[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-5-2+backports' - 9 commits - comphelper/source external/python3 forms/source framework/source package/source sal/osl sfx2/source sw/qa sw/source
Thorsten Behrens (via logerrit)
logerrit at kemper.freedesktop.org
Mon Jun 8 20:27:24 UTC 2020
Rebased ref, commits from common ancestor:
commit 5d33338e933b877128432077e18841f412f75c4b
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
AuthorDate: Thu Mar 12 11:01:55 2020 +0100
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
comphelper: fix build against CentOS6 baseline
Change-Id: Ice8a27dc92c923b3d2c62a6989e13720ff044749
(cherry picked from commit 25e7d4a47171ec68202269a8f94fae002b7715c9)
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index 660ce8aea89c..2b52c1400f60 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -451,11 +451,11 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty())
{
- if (std::find_if(std::cbegin(aEncData), std::cend(aEncData),
+ if (std::find_if(aEncData.begin(), aEncData.end(),
[](const css::beans::NamedValue& val) {
return val.Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8;
})
- == std::cend(aEncData))
+ == aEncData.end())
{
// tdf#118639: We need ODF encryption data for autorecovery, where password
// will already be unavailable, so generate and append it here
commit 68e3167b3f1cd6923d58fd8c03225a7667aca8b9
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Sat Apr 7 12:19:43 2018 +0200
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
external/python3: Drop nis.cpython-*m.so
At least Fedora 28 glibc-2.27-8.fc28 no longer provides the nis development
headers and libraries. (It only still contains some binaries for backwards
compatibility, in the libnsl sub-package: "This package provides the legacy
version of libnsl library, for accessing NIS services.")
There is probably no real need to have nis.cpython-*m.so contained in
external/python3/ExternalPackage_python3.mk (it probably just happened to build
fine when that list was originally created, so was included).
Change-Id: Ic6128fd872432005c0ded76640c5b56781ca69a1
Reviewed-on: https://gerrit.libreoffice.org/52535
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 93e6a823bd8543d30621769c7b34d6261ea5cb01)
diff --git a/external/python3/ExternalPackage_python3.mk b/external/python3/ExternalPackage_python3.mk
index 9da2ed4d1957..bab1451693e5 100644
--- a/external/python3/ExternalPackage_python3.mk
+++ b/external/python3/ExternalPackage_python3.mk
@@ -87,7 +87,6 @@ $(eval $(call gb_ExternalPackage_add_files,python3,$(LIBO_BIN_FOLDER)/python-cor
LO_lib/mmap.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
LO_lib/_multibytecodec.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
LO_lib/_multiprocessing.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
- LO_lib/nis.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
LO_lib/_opcode.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
LO_lib/ossaudiodev.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
LO_lib/parser.cpython-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)m.so \
commit a2a9aa5ed7b9fa513b1c9919e5827914dfda6ec4
Author: Vasily Melenchuk <vasily.melenchuk at cib.de>
AuthorDate: Mon Feb 17 10:52:11 2020 +0300
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
tdf#129096: Document Recovery: Use TypeDetection on load
Loading of recovered document happend before via XFilter::filter
is not updating media descriptor of document. But this is
important for password protected documents to store entered password
and used encryption type.
To avoid this problem let's use TypeDetection which during its work
will ask user for password and store all the info in modified media
descriptor before actual recovery attempt.
Change-Id: Ide2ebf0955e0937cdc7c9d7165593b71f904649b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88844
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Tested-by: Jenkins
(cherry picked from commit 8461127750e1fe92a615409505256132e54fb8e8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89789
Reviewed-by: Vasily Melenchuk <vasily.melenchuk at cib.de>
(cherry picked from commit b05c87f00433987b10542866696f0b4aaad015cc)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93835
Tested-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/framework/source/services/autorecovery.cxx b/framework/source/services/autorecovery.cxx
index e5563c508782..5b089449a3cb 100644
--- a/framework/source/services/autorecovery.cxx
+++ b/framework/source/services/autorecovery.cxx
@@ -55,6 +55,7 @@
#include <com/sun/star/beans/PropertyAttribute.hpp>
#include <com/sun/star/document/XDocumentPropertiesSupplier.hpp>
#include <com/sun/star/document/XDocumentRecovery.hpp>
+#include <com/sun/star/document/XExtendedFilterDetection.hpp>
#include <com/sun/star/util/XCloseable.hpp>
#include <com/sun/star/awt/XWindow2.hpp>
#include <com/sun/star/task/XStatusIndicatorFactory.hpp>
@@ -3438,6 +3439,37 @@ void AutoRecovery::implts_openOneDoc(const OUString& sURL ,
}
else
{
+ OUString sFilterName;
+ lDescriptor[utl::MediaDescriptor::PROP_FILTERNAME()] >>= sFilterName;
+ if (!sFilterName.isEmpty()
+ && ( sFilterName == "Calc MS Excel 2007 XML"
+ || sFilterName == "Impress MS PowerPoint 2007 XML"
+ || sFilterName == "MS Word 2007 XML"))
+ // TODO: Propbably need to check other affected formats + templates?
+ {
+ // tdf#129096: in case of recovery of password protected OOXML document it is done not
+ // the same way as ordinal loading. Inside XDocumentRecovery::recoverFromFile
+ // there is a call to XFilter::filter which has constant media descriptor and thus
+ // all encryption data used in document is lost. To avoid this try to walkaround
+ // with explicit call to FormatDetector. It will try to load document, prompt for password
+ // and store this info in media descriptor we will use for recoverFromFile call.
+ Reference< css::document::XExtendedFilterDetection > xDetection(
+ m_xContext->getServiceManager()->createInstanceWithContext(
+ "com.sun.star.comp.oox.FormatDetector", m_xContext),
+ UNO_QUERY_THROW);
+ lDescriptor[utl::MediaDescriptor::PROP_URL()] <<= sURL;
+ Sequence< css::beans::PropertyValue > aDescriptorSeq = lDescriptor.getAsConstPropertyValueList();
+ OUString sType = xDetection->detect(aDescriptorSeq);
+
+ OUString sNewFilterName;
+ lDescriptor[utl::MediaDescriptor::PROP_FILTERNAME()] >>= sNewFilterName;
+ if (!sType.isEmpty() && sNewFilterName == sFilterName)
+ {
+ // Filter detection was okay, update media descriptor with one received from FilterDetect
+ lDescriptor = aDescriptorSeq;
+ }
+ }
+
// let it recover itself
Reference< XDocumentRecovery > xDocRecover( xModel, UNO_QUERY_THROW );
xDocRecover->recoverFromFile(
commit a4303a34218f72686b6ebe58a3fd81020c0e6643
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Fri Jan 3 22:40:07 2020 +0300
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
tdf#93389: keep encryption information for autorecovered MS formats
The autorecovery data is stored in ODF, regardless of the original
document format. When restoring, type detection generates ODF data,
which is stored in the media descriptor attached to document, even
after real filter was restored (see AutoRecovery::implts_openDocs).
If real filter is not ODF, then at the save time, it doesn't find
necessary information in encryption data, and makes not encrypted
package.
This patch adds both MS binary data, and OOXML data, to existing
ODF data for recovered password-protected documents (regardless of
their real filter).
TODO: only add required information to encryption data: pass real
filter name to DocPasswordHelper::requestAndVerifyDocPassword from
AutoRecovery::implts_openDocs.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86201
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
Tested-by: Mike Kaganski <mike.kaganski at collabora.com>
(cherry picked from commit dd198398b6e5c84ab1255a90ef96e6445b66a64f)
Conflicts:
comphelper/source/misc/docpasswordhelper.cxx
Change-Id: I4717f067ad3c40167312b99eefef5584a467bfed
(cherry picked from commit 6017cdff264afc3b98beeba1330d6df28102fe7a)
Conflicts:
package/source/xstor/xstorage.cxx
sfx2/source/appl/appopen.cxx
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index 7febc7cf3798..660ce8aea89c 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -20,6 +20,9 @@
#include <algorithm>
#include <comphelper/docpasswordhelper.hxx>
+#include <comphelper/storagehelper.hxx>
+#include <comphelper/propertysequence.hxx>
+#include <comphelper/sequence.hxx>
#include <com/sun/star/beans/PropertyValue.hpp>
#include <com/sun/star/task/XInteractionHandler.hpp>
@@ -357,6 +360,25 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
OUString aPassword;
DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword;
+ sal_Int32 nMediaEncDataCount = rMediaEncData.getLength();
+
+ // tdf#93389: if the document is being restored from autorecovery, we need to add encryption
+ // data also for real document type.
+ // TODO: get real filter name here (from CheckPasswd_Impl), to only add necessary data
+ bool bForSalvage = false;
+ if (nMediaEncDataCount)
+ {
+ for (auto& val : rMediaEncData)
+ {
+ if (val.Name == "ForSalvage")
+ {
+ --nMediaEncDataCount; // don't consider this element below
+ val.Value >>= bForSalvage;
+ break;
+ }
+ }
+ }
+
// first, try provided default passwords
if( pbIsDefaultPassword )
*pbIsDefaultPassword = false;
@@ -381,7 +403,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
// try media encryption data (skip, if result is OK or ABORT)
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
- if( rMediaEncData.getLength() > 0 )
+ if (nMediaEncDataCount)
{
eResult = rVerifier.verifyEncryptionData( rMediaEncData );
if( eResult == DocPasswordVerifierResult::OK )
@@ -440,6 +462,26 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
aEncData = comphelper::concatSequences(
aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword));
}
+
+ if (bForSalvage)
+ {
+ // TODO: add individual methods for different target filter, and only call what's needed
+
+ // 1. Prepare binary MS formats encryption data
+ auto aUniqueID = GenerateRandomByteSequence(16);
+ auto aEnc97Key = GenerateStd97Key(aPassword.getStr(), aUniqueID);
+ // 2. Add MS binary and OOXML encryption data to result
+ uno::Sequence< beans::NamedValue > aContainer(3);
+ aContainer[0].Name = "STD97EncryptionKey";
+ aContainer[0].Value <<= aEnc97Key;
+ aContainer[1].Name = "STD97UniqueID";
+ aContainer[1].Value <<= aUniqueID;
+ aContainer[2].Name = "OOXPassword";
+ aContainer[2].Value <<= aPassword;
+
+ aEncData = comphelper::concatSequences(
+ aEncData, aContainer);
+ }
}
return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >();
diff --git a/package/source/xstor/owriteablestream.cxx b/package/source/xstor/owriteablestream.cxx
index 5f2fec2ac146..a40c61412540 100644
--- a/package/source/xstor/owriteablestream.cxx
+++ b/package/source/xstor/owriteablestream.cxx
@@ -74,9 +74,11 @@ struct WSInternalData_Impl
namespace package
{
-bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 )
+bool PackageEncryptionDataLessOrEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 )
{
- bool bResult = !aHash1.empty() && aHash1.size() == aHash2.size();
+ // tdf#93389: aHash2 may contain more than in aHash1, if it contains also data for other package
+ // formats (as in case of autorecovery)
+ bool bResult = !aHash1.empty() && aHash1.size() <= aHash2.size();
for ( ::comphelper::SequenceAsHashMap::const_iterator aIter = aHash1.begin();
bResult && aIter != aHash1.end();
++aIter )
@@ -1205,7 +1207,7 @@ uno::Reference< io::XStream > OWriteStream_Impl::GetStream( sal_Int32 nStreamMod
if ( m_bHasCachedEncryptionData )
{
- if ( !::package::PackageEncryptionDatasEqual( m_aEncryptionData, aEncryptionData ) )
+ if ( !::package::PackageEncryptionDataLessOrEqual( m_aEncryptionData, aEncryptionData ) )
throw packages::WrongPasswordException();
// the correct key must be set already
diff --git a/package/source/xstor/owriteablestream.hxx b/package/source/xstor/owriteablestream.hxx
index c84a653fca45..b380f801191e 100644
--- a/package/source/xstor/owriteablestream.hxx
+++ b/package/source/xstor/owriteablestream.hxx
@@ -63,7 +63,8 @@ struct MutexHolder
};
namespace package {
- bool PackageEncryptionDatasEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 );
+ // all data in aHash1 is contained in aHash2
+ bool PackageEncryptionDataLessOrEqual( const ::comphelper::SequenceAsHashMap& aHash1, const ::comphelper::SequenceAsHashMap& aHash2 );
}
struct WSInternalData_Impl;
diff --git a/package/source/xstor/xstorage.cxx b/package/source/xstor/xstorage.cxx
index 67d14da093dc..754324b25016 100644
--- a/package/source/xstor/xstorage.cxx
+++ b/package/source/xstor/xstorage.cxx
@@ -905,7 +905,7 @@ void OStorage_Impl::CopyStorageElement( SotElement_Impl* pElement,
AddLog( THROW_WHERE "No Encryption" );
}
- if ( bHasCommonEncryptionData && ::package::PackageEncryptionDatasEqual( pElement->m_pStream->GetCachedEncryptionData(), aCommonEncryptionData ) )
+ if ( bHasCommonEncryptionData && ::package::PackageEncryptionDataLessOrEqual( pElement->m_pStream->GetCachedEncryptionData(), aCommonEncryptionData ) )
{
// If the stream can be opened with the common storage password
// it must be stored with the common storage password as well
diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx
index 5f8bdaa46640..3250427f78d6 100644
--- a/sfx2/source/appl/appopen.cxx
+++ b/sfx2/source/appl/appopen.cxx
@@ -47,6 +47,7 @@
#include <comphelper/processfactory.hxx>
#include <comphelper/storagehelper.hxx>
#include <comphelper/string.hxx>
+#include <comphelper/sequence.hxx>
#include <comphelper/synchronousdispatch.hxx>
#include <vcl/wrkwin.hxx>
@@ -237,6 +238,21 @@ sal_uInt32 CheckPasswd_Impl
if ( pEncryptionDataItem )
pEncryptionDataItem->GetValue() >>= aEncryptionData;
+ // tdf#93389: if recoverying a document, encryption data should contain
+ // entries for the real filter, not only for recovery ODF, to keep it
+ // encrypted. Pass this in encryption data.
+ // TODO: pass here the real filter (from AutoRecovery::implts_openDocs)
+ // to marshal this to requestAndVerifyDocPassword
+ if (pSet->GetItemState(SID_DOC_SALVAGE, false) == SfxItemState::SET)
+ {
+ uno::Sequence< beans::NamedValue > aContainer(1);
+ aContainer[0].Name = "ForSalvage";
+ aContainer[0].Value <<= true;
+
+ aEncryptionData = comphelper::concatSequences(
+ aEncryptionData, aContainer);
+ }
+
SfxDocPasswordVerifier aVerifier( xStorage );
aEncryptionData = ::comphelper::DocPasswordHelper::requestAndVerifyDocPassword(
aVerifier, aEncryptionData, aPassword, xInteractionHandler, pFile->GetOrigURL(), comphelper::DocPasswordRequestType::Standard );
commit 86f4be667508c8c8879c18d5e620b58277a48c81
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Fri Nov 29 13:07:57 2019 +0300
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
tdf#118639: store ODF encryption data for autorecovery
When saving autorecovery information, ODF is used. If the original
document is password-protected, its autorecovery is also generated
password-protected (since ef87ff6680f79362a431db6e7ef2f40cfc576219).
But when the stored encryption data for non-ODF document does not
contain "PackageSHA256UTF8EncryptionKey" value, following
ZipPackage::GetEncryptionKey fails, so the whole save fails.
So just generate and append ODF encryption keys where we still have
user password.
Reviewed-on: https://gerrit.libreoffice.org/84052
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
(cherry picked from commit 63634738dd03cc74806ce6843c16ff5e51a371a0)
Reviewed-on: https://gerrit.libreoffice.org/84133
Reviewed-by: Xisco Faulí <xiscofauli at libreoffice.org>
(cherry picked from commit e569dc9824e95617d921bb8f115d243aea0125b9)
Reviewed-on: https://gerrit.libreoffice.org/84232
Reviewed-by: Adolfo Jayme Barrientos <fitojb at ubuntu.com>
(cherry picked from commit d1450f5bddd0f108078e0dfb11c9f130175fafe7)
Conflicts:
comphelper/source/misc/docpasswordhelper.cxx
Change-Id: I776e28de784489521e4941d1075690f90c056014
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index d384b4fd8375..7febc7cf3798 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -354,6 +354,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
bool* pbIsDefaultPassword )
{
css::uno::Sequence< css::beans::NamedValue > aEncData;
+ OUString aPassword;
DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword;
// first, try provided default passwords
@@ -367,8 +368,12 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
if( !aIt->isEmpty() )
{
eResult = rVerifier.verifyPassword( *aIt, aEncData );
- if( pbIsDefaultPassword )
- *pbIsDefaultPassword = eResult == DocPasswordVerifierResult::OK;
+ if (eResult == DocPasswordVerifierResult::OK)
+ {
+ aPassword = *aIt;
+ if (pbIsDefaultPassword)
+ *pbIsDefaultPassword = true;
+ }
}
}
}
@@ -388,7 +393,11 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
if( !rMediaPassword.isEmpty() )
+ {
eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = rMediaPassword;
+ }
}
// request a password (skip, if result is OK or ABORT)
@@ -404,6 +413,8 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
{
if( !pRequest->getPassword().isEmpty() )
eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = pRequest->getPassword();
}
else
{
@@ -416,6 +427,21 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
{
}
+ if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty())
+ {
+ if (std::find_if(std::cbegin(aEncData), std::cend(aEncData),
+ [](const css::beans::NamedValue& val) {
+ return val.Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8;
+ })
+ == std::cend(aEncData))
+ {
+ // tdf#118639: We need ODF encryption data for autorecovery, where password
+ // will already be unavailable, so generate and append it here
+ aEncData = comphelper::concatSequences(
+ aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword));
+ }
+ }
+
return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >();
}
diff --git a/sfx2/source/dialog/filedlghelper.cxx b/sfx2/source/dialog/filedlghelper.cxx
index b52d7d5a5058..2ea365511566 100644
--- a/sfx2/source/dialog/filedlghelper.cxx
+++ b/sfx2/source/dialog/filedlghelper.cxx
@@ -2621,6 +2621,8 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter,
{
if ( pPasswordRequest->getPassword().getLength() )
{
+ css::uno::Sequence< css::beans::NamedValue > aEncryptionData;
+
// TODO/LATER: The filters should show the password dialog themself in future
if ( bMSType )
{
@@ -2629,7 +2631,7 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter,
{
::comphelper::SequenceAsHashMap aHashData;
aHashData[ OUString( "OOXPassword" ) ] <<= pPasswordRequest->getPassword();
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( aHashData.getAsConstNamedValueList() ) ) );
+ aEncryptionData = aHashData.getAsConstNamedValueList();
}
else
{
@@ -2642,7 +2644,7 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter,
aHashData[ OUString( "STD97EncryptionKey" ) ] <<= aEncryptionKey;
aHashData[ OUString( "STD97UniqueID" ) ] <<= aUniqueID;
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( aHashData.getAsConstNamedValueList() ) ) );
+ aEncryptionData = aHashData.getAsConstNamedValueList();
}
else
{
@@ -2650,10 +2652,14 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter,
}
}
}
- else
- {
- pSet->Put( SfxUnoAnyItem( SID_ENCRYPTIONDATA, uno::makeAny( ::comphelper::OStorageHelper::CreatePackageEncryptionData( pPasswordRequest->getPassword() ) ) ) );
- }
+
+ // tdf#118639: We need ODF encryption data for autorecovery where password will already
+ // be unavailable, even for non-ODF documents, so append it here unconditionally
+ pSet->Put(SfxUnoAnyItem(
+ SID_ENCRYPTIONDATA,
+ uno::makeAny(comphelper::concatSequences(
+ aEncryptionData, comphelper::OStorageHelper::CreatePackageEncryptionData(
+ pPasswordRequest->getPassword())))));
}
if ( pPasswordRequest->getRecommendReadOnly() )
commit 7c78dbc48f41654f17f5cc10198bcb799ae5ae41
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Tue Apr 16 22:08:42 2019 +0200
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
tdf#124776: don't use SearchPathW to get full path of executable
... use GetModuleFileNameW() for that.
We call SetDllDirectoryW and SetSearchPathMode to improve security of
the process, and exclude some paths (including current directory) from
search when using API that looks for binaries whose names are not fully
qualified.
So the sequence is this:
1. Program is started using relative executable path like
"instdir\program\soffice";
2. sal_detail_initialize is called, which calls the two mentioned
hardening functions;
3. sal_detail_initialize calls osl_setCommandArgs, which in turn calls
osl_createCommandArgs_Impl;
4. The latter uses SearchPathW with empty path and first program arg
"instdir\program\soffice" to find fully qualified program path.
That now naturally fails, because current path is not searched.
But to find the process name, we need no search: we can simply use
GetModuleFileNameW() with NULL passed as module handle. Let's use that.
Note that we can't use _wpgmptr/_get_wpgmptr, because we don't use wide
entry point like wmain.
LHM-Stuff
---------
Dieser Patch löst das Problem wenn Symbols eingeschaltet ist, danach
konnte LO nicht mit scalc.exe, swriter.exe, .. gestartet werden den es
ist damit abgestürzt. (Dumpfile war im LO-Verzeichnis)
Reviewed-on: https://gerrit.libreoffice.org/70844
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
Tested-by: Mike Kaganski <mike.kaganski at collabora.com>
(cherry picked from commit c650217cc543080928a26de4bfc07ebb0be5c6ca)
Change-Id: I7a0013a0505f7bdd38164b09b045bfade9686664
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89689
Tested-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Conflicts:
sal/osl/w32/process.cxx
diff --git a/sal/osl/w32/process.cxx b/sal/osl/w32/process.cxx
index 8c3e1169116d..529b73a27b97 100644
--- a/sal/osl/w32/process.cxx
+++ b/sal/osl/w32/process.cxx
@@ -275,8 +275,8 @@ static rtl_uString ** osl_createCommandArgs_Impl (int argc, char **)
::osl::LongPathBuffer< sal_Unicode > aBuffer( MAX_LONG_PATH );
DWORD dwResult = 0;
- dwResult = SearchPath (
- 0, reinterpret_cast<LPCWSTR>(ppArgs[0]->buffer), L".exe", aBuffer.getBufSizeInSymbols(), ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), 0);
+ dwResult = GetModuleFileName (
+ 0, ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), aBuffer.getBufSizeInSymbols());
if ((0 < dwResult) && (dwResult < aBuffer.getBufSizeInSymbols()))
{
/* Replace argv[0] with its absolute path */
commit 28520676c22be8308d303d503238af220d99c2bd
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon May 11 20:46:43 2020 +0100
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
limit forms to http[s]
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93993
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 5d101a65c31e6c2f8dd0edffe05f69055cbd481c)
Conflicts:
forms/source/xforms/submission.cxx
Change-Id: I3ed0bc626f693ec03f610dc7361f93cad914c9d8
diff --git a/forms/source/xforms/submission.cxx b/forms/source/xforms/submission.cxx
index 1f71fa2ffb60..f41b89de86c0 100644
--- a/forms/source/xforms/submission.cxx
+++ b/forms/source/xforms/submission.cxx
@@ -255,6 +255,9 @@ bool Submission::doSubmit( const Reference< XInteractionHandler >& xHandler )
}
xSubmission->setEncoding(getEncoding());
+ if (!xSubmission->IsWebProtocol())
+ return false;
+
CSubmission::SubmissionResult aResult = xSubmission->submit( xHandler );
if (aResult == CSubmission::SUCCESS)
diff --git a/forms/source/xforms/submission/submission.hxx b/forms/source/xforms/submission/submission.hxx
index 927c0ab9048e..769bcaf6677e 100644
--- a/forms/source/xforms/submission/submission.hxx
+++ b/forms/source/xforms/submission/submission.hxx
@@ -133,6 +133,12 @@ public:
, m_xContext(::comphelper::getProcessComponentContext())
{}
+ bool IsWebProtocol() const
+ {
+ INetProtocol eProtocol = m_aURLObj.GetProtocol();
+ return eProtocol == INetProtocol::Http || eProtocol == INetProtocol::Https;
+ }
+
virtual ~CSubmission() {}
void setEncoding(const OUString& aEncoding)
commit ba45a24b54aebfab6429d2f19dd920272cacaa9f
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Jul 17 09:58:56 2018 +0100
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
put load of html images (to measure dimensions) under referer control
Change-Id: I1de4a5214ef48394dcafa97e4ea12bb460f2fba2
Reviewed-on: https://gerrit.libreoffice.org/57566
Tested-by: Jenkins
Reviewed-by: Eike Rathke <erack at redhat.com>
diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index 30a6fb8dc082..8884e5438d1b 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -40,6 +40,7 @@
#include <svtools/htmltokn.h>
#include <svtools/htmlkywd.hxx>
#include <unotools/eventcfg.hxx>
+#include <unotools/securityoptions.hxx>
#include <fmtornt.hxx>
#include <fmturl.hxx>
@@ -298,6 +299,20 @@ void SwHTMLParser::GetDefaultScriptType( ScriptType& rType,
rTypeStr = GetScriptTypeString( pHeaderAttrs );
}
+namespace
+{
+ bool allowAccessLink(SwDoc& rDoc)
+ {
+ OUString sReferer;
+ SfxObjectShell * sh = rDoc.GetPersist();
+ if (sh != nullptr && sh->HasName())
+ {
+ sReferer = sh->GetMedium()->GetName();
+ }
+ return !SvtSecurityOptions().isUntrustedReferer(sReferer);
+ }
+}
+
/* */
void SwHTMLParser::InsertImage()
@@ -595,7 +610,7 @@ IMAGE_SETEVENT:
bool bSetScaleImageMap = false;
sal_uInt8 nPrcWidth = 0, nPrcHeight = 0;
- if (!nWidth || !nHeight)
+ if ((!nWidth || !nHeight) && allowAccessLink(*m_pDoc))
{
GraphicDescriptor aDescriptor(aGraphicURL);
if (aDescriptor.Detect(/*bExtendedInfo=*/true))
@@ -603,7 +618,7 @@ IMAGE_SETEVENT:
// Try to use size info from the image header before defaulting to
// HTML_DFLT_IMG_WIDTH/HEIGHT.
aTwipSz = Application::GetDefaultDevice()->PixelToLogic(aDescriptor.GetSizePixel(),
- MapMode(MapUnit::MapTwip));
+ MapMode(MAP_TWIP));
nWidth = aTwipSz.getWidth();
nHeight = aTwipSz.getHeight();
}
commit 195c70008f6fc9c9b4ac0568b04e3eaf3a034181
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Wed Apr 18 09:46:34 2018 +0200
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Mon Jun 8 22:25:21 2020 +0200
sw HTML import: use GraphicDescriptor to determine default size
Rather than the hardcoded HTML_DFLT_IMG_WIDTH / HTML_DFLT_IMG_HEIGHT
defines.
Change-Id: I4ed2207ce3fdcd247054941d91eb67a679fb370c
Reviewed-on: https://gerrit.libreoffice.org/53081
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
Conflicts:
sw/qa/extras/htmlimport/htmlimport.cxx
diff --git a/sw/qa/extras/htmlimport/data/image-size.html b/sw/qa/extras/htmlimport/data/image-size.html
new file mode 100644
index 000000000000..a26c606100cf
--- /dev/null
+++ b/sw/qa/extras/htmlimport/data/image-size.html
@@ -0,0 +1,25 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+ <title></title>
+ <style type="text/css">
+ @page { size: 21.59cm 27.94cm; margin: 2cm }
+ p { margin-bottom: 0.25cm; line-height: 115%; background: transparent }
+ </style>
+</head>
+<body lang="en-US" link="#000080" vlink="#800000" dir="ltr"><p style="margin-bottom: 0cm; line-height: 100%">
+<br/>
+
+</p>
+<p style="margin-bottom: 0cm; line-height: 100%; page-break-before: always">
+<br/>
+
+</p>
+<p style="margin-bottom: 0cm; line-height: 100%; page-break-before: always">
+<img src="libreoffice.jpg" name="Image1" align="left" border="0"/>
+<br/>
+
+</p>
+</body>
+</html>
diff --git a/sw/qa/extras/htmlimport/data/libreoffice.jpg b/sw/qa/extras/htmlimport/data/libreoffice.jpg
new file mode 100644
index 000000000000..14af080b147f
Binary files /dev/null and b/sw/qa/extras/htmlimport/data/libreoffice.jpg differ
diff --git a/sw/qa/extras/htmlimport/htmlimport.cxx b/sw/qa/extras/htmlimport/htmlimport.cxx
index 4f8ec0e227b0..4303a31c0d29 100644
--- a/sw/qa/extras/htmlimport/htmlimport.cxx
+++ b/sw/qa/extras/htmlimport/htmlimport.cxx
@@ -126,6 +126,19 @@ DECLARE_HTMLIMPORT_TEST(testInlinedImagesPageAndParagraph, "PageAndParagraphFill
}
}
+DECLARE_HTMLIMPORT_TEST(testImageSize, "image-size.html")
+{
+ awt::Size aSize = getShape(1)->getSize();
+ OutputDevice* pDevice = Application::GetDefaultDevice();
+ Size aPixelSize(200, 400);
+ Size aExpected = pDevice->PixelToLogic(aPixelSize, MapMode(MAP_100TH_MM));
+
+ // This was 1997, i.e. a hardcoded default, we did not look at the image
+ // header when the HTML markup declared no size.
+ CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int32>(aExpected.getWidth()), aSize.Width);
+ CPPUNIT_ASSERT_EQUAL(static_cast<sal_Int32>(aExpected.getHeight()), aSize.Height);
+}
+
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index c83eafe5d36c..30a6fb8dc082 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -595,6 +595,20 @@ IMAGE_SETEVENT:
bool bSetScaleImageMap = false;
sal_uInt8 nPrcWidth = 0, nPrcHeight = 0;
+ if (!nWidth || !nHeight)
+ {
+ GraphicDescriptor aDescriptor(aGraphicURL);
+ if (aDescriptor.Detect(/*bExtendedInfo=*/true))
+ {
+ // Try to use size info from the image header before defaulting to
+ // HTML_DFLT_IMG_WIDTH/HEIGHT.
+ aTwipSz = Application::GetDefaultDevice()->PixelToLogic(aDescriptor.GetSizePixel(),
+ MapMode(MapUnit::MapTwip));
+ nWidth = aTwipSz.getWidth();
+ nHeight = aTwipSz.getHeight();
+ }
+ }
+
if( !nWidth || !nHeight )
{
// Es fehlt die Breite oder die Hoehe
More information about the Libreoffice-commits
mailing list