sfx2/source/doc/docmacromode.cxx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 9ecd91535f8a6fcd7fc64f33387b7a8282633ae2
Author: Sarper Akdemir <sarper.akde...@allotropia.de>
AuthorDate: Tue Jun 11 12:39:36 2024 +0200
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed Jul 31 13:32:12 2024 +0200
remove ability to trust not validated macro signatures in high security
Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.
in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.
cherry-picked without UI/String altering bits for 24-2
Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
Tested-by: Jenkins
Reviewed-by: Sarper Akdemir <sarper.akde...@allotropia.de>
(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171311
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index c2f48d85a9d3..c2cdf8e96eb1 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -252,13 +252,17 @@ namespace sfx2
// confirmation when macros are unsigned or untrusted.
FROM_LIST_AND_SIGNED_NO_WARN
// should not ask any confirmations. FROM_LIST_AND_SIGNED_WARN
should only allow
// trusted signed macros at this point; so it may only ask for
confirmation to add
- // certificates to trusted, and shouldn't show UI when trusted
list is read-only.
+ // certificates to trusted, and shouldn't show UI when trusted
list is read-only
+ // or the macro signature can't be validated.
const bool bAllowUI
= nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& eAutoConfirm == eNoAutoConfirm
&& (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
|| !SvtSecurityOptions::IsReadOnly(
-
SvtSecurityOptions::EOption::MacroTrustedAuthors));
+
SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode !=
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState == SignatureState::OK);
+
const bool bHasTrustedMacroSignature =
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ?
rxInteraction : nullptr);
if (bHasTrustedMacroSignature)
