[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-4+backports' - 2 commits - download.lst external/pdfium include/vcl solenv/flatpak-manifest.in vcl/source xmlsecurity/inc xmlsecurity/qa xmlsecurity/source xmlsecurity/workben
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Thu Dec 3 11:58:03 UTC 2020
download.lst | 4
external/pdfium/Library_pdfium.mk | 40 +++++++--
external/pdfium/UnpackedTarball_pdfium.mk | 4
external/pdfium/build.patch.1 | 13 +++
external/pdfium/configs/build_config.h | 6 -
external/pdfium/inc/pch/precompiled_pdfium.hxx | 26 ++++--
include/vcl/filter/PDFiumLibrary.hxx | 2
include/vcl/filter/pdfdocument.hxx | 6 +
solenv/flatpak-manifest.in | 6 -
vcl/source/filter/ipdf/pdfdocument.cxx | 82 ++++++++++++++++++--
vcl/source/pdf/PDFiumLibrary.cxx | 12 +-
xmlsecurity/inc/pdfio/pdfdocument.hxx | 2
xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf |binary
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 25 +++++-
xmlsecurity/source/helper/pdfsignaturehelper.cxx | 5 -
xmlsecurity/source/pdfio/pdfdocument.cxx | 18 ++--
xmlsecurity/workben/pdfverify.cxx | 3
17 files changed, 201 insertions(+), 53 deletions(-)
New commits:
commit 060651068797bf15aed91b9f8dc3378bf759665a
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Tue Jul 21 21:25:26 2020 +0200
Commit: Michael Stahl <michael.stahl at cib.de>
CommitDate: Thu Dec 3 12:57:40 2020 +0100
external: update pdfium to handle redact annotations
external: update pdfium to 4203
(cherry picked from commit 4488be8a9279be0bd0aebd476589a49d2b95da6e)
Update one mention of pdfium-4137.tar.bz2
...left behind by 4488be8a9279be0bd0aebd476589a49d2b95da6e "external: update
pdfium to 4203"
(cherry picked from commit ba4b3d5f7a0fe8d0d985e98897e041d59093d8b0)
external: update pdfium to 4260
(cherry picked from commit f19381e46930bb496e7331754843920933fb4be2)
external: update pdfium to 4306
(cherry picked from commit fe531957e3dcd42927cf15ab31d04473433d81f9)
Conflicts:
include/vcl/pdf/PDFAnnotationSubType.hxx
Change-Id: Ic10cf99fa412f8f0b3475e82d0a1839a7f04bd08
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105913
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
(cherry picked from commit b4f50e78e9cd391964128bd0d1446d4dca110cef)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107063
Tested-by: Michael Stahl <michael.stahl at cib.de>
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
diff --git a/download.lst b/download.lst
index 856885cde73f..d0d3c048da4d 100644
--- a/download.lst
+++ b/download.lst
@@ -202,8 +202,8 @@ export OWNCLOUD_ANDROID_LIB_SHA256SUM := b18b3e3ef7fae6a79b62f2bb43cc47a5346b633
export OWNCLOUD_ANDROID_LIB_TARBALL := owncloud-android-library-0.9.4-no-binary-deps.tar.gz
export PAGEMAKER_SHA256SUM := 66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
export PAGEMAKER_TARBALL := libpagemaker-0.0.4.tar.xz
-export PDFIUM_SHA256SUM := 9a2f9bddca935a263f06c81003483473a525ccd0f4e517bc75fceb914d4c54b6
-export PDFIUM_TARBALL := pdfium-4137.tar.bz2
+export PDFIUM_SHA256SUM := eca406d47ac7e2a84dcc86f93c08f96e591d409589e881477fa75e488e4851d8
+export PDFIUM_TARBALL := pdfium-4306.tar.bz2
export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
diff --git a/external/pdfium/Library_pdfium.mk b/external/pdfium/Library_pdfium.mk
index 25bbfa195af1..f08ff51a31a3 100644
--- a/external/pdfium/Library_pdfium.mk
+++ b/external/pdfium/Library_pdfium.mk
@@ -76,6 +76,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_pauseadapter \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_interactiveform \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_renderpage \
+ UnpackedTarball/pdfium/fpdfsdk/fpdf_signature \
))
# fdrm
@@ -97,6 +98,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textfield \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_button \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textobject \
+ UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_privatedata \
))
# fpdfapi
@@ -244,6 +246,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_type3cache \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_type3glyphmap \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_rendershading \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_rendertiling \
UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_creator \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_encryptor \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_flateencoder \
@@ -346,20 +349,19 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_SymbolDict \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_TrdProc \
UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gif \
- UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gifcontext \
UnpackedTarball/pdfium/core/fxcodec/gif/cfx_lzwdecompressor \
UnpackedTarball/pdfium/core/fxcodec/cfx_codec_memory \
UnpackedTarball/pdfium/core/fxcodec/fax/faxmodule \
UnpackedTarball/pdfium/core/fxcodec/scanlinedecoder \
- UnpackedTarball/pdfium/core/fxcodec/jbig2/jbig2module \
UnpackedTarball/pdfium/core/fxcodec/jpeg/jpegmodule \
UnpackedTarball/pdfium/core/fxcodec/jpx/cjpx_decoder \
UnpackedTarball/pdfium/core/fxcodec/jpx/jpx_decode_utils \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_DocumentContext \
UnpackedTarball/pdfium/core/fxcodec/basic/basicmodule \
- UnpackedTarball/pdfium/core/fxcodec/jpx/jpxmodule \
UnpackedTarball/pdfium/core/fxcodec/flate/flatemodule \
UnpackedTarball/pdfium/core/fxcodec/icc/iccmodule \
+ UnpackedTarball/pdfium/core/fxcodec/jbig2/jbig2_decoder \
+ UnpackedTarball/pdfium/core/fxcodec/jpeg/jpeg_common \
))
# fxcrt
@@ -429,7 +431,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/dib/cfx_imagetransformer \
UnpackedTarball/pdfium/core/fxge/dib/cfx_scanlinecompositor \
UnpackedTarball/pdfium/core/fxge/dib/cstretchengine \
- UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main \
+ UnpackedTarball/pdfium/core/fxge/dib/fx_dib \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitDingbats \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitFixed \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitFixedBold \
@@ -464,8 +466,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/cfx_renderdevice \
UnpackedTarball/pdfium/core/fxge/cfx_substfont \
UnpackedTarball/pdfium/core/fxge/cfx_unicodeencoding \
- UnpackedTarball/pdfium/core/fxge/fx_ge_fontmap \
- UnpackedTarball/pdfium/core/fxge/fx_ge_linux \
UnpackedTarball/pdfium/core/fxge/cfx_glyphbitmap \
UnpackedTarball/pdfium/core/fxge/scoped_font_transform \
UnpackedTarball/pdfium/core/fxge/text_glyph_pos \
@@ -494,7 +494,9 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_edit_impl \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_icon \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_box \
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_impl \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_cbbutton \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_cblistbox \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_ctrl \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_scroll_bar \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_special_button \
UnpackedTarball/pdfium/core/fxcrt/cfx_timer \
@@ -542,6 +544,10 @@ $(eval $(call gb_Library_add_generated_cobjects,pdfium,\
UnpackedTarball/pdfium/third_party/libopenjpeg20/sparse_array \
))
+$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
+ UnpackedTarball/pdfium/third_party/libopenjpeg20/opj_malloc \
+))
+
# pdfium_base
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/address_space_randomization \
@@ -555,6 +561,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_page \
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_root_base \
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/random \
+ UnpackedTarball/pdfium/third_party/base/memory/aligned_memory \
))
# skia_shared
@@ -627,10 +634,14 @@ ifeq ($(OS),WNT)
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/win32/cfx_psrenderer \
UnpackedTarball/pdfium/core/fxge/win32/cpsoutput \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_device \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_dib \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_gdipext \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_print \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_device_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_display_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_plus_ext \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cps_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/ctext_only_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cwin32_platform \
+ UnpackedTarball/pdfium/core/fxge/cfx_windowsrenderdevice \
UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_windows \
UnpackedTarball/pdfium/third_party/base/win/win_util \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_windowsrenderdevice \
@@ -671,4 +682,11 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
))
endif
+ifeq ($(OS),LINUX)
+# fxge
+$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
+ UnpackedTarball/pdfium/core/fxge/fx_ge_linux \
+))
+endif
+
# vim: set noet sw=4 ts=4:
diff --git a/external/pdfium/UnpackedTarball_pdfium.mk b/external/pdfium/UnpackedTarball_pdfium.mk
index 93d3fede6e3c..f4643376cee0 100644
--- a/external/pdfium/UnpackedTarball_pdfium.mk
+++ b/external/pdfium/UnpackedTarball_pdfium.mk
@@ -45,7 +45,9 @@ $(eval $(call gb_UnpackedTarball_set_post_action,pdfium,\
mv third_party/base/allocator/partition_allocator/partition_page.cc third_party/base/allocator/partition_allocator/partition_page.cpp && \
mv third_party/base/allocator/partition_allocator/partition_root_base.cc third_party/base/allocator/partition_allocator/partition_root_base.cpp && \
mv third_party/base/allocator/partition_allocator/random.cc third_party/base/allocator/partition_allocator/random.cpp && \
- mv third_party/base/win/win_util.cc third_party/base/win/win_util.cpp \
+ mv third_party/base/memory/aligned_memory.cc third_party/base/memory/aligned_memory.cpp && \
+ mv third_party/base/win/win_util.cc third_party/base/win/win_util.cpp && \
+ mv third_party/libopenjpeg20/opj_malloc.cc third_party/libopenjpeg20/opj_malloc.cpp \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/pdfium/build.patch.1 b/external/pdfium/build.patch.1
index b19fa1174419..f394cf732c2d 100644
--- a/external/pdfium/build.patch.1
+++ b/external/pdfium/build.patch.1
@@ -52,3 +52,16 @@ index 0fb627ba8..dda1fc8bc 100644
uint8_t r;
uint8_t g;
+diff --git a/core/fxcodec/jpx/cjpx_decoder.cpp b/core/fxcodec/jpx/cjpx_decoder.cpp
+index dbc1b1045..36b72461d 100644
+--- a/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -70,7 +70,7 @@ Optional<OpjImageRgbData> alloc_rgb(size_t size) {
+ if (!data.b)
+ return {};
+
+- return data;
++ return std::move(data);
+ }
+
+ void sycc_to_rgb(int offset,
diff --git a/external/pdfium/configs/build_config.h b/external/pdfium/configs/build_config.h
index edd70af53034..ec93c278767c 100644
--- a/external/pdfium/configs/build_config.h
+++ b/external/pdfium/configs/build_config.h
@@ -6,7 +6,7 @@
// This file adds defines about the platform we're currently building on.
// Operating System:
-// OS_WIN / OS_MACOSX / OS_LINUX / OS_POSIX (MACOSX or LINUX)
+// OS_WIN / OS_APPLE / OS_LINUX / OS_POSIX (MACOSX or LINUX)
// Compiler:
// COMPILER_MSVC / COMPILER_GCC
// Processor:
@@ -21,7 +21,7 @@
#define OS_ANDROID 1
#define OS_LINUX 1
#elif defined(__APPLE__)
-#define OS_MACOSX 1
+#define OS_APPLE 1
#elif defined(__linux__)
#define OS_LINUX 1
#elif defined(__DragonFly__)
@@ -48,7 +48,7 @@
// For access to standard POSIX features, use OS_POSIX instead of a more
// specific macro.
-#if defined(OS_MACOSX) || defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
+#if defined(OS_APPLE) || defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
#define OS_POSIX 1
#endif
diff --git a/external/pdfium/inc/pch/precompiled_pdfium.hxx b/external/pdfium/inc/pch/precompiled_pdfium.hxx
index f1bb32ea8331..2497306fa06b 100644
--- a/external/pdfium/inc/pch/precompiled_pdfium.hxx
+++ b/external/pdfium/inc/pch/precompiled_pdfium.hxx
@@ -191,6 +191,7 @@
#include <core/fpdfapi/render/cpdf_renderoptions.h>
#include <core/fpdfapi/render/cpdf_rendershading.h>
#include <core/fpdfapi/render/cpdf_renderstatus.h>
+#include <core/fpdfapi/render/cpdf_rendertiling.h>
#include <core/fpdfapi/render/cpdf_scaledrenderbuffer.h>
#include <core/fpdfapi/render/cpdf_textrenderer.h>
#include <core/fpdfapi/render/cpdf_type3cache.h>
@@ -240,9 +241,7 @@
#include <core/fxcodec/flate/flatemodule.h>
#include <core/fxcodec/fx_codec.h>
#include <core/fxcodec/gif/cfx_gif.h>
-#include <core/fxcodec/gif/cfx_gifcontext.h>
#include <core/fxcodec/gif/cfx_lzwdecompressor.h>
-#include <core/fxcodec/gif/gifmodule.h>
#include <core/fxcodec/icc/iccmodule.h>
#include <core/fxcodec/jbig2/JBig2_ArithDecoder.h>
#include <core/fxcodec/jbig2/JBig2_ArithIntDecoder.h>
@@ -262,11 +261,11 @@
#include <core/fxcodec/jbig2/JBig2_Segment.h>
#include <core/fxcodec/jbig2/JBig2_SymbolDict.h>
#include <core/fxcodec/jbig2/JBig2_TrdProc.h>
-#include <core/fxcodec/jbig2/jbig2module.h>
+#include <core/fxcodec/jbig2/jbig2_decoder.h>
+#include <core/fxcodec/jpeg/jpeg_common.h>
#include <core/fxcodec/jpeg/jpegmodule.h>
#include <core/fxcodec/jpx/cjpx_decoder.h>
#include <core/fxcodec/jpx/jpx_decode_utils.h>
-#include <core/fxcodec/jpx/jpxmodule.h>
#include <core/fxcodec/scanlinedecoder.h>
#include <core/fxcrt/autorestorer.h>
#include <core/fxcrt/bytestring.h>
@@ -337,6 +336,7 @@
#include <core/fxge/cfx_defaultrenderdevice.h>
#include <core/fxge/cfx_drawutils.h>
#include <core/fxge/cfx_face.h>
+#include <core/fxge/cfx_fillrenderoptions.h>
#include <core/fxge/cfx_folderfontinfo.h>
#include <core/fxge/cfx_font.h>
#include <core/fxge/cfx_fontcache.h>
@@ -350,6 +350,7 @@
#include <core/fxge/cfx_pathdata.h>
#include <core/fxge/cfx_renderdevice.h>
#include <core/fxge/cfx_substfont.h>
+#include <core/fxge/cfx_textrenderoptions.h>
#include <core/fxge/cfx_unicodeencoding.h>
#include <core/fxge/dib/cfx_bitmapcomposer.h>
#include <core/fxge/dib/cfx_bitmapstorer.h>
@@ -362,9 +363,9 @@
#include <core/fxge/dib/cfx_imagetransformer.h>
#include <core/fxge/dib/cfx_scanlinecompositor.h>
#include <core/fxge/dib/cstretchengine.h>
+#include <core/fxge/dib/fx_dib.h>
#include <core/fxge/dib/scanlinecomposer_iface.h>
#include <core/fxge/fontdata/chromefontdata/chromefontdata.h>
-#include <core/fxge/fx_dib.h>
#include <core/fxge/fx_font.h>
#include <core/fxge/fx_freetype.h>
#include <core/fxge/render_defines.h>
@@ -398,6 +399,7 @@
#include <fpdfsdk/formfiller/cffl_formfiller.h>
#include <fpdfsdk/formfiller/cffl_interactiveformfiller.h>
#include <fpdfsdk/formfiller/cffl_listbox.h>
+#include <fpdfsdk/formfiller/cffl_privatedata.h>
#include <fpdfsdk/formfiller/cffl_pushbutton.h>
#include <fpdfsdk/formfiller/cffl_radiobutton.h>
#include <fpdfsdk/formfiller/cffl_textfield.h>
@@ -405,16 +407,19 @@
#include <fpdfsdk/ipdfsdk_annothandler.h>
#include <fpdfsdk/pwl/cpwl_button.h>
#include <fpdfsdk/pwl/cpwl_caret.h>
+#include <fpdfsdk/pwl/cpwl_cbbutton.h>
+#include <fpdfsdk/pwl/cpwl_cblistbox.h>
#include <fpdfsdk/pwl/cpwl_combo_box.h>
#include <fpdfsdk/pwl/cpwl_edit.h>
#include <fpdfsdk/pwl/cpwl_edit_ctrl.h>
#include <fpdfsdk/pwl/cpwl_edit_impl.h>
#include <fpdfsdk/pwl/cpwl_icon.h>
#include <fpdfsdk/pwl/cpwl_list_box.h>
-#include <fpdfsdk/pwl/cpwl_list_impl.h>
+#include <fpdfsdk/pwl/cpwl_list_ctrl.h>
#include <fpdfsdk/pwl/cpwl_scroll_bar.h>
#include <fpdfsdk/pwl/cpwl_special_button.h>
#include <fpdfsdk/pwl/cpwl_wnd.h>
+#include <fpdfsdk/pwl/ipwl_fillernotify.h>
#include <fpdfsdk/pwl/ipwl_systemhandler.h>
#include <fxjs/cjs_event_context_stub.h>
#include <fxjs/cjs_runtimestub.h>
@@ -433,11 +438,13 @@
#include <public/fpdf_progressive.h>
#include <public/fpdf_save.h>
#include <public/fpdf_searchex.h>
+#include <public/fpdf_signature.h>
#include <public/fpdf_structtree.h>
#include <public/fpdf_sysfontinfo.h>
#include <public/fpdf_text.h>
#include <public/fpdf_transformpage.h>
#include <public/fpdfview.h>
+#include <third_party/agg23/agg_clip_liang_barsky.h>
#include <third_party/agg23/agg_conv_dash.h>
#include <third_party/agg23/agg_conv_stroke.h>
#include <third_party/agg23/agg_curves.h>
@@ -452,6 +459,7 @@
#include <third_party/base/allocator/partition_allocator/page_allocator.h>
#include <third_party/base/allocator/partition_allocator/page_allocator_internal.h>
#include <third_party/base/allocator/partition_allocator/partition_alloc.h>
+#include <third_party/base/allocator/partition_allocator/partition_alloc_check.h>
#include <third_party/base/allocator/partition_allocator/partition_alloc_constants.h>
#include <third_party/base/allocator/partition_allocator/partition_bucket.h>
#include <third_party/base/allocator/partition_allocator/partition_direct_map_extent.h>
@@ -461,10 +469,14 @@
#include <third_party/base/allocator/partition_allocator/random.h>
#include <third_party/base/allocator/partition_allocator/spin_lock.h>
#include <third_party/base/bits.h>
+#include <third_party/base/check.h>
+#include <third_party/base/check_op.h>
#include <third_party/base/compiler_specific.h>
+#include <third_party/base/containers/adapters.h>
#include <third_party/base/debug/alias.h>
-#include <third_party/base/logging.h>
+#include <third_party/base/memory/aligned_memory.h>
#include <third_party/base/no_destructor.h>
+#include <third_party/base/notreached.h>
#include <third_party/base/numerics/safe_conversions.h>
#include <third_party/base/numerics/safe_math.h>
#include <third_party/base/optional.h>
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index 89e387747e2f..b624ffcb512e 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -69,10 +69,10 @@
"type": "shell"
},
{
- "url": "https://dev-www.libreoffice.org/src/pdfium-4137.tar.bz2",
- "sha256": "9a2f9bddca935a263f06c81003483473a525ccd0f4e517bc75fceb914d4c54b6",
+ "url": "https://dev-www.libreoffice.org/src/pdfium-4306.tar.bz2",
+ "sha256": "eca406d47ac7e2a84dcc86f93c08f96e591d409589e881477fa75e488e4851d8",
"type": "file",
- "dest-filename": "external/tarballs/pdfium-4137.tar.bz2"
+ "dest-filename": "external/tarballs/pdfium-4306.tar.bz2"
},
{
"url": "https://dev-www.libreoffice.org/src/0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz",
commit d3f284721bbcf5ab743f39ff58f9b6c05cc42ef7
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Oct 19 16:50:07 2020 +0200
Commit: Michael Stahl <michael.stahl at cib.de>
CommitDate: Thu Dec 3 12:57:26 2020 +0100
xmlsecurity: handle MDP permission during PDF verify
(cherry picked from commit 586f6abee92af3cdabdce034b607b9a046ed3946)
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
vcl/source/pdf/PDFiumLibrary.cxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Change-Id: I626fca7c03079fb0374c577dcfe024e7db6ed5b3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105785
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 00479937dc071246cc27f33fd6397668448a7ed9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107062
Tested-by: Michael Stahl <michael.stahl at cib.de>
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
diff --git a/include/vcl/filter/PDFiumLibrary.hxx b/include/vcl/filter/PDFiumLibrary.hxx
index 639c71d61a3d..3e2851d21e0e 100644
--- a/include/vcl/filter/PDFiumLibrary.hxx
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -58,7 +58,7 @@ public:
}
/// Get bitmap checksum of the page, without annotations/commenting.
- BitmapChecksum getChecksum();
+ BitmapChecksum getChecksum(int nMDPPerm);
};
class VCL_DLLPUBLIC PDFiumDocument final
diff --git a/include/vcl/filter/pdfdocument.hxx b/include/vcl/filter/pdfdocument.hxx
index e05e7d9d749c..84766f2ef798 100644
--- a/include/vcl/filter/pdfdocument.hxx
+++ b/include/vcl/filter/pdfdocument.hxx
@@ -399,6 +399,7 @@ public:
size_t GetObjectOffset(size_t nIndex) const;
const std::vector<std::unique_ptr<PDFElement>>& GetElements() const;
std::vector<PDFObjectElement*> GetPages();
+ PDFObjectElement* GetCatalog();
/// Remember the end location of an EOF token.
void PushBackEOF(size_t nOffset);
/// Look up object based on object number, possibly by parsing object streams.
@@ -424,6 +425,11 @@ public:
bool Write(SvStream& rStream);
/// Get a list of signatures embedded into this document.
std::vector<PDFObjectElement*> GetSignatureWidgets();
+ /**
+ * Get the value of the "modification detection and prevention" permission:
+ * Valid values are 1, 2 and 3: only 3 allows annotations after signing.
+ */
+ int GetMDPPerm();
/// Remove the nth signature from read document in the edit buffer.
bool RemoveSignature(size_t nPosition);
/// Get byte offsets of the end of incremental updates.
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx
index ec286721ec16..a16b589fd3aa 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -1858,10 +1858,8 @@ static void visitPages(PDFObjectElement* pPages, std::vector<PDFObjectElement*>&
pPages->setVisiting(false);
}
-std::vector<PDFObjectElement*> PDFDocument::GetPages()
+PDFObjectElement* PDFDocument::GetCatalog()
{
- std::vector<PDFObjectElement*> aRet;
-
PDFReferenceElement* pRoot = nullptr;
PDFTrailerElement* pTrailer = nullptr;
@@ -1881,11 +1879,18 @@ std::vector<PDFObjectElement*> PDFDocument::GetPages()
if (!pRoot)
{
- SAL_WARN("vcl.filter", "PDFDocument::GetPages: trailer has no Root key");
- return aRet;
+ SAL_WARN("vcl.filter", "PDFDocument::GetCatalog: trailer has no Root key");
+ return nullptr;
}
- PDFObjectElement* pCatalog = pRoot->LookupObject();
+ return pRoot->LookupObject();
+}
+
+std::vector<PDFObjectElement*> PDFDocument::GetPages()
+{
+ std::vector<PDFObjectElement*> aRet;
+
+ PDFObjectElement* pCatalog = GetCatalog();
if (!pCatalog)
{
SAL_WARN("vcl.filter", "PDFDocument::GetPages: trailer has no catalog");
@@ -1958,6 +1963,71 @@ std::vector<PDFObjectElement*> PDFDocument::GetSignatureWidgets()
return aRet;
}
+int PDFDocument::GetMDPPerm()
+{
+ int nRet = 3;
+
+ std::vector<PDFObjectElement*> aSignatures = GetSignatureWidgets();
+ if (aSignatures.empty())
+ {
+ return nRet;
+ }
+
+ for (const auto& pSignature : aSignatures)
+ {
+ vcl::filter::PDFObjectElement* pSig = pSignature->LookupObject("V");
+ if (!pSig)
+ {
+ SAL_WARN("vcl.filter", "PDFDocument::GetMDPPerm: can't find signature object");
+ continue;
+ }
+
+ auto pReference = dynamic_cast<PDFArrayElement*>(pSig->Lookup("Reference"));
+ if (!pReference || pReference->GetElements().empty())
+ {
+ continue;
+ }
+
+ auto pFirstReference = dynamic_cast<PDFDictionaryElement*>(pReference->GetElements()[0]);
+ if (!pFirstReference)
+ {
+ SAL_WARN("vcl.filter",
+ "PDFDocument::GetMDPPerm: reference array doesn't contain a dictionary");
+ continue;
+ }
+
+ PDFElement* pTransformParams = pFirstReference->LookupElement("TransformParams");
+ auto pTransformParamsDict = dynamic_cast<PDFDictionaryElement*>(pTransformParams);
+ if (!pTransformParamsDict)
+ {
+ auto pTransformParamsRef = dynamic_cast<PDFReferenceElement*>(pTransformParams);
+ if (pTransformParamsRef)
+ {
+ PDFObjectElement* pTransformParamsObj = pTransformParamsRef->LookupObject();
+ if (pTransformParamsObj)
+ {
+ pTransformParamsDict = pTransformParamsObj->GetDictionary();
+ }
+ }
+ }
+
+ if (!pTransformParamsDict)
+ {
+ continue;
+ }
+
+ auto pP = dynamic_cast<PDFNumberElement*>(pTransformParamsDict->LookupElement("P"));
+ if (!pP)
+ {
+ return 2;
+ }
+
+ return pP->GetValue();
+ }
+
+ return nRet;
+}
+
std::vector<unsigned char> PDFDocument::DecodeHexString(PDFHexStringElement const* pElement)
{
return svl::crypto::DecodeHexString(pElement->GetValue());
diff --git a/vcl/source/pdf/PDFiumLibrary.cxx b/vcl/source/pdf/PDFiumLibrary.cxx
index 861b7dda0acb..f481078ab726 100644
--- a/vcl/source/pdf/PDFiumLibrary.cxx
+++ b/vcl/source/pdf/PDFiumLibrary.cxx
@@ -57,7 +57,7 @@ std::unique_ptr<PDFiumPage> PDFiumDocument::openPage(int nIndex)
int PDFiumDocument::getPageCount() { return FPDF_GetPageCount(mpPdfDocument); }
-BitmapChecksum PDFiumPage::getChecksum()
+BitmapChecksum PDFiumPage::getChecksum(int nMDPPerm)
{
size_t nPageWidth = FPDF_GetPageWidth(mpPage);
size_t nPageHeight = FPDF_GetPageHeight(mpPage);
@@ -67,10 +67,14 @@ BitmapChecksum PDFiumPage::getChecksum()
return 0;
}
- // Intentionally not using FPDF_ANNOT here, annotations/commenting is OK to not affect the
- // checksum, signature verification wants this.
+ int nFlags = 0;
+ if (nMDPPerm != 3)
+ {
+ // Annotations/commenting should affect the checksum, signature verification wants this.
+ nFlags = FPDF_ANNOT;
+ }
FPDF_RenderPageBitmap(pPdfBitmap, mpPage, /*start_x=*/0, /*start_y=*/0, nPageWidth, nPageHeight,
- /*rotate=*/0, /*flags=*/0);
+ /*rotate=*/0, nFlags);
Bitmap aBitmap(Size(nPageWidth, nPageHeight), 24);
{
BitmapScopedWriteAccess pWriteAccess(aBitmap);
diff --git a/xmlsecurity/inc/pdfio/pdfdocument.hxx b/xmlsecurity/inc/pdfio/pdfdocument.hxx
index f7e36492e746..87fa1d51286b 100644
--- a/xmlsecurity/inc/pdfio/pdfdocument.hxx
+++ b/xmlsecurity/inc/pdfio/pdfdocument.hxx
@@ -36,7 +36,7 @@ namespace pdfio
XMLSECURITY_DLLPUBLIC bool ValidateSignature(SvStream& rStream,
vcl::filter::PDFObjectElement* pSignature,
SignatureInformation& rInformation,
- vcl::filter::PDFDocument& rDocument);
+ vcl::filter::PDFDocument& rDocument, int nMDPPerm);
} // namespace pdfio
} // namespace xmlsecurity
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf
new file mode 100644
index 000000000000..04d9950582b0
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 8a7cbbdc3730..aaca2c5acc63 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -96,8 +96,9 @@ std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, s
for (size_t i = 0; i < aSignatures.size(); ++i)
{
SignatureInformation aInfo(i);
- CPPUNIT_ASSERT(
- xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, aVerifyDocument));
+ int nMDPPerm = aVerifyDocument.GetMDPPerm();
+ xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo, aVerifyDocument,
+ nMDPPerm);
aRet.push_back(aInfo);
if (!rExpectedSubFilter.isEmpty())
@@ -241,8 +242,9 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testPDFRemove)
std::vector<vcl::filter::PDFObjectElement*> aSignatures = aDocument.GetSignatureWidgets();
CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(1), aSignatures.size());
SignatureInformation aInfo(0);
- CPPUNIT_ASSERT(
- xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo, aDocument));
+ int nMDPPerm = aDocument.GetMDPPerm();
+ CPPUNIT_ASSERT(xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[0], aInfo,
+ aDocument, nMDPPerm));
}
// Remove the signature and write out the result as remove.pdf.
@@ -410,6 +412,21 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testPartialInBetween)
CPPUNIT_ASSERT(rInformation.bPartialDocumentSignature);
}
+CPPUNIT_TEST_FIXTURE(PDFSigningTest, testBadCertP1)
+{
+ std::vector<SignatureInformation> aInfos
+ = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad-cert-p1.pdf", 1,
+ /*rExpectedSubFilter=*/OString());
+ CPPUNIT_ASSERT(!aInfos.empty());
+ SignatureInformation& rInformation = aInfos[0];
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: 0 (SecurityOperationStatus_UNKNOWN)
+ // - Actual : 1 (SecurityOperationStatus_OPERATION_SUCCEEDED)
+ // i.e. annotation after a P1 signature was not considered as a bad modification.
+ CPPUNIT_ASSERT_EQUAL(xml::crypto::SecurityOperationStatus::SecurityOperationStatus_UNKNOWN,
+ rInformation.nStatus);
+}
+
/// Test writing a PAdES signature.
CPPUNIT_TEST_FIXTURE(PDFSigningTest, testSigningCertificateAttribute)
{
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index f10f29c61840..b0795cb8f33f 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -52,11 +52,14 @@ bool PDFSignatureHelper::ReadAndVerifySignature(
m_aSignatureInfos.clear();
+ int nMDPPerm = aDocument.GetMDPPerm();
+
for (size_t i = 0; i < aSignatures.size(); ++i)
{
SignatureInformation aInfo(i);
- if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, aDocument))
+ if (!xmlsecurity::pdfio::ValidateSignature(*pStream, aSignatures[i], aInfo, aDocument,
+ nMDPPerm))
SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
m_aSignatureInfos.push_back(aInfo);
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 557180071a2c..9d056de0a15c 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -139,7 +139,8 @@ bool IsCompleteSignature(SvStream& rStream, vcl::filter::PDFDocument& rDocument,
}
/// Collects the checksum of each page of one version of the PDF.
-void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum>& rPageChecksums)
+void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum>& rPageChecksums,
+ int nMDPPerm)
{
#if HAVE_FEATURE_PDFIUM
auto pPdfium = vcl::pdf::PDFiumLibrary::get();
@@ -155,7 +156,7 @@ void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum
return;
}
- BitmapChecksum nPageChecksum = pPdfPage->getChecksum();
+ BitmapChecksum nPageChecksum = pPdfPage->getChecksum(nMDPPerm);
rPageChecksums.push_back(nPageChecksum);
}
#else
@@ -165,9 +166,9 @@ void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum
/**
* Checks if incremental updates after singing performed valid modifications only.
- * Annotations/commenting is OK, other changes are not.
+ * nMDPPerm decides if annotations/commenting is OK, other changes are always not.
*/
-bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature)
+bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature, int nMDPPerm)
{
size_t nSignatureEOF = 0;
if (!GetEOFOfSignature(pSignature, nSignatureEOF))
@@ -182,7 +183,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
rStream.Seek(nPos);
aSignatureStream.Seek(0);
std::vector<BitmapChecksum> aSignedPages;
- AnalyizeSignatureStream(aSignatureStream, aSignedPages);
+ AnalyizeSignatureStream(aSignatureStream, aSignedPages, nMDPPerm);
SvMemoryStream aFullStream;
nPos = rStream.Tell();
@@ -191,7 +192,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
rStream.Seek(nPos);
aFullStream.Seek(0);
std::vector<BitmapChecksum> aAllPages;
- AnalyizeSignatureStream(aFullStream, aAllPages);
+ AnalyizeSignatureStream(aFullStream, aAllPages, nMDPPerm);
// Fail if any page looks different after signing and at the end. Annotations/commenting doesn't
// count, though.
@@ -204,7 +205,8 @@ namespace xmlsecurity
namespace pdfio
{
bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignature,
- SignatureInformation& rInformation, vcl::filter::PDFDocument& rDocument)
+ SignatureInformation& rInformation, vcl::filter::PDFDocument& rDocument,
+ int nMDPPerm)
{
vcl::filter::PDFObjectElement* pValue = pSignature->LookupObject("V");
if (!pValue)
@@ -311,7 +313,7 @@ bool ValidateSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignat
return false;
}
rInformation.bPartialDocumentSignature = !IsCompleteSignature(rStream, rDocument, pSignature);
- if (!IsValidSignature(rStream, pSignature))
+ if (!IsValidSignature(rStream, pSignature, nMDPPerm))
{
SAL_WARN("xmlsecurity.pdfio", "ValidateSignature: invalid incremental update detected");
return false;
diff --git a/xmlsecurity/workben/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx
index b5052502573f..c448035946e6 100644
--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -157,11 +157,12 @@ int pdfVerify(int nArgc, char** pArgv)
else
{
std::cerr << "found " << aSignatures.size() << " signatures" << std::endl;
+ int nMDPPerm = aDocument.GetMDPPerm();
for (size_t i = 0; i < aSignatures.size(); ++i)
{
SignatureInformation aInfo(i);
if (!xmlsecurity::pdfio::ValidateSignature(aStream, aSignatures[i], aInfo,
- aDocument))
+ aDocument, nMDPPerm))
{
SAL_WARN("xmlsecurity.pdfio", "failed to determine digest match");
return 1;
More information about the Libreoffice-commits
mailing list