download.lst | 18 ++-- external/curl/ExternalProject_curl.mk | 2 external/curl/curl-7.26.0_win-proxy.patch | 8 - external/curl/curl-nss.patch.1 | 7 + external/libxml2/ExternalPackage_xml2.mk | 2 external/libxml2/UnpackedTarball_xml2.mk | 5 - external/libxml2/libxml2-android.patch | 6 - external/libxml2/libxml2-config.patch.1 | 43 --------- external/libxml2/xml2-config.in | 28 ++++++ external/poppler/UnpackedTarball_poppler.mk | 2 external/poppler/disable-freetype.patch.1 | 41 +++++++++ external/poppler/gcc7-EntityInfo.patch.1 | 48 +++++++++++ external/poppler/poppler-c++11.patch.1 | 13 ++ external/poppler/poppler-config.patch.1 | 27 ++---- external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch | 29 ++++++ external/zlib/UnpackedTarball_zlib.mk | 7 + external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch | 32 +++++++ sc/source/core/tool/interpr7.cxx | 3 sdext/Executable_xpdfimport.mk | 4 unoxml/source/xpath/xpathobject.cxx | 2 20 files changed, 248 insertions(+), 79 deletions(-)
New commits: commit 98d3d103fb99ee4433e84aa2fd1f0fa13016cf02 Author: Jan-Marek Glogowski <glo...@fbihome.de> AuthorDate: Sun May 30 13:23:16 2021 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:50 2022 +0100 libxml2: use xml2-config dummy for internal build When building a static LO with --disable-dynloading on Linux, --without-system-libs failed for me. And it left me really puzzled: raptor configure failed and claimed it couldn't link libxml2. raptor's config.log showed missing math functions. xml2-config of LO's build is patched and it includes a -lm. The xml2-config in my chroot doesn't. But we explicitly pass the xml2-config for non-system-libxml2 build. Reading the configure from raptor didn't reveal a way, that it could somehow pick up the xml2-config from the chroot, but that code is autoconf-complex... When running "sh -x configure", it turned out the configure script actually picks up the LIBXML_* flags from the environment, which are set by LO's config_host.mk. These just add -lm for Android. So this adds a xml2-config.in "dummy", which overwrites the one from the libxml2 source and just echos LO's LIBXML_* values and it adds -lm for all DISABLE_DYNLOADING targets. Change-Id: Ia713cf80c8e7dc989cf23c224e7a0f7ea1210a87 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116409 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de> (cherry picked from commit 8b9f8f0f9d38cc64f742fe5358fce88d0f82391a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139965 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 5c044ae7a3246bddbd0513bd5ed3efef10cb1503) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142035 Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Conflicts: external/libxml2/UnpackedTarball_xml2.mk external/libxml2/libxml2-config.patch.1 diff --git a/external/libxml2/UnpackedTarball_xml2.mk b/external/libxml2/UnpackedTarball_xml2.mk index 5cff2aed0a87..52523c5c8bd3 100644 --- a/external/libxml2/UnpackedTarball_xml2.mk +++ b/external/libxml2/UnpackedTarball_xml2.mk @@ -11,12 +11,15 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,xml2)) $(eval $(call gb_UnpackedTarball_set_tarball,xml2,$(LIBXML_TARBALL),,libxml2)) +$(eval $(call gb_UnpackedTarball_update_autoconf_configs,xml2)) + $(eval $(call gb_UnpackedTarball_add_patches,xml2,\ - external/libxml2/libxml2-config.patch.1 \ external/libxml2/libxml2-global-symbols.patch \ external/libxml2/libxml2-vc10.patch \ $(if $(filter ANDROID,$(OS)),external/libxml2/libxml2-android.patch) \ external/libxml2/libxml2-icu.patch.0 \ )) +$(eval $(call gb_UnpackedTarball_add_file,xml2,xml2-config.in,external/libxml2/xml2-config.in)) + # vim: set noet sw=4 ts=4: diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1 deleted file mode 100644 index 28ac8f2809a7..000000000000 --- a/external/libxml2/libxml2-config.patch.1 +++ /dev/null @@ -1,43 +0,0 @@ -Hack the xml2-config to return paths into WORKDIR. - ---- a/xml2-config.in 2009-12-17 11:45:20.000000000 +0000 -+++ b/xml2-config.in 2009-12-17 11:45:36.000000000 +0000 -@@ -1,9 +1,14 @@ - #! /bin/sh - --prefix=@prefix@ --exec_prefix=@exec_prefix@ --includedir=@includedir@ --libdir=@libdir@ -+#prefix=@prefix@ -+#exec_prefix=@exec_prefix@ -+#includedir=@includedir@ -+#libdir=@libdir@ -+ -+prefix=${WORKDIR}/UnpackedTarball/xml2 -+exec_prefix=${WORKDIR}/UnpackedTarball/xml2 -+includedir=${WORKDIR}/UnpackedTarball/xml2/include -+libdir=${WORKDIR}/UnpackedTarball/xml2/.libs - cflags= - libs= - -@@ -67,7 +72,8 @@ - ;; - - --cflags) -- cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@" -+ #cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@" -+ cflags="-I${includedir}" - ;; - - --libtool-libs) -@@ -91,7 +96,8 @@ - libs="@XML_LIBDIR@ $libs" - fi - -- libs="$libs @WIN32_EXTRA_LIBADD@" -+ #libs="$libs @WIN32_EXTRA_LIBADD@" -+ libs="-L${libdir} -lxml2 -lm" - ;; - - *) diff --git a/external/libxml2/xml2-config.in b/external/libxml2/xml2-config.in new file mode 100644 index 000000000000..164508e47e67 --- /dev/null +++ b/external/libxml2/xml2-config.in @@ -0,0 +1,28 @@ +#! /bin/sh + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case "$1" in + --version) + echo @VERSION@ + exit 0 + ;; + --cflags) + cflags="$LIBXML_CFLAGS" + ;; + --libs) + libs="$LIBXML_LIBS" + ;; + esac + shift +done + +if test -n "$cflags$libs"; then + echo $cflags $libs +fi + +exit 0 commit 7921ed237ff682cf92f7fae44fdd1a296b44a9ab Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Oct 26 11:07:49 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:50 2022 +0100 curl: upgrade to release 7.86.0 Fixes CVE-2022-32221 which could affect libcmis, CVE-2022-42915, and 2 more CVEs that probably don't affect LO. * remove --without-ssl: On the one hand, on GNU/Linux this now results in: configure: error: --without-ssl has been set together with an explicit option to use an ssl library On the other hand, using the more obvious --without-openssl yields a link failure on Android on the nss check in configure: configure:28220: checking for SSL_VersionRangeSet in -lnss /home/cl/Android/Sdk/ndk/20.1.5948944/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9.x/../../../../aarch64-linux-android/bin/ld: warning: liblog.so, needed by /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so, not found (try using -rpath or -rpath-link) /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_write' /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_assert' ... so add the -llog for android in curl-nss.patch.1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141866 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit a76a88203d8508f38b10d9bbb94c3bba2485fcaf) Change-Id: I3931a1eec2d681c2ce0e5695039492772e9fcc81 Conflicts: download.lst external/curl/curl-nss.patch.1 diff --git a/download.lst b/download.lst index 5c6ce617217b..d5e3f2f17cb9 100644 --- a/download.lst +++ b/download.lst @@ -30,8 +30,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := 2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 -export CURL_TARBALL := curl-7.83.1.tar.xz +export CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b +export CURL_TARBALL := curl-7.86.0.tar.xz export EBOOK_SHA256SUM := b710a57c633205b933015474d0ac0862253d1c52114d535dd09b20939a0d1850 export EBOOK_TARBALL := libe-book-0.1.2.tar.bz2 export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64 diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 34e63e3006cb..f72c7abbb487 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -43,7 +43,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): $(if $(filter IOS MACOSX,$(OS)),\ --with-secure-transport,\ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated,--without-nss)) \ - --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ + --without-openssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index c5498c3fdebb..f58736f2b46f 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -12,18 +12,18 @@ --- curl-7.26.0/lib/url.c +++ misc/build/curl-7.26.0/lib/url.c @@ -78,6 +78,10 @@ - bool curl_win32_idn_to_ascii(const char *in, char **out); + bool Curl_win32_idn_to_ascii(const char *in, char **out); #endif /* USE_LIBIDN2 */ +#ifdef _WIN32 +#include <WinHttp.h> +#endif + + #include "doh.h" #include "urldata.h" #include "netrc.h" - @@ -4586,6 +4590,21 @@ - } + #ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_HTTP +#ifdef _WIN32 @@ -72,7 +72,7 @@ + } + } + -+ if(!check_noproxy(conn->host.name, no_proxy)) { ++ if(!Curl_check_noproxy(conn->host.name, no_proxy)) { + /* Look for the http proxy setting */ + char *tok; + char *saveptr; diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index d4dad7eba77e..5ef25748d7eb 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,12 +1,17 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -28216,7 +28216,7 @@ +@@ -27985,7 +27985,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" ++ case $host_os in ++ *android*) ++ addlib="${addlib} -llog" ++ ;; ++ esac addcflags="-I$OPT_NSS/include" version="unknown" nssprefix=$OPT_NSS commit fb40547abae0be062151abd42ee7425cfe978d4c Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Mon Oct 17 11:33:50 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:50 2022 +0100 libxml2: upgrade to release 2.10.3 Fixes CVE-2022-40304 and CVE-2022-40303. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141448 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 39b5701976ff3d489c3212d6e2a116d6244c8ad1) Change-Id: I5be3fd20ccf57596808a26b742aca325ac16f29b Conflicts: download.lst diff --git a/download.lst b/download.lst index b0db06789367..5c6ce617217b 100644 --- a/download.lst +++ b/download.lst @@ -139,8 +139,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304 export LIBTOMMATH_TARBALL := ltm-1.0.zip export LIBXMLSEC_SHA256SUM := 99a8643f118bb1261a72162f83e2deba0f4f690893b4b90e1be4f708e8d481cc export LIBXMLSEC_TARBALL := xmlsec1-1.2.24.tar.gz -export LIBXML_SHA256SUM := d240abe6da9c65cb1900dd9bf3a3501ccf88b3c2a1cb98317d03f272dda5b265 -export LIBXML_VERSION_MICRO := 2 +export LIBXML_SHA256SUM := 5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c +export LIBXML_VERSION_MICRO := 3 export LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz export LIBXSLT_SHA256SUM := 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 export LIBXSLT_VERSION_MICRO := 35 commit 3b0d0075eda45a651acc16babe7ec2d25a409821 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Wed Sep 21 16:43:27 2022 +0900 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:50 2022 +0100 update expat to 2.4.9 Fixes CVE-2022-40674 (https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140173 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 1bff2caff1bbb39fe431c455aeab1f0234200d8d) Change-Id: I459cf5f5de31e7cf5420d3df6b11893d5c4ca4dd Conflicts: download.lst diff --git a/download.lst b/download.lst index a2020c27bd24..b0db06789367 100644 --- a/download.lst +++ b/download.lst @@ -41,8 +41,8 @@ export EPM_TARBALL := 3ade8cfe7e59ca8e65052644fed9fca4-epm-3.7.tar.gz export ETONYEK_SHA256SUM := 032f53e8d7691e48a73ddbe74fa84c906ff6ff32a33e6ee2a935b6fdb6aecb78 export ETONYEK_VERSION_MICRO := 6 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.bz2 -export EXPAT_SHA256SUM := de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b -export EXPAT_TARBALL := expat-2.4.6.tar.xz +export EXPAT_SHA256SUM := 6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354 +export EXPAT_TARBALL := expat-2.4.9.tar.xz export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := b449a3e10c47e1d1c7a6ec6e2016cca73d3bd68fbbd4f0ae5cc6b573f7d6c7f3 commit 1f41d695e09858df5cf3e89fbf1da4b02cecd783 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Sep 14 15:54:49 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:49 2022 +0100 poppler: upgrade to release 22.09.0 Fixes CVE-2022-38784 Add external/poppler/disable-freetype.patch.1 to get rid of some new code that unconditionally requires freetype, to avoid building that on WNT/MACOSX. Change-Id: I854d1865286b6fb4112cdf37898cda0203c52f2e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139941 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 8fce9a0a41b1bbebd325fc9d98a79d8decd3950c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139967 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk> (cherry picked from commit bdbb450ed0ded86fb50d6b19a2cce0f11ca74b07) Conflicts: download.lst external/poppler/poppler-config.patch.1 diff --git a/download.lst b/download.lst index 54c7a693b7e2..a2020c27bd24 100644 --- a/download.lst +++ b/download.lst @@ -191,8 +191,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3 export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz export PNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca export PNG_TARBALL := libpng-1.6.37.tar.xz -export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3 -export POPPLER_TARBALL := poppler-21.01.0.tar.xz +export POPPLER_SHA256SUM := d7a8f748211359cadb774ba3e18ecda6464b34027045c0648eb30d5852a41e2e +export POPPLER_TARBALL := poppler-22.09.0.tar.xz export POSTGRESQL_SHA256SUM := 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2 export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk index 0f29d38e097c..c08daa992060 100644 --- a/external/poppler/UnpackedTarball_poppler.mk +++ b/external/poppler/UnpackedTarball_poppler.mk @@ -16,6 +16,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,poppler,\ external/poppler/poppler-c++11.patch.1 \ external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 \ external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1 \ + external/poppler/disable-freetype.patch.1 \ + external/poppler/gcc7-EntityInfo.patch.1 \ )) # std::make_unique is only available in C++14 diff --git a/external/poppler/disable-freetype.patch.1 b/external/poppler/disable-freetype.patch.1 new file mode 100644 index 000000000000..d59006eba979 --- /dev/null +++ b/external/poppler/disable-freetype.patch.1 @@ -0,0 +1,41 @@ +disable freetype dependent code + +--- poppler/poppler/Form.cc.orig 2022-09-14 15:46:48.588316681 +0200 ++++ poppler/poppler/Form.cc 2022-09-14 15:48:01.468274551 +0200 +@@ -46,7 +46,7 @@ + #include <cstdlib> + #include <cstring> + #include <cctype> +-#include "goo/ft_utils.h" ++//#include "goo/ft_utils.h" + #include "goo/gmem.h" + #include "goo/gfile.h" + #include "goo/GooString.h" +@@ -77,8 +77,8 @@ + #include "fofi/FoFiTrueType.h" + #include "fofi/FoFiIdentifier.h" + +-#include <ft2build.h> +-#include FT_FREETYPE_H ++//#include <ft2build.h> ++//#include FT_FREETYPE_H + + // return a newly allocated char* containing an UTF16BE string of size length + char *pdfDocEncodingToUTF16(const std::string &orig, int *length) +@@ -2730,6 +2730,8 @@ + + Form::AddFontResult Form::addFontToDefaultResources(const std::string &filepath, int faceIndex, const std::string &fontFamily, const std::string &fontStyle) + { ++ return {}; ++#if 0 + if (!GooString::endsWith(filepath, ".ttf") && !GooString::endsWith(filepath, ".ttc") && !GooString::endsWith(filepath, ".otf")) { + error(errIO, -1, "We only support embedding ttf/ttc/otf fonts for now. The font file for {0:s} {1:s} was {2:s}", fontFamily.c_str(), fontStyle.c_str(), filepath.c_str()); + return {}; +@@ -2939,6 +2941,7 @@ + } + + return { dictFontName, fontDictRef }; ++#endif + } + + std::string Form::getFallbackFontForChar(Unicode uChar, const GfxFont &fontToEmulate) const diff --git a/external/poppler/gcc7-EntityInfo.patch.1 b/external/poppler/gcc7-EntityInfo.patch.1 new file mode 100644 index 000000000000..b450bff93af9 --- /dev/null +++ b/external/poppler/gcc7-EntityInfo.patch.1 @@ -0,0 +1,48 @@ +gcc 7.3.1 says: + +workdir/UnpackedTarball/poppler/poppler/CertificateInfo.cc:42:34: error: function ‘X509CertificateInfo::EntityInfo& X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo&&)’ defaulted on its redeclaration with an exception-specification that differs from the implicit exception-specification ‘’ + +--- poppler/poppler/CertificateInfo.h.orig 2022-09-14 19:32:12.426351385 +0200 ++++ poppler/poppler/CertificateInfo.h 2022-09-14 19:32:18.947347812 +0200 +@@ -70,7 +70,7 @@ + ~EntityInfo(); + + EntityInfo(EntityInfo &&) noexcept; +- EntityInfo &operator=(EntityInfo &&) noexcept; ++ EntityInfo &operator=(EntityInfo &&) /*noexcept*/; + + EntityInfo(const EntityInfo &) = delete; + EntityInfo &operator=(const EntityInfo &) = delete; +--- poppler/poppler/CertificateInfo.cc.orig 2022-09-14 19:31:10.225385467 +0200 ++++ poppler/poppler/CertificateInfo.cc 2022-09-14 19:31:12.572384182 +0200 +@@ -39,7 +39,7 @@ + + X509CertificateInfo::EntityInfo::EntityInfo(X509CertificateInfo::EntityInfo &&other) noexcept = default; + +-X509CertificateInfo::EntityInfo &X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo &&other) noexcept = default; ++X509CertificateInfo::EntityInfo &X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo &&other) /*noexcept*/ = default; + + X509CertificateInfo::X509CertificateInfo() : ku_extensions(KU_NONE), cert_version(-1), is_self_signed(false) { } + +--- poppler/poppler/GfxFont.cc.orig 2022-09-14 20:24:32.569607333 +0200 ++++ poppler/poppler/GfxFont.cc 2022-09-14 20:24:52.323596186 +0200 +@@ -180,7 +180,7 @@ + + GfxFontLoc::GfxFontLoc(GfxFontLoc &&other) noexcept = default; + +-GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) noexcept = default; ++GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) /*noexcept*/ = default; + + void GfxFontLoc::setPath(GooString *pathA) + { +--- poppler/poppler/GfxFont.h.orig 2022-09-14 20:24:30.784608340 +0200 ++++ poppler/poppler/GfxFont.h 2022-09-14 20:25:08.850586861 +0200 +@@ -124,7 +124,7 @@ + GfxFontLoc(const GfxFontLoc &) = delete; + GfxFontLoc(GfxFontLoc &&) noexcept; + GfxFontLoc &operator=(const GfxFontLoc &) = delete; +- GfxFontLoc &operator=(GfxFontLoc &&other) noexcept; ++ GfxFontLoc &operator=(GfxFontLoc &&other) /*noexcept*/; + + // Set the 'path' string from a GooString on the heap. + // Ownership of the object is taken. diff --git a/external/poppler/poppler-c++11.patch.1 b/external/poppler/poppler-c++11.patch.1 index 9e607b381de0..05b47bc91299 100644 --- a/external/poppler/poppler-c++11.patch.1 +++ b/external/poppler/poppler-c++11.patch.1 @@ -18,7 +18,7 @@ remove usage of newfangled C++ that baseline toolchains don't support - const std::string modeStr = mode + "e"s; + const std::string modeStr = mode + std::string("e"); FILE *file = fopen(path, modeStr.c_str()); - if (file != nullptr) + if (file != nullptr) { return file; --- poppler/goo/gmem.h.orig 2019-01-16 11:25:28.161920038 +0100 +++ poppler/goo/gmem.h 2019-01-16 11:25:53.756882295 +0100 @@ -29,3 +29,14 @@ remove usage of newfangled C++ that baseline toolchains don't support +#include <o3tl/make_unique.hxx> + #endif // GMEM_H +--- poppler/goo/gfile.cc.orig2 2022-09-15 12:33:24.163562177 +0200 ++++ poppler/goo/gfile.cc 2022-09-15 12:33:49.501547336 +0200 +@@ -50,6 +50,8 @@ + #include "gfile.h" + #include "gdir.h" + ++#include <o3tl/make_unique.hxx> ++ + // Some systems don't define this, so just make it something reasonably + // large. + #ifndef PATH_MAX diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1 index b902402ea4e7..93098cee1a06 100644 --- a/external/poppler/poppler-config.patch.1 +++ b/external/poppler/poppler-config.patch.1 @@ -16,7 +16,7 @@ new file mode 100644 index 0fbd336a..451213f8 100644 --- /dev/null +++ b/config.h -@@ -0,0 +1,221 @@ +@@ -0,0 +1,220 @@ +/* config.h. Generated from config.h.cmake by cmake. */ + +/* Build against libcurl. */ @@ -105,9 +105,6 @@ index 0fbd336a..451213f8 100644 +#define HAVE_TIMEGM 1 +#endif + -+/* Define if you have the iconv() function and it works. */ -+/* #undef HAVE_ICONV */ -+ +/* Define to 1 if you have the `z' library (-lz). */ +/* #undef HAVE_LIBZ */ + @@ -176,7 +173,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_NAME "poppler" + +/* Define to the full name and version of this package. */ -+#define PACKAGE_STRING "poppler 21.01.0" ++#define PACKAGE_STRING "poppler 22.09.0" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "poppler" @@ -185,7 +182,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_URL "" + +/* Define to the version of this package. */ -+#define PACKAGE_VERSION "21.01.0" ++#define PACKAGE_VERSION "22.09.0" + +/* Poppler data dir */ +#define POPPLER_DATADIR "/usr/local/share/poppler" @@ -203,7 +200,7 @@ index 0fbd336a..451213f8 100644 +/* #undef USE_FLOAT */ + +/* Version number of package */ -+#define VERSION "21.01.0" ++#define VERSION "22.09.0" + +#if defined(__APPLE__) +#elif defined (_WIN32) @@ -228,6 +225,8 @@ index 0fbd336a..451213f8 100644 +#if defined(_MSC_VER) || defined(__BORLANDC__) +#define popen _popen +#define pclose _pclose ++#define strncasecmp _strnicmp ++#define strcasecmp _stricmp +#endif + +/* Number of bits in a file offset, on hosts where this is settable. */ @@ -248,7 +247,7 @@ index 0fbd336a..451213f8 100644 +// +// poppler-config.h +// -+// Copyright 1996-2011 Glyph & Cog, LLC ++// Copyright 1996-2011, 2022 Glyph & Cog, LLC +// +//======================================================================== + @@ -282,7 +281,7 @@ index 0fbd336a..451213f8 100644 + +/* Defines the poppler version. */ +#ifndef POPPLER_VERSION -+#define POPPLER_VERSION "21.01.0" ++#define POPPLER_VERSION "22.09.0" +#endif + +/* Use single precision arithmetic in the Splash backend */ @@ -379,8 +378,8 @@ index 0fbd336a..451213f8 100644 +//------------------------------------------------------------------------ + +// copyright notice -+#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org" -+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC" ++#define popplerCopyright "Copyright 2005-2022 The Poppler Developers - http://poppler.freedesktop.org" ++#define xpdfCopyright "Copyright 1996-2011, 2022 Glyph & Cog, LLC" + +//------------------------------------------------------------------------ +// Win32 stuff @@ -439,9 +438,9 @@ index 0fbd336a..451213f8 100644 + +#include "poppler-global.h" + -+#define POPPLER_VERSION "21.01.0" -+#define POPPLER_VERSION_MAJOR 21 -+#define POPPLER_VERSION_MINOR 1 ++#define POPPLER_VERSION "22.09.0" ++#define POPPLER_VERSION_MAJOR 22 ++#define POPPLER_VERSION_MINOR 9 +#define POPPLER_VERSION_MICRO 0 + +namespace poppler diff --git a/sdext/Executable_xpdfimport.mk b/sdext/Executable_xpdfimport.mk index dde84963a1fb..fd07f7b43956 100644 --- a/sdext/Executable_xpdfimport.mk +++ b/sdext/Executable_xpdfimport.mk @@ -22,4 +22,8 @@ $(eval $(call gb_Executable_add_exception_objects,xpdfimport,\ sdext/source/pdfimport/xpdfwrapper/wrapper_gpl \ )) +$(eval $(call gb_Executable_use_system_win32_libs,xpdfimport,\ + shell32 \ +)) + # vim:set noet sw=4 ts=4: commit 1b7644f13397d4f13331a47b9f56c0b1aa2ce805 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Sep 14 11:10:57 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:49 2022 +0100 zlib: add patch for CVE-2022-37434 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139913 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 521e920dda79f44a0ad637b6062f3dcb574f884b) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139849 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit 832e2a266005d8ef5f9bcc7f51b545d5dc4ce165) Change-Id: If09c419ba00fc9be021249e4d4da27d1650b9080 diff --git a/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch b/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch new file mode 100644 index 000000000000..c5c95a92b28a --- /dev/null +++ b/external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch @@ -0,0 +1,29 @@ +From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 +From: Mark Adler <f...@madler.net> +Date: Mon, 8 Aug 2022 10:50:09 -0700 +Subject: [PATCH] Fix extra field processing bug that dereferences NULL + state->head. + +The recent commit to fix a gzip header extra field processing bug +introduced the new bug fixed here. +--- + inflate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index 7a7289749..2a3c4fe98 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -763,10 +763,10 @@ int flush; + copy = state->length; + if (copy > have) copy = have; + if (copy) { +- len = state->head->extra_len - state->length; + if (state->head != Z_NULL && + state->head->extra != Z_NULL && +- len < state->head->extra_max) { ++ (len = state->head->extra_len - state->length) < ++ state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); diff --git a/external/zlib/UnpackedTarball_zlib.mk b/external/zlib/UnpackedTarball_zlib.mk index fa476b918b7c..10ee74b9568a 100644 --- a/external/zlib/UnpackedTarball_zlib.mk +++ b/external/zlib/UnpackedTarball_zlib.mk @@ -16,4 +16,11 @@ $(eval $(call gb_UnpackedTarball_set_post_action,zlib,\ cp $(addsuffix .c,adler32 compress crc32 deflate inffast inflate inftrees trees zutil) x64 \ )) +$(eval $(call gb_UnpackedTarball_set_patchlevel,zlib,1)) + +$(eval $(call gb_UnpackedTarball_add_patches,zlib,\ + external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch \ + external/zlib/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch \ +)) + # vim: set noet sw=4 ts=4: diff --git a/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch b/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch new file mode 100644 index 000000000000..dc84d3a1d385 --- /dev/null +++ b/external/zlib/eff308af425b67093bab25f80f1ae950166bece1.patch @@ -0,0 +1,32 @@ +From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 +From: Mark Adler <f...@madler.net> +Date: Sat, 30 Jul 2022 15:51:11 -0700 +Subject: [PATCH] Fix a bug when getting a gzip header extra field with + inflate(). + +If the extra field was larger than the space the user provided with +inflateGetHeader(), and if multiple calls of inflate() delivered +the extra header data, then there could be a buffer overflow of the +provided space. This commit assures that provided space is not +exceeded. +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index 7be8c6366..7a7289749 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -763,9 +763,10 @@ int flush; + copy = state->length; + if (copy > have) copy = have; + if (copy) { ++ len = state->head->extra_len - state->length; + if (state->head != Z_NULL && +- state->head->extra != Z_NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != Z_NULL && ++ len < state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); commit 2de47098d6f1ca507d0cf9b33293a8ea282168f3 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Sep 14 10:27:02 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Fri Nov 4 03:05:49 2022 +0100 libxml2: upgrade to release 2.10.2 Fixes CVE-2022-2309 Change-Id: I180218be275d3b6d38f8f74aa51c57e50d2734ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139911 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit d621a8839cebf96fe3ac374026f344f8e68bf011) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139954 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Conflicts: download.lst external/libxml2/ExternalPackage_libxml2.mk test/source/xmltesttools.cxx diff --git a/download.lst b/download.lst index c68e5b6fdc70..54c7a693b7e2 100644 --- a/download.lst +++ b/download.lst @@ -139,9 +139,9 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304 export LIBTOMMATH_TARBALL := ltm-1.0.zip export LIBXMLSEC_SHA256SUM := 99a8643f118bb1261a72162f83e2deba0f4f690893b4b90e1be4f708e8d481cc export LIBXMLSEC_TARBALL := xmlsec1-1.2.24.tar.gz -export LIBXML_SHA256SUM := 60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee -export LIBXML_VERSION_MICRO := 14 -export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.xz +export LIBXML_SHA256SUM := d240abe6da9c65cb1900dd9bf3a3501ccf88b3c2a1cb98317d03f272dda5b265 +export LIBXML_VERSION_MICRO := 2 +export LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz export LIBXSLT_SHA256SUM := 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 export LIBXSLT_VERSION_MICRO := 35 export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz diff --git a/external/libxml2/ExternalPackage_xml2.mk b/external/libxml2/ExternalPackage_xml2.mk index 5830f36a776f..3bb5a928d304 100644 --- a/external/libxml2/ExternalPackage_xml2.mk +++ b/external/libxml2/ExternalPackage_xml2.mk @@ -21,7 +21,7 @@ else # COM=MSC $(eval $(call gb_ExternalPackage_add_file,xml2,$(LIBO_URE_LIB_FOLDER)/libxml2.dll,win32/bin.msvc/libxml2.dll)) endif else # OS!=WNT -$(eval $(call gb_ExternalPackage_add_file,xml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.9.$(LIBXML_VERSION_MICRO))) +$(eval $(call gb_ExternalPackage_add_file,xml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.10.$(LIBXML_VERSION_MICRO))) endif endif # DISABLE_DYNLOADING diff --git a/external/libxml2/libxml2-android.patch b/external/libxml2/libxml2-android.patch index 42af83274026..acf9b17e02db 100644 --- a/external/libxml2/libxml2-android.patch +++ b/external/libxml2/libxml2-android.patch @@ -2,9 +2,9 @@ +++ misc/build/libxml2-2.7.6/Makefile.in @@ -1635,7 +1635,7 @@ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) - check: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) check-recursive --all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \ + $(MAKE) $(AM_MAKEFLAGS) check-local + check: check-recursive +-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \ +all-am: Makefile $(LTLIBRARIES) \ config.h install-binPROGRAMS: install-libLTLIBRARIES diff --git a/sc/source/core/tool/interpr7.cxx b/sc/source/core/tool/interpr7.cxx index 710bfa9483a0..5a811d881373 100644 --- a/sc/source/core/tool/interpr7.cxx +++ b/sc/source/core/tool/interpr7.cxx @@ -220,6 +220,7 @@ void ScInterpreter::ScFilterXML() case XPATH_STRING: PushString(OUString::createFromAscii(reinterpret_cast<char*>(pXPathObj->stringval))); break; +#if LIBXML_VERSION < 21000 || defined(LIBXML_XPTR_LOCS_ENABLED) case XPATH_POINT: PushNoValue(); break; @@ -229,13 +230,13 @@ void ScInterpreter::ScFilterXML() case XPATH_LOCATIONSET: PushNoValue(); break; +#endif case XPATH_USERS: PushNoValue(); break; case XPATH_XSLT_TREE: PushNoValue(); break; - } } } diff --git a/unoxml/source/xpath/xpathobject.cxx b/unoxml/source/xpath/xpathobject.cxx index 000b3e55c35c..68d6c67ce0ca 100644 --- a/unoxml/source/xpath/xpathobject.cxx +++ b/unoxml/source/xpath/xpathobject.cxx @@ -44,12 +44,14 @@ namespace XPath return XPathObjectType_XPATH_NUMBER; case XPATH_STRING: return XPathObjectType_XPATH_STRING; +#if LIBXML_VERSION < 21000 || defined(LIBXML_XPTR_LOCS_ENABLED) case XPATH_POINT: return XPathObjectType_XPATH_POINT; case XPATH_RANGE: return XPathObjectType_XPATH_RANGE; case XPATH_LOCATIONSET: return XPathObjectType_XPATH_LOCATIONSET; +#endif case XPATH_USERS: return XPathObjectType_XPATH_USERS; case XPATH_XSLT_TREE: