[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-4+backports' - 8 commits - connectivity/Library_mysqlc.mk external/mariadb-connector-c include/vcl sc/qa xmlsecurity/qa xmlsecurity/source
Michael Stahl (via logerrit)
logerrit at kemper.freedesktop.org
Thu Dec 3 12:00:30 UTC 2020
connectivity/Library_mysqlc.mk | 1
external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk | 16 +
external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk | 22 +-
include/vcl/filter/PDFiumLibrary.hxx | 2
sc/qa/uitest/calc_tests/formatCells.py | 104 +++++-----
xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf |binary
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 16 +
xmlsecurity/source/pdfio/pdfdocument.cxx | 64 +++++-
8 files changed, 162 insertions(+), 63 deletions(-)
New commits:
commit 2eb77e11249867d1aa07ae51c0be6ce22df38653
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Wed Dec 2 19:21:08 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
disable test_minimal_border_width
This was added with 63540cbef6484fa9dc017c93676d0b5e85075303 but a)
change_measurement_unit doesn't exist on this branch b) if i backport
that then the test deadlocks.
Change-Id: I782bd5615a89734dc65234d75b779bc1e1b8c1d1
diff --git a/sc/qa/uitest/calc_tests/formatCells.py b/sc/qa/uitest/calc_tests/formatCells.py
index b930e7c751b4..38e2493fc67e 100644
--- a/sc/qa/uitest/calc_tests/formatCells.py
+++ b/sc/qa/uitest/calc_tests/formatCells.py
@@ -293,58 +293,58 @@ class formatCell(UITestCase):
self.ui_test.close_doc()
- def test_minimal_border_width(self):
- #borderpage.ui, tdf#137790
- calc_doc = self.ui_test.create_doc_in_start_center("calc")
- xCalcDoc = self.xUITest.getTopFocusWindow()
- gridwin = xCalcDoc.getChild("grid_window")
- document = self.ui_test.get_component()
-
- #set points pt measurement
- change_measurement_unit(self, "Point")
-
- #select cell A1
- gridwin.executeAction("SELECT", mkPropertyValues({"CELL": "A1"}))
- #format - cell
- self.ui_test.execute_dialog_through_command(".uno:FormatCellDialog")
- xDialog = self.xUITest.getTopFocusWindow()
- xTabs = xDialog.getChild("tabcontrol")
- select_pos(xTabs, "5") #tab Borders
-
- linewidthmf = xDialog.getChild("linewidthmf")
- xLineSet = xDialog.getChild('lineset')
-
- # check line-width for default solid line
- self.assertEqual('0', get_state_as_dict(xLineSet)['SelectedItemPos'])
- widthVal = get_state_as_dict(linewidthmf)["Text"]
- self.assertEqual(widthVal, '0.75 pt')
-
- # set line style to "double" (minimal width is taken)
- xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": '16'}))
- widthVal = get_state_as_dict(linewidthmf)["Text"]
- self.assertEqual(widthVal, '1.10 pt')
-
- # set line style to "solid"
- xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": "1"}))
- widthVal = get_state_as_dict(linewidthmf)["Text"]
- self.assertEqual(widthVal, '0.75 pt')
-
- # make custom line width
- linewidthmf.executeAction("UP", tuple())
- linewidthmf.executeAction("UP", tuple())
- linewidthmf.executeAction("UP", tuple())
- widthVal = get_state_as_dict(linewidthmf)["Text"]
- self.assertEqual(widthVal, '1.50 pt')
-
- # set line style to "double" (minimal width is not taken)
- xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": "8"}))
- widthVal = get_state_as_dict(linewidthmf)["Text"]
- self.assertEqual(widthVal, '1.50 pt')
-
- xOKBtn = xDialog.getChild("ok")
- self.ui_test.close_dialog_through_button(xOKBtn)
-
- self.ui_test.close_doc()
+# def test_minimal_border_width(self):
+# #borderpage.ui, tdf#137790
+# calc_doc = self.ui_test.create_doc_in_start_center("calc")
+# xCalcDoc = self.xUITest.getTopFocusWindow()
+# gridwin = xCalcDoc.getChild("grid_window")
+# document = self.ui_test.get_component()
+#
+# #set points pt measurement
+# change_measurement_unit(self, "Point")
+#
+# #select cell A1
+# gridwin.executeAction("SELECT", mkPropertyValues({"CELL": "A1"}))
+# #format - cell
+# self.ui_test.execute_dialog_through_command(".uno:FormatCellDialog")
+# xDialog = self.xUITest.getTopFocusWindow()
+# xTabs = xDialog.getChild("tabcontrol")
+# select_pos(xTabs, "5") #tab Borders
+#
+# linewidthmf = xDialog.getChild("linewidthmf")
+# xLineSet = xDialog.getChild('lineset')
+#
+# # check line-width for default solid line
+# self.assertEqual('0', get_state_as_dict(xLineSet)['SelectedItemPos'])
+# widthVal = get_state_as_dict(linewidthmf)["Text"]
+# self.assertEqual(widthVal, '0.75 pt')
+#
+# # set line style to "double" (minimal width is taken)
+# xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": '16'}))
+# widthVal = get_state_as_dict(linewidthmf)["Text"]
+# self.assertEqual(widthVal, '1.10 pt')
+#
+# # set line style to "solid"
+# xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": "1"}))
+# widthVal = get_state_as_dict(linewidthmf)["Text"]
+# self.assertEqual(widthVal, '0.75 pt')
+#
+# # make custom line width
+# linewidthmf.executeAction("UP", tuple())
+# linewidthmf.executeAction("UP", tuple())
+# linewidthmf.executeAction("UP", tuple())
+# widthVal = get_state_as_dict(linewidthmf)["Text"]
+# self.assertEqual(widthVal, '1.50 pt')
+#
+# # set line style to "double" (minimal width is not taken)
+# xLineSet.executeAction("CHOOSE", mkPropertyValues({"POS": "8"}))
+# widthVal = get_state_as_dict(linewidthmf)["Text"]
+# self.assertEqual(widthVal, '1.50 pt')
+#
+# xOKBtn = xDialog.getChild("ok")
+# self.ui_test.close_dialog_through_button(xOKBtn)
+#
+# self.ui_test.close_doc()
def test_format_cell_borders_tab(self):
#borderpage.ui
commit bde8fcaee1011eea12f76fe71cfee8bacdc54dd7
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Dec 1 20:05:32 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
mariadb-connector-c: enable WNT-only pvio_npipe/pvio_shmem plugins
They were already compiled in some way.
Change-Id: Ic1b8563a53bad5be03bce2c0d3d2cf841e303f02
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107007
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit d350af4e0cf697e2f8ac97ffbf12243e72e1b89a)
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index a93e353afaa0..3a7647b937ed 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -73,9 +73,9 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/libmariadb/win32_errmsg \
UnpackedTarball/mariadb-connector-c/libmariadb/secure/win_crypt \
UnpackedTarball/mariadb-connector-c/win-iconv/win_iconv \
- , \
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_npipe \
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_shmem \
+ , \
UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt \
) \
))
diff --git a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
index b34c3490661c..241e12db6581 100644
--- a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
@@ -36,11 +36,19 @@ $(eval $(call gb_UnpackedTarball_set_post_action,mariadb-connector-c, \
extern struct st_mysql_client_plugin pvio_socket_client_plugin\; \
extern struct st_mysql_client_plugin caching_sha2_password_client_plugin\; \
extern struct st_mysql_client_plugin mysql_native_password_client_plugin\; \
+ $(if $(filter WNT,$(OS)), \
+ extern struct st_mysql_client_plugin pvio_shmem_client_plugin\; \
+ extern struct st_mysql_client_plugin pvio_npipe_client_plugin\; \
+ ) \
/' \
-e 's/@BUILTIN_PLUGINS@/ \
(struct st_mysql_client_plugin *)\&pvio_socket_client_plugin$(COMMA) \
(struct st_mysql_client_plugin *)\&caching_sha2_password_client_plugin$(COMMA) \
(struct st_mysql_client_plugin *)\&mysql_native_password_client_plugin$(COMMA) \
+ $(if $(filter WNT,$(OS)), \
+ (struct st_mysql_client_plugin *)\&pvio_shmem_client_plugin$(COMMA) \
+ (struct st_mysql_client_plugin *)\&pvio_npipe_client_plugin$(COMMA) \
+ ) \
/' \
> libmariadb/ma_client_plugin.c \
))
commit 72dd2553d56279951a99599a2de59c763fe8881d
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Dec 1 19:58:23 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
tdf#135202 mariadb-connector-c: enable native_password plugin
... and remove dialog authentication plugin; it quite uselessly defaults
to asking for a password on stdin, unless a function symbol is defined
by the library that links the connector static library.
There are more authentication plugins but no idea if those are needed.
Change-Id: I88ee9629e4763fb548c3f294b552cff3d739e6cb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107006
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit b746633b2b251695134e7f8c268a75e45cf97c82)
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index 664d58b03e5e..a93e353afaa0 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -67,7 +67,6 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/libmariadb/mariadb_stmt \
UnpackedTarball/mariadb-connector-c/libmariadb/ma_client_plugin \
UnpackedTarball/mariadb-connector-c/plugins/auth/my_auth \
- UnpackedTarball/mariadb-connector-c/plugins/auth/dialog \
UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw \
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_socket \
$(if $(filter $(OS),WNT), \
diff --git a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
index 2f679294f7c6..b34c3490661c 100644
--- a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
@@ -35,10 +35,12 @@ $(eval $(call gb_UnpackedTarball_set_post_action,mariadb-connector-c, \
-e 's/@EXTERNAL_PLUGINS@/ \
extern struct st_mysql_client_plugin pvio_socket_client_plugin\; \
extern struct st_mysql_client_plugin caching_sha2_password_client_plugin\; \
+ extern struct st_mysql_client_plugin mysql_native_password_client_plugin\; \
/' \
-e 's/@BUILTIN_PLUGINS@/ \
(struct st_mysql_client_plugin *)\&pvio_socket_client_plugin$(COMMA) \
(struct st_mysql_client_plugin *)\&caching_sha2_password_client_plugin$(COMMA) \
+ (struct st_mysql_client_plugin *)\&mysql_native_password_client_plugin$(COMMA) \
/' \
> libmariadb/ma_client_plugin.c \
))
commit ad56bdd3a2724cc3862a62d1b040319c99c14d7a
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Fri Nov 13 19:00:53 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
tdf#135202: Mysql declare more plugins for native password
Add pvio_npipe + pvio_shmem + dialog
Change-Id: I48d828e5cdf8d269aef3a40d75235a9519af8dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105804
Reviewed-by: Julien Nabet <serval2412 at yahoo.fr>
(cherry picked from commit 51a7985f539b7760c22b19521ed2bf5c2df4b1c1)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106235
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 5de977a4ca344c4c3f288951504f58937fe64124)
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index 768a43794432..664d58b03e5e 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -67,6 +67,7 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/libmariadb/mariadb_stmt \
UnpackedTarball/mariadb-connector-c/libmariadb/ma_client_plugin \
UnpackedTarball/mariadb-connector-c/plugins/auth/my_auth \
+ UnpackedTarball/mariadb-connector-c/plugins/auth/dialog \
UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw \
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_socket \
$(if $(filter $(OS),WNT), \
@@ -74,6 +75,8 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/libmariadb/secure/win_crypt \
UnpackedTarball/mariadb-connector-c/win-iconv/win_iconv \
, \
+ UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_npipe \
+ UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_shmem \
UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt \
) \
))
commit 309c93686644d880c2d434e89049ded8cff033f9
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Thu Nov 5 18:22:08 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
tdf#135202: Mysql use openssl libs to be able to use caching_sha2_pw
Change-Id: I7552b65022b725c6e87fef61478dc6e9c4322559
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105376
(cherry picked from commit 8c9b8c5970a08c2ef0ccddb7a691f3731d39175a)
mariadb-connector-c: fix makefile for GNU make 3.82
Old make thinks that ; terminates the recipe, have to escape it.
(other changes are just cosmetic)
(regression from 8c9b8c5970a08c2ef0ccddb7a691f3731d39175a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105516
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit ed564a411beb13a75a8f06d7cd040acad3e93dcb)
Change-Id: Ifd86ef3f17257139a078d23cb5471b9599ab6556
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105359
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 482e5f8c2d2979b5d6c3b58194b8e37e7df7480e)
diff --git a/connectivity/Library_mysqlc.mk b/connectivity/Library_mysqlc.mk
index 0999b46d3eec..f765fb1e305f 100644
--- a/connectivity/Library_mysqlc.mk
+++ b/connectivity/Library_mysqlc.mk
@@ -12,6 +12,7 @@ $(eval $(call gb_Library_Library,mysqlc))
$(eval $(call gb_Library_use_externals,mysqlc,\
boost_headers \
mariadb-connector-c \
+ openssl \
))
$(eval $(call gb_Library_set_include,mysqlc,\
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index 86d127c2af62..768a43794432 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -21,8 +21,8 @@ $(eval $(call gb_StaticLibrary_set_include,mariadb-connector-c,\
# This is needed for MSVC 2008: it somehow finds a dlopen somewhere
# but the static library then contains unreferenced symbols.
# This macro enables a re-definition to native Win32 APIs in my_global.h.
-## TODO missing enable: -DHAVE_OPENSSL -D HAVE_COMPRESS
-## (but then need to add "-lssl -lcrypto -lz" to mysqlcppconn linking)
+## TODO missing enable: -D HAVE_COMPRESS
+## (but then need to add "-lz" to mysqlcppconn linking)
$(eval $(call gb_StaticLibrary_add_cflags,mariadb-connector-c,-DHAVE_DLOPEN -D ENABLED_LOCAL_INFILE -D LIBMARIADB -D THREAD -DSQLITE_ENABLE_COLUMN_METADATA=1))
ifeq ($(OS),WNT)
@@ -31,6 +31,9 @@ $(eval $(call gb_StaticLibrary_set_include,mariadb-connector-c,\
$$(INCLUDE) \
-I$(call gb_UnpackedTarball_get_dir,mariadb-connector-c)/win-iconv \
))
+else
+$(eval $(call gb_StaticLibrary_use_external,mariadb-connector-c,openssl_headers))
+$(eval $(call gb_StaticLibrary_add_cflags,mariadb-connector-c,-DHAVE_OPENSSL))
endif
$(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
@@ -69,7 +72,10 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
$(if $(filter $(OS),WNT), \
UnpackedTarball/mariadb-connector-c/libmariadb/win32_errmsg \
UnpackedTarball/mariadb-connector-c/libmariadb/secure/win_crypt \
- UnpackedTarball/mariadb-connector-c/win-iconv/win_iconv) \
+ UnpackedTarball/mariadb-connector-c/win-iconv/win_iconv \
+ , \
+ UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt \
+ ) \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
index 3d8ca9295131..2f679294f7c6 100644
--- a/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/UnpackedTarball_mariadb-connector-c.mk
@@ -32,9 +32,15 @@ $(eval $(call gb_UnpackedTarball_add_patches,mariadb-connector-c,\
# TODO are any "plugins" needed?
$(eval $(call gb_UnpackedTarball_set_post_action,mariadb-connector-c, \
< libmariadb/ma_client_plugin.c.in sed \
- -e 's/@EXTERNAL_PLUGINS@/extern struct st_mysql_client_plugin pvio_socket_client_plugin;/' \
- -e 's/@BUILTIN_PLUGINS@/(struct st_mysql_client_plugin *)\&pvio_socket_client_plugin$(COMMA)/' \
- > libmariadb/ma_client_plugin.c \
+ -e 's/@EXTERNAL_PLUGINS@/ \
+ extern struct st_mysql_client_plugin pvio_socket_client_plugin\; \
+ extern struct st_mysql_client_plugin caching_sha2_password_client_plugin\; \
+ /' \
+ -e 's/@BUILTIN_PLUGINS@/ \
+ (struct st_mysql_client_plugin *)\&pvio_socket_client_plugin$(COMMA) \
+ (struct st_mysql_client_plugin *)\&caching_sha2_password_client_plugin$(COMMA) \
+ /' \
+ > libmariadb/ma_client_plugin.c \
))
commit 1cbc30c8194b5bef5e974e351b7b04ab5456496a
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Sat Oct 10 18:14:47 2020 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
Related tdf#122560 tdf#135202: build plugin caching_sha2_pw for MariaDb/Mysql
Taking a look at:
https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html
"caching_sha2_password" is better than "sha256_password" plugin
Notice that "sha2" in "caching_sha2_password" refers, as the quoted url indicates:
'more generally to the SHA-2 class of encryption algorithms, of which 256-bit encryption is one instance'
Change-Id: Icbbe45f4f20345da2fb5a262b4d85bce3a1fecd9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104172
Tested-by: Julien Nabet <serval2412 at yahoo.fr>
Reviewed-by: Julien Nabet <serval2412 at yahoo.fr>
(cherry picked from commit ee8d735f0a59f41fb1f5cbabfe089c222ca948e3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104150
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit e3c2dcceb0e885a5a2c76bb69eac6e2dbba98d6d)
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index 89d4bfbe954e..86d127c2af62 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -64,6 +64,7 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/libmariadb/mariadb_stmt \
UnpackedTarball/mariadb-connector-c/libmariadb/ma_client_plugin \
UnpackedTarball/mariadb-connector-c/plugins/auth/my_auth \
+ UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw \
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_socket \
$(if $(filter $(OS),WNT), \
UnpackedTarball/mariadb-connector-c/libmariadb/win32_errmsg \
commit b4ade26d9f9b845eaa25aa9c0743e390282a25a6
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Tue Oct 6 21:04:59 2020 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:22 2020 +0100
Related tdf#135202: declare libmariadb/secure/win_crypt in mk file for MariaDB
Change-Id: Ib9634d9e88d7e97a5c03ff4d8b7808c598c3b8bf
(cherry picked from commit cab3476aea0fc980951bf6e729879ecdc0d0e9b7)
Change-Id: I3f434011c0b57abf82a721c5c83b4e4f25dc42fd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103985
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit 2db12ad6f3bd5103bed80db9798b88d81f2b59e6)
diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
index b0c62e1b160e..89d4bfbe954e 100644
--- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
+++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk
@@ -67,6 +67,7 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\
UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_socket \
$(if $(filter $(OS),WNT), \
UnpackedTarball/mariadb-connector-c/libmariadb/win32_errmsg \
+ UnpackedTarball/mariadb-connector-c/libmariadb/secure/win_crypt \
UnpackedTarball/mariadb-connector-c/win-iconv/win_iconv) \
))
commit be2704983c71e9a70f6c929c3f4e97a5007f37b2
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Wed Nov 4 21:39:04 2020 +0100
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Thu Dec 3 12:59:21 2020 +0100
xmlsecurity: reject a few dangerous annotation types during pdf sig verify
(cherry picked from commit f231dacde9df1c4aa5f4e0970535c4f4093364a7)
Conflicts:
xmlsecurity/source/helper/pdfsignaturehelper.cxx
Change-Id: I950b49a6e7181639daf27348ddfa0f36586baa65
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105926
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit fcab45e0e22f4cf46e71856dba7ae5abd6f99bc5)
diff --git a/include/vcl/filter/PDFiumLibrary.hxx b/include/vcl/filter/PDFiumLibrary.hxx
index 3e2851d21e0e..2d93710ec5f8 100644
--- a/include/vcl/filter/PDFiumLibrary.hxx
+++ b/include/vcl/filter/PDFiumLibrary.hxx
@@ -57,6 +57,8 @@ public:
FPDF_ClosePage(mpPage);
}
+ FPDF_PAGE getPointer() { return mpPage; }
+
/// Get bitmap checksum of the page, without annotations/commenting.
BitmapChecksum getChecksum(int nMDPPerm);
};
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf
new file mode 100644
index 000000000000..b30f5b03867c
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index aaca2c5acc63..20241f016d52 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -427,6 +427,22 @@ CPPUNIT_TEST_FIXTURE(PDFSigningTest, testBadCertP1)
rInformation.nStatus);
}
+CPPUNIT_TEST_FIXTURE(PDFSigningTest, testBadCertP3Stamp)
+{
+ std::vector<SignatureInformation> aInfos
+ = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad-cert-p3-stamp.pdf", 1,
+ /*rExpectedSubFilter=*/OString());
+ CPPUNIT_ASSERT(!aInfos.empty());
+ SignatureInformation& rInformation = aInfos[0];
+
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: 0 (SecurityOperationStatus_UNKNOWN)
+ // - Actual : 1 (SecurityOperationStatus_OPERATION_SUCCEEDED)
+ // i.e. adding a stamp annotation was not considered as a bad modification.
+ CPPUNIT_ASSERT_EQUAL(xml::crypto::SecurityOperationStatus::SecurityOperationStatus_UNKNOWN,
+ rInformation.nStatus);
+}
+
/// Test writing a PAdES signature.
CPPUNIT_TEST_FIXTURE(PDFSigningTest, testSigningCertificateAttribute)
{
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 5580fed9d178..d154fa3dc6c5 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -24,6 +24,11 @@
#include <svl/cryptosign.hxx>
#include <vcl/filter/pdfdocument.hxx>
#include <vcl/bitmap.hxx>
+#include <basegfx/range/b2drectangle.hxx>
+
+#if HAVE_FEATURE_PDFIUM
+#include <fpdf_annot.h>
+#endif
using namespace com::sun::star;
@@ -139,8 +144,30 @@ bool IsCompleteSignature(SvStream& rStream, vcl::filter::PDFDocument& rDocument,
}
#if HAVE_FEATURE_PDFIUM
+
+/**
+ * Contains checksums of a PDF page, which is rendered without annotations. It also contains
+ * the geometry of a few dangerous annotation types.
+ */
+struct PageChecksum
+{
+ BitmapChecksum m_nPageContent;
+ std::vector<basegfx::B2DRectangle> m_aAnnotations;
+ bool operator==(const PageChecksum& rChecksum) const;
+};
+
+bool PageChecksum::operator==(const PageChecksum& rChecksum) const
+{
+ if (m_nPageContent != rChecksum.m_nPageContent)
+ {
+ return false;
+ }
+
+ return m_aAnnotations == rChecksum.m_aAnnotations;
+}
+
/// Collects the checksum of each page of one version of the PDF.
-void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum>& rPageChecksums,
+void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<PageChecksum>& rPageChecksums,
int nMDPPerm)
{
auto pPdfium = vcl::pdf::PDFiumLibrary::get();
@@ -156,8 +183,35 @@ void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<BitmapChecksum
return;
}
- BitmapChecksum nPageChecksum = pPdfPage->getChecksum(nMDPPerm);
- rPageChecksums.push_back(nPageChecksum);
+ PageChecksum aPageChecksum;
+ aPageChecksum.m_nPageContent = pPdfPage->getChecksum(nMDPPerm);
+ for (int i = 0; i < FPDFPage_GetAnnotCount(pPdfPage->getPointer()); ++i)
+ {
+ FPDF_ANNOTATION pAnnotation = FPDFPage_GetAnnot(pPdfPage->getPointer(), i);
+ int nType = FPDFAnnot_GetSubtype(pAnnotation);
+ switch (nType)
+ {
+ case FPDF_ANNOT_UNKNOWN:
+ case FPDF_ANNOT_FREETEXT:
+ case FPDF_ANNOT_STAMP:
+ case FPDF_ANNOT_REDACT:
+ {
+ basegfx::B2DRectangle aB2DRectangle;
+ FS_RECTF aRect;
+ if (FPDFAnnot_GetRect(pAnnotation, &aRect))
+ {
+ aB2DRectangle = basegfx::B2DRectangle(aRect.left, aRect.top, aRect.right,
+ aRect.bottom);
+ }
+ aPageChecksum.m_aAnnotations.push_back(aB2DRectangle);
+ break;
+ }
+ default:
+ break;
+ }
+ FPDFPage_CloseAnnot(pAnnotation);
+ }
+ rPageChecksums.push_back(aPageChecksum);
}
}
#endif
@@ -181,7 +235,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
aSignatureStream.WriteStream(rStream, nSignatureEOF);
rStream.Seek(nPos);
aSignatureStream.Seek(0);
- std::vector<BitmapChecksum> aSignedPages;
+ std::vector<PageChecksum> aSignedPages;
AnalyizeSignatureStream(aSignatureStream, aSignedPages, nMDPPerm);
SvMemoryStream aFullStream;
@@ -190,7 +244,7 @@ bool IsValidSignature(SvStream& rStream, vcl::filter::PDFObjectElement* pSignatu
aFullStream.WriteStream(rStream);
rStream.Seek(nPos);
aFullStream.Seek(0);
- std::vector<BitmapChecksum> aAllPages;
+ std::vector<PageChecksum> aAllPages;
AnalyizeSignatureStream(aFullStream, aAllPages, nMDPPerm);
// Fail if any page looks different after signing and at the end. Annotations/commenting doesn't
More information about the Libreoffice-commits
mailing list