[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - desktop/source extensions/source include/curlinit.hxx lingucomponent/source linguistic/source svl/source ucb/source
desktop/source/app/updater.cxx|4 desktop/source/minidump/minidump.cxx |4 extensions/source/update/check/download.cxx |4 include/curlinit.hxx | 59 ++ lingucomponent/source/spellcheck/languagetool/languagetoolimp.cxx |5 linguistic/source/translate.cxx |4 svl/source/crypto/cryptosign.cxx |6 + ucb/source/ucp/cmis/cmis_content.cxx |5 ucb/source/ucp/ftp/ftploaderthread.cxx|4 ucb/source/ucp/webdav-curl/CurlSession.cxx|2 10 files changed, 97 insertions(+) New commits: commit 045bef390a025c3615d904524bf5ee21fa697ca4 Author: Michael Stahl AuthorDate: Fri Nov 3 20:16:09 2023 +0100 Commit: Xisco Fauli CommitDate: Mon Nov 20 16:29:41 2023 +0100 curl: mitigate migration to OpenSSL on Linux The problem is that curl 8.3.0 removed the NSS backend, so we now have no other choice than to use the bundled OpenSSL on Linux. Currently any curl https connection fails with: CurlSession.cxx:963: curl_easy_perform failed: (60) SSL certificate problem: unable to get local issuer certificate Apparently this requires manually telling curl which CA certificates to trust; there is a configure flag --with-ca-bundle but that is useless as it tries to load the file relative to whatever is the current working directory, and also did i mention that there are at least 3 different locations where a Linux system may store its system trusted CA certificates because ALL ABOUT CHOICE. So add a new header with an init function to try out various file locations listed in this nice blog article and call it from way too many places that independently use curl. https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/ TODO: perhaps bundle a cacert.pem as a fallback in case the system chose to innovate by putting its certificates in yet another unexpected place (regression from commit c2930ebff82c4f7ffe8377ab82627131f8544226) Change-Id: Ibf1cc0069bc2ae011ecead9a4c2b455e94b01241 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158915 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit 11f439b861922b9286b2e47ed326f3508a48d44e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159125 Reviewed-by: Xisco Fauli diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx index 5fb18dfad0bf..4e4d2cda413f 100644 --- a/desktop/source/app/updater.cxx +++ b/desktop/source/app/updater.cxx @@ -37,6 +37,8 @@ #include #include #include + +#include #include #include @@ -546,6 +548,8 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash) if (!curl) return std::string(); +::InitCurl_easy(curl.get()); + curl_easy_setopt(curl.get(), CURLOPT_URL, rURL.getStr()); curl_easy_setopt(curl.get(), CURLOPT_USERAGENT, kUserAgent); bool bUseProxy = false; diff --git a/desktop/source/minidump/minidump.cxx b/desktop/source/minidump/minidump.cxx index 0bf20f2aa419..7fbb0884987d 100644 --- a/desktop/source/minidump/minidump.cxx +++ b/desktop/source/minidump/minidump.cxx @@ -17,6 +17,8 @@ #include +#include + #ifdef _WIN32 #include #include @@ -95,6 +97,8 @@ static bool uploadContent(std::map& parameters, std::s if (!curl) return false; +::InitCurl_easy(curl); + std::string proxy, proxy_user_pwd, ca_certificate_file, file, url, version; getProperty("Proxy", proxy, parameters); diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx index ba371bdee570..cdbbe2c32734 100644 --- a/extensions/source/update/check/download.cxx +++ b/extensions/source/update/check/download.cxx @@ -23,6 +23,8 @@ #include +#include + #include #include #include @@ -222,6 +224,8 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro if( nullptr != pCURL ) { +::InitCurl_easy(pCURL); + out.curl = pCURL; OString aURL(OUStringToOString(rURL, RTL_TEXTENCODING_UTF8)); diff --git a/include/curlinit.hxx b/include/curlinit.hxx new file mode 100644 index ..8b3a9968419d --- /dev/null +++ b/include/curlinit.hxx @@ -0,0 +1,59 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MP
[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - desktop/source extensions/source
desktop/source/app/updater.cxx |6 +++--- extensions/source/update/check/download.cxx |6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) New commits: commit fc4b3cf771499b7f333ed7ec4779d0cfaa2c875a Author: Julien Nabet AuthorDate: Wed Jan 11 11:28:27 2023 +0100 Commit: Christian Lohmaier CommitDate: Thu Jan 12 20:22:41 2023 + Curl:CURLOPT_REDIR_PROTOCOLS(_STR): use only "https", not "http" Change-Id: If615503b598f6823d7978f12e666832c82b63ece Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145334 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit e78859005b632860c9464335fdf6836c4fd41807) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145310 Reviewed-by: Christian Lohmaier diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx index f74dfbeceb6e..5fb18dfad0bf 100644 --- a/desktop/source/app/updater.cxx +++ b/desktop/source/app/updater.cxx @@ -562,11 +562,11 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash) headerlist = curl_slist_append(headerlist, buf); curl_easy_setopt(curl.get(), CURLOPT_HTTPHEADER, headerlist); curl_easy_setopt(curl.get(), CURLOPT_FOLLOWLOCATION, 1); // follow redirects -// only allow redirect to http:// and https:// +// only allow redirect to https:// #if (LIBCURL_VERSION_MAJOR > 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 85) -curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS_STR, "http,https"); +curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS_STR, "https"); #else -curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS); #endif std::string response_body; diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx index 4ba5863930ba..ba371bdee570 100644 --- a/extensions/source/update/check/download.cxx +++ b/extensions/source/update/check/download.cxx @@ -232,11 +232,11 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro // enable redirection (void)curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1); -// only allow redirect to http:// and https:// +// only allow redirect to https:// #if (LIBCURL_VERSION_MAJOR > 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 85) -curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"); +curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS_STR, "https"); #else -curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS); #endif // write function
[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - desktop/source extensions/source
desktop/source/app/updater.cxx |6 +- extensions/source/update/check/download.cxx | 22 +- 2 files changed, 18 insertions(+), 10 deletions(-) New commits: commit 3a3f6fb74781b4e1def227e88d2b96449acdc4c1 Author: Julien Nabet AuthorDate: Mon Jan 9 13:54:45 2023 +0100 Commit: Xisco Fauli CommitDate: Thu Jan 12 08:23:36 2023 + Fix types for Curl elements (update part) "CURLOPT_REDIR_PROTOCOLS_STR" has been added with Curl 7.85 so check if Curl version is 7.85 min or use the previous version "CURLOPT_REDIR_PROTOCOLS" Change-Id: Iacf6a3c37aba63d615eaa93352b098b1c9183533 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145208 Reviewed-by: Michael Stahl Tested-by: Jenkins (cherry picked from commit 071c66521c6db7136ea7f4606d48ab9fbcc4c71d) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145304 Reviewed-by: Xisco Fauli diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx index 9f60a64d7235..f74dfbeceb6e 100644 --- a/desktop/source/app/updater.cxx +++ b/desktop/source/app/updater.cxx @@ -563,7 +563,11 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash) curl_easy_setopt(curl.get(), CURLOPT_HTTPHEADER, headerlist); curl_easy_setopt(curl.get(), CURLOPT_FOLLOWLOCATION, 1); // follow redirects // only allow redirect to http:// and https:// -curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS_STR, CURLPROTO_HTTP | CURLPROTO_HTTPS); +#if (LIBCURL_VERSION_MAJOR > 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 85) +curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS_STR, "http,https"); +#else +curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +#endif std::string response_body; utl::TempFileNamed aTempFile; diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx index 3b76f9cc8a27..4ba5863930ba 100644 --- a/extensions/source/update/check/download.cxx +++ b/extensions/source/update/check/download.cxx @@ -60,8 +60,8 @@ static void openFile( OutData& out ) char * effective_url; curl_easy_getinfo(out.curl, CURLINFO_EFFECTIVE_URL, &effective_url); -double fDownloadSize; -curl_easy_getinfo(out.curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &fDownloadSize); +curl_off_t nDownloadSize; +curl_easy_getinfo(out.curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &nDownloadSize); OString aURL(effective_url); @@ -94,7 +94,7 @@ static void openFile( OutData& out ) } while( osl_File_E_EXIST == rc ); if( osl_File_E_None == rc ) -out.Handler->downloadStarted(out.File, static_cast(fDownloadSize)); +out.Handler->downloadStarted(out.File, static_cast(nDownloadSize)); } } @@ -140,7 +140,7 @@ write_function( void *ptr, size_t size, size_t nmemb, void *stream ) static int -progress_callback( void *clientp, double dltotal, double dlnow, SAL_UNUSED_PARAMETER double, SAL_UNUSED_PARAMETER double ) +progress_callback( void *clientp, curl_off_t dltotal, curl_off_t dlnow, SAL_UNUSED_PARAMETER curl_off_t, SAL_UNUSED_PARAMETER curl_off_t) { OutData *out = static_cast < OutData * > (clientp); @@ -148,7 +148,7 @@ progress_callback( void *clientp, double dltotal, double dlnow, SAL_UNUSED_PARAM if (out && !out->StopCondition.check()) { -double fPercent = 0; +float fPercent = 0; if ( dltotal + out->Offset ) fPercent = (dlnow + out->Offset) * 100 / (dltotal + out->Offset); if( fPercent < 0 ) @@ -233,7 +233,11 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro // enable redirection (void)curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1); // only allow redirect to http:// and https:// -(void)curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS_STR, CURLPROTO_HTTP | CURLPROTO_HTTPS); +#if (LIBCURL_VERSION_MAJOR > 7) || (LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 85) +curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"); +#else +curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +#endif // write function (void)curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out); @@ -274,9 +278,9 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro { // this sometimes happens, when a user throws away his user data, but has already // completed the download of an update. -double fDownloadSize; -curl_easy_getinfo( pCURL, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &fDownloadSize ); -if ( -1 == fDownloadSize ) +curl_off_t nDownloadSize; +curl_easy_getinfo( pCURL, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &nDownloadSize ); +if ( -1 == nDownloadS
[Libreoffice-commits] core.git: Branch 'libreoffice-7-5' - desktop/source extensions/source
desktop/source/app/updater.cxx |2 +- extensions/source/update/check/download.cxx |8 2 files changed, 5 insertions(+), 5 deletions(-) New commits: commit b0684feb0a1f012adaa9bb21bf730bf90601e9d9 Author: Julien Nabet AuthorDate: Mon Jan 9 09:01:41 2023 +0100 Commit: Xisco Fauli CommitDate: Wed Jan 11 09:46:31 2023 + Fix deprecated Curl elements for update part Change-Id: Ide008c8a80800b33c8104ec3d697e836fae73827 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145186 Tested-by: Jenkins Reviewed-by: Julien Nabet (cherry picked from commit 6410fafc6f4d58062d82f86549303f4ae2eec32a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145223 Reviewed-by: Xisco Fauli diff --git a/desktop/source/app/updater.cxx b/desktop/source/app/updater.cxx index e0d5bcd832b5..9f60a64d7235 100644 --- a/desktop/source/app/updater.cxx +++ b/desktop/source/app/updater.cxx @@ -563,7 +563,7 @@ std::string download_content(const OString& rURL, bool bFile, OUString& rHash) curl_easy_setopt(curl.get(), CURLOPT_HTTPHEADER, headerlist); curl_easy_setopt(curl.get(), CURLOPT_FOLLOWLOCATION, 1); // follow redirects // only allow redirect to http:// and https:// -curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +curl_easy_setopt(curl.get(), CURLOPT_REDIR_PROTOCOLS_STR, CURLPROTO_HTTP | CURLPROTO_HTTPS); std::string response_body; utl::TempFileNamed aTempFile; diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx index 387c1efd7a4f..3b76f9cc8a27 100644 --- a/extensions/source/update/check/download.cxx +++ b/extensions/source/update/check/download.cxx @@ -61,7 +61,7 @@ static void openFile( OutData& out ) curl_easy_getinfo(out.curl, CURLINFO_EFFECTIVE_URL, &effective_url); double fDownloadSize; -curl_easy_getinfo(out.curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &fDownloadSize); +curl_easy_getinfo(out.curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &fDownloadSize); OString aURL(effective_url); @@ -233,7 +233,7 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro // enable redirection (void)curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1); // only allow redirect to http:// and https:// -(void)curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); +(void)curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS_STR, CURLPROTO_HTTP | CURLPROTO_HTTPS); // write function (void)curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out); @@ -241,7 +241,7 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro // progress handler - Condition::check unfortunately is not defined const (void)curl_easy_setopt(pCURL, CURLOPT_NOPROGRESS, 0); -(void)curl_easy_setopt(pCURL, CURLOPT_PROGRESSFUNCTION, &progress_callback); +(void)curl_easy_setopt(pCURL, CURLOPT_XFERINFOFUNCTION, &progress_callback); (void)curl_easy_setopt(pCURL, CURLOPT_PROGRESSDATA, &out); // proxy @@ -275,7 +275,7 @@ static bool curl_run(std::u16string_view rURL, OutData& out, const OString& aPro // this sometimes happens, when a user throws away his user data, but has already // completed the download of an update. double fDownloadSize; -curl_easy_getinfo( pCURL, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &fDownloadSize ); +curl_easy_getinfo( pCURL, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &fDownloadSize ); if ( -1 == fDownloadSize ) { out.Handler->downloadFinished(out.File);