RepositoryExternal.mk | 2 download.lst | 12 external/expat/expat-winapi.patch | 14 external/liborcus/UnpackedTarball_liborcus.mk | 4 external/liborcus/allow-utf-8-in-xml-names.patch | 301 +++++ external/libxml2/libxml2-config.patch.1 | 4 external/libxml2/libxml2-global-symbols.patch | 4 external/openssl/UnpackedTarball_openssl.mk | 2 external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 | 56 external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 | 578 ++++++++++ external/poppler/StaticLibrary_poppler.mk | 22 external/poppler/poppler-config.patch.1 | 72 - instsetoo_native/CustomTarget_install.mk | 2 postprocess/CustomTarget_signing.mk | 2 postprocess/signing/signing.pl | 3 sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx | 4 shell/source/unix/exec/shellexec.cxx | 4 shell/source/win32/SysShExec.cxx | 64 - solenv/bin/modules/installer/windows/msp.pm | 2 19 files changed, 1060 insertions(+), 92 deletions(-)
New commits: commit 392a3409dff21009e9cf5036e86078a8de9cbb1b Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Aug 25 11:32:11 2021 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:56:42 2021 +0200 openssl: add patch for CVE-2021-3712 Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121027 Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk index ad600cce1412..e7fca1116545 100644 --- a/external/openssl/UnpackedTarball_openssl.mk +++ b/external/openssl/UnpackedTarball_openssl.mk @@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\ external/openssl/openssl-3650-masm.patch.1 \ external/openssl/openssl-fixbuild.patch.1 \ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \ + external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 new file mode 100644 index 000000000000..cf809750ecfb --- /dev/null +++ b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 @@ -0,0 +1,56 @@ +From ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <m...@openssl.org> +Date: Tue, 17 Aug 2021 14:41:48 +0100 +Subject: [PATCH] Fix a read buffer overrun in X509_CERT_AUX_print() + +This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed +the same bug but in master/1.1.1 it is in the function X509_aux_print(). +The original commit had the following description: + +Fix a read buffer overrun in X509_aux_print(). + +The ASN1_STRING_get0_data(3) manual explitely cautions the reader +that the data is not necessarily NUL-terminated, and the function +X509_alias_set1(3) does not sanitize the data passed into it in any +way either, so we must assume the return value from X509_alias_get0(3) +is merely a byte array and not necessarily a string in the sense +of the C language. + +I found this bug while writing manual pages for X509_print_ex(3) +and related functions. Theo Buehler <t...@openbsd.org> checked my +patch to fix the same bug in LibreSSL, see + +http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9 + +As an aside, note that the function still produces incomplete and +misleading results when the data contains a NUL byte in the middle +and that error handling is consistently absent throughout, even +though the function provides an "int" return value obviously intended +to be 1 for success and 0 for failure, and even though this function +is called by another function that also wants to return 1 for success +and 0 for failure and even does so in many of its code paths, though +not in others. But let's stay focussed. Many things would be nice +to have in the wide wild world, but a buffer overflow must not be +allowed to remain in our backyard. + +CVE-2021-3712 + +Reviewed-by: Paul Dale <pa...@openssl.org> +--- + crypto/asn1/t_x509a.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c +index d1b897a469fd..b1bc9d0cd28b 100644 +--- a/crypto/asn1/t_x509a.c ++++ b/crypto/asn1/t_x509a.c +@@ -104,7 +104,8 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) + } else + BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); + if (aux->alias) +- BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); ++ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length, ++ aux->alias->data); + if (aux->keyid) { + BIO_printf(out, "%*sKey Id: ", indent, ""); + for (i = 0; i < aux->keyid->length; i++) commit 4d95ebbabceb709cdbddb1adb3862ab9c5e0604e Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Thu Jan 7 10:15:51 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:56:23 2021 +0200 openssl_headers depends on generated opensslconf.h ...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can be seen with failed builds like <https://ci.libreoffice.org//job/lo_tb_master_mac/35209>: [...] > [build PAT] openssl > [build C ] UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c > [build C ] UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c > [build DEP] LNK:Library/libclucene.dylib > [build LNK] Library/libclucene.dylib > In file included from /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21: > /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11: fatal error: 'openssl/opensslconf.h' file not found > # include <openssl/opensslconf.h> > ^~~~~~~~~~~~~~~~~~~~~~~ > 1 error generated. Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108911 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 74b6e9d45a7f97c8723f638a784017be99f3a8c2) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109339 Tested-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index a75ca5097b62..7756ac7d0b7b 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -1551,7 +1551,7 @@ $(call gb_ExternalProject_use_package,$(1),openssl) endef define gb_LinkTarget__use_openssl_headers -$(call gb_LinkTarget_use_external_project,$(1),openssl) +$(call gb_LinkTarget_use_external_project,$(1),openssl,full) $(call gb_LinkTarget_set_include,$(1),\ -I$(call gb_UnpackedTarball_get_dir,openssl)/include \ $$(INCLUDE) \ commit 91eacacfdd85792ae37f06a629ba48710795c86c Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Jan 6 17:39:19 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:56:10 2021 +0200 openssl: add patch to fix CVE-2020-1971 Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108948 Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk index 719b8b0e5842..ad600cce1412 100644 --- a/external/openssl/UnpackedTarball_openssl.mk +++ b/external/openssl/UnpackedTarball_openssl.mk @@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\ external/openssl/opensslosxppc.patch \ external/openssl/openssl-3650-masm.patch.1 \ external/openssl/openssl-fixbuild.patch.1 \ + external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 new file mode 100644 index 000000000000..313f9cd870d7 --- /dev/null +++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 @@ -0,0 +1,578 @@ +diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c +--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100 ++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100 +@@ -1,6 +1,6 @@ + /* crypto/asn1/asn1_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[] + {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, ++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, +@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ + {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, + {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, + {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, ++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, + {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, + {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, + {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), +diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h +--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100 ++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100 +@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_F_ASN1_ITEM_DUP 191 + # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 + # define ASN1_F_ASN1_ITEM_EX_D2I 120 ++# define ASN1_F_ASN1_ITEM_EX_I2D 231 + # define ASN1_F_ASN1_ITEM_I2D_BIO 192 + # define ASN1_F_ASN1_ITEM_I2D_FP 193 + # define ASN1_F_ASN1_ITEM_PACK 198 +@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void); + # define ASN1_R_AUX_ERROR 100 + # define ASN1_R_BAD_CLASS 101 + # define ASN1_R_BAD_OBJECT_HEADER 102 ++# define ASN1_R_BAD_TEMPLATE 230 + # define ASN1_R_BAD_PASSWORD_READ 103 + # define ASN1_R_BAD_TAG 104 + # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c +--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100 ++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100 +@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * + break; + + case ASN1_ITYPE_MSTRING: ++ /* ++ * It never makes sense for multi-strings to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); ++ goto err; ++ } ++ + p = *in; + /* Just read in tag and class */ + ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, +@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE * + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + goto err; + } ++ + /* Check tag matches bit map */ + if (!(ASN1_tag2bit(otag) & it->utype)) { + /* If OPTIONAL, assume this is OK */ +@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * + goto err; + + case ASN1_ITYPE_CHOICE: ++ /* ++ * It never makes sense for CHOICE types to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); ++ goto err; ++ } ++ + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + if (*pval) { +diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c +--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100 ++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100 +@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, + break; + + case ASN1_ITYPE_MSTRING: ++ /* ++ * It never makes sense for multi-strings to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); ++ return -1; ++ } + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); + + case ASN1_ITYPE_CHOICE: ++ /* ++ * It never makes sense for CHOICE types to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); ++ return -1; ++ } + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; + i = asn1_get_choice_selector(pval, it); +diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c +--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100 ++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100 +@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = { + IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) + + ASN1_SEQUENCE(EDIPARTYNAME) = { +- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), +- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) ++ /* DirectoryString is a CHOICE type so use explicit tagging */ ++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), ++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + } ASN1_SEQUENCE_END(EDIPARTYNAME) + + IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) +@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N + (char *)a); + } + ++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) ++{ ++ int res; ++ ++ if (a == NULL || b == NULL) { ++ /* ++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it ++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here ++ */ ++ return -1; ++ } ++ if (a->nameAssigner == NULL && b->nameAssigner != NULL) ++ return -1; ++ if (a->nameAssigner != NULL && b->nameAssigner == NULL) ++ return 1; ++ /* If we get here then both have nameAssigner set, or both unset */ ++ if (a->nameAssigner != NULL) { ++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); ++ if (res != 0) ++ return res; ++ } ++ /* ++ * partyName is required, so these should never be NULL. We treat it in ++ * the same way as the a == NULL || b == NULL case above ++ */ ++ if (a->partyName == NULL || b->partyName == NULL) ++ return -1; ++ ++ return ASN1_STRING_cmp(a->partyName, b->partyName); ++} ++ + /* Returns 0 if they are equal, != 0 otherwise. */ + int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) + { +@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE + return -1; + switch (a->type) { + case GEN_X400: ++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ break; ++ + case GEN_EDIPARTY: +- result = ASN1_TYPE_cmp(a->d.other, b->d.other); ++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); + break; + + case GEN_OTHERNAME: +@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM + { + switch (type) { + case GEN_X400: ++ a->d.x400Address = value; ++ break; ++ + case GEN_EDIPARTY: +- a->d.other = value; ++ a->d.ediPartyName = value; + break; + + case GEN_OTHERNAME: +@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA + *ptype = a->type; + switch (a->type) { + case GEN_X400: ++ return a->d.x400Address; ++ + case GEN_EDIPARTY: +- return a->d.other; ++ return a->d.ediPartyName; + + case GEN_OTHERNAME: + return a->d.otherName; +diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c +--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100 ++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100 +@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch + } + } + ++struct gennamedata { ++ const unsigned char der[22]; ++ size_t derlen; ++} gennames[] = { ++ { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * SEQUENCE {} ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 ++ }, ++ 21 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * [APPLICATION 0] {} ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 ++ }, ++ 21 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * UTF8String { "b" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * BOOLEAN { TRUE } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * BOOLEAN { FALSE } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 ++ }, ++ 22 ++ }, { ++ /* [1 PRIMITIVE] { "a" } */ ++ { ++ 0x81, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [1 PRIMITIVE] { "b" } */ ++ { ++ 0x81, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* [2 PRIMITIVE] { "a" } */ ++ { ++ 0x82, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [2 PRIMITIVE] { "b" } */ ++ { ++ 0x82, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* ++ * [4] { ++ * SEQUENCE { ++ * SET { ++ * SEQUENCE { ++ * # commonName ++ * OBJECT_IDENTIFIER { 2.5.4.3 } ++ * UTF8String { "a" } ++ * } ++ * } ++ * } ++ * } ++ */ ++ { ++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 16 ++ }, { ++ /* ++ * [4] { ++ * SEQUENCE { ++ * SET { ++ * SEQUENCE { ++ * # commonName ++ * OBJECT_IDENTIFIER { 2.5.4.3 } ++ * UTF8String { "b" } ++ * } ++ * } ++ * } ++ * } ++ */ ++ { ++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 16 ++ }, { ++ /* ++ * [5] { ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 7 ++ }, { ++ /* ++ * [5] { ++ * [1] { ++ * UTF8String { "b" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 7 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String {} ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 11 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, ++ 0x61 ++ }, ++ 12 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String { "b" } ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, ++ 0x61 ++ }, ++ 12 ++ }, { ++ /* [6 PRIMITIVE] { "a" } */ ++ { ++ 0x86, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [6 PRIMITIVE] { "b" } */ ++ { ++ 0x86, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* [7 PRIMITIVE] { `11111111` } */ ++ { ++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 ++ }, ++ 6 ++ }, { ++ /* [7 PRIMITIVE] { `22222222`} */ ++ { ++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 ++ }, ++ 6 ++ }, { ++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ ++ { ++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, ++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 ++ }, ++ 18 ++ }, { ++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ ++ { ++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, ++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 ++ }, ++ 18 ++ }, { ++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ ++ { ++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, ++ 0xb7, 0x09, 0x02, 0x01 ++ }, ++ 15 ++ }, { ++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ ++ { ++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, ++ 0xb7, 0x09, 0x02, 0x02 ++ }, ++ 15 ++ } ++}; ++ ++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) ++ ++static int test_GENERAL_NAME_cmp(void) ++{ ++ size_t i, j; ++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) ++ * OSSL_NELEM(gennames)); ++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) ++ * OSSL_NELEM(gennames)); ++ int testresult = 0; ++ ++ if (namesa == NULL || namesb == NULL) ++ goto end; ++ ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ const unsigned char *derp = gennames[i].der; ++ ++ /* ++ * We create two versions of each GENERAL_NAME so that we ensure when ++ * we compare them they are always different pointers. ++ */ ++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); ++ derp = gennames[i].der; ++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); ++ if (namesa[i] == NULL || namesb[i] == NULL) ++ goto end; ++ } ++ ++ /* Every name should be equal to itself and not equal to any others. */ ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ for (j = 0; j < OSSL_NELEM(gennames); j++) { ++ if (i == j) { ++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0) ++ goto end; ++ } else { ++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0) ++ goto end; ++ } ++ } ++ } ++ testresult = 1; ++ ++ end: ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ if (namesa != NULL) ++ GENERAL_NAME_free(namesa[i]); ++ if (namesb != NULL) ++ GENERAL_NAME_free(namesb[i]); ++ } ++ OPENSSL_free(namesa); ++ OPENSSL_free(namesb); ++ ++ if (!testresult) ++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n"); ++ ++ return testresult; ++} ++ ++ ++ + int main(void) + { + const struct set_name_fn *pfn = name_fns; +@@ -342,5 +692,8 @@ int main(void) + } + ++pfn; + } ++ ++ errors += !test_GENERAL_NAME_cmp(); ++ + return errors > 0 ? 1 : 0; + } commit 606040235bbd24ade4e62bba4c9c12d7b2e3faa9 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue May 25 10:44:13 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:55:52 2021 +0200 upgrade to Expat 2.4.1 drop ubsan patch in favour of fix applied as https://github.com/libexpat/libexpat/pull/398 Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422 Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/download.lst b/download.lst index 959dc69352ef..82744c18d324 100644 --- a/download.lst +++ b/download.lst @@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a export ETONYEK_VERSION_MICRO := 9 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz -export EXPAT_SHA256SUM := 9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102 -export EXPAT_TARBALL := expat-2.2.8.tar.bz2 +export EXPAT_SHA256SUM := 2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40 +export EXPAT_TARBALL := expat-2.4.1.tar.bz2 export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017 diff --git a/external/expat/expat-winapi.patch b/external/expat/expat-winapi.patch index b33c12b83b4c..bd4da1472fc8 100644 --- a/external/expat/expat-winapi.patch +++ b/external/expat/expat-winapi.patch @@ -11,3 +11,17 @@ # endif #endif /* not defined XML_STATIC */ +--- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100 ++++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600 +0100 +@@ -92,6 +92,11 @@ + + #include <expat_config.h> + ++#ifdef _WIN32 ++# undef HAVE_GETRANDOM ++# undef HAVE_SYSCALL_GETRANDOM ++#endif ++ + #include "ascii.h" + #include "expat.h" + #include "siphash.h" commit 7fcd9187a962b0b5dea492ad50e62ff8592784da Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Fri May 21 13:33:26 2021 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:54:17 2021 +0200 libxml2: upgrade to release 2.9.12 Fixes: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 * external/libxml2/ubsan.patch.0: remove, fixed upstream Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927 Tested-by: Michael Stahl <michael.st...@allotropia.de> Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673 diff --git a/download.lst b/download.lst index 6d2b527f7dfb..959dc69352ef 100644 --- a/download.lst +++ b/download.lst @@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304 export LIBTOMMATH_TARBALL := ltm-1.0.zip export XMLSEC_SHA256SUM := 13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4 export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz -export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f -export LIBXML_VERSION_MICRO := 10 +export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92 +export LIBXML_VERSION_MICRO := 12 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f export LIBXSLT_VERSION_MICRO := 34 diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1 index 8c28fb6a7806..5a2ef1485e92 100644 --- a/external/libxml2/libxml2-config.patch.1 +++ b/external/libxml2/libxml2-config.patch.1 @@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR. +exec_prefix=${WORKDIR}/UnpackedTarball/libxml2 +includedir=${WORKDIR}/UnpackedTarball/libxml2/include +libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs + cflags= + libs= - usage() - { @@ -67,7 +72,8 @@ ;; diff --git a/external/libxml2/libxml2-global-symbols.patch b/external/libxml2/libxml2-global-symbols.patch index 49ee73731562..cfec9c530281 100644 --- a/external/libxml2/libxml2-global-symbols.patch +++ b/external/libxml2/libxml2-global-symbols.patch @@ -14,8 +14,8 @@ LIBXML2_2.6.32 { @@ -2231,3 +2231,43 @@ - xmlHashDefaultDeallocator; - } LIBXML2_2.9.1; + xmlPopOutputCallbacks; + } LIBXML2_2.9.8; +# HACK: export global variable accessor functions (globals.h) +LIBXML2_GLOBAL_VARIABLES { commit b9fb17bd958ca655291693e56da404bedcd16e53 Author: Luboš Luňák <l.lu...@collabora.com> AuthorDate: Thu Apr 29 20:10:34 2021 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:52:57 2021 +0200 allow utf-8 in xml names (liborcus) (tdf#141672) Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892 Tested-by: Jenkins Reviewed-by: Luboš Luňák <l.lu...@collabora.com> (cherry picked from commit 6b7c2fa65eb68be520ed4135cc245e33fa22e8bf) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114915 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index e1d810a49dc2..69622222f342 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -27,6 +27,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/0001-Prevent-unsigned-integer-underflow.patch \ )) +$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ + external/liborcus/allow-utf-8-in-xml-names.patch \ +)) + ifeq ($(OS),WNT) $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/windows-constants-hack.patch \ diff --git a/external/liborcus/allow-utf-8-in-xml-names.patch b/external/liborcus/allow-utf-8-in-xml-names.patch new file mode 100644 index 000000000000..e3430881053d --- /dev/null +++ b/external/liborcus/allow-utf-8-in-xml-names.patch @@ -0,0 +1,301 @@ +From fa9b6845ed583f5486372c6ffbc59e02a140d303 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lubo=C5=A1=20Lu=C5=88=C3=A1k?= <l.lu...@centrum.cz> +Date: Thu, 29 Apr 2021 19:12:20 +0200 +Subject: [PATCH] allow utf-8 in xml names (#137) + +https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar +has a list of all allowed characters. +--- + include/orcus/sax_parser_base.hpp | 3 + + src/orcus_test_xml.cpp | 1 + + src/parser/sax_parser_base.cpp | 201 ++++++++++++++++++++++++++++-- + test/xml/non-ascii/check.txt | 4 + + test/xml/non-ascii/input.xml | 4 + + 5 files changed, 201 insertions(+), 12 deletions(-) + create mode 100644 test/xml/non-ascii/check.txt + create mode 100644 test/xml/non-ascii/input.xml + +diff --git a/include/orcus/sax_parser_base.hpp b/include/orcus/sax_parser_base.hpp +index 9939e133..8394c07b 100644 +--- a/include/orcus/sax_parser_base.hpp ++++ b/include/orcus/sax_parser_base.hpp +@@ -218,6 +218,9 @@ protected: + void element_name(parser_element& elem, std::ptrdiff_t begin_pos); + void attribute_name(pstring& attr_ns, pstring& attr_name); + void characters_with_encoded_char(cell_buffer& buf); ++ ++ int is_name_char(); ++ int is_name_start_char(); + }; + + }} +diff --git a/src/orcus_test_xml.cpp b/src/orcus_test_xml.cpp +index 8a864d68..35f3dea7 100644 +--- a/src/orcus_test_xml.cpp ++++ b/src/orcus_test_xml.cpp +@@ -77,6 +77,7 @@ const char* sax_parser_test_dirs[] = { + SRCDIR"/test/xml/no-decl-1/", + SRCDIR"/test/xml/underscore-identifier/", + SRCDIR"/test/xml/self-closing-root/", ++ SRCDIR"/test/xml/non-ascii/", + }; + + const char* sax_parser_parse_only_test_dirs[] = { +diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp +index 97aa34ec..db51ff94 100644 +--- a/src/parser/sax_parser_base.cpp ++++ b/src/parser/sax_parser_base.cpp +@@ -328,20 +328,182 @@ bool parser_base::value(pstring& str, bool decode) + return transient_stream(); + } + ++// https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar ++// Return length of the character in bytes, otherwise 0. ++template< bool only_start_name > ++static ++int is_name_char_helper(const char* mp_char, const char* mp_end) ++{ ++ const unsigned char first = mp_char[0]; ++ // Note that ':' technically is an allowed name character, but it is handled separately ++ // e.g. in element_name(), so here pretend it isn't. ++ if (/*first == ':' ||*/ first == '_' || (first >= 'A' && first <= 'Z') || (first >= 'a' && first <= 'z')) ++ return 1; ++ if (!only_start_name && (first == '-' || first == '.' || (first >= '0' && first <= '9'))) ++ return 1; ++ ++ if (first < 0x7f) // other ascii characters are not allowed ++ return 0; ++ if (mp_end < mp_char + 1) ++ return 0; ++ const unsigned char second = mp_char[1]; ++ ++ // 0xb7 = 0xc2 0xb7 utf-8 ++ if (!only_start_name && first == 0xc2 && second == 0xb7) ++ return 2; ++ ++ // [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] ++ // 0xc0 = 0xc3 0x80 utf-8 ++ if (first < 0xc3) ++ return 0; ++ // xd7 = 0xc3 0x97 utf-8, 0xf7 = 0xc3 0xb7 utf-8 ++ if (first == 0xc3) ++ return second >= 0x80 && second <= 0xff && second != 0x97 && second != 0xb7 ? 2 : 0; ++ // 0x2ff = 0xcb 0xbf utf-8, 0x300 = 0xcc 0x80 utf-8 ++ if (first >= 0xc4 && first <= 0xcb) ++ return 2; ++ ++ // [#x0300-#x036F] ++ // 0x0300 = 0xcc 0x80 utf-8, 0x36f = 0xcd 0xaf utf-8 ++ if (!only_start_name && first == 0xcc) ++ return 2; ++ if (!only_start_name && first == 0xcd && second <= 0xaf) ++ return 2; ++ ++ // [#x370-#x37D] | [#x37F-#x1FFF] ++ // 0x370 = 0xcd 0xb0 utf-8, 0x37e = 0xcd 0xbe ++ if (first < 0xcd) ++ return 0; ++ if (first == 0xcd) ++ return second >= 0xb0 && second != 0xbe ? 2 : 0; ++ // 0x07ff = 0xdf 0xbf utf-8 (the last 2-byte utf-8) ++ if (first <= 0xdf) ++ return 2; ++ ++ if (first < 0xe0) ++ return 0; ++ if (mp_end < mp_char + 2) ++ return 0; ++ const unsigned char third = mp_char[2]; ++ ++ // 0x0800 = 0xe0 0xa0 0x80 utf-8, 0x1fff = 0xe1 0xbf 0xbf utf-8, 0x2000 = 0xe2 0x80 0x80 ++ if (first == 0xe0 || first == 0xe1) ++ return 3; ++ ++ // [#x200C-#x200D] ++ // 0x200c = 0xe2 0x80 0x8c utf-8, 0x200d = 0xe2 0x80 0x8d utf-8 ++ if (first < 0xe2) ++ return 0; ++ if (first == 0xe2 && second == 0x80 && (third == 0x8c || third == 0x8d)) ++ return 3; ++ ++ // [#x203F-#x2040] ++ // 0x203f = 0xe2 0x80 0xbf utf-8, 0x2040 = 0xe2 0x81 0x80 utf-8 ++ if (!only_start_name && first == 0xe2 && second == 0x80 && third == 0xbf) ++ return 3; ++ if (!only_start_name && first == 0xe2 && second == 0x81 && third == 0x80) ++ return 3; ++ ++ // [#x2070-#x218F] ++ // 0x2070 = 0xe2 0x81 0xb0 utf-8, 0x218f = 0xe2 0x86 0x8f utf-8 ++ if (first == 0xe2) ++ { ++ if (second < 0x81) ++ return 0; ++ if (second >= 0x81 && second < 0x86) ++ return 3; ++ if (second == 0x86 && third <= 0x8f) ++ return 3; ++ } ++ ++ // [#x2C00-#x2FEF] ++ // 0x2c00 = 0xe2 0xb0 0x80 utf-8, 0x2fef = 0xe2 0xbf 0xaf utf-8 ++ if (first == 0xe2) ++ { ++ if (second < 0xb0) ++ return 0; ++ if (second < 0xbf) ++ return 3; ++ if (second == 0xbf && third <= 0xaf) ++ return 3; ++ } ++ ++ // [#x3001-#xD7FF] ++ // 0x3001 = 0xe3 0x80 0x81 utf-8, 0xd7ff = 0xed 0x9f 0xbf utf-8, 0xd800 = 0xed 0xa0 0x80 utf-8 ++ if (first < 0xe3) ++ return 0; ++ if (first < 0xed) ++ return 3; ++ if (first == 0xed && second <= 0x9f) ++ return 3; ++ ++ // [#xF900-#xFDCF] ++ // 0xf900 = 0xef 0xa4 0x80 utf-8, 0xfdcf = 0xef 0xb7 0x8f utf-8 ++ if (first == 0xef) ++ { ++ if (second < 0xa4) ++ return 0; ++ if (second < 0xb7) ++ return 3; ++ if (second == 0xb7 && third <= 0x8f) ++ return 3; ++ } ++ ++ // [#xFDF0-#xFFFD] ++ // 0xfdf0 = 0xef 0xb7 0xb0 utf-8, 0xfffd = 0xef 0xbf 0xbd utf-8 ++ if (first == 0xef) ++ { ++ assert(second >= 0xb7); ++ if (second == 0xb7 && third < 0xb0) ++ return 0; ++ if (second < 0xbe) ++ return 3; ++ if (second == 0xbf && third <= 0xbd) ++ return 3; ++ } ++ ++ if (first < 0xf0) ++ return 0; ++ if (mp_end < mp_char + 3) ++ return 0; ++ // const unsigned char fourth = mp_char[3]; ++ ++ // [#x10000-#xEFFFF] ++ // 0x10000 = 0xf0 0x90 0x80 0x80 utf-8, 0xeffff = 0xf3 0xaf 0xbf 0xbf utf-8, ++ // 0xf0000 = 0xf3 0xb0 0x80 0x80 utf-8 ++ if (first >= 0xf0 && first < 0xf2) ++ return 4; ++ if (first == 0xf3 && second < 0xb0) ++ return 4; ++ ++ return 0; ++} ++ ++int parser_base::is_name_char() ++{ ++ return is_name_char_helper<false>(mp_char, mp_end); ++} ++ ++int parser_base::is_name_start_char() ++{ ++ return is_name_char_helper<true>(mp_char, mp_end); ++} ++ + void parser_base::name(pstring& str) + { + const char* p0 = mp_char; +- char c = cur_char(); +- if (!is_alpha(c) && c != '_') ++ int skip = is_name_start_char(); ++ if (skip == 0) + { + ::std::ostringstream os; +- os << "name must begin with an alphabet, but got this instead '" << c << "'"; ++ os << "name must begin with an alphabet, but got this instead '" << cur_char() << "'"; + throw malformed_xml_error(os.str(), offset()); + } ++ next(skip); + + #if defined(__ORCUS_CPU_FEATURES) && defined(__SSE4_2__) + +- const __m128i match = _mm_loadu_si128((const __m128i*)"azAZ09--__"); ++ const __m128i match = _mm_loadu_si128((const __m128i*)"azAZ09--__.."); + const int mode = _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS | _SIDD_NEGATIVE_POLARITY; + + size_t n_total = available_size(); +@@ -351,20 +513,35 @@ void parser_base::name(pstring& str) + __m128i char_block = _mm_loadu_si128((const __m128i*)mp_char); + + int n = std::min<size_t>(16u, n_total); +- int r = _mm_cmpestri(match, 10, char_block, n, mode); ++ int r = _mm_cmpestri(match, 12, char_block, n, mode); + mp_char += r; // Move the current char position. ++ n_total -= r; + +- if (r < 16) +- // No need to move to the next segment. Stop here. +- break; ++ if (r < 16 && n_total) ++ { ++ // There is a character that does not match the SSE-based ASCII-only check. ++ // It may either by an ascii character that is not allowed, in which case stop, ++ // or it may possibly be an allowed utf-8 character, in which case move over it ++ // using the slow function. ++ skip = is_name_char(); ++ if(skip == 0) ++ break; ++ next(skip); ++ n_total -= skip; ++ } + +- // Skip 16 chars to the next segment. +- n_total -= 16; + } ++ cur_char_checked(); // check end of xml stream + + #else +- while (is_alpha(c) || is_numeric(c) || is_name_char(c)) +- c = next_char_checked(); ++ for(;;) ++ { ++ cur_char_checked(); // check end of xml stream ++ skip = is_name_char(); ++ if(skip == 0) ++ break; ++ next(skip); ++ } + #endif + + str = pstring(p0, mp_char-p0); +diff --git a/test/xml/non-ascii/check.txt b/test/xml/non-ascii/check.txt +new file mode 100644 +index 00000000..77b7c003 +--- /dev/null ++++ b/test/xml/non-ascii/check.txt +@@ -0,0 +1,4 @@ ++/Myšička ++/Myšička@jméno="Žužla" ++/Myšička/Nožičky ++/Myšička/Nožičky"4" +diff --git a/test/xml/non-ascii/input.xml b/test/xml/non-ascii/input.xml +new file mode 100644 +index 00000000..c516744b +--- /dev/null ++++ b/test/xml/non-ascii/input.xml +@@ -0,0 +1,4 @@ ++<?xml version="1.0" encoding="UTF-8"?> ++<Myšička jméno="Žužla"> ++ <Nožičky>4</Nožičky> ++</Myšička> +-- +2.26.2 + commit dd75371c2ed09dd77624ac2966963e375003996f Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Tue Feb 16 09:30:09 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:52:40 2021 +0200 Improve checkExtension Change-Id: Iff416a9c5930ad5903f7ee51a2abbc94d5f40800 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110970 Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com> Tested-by: Jenkins (cherry picked from commit f456c4dacf700e064e112ef068ff7edb04239754) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110922 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit f19d95986756412e5d72047656eec17a720c5e57) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113049 Tested-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index 4c69da98e89e..00384b8bd235 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -409,21 +409,28 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa } } pathname = o3tl::toU(path); + // ShellExecuteExW appears to ignore trailing dots, so remove them: + while (pathname.endsWith(".", &pathname)) {} auto const n = pathname.lastIndexOf('.'); if (n > pathname.lastIndexOf('\\')) { auto const ext = pathname.copy(n + 1); - OUString env; - if (osl_getEnvironment(OUString("PATHEXT").pData, &env.pData) != osl_Process_E_None) - { - SAL_INFO("shell", "osl_getEnvironment(PATHEXT) failed"); - } - if (!(checkExtension(ext, env) - && checkExtension( - ext, - ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;.JAR"))) - { - throw css::lang::IllegalArgumentException( - "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0); + if (!ext.isEmpty()) { + OUString env; + if (osl_getEnvironment(OUString("PATHEXT").pData, &env.pData) + != osl_Process_E_None) + { + SAL_INFO("shell", "osl_getEnvironment(PATHEXT) failed"); + } + if (!(checkExtension(ext, env) + && checkExtension( + ext, + ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;" + ".JAR;.APPLICATION;.LNK;.SCR"))) + { + throw css::lang::IllegalArgumentException( + "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, + 0); + } } } } commit 672041221a30eb2e8a4b344f74093f1d894802dc Author: Mike Kaganski <mike.kagan...@collabora.com> AuthorDate: Tue Jan 28 01:28:24 2020 +0300 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:52:22 2021 +0200 tdf#130216: normalize paths with .. segments ... which obviously are rejected by SHGetFileInfoW and SHParseDisplayName that it calls internally. Change-Id: I2f5f3c675ea6aa1c2d92eef30be4399a8d600255 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87565 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com> Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87737 Reviewed-by: Miklos Vajna <vmik...@collabora.com> diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index 394f7a4f42d3..4c69da98e89e 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -37,6 +37,7 @@ #define WIN32_LEAN_AND_MEAN #include <windows.h> #include <shellapi.h> +#include <Shlobj.h> #include <Shobjidl.h> #include <objbase.h> @@ -327,21 +328,33 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa + "> failed with " + OUString::number(e1)), {}, 0); } + const int MAX_LONG_PATH = 32767; // max longpath on WinNT + if (pathname.getLength() >= MAX_LONG_PATH) + { + throw css::lang::IllegalArgumentException( + "XSystemShellExecute.execute, path <" + pathname + "> too long", {}, 0); + } + wchar_t path[MAX_LONG_PATH]; + wcscpy_s(path, o3tl::toW(pathname.getStr())); for (int i = 0;; ++i) { + // tdf#130216: normalize c:\path\to\something\..\else into c:\path\to\else + if (PathResolve(path, nullptr, PRF_VERIFYEXISTS | PRF_REQUIREABSOLUTE) == 0) + { + throw css::lang::IllegalArgumentException( + "XSystemShellExecute.execute, PathResolve(" + OUString(o3tl::toU(path)) + + ") failed", + {}, 0); + } SHFILEINFOW info; - if (SHGetFileInfoW( - o3tl::toW(pathname.getStr()), 0, &info, sizeof info, SHGFI_EXETYPE) - != 0) + if (SHGetFileInfoW(path, 0, &info, sizeof info, SHGFI_EXETYPE) != 0) { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0); } - if (SHGetFileInfoW( - o3tl::toW(pathname.getStr()), 0, &info, sizeof info, SHGFI_ATTRIBUTES) - == 0) + if (SHGetFileInfoW(path, 0, &info, sizeof info, SHGFI_ATTRIBUTES) == 0) { throw css::lang::IllegalArgumentException( - "XSystemShellExecute.execute, SHGetFileInfoW(" + pathname + ") failed", {}, + "XSystemShellExecute.execute, SHGetFileInfoW(" + OUString(o3tl::toU(path)) + ") failed", {}, 0); } if ((info.dwAttributes & SFGAO_LINK) == 0) { @@ -366,7 +379,7 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa + o3tl::runtimeToOUString(e3.what())), {}, 0); } - e2 = file->Load(o3tl::toW(pathname.getStr()), STGM_READ); + e2 = file->Load(path, STGM_READ); if (FAILED(e2)) { throw css::lang::IllegalArgumentException( ("XSystemShellExecute.execute, IPersistFile.Load failed with " @@ -380,16 +393,14 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa + OUString::number(e2)), {}, 0); } - wchar_t path[MAX_PATH]; WIN32_FIND_DATAW wfd; - e2 = link->GetPath(path, MAX_PATH, &wfd, SLGP_RAWPATH); + e2 = link->GetPath(path, SAL_N_ELEMENTS(path), &wfd, SLGP_RAWPATH); if (FAILED(e2)) { throw css::lang::IllegalArgumentException( ("XSystemShellExecute.execute, IShellLink.GetPath failed with " + OUString::number(e2)), {}, 0); } - pathname = o3tl::toU(path); // Fail at some arbitrary nesting depth, to avoid an infinite loop: if (i == 30) { throw css::lang::IllegalArgumentException( @@ -397,6 +408,7 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa {}, 0); } } + pathname = o3tl::toU(path); auto const n = pathname.lastIndexOf('.'); if (n > pathname.lastIndexOf('\\')) { auto const ext = pathname.copy(n + 1); commit ecdb5a911d3c8a97ae59acc554eff78502725ebd Author: Stephan Bergmann <sberg...@redhat.com> AuthorDate: Wed Nov 25 09:13:12 2020 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:49:59 2021 +0200 Better handling of Java files Change-Id: Ifa662be39ac7d35241ee31956e2556b7ba3b5a02 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106558 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit 696739056f37430154d6333b8f7228d1c44d09b3) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106520 Reviewed-by: Michael Stahl <michael.st...@cib.de> (cherry picked from commit ec5adc39cbea6d754ef68ab3d03fb16066b27e40) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107060 Tested-by: Michael Stahl <michael.st...@cib.de> diff --git a/shell/source/unix/exec/shellexec.cxx b/shell/source/unix/exec/shellexec.cxx index 313007787489..0810b0534112 100644 --- a/shell/source/unix/exec/shellexec.cxx +++ b/shell/source/unix/exec/shellexec.cxx @@ -150,6 +150,10 @@ void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aPar { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0); + } else if (pathname.endsWithIgnoreAsciiCase(".class") + || pathname.endsWithIgnoreAsciiCase(".jar")) + { + dir = true; } } diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index c4091616f7d8..394f7a4f42d3 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -407,7 +407,8 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa } if (!(checkExtension(ext, env) && checkExtension( - ext, ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY"))) + ext, + ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;.JAR"))) { throw css::lang::IllegalArgumentException( "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0); commit ca3632ad0804b99a614a1a5dcebb10f8bce36b92 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Jan 6 19:30:07 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:49:26 2021 +0200 poppler: upgrade to release 21.01.0 Fixes CVE-2020-27778, CVE-2020-35702 and changelogs mention lots of fuzzing fixes. Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904 Tested-by: Michael Stahl <michael.st...@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108949 Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/download.lst b/download.lst index 5f7f7dadb8fb..6d2b527f7dfb 100644 --- a/download.lst +++ b/download.lst @@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3 export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca export LIBPNG_TARBALL := libpng-1.6.37.tar.xz -export POPPLER_SHA256SUM := 234f8e573ea57fb6a008e7c1e56bfae1af5d1adf0e65f47555e1ae103874e4df -export POPPLER_TARBALL := poppler-0.82.0.tar.xz +export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3 +export POPPLER_TARBALL := poppler-21.01.0.tar.xz export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2 export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 diff --git a/external/poppler/StaticLibrary_poppler.mk b/external/poppler/StaticLibrary_poppler.mk index 8bf9f528ee9e..3cc0a95e3617 100644 --- a/external/poppler/StaticLibrary_poppler.mk +++ b/external/poppler/StaticLibrary_poppler.mk @@ -35,6 +35,23 @@ endif $(eval $(call gb_StaticLibrary_set_generated_cxx_suffix,poppler,cc)) +$(eval $(call gb_StaticLibrary_add_generated_cobjects,poppler,\ + UnpackedTarball/poppler/poppler/CourierWidths.pregenerated \ + UnpackedTarball/poppler/poppler/CourierBoldWidths.pregenerated \ + UnpackedTarball/poppler/poppler/CourierBoldObliqueWidths.pregenerated \ + UnpackedTarball/poppler/poppler/CourierObliqueWidths.pregenerated \ + UnpackedTarball/poppler/poppler/HelveticaWidths.pregenerated \ + UnpackedTarball/poppler/poppler/HelveticaBoldWidths.pregenerated \ + UnpackedTarball/poppler/poppler/HelveticaBoldObliqueWidths.pregenerated \ + UnpackedTarball/poppler/poppler/HelveticaObliqueWidths.pregenerated \ + UnpackedTarball/poppler/poppler/SymbolWidths.pregenerated \ + UnpackedTarball/poppler/poppler/TimesBoldWidths.pregenerated \ + UnpackedTarball/poppler/poppler/TimesBoldItalicWidths.pregenerated \ + UnpackedTarball/poppler/poppler/TimesItalicWidths.pregenerated \ + UnpackedTarball/poppler/poppler/TimesRomanWidths.pregenerated \ + UnpackedTarball/poppler/poppler/ZapfDingbatsWidths.pregenerated \ +)) + $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\ UnpackedTarball/poppler/goo/gfile \ UnpackedTarball/poppler/goo/GooTimer \ @@ -56,8 +73,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\ UnpackedTarball/poppler/fofi/FoFiIdentifier \ UnpackedTarball/poppler/poppler/Annot \ UnpackedTarball/poppler/poppler/Array \ - UnpackedTarball/poppler/poppler/BuiltinFont \ - UnpackedTarball/poppler/poppler/BuiltinFontTables \ + UnpackedTarball/poppler/poppler/BBoxOutputDev \ UnpackedTarball/poppler/poppler/CachedFile \ UnpackedTarball/poppler/poppler/Catalog \ UnpackedTarball/poppler/poppler/CertificateInfo \ @@ -79,6 +95,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\ UnpackedTarball/poppler/poppler/Hints \ UnpackedTarball/poppler/poppler/JArithmeticDecoder \ UnpackedTarball/poppler/poppler/JBIG2Stream \ + UnpackedTarball/poppler/poppler/JSInfo \ UnpackedTarball/poppler/poppler/Lexer \ UnpackedTarball/poppler/poppler/Link \ UnpackedTarball/poppler/poppler/Linearization \ @@ -93,6 +110,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\ UnpackedTarball/poppler/poppler/PageTransition \ UnpackedTarball/poppler/poppler/Parser \ UnpackedTarball/poppler/poppler/PDFDoc \ + UnpackedTarball/poppler/poppler/PDFDocBuilder \ UnpackedTarball/poppler/poppler/PDFDocEncoding \ UnpackedTarball/poppler/poppler/PDFDocFactory \ UnpackedTarball/poppler/poppler/ProfileData \ diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1 index cb74cd66fb5e..b902402ea4e7 100644 --- a/external/poppler/poppler-config.patch.1 +++ b/external/poppler/poppler-config.patch.1 @@ -1,5 +1,7 @@ *three* poppler config headers +note: to get the 3rd one, use -DENABLE_CPP=on + mkdir build && cd build && cmake .. -DENABLE_DCTDECODER=libjpeg -DHAVE_CAIRO=off -DENABLE_LIBOPENJPEG=none -DENABLE_CMS=none -DENABLE_LIBCURL=off -DENABLE_ZLIB=off -DENABLE_ZLIB_UNCOMPRESS=off -DENABLE_NSS3=off -DENABLE_LIBPNG=off -DENABLE_LIBTIFF=off -DENABLE_SPLASH=off -DENABLE_UTILS=off -DENABLE_CPP=off -DENABLE_GLIB=off -DENABLE_GOBJECT_INTROSPECTION=off -DENABLE_GTK_DOC=off -DENABLE_QT5=off manually disabled these because cmake failed to do it: @@ -14,7 +16,7 @@ new file mode 100644 index 0fbd336a..451213f8 100644 --- /dev/null +++ b/config.h -@@ -0,0 +1,248 @@ +@@ -0,0 +1,221 @@ +/* config.h. Generated from config.h.cmake by cmake. */ + +/* Build against libcurl. */ @@ -120,21 +122,6 @@ index 0fbd336a..451213f8 100644 +#endif + +#if !defined(_WIN32) -+/* Define to 1 if you have the `rand_r' function. */ -+#define HAVE_RAND_R 1 -+#endif -+ -+#if defined(_WIN32) -+/* Define to 1 if you have the `strcpy_s' function. */ -+#define HAVE_STRCPY_S 1 -+#endif -+ -+#if defined(_WIN32) -+/* Define to 1 if you have the `strcat_s' function. */ -+#define HAVE_STRCAT_S 1 -+#endif -+ -+#if !defined(_WIN32) +/* Defines if strtok_r is available on your system */ +#define HAVE_STRTOK_R 1 +#endif @@ -147,9 +134,6 @@ index 0fbd336a..451213f8 100644 +#define HAVE_POPEN 1 +#endif + -+/* Use splash for rendering. */ -+/* #undef HAVE_SPLASH */ -+ +#if !defined(__APPLE__) && !defined(_WIN32) +/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'. + */ @@ -179,9 +163,6 @@ index 0fbd336a..451213f8 100644 +/* Define as const if the declaration of iconv() needs const. */ +#define ICONV_CONST + -+/* Enable multithreading support. */ -+#define MULTITHREADED 1 -+ +/* Generate OPI comments in PS output. */ +#define OPI_SUPPORT 1 + @@ -195,7 +176,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_NAME "poppler" + +/* Define to the full name and version of this package. */ -+#define PACKAGE_STRING "poppler 0.82.0" ++#define PACKAGE_STRING "poppler 21.01.0" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "poppler" @@ -204,7 +185,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_URL "" + +/* Define to the version of this package. */ -+#define PACKAGE_VERSION "0.82.0" ++#define PACKAGE_VERSION "21.01.0" + +/* Poppler data dir */ +#define POPPLER_DATADIR "/usr/local/share/poppler" @@ -212,23 +193,17 @@ index 0fbd336a..451213f8 100644 +/* Support for curl based doc builder is compiled in. */ +/* #undef POPPLER_HAS_CURL_SUPPORT */ + -+/* Include support for CMYK rasterization */ -+/* #undef SPLASH_CMYK */ -+ +/* Enable word list support. */ +#define TEXTOUT_WORD_LIST 1 + +/* Defines if use cms */ +/* #undef USE_CMS */ + -+/* Use fixed point arithmetic in the Splash backend */ -+/* #undef USE_FIXEDPOINT */ -+ +/* Use single precision arithmetic in the Splash backend */ +/* #undef USE_FLOAT */ + +/* Version number of package */ -+#define VERSION "0.82.0" ++#define VERSION "21.01.0" + +#if defined(__APPLE__) +#elif defined (_WIN32) @@ -268,7 +243,7 @@ new file mode 100644 index 0fbd336a..451213f8 100644 --- /dev/null +++ b/poppler/poppler-config.h -@@ -0,0 +1,173 @@ +@@ -0,0 +1,166 @@ +//================================================= -*- mode: c++ -*- ==== +// +// poppler-config.h @@ -288,6 +263,9 @@ index 0fbd336a..451213f8 100644 +// Copyright (C) 2014 Hib Eris <h...@hiberis.nl> +// Copyright (C) 2016 Tor Lillqvist <t...@collabora.com> +// Copyright (C) 2017 Adrian Johnson <ajohn...@redneon.com> ++// Copyright (C) 2018 Adam Reichold <adam.reich...@t-online.de> ++// Copyright (C) 2018 Stefan Brüns <stefan.bru...@rwth-aachen.de> ++// Copyright (C) 2020 Albert Astals Cid <aa...@kde.org> +// +// To see a description of the changes please see the Changelog file that +// came with your tarball or type make ChangeLog if you are building from git @@ -304,17 +282,7 @@ index 0fbd336a..451213f8 100644 + +/* Defines the poppler version. */ +#ifndef POPPLER_VERSION -+#define POPPLER_VERSION "0.82.0" -+#endif -+ -+/* Enable multithreading support. */ -+#ifndef MULTITHREADED -+#define MULTITHREADED 1 -+#endif -+ -+/* Use fixedpoint. */ -+#ifndef USE_FIXEDPOINT -+/* #undef USE_FIXEDPOINT */ ++#define POPPLER_VERSION "21.01.0" +#endif + +/* Use single precision arithmetic in the Splash backend */ @@ -401,17 +369,17 @@ index 0fbd336a..451213f8 100644 +/* #undef USE_BOOST_HEADERS */ +#endif + -+// Also, there are preprocessor symbols in the header files -+// that are used but never defined when building poppler using configure -+// or cmake: DISABLE_OUTLINE, DEBUG_MEM, -+// ENABLE_PLUGINS, DEBUG_FORMS ++/* Is splash backend available */ ++#ifndef HAVE_SPLASH ++/* #undef HAVE_SPLASH */ ++#endif + +//------------------------------------------------------------------------ +// version +//------------------------------------------------------------------------ + +// copyright notice -+#define popplerCopyright "Copyright 2005-2018 The Poppler Developers - http://poppler.freedesktop.org" ++#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org" +#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC" + +//------------------------------------------------------------------------ @@ -429,7 +397,7 @@ index 0fbd336a..451213f8 100644 +//------------------------------------------------------------------------ + +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4) -+#include <stdio.h> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h ++#include <cstdio> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h +#ifdef __MINGW_PRINTF_FORMAT +#define GCC_PRINTF_FORMAT(fmt_index, va_index) \ + __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index))) @@ -471,9 +439,9 @@ index 0fbd336a..451213f8 100644 + +#include "poppler-global.h" + -+#define POPPLER_VERSION "0.82.0" -+#define POPPLER_VERSION_MAJOR 0 -+#define POPPLER_VERSION_MINOR 82 ++#define POPPLER_VERSION "21.01.0" ++#define POPPLER_VERSION_MAJOR 21 ++#define POPPLER_VERSION_MINOR 1 +#define POPPLER_VERSION_MICRO 0 + +namespace poppler commit 3c3e46fd87f953d85dce9df5f4e9ed1e5933094b Author: Martin Whitaker <f...@martin-whitaker.me.uk> AuthorDate: Fri May 8 21:47:25 2020 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:49:07 2021 +0200 tdf#131353: Fix build with poppler 0.86.0 Change-Id: I89b4635a6a3e3a5522172d6f4c3f14e6c14994b1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93789 Tested-by: René Engelhard <r...@debian.org> Tested-by: Jenkins Reviewed-by: Tomáš Chvátal <tchva...@suse.com> (cherry picked from commit b42ab78fb871924896b3cc38a7b2f1257151f711) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96639 Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com> diff --git a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx index 36bab70cc6ad..94e771b9e8dc 100644 --- a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx +++ b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx @@ -563,7 +563,9 @@ void PDFOutDev::processLink(Link* link, Catalog*) if (!(pAction && pAction->getKind() == actionURI)) return; -#if POPPLER_CHECK_VERSION(0, 72, 0) +#if POPPLER_CHECK_VERSION(0, 86, 0) + const char* pURI = static_cast<LinkURI*>(pAction)->getURI().c_str(); +#elif POPPLER_CHECK_VERSION(0, 72, 0) const char* pURI = static_cast<LinkURI*>(pAction)->getURI()->c_str(); #else const char* pURI = static_cast<LinkURI*>(pAction)->getURI()->getCString(); commit c5ccacf74d3895ddc9eef6f2d754a46d9a13b8dc Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Wed Apr 18 07:19:00 2018 -0700 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:46:12 2021 +0200 [cp] HACK: sleep before sign On Windows, with 16x parallel build, build-nocheck target fails, because it tries to sign a file that is already in use (gengal). Change-Id: Ic582334f2c02f5e38f49d048fc0425025ffeee41 Reviewed-on: https://gerrit.libreoffice.org/75235 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl index 769b9efbcc7a..a443984a2a7b 100644 --- a/postprocess/signing/signing.pl +++ b/postprocess/signing/signing.pl @@ -41,6 +41,7 @@ my @args = (); my @files_to_sign = (); #### main ##### +sleep(120); $myname = script_id(); if ( $#ARGV < 2 ) { usage(); commit 339d94c0d95847c18f2a0f8219b0fa7161d6fc43 Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Thu Feb 11 08:27:23 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Sat Oct 9 23:46:04 2021 +0200 try to use a different timestamp service Change-Id: I0fdbe2871d74836d530a69532bf22c17f642c922 diff --git a/instsetoo_native/CustomTarget_install.mk b/instsetoo_native/CustomTarget_install.mk index ab620d5844ed..99082b14be22 100644 --- a/instsetoo_native/CustomTarget_install.mk +++ b/instsetoo_native/CustomTarget_install.mk @@ -131,7 +131,7 @@ endif endif # LIBO_TEST_INSTALL touch $@ -TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll" +TIMESTAMPURL ?= "http://timestamp.digicert.com/" $(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_signing.done: \ $(if $(filter HELP,$(BUILD_TYPE)),$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_helppack_signing.done) \ $(if $(filter ODK,$(BUILD_TYPE)),$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_sdk_signing.done) \ diff --git a/postprocess/CustomTarget_signing.mk b/postprocess/CustomTarget_signing.mk index 7ba7c5832f17..c2f03ce937a1 100644 --- a/postprocess/CustomTarget_signing.mk +++ b/postprocess/CustomTarget_signing.mk @@ -15,7 +15,7 @@ $(eval $(call gb_CustomTarget_register_targets,postprocess/signing,\ )) # PFXFILE and PFXPASSWORD should be set in environment -TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll" +TIMESTAMPURL ?= "http://timestamp.digicert.com/" $(call gb_CustomTarget_get_workdir,postprocess/signing)/signing.done: \ $(SRCDIR)/postprocess/signing/signing.pl \ diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl index ed8065399f05..769b9efbcc7a 100644 --- a/postprocess/signing/signing.pl +++ b/postprocess/signing/signing.pl @@ -241,7 +241,7 @@ sub usage #09.07.2007 08:39 print "\t -e filename\t\t\tFile which contains a list of files which don't have to be signed.\n"; print "\t -f pfx_filename\t\t\"Personal Information Exchange\" file.\n"; print "\t -p password\t\t\tPassword for \"Personal Information Exchange\" file.\n"; - print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.verisign.com/scripts/timstamp.dll\"\n"; + print "\t -t timestamp\t\t\tTimestamp URL e.g. \"http://timestamp.digicert.com/\"\n"; print "\t -l log_filename\t\tFile for logging.\n"; print "\t -v\t\t\t\tVerbose.\n"; } ##usage diff --git a/solenv/bin/modules/installer/windows/msp.pm b/solenv/bin/modules/installer/windows/msp.pm index 1bbeea8d20cb..95f51d846c40 100644 --- a/solenv/bin/modules/installer/windows/msp.pm +++ b/solenv/bin/modules/installer/windows/msp.pm @@ -1194,7 +1194,7 @@ sub create_msp_patch my $systemcall = "signtool.exe sign "; if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'} "; } if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p $ENV{'PFXPASSWORD'} "; } - if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.globalsign.com/scripts/timestamp.dll "; } + if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t $ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t http://timestamp.digicert.com/ "; } $systemcall .= "-d \"" . $allvariables->{'PRODUCTNAME'} . " " . $allvariables->{'PRODUCTVERSION'} . " Patch " . $allvariables->{'WINDOWSPATCHLEVEL'} . "\" "; $systemcall .= $localmspfilename; installer::logger::print_message( "... code signing and timestamping with signtool.exe ...\n" );