Created attachment 849129 [details] emerge --info I just updated LO to 7.4.4.2 and webdav no longer works. I thought this was fixed in bug 834438 but the ebuild is still using '--webdav="neon"' which is invalid according to 834438. I was using app-office/libreoffice-7.1.8.1 from bug 834438 but this no longer builds. BillK
Forget the comment about '--webdav="neon"' - I was confused between it and curl.
Right, so we need to do something like: ``` --- a/app-office/libreoffice/libreoffice-7.4.9999.ebuild +++ b/app-office/libreoffice/libreoffice-7.4.9999.ebuild @@ -163,7 +163,6 @@ COMMON_DEPEND="${PYTHON_DEPS} media-libs/openjpeg:= media-libs/tiff:= media-libs/zxing-cpp:= - >=net-libs/neon-0.31.1:= net-misc/curl sci-mathematics/lpsolve sys-libs/zlib @@ -502,7 +501,7 @@ src_configure() { --with-system-ucpp --with-tls=nss --with-vendor="Gentoo Foundation" - --with-webdav="neon" + --with-webdav --with-x --without-fonts --without-myspell-dicts --- a/app-office/libreoffice/libreoffice-9999.ebuild +++ b/app-office/libreoffice/libreoffice-9999.ebuild @@ -163,7 +163,6 @@ COMMON_DEPEND="${PYTHON_DEPS} media-libs/openjpeg:= media-libs/tiff:= media-libs/zxing-cpp:= - >=net-libs/neon-0.31.1:= net-misc/curl sci-mathematics/lpsolve sys-libs/zlib @@ -498,7 +497,7 @@ src_configure() { --with-system-ucpp --with-tls=nss --with-vendor="Gentoo Foundation" - --with-webdav="neon" + --with-webdav --with-x --without-fonts --without-myspell-dicts ``` Is that enough to make it work?
(From a skim of the commit, it looks like it should act the same with an arg or not, but given this has gone wrong before...)
I think comment 24 in bug 834438 now applies - its in the changelog for 7.4.4.2, and the LO bug referenced states that curl is the only working module, not neon. I am currently building with just "--with-webdav" - it will take awhile to build and see if it works. BillK
Unfortunately the build failed to produce a working webdav enabled version - no build or other failures evident. configure shows: "checking for WebDAV support... yes" so that part is working (i.e., using just "--with-webdav") I am using ccache so I will rebuild again without it in the (faint) hope that will work - however it will be well into tomorrow before it will finish. BillK
I am out of ideas: I have removed the current with-webdav and neon lines in the ebuild and set "--with-webdav" configure shows shows wedav is found configure shows curl is available running "libreoffice" or "lowriter" works on normal files and fails on remote with "Could not establish internet connection to dav.infra.localdomain" and no output to the terminal. using strace shows nothing after startup is completed - opening the remote dialog does not generate any strace output. testing curl from the users terminal "curl -k https://user:pass@dav.infra.localdomain/webdav/" gives the expected directory listing. *the dav server has been working for years with older versions of LO - its using the apache webdav module with self-signed certs which neon handled ok with warnings that its untrusted. I cant find an unencrypted public webdav server to test against to eliminate that aspect. BillK
(In reply to Bill Kenworthy from comment #6) > using strace shows nothing after startup is completed - opening the remote > dialog does not generate any strace output. > strace or strace -f (or -ff)?
I added -f and strace shows it loading libucpdav1.so and accessing the dav URL and doing something with certs - but I do not have the knowledge to follow it further. Can I send the trace directly? - I dont want to attach it to the bug as it will be publicly viewable. At this stage I am assuming due to the number of bugs LO has open on webdav, some of which concern self signed certs that its actually broken in the LO code. BillK
(In reply to Bill Kenworthy from comment #8) > I added -f and strace shows it loading libucpdav1.so and accessing the dav > URL and doing something with certs - but I do not have the knowledge to > follow it further. Can I send the trace directly? - I dont want to attach > it to the bug as it will be publicly viewable. Yeah, no problem, just email to sam@gentoo.org (compressed pls, pref. xz). I can't promise I can figure it out as I'm not an upstream LO developer but I can at least hopefully say where I think the issue lies roughly. > > At this stage I am assuming due to the number of bugs LO has open on webdav, > some of which concern self signed certs that its actually broken in the LO > code. > BillK I found https://bugs.documentfoundation.org/show_bug.cgi?id=153039 & wonder if https://github.com/LibreOffice/core/commit/261b1237532f431963358a7b4ac5fd1ad6e5d223 might help. Could you try putting https://github.com/LibreOffice/core/commit/261b1237532f431963358a7b4ac5fd1ad6e5d223.patch in /etc/portage/patches/app-office/libreoffice/webdav.patch and rebuild, see if it works?
(can gpg too if you want for the email)
Progress - I enabled plain http access on the dav server: plain http webdav access on port 80 (same webdav system - same user/password required) works fine but https does not. so its accessing webdav via https thats failing, possibly because its using a self-signed cert. I'll try adding my CA to the cert store tomorrow and see if that helps. My understanding is a LetsEncrypt or other public cert wont work as the system does not have internet access to validate. The working non-SSL access build has the patch'es from comments 2 and 9 applied ... I'll do rebuild without 9 to see if it makes any difference. BillK
Just released 7.4.5 would be an opportunity to integrate a fix. Pending: https://gerrit.libreoffice.org/c/core/+/146067
Okay, so from the emailed strace logs: - It definitely finds libcurl and uses it - It does talk to Bill's webdav server - Looks like it gives up after reading SSL certs, as you said I don't think it's going to be a packaging issue at that level - but something's wrong in LO. Could you open a bug at https://bugs.documentfoundation.org/enter_bug.cgi & cross-link the two (post the link here, and vice-versa)? I would definitely emphasise that this is a regression from neon support, as your LO is now built using curl, rather than a new feature request.
Will do ... I have just recompiled after adding the patch mentioned in comment 12 (with patches in comments 2 & 9) with no change - http webdav works, https does not. BillK
(In reply to Sam James from comment #13) > Okay, so from the emailed strace logs: > - It definitely finds libcurl and uses it > - It does talk to Bill's webdav server > - Looks like it gives up after reading SSL certs, as you said > > I don't think it's going to be a packaging issue at that level - but > something's wrong in LO. > > Could you open a bug at https://bugs.documentfoundation.org/enter_bug.cgi & > cross-link the two (post the link here, and vice-versa)? > > I would definitely emphasise that this is a regression from neon support, as > your LO is now built using curl, rather than a new feature request. Not yet please! Disregard that request! asturm made a good point: we currently disable OpenSSL in the ebuild in favour of NSS. I see two upstream bugs about NSS + webdav: 1. https://bugs.documentfoundation.org/show_bug.cgi?id=116466 2. https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Could you try building with --enable-openssl and --with-tls=openssl please and let me know what happens?
ok, caught me in time! Setting up now, will post results tomorrow. BillK
cheers bill. typical, as soon as I say 'without any doubt, not our fault...'
ok, build done ... but no change with --enable-openssl and --with-tls=openssl HOWEVER doing: 'cat /mnt/mfs/tmp/apache-selfsigned.crt >> /etc/ssl/certs/ca-certificates.crt' allows https webdav to work indicating to me that the LO is broken in how it handles self-signed certs - there is no dialog as in previous versions and no meaningful error message :( I recompiled LO without openssl and using nss but with the previous patches and it still works as long as the cert is added. BillK
(In reply to Andreas Sturmlechner from comment #12) > Pending: https://gerrit.libreoffice.org/c/core/+/146067 Please test with patch from $URL applied, it was already merged to git master.
Patch from comment 19 (only) applied with no errors to version 7.4.4.2 - portage updated 30/01/2023. LO rebuilt and tested 1. normal http webdav works 2. secure https webdav using a self-signed cert fails with "Could not establish internet connection to dav.infra.localdomain" 3. After adding the self-signed cert to the host certificate store https webdav works 4. I am unable to test using a public certificate but I would assume it works 5. dav server is apache2 using mod_dav Problem is in LO's handling of self-signed certs (unclear error message and inability to accept a self-signed cert as previous versions do), otherwise ok. BillK
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef15cec2485f36b19bc3f71602fb2bcfb3ff8360 commit ef15cec2485f36b19bc3f71602fb2bcfb3ff8360 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-01-30 23:07:06 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-02-01 18:22:14 +0000 app-office/libreoffice: add 7.4.5.1 Bug: https://bugs.gentoo.org/891903 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/Manifest | 2 + .../libreoffice-7.4.5.1-fix-webdav-upload.patch | 107 ++++ app-office/libreoffice/libreoffice-7.4.5.1.ebuild | 663 +++++++++++++++++++++ 3 files changed, 772 insertions(+)
Upgraded to 7.4.5.1 - no extra changes/patches needed No difference in the way it handles self-signed certs. Otherwise http webdav, and https webdav works out of the box (if cert is added or is in the host cert store) with apache2 mod_dav ** Should I raise a new bug (at gentoo or LO?) for the self-signed certs or leave it with this one? BillK
(In reply to Sam James from comment #2) > Right, so we need to do something like: > > ``` > --- a/app-office/libreoffice/libreoffice-7.4.9999.ebuild > +++ b/app-office/libreoffice/libreoffice-7.4.9999.ebuild > @@ -163,7 +163,6 @@ COMMON_DEPEND="${PYTHON_DEPS} > media-libs/openjpeg:= > media-libs/tiff:= > media-libs/zxing-cpp:= > - >=net-libs/neon-0.31.1:= > net-misc/curl > sci-mathematics/lpsolve > sys-libs/zlib > @@ -502,7 +501,7 @@ src_configure() { > --with-system-ucpp > --with-tls=nss > --with-vendor="Gentoo Foundation" > - --with-webdav="neon" > + --with-webdav > --with-x > --without-fonts > --without-myspell-dicts > --- a/app-office/libreoffice/libreoffice-9999.ebuild > +++ b/app-office/libreoffice/libreoffice-9999.ebuild > @@ -163,7 +163,6 @@ COMMON_DEPEND="${PYTHON_DEPS} > media-libs/openjpeg:= > media-libs/tiff:= > media-libs/zxing-cpp:= > - >=net-libs/neon-0.31.1:= > net-misc/curl > sci-mathematics/lpsolve > sys-libs/zlib > @@ -498,7 +497,7 @@ src_configure() { > --with-system-ucpp > --with-tls=nss > --with-vendor="Gentoo Foundation" > - --with-webdav="neon" > + --with-webdav > --with-x > --without-fonts > --without-myspell-dicts > ``` > > Is that enough to make it work? (In reply to Sam James from comment #3) > (From a skim of the commit, it looks like it should act the same with an arg > or not, but given this has gone wrong before...) according to https://github.com/LibreOffice/core/commit/2177f48b16b8cd68c0ef4ec817ca391f28324418 --with-webdav works for libreoffice 7.4+ It is enabled in configure.ac as long we don't give --without-webdav --with-webdav="neon" does not make sense any more in 7.4+.
(In reply to jospezial from comment #23) > according to > https://github.com/LibreOffice/core/commit/ > 2177f48b16b8cd68c0ef4ec817ca391f28324418 > --with-webdav works for libreoffice 7.4+ > It is enabled in configure.ac as long we don't give --without-webdav > > --with-webdav="neon" does not make sense any more in 7.4+. Irrespective of that it is correctly detected, and changing the arg will not solve the issue at hand: > checking for WebDAV support... yes What's left to check is curl's flags for lack of ssl or similar..
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d337da8cae2c579cc96068de531d0f7c3613f79 commit 2d337da8cae2c579cc96068de531d0f7c3613f79 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-03-02 19:21:05 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-03-02 19:27:13 +0000 app-office/libreoffice: Drop obsolete dependency and configure flag Upstream commits: 023ebf17898db4bca63129f079fd90b5cf76c1a9 (ucb: remove --with-webdav=neon) df9cbdd22658131b881e6527467c8e2a2dd36c70 (Drop remnants of --with-webdav=neon) 2177f48b16b8cd68c0ef4ec817ca391f28324418 (Simplify --with-webdav) Bug: https://bugs.gentoo.org/891903 Bug: https://bugs.gentoo.org/834438 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/libreoffice-7.4.9999.ebuild | 2 -- app-office/libreoffice/libreoffice-7.5.1.2.ebuild | 2 -- app-office/libreoffice/libreoffice-7.5.9999.ebuild | 2 -- app-office/libreoffice/libreoffice-9999.ebuild | 2 -- 4 files changed, 8 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7e318162aa2d375d081135a2a71a86cb6aa4f2b commit b7e318162aa2d375d081135a2a71a86cb6aa4f2b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-03-03 19:03:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-03-03 19:32:36 +0000 app-office/libreoffice: add 7.4.6.2, no KEYWORDS yet Bug: https://bugs.gentoo.org/891903 Bug: https://bugs.gentoo.org/894400 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/Manifest | 2 + app-office/libreoffice/libreoffice-7.4.6.2.ebuild | 655 ++++++++++++++++++++++ 2 files changed, 657 insertions(+)
Point of note - for me, this does NOT work: (In reply to Bill Kenworthy from comment #22) > Upgraded to 7.4.5.1 - no extra changes/patches needed > > Otherwise http webdav, and https webdav works out of the box (if cert is > added or is in the host cert store) with apache2 mod_dav Tried app-office/libreoffice-7.4.4.2 as-is, 7.4.4.2 ebuild patched with '--with-webdav' instead of '--with-webdav="neon"', 7.4.5.1 as-is. All of this is against an alfresco CMS. With all above mentioned versions, behavior is exactly the same: even plain HTTP fails - completely silently in the UI, the "Open Remote..." dialog just stays blank. LibreOffice never even asks for authentication credentials. More details from 7.4.5.1 With USE="debug" and running as e.g.: SAL_LOG="+INFO.ucb" localc I get SOME diagnostics: info:ucb.ucp.webdav:667900:667900:ucb/source/ucp/webdav-curl/webdavcontent.cxx:437: >>>>> Content::execute: start: command: open, env: present info:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlSession.cxx:617: curl version: 7.87.0 x86_64-pc-linux-gnu features: 402f439d ssl: OpenSSL/1.1.1t libz: 1.2.13 info:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlSession.cxx:1515: OPTIONS: http://my.intranet.host.name:8080/alfresco/webdav/Sites/SOFLIMO/documentLibrary/ warn:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlUri.cxx:122: curl_url_set failed: 27 warn:ucb.ucp.webdav:667900:667900:ucb/source/ucp/webdav-curl/webdavcontent.cxx:4204: OPTIONS - General DAVException (or max DAV_HTTP_REDIRECT reached) for URL <http://my.intranet.host.name:8080/alfresco/webdav/Sites/SOFLIMO/documentLibrary/>, DAV ExceptionCode: 11, HTTP error: 0 info:ucb.ucp.webdav:667900:667900:ucb/source/ucp/webdav-curl/webdavcontent.cxx:3952: m_eResourceType for <http://my.intranet.host.name:8080/alfresco/webdav/Sites/SOFLIMO/documentLibrary/>: 2 info:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlSession.cxx:1829: HEAD: http://my.intranet.host.name:8080/alfresco/webdav/Sites/SOFLIMO/documentLibrary/ warn:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlUri.cxx:122: curl_url_set failed: 27 Trying to use HTTPS causes exactly the same error messages. On a hunch I also tried without the trailing slash, exactly the same. I can successfully access this WebDAV collection using Dolphin or cadaver, as HTTP or HTTPS. The curl_url_set error code above 27 is supposedly resolves to CURLUE_BAD_SCHEME, which doesn't make much sense to me. I'm happy to try things out to track this down.
Just unmasked and built app-office/libreoffice-7.5.1.2. Exactly the same issue still - "Open Remote..." dialog stays completely empty, never asks for auth, log messages as above.
TL;DR: proxy settings in LibreOffice can break WebDAV; turning off proxy use or configuring an exception for the WebDAV host makes things work. The whole story, I dug after this log message: warn:ucb.ucp.webdav.curl:667900:667900:ucb/source/ucp/webdav-curl/CurlUri.cxx:122: curl_url_set failed: 27 and was ... quite surprised to see (only) the hostname of my local proxy server as the URI passed to curl_url_set, rather than the URI of the resource to be accessed. I have / had the proxy configured to 'System' in LibreOffice's settings; which hopefully maps to KDE's proxy settings, which are set to "detect automatically". Which in turn appears to work on some level, since my proxy host name comes up erroneously in the curl_url_set call. The good news is: LO 7.5.2.1 (at least) WebDAV, including HTTPS, works correctly for me when I either disable proxy use in LibreOffice; or (kinda as a workaround) add an exception to the wpad.pac in question that returns DIRECT for the WebDAV server.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae814da1be33ea0e11cc7fdb6fdfae6444c610d2 commit ae814da1be33ea0e11cc7fdb6fdfae6444c610d2 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-11-21 22:04:26 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-11-21 22:19:55 +0000 app-office/libreoffice: curl: mitigate migration to OpenSSL on Linux Bug: https://bugs.gentoo.org/891903 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> ...libreoffice-7.5.8.2-curl-8.3.0-mitigation.patch | 316 +++++++++++++++++++++ .../libreoffice/libreoffice-7.5.8.2-r2.ebuild | 3 + 2 files changed, 319 insertions(+)
Please test 7.5.8.2-r2 once it arrives in your copy of ::gentoo.