core.git: Branch 'distro/cib/libreoffice-6-4' - sfx2/source

Tue, 30 Jul 2024 14:35:19 -0700 

 sfx2/source/doc/docmacromode.cxx |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

New commits:
commit e032a156e6b669d1c5423e21a42db326dc0f483d
Author:     Sarper Akdemir <sarper.akde...@allotropia.de>
AuthorDate: Tue Jun 11 12:39:36 2024 +0200
Commit:     Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Tue Jul 30 22:48:13 2024 +0200

    remove ability to trust not validated macro signatures in high security
    
    Giving the user the option to determine if they should trust an
    invalid signature in HIGH macro security doesn't make sense.
    CommonName of the signature is the most prominent feature presented
    and the CommonName of a certificate can be easily forged for an
    invalid signature, tricking the user into accepting an invalid
    signature.
    
    in the HIGH macro security setting only show the pop-up to
    enable/disable signed macro if the certificate signature can be
    validated.
    
    cherry-picked without UI/String altering bits for 24-2
    
    Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
    Tested-by: Jenkins
    Reviewed-by: Sarper Akdemir <sarper.akde...@allotropia.de>
    (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>

diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 8a617b1785c6..997a8f739395 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -229,14 +229,18 @@ namespace sfx2
             // check whether the document is signed with trusted certificate
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
+                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
                 // the trusted macro check will also retrieve the signature 
state ( small optimization )
                 const SvtSecurityOptions aSecOption;
                 const bool bAllowUIToAddAuthor = nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
                                                  && (nMacroExecutionMode == 
MacroExecMode::ALWAYS_EXECUTE
-                                                     || 
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                                                     || 
!aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+                                                 && (nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                                                     || nSignatureState == 
SignatureState::OK);
+
                 const bool bHasTrustedMacroSignature = 
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
 
-                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
                     if (!bAllowUIToAddAuthor)

Reply via email to