[Libreoffice-bugs] [Bug 128749] New: Macro security level not handled correctly in non-gtk3 backends

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Tue Nov 12 14:15:01 UTC 2019 

https://bugs.documentfoundation.org/show_bug.cgi?id=128749

            Bug ID: 128749
           Summary: Macro security level not handled correctly in non-gtk3
                    backends
           Product: LibreOffice
           Version: 6.4.0.0.alpha0+
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: UI
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: glogow at fbihome.de

Description:
My original bug started as the macro security user dialog, when opening a
signed document with invalid signature, to be different on Windows and Linux on
security level "Very High", even with the same macro security level in the GUI.
It was a longer way to find the problem, then expected initially ;-)

Real problem: when opening the macro security level dialog (Tools => Options...
=> LibreOffice => Security => Macro Security), the radio button doesn't
represent the current value.

Just open the dialog with a new profile, like

$ SAL_USE_VCLPLUGIN=gtk3 ./inst*/program/soffice
-env:UserInstallation=file:///tmp/test

which (correctly) shows the macro security level as "High". With any other
backend, like:

$ SAL_USE_VCLPLUGIN=gen ./inst*/program/soffice
-env:UserInstallation=file:///tmp/test

the default security level is displayed as "Very High".

During my initial investigation I found bug 125609 but I did miss the "see
also" bugs.

My original bisecting pointed at commit 9127763db1fc ("weld MacroSecurity
cluster") in the 6.3 development repository, but that might just be a false
flag. I also noted that it didn't happen with any releases and a 
"git log --pretty= online origin/libreoffice-6-3 vcl/" had commit 4109dfff009f
(Revert "tdf#108687 vcl: always enable tabstop on radio buttons"), which is a
"see also" of 125609.

Also reverting commit 4109dfff009f on master fixes the problem for me.


Steps to Reproduce:
1. SAL_USE_VCLPLUGIN=gtk3 ./inst*/program/soffice
-env:UserInstallation=file:///tmp/test
2. Tools => Options... => LibreOffice => Security => Macro Security
3. Register the default security level of "High"

Any non-gtk3 backend, like:

4. SAL_USE_VCLPLUGIN=gen ./inst*/program/soffice
-env:UserInstallation=file:///tmp/test
5. Tools => Options... => LibreOffice => Security => Macro Security
6. Register the default security level of "Very High"


Actual Results:
The displayed macro security level is wrong.

Expected Results:
The displayed macro security level is correct.


Reproducible: Always


User Profile Reset: No



Additional Info:

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20191112/011866ed/attachment-0001.html>

More information about the Libreoffice-bugs mailing list