Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I68acd56b28b0f989a4010cd939f2452970d158ff
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167103
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
mvUserData is still needed to keep it's content from being deleted.
Revert "Drop unused instance variable."
This reverts commit 687ae6ca01177a04f9ea715a1f1cd70f385a0840.
Change-Id: I689cfdaf8d4d62a3b53ff7fb318dc8c70b9e1c2d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167020
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Tested-by: Jenkins
|
|
Change-Id: I52867ef0a094e546a307b98089c259f9e8bbdabf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166984
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: Iee32e4348526e54e0cc45a54e55eddb6479248e0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166968
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Change-Id: I7f52b318b083535422202dacbee928333cb3ac78
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166639
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
|
|
Change-Id: I13117b36bb063b0afc498ef237b9255c0a900131
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166638
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
Tested-by: Jenkins
|
|
Change-Id: I95b84eff5d8bb288aa704620db328d89062efdf4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165689
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
At least the Emscripten build was hit again by what had been fixed with
bddb0d87e809c96ee810de0e553f02bbe158907d "Missing include", after
a0c53ab43840d1c84d7d246b2cbc73c3a8862155 "tdf#146619 Remove unused #includes
from C/C++ files".
Change-Id: I632ab297bc51aa07019e4bb0cb4ef8f6372a1374
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165795
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
the 'xmlsecurity' module was cleaned
Change-Id: If8fae797ed5586888022ecb09bab690d68ae7bd9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165593
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
Change-Id: I3e20fda4b841458e979258dd5dc83c7f89f48083
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165497
Tested-by: Julien Nabet <serval2412@yahoo.fr>
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
...presumably since 50897e3fe001aeae5a6091ede155088461c798f3 "Drop transitional
header xmlsecurity/xmlsec-wrapper.h",
> xmlsecurity/source/xmlsec/xmlsec_init.cxx:29:9: error: use of undeclared identifier 'xmlSecInit'
> 29 | if( xmlSecInit() < 0 ) {
> | ^
> xmlsecurity/source/xmlsec/xmlsec_init.cxx:55:9: error: use of undeclared identifier 'xmlSecShutdown'
> 55 | xmlSecShutdown() ;
> | ^
etc.
Change-Id: I1aab4bb3601102c4ac0025833b03fa35adc9434e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165465
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
It was introduced with
commit ec52e5e5a204862905b555cdc1f7393aede1f7d8
and the reason of that was the XMLSEC_NO_SIZE_T behavior consolidation.
But this was removed later with
commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b
Change-Id: Ib5350d9ab5554d1412821b762cd3ee7906b65b64
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165440
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
'xmlsecurity' module was cleaned.
Add some headers from xmlsec-wrapper.h in preparation
for its removal
Change-Id: Id66e6d40d4d5d980626832c0e2f6255fc31b4bcf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164639
Tested-by: Jenkins
Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
|
|
gpgme contexts uses the "auto" trust model by default which only
allows encrypting with keys that have their trust level set to
"Ultimate". The gpg command, however, gives the user the option
to encrypt with a certificate that has a lower trust level so
emulate that bahavior by asking the user if they want to trust
the certificate for just this operation only.
Also, abort saving if no certificates are selected which is an
indication that the user cancelled the Select Certificate dialog.
Change-Id: I20951b1e31b2dcf8adb82243742f8c00fbaca8c2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165260
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
level
Change-Id: I191fd5d676d6d54fb0ef15652420afdceab2fc78
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164810
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
|
|
This is effectively unused since:
commit d22ab7b444a4e16dc2bd1f7d15fa36a848eaaaed
Change-Id: I6f646b7daf845035196fc9dde4ff270b8143d37a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164645
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
The cui module has its own UserData struct and when building with
--enable-mergelibs=more, this data collision will cause a crash
when deleting a UserData instance in the xmlsecurity module because
the cui module already has its own, unrelated UserData struct.
Change-Id: I6418b049c72a2e902c9b5076b72fd240f65a593d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164404
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I2810d22e8f5e1c81647b9e9b15519de65939630a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163895
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: Idb292c508029efeb23ed969c9fad566154cb424c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162354
Tested-by: Jenkins
Tested-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Reusing the same instance will, in the following case, lead to a
crash. It appears that the CertificateChooser is getting disposed
somewhere as mpDialogImpl in its base class ends up being null:
1. Create an empty Writer document and add a digital signature
in the Digital Signatures dialog
2. File > Save As the document, check the "Encrypt with GPG key"
checkbox, press Encrypt, and crash in Dialog::ImplStartExecute()
Change-Id: I9aaa1bd449622e018b502d68c53d397255a1b61a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163065
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
|
|
looks like the new row gets sorted immediately when added as an empty
row into the first row, so accessing it by index later to set it text/id
get an unexpected result.
pause sorting while inserting the entries and enable it again when
finished for the easiest fix.
Change-Id: Ib028b193afbf2b9026841b19419e012b70448e39
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162993
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Add the following applications to the macOS GUI servers list:
- Trusted Key Manager - CertEurope
- SCInterface Manager and SmartCard tools
Change-Id: Iec78171c6e82f0a072f5f06b79606560a8cc03cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162942
Tested-by: Jenkins
Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
Most, if not all, of the Linux certificate manager applications are
not available on macOS so create a separate list for macOS.
Also, fix uncloseable windows due to uncaught exceptions thrown by
XSystemShellExecute::execute(). Failure to catch such exceptions
would cause the document window to be uncloseable and the application
to be unquittable.
Change-Id: I9bc6dc9c6c9d054252b634874045cb066023214a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162887
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
... everywhere it is used to generate material for encryption.
Change-Id: Id3390376bb2f3a5fa1bbfd735850fce886ef7db2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162873
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...which had always cut off an existing path ever since
92b6ffcd9f687cc54a0fc3801ca85c7e4d77512f "Allow selecting a custom certificate
manager", for reasons that are unclear to me.
So if an existing setting contains at least one slash (or backslash, on
Windows), try to use it as-is; otherwise, keep searching for it in aPath. (And,
in any case, make sure to report back the given value in sExecutable.)
Change-Id: I8b2b6ac7a449d7afd02e029ff46d4c79e6b824e1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162703
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
Obsoleted by commit 2484de6728bd11bb7949003d112f1ece2223c7a1 (Remove
non-const Sequence::begin()/end() in internal code, 2021-10-15) and
commit fb3c04bd1930eedacd406874e1a285d62bbf27d9 (Drop non-const
Sequence::operator[] in internal code, 2021-11-05).
Change-Id: Idbafef5d34c0d4771cbbf75b9db9712e504164cd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162640
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Commit 4d6e9d5e155da1dde05233eb87691e2a454162f6 added 2 tests that
always fail on WNT, unfortunately Jenkins doesn't actually run the
tests.
There are 3 certificates involved:
"Xmlsecurity RSA Test Root CA"
"Xmlsecurity Intermediate Root CA"
"Xmlsecurity RSA Test example Alice"
In the signature XML, there are 3 elements that contain or reference
certificates:
1. X509Data - xmlsecurity produces only the signing certificate here
2. xd:SigningCertificate (XAdES) - again only the signing certificate
3. xd:EncapsulatedX509Certificate (XAdES) - xmlsecurity produces the
full certificate chain here
All of these elements *could* contain the full certificate chain, but in
LO-produced XML signatures only 3. does.
The problem is that the function CheckUnitTestStore() that looks up
a certificate in a unit-test-specific CA store via
$LIBO_TEST_CRYPTOAPI_PKCS7 can only handle a root certificate, it does
not recursively retrieve and check a certificate chain.
The SecurityEnvironment_MSCryptImpl::verifyCertificate() already has a
parameter "seqCerts" to pass in the full certificate chain, but due to
the way the data from the XML is processed, it gets passed only the
content of the X509Data element(s), which, for LO-produced signatures,
do not contain the full certificate chain.
Instead of improving the unit-test-specific function, let's try to get
all the certificates out of the XML signature, and then pass them to
verifyCertificate().
Of course this requires some consistency checks so that the verification
can't be fooled by different certificates in different XML elements.
Change-Id: I8ca541887ceac2dfb6af5d96a5565cfa58d7f682
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162170
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I24c429c7cb8283a384b72499d1c3f4c2f1457c33
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162155
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
what I'm really after is some vexating not-reproducible oss-fuzz msan
warnings when using libxml2 in the fodt2pdf fuzzer. So lets upgrade
libxml2 to the latest, which requires bumping libxslt, and then requires
a newer liblangtag because of no longer implicit includes that it
depended on.
xmlKeepBlanksDefaultValue and xmlSubstituteEntitiesDefault are
deprecated, we should get around to updating those uses
Change-Id: I8fda0dffda0a7ea65407d246a3121875cb8ad4a4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161598
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
Change-Id: Ibc1b8265292f579760c08c2906687118a8cf6df4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161491
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
we already have other, simpler facilities for wrapping streams
Change-Id: Icff4cca2d6327dad9c5964ca61d578506009d047
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161445
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
With PCH, the earlier workaround with NSS_PKCS11_2_0_COMPAT breaks -
so lets fix this with conditionals, its only two places.
Follow-up commit to 9276d5338ef04209b007bbc705e4c023cf181456
Change-Id: I7d3292304d83d784ee9dce5cdc62b4a028ff333a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161204
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
(regression from commit f0fda7ad2236f478fea396a23d4f982e5fc37e68)
Change-Id: I42fda00eb37fb1939013b21158c931d47e4e8486
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
This is essentially a footgun because the user can accidentally turn it
off and get non-AdES signatures which use obsolete SHA1 hashes.
Unfortunately it turns out that the initial setting of the checkbox only
works for ODF, because OOXML have m_sODFVersion set to "1.0" due to some
defaulting code somewhere.
So what this checkbox actually did is unintentionally disable XAdES
signatures for OOXML by default.
Now that i actually test it by setting ODF version 1.1 in
Tools->Options, it turns out that signing ODF 1.1 documents isn't
possible at all, a dialog pops up that says "Signing documents
requires ODF 1.2 (OpenOffice.org 3.x)".
Change-Id: I0eaf590c290b2c0ee0ff890ed73f0dbea4cf0ce3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160785
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
gtk3/gtkinst.cxx:15371: virtual void (anonymous namespace)::GtkInstanceTreeView::select(int): Assertion `gtk_tree_view_get_model(m_pTreeView) && "don't select when frozen, select after thaw. Note selection doesn't survive a freeze"' failed.
(regression from commit ad6f23d2a3842c40f7c812003af4031150ea8183)
Change-Id: I8c0639e755188731bdd211f9d71a830d7afeeaa6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160786
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
... and use it in the new experimental ODF encryption mode.
https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
Unfortunately it turned out that NSS PK11_CipherOp() does not work with
CKM_AES_GCM because it is initialized with "context->multi = PR_FALSE"
in sftk_CryptInit(), so the one-step functions PK11_Encrypt() and
PK11_Decrypt() have to be used.
NSS 3.52 also changed a parameter struct definition - see
https://fedoraproject.org/wiki/Changes/NssGCMParams - which is not a
problem for RHEL or SUSE system NSS since those are rebased, but it
is likely a problem for less well maintained Ubuntu LTS, so use
the old struct definition which evidently still works with NSS 3.94.
NSS 3.52 also added a new PK11_AEADOp() API but it looks like this
doesn't support incremental encryption either.
Change-Id: Ibd4a672db74b65b1218926ba35ff8d2f70444c7e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160505
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Missed a special case in previous commit, in case the input is
completely empty and PK11_DigestFinal() doesn't see a problem with it,
aResult could be empty too.
Change-Id: I8ea900774ae390857307ec5bab38876bead6bc86
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160441
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
If this function returns null, storing a document will proceed without
reporting an error to the user, and lose all the data.
Change-Id: I0f9fd53702321e7997b28e12eb5bed3349bbcc13
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160435
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I90c48aafd11deb2895d01c90764fc433a9161e07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160434
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I05a7eeb74088c278aab94519c7f53b0482e38058
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160400
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ia7d9b806667a7c11743f7e9e4bb5525a1202e7fe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159712
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
new plugin to look for class fields that are always cast to some
subtype, which indicates that they should probably just be declared to
be that subtype.
Perform one of the suggested improvements in xmlsecurity/
Change-Id: Ia68df422c37f05cbcf9c02ba5d0853f8eca4f120
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159063
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...in include files. This is a mix of automatic rewriting in include files and
manual fixups (mostly addressing loplugin:redundantfcast) in source files that
include those.
Change-Id: I1f3cc1e67b9cabd2e9d61a4d9e9a01e587ea35cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158337
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I6cdabef12d60f9fa554b95c99e702e8c700329e9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158296
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I05777731f1d69b5714942411401afb5fd605d726
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/155668
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Added the functionality of caching certificates per session using a
single instance with internal memoization. Added Reload Certificates
button in case of certificate changes in-session. Updated all instances
of certifcate chooser in the codebase to work with the new change.
Change-Id: Icb25a2b2e9787b029fa6189f70bd4ba3b6806f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/155373
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Both columns are irrelevant in the main dialog's view, can be viewed
through viewing certificate's details.
Change-Id: I265a7e125c2679f3a05dba4414f4104f3a5cac2f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/155746
Tested-by: Jenkins
Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
|
|
Change-Id: I460d56a5a13dde1bd77f21e0bb6467dd00cb3f40
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/154498
Tested-by: Jenkins
Reviewed-by: Arnaud Versini <arnaud.versini@libreoffice.org>
|
|
Change-Id: Ic2e9de67a00bb9ca8ab4d0f7528b22c58d0cc360
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/154721
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Added a new search box in the certificate chooser dialog, introduced
local caching for certificates to allow instantaneous filtering and
searching. Modified viewing signatures function to allow searching
functionality.
Change-Id: I361a47da7bd5d24efcbfc17065935851db951c44
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/154630
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|