overflow check twice in the Win32 case. Change-Id: Ifa796dbb74b32e857f7184c1e8ada97ba124b020
2015-03-11gcc 4.4.7 (Cent OS 5) does not know auto iteratorsAndras Timar2-6/+6
Change-Id: I03ab90c90448e456fc497fb082ad230a434f9f3a
2015-03-11Move more variables out of the timestamping blockTor Lillqvist1-5/+4
One or more pointers into them apparently gets stored into the NSSCMSMessage data structures during the my_NSS_CMSSignerInfo_AddUnauthAttr() call, and thus when the variables go out of scope said data can and will be reused for some arbitrary other thing, and those pointers in the NSSCMSMessage will point to bogus data. Avoids a crash when compiled with gcc. (No crash when compiled with Clang, it apparently allocates nested block stack variables differently.) (The Windows MSVC build uses a different code path entirely here.) Change-Id: Ic941d766904a216cce86ee6bd38864801b9110e8 (cherry picked from commit 90a684b32b93988e890d854deff384addd875de9)
2015-03-11OS X 32-bit build fixAndras Timar1-2/+2
Change-Id: I2bb67ba310cfeda2a57d5bbdcd8064eaf09aa087
2015-03-09Resolves tdf#80137 Paste array formula into range pastes as non-array formulaHenry Castro3-2/+72
Reviewed-on: Tested-by: Jenkins <> Reviewed-by: Andras Timar <> (cherry picked from commit 097a16b59884c777f724cec6c5d42734974ed44b) Conflicts: sc/qa/unit/ucalc.cxx sc/qa/unit/ucalc.hxx Change-Id: I500008b32e5af07702b76afb901a3ec270453462
2015-03-05tdf#88428: Add GUI to select one of user-configured Time Stamp AuthoritiesTor Lillqvist8-5/+70
Work in progress. The selection not used for anything yet. (cherry picked from commit b8b9d51b8cf1cafe1a94e1baf957f3f282abb32f) Conflicts: filter/source/pdf/impdialog.cxx include/sal/log-areas.dox Change-Id: Ia86fa0f59dcfee8e9d332a028a3fad37f4019fe0
2015-03-05tdf#88427: Add GUI to enter and maintain a list of Time Stamping AuthoritiesTor Lillqvist9-2/+494
It is just a simple list of entered URLs, accessed from the Security page. No sanity checks for now. No selection of a "default" one for now. Implementation is much simpler this way. The actual selection of one TSA (or none) is done when exporting to PDF. Change-Id: I0392eabc9b9629a6f0a767d1b2337622a61c120f (cherry picked from commit 24ad0629ae9edad83514e329e7173b94a8680ea6)
2015-03-05tdf#88431: Pass the selected Time Stamp Authority, if any, along to vclTor Lillqvist5-2/+15
Work in progress. If a TSA is selected, pass it along to the signature generation in vcl. Change-Id: Ibe105b6d02ab9241b93dd66ab3cb1fa8c6d10093 (cherry picked from commit d83e6e9cdb727b3ca2938048e115ba38886d4c70)
2015-03-05tdf#84881: Timestamp the right data (Win32 version)Tor Lillqvist1-107/+241
Now Adobe Reader is satisfied with the signature timestamp also for a PDF signed and timestamped on Windows. My gleeful commit comment from yesterday about how much simpler the Win32 crypto API was to use for this task was not entirely true. It is simpler than using NSS and curl, but not as simple as I had hoped. Oh well, I am not really surprised. I now use the "low-level" message functions instead of the single "simplified" CryptSignMessage(). And just like with NSS, I need to create the message twice; first to get the signature to timestamp, and then a second time to attach the timestamp. But now I wonder whether doing CryptSignMessage() twice would work too. Anyway, won't touch the code now for a while. I am actually a bit surprised that the code works... Must have been my lucky day. Or then I just am good at making educated guesses at what an API does, even if the documentation doesn't make it perfectly clear. Especially, I am a bit surprised that calling CryptMsgGetParam(hMsg, CMSG_BARE_CONTENT_PARAM) returns (just) the signature. OTOH, what else would it return? Change-Id: Iec20c7605cf3d841b9e1787184c7b665837f1bc2 (cherry picked from commit 2c78736c19a8f2a1df0f406c3e92f5ac55576148)
2015-03-05tdf#84881: Timestamp the right data (NSS version)Tor Lillqvist1-2/+4
Now Adobe Reader is satisfied with the signature timestamp. I just need to figure out how to do the corresponding fix for the Win32 version, too. Change-Id: Ie2cce177a9a356e729ca157b4c181e95a2c60c91 (cherry picked from commit ce0e240ef10566f1cc334386dbde83b43ebb9281)
2015-03-05tdf#84881: Add Windows implementation of timestamping of signatureTor Lillqvist1-0/+122
Luckily doable with much simpler code than the horrible NSS and curl mess used on Linux (and, sadly, OS X). Basically only one new API call needed: CryptRetrieveTimestamp(). A few hours of work, compared to about a week for the Linux case. However, amusingly, it causes the same message in Adobe Reader as when using the NSS code: "The signature includes an embedded timestamp but it could not be verified". Sigh. Change-Id: I98c973bd50b841d1ae3feb8a695bac29da538b6c (cherry picked from commit 00646102569739e0bf8929c271963f129d747a5a)
2015-03-05tdf#84881: Try to fix "The signature includes an embedded timestamp but ...Tor Lillqvist1-16/+131
... it could not be verified" I got some insight reading this question and reply on stackoverflow: I had been doing the timestamping wrong in the same way: I had timestamped the hash of the PDF document, not of the signature. That is wrong. If you think hard, it is obvious: It is the (rest of the) signature that needs an authenticated timestamp, not the PDF document contents. After all, if the document contents is timestamped, but not the signature, that doesn't prevent tampering with the signature after the timestamping. When you timestamp the signature, that proves the date of the signature. (And the signature proves the authenticity of the document contents.) So I had to re-engineer the code a bit. I create two originally identical NSS CMS messages with signatures, encode one signature into DER, take the hash of the signature, get a timestamp from the TSA for that hash. Then I add that timestamp to the other CMS message as an unsigned attribute of its signature, sign it, encode it, convert to hex, and store it the document. (I first tried to use just one CMS message, but NSS stopped with an assertion when I tried to encode the signature of the same message a second time, after adding the timestamp attribute to the signature. Go figure.) (I did verify the the encoded signatures, taken from what should be identical but separate CMS messages, was in fact identical. So I am fairly sure the idea described above is sound.) But, it doesn't help. Adobe Reader still complains "The signature includes an embedded timestamp but it could not be verified". Change-Id: I4e4cd0443005e82f597586942badc7145ef64160 (cherry picked from commit 86796f127b15fd33374f2a18344dc944b7b8314d)
2015-03-05tdf#84881: Slight refactoring and redordering of function callsTor Lillqvist1-63/+95
No change to functionality or end result. Preparation for an attempt to fix the remaining problem with RFC3161 timestamped signature. Change-Id: I5790a85399e9f94d816e8fab791a03d607113116 (cherry picked from commit 0874849206a38cbe15cc981b6cb814d3a7abf38b)
2015-03-05tdf#84881: Bump MAX_SIGNATURE_CONTENT_LENGTH to 50000 for nowTor Lillqvist1-1/+14
Note that checks in the code against exceeding that limit apparently are broken, though. After the previous change I ended up with an invalid PDF where the signature hex string in the output PDF had brutally overrun its allocation. Now Adobe Reader says "The signature includes an embedded timestamp but it could not be verified". This is progress. Perhaps I just need to tell Adobe Reader to trust the certificate from the TSA I used. (cherry picked from commit ca2d878659400b783ae72267f47d0c719b50a1ad) Conflicts: vcl/source/gdi/pdfwriter_impl.cxx Change-Id: I1e8644ee641592a985e0190b52bf76839f99b3e7
2015-03-05tdf#84881: Set TimeStampReq::certReq to trueTor Lillqvist1-3/+3
I think Adobe Reader expects the timestamp info to include the TSA's certificate. Change-Id: Iedf1c4a9952b12ac61b4ba7f73bee339480e821d (cherry picked from commit 4702f6ae2f671ac48e4cae3cd46d5941d021e533)
2015-03-05tdf#84881: Move some variables one block level outTor Lillqvist1-5/+5
It it scary to keep pointers to stack variables that have gone out of scope in a data structure that is in an outer block and used there later. Change-Id: Iced8b809d50089a4e6f9867be9b8501cce59d16f (cherry picked from commit 5ffeec96228e0adb829612ecb855cd28e2063f1d)
2015-03-05tdf#84881: NSSCMSAttribute::type can't be null. Must be same as typeTag.oid?Tor Lillqvist1-5/+5
Why is a separate field then needed? Dunno, but probably because the type and values fields make up an encoded NSSCMSAttribute. (The comment in <nss/cmst.h> says so, but it took a while before I realized what it meant.) The typeTag and encoded fields are for NSS internal use or something. Now Adobe Reader says "The signature includes an embedded timestamp but it is invalid". Progress... Change-Id: I390947db8d414a7ceecc1f67aaeed5fa0f66fe6f (cherry picked from commit 167569bfea0bfa5f697ed7a25a354537bc97fa53)
2015-03-05tdf#84881: Fix typo in OID string for id-aa-timeStampTokenTor Lillqvist1-1/+1
Not that it seems to help. Adobe Reader still claims "signing time is from the clock on the signer's computer". (Why can't RFCs come with standard C header files (and Java and C# sources) defining macros/constants for the magic numbers, OIDs etc that the RFC defines?) Change-Id: I56e8cb4ef56e20345506a080e4d23764d2dfb956 (cherry picked from commit c98f569d035861b6b8c74b469512fa2ae7c9576f)
2015-03-05SAL_WARNs are not for the end-userTor Lillqvist1-33/+33
They can and should be terse, technical and informative. Simply say exactly what API function call failed. The tag and source file name in the SAL_WARN output should already tell a technical reader of the warning what functionality it is related to. Change-Id: I93509bddaca836bd6a07d2899b3faf693b071957 (cherry picked from commit d1f679cacb2e17c4aa94ae6b9f15011c9ec74b25)
2015-03-05tdf#84881: Call NSS_CMSSignerInfo_AddSigningTime() only if not using a TSATor Lillqvist1-5/+4
Something is still wrong, Adobe Reader still says the PDF is signed with the local machine's timestamp, though. Change-Id: Ic9ed3190901025be48e1de191df976e1aa454822 (cherry picked from commit 7d7c2ab1dffa82cfc0e2d6b15702d965b8b0245b)
2015-03-05tdf#84881: Actually check the status of the time stamp responseTor Lillqvist1-0/+7
Change-Id: If8d64b1e03c8318cd3329cd258131fddeb86fa7b (cherry picked from commit d1132ff3895aa67ed662446ef6f43612124455ae)
2015-03-05Copy SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() hereTor Lillqvist1-9/+219
Despite being declared in a public header, they are not exported from libsmime, so copy them here. Sigh. Fix fallout from fe480d8136b204c8dc6c68916cce7e816f8b9c48. Change-Id: I9ecba690a66c263528e5c12738d60cacec4f14ee (cherry picked from commit e075fec6e18b24f4037c11f015e870a470fa8ef8)
2015-03-05tdf#84881: Unclear what the PKIStatusInfo::statusString isTor Lillqvist1-4/+6
Anyway, we can't assume that a string from an external source is correctly formed UTF-8. Change-Id: Ic906c7047b933388d5b51b23095a5a3d4ac7e508 (cherry picked from commit 639730a75294346d4195539c26f466f14d030802)
2015-03-05tdf#84881: Dump also the CMS data in a DBG_UTIL buildTor Lillqvist1-0/+8
Change-Id: I651041a86083eb49aad9a96f6f379149c21854f3 (cherry picked from commit f4f08203ba4acebb4ae3143323ca508fdc0644bd)
2015-03-05tdf#84881: Work in progress: Code to add the timestamp to the signatureTor Lillqvist1-4/+40
Inside #if 0, as the two NSS functions I would want to use aren't exported from libsmime, despite being declared in public headers. Back to the old drawing board. Change-Id: I8b868b4d645a7bbab670e237568c8ff7d97c98cc (cherry picked from commit d1293c666f08963cebb5f1439034dd11634392df)
2015-03-05tdf#84881: Work in progress: Decode the TimeStampRespTor Lillqvist1-33/+294
OMG, it is really horrible to use the NSS SEC_ASN1DecodeItem() API. Figuring out how to set up the SEC_ASN1Template data structure for decoding TimeStampResp was much harder than setting up the template for encoding a TimeStampReq. Luckily I don't actually need to look into the timeStampToken, but can copy that as such into the CMS as an unsigned attribute. I'll cheerfully ignore for now RFC3161's requirements on how the TSA client should check the validity of the response. Let's leave that up to the PDF viewing (and validating) application. Also improve the SAL_INFO logging, use a timeout for the curl operation, add more ASN.1 in comments for information, etc. Still to do: Actually add the TimeStampResp to the NSSCMSSignerInfo. (cherry picked from commit 3cc45e97dd9189b4c76747fce8925bfe48fac70a) Conflicts: vcl/source/gdi/pdfwriter_impl.cxx Change-Id: Id4f800e2cf12a01106b326a31c34eb99f2aa724e
2015-03-05Use curl_easy_strerror() for more information in SAL_WARNTor Lillqvist1-14/+15
Change-Id: I633bd5d697321678d5c179161ac18bc5655246ec (cherry picked from commit 4146b5c3fefcfce10ed6bc7e739408de8acafb92)
2015-03-05tdf#84881: Work in progress: Perform the RFC3161 interaction with the TSATor Lillqvist2-6/+121
Use libcurl to perform the request and get the response. Improve error messages (only use SAL_WARN, though, so sadly not visible to end-users). Still to do: Decode the response and attach it to the signature. Implement request encoding and response decoding for Windows. I probably should extend (and rename) the HashContextScope class to handle all resources that need explicit deallocation, instead of calling curl_slist_free_all(), curl_easy_cleanup() and SECITEM_FreeItem() in so many places. The error handling of the PDF export functionality would need to be re-designed so that we could show actual error messages to the user instead of generic "signing failed" ones. But that is typical for much of our code... Change-Id: I6288de3f09021f8e0f385870143fefffbac2a706 (cherry picked from commit 27d7aea00d22ad3fcdff2e7b267be1cf5c28d43c)
2015-03-05tdf#84881: reqPolicy and certReq are optionalTor Lillqvist1-6/+5
Change-Id: Ia5687bf2d68eef06aeb618d5387c663807d24560 (cherry picked from commit 2ddfaa6d323b5db2f59f06f7708c5209549abeee)
2015-03-05tdf#84881: WiP: Fill in more fields of the TimeStampReqTor Lillqvist1-36/+54
Use the digestAlg in the NSSCMSSignerInfo, once we have it, as hashAlgorithm. Use a random number as nonce. Temporarily, dump the TimeStampReq object to a file for inspection in a DBG_UTIL build. Change-Id: I696271b3ccc6cef86a70bc78f86d6eae27a4af77 (cherry picked from commit 159a4c3c75e3a7aecbf1656f3254331892098ba7)
2015-03-05tdf#84881: WiP: Handle TimeStampReq::extensions correctlyTor Lillqvist1-9/+6
Also, pass dest as NULL to SEC_ASN1EncodeItem(). Now we can call SECITEM_FreeItem(item, PR_TRUE) on its return value. (cherry picked from commit 4ece31faef6279cdb0d7eafa26f696e393649fd4) Conflicts: vcl/source/gdi/pdfwriter_impl.cxx Change-Id: Ia30b70990971aba15158f97528524d879a04da3c
2015-03-05tdf#84881: Intermediate commit: Construct RFC3161 TimeStampReqTor Lillqvist1-1/+159
It took a while to figure out how to use the NSS API to construct ASN.1 DER-encoded data using the SEC_ASN1_Template data structs. But I am getting closer. Now the SEC_ASN1EncodeItem() doesn't crash at least. Change-Id: I863542bbeed47d48d05a67b851648f87ba9ccf31 (cherry picked from commit 4f69b6de069b7ed70a4aa0095ad9bf981eed53ae)
2015-03-05Add plc4 for PL_strdupTor Lillqvist1-1/+2
Change-Id: I2a2f18d76b0deb5f6cfd68b36699d940703372b3 (cherry picked from commit 77d844c9a92fdc1b8ffa043f46ea50bc1cfa7e05)
2015-03-05Tentative fix for fdo#83937Tor Lillqvist1-13/+26
One clear bug in the code, in my opinion, was that PDFSigningPKCS7PasswordCallback() returned its argument as such. However, a PK11PasswordFunc should return "a pointer to the password. This memory must have been allocated with PR_Malloc or PL_strdup", says . I could not test this fix fully before my hardware token decided to block itself, thanks to too many wrong PIN attempts. Possibly it would work to even just pass NULL for the password callback function and its argument to NSS_CMSEncoder_Start(). After all, at least with the hardware token and associated software that I tested with, the software itself pops up a dialog asking for the PIN (password). (cherry picked from commit cbf0c9f8332be9abfed6016f9708e3260331eb2d) Conflicts: vcl/source/gdi/pdfwriter_impl.cxx Change-Id: I85a8b2833cfdd1a1d7b7779016fefb71dd53ab80
2015-03-05Resolves tdf#78221 Cannot drag twice the same cell when editing formulaHenry Castro3-6/+56
Change-Id: I69402778e68a2955bdda1ba2c9d31d9b10fb60cc Reviewed-on: Tested-by: Jenkins <> Reviewed-by: Andras Timar <> (cherry picked from commit 3381cb4a421bf390445b7dac9ea42f9ccaf3d875)
2015-03-05Resolves tdf#84012 FORMATTING: Partially missing text in shrink-to-fit cellsHenry Castro1-0/+4
Change-Id: I32f44acbcf5a6aed4d9f7442ad7212af31073352 Reviewed-on: Tested-by: Jenkins <> Reviewed-by: Andras Timar <> (cherry picked from commit 4acffa65b58c8bd359215345dca2c61e2c5ceba5)
2015-03-04Bump version to 4.3-4cp-4.3-4Andras Timar1-1/+1
Change-Id: I1185a2c490895493012d5b1ddbb2bdf6e8fac5ec
2015-03-04not all OrCriteria have three childrenLionel Elie Mamane1-1/+3
and some contain a column in the second child Change-Id: Ifd69758336233ed0233120b3315d4f33655fa994 Reviewed-on: Tested-by: David Tardon <> Reviewed-by: David Tardon <> (cherry picked from commit 1ce2461ab77f2ad28671ac1542509bbb16a155ef)