* bug#59292: libreoffice password protection doesn't work
@ 2022-11-16 1:08 Maxim Cournoyer
2023-02-17 20:43 ` Maxim Cournoyer
0 siblings, 1 reply; 5+ messages in thread
From: Maxim Cournoyer @ 2022-11-16 1:08 UTC (permalink / raw)
To: 59292
Hi,
When password-protecting (encrypting) a file with LibreOffice, it fails
silently, leaving the file unprotected (!).
Reproducer:
1. Launch Calc with 'libreoffice --calc'.
2. Input something in the first cell.
3. Select File -> Save As. At the bottom left of the dialog box, make
sure to tick the "Save with password" box. Give it a name,
e.g. very-secret.ods, then click on "Save".
4. Enter a dummy password, such as 1234.
5. Quit LibreOffice Calc.
6. Open the assumed protected file, with 'libreoffice --calc
very-secret.ods'. Notice the file is open without any password.
No output is printed at the console, and if you have an truly
password-encrypted file, it won't be able to open it.
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#59292: libreoffice password protection doesn't work
2022-11-16 1:08 bug#59292: libreoffice password protection doesn't work Maxim Cournoyer
@ 2023-02-17 20:43 ` Maxim Cournoyer
2023-02-18 4:27 ` Maxim Cournoyer
0 siblings, 1 reply; 5+ messages in thread
From: Maxim Cournoyer @ 2023-02-17 20:43 UTC (permalink / raw)
To: 59292
[-- Attachment #1: Type: text/plain, Size: 926 bytes --]
Hello,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Hi,
>
> When password-protecting (encrypting) a file with LibreOffice, it fails
> silently, leaving the file unprotected (!).
>
> Reproducer:
>
> 1. Launch Calc with 'libreoffice --calc'.
> 2. Input something in the first cell.
> 3. Select File -> Save As. At the bottom left of the dialog box, make
> sure to tick the "Save with password" box. Give it a name,
> e.g. very-secret.ods, then click on "Save".
> 4. Enter a dummy password, such as 1234.
> 5. Quit LibreOffice Calc.
>
> 6. Open the assumed protected file, with 'libreoffice --calc
> very-secret.ods'. Notice the file is open without any password.
>
> No output is printed at the console, and if you have an truly
> password-encrypted file, it won't be able to open it.
Attached is a sample ODS file, produced on a different GNU/Linux
distribution immune to the problem. The password is: "1234".
[-- Attachment #2: password-protected-spreadsheet.ods --]
[-- Type: application/octet-stream, Size: 12353 bytes --]
[-- Attachment #3: Type: text/plain, Size: 151 bytes --]
When attempting to open it with our LibreOffice, it says: "The password
is incorrect. The file cannot be opened.", which is a lie.
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#59292: libreoffice password protection doesn't work
2023-02-17 20:43 ` Maxim Cournoyer
@ 2023-02-18 4:27 ` Maxim Cournoyer
2023-02-18 4:32 ` Maxim Cournoyer
0 siblings, 1 reply; 5+ messages in thread
From: Maxim Cournoyer @ 2023-02-18 4:27 UTC (permalink / raw)
To: 59292
Hi,
It may have to do with not correctly finding the "libnssckbi.so" share
library, which is from NSS. Here's what tipped me to it, in strace
output:
--8<---------------cut here---------------start------------->8---
13 matches for "ckbi" in buffer: *scratch*
169:[pid 2594] openat(AT_FDCWD, "/home/maxim/.thunderbird/sjp3hftb.default/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
171:[pid 2594] openat(AT_FDCWD, "/gnu/store/rrid5nx9cbrq0flkhc1rv4b5hk4w70ib-nspr-4.34/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
172:[pid 2594] openat(AT_FDCWD, "/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
173:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
174:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
176:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
178:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
180:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../tls/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
182:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
184:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
186:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../x86_64/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
188:[pid 2594] openat(AT_FDCWD, "/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../../libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
190:[pid 2594] openat(AT_FDCWD, "/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
--8<---------------cut here---------------end--------------->8---
It never resolves libnssckbi.so.
LibreOffice attempts to load this library in
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
'nsscrypto_initialize' procedure.
The library appears to be dynamically loaded via SECMOD_LoadUserModule.
Perhaps we can patch 'OUString rootModule("libnssckbi"
SAL_DLLEXTENSION)' to its full name. Some more output, after building
libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
environment variable:
--8<---------------cut here---------------start------------->8---
info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called with: libnssckbi.so
info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: libnssckbi.so
info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: FAILED to load the new root certificate module Root Certs for OpenOffice.orgcontained in libnssckbi.so
warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can not create SHA256 digest!
warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: Can't write encryption related properties com.sun.star.uno.RuntimeException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow com.sun.star.io.IOException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243 at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
--8<---------------cut here---------------end--------------->8---
So it seems to cause an error, which is apparently ignored.
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#59292: libreoffice password protection doesn't work
2023-02-18 4:27 ` Maxim Cournoyer
@ 2023-02-18 4:32 ` Maxim Cournoyer
2023-02-18 20:00 ` Maxim Cournoyer
0 siblings, 1 reply; 5+ messages in thread
From: Maxim Cournoyer @ 2023-02-18 4:32 UTC (permalink / raw)
To: 59292
Hi again,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
[...]
> It never resolves libnssckbi.so.
>
> LibreOffice attempts to load this library in
> xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
> 'nsscrypto_initialize' procedure.
>
> The library appears to be dynamically loaded via SECMOD_LoadUserModule.
> Perhaps we can patch 'OUString rootModule("libnssckbi"
> SAL_DLLEXTENSION)' to its full name. Some more output, after building
> libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
> environment variable:
>
> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called with: libnssckbi.so
> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: libnssckbi.so
> info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: FAILED to load the new root certificate module Root Certs for OpenOffice.orgcontained in libnssckbi.so
> warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can not create SHA256 digest!
> warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138: Can't write encryption related properties com.sun.star.uno.RuntimeException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
> info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274: Rethrow com.sun.star.io.IOException message: "No expected key is provided! at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243 at /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
>
> So it seems to cause an error, which is apparently ignored.
I confirm this is the problem. A workaround is to augment
LD_LIBRARY_PATH, e.g.:
--8<---------------cut here---------------start------------->8---
"LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH /gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc"
--8<---------------cut here---------------end--------------->8---
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#59292: libreoffice password protection doesn't work
2023-02-18 4:32 ` Maxim Cournoyer
@ 2023-02-18 20:00 ` Maxim Cournoyer
0 siblings, 0 replies; 5+ messages in thread
From: Maxim Cournoyer @ 2023-02-18 20:00 UTC (permalink / raw)
To: 59292-done
Hello,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Hi again,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>
> [...]
>
>> It never resolves libnssckbi.so.
>>
>> LibreOffice attempts to load this library in
>> xmlsecurity/source/xmlsec/nss/nssinitializer.cxx, in the
>> 'nsscrypto_initialize' procedure.
>>
>> The library appears to be dynamically loaded via SECMOD_LoadUserModule.
>> Perhaps we can patch 'OUString rootModule("libnssckbi"
>> SAL_DLLEXTENSION)' to its full name. Some more output, after building
>> libreoffice with "--enable-sal-log" and setting the 'SAL_LOG=+INFO'
>> environment variable:
>>
>> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:857: expandMacros called with: libnssckbi.so
>> info:sal.bootstrap:8927:8927:sal/rtl/bootstrap.cxx:985: expandMacros result: libnssckbi.so
>> info:xmlsecurity.xmlsec:8927:8927:xmlsecurity/source/xmlsec/nss/nssinitializer.cxx:471: FAILED to load the new root certificate module Root Certs for OpenOffice.orgcontained in libnssckbi.so
>> warn:legacy.osl:8927:8927:comphelper/source/misc/storagehelper.cxx:406: Can not create SHA256 digest!
>> warn:package.xstor:8927:8927:package/source/xstor/owriteablestream.cxx:1138:
>> Can't write encryption related properties
>> com.sun.star.uno.RuntimeException message: "No expected key is
>> provided! at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243"
>> info:package.xstor:8927:8927:package/source/xstor/xstorage.cxx:2274:
>> Rethrow com.sun.star.io.IOException message: "No expected key is
>> provided! at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/zippackage/ZipPackageStream.cxx:243
>> at
>> /tmp/guix-build-libreoffice-7.5.0.3.drv-0/libreoffice-7.5.0.3/package/source/xstor/owriteablestream.cxx:1140"
>>
>> So it seems to cause an error, which is apparently ignored.
>
> I confirm this is the problem. A workaround is to augment
> LD_LIBRARY_PATH, e.g.:
>
> "LD_LIBRARY_PATH=/gnu/store/...-nss-3.81/lib/nss:$LD_LIBRARY_PATH /gnu/store/...-libreoffice-7.5.0.3/bin/libreoffice --calc"
I've reported the problem upstream [0], and push a fix for our package
with 9f21ca83a89a5e6c808b58fab0dc54b7785c26b7 ("gnu: libreoffice: Fix
password encryption issue.").
Closing!
[0] https://bugs.documentfoundation.org/show_bug.cgi?id=153714
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-02-18 20:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-16 1:08 bug#59292: libreoffice password protection doesn't work Maxim Cournoyer
2023-02-17 20:43 ` Maxim Cournoyer
2023-02-18 4:27 ` Maxim Cournoyer
2023-02-18 4:32 ` Maxim Cournoyer
2023-02-18 20:00 ` Maxim Cournoyer
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).