incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 119090] New: Default Encryption Fails for Down-Level Implementations
Date Sun, 18 Mar 2012 23:48:09 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=119090

             Bug #: 119090
        Issue Type: DEFECT
           Summary: Default Encryption Fails for Down-Level
                    Implementations
    Classification: Code
           Product: security
           Version: AOO340-dev
          Platform: PC
        OS/Version: All
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: www
        AssignedTo: issues@security.openoffice.org
        ReportedBy: orcmid@apache.org
                CC: ooo-issues@incubator.apache.org


Created attachment 77341
  --> https://issues.apache.org/ooo/attachment.cgi?id=77341
This is a typical failure when an ODF 1.2 document is encrypted by default with
an encryption method not recognized by downlevel products

The default encryption used by AOO3.4-dev r1293550 for ODF 1.2 (extended)
documents fails in all down-level implementations except for the Oracle 3.4-dev
release and LibreOffice releases in the LO 3.5.x line.

The following implementations are unable to open the encryption that is done
when the document is saved as ODF 1.2 (extended), the default installation
Load/Save option:

LO 3.4.3 and LO 3.3.2
OpenOffice.org 3.3.0 (the last stable release)
Lotus Symphony 3.0.1

All fail with a complaint of the type

"Read-Error.  Format error discovered in the file in sub-document styles.xml 
at 1.0(row,col) "

It appears that the down-level implementations fail to recognize that the
document is encrypted and rather than fail at decryption, the document is
processed as unencrypted, which is bound to fail parsing of the sub-documents.

When the Tools | Options | Load/Save option is altered to save documents as ODF
1.0/1.1, all of the tested products were able to open the resulting encryption
without difficulty (given the correct password of course):

AOO-dev 3.4 r1293550
LO 3.5.0rc3
LO 3.4.3
LO 3.3.2
OOo-dev 3.4.0 (from Oracle)
OOo 3.3.0
Lotus Symphony 3.0.1

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message