bug#59292: libreoffice password protection doesn't work
Hello, Maxim Cournoyer writes: > Hi again, > > Maxim Cournoyer writes: > > [...] > >> It never resolves libnssckbi.so. >> >> LibreOffice attempts to load this library in >> xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the >> 'nsscrypto_initialize' procedure. >> >> The library appears to be dynamically loaded via SECMOD_LoadUserModule. >> Perhaps we can patch 'OUString rootModule("libnssckbi" >> SAL_DLLEXTENSION)' to its full name. Some more output, after building >> libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO' >> environment variable: >> >> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called >> with: libnssckbi.so >> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: >> libnssckbi.so >> info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: >> FAILED to load the new root certificate module Root Certs for >> OpenOffice.orgcontained in libnssckbi.so >> warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can >> not create SHA256 digest! >> warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: >> Can't write encryption related properties >> com.sun.star.uno.RuntimeException message: "No expected key is >> provided! at >> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243" >> info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: >> Rethrow com.sun.star.io.IOException message: "No expected key is >> provided! at >> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243 >> at >> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140" >> >> So it seems to cause an error, which is apparently ignored. > > I confirm this is the problem. A workaround is to augment > LD_LIBRARY_PATH, e.g.: > > "LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH > /gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc" I've reported the problem upstream [0], and push a fix for our package with 9f21ca83a89a5e6c808b58fab0dc54b7785c26b7 ("gnu: libreoffice: Fix password encryption issue."). Closing! [0] https://bugs.documentfoundation.org/show_bug.cgi?id=153714 -- Thanks, Maxim
bug#59292: libreoffice password protection doesn't work
Hi again, Maxim Cournoyer writes: [...] > It never resolves libnssckbi.so. > > LibreOffice attempts to load this library in > xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the > 'nsscrypto_initialize' procedure. > > The library appears to be dynamically loaded via SECMOD_LoadUserModule. > Perhaps we can patch 'OUString rootModule("libnssckbi" > SAL_DLLEXTENSION)' to its full name. Some more output, after building > libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO' > environment variable: > > info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called > with: libnssckbi.so > info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: > libnssckbi.so > info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: > FAILED to load the new root certificate module Root Certs for > OpenOffice.orgcontained in libnssckbi.so > warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can > not create SHA256 digest! > warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: > Can't write encryption related properties com.sun.star.uno.RuntimeException > message: "No expected key is provided! at > /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243" > info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow > com.sun.star.io.IOException message: "No expected key is provided! at > /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243 > at > /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140" > > So it seems to cause an error, which is apparently ignored. I confirm this is the problem. A workaround is to augment LD_LIBRARY_PATH, e.g.: --8<---cut here---start->8--- "LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH /gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc" --8<---cut here---end--->8--- -- Thanks, Maxim
bug#59292: libreoffice password protection doesn't work
Hi, It may have to do with not correctly finding the "libnssckbi.so" share library, which is from NSS. Here's what tipped me to it, in strace output: --8<---cut here---start->8--- 13 matches for "ckbi" in buffer: *scratch* 169:[pid 2594] openat(AT_FDCWD, "/home/maxim/.thunderbird/sjp3hftb.default/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 171:[pid 2594] openat(AT_FDCWD, "/gnu/store/rrid5nx9cbrq0flkhc1rv4b5hk4w70ib-nspr-4.34/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 172:[pid 2594] openat(AT_FDCWD, "/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 173:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 174:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 176:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 178:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 180:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 182:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 184:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 186:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 188:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 190:[pid 2594] openat(AT_FDCWD, "/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) --8<---cut here---end--->8--- It never resolves libnssckbi.so. LibreOffice attempts to load this library in xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the 'nsscrypto_initialize' procedure. The library appears to be dynamically loaded via SECMOD_LoadUserModule. Perhaps we can patch 'OUString rootModule("libnssckbi" SAL_DLLEXTENSION)' to its full name. Some more output, after building libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO' environment variable: --8<---cut here---start->8--- info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called with: libnssckbi.so info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: libnssckbi.so info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: FAILED to load the new root certificate module Root Certs for OpenOffice.orgcontained in libnssckbi.so warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can not create SHA256 digest! warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: Can't write encryption related properties com.sun.star.uno.RuntimeException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243" info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow com.sun.star.io.IOException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243 at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140" --8<---cut here---end--->8--- So it seems to cause an error, which is apparently ignored. -- Thanks, Maxim
bug#59292: libreoffice password protection doesn't work
Hello, Maxim Cournoyer writes: > Hi, > > When password-protecting (encrypting) a file with LibreOffice, it fails > silently, leaving the file unprotected (!). > > Reproducer: > > 1. Launch Calc with 'libreoffice --calc'. > 2. Input something in the first cell. > 3. Select File -> Save As. At the bottom left of the dialog box, make > sure to tick the "Save with password" box. Give it a name, > e.g. very-secret.ods, then click on "Save". > 4. Enter a dummy password, such as 1234. > 5. Quit LibreOffice Calc. > > 6. Open the assumed protected file, with 'libreoffice --calc > very-secret.ods'. Notice the file is open without any password. > > No output is printed at the console, and if you have an truly > password-encrypted file, it won't be able to open it. Attached is a sample ODS file, produced on a different GNU/Linux distribution immune to the problem. The password is: "1234". password-protected-spreadsheet.ods Description: Binary data When attempting to open it with our LibreOffice, it says: "The password is incorrect. The file cannot be opened.", which is a lie. -- Thanks, Maxim
bug#59292: libreoffice password protection doesn't work
Hi, When password-protecting (encrypting) a file with LibreOffice, it fails silently, leaving the file unprotected (!). Reproducer: 1. Launch Calc with 'libreoffice --calc'. 2. Input something in the first cell. 3. Select File -> Save As. At the bottom left of the dialog box, make sure to tick the "Save with password" box. Give it a name, e.g. very-secret.ods, then click on "Save". 4. Enter a dummy password, such as 1234. 5. Quit LibreOffice Calc. 6. Open the assumed protected file, with 'libreoffice --calc very-secret.ods'. Notice the file is open without any password. No output is printed at the console, and if you have an truly password-encrypted file, it won't be able to open it. -- Thanks, Maxim