subject:"bug#59292\: libreoffice password protection doesn't work"

bug#59292: libreoffice password protection doesn't work

2023-02-18 Thread Maxim Cournoyer

Hello,

Maxim Cournoyer  writes:

> Hi again,
>
> Maxim Cournoyer  writes:
>
> [...]
>
>> It never resolves libnssckbi.so.
>>
>> LibreOffice attempts to load this library in
>> xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
>> 'nsscrypto_initialize' procedure.
>>
>> The library appears to be dynamically loaded via SECMOD_LoadUserModule.
>> Perhaps we can patch 'OUString rootModule("libnssckbi"
>> SAL_DLLEXTENSION)' to its full name.  Some more output, after building
>> libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
>> environment variable:
>>
>> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called 
>> with: libnssckbi.so
>> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: 
>> libnssckbi.so
>> info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471:
>>  FAILED to load the new root certificate module Root Certs for 
>> OpenOffice.orgcontained in libnssckbi.so
>> warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can 
>> not create SHA256 digest!
>> warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138:
>> Can't write encryption related properties
>> com.sun.star.uno.RuntimeException message: "No expected key is
>> provided! at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
>> info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274:
>> Rethrow com.sun.star.io.IOException message: "No expected key is
>> provided! at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243
>> at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
>>
>> So it seems to cause an error, which is apparently ignored.
>
> I confirm this is the problem.  A workaround is to augment
> LD_LIBRARY_PATH, e.g.:
>
> "LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH 
> /gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc"

I've reported the problem upstream [0], and push a fix for our package
with 9f21ca83a89a5e6c808b58fab0dc54b7785c26b7 ("gnu: libreoffice: Fix
password encryption issue.").

Closing!

[0]  https://bugs.documentfoundation.org/show_bug.cgi?id=153714

-- 
Thanks,
Maxim

bug#59292: libreoffice password protection doesn't work

2023-02-17 Thread Maxim Cournoyer

Hi again,

Maxim Cournoyer  writes:

[...]

> It never resolves libnssckbi.so.
>
> LibreOffice attempts to load this library in
> xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
> 'nsscrypto_initialize' procedure.
>
> The library appears to be dynamically loaded via SECMOD_LoadUserModule.
> Perhaps we can patch 'OUString rootModule("libnssckbi"
> SAL_DLLEXTENSION)' to its full name.  Some more output, after building
> libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
> environment variable:
>
> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called 
> with: libnssckbi.so
> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: 
> libnssckbi.so
> info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471:
>  FAILED to load the new root certificate module Root Certs for 
> OpenOffice.orgcontained in libnssckbi.so
> warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can 
> not create SHA256 digest!
> warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: 
> Can't write encryption related properties com.sun.star.uno.RuntimeException 
> message: "No expected key is provided! at 
> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
> info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow 
> com.sun.star.io.IOException message: "No expected key is provided! at 
> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243
>  at 
> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
>
> So it seems to cause an error, which is apparently ignored.

I confirm this is the problem.  A workaround is to augment
LD_LIBRARY_PATH, e.g.:

--8<---cut here---start->8---
"LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH 
/gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc"
--8<---cut here---end--->8---

-- 
Thanks,
Maxim

bug#59292: libreoffice password protection doesn't work

2023-02-17 Thread Maxim Cournoyer

Hi,

It may have to do with not correctly finding the "libnssckbi.so" share
library, which is from NSS.  Here's what tipped me to it, in strace
output:

--8<---cut here---start->8---
13 matches for "ckbi" in buffer: *scratch*
169:[pid  2594] openat(AT_FDCWD, 
"/home/maxim/.thunderbird/sjp3hftb.default/libnssckbi.so", O_RDONLY|O_CLOEXEC) 
= -1 ENOENT (No such file or directory)
171:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/rrid5nx9cbrq0flkhc1rv4b5hk4w70ib-nspr-4.34/lib/libnssckbi.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
172:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
173:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/libnssckbi.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
174:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
176:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
178:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
180:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
182:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
184:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
186:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
188:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../libnssckbi.so",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
190:[pid  2594] openat(AT_FDCWD, 
"/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", 
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
--8<---cut here---end--->8---

It never resolves libnssckbi.so.

LibreOffice attempts to load this library in
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
'nsscrypto_initialize' procedure.

The library appears to be dynamically loaded via SECMOD_LoadUserModule.
Perhaps we can patch 'OUString rootModule("libnssckbi"
SAL_DLLEXTENSION)' to its full name.  Some more output, after building
libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
environment variable:

--8<---cut here---start->8---
info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called 
with: libnssckbi.so
info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: 
libnssckbi.so
info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471:
 FAILED to load the new root certificate module Root Certs for 
OpenOffice.orgcontained in libnssckbi.so
warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can not 
create SHA256 digest!
warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: 
Can't write encryption related properties com.sun.star.uno.RuntimeException 
message: "No expected key is provided! at 
/tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow 
com.sun.star.io.IOException message: "No expected key is provided! at 
/tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243
 at 
/tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
--8<---cut here---end--->8---

So it seems to cause an error, which is apparently ignored.

-- 
Thanks,
Maxim

bug#59292: libreoffice password protection doesn't work

2023-02-17 Thread Maxim Cournoyer

Hello,

Maxim Cournoyer  writes:

> Hi,
>
> When password-protecting (encrypting) a file with LibreOffice, it fails
> silently, leaving the file unprotected (!).
>
> Reproducer:
>
> 1. Launch Calc with 'libreoffice --calc'.
> 2. Input something in the first cell.
> 3. Select File -> Save As.  At the bottom left of the dialog box, make
> sure to tick the "Save with password" box.  Give it a name,
> e.g. very-secret.ods, then click on "Save".
> 4. Enter a dummy password, such as 1234.
> 5. Quit LibreOffice Calc.
>
> 6. Open the assumed protected file, with 'libreoffice --calc
> very-secret.ods'.  Notice the file is open without any password.
>
> No output is printed at the console, and if you have an truly
> password-encrypted file, it won't be able to open it.

Attached is a sample ODS file, produced on a different GNU/Linux
distribution immune to the problem.  The password is: "1234".



password-protected-spreadsheet.ods
Description: Binary data

When attempting to open it with our LibreOffice, it says: "The password
is incorrect. The file cannot be opened.", which is a lie.

-- 
Thanks,
Maxim

bug#59292: libreoffice password protection doesn't work

2022-11-15 Thread Maxim Cournoyer

Hi,

When password-protecting (encrypting) a file with LibreOffice, it fails
silently, leaving the file unprotected (!).

Reproducer:

1. Launch Calc with 'libreoffice --calc'.
2. Input something in the first cell.
3. Select File -> Save As.  At the bottom left of the dialog box, make
sure to tick the "Save with password" box.  Give it a name,
e.g. very-secret.ods, then click on "Save".
4. Enter a dummy password, such as 1234.
5. Quit LibreOffice Calc.

6. Open the assumed protected file, with 'libreoffice --calc
very-secret.ods'.  Notice the file is open without any password.

No output is printed at the console, and if you have an truly
password-encrypted file, it won't be able to open it.

-- 
Thanks,
Maxim

bug#59292: libreoffice password protection doesn't work

bug#59292: libreoffice password protection doesn't work

bug#59292: libreoffice password protection doesn't work

bug#59292: libreoffice password protection doesn't work

bug#59292: libreoffice password protection doesn't work

5 matches

Site Navigation

Mail list logo

Footer information