summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 6.3.6.18feature/cib_contract57dGabor Kelemen6 days1-1/+1
| | | | Change-Id: I9f5419642ac9559e37652bc7353d9914e45cffd6
* PDF export: skip pointless downsampling for very small imagesMiklos Vajna2022-07-223-2/+66
| | | | | | | | | | | | | | | Regression from commit b6588bd7c831ce88a29131ca7ea8d3f3e082564e (Reduce image resolution by default in PDF Export, 2014-03-02) the problem is that in case you have small enough bitmaps, then these used to look OK at reasonable zoom levels, but now we intentionally scale down bitmaps by default. That makes little sense for tiny images, do this only for large ones. Change-Id: Iff15325b842b47d9285a7c0f83f402897498392d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87086 Reviewed-by: Miklos Vajna <vmiklos@collabora.com> Tested-by: Jenkins
* related tdf#81345: make unit test robust - check last pageJustin Luth2022-07-151-1/+1
| | | | | | | | | | | | | | | On KDE Neon 18.04, something was causing page 1 to spill over onto page 2. Checking the last page instead of the second one is fine for testing the problem solved for bug 81345. Confirmed with bibisect53 that same header/page style had been used for the whole document originally. Change-Id: Id85562153d7ce1d570806a611f11d33fa5b83c87 Reviewed-on: https://gerrit.libreoffice.org/78250 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de> (cherry picked from commit 6fa47ff2ee87bde38719bfaeac022efd966fc8a2)
* missing includesMichael Stahl2022-07-152-0/+3
| | | | Change-Id: Ib01c8224537448e146ab9dc80f4583f06c9f0c28
* tdf#149978 sw: ODF import: fix nondeterministic automatic stylesMichael Stahl2022-07-153-5/+69
| | | | | | | | | | | | | | | | | | | | | | | | | The problem is that in SwpHints::TryInsertHint() there is a check for IsInXMLImport() that is presumably an optimization to avoid the potentially expensive call to BuildPortions(). While LO would only produce 1 text:span referencing an automatic style around any given character content, this is not required by ODF, and so other producers may legitimately produce such nested text:span elements. Unfortunately the current SwpHints::Insert() isn't deterministic, the RES_TXTATR_AUTOFMT with same start/end will be compared by address in CompareSwpHtStart() (whereas RES_TXTATR_CHARFMT has a sort number for this), so the result is going to be a random order. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137033 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit d7827f712ddd21a6c1e151f54dc6eba5c12690da) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137057 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 7a8f2c7e3a16dae6bdc891fb969e673527e45615) Change-Id: Id62a7ff5fb85dbe42b7e1a27b0d8b36b74cf1100
* tdf#132642 sw layout: try2 emulate table kept-with-next not splittingJustin Luth2022-07-117-14/+43
| | | | | | | | | | | | | | | | | | | This adjusts my LO 5.2 code for tdf#91083 that tried to emulate the table's keep-with-next property which doesn't have a matching counterpart in MS formats. I always confused myself trying to understand what my year-long coding attempt was trying to do. This seems much understandable, and efficient. The big clue was that it affected non-MS formats - which was unintended. Change-Id: I7886e52430cb34799e25f7fcf73500e28bbe2a55 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93443 Tested-by: Jenkins Reviewed-by: Justin Luth <justin_luth@sil.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.com> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136952 Tested-by: Gabor Kelemen <kelemeng@ubuntu.com> Reviewed-by: Gabor Kelemen <kelemeng@ubuntu.com>
* tdf#135244: move LockAllViews to SfxObjectShellMike Kaganski2022-07-044-11/+28
| | | | | | | | | | ... so that it may be called from SfxObjectShell::SaveTo_Impl, and handle export cases in addition to save (as) handled in tdf#41063. Change-Id: Ie39196656dd1a95dcb6bab3ae8138c2f5c8729e6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99714 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
* Release 6.3.6.17Michael Stahl2022-05-121-1/+1
| | | | Change-Id: I9057241beffc35e17d05ff74f6d4ee6017bccc06
* Fix Python deprecation warningsStephan Bergmann2022-05-122-2/+2
| | | | | | | | | | | | | I noticed these "DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working" now when running tests with CPPUNITTRACE='gdb --args' on Fedora 32. Change-Id: If263dacb9df5c1fffd2be2418e13e69b96070c77 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103294 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com> (cherry picked from commit 4a899a5f8a72ea29a6919316afe3627de9f33e95)
* vcl: disable timer test (never succeeded for me on Linux)Michael Stahl2022-05-121-1/+1
| | | | Change-Id: I6f696641a19bec3df792bd27f8c2fe0a7024c6c6
* officecfg,stoc: allow running JVM UNO components out-of-processMichael Stahl2022-05-124-13/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The problem is that 32-bit Win32 applications have very little VM, and soffice.bin can run out, so try to move the JVM to a separate process (uno.bin) and connect to it via pipe. Add a new config to enable this: "org.openoffice.Office.Java/VirtualMachine/RunUnoComponentsOutOfProcess" If enabled, ServiceManager instantiates *all* JVM components out-of-process, by instantiating "com.sun.star.java.theJavaVirtualMachine" out-of-process. To ensure that the remote connection is disconnected at shutdown (and thereby prevent crashes with remote calls during late shutdown), JavaComponentLoader is now a "single-instance" service; this change should be harmless for the default in-process configuration case. Tested with these extensions: Wiki Publisher smoketest TestExtension.oxt odk CalcAddins.oxt Inspector.oxt ToDo.oxt Also passed "make check" on Linux when enabled, if the variable URE_BIN_DIR is set properly for CppunitTest_services. Change-Id: I76bf17a9512414b67dbd20daee25a6d29c05f9d9
* stoc/javaloader: create instances with uno constructorsNoel Grandin2022-05-122-50/+11
| | | | | | | | | | | See tdf#74608 for motivation. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98698 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> (cherry picked from commit 37f5ad41ed9928a4394b80050cdc00fd6d830a07) Change-Id: Ic1ce8431bfb116c1e64116e2019fa0d3bcf8344c
* Properly use createOneInstanceComponentFactory for javaloaderStephan Bergmann2022-05-121-10/+2
| | | | | | | | | | | | | | | After 424a7f404565e068995e2a9827d5bc6f76920ec8 "add some more libs to libmerged" had added javaloader to libmerged, destruction of static xStaticRef started to cause problems at least during CppunitTest_services of --enable-mergedlib Windows builds (presumably because the relative order of static variable destruction had changed). Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90254 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com> (cherry picked from commit 9ed75e2c65544b4f71c73e1c51a68d74e31d544b) Change-Id: I8307570222cc9a3d9511d090d0dae7f7dfe7a9ad
* Add error handling to RenamePrgFolder and RemovePrgFolderSamuel Mehrbrodt2022-05-111-4/+18
| | | | | | | | | | | | | | | These routines can fail during MSI installation (seen leftover program_old folders, with program folder missing). We at least want to see the error in the MSI log file when this doesn't succeed. This outputs error messages like: MSI (s) (C4:5C) [10:47:54:280]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI37B4.tmp, Entrypoint: RemovePrgFolder CustomAction RemovePrgFolder returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 10:47:54: RemovePrgFolder. Return value 3. Change-Id: I4ce4099eeb3e0ee79eb4a2e1d3887f9810fd9669
* Release 6.3.6.16Samuel Mehrbrodt2022-04-261-1/+1
| | | | Change-Id: Id264d8c79b515eaedb15a8434cdbd47ca5314101
* Extend UNO API for custom jump listsSamuel Mehrbrodt2022-04-262-46/+297
| | | | | | | | | | * Allow to display the recent/frequent files * Allow adding items to the "Tasks" category * Allow adding multiple categories Follow-up to 7efd22c912262f7bf4e4735dae70db0b31ab3d5b Change-Id: I860d44c1a0d9bc8200529c908b6103741dc37bb5
* sw: layout: fix crash when deleting page with section being formattedMichael Stahl2022-04-223-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This crashes only when calling storeToURL() with writer_pdf_Export? There is a text frame 112, followed by section frame 126, which contains table frame 127. The section frame 126 is being formatted, which in SwFrame::PrepareMake() formats its prev, text frame 112. This does MoveBwd() and in SwContentFrame::MakeAll() formats its next, tab frame 127. This also does MoveBwd() and then there is this really odd condition in SwTabFrame::Paste() where it calls SwFrame::CheckPageDescs() if it *doesn't* have a RES_PAGEDESC item and the page has a non-default page style - this condition remains inexplicable since initial CVS import. Then CheckPageDesc() sees the (next) page is empty and deletes it. So check in sw::IsPageFrameEmpty() that there aren't any sections with IsDeleteForbidden() set. (regression from commit b9ef71476fd70bc13f50ebe80390e0730d1b7afb) Change-Id: I3c64fe40fabffc255c4146a35c678ce6a1cc09c9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133222 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 85aa57359befd7a21b3fdf36f2b362f50495f77c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133151 Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org> (cherry picked from commit 116b246e42a1c807e4e693bd020231a22f05abcd)
* Release 6.3.6.15Thorsten Behrens2022-04-021-1/+1
| | | | Change-Id: I3e207e3c15305febd13cb335da4081534cbc4103
* clamp and add some logging like SvmReaderCaolán McNamara2022-04-011-0/+20
| | | | | | | | | | | | | LIBREOFFICE-OWMTGGWJ Change-Id: I8f744e1ab2684a0f0995abcc3e753a684a3b970a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130982 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 19add15932e579c931480eed42eeea52d0551897) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131369 Tested-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 8727f47611af8dfb5ac186cc47e7b38741ccfb76)
* protect frame from triggering deleting itselfCaolán McNamara2022-04-013-0/+351
| | | | | | | | | | | | LIBREOFFICE-N4LA0OHZ Change-Id: I0d24277665a317f047b286fe0f0878b3814ded65 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130766 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit ee2a192923bf709d05c174848e7054cd411b205a) (cherry picked from commit 3d3c6462eeef581af2b936071c3ef432858b04a5) (cherry picked from commit 503d84cabb68233a12a3a9602253f4345be86ad7)
* lastPoint might be 0xFFFFCaolán McNamara2022-04-011-1/+1
| | | | | | | | | | | LIBREOFFICE-KYYAZMB9 Change-Id: Ic0d95bd39a01dc1e5e0fec83dcc2c40b3f23b747 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130462 Tested-by: Jenkins Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org> (cherry picked from commit 21ea1eacd214dbaac8d0ce7f437580d535871415) (cherry picked from commit 1f3e7bc9e47b83f009b8085effa61467101aa102)
* fail more gracefully if m_aTmpPosition is emptyCaolán McNamara2022-04-011-0/+2
| | | | | | | | | | | LIBREOFFICE-N4LA0OHZ Change-Id: I7f863151f753ad5605c4f1f280cfd79aa4c6bce4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130772 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 02837024ea8d3d52c92420858327b309f2e96487) (cherry picked from commit 9fc1be2594ceac46e9a769d7ee2a2004869603ac)
* check if cast is to the right typeCaolán McNamara2022-04-011-13/+18
| | | | | | | | | | | | LIBREOFFICE-311XVJ95 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130670 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit b44bd9ef8e2efdb66558917200e1f179b9db1c58) Change-Id: I159f516daafad3e4088677fe2c8c6f5423b3e264 (cherry picked from commit f9350f9a8404fd9eb5b6963022f0069e89ddd061)
* ensure null terminatorCaolán McNamara2022-04-011-8/+3
| | | | | | | | | | | | LIBREOFFICE-WB8DT2Q9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130668 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Tested-by: Jenkins (cherry picked from commit 4b6956ca146f25b746f63c176b377d3c15d204ff) Change-Id: I98529325bbd3ff475ba84b4991eb17240440df4b (cherry picked from commit 918c4a49fa841f0d234b18234d946684fe6378af)
* keep paragraph's that failed to load until import is completeCaolán McNamara2022-04-012-0/+6
| | | | | | | | | | | LIBREOFFICE-509JU93T Change-Id: I526edb182fed4fa023cce58e78a650a7c2046ed3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130326 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 32e8d3e45698a3cc09f66460b460db1d10ac50b5) (cherry picked from commit 0635bbb035940dcedb17713a958f81265d69e67e)
* Better handling of msiRenwa Hiwa2022-04-011-1/+1
| | | | | | | | | | | LIBREOFFICE-SK4E5D8N Change-Id: I44f25a47ab6ffeb9d2b679874c8c96af1319eb2c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130317 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit ccaabe8e8100a3a0600456c5a65221ca2b263c95) (cherry picked from commit aa993b7667136ff858a7c8d6f3d1bac8f255151a)
* limit style export to words max style countCaolán McNamara2022-04-012-16/+16
| | | | | | | | | | | | | | | and use std::vector LIBREOFFICE-U78X8I5G Change-Id: I436b4c13a4ce07f5e9e5d374163bc4de55cd2cde Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129766 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 8e94ec9d93fe3e1057fb1aaa2f0419114c4ea11c) (cherry picked from commit 0361cc74c7e0619f8b25a5584accb56d0c45f97a)
* read of width/height uses wrong record sizezhutyra2022-04-011-2/+6
| | | | | | | | | | | | | | | | | | this initially went wrong at: commit b4fb7a437bb0ce987702b12008737756623618ac Date: Mon May 23 21:38:40 2011 +0100 fix up some more endian LIBREOFFICE-SBQ5TJRS Change-Id: Ie418f530f55288351f73f3c0cbab9ac48e6b6964 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129259 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 6694e3ea9c2f05a20245d94c5c1eda955cb3aacc) (cherry picked from commit aaad67afccf1c59bf7d8fe7ab5207ff903f1c515)
* ensure bounds checkingzhutyra2022-04-011-50/+15
| | | | | | | | | | | LIBREOFFICE-SBQ5TJRS Change-Id: I71f35bc120fdd70298685131f29a6bb822d50f11 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129261 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 17dd787a4ca9c17883e0bdfc75c89c2fa7ec169e) (cherry picked from commit b268215d10f7da6d01c223b260970198c00cb610)
* ofz#43577 valid reclen must be >= 20Caolán McNamara2022-04-011-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I454bff4acfcd85701a7f094a8bd76898825e9ce2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128388 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 444477a07bcaf59181dbbc719b913566091deadc) ofz: Use-of-uninitialized-value Change-Id: I6b768b80d972c5379005efecfb803463ca648b4b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128644 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 7b37a1a5144a3a4c8b0803b7e2da81e9e108bf66) ofz: Undefined-Shift Change-Id: Ib935359071ef9e390aa3d6c9713ed48241ad18e6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129066 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit e863b90a0e5fc90c3b824e4b0012f9389b87a3ac) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129183 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 7c8b41bc322720dc9434fbef1f10a6740913165e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129416 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 7664ec93edc190ae0bc18b5793763fde5cec8d62)
* ofz: Use-of-uninitialized-valueCaolán McNamara2022-04-011-1/+2
| | | | | | | | | | | | Change-Id: Ic5f41e4f1f6b20a8cd8887807296f33adb48b728 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128439 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit bb03203848ef1c30786ad084440b5d317a466127) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129415 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit b3288c52844bec9e33a7ae725332f95c84384ac7)
* compare authors using ThumbprintCaolán McNamara2022-04-011-3/+12
| | | | | | | | | | | | | | | | Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 0ce93b38af84453aba8002c098ac168b0fadfc97)
* xmlsecurity: some Distinguished Names are less equal than othersMichael Stahl2022-04-018-20/+208
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out that the 2 backends NSS and MS CryptoAPI generate different string representations of the same Distinguished Name in at least one corner case, when a value contains a quote " U+0022. The CryptoAPI function to generate the strings is: CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...) This is documented on MSDN: https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR NSS appears to implement RFC 1485, at least that's what the internal function is named after, or perhaps one of its several successor RFCs (not clear currently if there's a relevant difference). This is now causing trouble if a certificate with such a DN is used in a signature, created on WNT but then verified on another platform, because commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66 introduced consistency checks that compare the DNs that occur as strings in META-INF/documentsignatures.xml: xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed The reason is that in XSecController::setX509Data() the value read from the X509IssuerSerial element (a string generated by CryptoAPI) doesn't match the value generated by NSS from the certificate parsed from the X509Certificate element, so these are erroneously interpreted as 2 distinct certificates. Try to make the EqualDistinguishedNames() more flexible so that it can try also a converted variant of the DN. (libxmlsec's NSS backend also complains that it cannot parse the DN: x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ','' but it manages to validate the signature despite this.) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit e63611fabd38c757809b510fbb71c077880b1081) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124196 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 3dfe381032fc61ea31106f103dee9db8277d4d25) Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124420 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit ee48ce9886d884730a91c695b5d0668c6d90c740)
* xmlsecurity: fix test failing because NSS policy forbids SHA1Michael Stahl2022-04-015-0/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that 8 tests including testODFGood in CppunitTest/xmlsecurity_signing fail because the crypto policy disallows SHA1 for signatures. Apparently this particular policy bit was added in NSS 3.59: https://bugzilla.mozilla.org/show_bug.cgi?id=1670835 For signatures, maybe it's not a good idea to override system policy for product builds, so do it locally in the tests, at least for now. If similar problems turn up for encrypted documents in the future, that should be fixed in product builds too of course, as encrypted documents must always be decryptable. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123768 Tested-by: Jenkins Tested-by: Caolán McNamara <caolanm@redhat.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 51e82016e8783a452fe5f7921d12c1bf20bfd6b5) xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicy The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1 is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually in libnssutil3.so. This causes a linking problem when upgrading the internal NSS to a version that has NSS_USE_ALG_IN_ANY_SIGNATURE. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 395c0c0bbaceadf909e0189af99c6358487c7978) Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123838 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 0f3431026dbff0251efeb0b92be335841a08cc5d)
* test: upgrade test NSS database from dbm: to sql:Michael Stahl2022-04-016-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fedora nss-3.69.0-1.fc34.x86_64 and Debian libnss3:amd64 2:3.70-1 no longer support the old BerekelyDB databases, so convert them to the new SQLite format for the benefit of --with-system-nss builds. This worked to do the upgrade: > certutil -N -d sql:test/new --empty-password > LD_LIBRARY_PATH=instdir/program workdir/UnpackedTarball/nss/dist/out/bin/certutil --merge -d sql:test/new --source-dir dbm:test/signing-keys Builds would fail running tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 signing.cxx:551:Assertion Test name: testODFX509CertificateChain::TestBody equality assertion failed - Expected: 0 - Actual : 1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123586 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 907784ccce7bd8b5121888cff7f5723a55d35358) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123643 Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 7b4b03b9cf21ecd11bc82da5f29c4ff91ad242c9) Change-Id: I00aa20703e117ebf583c3331b84e966c2cfc78cd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123837 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 755155498b13c8724831276808c930adba891f5c)
* xmlsecurity: fix new tests on WNTMichael Stahl2022-04-014-9/+340
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't actually run on WNT but that wasn't obvious because commit 149df1fec6472e30582162e17e04c75aee91d26a prevented running them in Jenkins on master, they failed only in the libreoffice-7-1 backport. xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion Test name: testODFDoubleX509Certificate::TestBody assertion failed - Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK) - 2 This is an oddity where NSS claims the signature in the document is valid but CryptoAPI claims it is invalid; the hashes passed into the validation functions are the same. Just allow BROKEN as an additional result value on WNT. xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion Test name: testODFX509CertificateChain::TestBody equality assertion failed - Expected: 0 - Actual : 1 The problem here is that with NSS the tests use a custom NSS database in test/signing-keys so we need to make these certificates available for CryptoAPI too. The following one-liner converts the NSS database to a PKCS#7 that can be loaded by CrytpAPI: > openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b Then one might naively assume that something like this would allow these certificates to be added temporarily as trusted CAs: + HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ; + HCERTSTORE const hExtra = CertOpenStore( + CERT_STORE_PROV_FILENAME_A, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + NULL, + CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, + path); + if (hExtra != NULL && hRoot != NULL) + { + BOOL ret = CertAddStoreToCollection( + hRoot, + hExtra, + CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, + 0); + SAL_DEBUG("XXX hExtra done " << ret); + } There is no error from this, but it doesn't work. Instead, check if CertGetCertificateChain() sets the CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate manually in the extra PKCS#7 store. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 7d664ec788acdc378506a7ff8b1120cea24a6770) Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123836 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 7c622c58cda433964dd73544d56a81a7c88e3f5d)
* xmlsecurity: add tests for multiple X509Data/X509CertificateMichael Stahl2022-04-016-0/+100
| | | | | Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442 (cherry picked from commit 8193373a700c4b5acfc6285fac25eff06b6ffb1b)
* xmlsecurity: add test for timestampsMichael Stahl2022-04-012-0/+22
| | | | | Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b (cherry picked from commit cec50077eaef32890d9565237277a607c7721c83)
* libxml2: upgrade to release 2.9.13Michael Stahl2022-03-311-3/+3
| | | | | | | | | | | | | | | Fixes CVE-2022-23308 Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130259 Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130296 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
* upgrade to expat 2.4.6Caolán McNamara2022-03-311-2/+2
| | | | | | | | | | | | | | | | | | CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130157 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org> Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130294 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
* libxslt: upgrade to release 1.1.35Michael Stahl2022-03-314-74/+4
| | | | | | | | | | | | | Fixes CVE-2021-30560 Change-Id: I334662ddc40955780321133be9aee23858e04dc1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130023 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit d74fbedd96c9563e1f6bb245dc7e136b30bc5e84) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130080 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* upgrade expat to 2.4.4Caolán McNamara2022-03-312-11/+8
| | | | | | | | | | | | Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129072 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 8b537d5b40c617c29cf7ca19e63ab882525cf3aa) Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129212 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* only use X509DataCaolán McNamara2022-03-313-0/+12
| | | | | | | | | | | | | | Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178 Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com> (cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128110 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* icu: add patch for CVE-2021-30535Michael Stahl2022-03-313-0/+135
| | | | | | | | | | | | | | | Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124779 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 35eef8ec9b122a761400f3c6590ca1f9a187d772) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124701 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 105c258fcdd69f617de64b780ffcdb8304ff262c) Change-Id: I398596f77aa47ab6d4db01b94422262048cffd3e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124838 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* postgresql: upgrade to release 13.5Michael Stahl2022-03-311-2/+2
| | | | | | | | | | | | | | Fixes CVE-2021-23222. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315) Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125334 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* openldap: upgrade to release 2.4.59Michael Stahl2022-03-311-2/+2
| | | | | | | | | | | | | | | | | | | | Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of other CVEs that affect only the server. Unfortunately it looks like NSS support was removed in release 2.5.0. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860 Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit b7c670984e4af1c73fa05731ca8029cec487bd52) Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124953 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* libjpeg-turbo: add patch for CVE-2020-17541Michael Stahl2022-03-312-0/+39
| | | | | | | | | | | Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124837 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
* curl: upgrade to release 7.78.0Michael Stahl2022-03-317-14/+16
| | | | | | | | | | | | | | | | | | | | | | | | | * Fixes CVE-2020-8284 CVE-2021-22924 * Also fixes these which don't look relevant to LO: CVE-2020-8231 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22897 CVE-2021-22898 CVE-2021-22901 CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926 * disable some new protocols and dependencies * remove curl-ios.patch.1 as the code no longer exists upstream Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d) Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119423 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
* upgrade to Expat 2.4.1Caolán McNamara2022-03-312-2/+16
| | | | | | | | | | | | | | drop ubsan patch in favour of fix applied as https://github.com/libexpat/libexpat/pull/398 Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
* libxml2: upgrade to release 2.9.12Michael Stahl2022-03-313-6/+6
| | | | | | | | | | | | | | | | Fixes: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 * external/libxml2/ubsan.patch.0: remove, fixed upstream Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673