configure.ac | 6 connectivity/source/drivers/hsqldb/HDriver.cxx | 31 connectivity/source/manager/mdrivermanager.cxx | 7 download.lst | 870 ++++++++---- editeng/source/accessibility/AccessibleEditableTextPara.cxx | 3 embeddedobj/source/commonembedding/embedobj.cxx | 60 embeddedobj/source/commonembedding/specialobject.cxx | 9 embeddedobj/source/inc/commonembobj.hxx | 3 embeddedobj/source/inc/specialobject.hxx | 6 extensions/source/logging/csvformatter.cxx | 18 external/curl/curl-msvc-disable-protocols.patch.1 | 2 external/curl/curl-nss.patch.1 | 6 external/curl/zlib.patch.0 | 12 external/expat/expat-winapi.patch | 13 external/hsqldb/UnpackedTarball_hsqldb.mk | 1 external/hsqldb/patches/disable-dump-script.patch | 14 external/nss/UnpackedTarball_nss.mk | 2 external/nss/asan.patch.1 | 2 external/nss/clang-cl.patch.0 | 12 external/nss/macos-dlopen.patch.0 | 2 external/nss/nss-android.patch.1 | 6 external/nss/nss-ios.patch | 36 external/nss/nss-restore-manual-pre-dependencies.patch.1 | 2 external/nss/nss-win32-make.patch.1 | 4 external/nss/nss.aix.patch | 10 external/nss/nss.bzmozilla1238154.patch | 2 external/nss/nss.cygwin64.in32bit.patch | 2 external/nss/nss.nowerror.patch | 2 external/nss/nss.utf8bom.patch.1 | 4 external/nss/nss.vs2015.patch | 2 external/nss/nss.vs2015.pdb.patch | 2 external/nss/nss.windows.patch | 6 external/nss/nss_macosx.patch | 12 external/nss/ubsan.patch.0 | 2 external/postgresql/arm64.patch.1 | 2 external/postgresql/postgresql.exit.patch.0 | 4 external/skia/UnpackedTarball_skia.mk | 1 external/skia/missing-include.patch.0 | 10 formula/source/core/api/token.cxx | 13 include/svx/svdoole2.hxx | 17 include/svx/unoshape.hxx | 2 sc/source/core/inc/interpre.hxx | 12 sc/source/core/tool/interpr1.cxx | 4 sc/source/core/tool/interpr3.cxx | 4 sc/source/core/tool/interpr4.cxx | 10 sc/source/ui/docshell/documentlinkmgr.cxx | 9 sc/source/ui/drawfunc/drtxtob.cxx | 3 sc/source/ui/view/editsh.cxx | 3 sd/qa/unit/tiledrendering/tiledrendering.cxx | 8 sfx2/source/doc/iframe.cxx | 69 slideshow/source/engine/eventqueue.cxx | 4 solenv/gbuild/partial_build.mk | 2 starmath/source/unomodel.cxx | 27 svx/source/svdraw/svdoole2.cxx | 104 + svx/source/unodraw/shapeimpl.hxx | 5 svx/source/unodraw/unoshap4.cxx | 23 sw/inc/ndole.hxx | 4 sw/qa/extras/htmlexport/htmlexport.cxx | 16 sw/source/core/ole/ndole.cxx | 89 + vcl/source/window/layout.cxx | 28 xmloff/source/draw/ximpshap.cxx | 29 xmloff/source/draw/ximpshap.hxx | 2 62 files changed, 1181 insertions(+), 494 deletions(-)
New commits: commit 22e1bf2c53be4272eeef88efceb5e57b09d564bf Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Apr 20 20:58:21 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:12:02 2023 +0200 assume IFrame script/macro support isn't needed seems undocumented at least Change-Id: I316e4f4f25ddb7cf6b7bac4d856a721b987207a3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151020 Tested-by: Jenkins Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit a10a5994bddf7646196ff45f6af598420d8663ad) diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 16750d8da0b3..52962c4be75d 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -167,23 +167,16 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); xTrans->parseStrict( aTargetURL ); + INetURLObject aURLObject(aTargetURL.Complete); + if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script")) + return false; + uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); - if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) - { - if (pDoc && !pDoc->AdjustMacroMode()) - return false; - } - - if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) - return false; - bool bUpdateAllowed(true); if (pDoc) { - // perhaps should only check for file targets, but lets default to making it strong - // unless there is a known need to distinguish comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer(); bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate(); } diff --git a/sfx2/source/inc/eventsupplier.hxx b/sfx2/source/inc/eventsupplier.hxx index 303f4dbe5949..0bbd11ef1773 100644 --- a/sfx2/source/inc/eventsupplier.hxx +++ b/sfx2/source/inc/eventsupplier.hxx @@ -80,6 +80,7 @@ public: SfxObjectShell* i_document ); static void Execute( css::uno::Any const & aEventData, const css::document::DocumentEvent& aTrigger, SfxObjectShell* pDoc ); +private: /// Check if script URL whitelist exists, and if so, if current script url is part of it static bool isScriptURLAllowed(const OUString& aScriptURL); }; commit de5e624b6fb65e0418ffd7e1a33aed29dcb34c33 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Apr 13 11:31:17 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:12:02 2023 +0200 put floating frames under managed links control like we do for sections and ole objects that link to their content individual commits in trunk are: extract a OCommonEmbeddedObject::SetInplaceActiveState for reuse no behaviour change intended Change-Id: Ia1d12aa5c9afdc1347f6d4364bc6a0b7f41ee168 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150341 Tested-by: Caolán McNamara <caol...@redhat.com> Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 183e34a3f8c429c0698951e24c17844e416a3825) use parent window as dialog parent it makes no odds, but is more convenient for upcoming modification Change-Id: Ibc5333b137d2da089b3b701ff615c6ddf43063d0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150342 Tested-by: Caolán McNamara <caol...@redhat.com> Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit f93edf343658abd489bde3639d2ffaefd50c0f99) adjust IFrameObject so it could reuse mxFrame for a reload of content Change-Id: I7eec3132a23faafd9a2878215a0a117a67bc9bf2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150343 Tested-by: Caolán McNamara <caol...@redhat.com> Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 3a727d26fd9eb6fa140bc3f5cadf3db079d42206) query getUserAllowsLinkUpdate for the case of content in a floating frame similarly to how it works for the more common "normal" embedded objects Change-Id: I83e38dfa2f84907c2de9680e91f779d34864a9ad Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149971 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 52aa46468531918eabfa2031dedf50377ae72cf7) add a route to get writer Floating Frame links under 'manage links' Change-Id: If90ff71d6a96342574799312f764badaf97980eb Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150349 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 8b8a2844addbd262befb1a2d193dfb590dfa20be) allow SvxOle2Shape::resetModifiedState to survive having no SdrObject Change-Id: Iea059262c124e3f44249e49b4189732310d28156 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150538 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 02379929bd0e1d1676635f0ca1920422702ebb7c) create the FloatingFrameShape in a separate step to inserting it this is derived from the path taken by the AddShape(const OUString&) function for this case. No change in behavior is intended. Change-Id: Id09ae0c65a55a37743ad7c184070fb8dd97d8a7f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150526 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit bafec47847a0b9697b3bbe9358e53f8118af3024) add a route to get calc Floating Frame links under 'manage links' much harder than writer because the organization and ordering of properties and object activation etc is different. This ended up ugly, but functions. We set FrameURL before AddShape, we have to do it again later because it gets cleared when the SdrOle2Obj is attached to the XShape. But we want FrameURL to exist when AddShape triggers SetPersistName which itself triggers SdrOle2Obj::CheckFileLink_Impl and at that point we want to know what URL will end up being used. So bodge this by setting FrameURL to the temp pre-SdrOle2Obj attached properties and we can smuggle it eventually into SdrOle2Obj::SetPersistName at the right point after PersistName is set but before SdrOle2Obj::CheckFileLink_Impl is called in order to inform the link manager that this is an IFrame that links to a URL Change-Id: I67fc199fef9e67fa12ca7873f0fe12137aa16d8f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150539 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 07179a5a5bd00f34acfa8a3f260dd834ae003c63) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150755 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit b91ea614c0b753ab3d378acd0e2db8262e9dbd72) diff --git a/embeddedobj/source/commonembedding/embedobj.cxx b/embeddedobj/source/commonembedding/embedobj.cxx index 223f25e6302c..1f13338b9436 100644 --- a/embeddedobj/source/commonembedding/embedobj.cxx +++ b/embeddedobj/source/commonembedding/embedobj.cxx @@ -161,6 +161,37 @@ void OCommonEmbeddedObject::StateChangeNotification_Impl( bool bBeforeChange, sa rGuard.reset(); } +void OCommonEmbeddedObject::SetInplaceActiveState() +{ + if ( !m_xClientSite.is() ) + throw embed::WrongStateException( "client site not set, yet", *this ); + + uno::Reference< embed::XInplaceClient > xInplaceClient( m_xClientSite, uno::UNO_QUERY ); + if ( !xInplaceClient.is() || !xInplaceClient->canInplaceActivate() ) + throw embed::WrongStateException(); //TODO: can't activate inplace + xInplaceClient->activatingInplace(); + + uno::Reference< embed::XWindowSupplier > xClientWindowSupplier( xInplaceClient, uno::UNO_QUERY_THROW ); + + m_xClientWindow = xClientWindowSupplier->getWindow(); + m_aOwnRectangle = xInplaceClient->getPlacement(); + m_aClipRectangle = xInplaceClient->getClipRectangle(); + awt::Rectangle aRectangleToShow = GetRectangleInterception( m_aOwnRectangle, m_aClipRectangle ); + + // create own window based on the client window + // place and resize the window according to the rectangles + uno::Reference< awt::XWindowPeer > xClientWindowPeer( m_xClientWindow, uno::UNO_QUERY_THROW ); + + // dispatch provider may not be provided + uno::Reference< frame::XDispatchProvider > xContainerDP = xInplaceClient->getInplaceDispatchProvider(); + bool bOk = m_xDocHolder->ShowInplace( xClientWindowPeer, aRectangleToShow, xContainerDP ); + m_nObjectState = embed::EmbedStates::INPLACE_ACTIVE; + if ( !bOk ) + { + SwitchStateTo_Impl( embed::EmbedStates::RUNNING ); + throw embed::WrongStateException(); //TODO: can't activate inplace + } +} void OCommonEmbeddedObject::SwitchStateTo_Impl( sal_Int32 nNextState ) { @@ -234,34 +265,7 @@ void OCommonEmbeddedObject::SwitchStateTo_Impl( sal_Int32 nNextState ) { if ( nNextState == embed::EmbedStates::INPLACE_ACTIVE ) { - if ( !m_xClientSite.is() ) - throw embed::WrongStateException( "client site not set, yet", *this ); - - uno::Reference< embed::XInplaceClient > xInplaceClient( m_xClientSite, uno::UNO_QUERY ); - if ( !xInplaceClient.is() || !xInplaceClient->canInplaceActivate() ) - throw embed::WrongStateException(); //TODO: can't activate inplace - xInplaceClient->activatingInplace(); - - uno::Reference< embed::XWindowSupplier > xClientWindowSupplier( xInplaceClient, uno::UNO_QUERY_THROW ); - - m_xClientWindow = xClientWindowSupplier->getWindow(); - m_aOwnRectangle = xInplaceClient->getPlacement(); - m_aClipRectangle = xInplaceClient->getClipRectangle(); - awt::Rectangle aRectangleToShow = GetRectangleInterception( m_aOwnRectangle, m_aClipRectangle ); - - // create own window based on the client window - // place and resize the window according to the rectangles - uno::Reference< awt::XWindowPeer > xClientWindowPeer( m_xClientWindow, uno::UNO_QUERY_THROW ); - - // dispatch provider may not be provided - uno::Reference< frame::XDispatchProvider > xContainerDP = xInplaceClient->getInplaceDispatchProvider(); - bool bOk = m_xDocHolder->ShowInplace( xClientWindowPeer, aRectangleToShow, xContainerDP ); - m_nObjectState = nNextState; - if ( !bOk ) - { - SwitchStateTo_Impl( embed::EmbedStates::RUNNING ); - throw embed::WrongStateException(); //TODO: can't activate inplace - } + SetInplaceActiveState(); } else if ( nNextState == embed::EmbedStates::ACTIVE ) { diff --git a/embeddedobj/source/commonembedding/specialobject.cxx b/embeddedobj/source/commonembedding/specialobject.cxx index 809ffce1f2c4..3dc1eb7e47ef 100644 --- a/embeddedobj/source/commonembedding/specialobject.cxx +++ b/embeddedobj/source/commonembedding/specialobject.cxx @@ -48,6 +48,7 @@ uno::Any SAL_CALL OSpecialEmbeddedObject::queryInterface( const uno::Type& rType uno::Any aReturn = ::cppu::queryInterface( rType, static_cast< embed::XEmbeddedObject* >( this ), static_cast< embed::XInplaceObject* >( this ), + static_cast< embed::XCommonEmbedPersist* >( static_cast< embed::XEmbedPersist* >( this ) ), static_cast< embed::XVisualObject* >( this ), static_cast< embed::XClassifiedObject* >( this ), static_cast< embed::XComponentSupplier* >( this ), @@ -163,6 +164,14 @@ void SAL_CALL OSpecialEmbeddedObject::doVerb( sal_Int32 nVerbID ) OCommonEmbeddedObject::doVerb( nVerbID ); } +void SAL_CALL OSpecialEmbeddedObject::reload( + const uno::Sequence< beans::PropertyValue >&, + const uno::Sequence< beans::PropertyValue >&) +{ + // Allow IFrames to reload their content + SetInplaceActiveState(); +} + OUString SAL_CALL OSpecialEmbeddedObject::getImplementationName() { return "com.sun.star.comp.embed.OSpecialEmbeddedObject"; diff --git a/embeddedobj/source/inc/commonembobj.hxx b/embeddedobj/source/inc/commonembobj.hxx index 785a28eaf0fd..d8f4b17f106c 100644 --- a/embeddedobj/source/inc/commonembobj.hxx +++ b/embeddedobj/source/inc/commonembobj.hxx @@ -237,6 +237,9 @@ private: const css::uno::Sequence< css::beans::PropertyValue >& lArguments, const css::uno::Sequence< css::beans::PropertyValue >& lObjArgs ); +protected: + void SetInplaceActiveState(); + public: OCommonEmbeddedObject( const css::uno::Reference< css::uno::XComponentContext >& rxContext, diff --git a/embeddedobj/source/inc/specialobject.hxx b/embeddedobj/source/inc/specialobject.hxx index 48d1d872a2a2..9ec0d7d86465 100644 --- a/embeddedobj/source/inc/specialobject.hxx +++ b/embeddedobj/source/inc/specialobject.hxx @@ -48,6 +48,12 @@ public: virtual void SAL_CALL doVerb( sal_Int32 nVerbID ) override; +// XCommonEmbedPersist + + virtual void SAL_CALL reload( + const css::uno::Sequence< css::beans::PropertyValue >& lArguments, + const css::uno::Sequence< css::beans::PropertyValue >& lObjArgs ) override; + // XServiceInfo OUString SAL_CALL getImplementationName() override; sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; diff --git a/include/svx/svdoole2.hxx b/include/svx/svdoole2.hxx index ae6ff818bdf6..522bead958e6 100644 --- a/include/svx/svdoole2.hxx +++ b/include/svx/svdoole2.hxx @@ -42,6 +42,7 @@ namespace io { class XInputStream; } namespace svt { class EmbeddedObjectRef; } class SdrOle2ObjImpl; +class SvxOle2Shape; class SVXCORE_DLLPUBLIC SdrOle2Obj : public SdrRectObj { @@ -49,7 +50,7 @@ private: std::unique_ptr<SdrOle2ObjImpl> mpImpl; private: - SVX_DLLPRIVATE void Connect_Impl(); + SVX_DLLPRIVATE void Connect_Impl(SvxOle2Shape* pCreator = nullptr); SVX_DLLPRIVATE void Disconnect_Impl(); SVX_DLLPRIVATE void AddListeners_Impl(); SVX_DLLPRIVATE void RemoveListeners_Impl(); @@ -107,7 +108,7 @@ public: // OLE object has got a separate PersistName member now; // !!! use ::SetPersistName( ... ) only, if you know what you do !!! const OUString& GetPersistName() const; - void SetPersistName( const OUString& rPersistName ); + void SetPersistName( const OUString& rPersistName, SvxOle2Shape* pCreator = nullptr ); // One can add an application name to a SdrOle2Obj, which can be queried for // later on (SD needs this for presentation objects). @@ -152,7 +153,7 @@ public: sal_Int64 nAspect ); static bool Unload( const css::uno::Reference< css::embed::XEmbeddedObject >& xObj, sal_Int64 nAspect ); bool Unload(); - void Connect(); + void Connect(SvxOle2Shape* pCreator = nullptr); void Disconnect(); void ObjectLoaded(); @@ -199,4 +200,14 @@ public: void Connect() { GetRealObject(); } }; +class SVXCORE_DLLPUBLIC SdrIFrameLink final : public sfx2::SvBaseLink +{ + SdrOle2Obj* m_pObject; + +public: + explicit SdrIFrameLink(SdrOle2Obj* pObject); + virtual ::sfx2::SvBaseLink::UpdateResult DataChanged( + const OUString& rMimeType, const css::uno::Any & rValue ) override; +}; + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/include/svx/unoshape.hxx b/include/svx/unoshape.hxx index 3d3d5bea3a9b..aa72f1fdf1b2 100644 --- a/include/svx/unoshape.hxx +++ b/include/svx/unoshape.hxx @@ -606,6 +606,8 @@ public: bool createObject( const SvGlobalName &aClassName ); void createLink( const OUString& aLinkURL ); + + virtual OUString GetAndClearInitialFrameURL(); }; diff --git a/sc/source/ui/docshell/documentlinkmgr.cxx b/sc/source/ui/docshell/documentlinkmgr.cxx index 3652df5cca0a..79a86d08b438 100644 --- a/sc/source/ui/docshell/documentlinkmgr.cxx +++ b/sc/source/ui/docshell/documentlinkmgr.cxx @@ -144,7 +144,7 @@ bool DocumentLinkManager::hasDdeOrOleOrWebServiceLinks(bool bDde, bool bOle, boo sfx2::SvBaseLink* pBase = rLink.get(); if (bDde && dynamic_cast<ScDdeLink*>(pBase)) return true; - if (bOle && dynamic_cast<SdrEmbedObjectLink*>(pBase)) + if (bOle && (dynamic_cast<SdrEmbedObjectLink*>(pBase) || dynamic_cast<SdrIFrameLink*>(pBase))) return true; if (bWebService && dynamic_cast<ScWebServiceLink*>(pBase)) return true; @@ -175,6 +175,13 @@ bool DocumentLinkManager::updateDdeOrOleOrWebServiceLinks(weld::Window* pWin) continue; } + SdrIFrameLink* pIFrameLink = dynamic_cast<SdrIFrameLink*>(pBase); + if (pIFrameLink) + { + pIFrameLink->Update(); + continue; + } + ScWebServiceLink* pWebserviceLink = dynamic_cast<ScWebServiceLink*>(pBase); if (pWebserviceLink) { diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 6c92312b1fad..16750d8da0b3 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -179,31 +179,46 @@ sal_Bool SAL_CALL IFrameObject::load( if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) return false; + bool bUpdateAllowed(true); + if (pDoc) + { + // perhaps should only check for file targets, but lets default to making it strong + // unless there is a known need to distinguish + comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer(); + bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate(); + } + if (!bUpdateAllowed) + return false; + OUString sReferer; if (pDoc && pDoc->HasName()) sReferer = pDoc->GetMedium()->GetName(); - DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); - VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); - VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); - pWin->SetSizePixel( pParent->GetOutputSizePixel() ); - pWin->SetBackground(); - pWin->Show(); - - uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY ); - xFrame->setComponent( xWindow, uno::Reference < frame::XController >() ); + uno::Reference<css::awt::XWindow> xParentWindow(xFrame->getContainerWindow()); - // we must destroy the IFrame before the parent is destroyed - xWindow->addEventListener( this ); - - mxFrame = frame::Frame::create( mxContext ); - uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY ); - mxFrame->initialize( xWin ); - mxFrame->setName( maFrmDescr.GetName() ); - - uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY ); - if ( xFramesSupplier.is() ) - mxFrame->setCreator( xFramesSupplier ); + if (!mxFrame.is()) + { + VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow(xParentWindow); + VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); + pWin->SetSizePixel( pParent->GetOutputSizePixel() ); + pWin->SetBackground(); + pWin->Show(); + + uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY ); + xFrame->setComponent( xWindow, uno::Reference < frame::XController >() ); + + // we must destroy the IFrame before the parent is destroyed + xWindow->addEventListener( this ); + + mxFrame = frame::Frame::create( mxContext ); + uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY ); + mxFrame->initialize( xWin ); + mxFrame->setName( maFrmDescr.GetName() ); + + uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY ); + if ( xFramesSupplier.is() ) + mxFrame->setCreator( xFramesSupplier ); + } uno::Sequence < beans::PropertyValue > aProps{ comphelper::makePropertyValue("PluginMode", sal_Int16(2)), diff --git a/svx/source/svdraw/svdoole2.cxx b/svx/source/svdraw/svdoole2.cxx index 158824b327a0..7ca8a5acc263 100644 --- a/svx/source/svdraw/svdoole2.cxx +++ b/svx/source/svdraw/svdoole2.cxx @@ -69,6 +69,7 @@ #include <sdr/contact/viewcontactofsdrole2obj.hxx> #include <svx/svdograf.hxx> #include <sdr/properties/oleproperties.hxx> +#include <svx/unoshape.hxx> #include <svx/xlineit0.hxx> #include <svx/xlnclit.hxx> #include <svx/xbtmpit.hxx> @@ -593,6 +594,35 @@ void SdrEmbedObjectLink::Closed() SvBaseLink::Closed(); } +SdrIFrameLink::SdrIFrameLink(SdrOle2Obj* pObject) + : ::sfx2::SvBaseLink(::SfxLinkUpdateMode::ONCALL, SotClipboardFormatId::SVXB) + , m_pObject(pObject) +{ + SetSynchron( false ); +} + +::sfx2::SvBaseLink::UpdateResult SdrIFrameLink::DataChanged( + const OUString&, const uno::Any& ) +{ + uno::Reference<embed::XEmbeddedObject> xObject = m_pObject->GetObjRef(); + uno::Reference<embed::XCommonEmbedPersist> xPersObj(xObject, uno::UNO_QUERY); + if (xPersObj.is()) + { + // let the IFrameObject reload the link + try + { + xPersObj->reload(uno::Sequence<beans::PropertyValue>(), uno::Sequence<beans::PropertyValue>()); + } + catch (const uno::Exception&) + { + } + + m_pObject->SetChanged(); + } + + return SUCCESS; +} + class SdrOle2ObjImpl { public: @@ -610,7 +640,7 @@ public: bool mbLoadingOLEObjectFailed:1; // New local var to avoid repeated loading if load of OLE2 fails bool mbConnected:1; - SdrEmbedObjectLink* mpObjectLink; + sfx2::SvBaseLink* mpObjectLink; OUString maLinkURL; rtl::Reference<SvxUnoShapeModifyListener> mxModifyListener; @@ -852,7 +882,7 @@ bool SdrOle2Obj::IsEmpty() const return !mpImpl->mxObjRef.is(); } -void SdrOle2Obj::Connect() +void SdrOle2Obj::Connect(SvxOle2Shape* pCreator) { if( IsEmptyPresObj() ) return; @@ -865,7 +895,7 @@ void SdrOle2Obj::Connect() return; } - Connect_Impl(); + Connect_Impl(pCreator); AddListeners_Impl(); } @@ -964,24 +994,51 @@ void SdrOle2Obj::CheckFileLink_Impl() try { - uno::Reference< embed::XLinkageSupport > xLinkSupport( mpImpl->mxObjRef.GetObject(), uno::UNO_QUERY ); + uno::Reference<embed::XEmbeddedObject> xObject = mpImpl->mxObjRef.GetObject(); + if (!xObject) + return; - if ( xLinkSupport.is() && xLinkSupport->isLink() ) - { - OUString aLinkURL = xLinkSupport->getLinkURL(); + bool bIFrame = false; - if ( !aLinkURL.isEmpty() ) + OUString aLinkURL; + uno::Reference<embed::XLinkageSupport> xLinkSupport(xObject, uno::UNO_QUERY); + if (xLinkSupport) + { + if (xLinkSupport->isLink()) + aLinkURL = xLinkSupport->getLinkURL(); + } + else + { + // get IFrame (Floating Frames) listed and updatable from the + // manage links dialog + SvGlobalName aClassId(xObject->getClassID()); + if (aClassId == SvGlobalName(SO3_IFRAME_CLASSID)) { - // this is a file link so the model link manager should handle it - sfx2::LinkManager* pLinkManager(getSdrModelFromSdrObject().GetLinkManager()); + uno::Reference<beans::XPropertySet> xSet(xObject->getComponent(), uno::UNO_QUERY); + if (xSet.is()) + xSet->getPropertyValue("FrameURL") >>= aLinkURL; + bIFrame = true; + } + } + + if (!aLinkURL.isEmpty()) // this is a file link so the model link manager should handle it + { + sfx2::LinkManager* pLinkManager(getSdrModelFromSdrObject().GetLinkManager()); - if ( pLinkManager ) + if ( pLinkManager ) + { + SdrEmbedObjectLink* pEmbedObjectLink = nullptr; + if (!bIFrame) { - mpImpl->mpObjectLink = new SdrEmbedObjectLink( this ); - mpImpl->maLinkURL = aLinkURL; - pLinkManager->InsertFileLink( *mpImpl->mpObjectLink, sfx2::SvBaseLinkObjectType::ClientOle, aLinkURL ); - mpImpl->mpObjectLink->Connect(); + pEmbedObjectLink = new SdrEmbedObjectLink(this); + mpImpl->mpObjectLink = pEmbedObjectLink; } + else + mpImpl->mpObjectLink = new SdrIFrameLink(this); + mpImpl->maLinkURL = aLinkURL; + pLinkManager->InsertFileLink( *mpImpl->mpObjectLink, sfx2::SvBaseLinkObjectType::ClientOle, aLinkURL ); + if (pEmbedObjectLink) + pEmbedObjectLink->Connect(); } } } @@ -991,7 +1048,7 @@ void SdrOle2Obj::CheckFileLink_Impl() } } -void SdrOle2Obj::Connect_Impl() +void SdrOle2Obj::Connect_Impl(SvxOle2Shape* pCreator) { if(mpImpl->aPersistName.isEmpty() ) return; @@ -1032,6 +1089,17 @@ void SdrOle2Obj::Connect_Impl() } } + if (pCreator) + { + OUString sFrameURL(pCreator->GetAndClearInitialFrameURL()); + if (!sFrameURL.isEmpty() && svt::EmbeddedObjectRef::TryRunningState(mpImpl->mxObjRef.GetObject())) + { + uno::Reference<beans::XPropertySet> xSet(mpImpl->mxObjRef->getComponent(), uno::UNO_QUERY); + if (xSet.is()) + xSet->setPropertyValue("FrameURL", uno::Any(sFrameURL)); + } + } + if ( mpImpl->mxObjRef.is() ) { if ( !mpImpl->mxLightClient.is() ) @@ -1342,14 +1410,14 @@ SdrObjectUniquePtr SdrOle2Obj::getFullDragClone() const return createSdrGrafObjReplacement(false); } -void SdrOle2Obj::SetPersistName( const OUString& rPersistName ) +void SdrOle2Obj::SetPersistName( const OUString& rPersistName, SvxOle2Shape* pCreator ) { DBG_ASSERT( mpImpl->aPersistName.isEmpty(), "Persist name changed!"); mpImpl->aPersistName = rPersistName; mpImpl->mbLoadingOLEObjectFailed = false; - Connect(); + Connect(pCreator); SetChanged(); } diff --git a/svx/source/unodraw/shapeimpl.hxx b/svx/source/unodraw/shapeimpl.hxx index 0ccf22071194..cc7d29f03caf 100644 --- a/svx/source/unodraw/shapeimpl.hxx +++ b/svx/source/unodraw/shapeimpl.hxx @@ -64,8 +64,11 @@ public: virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override; }; + class SvxFrameShape : public SvxOle2Shape { +private: + OUString m_sInitialFrameURL; protected: // override these for special property handling in subcasses. Return true if property is handled virtual bool setPropertyValueImpl( const OUString& rName, const SfxItemPropertyMapEntry* pProperty, const css::uno::Any& rValue ) override; @@ -82,6 +85,8 @@ public: virtual void SAL_CALL setPropertyValues( const css::uno::Sequence< OUString >& aPropertyNames, const css::uno::Sequence< css::uno::Any >& aValues ) override; virtual void Create( SdrObject* pNewOpj, SvxDrawPage* pNewPage ) override; + + virtual OUString GetAndClearInitialFrameURL() override; }; diff --git a/svx/source/unodraw/unoshap4.cxx b/svx/source/unodraw/unoshap4.cxx index 865ce0a3ee5b..7948ce153fec 100644 --- a/svx/source/unodraw/unoshap4.cxx +++ b/svx/source/unodraw/unoshap4.cxx @@ -177,7 +177,7 @@ bool SvxOle2Shape::setPropertyValueImpl( const OUString& rName, const SfxItemPro #else pOle = static_cast<SdrOle2Obj*>(GetSdrObject()); #endif - pOle->SetPersistName( aPersistName ); + pOle->SetPersistName( aPersistName, this ); return true; } break; @@ -498,10 +498,11 @@ void SvxOle2Shape::createLink( const OUString& aLinkURL ) void SvxOle2Shape::resetModifiedState() { - ::comphelper::IEmbeddedHelper* pPersist = GetSdrObject()->getSdrModelFromSdrObject().GetPersist(); + SdrObject* pObject = GetSdrObject(); + ::comphelper::IEmbeddedHelper* pPersist = pObject ? pObject->getSdrModelFromSdrObject().GetPersist() : nullptr; if( pPersist && !pPersist->isEnableSetModified() ) { - SdrOle2Obj* pOle = dynamic_cast< SdrOle2Obj* >( GetSdrObject() ); + SdrOle2Obj* pOle = dynamic_cast< SdrOle2Obj* >(pObject); if( pOle && !pOle->IsEmpty() ) { uno::Reference < util::XModifiable > xMod( pOle->GetObjRef(), uno::UNO_QUERY ); @@ -551,6 +552,11 @@ SvGlobalName SvxOle2Shape::GetClassName_Impl(OUString& rHexCLSID) return aClassName; } +OUString SvxOle2Shape::GetAndClearInitialFrameURL() +{ + return OUString(); +} + SvxAppletShape::SvxAppletShape(SdrObject* pObject) : SvxOle2Shape( pObject, getSvxMapProvider().GetMap(SVXMAP_APPLET), getSvxMapProvider().GetPropertySet(SVXMAP_APPLET, SdrObject::GetGlobalDrawObjectItemPool()) ) { @@ -704,8 +710,19 @@ SvxFrameShape::~SvxFrameShape() noexcept { } +OUString SvxFrameShape::GetAndClearInitialFrameURL() +{ + OUString sRet(m_sInitialFrameURL); + m_sInitialFrameURL.clear(); + return sRet; +} + void SvxFrameShape::Create( SdrObject* pNewObj, SvxDrawPage* pNewPage ) { + uno::Reference<beans::XPropertySet> xSet(static_cast<OWeakObject *>(this), uno::UNO_QUERY); + if (xSet) + xSet->getPropertyValue("FrameURL") >>= m_sInitialFrameURL; + SvxShape::Create( pNewObj, pNewPage ); const SvGlobalName aIFrameClassId( SO3_IFRAME_CLASSID ); createObject(aIFrameClassId); diff --git a/sw/inc/ndole.hxx b/sw/inc/ndole.hxx index 302c9a0a5ebe..15e79f691e64 100644 --- a/sw/inc/ndole.hxx +++ b/sw/inc/ndole.hxx @@ -28,7 +28,7 @@ class SwGrfFormatColl; class SwDoc; class SwOLENode; class SwOLEListener_Impl; -class SwEmbedObjectLink; +namespace sfx2 { class SvBaseLink; } class DeflateData; class SW_DLLPUBLIC SwOLEObj @@ -93,7 +93,7 @@ class SW_DLLPUBLIC SwOLENode final: public SwNoTextNode bool mbOLESizeInvalid; /**< Should be considered at SwDoc::PrtOLENotify (e.g. copied). Is not persistent. */ - SwEmbedObjectLink* mpObjectLink; + sfx2::SvBaseLink* mpObjectLink; OUString maLinkURL; SwOLENode( const SwNodeIndex &rWhere, diff --git a/sw/source/core/ole/ndole.cxx b/sw/source/core/ole/ndole.cxx index d553768db7ce..c7ba5142a9b7 100644 --- a/sw/source/core/ole/ndole.cxx +++ b/sw/source/core/ole/ndole.cxx @@ -150,6 +150,8 @@ void SAL_CALL SwOLEListener_Impl::disposing( const lang::EventObject& ) // TODO/LATER: actually SwEmbedObjectLink should be used here, but because different objects are used to control // embedded object different link objects with the same functionality had to be implemented +namespace { + class SwEmbedObjectLink : public sfx2::SvBaseLink { SwOLENode* m_pOleNode; @@ -212,6 +214,44 @@ void SwEmbedObjectLink::Closed() SvBaseLink::Closed(); } +class SwIFrameLink : public sfx2::SvBaseLink +{ + SwOLENode* m_pOleNode; + +public: + explicit SwIFrameLink(SwOLENode* pNode) + : ::sfx2::SvBaseLink(::SfxLinkUpdateMode::ONCALL, SotClipboardFormatId::SVXB) + , m_pOleNode(pNode) + { + SetSynchron( false ); + } + + ::sfx2::SvBaseLink::UpdateResult DataChanged( + const OUString&, const uno::Any& ) + { + uno::Reference<embed::XEmbeddedObject> xObject = m_pOleNode->GetOLEObj().GetOleRef(); + uno::Reference<embed::XCommonEmbedPersist> xPersObj(xObject, uno::UNO_QUERY); + if (xPersObj.is()) + { + // let the IFrameObject reload the link + try + { + xPersObj->reload(uno::Sequence<beans::PropertyValue>(), uno::Sequence<beans::PropertyValue>()); + } + catch (const uno::Exception&) + { + } + + m_pOleNode->SetChanged(); + } + + return SUCCESS; + } + +}; + +} + SwOLENode::SwOLENode( const SwNodeIndex &rWhere, const svt::EmbeddedObjectRef& xObj, SwGrfFormatColl *pGrfColl, @@ -610,18 +650,49 @@ void SwOLENode::CheckFileLink_Impl() try { - uno::Reference< embed::XLinkageSupport > xLinkSupport( maOLEObj.m_xOLERef.GetObject(), uno::UNO_QUERY_THROW ); - if ( xLinkSupport->isLink() ) + uno::Reference<embed::XEmbeddedObject> xObject = maOLEObj.m_xOLERef.GetObject(); + if (!xObject) + return; + + bool bIFrame = false; + + OUString aLinkURL; + uno::Reference<embed::XLinkageSupport> xLinkSupport(xObject, uno::UNO_QUERY); + if (xLinkSupport) + { + if (xLinkSupport->isLink()) + aLinkURL = xLinkSupport->getLinkURL(); + } + else + { + // get IFrame (Floating Frames) listed and updatable from the + // manage links dialog + SvGlobalName aClassId(xObject->getClassID()); + if (aClassId == SvGlobalName(SO3_IFRAME_CLASSID)) + { + uno::Reference<beans::XPropertySet> xSet(xObject->getComponent(), uno::UNO_QUERY); + if (xSet.is()) + xSet->getPropertyValue("FrameURL") >>= aLinkURL; + bIFrame = true; + } + } + + if (!aLinkURL.isEmpty()) // this is a file link so the model link manager should handle it { - const OUString aLinkURL = xLinkSupport->getLinkURL(); - if ( !aLinkURL.isEmpty() ) + SwEmbedObjectLink* pEmbedObjectLink = nullptr; + if (!bIFrame) + { + pEmbedObjectLink = new SwEmbedObjectLink(this); + mpObjectLink = pEmbedObjectLink; + } + else { - // this is a file link so the model link manager should handle it - mpObjectLink = new SwEmbedObjectLink( this ); - maLinkURL = aLinkURL; - GetDoc().getIDocumentLinksAdministration().GetLinkManager().InsertFileLink( *mpObjectLink, sfx2::SvBaseLinkObjectType::ClientOle, aLinkURL ); - mpObjectLink->Connect(); + mpObjectLink = new SwIFrameLink(this); } + maLinkURL = aLinkURL; + GetDoc().getIDocumentLinksAdministration().GetLinkManager().InsertFileLink( *mpObjectLink, sfx2::SvBaseLinkObjectType::ClientOle, aLinkURL ); + if (pEmbedObjectLink) + pEmbedObjectLink->Connect(); } } catch( uno::Exception& ) diff --git a/xmloff/source/draw/ximpshap.cxx b/xmloff/source/draw/ximpshap.cxx index f2e217243474..ad41b8dcd3ad 100644 --- a/xmloff/source/draw/ximpshap.cxx +++ b/xmloff/source/draw/ximpshap.cxx @@ -3106,10 +3106,36 @@ SdXMLFloatingFrameShapeContext::~SdXMLFloatingFrameShapeContext() { } +uno::Reference<drawing::XShape> SdXMLFloatingFrameShapeContext::CreateFloatingFrameShape() const +{ + uno::Reference<lang::XMultiServiceFactory> xServiceFact(GetImport().GetModel(), uno::UNO_QUERY); + if (!xServiceFact.is()) + return nullptr; + uno::Reference<drawing::XShape> xShape( + xServiceFact->createInstance("com.sun.star.drawing.FrameShape"), uno::UNO_QUERY); + return xShape; +} + void SdXMLFloatingFrameShapeContext::startFastElement (sal_Int32 /*nElement*/, const css::uno::Reference< css::xml::sax::XFastAttributeList >& /*xAttrList*/) { - AddShape("com.sun.star.drawing.FrameShape"); + uno::Reference<drawing::XShape> xShape(SdXMLFloatingFrameShapeContext::CreateFloatingFrameShape()); + + uno::Reference< beans::XPropertySet > xProps(xShape, uno::UNO_QUERY); + // set FrameURL before AddShape, we have to do it again later because it + // gets cleared when the SdrOle2Obj is attached to the XShape. But we want + // FrameURL to exist when AddShape triggers SetPersistName which itself + // triggers SdrOle2Obj::CheckFileLink_Impl and at that point we want to + // know what URL will end up being used. So bodge this by setting FrameURL + // to the temp pre-SdrOle2Obj attached properties and we can smuggle it + // eventually into SdrOle2Obj::SetPersistName at the right point after + // PersistName is set but before SdrOle2Obj::CheckFileLink_Impl is called + // in order to inform the link manager that this is an IFrame that links to + // a URL + if (xProps && !maHref.isEmpty()) + xProps->setPropertyValue("FrameURL", Any(maHref)); + + AddShape(xShape); if( !mxShape.is() ) return; @@ -3119,7 +3145,6 @@ void SdXMLFloatingFrameShapeContext::startFastElement (sal_Int32 /*nElement*/, // set pos, size, shear and rotate SetTransformation(); - uno::Reference< beans::XPropertySet > xProps( mxShape, uno::UNO_QUERY ); if( xProps.is() ) { if( !maFrameName.isEmpty() ) diff --git a/xmloff/source/draw/ximpshap.hxx b/xmloff/source/draw/ximpshap.hxx index 202de49d7bc9..e11f1688e79b 100644 --- a/xmloff/source/draw/ximpshap.hxx +++ b/xmloff/source/draw/ximpshap.hxx @@ -528,6 +528,8 @@ private: OUString maFrameName; OUString maHref; + css::uno::Reference<css::drawing::XShape> CreateFloatingFrameShape() const; + public: SdXMLFloatingFrameShapeContext( SvXMLImport& rImport, commit 15303105f69ca6dcfd04858a44229ed3db06f168 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Tue Apr 11 10:13:37 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:12:02 2023 +0200 set Referer on loading IFrames so tools, options, security, options, "block any links from document not..." applies to their contents. Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150751 Reviewed-by: Stephan Bergmann <sberg...@redhat.com> (cherry picked from commit acff9ca0579333b45d10ae5f8cd48172f563dddd) diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 15e0a7cf5c9c..6c92312b1fad 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -38,6 +38,7 @@ #include <cppuhelper/supportsservice.hxx> #include <officecfg/Office/Common.hxx> #include <svl/itemprop.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/frmdescr.hxx> #include <sfx2/objsh.hxx> #include <sfx2/sfxdlg.hxx> @@ -166,10 +167,11 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); xTrans->parseStrict( aTargetURL ); + uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); + SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); + if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) { - uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); - SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); if (pDoc && !pDoc->AdjustMacroMode()) return false; } @@ -177,6 +179,10 @@ sal_Bool SAL_CALL IFrameObject::load( if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) return false; + OUString sReferer; + if (pDoc && pDoc->HasName()) + sReferer = pDoc->GetMedium()->GetName(); + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); @@ -201,7 +207,8 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Sequence < beans::PropertyValue > aProps{ comphelper::makePropertyValue("PluginMode", sal_Int16(2)), - comphelper::makePropertyValue("ReadOnly", true) + comphelper::makePropertyValue("ReadOnly", true), + comphelper::makePropertyValue("Referer", sReferer) }; uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 ); if ( xDisp.is() ) commit d23b4283457b75fe9029f03e97fe55359d94c6c3 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Tue Apr 18 11:23:39 2023 +0200 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:12:02 2023 +0200 libxml2: upgrade to release 2.10.4 Fixes CVE-2023-29469 and CVE-2023-28484. Also: SAX2: Ignore namespaces in HTML documents which is probably the reason why one test fails, so switch it to parsing XML: HTML parser error : Tag reqif-xhtml:div invalid <reqif-xhtml:div> HTML parser error : Tag reqif-xhtml:table invalid <reqif-xhtml:table cellpadding="2" cellspacing="2"> ... reqif-table.xhtml: C:/cygwin/home/tdf/jenkins/workspace/gerrit_windows/test/source/xmltesttools.cxx:195:testReqIfTable::Import_Export equality assertion failed - Expected: 1 - Actual : 0 - In <file:///C:/cygwin/home/tdf/jenkins/workspace/gerrit_windows/tempdir/lu134607bxu8q.tmp>, XPath '/html/body/div/table/tr/th' number of nodes is incorrect Change-Id: Icc161b39515c996193366bc777a67eca79e4e892 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150544 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit b28fd940ca46828be624679863364b4db89dd38c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150616 Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit f2ed38c23d04d61f135560b67f24805da3e40be9) diff --git a/download.lst b/download.lst index 5be1de7b3226..d456c2d2e071 100644 --- a/download.lst +++ b/download.lst @@ -367,8 +367,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.33.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c -LIBXML_VERSION_MICRO := 3 +LIBXML_SHA256SUM := ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45 +LIBXML_VERSION_MICRO := 4 LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick diff --git a/sw/qa/extras/htmlexport/htmlexport.cxx b/sw/qa/extras/htmlexport/htmlexport.cxx index 51af126b9bb1..382529f00f49 100644 --- a/sw/qa/extras/htmlexport/htmlexport.cxx +++ b/sw/qa/extras/htmlexport/htmlexport.cxx @@ -796,16 +796,24 @@ DECLARE_HTMLEXPORT_TEST(testReqIfJpgImg, "reqif-jpg-img.xhtml") DECLARE_HTMLEXPORT_TEST(testReqIfTable, "reqif-table.xhtml") { - htmlDocUniquePtr pDoc = parseHtml(maTempFile); + SvMemoryStream aStream; + HtmlExportTest::wrapFragment(maTempFile, aStream); + xmlDocUniquePtr pDoc = parseXmlStream(&aStream); CPPUNIT_ASSERT(pDoc); // <div> was missing, so the XHTML fragment wasn't a valid // xhtml.BlkStruct.class type anymore. - assertXPath(pDoc, "/html/body/div/table/tr/th", 1); + assertXPath(pDoc, + "/reqif-xhtml:html/reqif-xhtml:div/reqif-xhtml:table/reqif-xhtml:tr/reqif-xhtml:th", + 1); // Make sure that the cell background is not written using CSS. - assertXPathNoAttribute(pDoc, "/html/body/div/table/tr/th", "style"); + assertXPathNoAttribute( + pDoc, "/reqif-xhtml:html/reqif-xhtml:div/reqif-xhtml:table/reqif-xhtml:tr/reqif-xhtml:th", + "style"); // The attribute was present, which is not valid in reqif-xhtml. - assertXPathNoAttribute(pDoc, "/html/body/div/table/tr/th", "bgcolor"); + assertXPathNoAttribute( + pDoc, "/reqif-xhtml:html/reqif-xhtml:div/reqif-xhtml:table/reqif-xhtml:tr/reqif-xhtml:th", + "bgcolor"); } DECLARE_HTMLEXPORT_TEST(testReqIfTable2, "reqif-table2.odt") commit 925462f732081464c7b1d6c2c8aedd25a296ab43 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Tue Mar 21 10:46:46 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 curl: upgrade to release 8.0.1 Apparently 8.0.0 had a serious regression. Change-Id: Icc761f5e5e01b5d9bebecc13f7cba608f5834f54 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149204 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit e5005c76bd60a004f6025728e794ba3e4d0dfff1) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149112 Tested-by: László Németh <nem...@numbertext.org> Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit f2d935242665774f080bb13a2814988ad615f6e1) diff --git a/download.lst b/download.lst index 32921f0b2ebb..5be1de7b3226 100644 --- a/download.lst +++ b/download.lst @@ -82,8 +82,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc -CURL_TARBALL := curl-8.0.0.tar.xz +CURL_SHA256SUM := 0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0 +CURL_TARBALL := curl-8.0.1.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit db2b5acb2b32ea714ab99a557f2e825469722572 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Mon Mar 20 11:52:22 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 curl: upgrade to release 8.0.0 Fixes CVE-2023-27535. Also hopefully fixes excessive storage consumption during build: o build: drop the use of XC_AMEND_DISTCLEAN [62] Change-Id: I8792e95bc7634ee496488e80fec5a1310b24a31c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149153 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bbe0d0534abe6480c4502ce8fb543a736d3399d8) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149105 Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit 38b54a4d86e05bbbbdbf2a38771395579d1b005a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149108 Tested-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit 383128f262ea7fef7b6e372dc364a32d6cb0a7da) diff --git a/download.lst b/download.lst index 409425556ab3..32921f0b2ebb 100644 --- a/download.lst +++ b/download.lst @@ -82,8 +82,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f -CURL_TARBALL := curl-7.88.1.tar.xz +CURL_SHA256SUM := 759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc +CURL_TARBALL := curl-8.0.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 8b82de800c30c8376039699a6878f9f5b5d39cb2 Author: Samuel Mehrbrodt <samuel.mehrbr...@allotropia.de> AuthorDate: Mon Feb 27 15:27:24 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 Check iframe target for allowed document URLs Change-Id: I00e4192becbc160282a43ab89dcd269f3d1012d8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147919 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@allotropia.de> (cherry picked from commit 288c0920a8475f9f2c537212e04aa7649192ad8c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148229 Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit b19e0a6676b800b9d3c362c722913f1362113006) diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 80e0c4e68457..15e0a7cf5c9c 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -45,6 +45,7 @@ #include <vcl/window.hxx> #include <tools/debug.hxx> #include <macroloader.hxx> +#include <eventsupplier.hxx> using namespace ::com::sun::star; @@ -173,6 +174,9 @@ sal_Bool SAL_CALL IFrameObject::load( return false; } + if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) + return false; + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); diff --git a/sfx2/source/inc/eventsupplier.hxx b/sfx2/source/inc/eventsupplier.hxx index 0bbd11ef1773..303f4dbe5949 100644 --- a/sfx2/source/inc/eventsupplier.hxx +++ b/sfx2/source/inc/eventsupplier.hxx @@ -80,7 +80,6 @@ public: SfxObjectShell* i_document ); static void Execute( css::uno::Any const & aEventData, const css::document::DocumentEvent& aTrigger, SfxObjectShell* pDoc ); -private: /// Check if script URL whitelist exists, and if so, if current script url is part of it static bool isScriptURLAllowed(const OUString& aScriptURL); }; commit 6c49fa1d8fcab59f6b49378c8dbda39d979f6bb2 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Fri Feb 24 17:49:23 2023 +0900 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 postgresql: upgrade to release 13.10 Fixes CVE-2022-41862 Reference: https://www.postgresql.org/support/security/CVE-2022-41862/ Change-Id: I6075838972fec1c091f3150b19c5da4dc80ad6d3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147982 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> Tested-by: Jenkins (cherry picked from commit 98483f4e7850c9bf977a20450a94c1fd144f4402) diff --git a/download.lst b/download.lst index 3810930c7e5d..409425556ab3 100644 --- a/download.lst +++ b/download.lst @@ -488,8 +488,8 @@ POPPLER_DATA_TARBALL := poppler-data-0.4.11.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -POSTGRESQL_SHA256SUM := 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded -POSTGRESQL_TARBALL := postgresql-13.8.tar.bz2 +POSTGRESQL_SHA256SUM := 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 +POSTGRESQL_TARBALL := postgresql-13.10.tar.bz2 # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/postgresql/arm64.patch.1 b/external/postgresql/arm64.patch.1 index 891212b18f5a..90df4fa265e4 100644 --- a/external/postgresql/arm64.patch.1 +++ b/external/postgresql/arm64.patch.1 @@ -28,7 +28,7 @@ diff -ur postgresql.org/src/tools/msvc/MSBuildProject.pm postgresql/src/tools/ms my $includes = $self->{includes}; unless ($includes eq '' or $includes =~ /;$/) -@@ -347,7 +347,6 @@ +@@ -347,7 +346,6 @@ <ProgramDatabaseFile>.\\$cfgname\\$self->{name}\\$self->{name}.pdb</ProgramDatabaseFile> <GenerateMapFile>false</GenerateMapFile> <MapFileName>.\\$cfgname\\$self->{name}\\$self->{name}.map</MapFileName> diff --git a/external/postgresql/postgresql.exit.patch.0 b/external/postgresql/postgresql.exit.patch.0 index bd14d16e0ed6..8eaa1ea52ebb 100644 --- a/external/postgresql/postgresql.exit.patch.0 +++ b/external/postgresql/postgresql.exit.patch.0 @@ -1,7 +1,7 @@ # error: implicitly declaring library function 'exit' with type 'void (int) __attribute__((noreturn))' [-Werror,-Wimplicit-function-declaration] --- configure +++ configure -@@ -16821,6 +16821,7 @@ +@@ -16997,6 +16997,7 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9,7 +9,7 @@ typedef long int ac_int64; /* -@@ -16905,6 +16905,7 @@ +@@ -17081,6 +17082,7 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ commit 6c2b735578df315b0b33ff228c8ce2badda92e2a Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Thu Feb 23 15:31:02 2023 +0900 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 curl: upgrade to release 7.88.1 Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO. Reference: https://curl.se/docs/security.html Change-Id: If9b3fc7c5ce66bfe1027caff39ea2c1cf55df7ad Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147977 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 6074d16b8c631e679a67364837d4ca9799731152) diff --git a/download.lst b/download.lst index 4cd877072a1c..3810930c7e5d 100644 --- a/download.lst +++ b/download.lst @@ -82,8 +82,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff -CURL_TARBALL := curl-7.87.0.tar.xz +CURL_SHA256SUM := 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f +CURL_TARBALL := curl-7.88.1.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 2128849369e7..2e8766b3d45f 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,7 +1,7 @@ diff -ur curl.org/configure curl/configure ---- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 -+++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -28230,7 +28230,12 @@ +--- curl.orig/configure 2023-02-20 16:11:55.000000000 +0900 ++++ curl/configure 2023-02-23 15:40:58.617432471 +0900 +@@ -28675,7 +28675,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" commit acb39a3f4e8155cd41b2a02850f1be5cce05c139 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Fri Dec 30 21:29:58 2022 +0900 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:02:00 2023 +0200 curl: upgrade to release 7.87.0 Fixes CVE-2022-43551 and CVE-2022-43552. https://curl.se/docs/CVE-2022-43551.html https://curl.se/docs/CVE-2022-43552.html Change-Id: I979ed11c212aef226ad9f26420462e5f9dbe15e5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145116 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 181806115a694ade32c7bba1abd9aa931b1a93b9) diff --git a/download.lst b/download.lst index fa2774a6cbf1..4cd877072a1c 100644 --- a/download.lst +++ b/download.lst @@ -82,8 +82,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b -CURL_TARBALL := curl-7.86.0.tar.xz +CURL_SHA256SUM := ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff +CURL_TARBALL := curl-7.87.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index 89c4ff576f85..71ff0c01a028 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,7 +2,7 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -616,4 +616,20 @@ +@@ -654,4 +654,20 @@ # define ENABLE_IPV6 1 #endif diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 5ef25748d7eb..2128849369e7 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,7 +1,7 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -27985,7 +27985,12 @@ +@@ -28230,7 +28230,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b8e242a3aaea..b4442ba262d1 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,6 +1,6 @@ --- configure +++ configure -@@ -22808,7 +22808,6 @@ +@@ -23035,7 +23035,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -8,7 +8,7 @@ # Check whether --with-zlib was given. if test ${with_zlib+y} -@@ -22818,6 +22818,7 @@ +@@ -23045,6 +23044,7 @@ if test "$OPT_ZLIB" = "no" ; then @@ -16,7 +16,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;} else -@@ -22825,6 +825,21 @@ +@@ -23052,6 +23052,21 @@ OPT_ZLIB="" fi @@ -38,7 +38,7 @@ if test -z "$OPT_ZLIB" ; then if test -n "$PKG_CONFIG"; then -@@ -23120,6 +23120,7 @@ +@@ -23344,6 +23359,7 @@ printf "%s\n" "$as_me: found both libz and libz.h header" >&6;} curl_zlib_msg="enabled" fi @@ -48,7 +48,7 @@ if test x"$AMFIXLIB" = x1; then --- configure.ac +++ configure.ac -@@ -1222,19 +1222,30 @@ +@@ -1243,19 +1243,30 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -80,7 +80,7 @@ if test -z "$OPT_ZLIB" ; then CURL_CHECK_PKGCONFIG(zlib) -@@ -1316,6 +1316,7 @@ +@@ -1336,6 +1347,7 @@ AC_MSG_NOTICE([found both libz and libz.h header]) curl_zlib_msg="enabled" fi commit 9093db59fe15f955c162a2472991aeccc2de0a8f Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Tue Feb 21 11:11:42 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 nss: upgrade to release 3.88.1 Fixes CVE-2023-0767 CVE-2022-3479 Change-Id: I688dc7d0785ed3344c33e331c7e9ef37baa720ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147387 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 538975a0e511ad79a7dd3c71300b993d1554cd03) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147360 Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 389cdfa04fbf7bffde6af9e6c87325579e3e136a) diff --git a/download.lst b/download.lst index e9d85014cc96..fa2774a6cbf1 100644 --- a/download.lst +++ b/download.lst @@ -425,8 +425,8 @@ NEON_TARBALL := neon-0.31.2.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -NSS_SHA256SUM := 8b5a2e9e3d632a78ad4d9c8d2ea502d2790d7a8e7b1986d173107232eca27432 -NSS_TARBALL := nss-3.86-with-nspr-4.35.tar.gz +NSS_SHA256SUM := fcfa26d2738ec5b0cf72ab4be784eac832a75132cda2e295799c04d62a93607a +NSS_TARBALL := nss-3.88.1-with-nspr-4.35.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts commit f742b43dbb0b9a66e38f09b3652710b5ecdbc5cb Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Mon Nov 21 23:33:32 2022 +0900 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 nss: upgrade to release 3.86.0 Change-Id: Ia236c7124d920785f7a2856db5ee1ccbef7a2d68 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143038 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit a2969884af71e88d2541bd2bfdebea222876fef4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144068 Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com> (cherry picked from commit d8fc98bf855e197343cca5104a243155b16905d2) diff --git a/download.lst b/download.lst index a3384ab2bb92..e9d85014cc96 100644 --- a/download.lst +++ b/download.lst @@ -425,8 +425,8 @@ NEON_TARBALL := neon-0.31.2.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -NSS_SHA256SUM := b1e1198fa7ee4e0fe4fa6937245c94820fd3c3c6897779493858af1bf6310b30 -NSS_TARBALL := nss-3.83-with-nspr-4.34.1.tar.gz +NSS_SHA256SUM := 8b5a2e9e3d632a78ad4d9c8d2ea502d2790d7a8e7b1986d173107232eca27432 +NSS_TARBALL := nss-3.86-with-nspr-4.35.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 4f8499e8a835..c6e2b8510db0 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -24,7 +24,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.patch \ external/nss/nss.vs2015.pdb.patch \ external/nss/nss.bzmozilla1238154.patch \ - external/nss/nss-bz1646594.patch.1 \ + external/nss/nss-bz1646594.patch.1 \ external/nss/macos-dlopen.patch.0 \ external/nss/nss-restore-manual-pre-dependencies.patch.1 \ $(if $(filter iOS,$(OS)), \ diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1 index ce584a34a3b5..ccabd446ebac 100644 --- a/external/nss/asan.patch.1 +++ b/external/nss/asan.patch.1 @@ -1,7 +1,7 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk --- nss.org/nss/coreconf/Linux.mk 2014-05-06 04:36:01.817838877 +0200 +++ nss/nss/coreconf/Linux.mk 2014-05-06 04:37:25.387835456 +0200 -@@ -146,7 +146,7 @@ +@@ -157,7 +157,7 @@ # we don't use -z defs there. # Also, -z defs conflicts with Address Sanitizer, which emits relocations # against the libsanitizer runtime built into the main executable. diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 index b02fff60e36b..e20aab3b9ff1 100644 --- a/external/nss/clang-cl.patch.0 +++ b/external/nss/clang-cl.patch.0 @@ -14,7 +14,7 @@ #pragma intrinsic(_InterlockedExchange) --- nspr/pr/include/prbit.h +++ nspr/pr/include/prbit.h -@@ -14,7 +14,7 @@ +@@ -15,7 +15,7 @@ */ #if defined(_WIN32) && (_MSC_VER >= 1300) && \ (defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM) || \ @@ -23,7 +23,7 @@ # include <intrin.h> # pragma intrinsic(_BitScanForward,_BitScanReverse) __forceinline static int __prBitScanForward32(unsigned int val) -@@ -32,7 +32,7 @@ +@@ -33,7 +33,7 @@ # define pr_bitscan_ctz32(val) __prBitScanForward32(val) # define pr_bitscan_clz32(val) __prBitScanReverse32(val) # define PR_HAVE_BUILTIN_BITSCAN32 @@ -32,7 +32,7 @@ (defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ defined(__aarch64__)) # define pr_bitscan_ctz32(val) __builtin_ctz(val) -@@ -136,7 +136,7 @@ +@@ -138,7 +138,7 @@ */ #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \ @@ -74,7 +74,7 @@ #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN) --- nss/lib/util/pkcs11n.h +++ nss/lib/util/pkcs11n.h -@@ -426,7 +426,7 @@ +@@ -563,7 +563,7 @@ /* keep the old value for compatibility reasons*/ #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4)) #else @@ -91,7 +91,7 @@ # in the outer pkcs11t.h: --- nss/lib/util/pkcs11t.h +++ nss/lib/util/pkcs11t.h -@@ -72,7 +72,14 @@ +@@ -78,7 +78,14 @@ #define CK_INVALID_HANDLE 0 /* pack */ @@ -106,7 +106,7 @@ typedef struct CK_VERSION { CK_BYTE major; /* integer portion of version number */ -@@ -1795,6 +1802,13 @@ +@@ -2586,6 +2593,13 @@ #include "pkcs11n.h" /* undo packing */ diff --git a/external/nss/macos-dlopen.patch.0 b/external/nss/macos-dlopen.patch.0 index 1889b8df7cd3..e8abc8f59c69 100644 --- a/external/nss/macos-dlopen.patch.0 +++ b/external/nss/macos-dlopen.patch.0 @@ -1,6 +1,6 @@ --- nspr/pr/src/linking/prlink.c +++ nspr/pr/src/linking/prlink.c -@@ -799,7 +799,7 @@ +@@ -555,7 +555,7 @@ * The reason is that DARWIN's dlopen ignores the provided path * and checks for the plain filename in DYLD_LIBRARY_PATH, * which could load an unexpected version of a library. */ diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 index 7eb306a50c32..707fcf99afe0 100644 --- a/external/nss/nss-android.patch.1 +++ b/external/nss/nss-android.patch.1 @@ -1,7 +1,7 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.sub --- nss.org/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 +++ nss/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 -@@ -111,6 +111,11 @@ +@@ -110,6 +110,11 @@ exit 1;; esac @@ -16,7 +16,7 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s diff -ur nss.org/nspr/configure nss/nspr/configure --- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200 +++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200 -@@ -2737,18 +2739,15 @@ +@@ -2728,18 +2728,15 @@ esac AS="$android_toolchain"/bin/"$android_tool_prefix"-as @@ -41,7 +41,7 @@ diff -ur nss.org/nspr/configure nss/nspr/configure diff -ur nss.org/nss/Makefile nss/nss/Makefile --- nss.org/nss/Makefile 2017-09-07 15:29:44.933245745 +0200 +++ nss/nss/Makefile 2017-09-07 15:32:04.347181076 +0200 -@@ -62,7 +62,7 @@ +@@ -65,7 +65,7 @@ ifeq ($(OS_TARGET),Android) NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 86f85a873810..58239f718978 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -1,6 +1,6 @@ --- a/a/nss/Makefile +++ a/a/nss/Makefile -@@ -96,13 +96,11 @@ +@@ -91,13 +91,11 @@ ifdef NS_USE_GCC NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ endif @@ -16,7 +16,7 @@ endif # -@@ -140,7 +140,6 @@ +@@ -140,7 +138,6 @@ build_nspr: $(NSPR_CONFIG_STATUS) $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) @@ -37,7 +37,7 @@ --- a/a/nss/lib/nss/nssinit.c +++ a/a/nss/lib/nss/nssinit.c -@@ -278,6 +278,7 @@ +@@ -275,6 +275,7 @@ const char *secmodprefix, char **retoldpath, char **retnewpath) { @@ -45,7 +45,7 @@ char *path, *oldpath = NULL, *lastsep; int len, path_len, secmod_len, dll_len; -@@ -309,6 +309,10 @@ +@@ -309,6 +310,10 @@ } *retoldpath = oldpath; *retnewpath = path; @@ -58,7 +58,7 @@ --- a/a/nss/lib/pk11wrap/pk11load.c +++ a/a/nss/lib/pk11wrap/pk11load.c -@@ -389,6 +389,8 @@ +@@ -390,6 +390,8 @@ /* * load a new module into our address space and initialize it. */ @@ -67,7 +67,7 @@ SECStatus secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { -@@ -465,6 +465,7 @@ +@@ -468,6 +470,7 @@ /* load the library. If this succeeds, then we have to remember to * unload the library if anything goes wrong from here on out... */ @@ -75,7 +75,7 @@ #if defined(_WIN32) if (nssUTF8_Length(mod->dllName, NULL)) { wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName); -@@ -487,6 +487,11 @@ +@@ -507,6 +510,11 @@ mod->moduleDBFunc = (void *) PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); } @@ -87,7 +87,7 @@ if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE; if ((ientry == NULL) && (fentry == NULL)) { -@@ -624,10 +624,12 @@ +@@ -643,10 +651,12 @@ } fail: mod->functionList = NULL; @@ -124,7 +124,7 @@ PRLibrary *handle; const char *name = getLibName(); -@@ -47,32 +47,42 @@ +@@ -47,32 +48,42 @@ if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); if (address) { @@ -168,7 +168,7 @@ } static const PRCallOnceType pristineCallOnce; -@@ -837,6 +837,7 @@ +@@ -860,6 +871,7 @@ void BL_Unload(void) { @@ -176,7 +176,7 @@ /* This function is not thread-safe, but doesn't need to be, because it is * only called from functions that are also defined as not thread-safe, * namely C_Finalize in softoken, and the SSL bypass shutdown callback called -@@ -852,6 +852,7 @@ +@@ -872,6 +884,7 @@ PR_UnloadLibrary(blLib); #endif } @@ -186,7 +186,7 @@ } --- a/a/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 +++ a/a/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 -@@ -111,6 +111,9 @@ +@@ -110,6 +110,9 @@ exit 1;; esac @@ -198,7 +198,7 @@ IFS="-" read field1 field2 field3 field4 <<EOF --- a/a/nspr/config/autoconf.mk.in +++ a/a/nspr/config/autoconf.mk.in -@@ -67,7 +67,7 @@ +@@ -69,7 +69,7 @@ MSC_VER = @MSC_VER@ AR = @AR@ AR_FLAGS = @AR_FLAGS@ @@ -209,7 +209,7 @@ RC = @RC@ --- a/a/nspr/configure +++ a/a/nspr/configure -@@ -755,7 +755,7 @@ +@@ -2507,7 +2507,7 @@ OBJDIR='$(OBJDIR_NAME)' OBJDIR_NAME=. OBJDIR_SUFFIX=OBJ @@ -218,7 +218,7 @@ NOSUCHFILE=/no-such-file LIBNSPR='-L$(dist_libdir) -lnspr$(MOD_MAJOR_VERSION)' LIBPLC='-L$(dist_libdir) -lplc$(MOD_MAJOR_VERSION)' -@@ -3060,7 +3060,7 @@ +@@ -5571,7 +5571,7 @@ LIB_SUFFIX=a DLL_SUFFIX=so ASM_SUFFIX=s @@ -227,7 +227,7 @@ PR_MD_ASFILES= PR_MD_CSRCS= PR_MD_ARCH_DIR=unix -@@ -3904,7 +3904,7 @@ +@@ -6485,7 +6485,7 @@ DSO_CFLAGS=-fPIC DSO_LDOPTS='-dynamiclib -compatibility_version 1 -current_version 1 -all_load -install_name @__________________________________________________OOO/$@ -headerpad_max_install_names' _OPTIMIZE_FLAGS=-O2 @@ -238,7 +238,7 @@ USE_PTHREADS=1 --- a/a/nss/coreconf/ruleset.mk +++ a/a/nss/coreconf/ruleset.mk -@@ -68,7 +68,7 @@ +@@ -45,7 +45,7 @@ endif ifeq ($(MKPROG),) @@ -249,7 +249,7 @@ # --- a/a/nss/coreconf/Darwin.mk +++ a/a/nss/coreconf/Darwin.mk -@@ -124,7 +124,7 @@ +@@ -116,7 +116,7 @@ DSO_LDOPTS += --coverage endif diff --git a/external/nss/nss-restore-manual-pre-dependencies.patch.1 b/external/nss/nss-restore-manual-pre-dependencies.patch.1 index 06691b1ec957..ea034f0dc80f 100644 --- a/external/nss/nss-restore-manual-pre-dependencies.patch.1 +++ b/external/nss/nss-restore-manual-pre-dependencies.patch.1 @@ -68,7 +68,7 @@ summary: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea ck.h \ --- b/nss/manifest.mn Wed May 13 19:00:40 2020 +0000 +++ a/nss/manifest.mn Tue May 12 21:33:43 2020 +0000 -@@ -23,6 +23,12 @@ +@@ -24,6 +24,12 @@ # no real way to encode these in any sensible way $(MAKE) -C coreconf/nsinstall program $(MAKE) export diff --git a/external/nss/nss-win32-make.patch.1 b/external/nss/nss-win32-make.patch.1 index 7ba3df451ee6..6a3201a082a1 100644 --- a/external/nss/nss-win32-make.patch.1 +++ b/external/nss/nss-win32-make.patch.1 @@ -1,6 +1,6 @@ --- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200 +++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200 -@@ -259,7 +259,7 @@ +@@ -174,7 +174,7 @@ $(LIBRARY): $(OBJS) | $$(@D)/d rm -f $@ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) @@ -9,7 +9,7 @@ else $(AR) cr $@ $(OBJS) endif -@@ -297,7 +297,7 @@ +@@ -214,7 +214,7 @@ ifdef NS_USE_GCC $(LINK_DLL) $(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES) else diff --git a/external/nss/nss.aix.patch b/external/nss/nss.aix.patch index 4b0c6bfb3261..10572f94717a 100644 --- a/external/nss/nss.aix.patch +++ b/external/nss/nss.aix.patch @@ -1,7 +1,7 @@ diff -ru a/nspr/configure b/nspr/configure --- a/a/nspr/configure 2014-09-29 16:47:42.984012225 +0100 +++ b/b/nspr/configure 2014-09-29 16:50:33.907375937 +0100 -@@ -6369,7 +6369,6 @@ +@@ -6325,7 +6325,6 @@ AIX_LINK_OPTS='-brtl -bnso -berok' ;; esac @@ -12,7 +12,7 @@ diff -ru a/nspr/configure b/nspr/configure diff -ru a/nspr/configure.in b/nspr/configure.in --- a/a/nspr/configure.in 2014-09-29 16:46:35.257394860 +0100 +++ b/b/nspr/configure.in 2014-09-29 16:50:33.908375942 +0100 -@@ -1229,7 +1229,8 @@ +@@ -1180,7 +1180,8 @@ AC_DEFINE(XP_UNIX) AC_DEFINE(AIX) AC_DEFINE(SYSV) @@ -22,7 +22,7 @@ diff -ru a/nspr/configure.in b/nspr/configure.in AC_CHECK_HEADER(sys/atomic_op.h, AC_DEFINE(AIX_HAVE_ATOMIC_OP_H)) case "${target_os}" in aix3.2*) -@@ -1269,10 +1270,9 @@ +@@ -1220,10 +1221,9 @@ AC_DEFINE(HAVE_SOCKLEN_T) AC_DEFINE(HAVE_FCNTL_FILE_LOCKING) USE_IPV6=1 @@ -48,7 +48,7 @@ diff -ru a/nspr/pr/src/Makefile.in b/nspr/pr/src/Makefile.in diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk --- a/a/nss/cmd/platlibs.mk 2014-09-29 16:47:42.987012253 +0100 +++ b/b/nss/cmd/platlibs.mk 2014-09-29 16:50:33.910375955 +0100 -@@ -134,7 +134,7 @@ +@@ -171,7 +171,7 @@ $(NULL) ifeq ($(OS_ARCH), AIX) @@ -57,7 +57,7 @@ diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk endif # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) -@@ -180,7 +180,7 @@ +@@ -217,7 +217,7 @@ $(NULL) ifeq ($(OS_ARCH), AIX) diff --git a/external/nss/nss.bzmozilla1238154.patch b/external/nss/nss.bzmozilla1238154.patch index 468ff810b9ca..425f38257892 100644 --- a/external/nss/nss.bzmozilla1238154.patch +++ b/external/nss/nss.bzmozilla1238154.patch @@ -1,7 +1,7 @@ diff -ru a/nspr/configure b/nspr/configure --- a/a/nspr/configure 2019-01-26 12:23:06.589389910 +0100 +++ b/b/nspr/configure 2019-01-26 12:26:56.566222293 +0100 -@@ -7127,7 +7127,7 @@ +@@ -6883,7 +6883,7 @@ # Determine compiler version diff --git a/external/nss/nss.cygwin64.in32bit.patch b/external/nss/nss.cygwin64.in32bit.patch index b00761a0e85b..bce0f1d09403 100644 --- a/external/nss/nss.cygwin64.in32bit.patch +++ b/external/nss/nss.cygwin64.in32bit.patch @@ -3,7 +3,7 @@ on Cygwin 64bit and in 32bit mode diff -ru nss.orig/nss/Makefile nss/nss/Makefile --- a/nss.orig/nss/Makefile 2016-02-26 01:00:52.146713100 +0100 +++ b/nss/nss/Makefile 2016-02-26 01:02:05.303560100 +0100 -@@ -59,6 +59,8 @@ +@@ -63,6 +63,8 @@ # Translate coreconf build options to NSPR configure options. # diff --git a/external/nss/nss.nowerror.patch b/external/nss/nss.nowerror.patch index ff81a9b33539..bdf7a33a874c 100644 --- a/external/nss/nss.nowerror.patch +++ b/external/nss/nss.nowerror.patch @@ -1,7 +1,7 @@ diff -ur nss.org/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk --- a/nss.org/nss/coreconf/WIN32.mk 2016-04-13 11:33:09.322294523 +0200 +++ b/nss/nss/coreconf/WIN32.mk 2016-04-13 11:33:27.744323969 +0200 -@@ -127,7 +127,7 @@ +@@ -121,7 +121,7 @@ -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS ifndef NSS_ENABLE_WERROR diff --git a/external/nss/nss.utf8bom.patch.1 b/external/nss/nss.utf8bom.patch.1 index e8c56abefcde..f474adf6f932 100644 --- a/external/nss/nss.utf8bom.patch.1 +++ b/external/nss/nss.utf8bom.patch.1 @@ -1,7 +1,7 @@ diff -ur nss.org/nss/lib/ckfw/builtins/certdata.perl nss/nss/lib/ckfw/builtins/certdata.perl --- nss.org/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 18:26:07.890190900 +0800 +++ nss/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 19:16:16.727269600 +0800 -@@ -110,6 +110,9 @@ +@@ -122,6 +122,9 @@ sub doprint { my $i; @@ -11,7 +11,7 @@ diff -ur nss.org/nss/lib/ckfw/builtins/certdata.perl nss/nss/lib/ckfw/builtins/c print <<EOD /* THIS IS A GENERATED FILE */ /* This Source Code Form is subject to the terms of the Mozilla Public -@@ -119,6 +122,7 @@ +@@ -131,6 +134,7 @@ #ifndef BUILTINS_H #include "builtins.h" #endif /* BUILTINS_H */ diff --git a/external/nss/nss.vs2015.patch b/external/nss/nss.vs2015.patch index de4f8762fd5b..73cff7c833fb 100644 --- a/external/nss/nss.vs2015.patch +++ b/external/nss/nss.vs2015.patch @@ -1,7 +1,7 @@ diff -ru nss.org/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk --- a/nss.org/nss/coreconf/WIN32.mk 2016-02-12 15:36:18.000000000 +0100 +++ b/nss/nss/coreconf/WIN32.mk 2016-02-26 00:42:43.170809600 +0100 -@@ -199,7 +199,7 @@ +@@ -192,7 +192,7 @@ # Disable C4244: conversion from 'type1' to 'type2', possible loss of data # Disable C4018: 'expression' : signed/unsigned mismatch # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size diff --git a/external/nss/nss.vs2015.pdb.patch b/external/nss/nss.vs2015.pdb.patch index c66940132cdd..3b498f976ac6 100644 --- a/external/nss/nss.vs2015.pdb.patch +++ b/external/nss/nss.vs2015.pdb.patch @@ -1,7 +1,7 @@ diff -ru nss.orig/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk --- a/nss.orig/nss/coreconf/WIN32.mk 2016-03-04 08:30:16.306639400 +0100 +++ b/nss/nss/coreconf/WIN32.mk 2016-03-04 08:31:17.987233200 +0100 -@@ -169,15 +169,15 @@ +@@ -163,15 +163,15 @@ DLLFLAGS += -OUT:$@ ifdef MOZ_DEBUG_SYMBOLS ifdef MOZ_DEBUG_FLAGS diff --git a/external/nss/nss.windows.patch b/external/nss/nss.windows.patch index 901846e7bc1f..27a44045802e 100644 --- a/external/nss/nss.windows.patch +++ b/external/nss/nss.windows.patch @@ -1,6 +1,6 @@ --- a/a/nspr/config/rules.mk 2008-12-03 00:24:39.000000000 +0100 +++ b/b/nspr/config/rules.mk 2009-11-27 13:36:22.662753328 +0100 -@@ -415,7 +415,7 @@ +@@ -423,7 +423,7 @@ ifdef NEED_ABSOLUTE_PATH # The quotes allow absolute paths to contain spaces. @@ -11,7 +11,7 @@ $(OBJDIR)/%.$(OBJ_SUFFIX): %.cpp --- a/a/nss/coreconf/rules.mk 2008-12-03 00:24:39.000000000 +0100 +++ b/b/nss/coreconf/rules.mk 2009-11-27 13:36:22.662753328 +0100 -@@ -386,7 +386,7 @@ +@@ -280,7 +280,7 @@ endif # The quotes allow absolute paths to contain spaces. @@ -22,7 +22,7 @@ ifdef USE_NT_C_SYNTAX --- a/a/nspr/pr/include/md/_win95.h +++ b/b/nspr/pr/include/md/_win95.h -@@ -312,7 +312,7 @@ +@@ -317,7 +317,7 @@ #define _MD_ATOMIC_ADD(ptr,val) (InterlockedExchangeAdd((PLONG)ptr, (LONG)val) + val) #define _MD_ATOMIC_DECREMENT(x) InterlockedDecrement((PLONG)x) #endif /* x86 */ diff --git a/external/nss/nss_macosx.patch b/external/nss/nss_macosx.patch index 1e7599be6133..456bd62d509b 100644 --- a/external/nss/nss_macosx.patch +++ b/external/nss/nss_macosx.patch @@ -1,7 +1,7 @@ diff -ru a/nspr/configure b/nspr/configure --- a/a/nspr/configure 2014-09-29 16:50:33.907375937 +0100 +++ b/b/nspr/configure 2014-09-29 16:51:59.213931947 +0100 -@@ -6453,6 +6453,9 @@ +@@ -6448,6 +6448,9 @@ AS='$(CC) -x assembler-with-cpp' CFLAGS="$CFLAGS -Wall -fno-common" case "${target_cpu}" in @@ -11,7 +11,7 @@ diff -ru a/nspr/configure b/nspr/configure arm*) CPU_ARCH=arm ;; -@@ -6578,7 +6579,7 @@ +@@ -6483,7 +6486,7 @@ DSO_CFLAGS=-fPIC @@ -23,7 +23,7 @@ diff -ru a/nspr/configure b/nspr/configure diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk --- a/a/nss/coreconf/Darwin.mk 2014-09-29 16:50:22.992304799 +0100 +++ b/b/nss/coreconf/Darwin.mk 2014-09-29 16:51:59.214931953 +0100 -@@ -20,13 +24,17 @@ +@@ -20,13 +20,17 @@ ifeq (,$(filter-out i%86,$(CPU_ARCH))) ifdef USE_64 @@ -41,7 +41,7 @@ diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk override CPU_ARCH = x86 endif else -@@ -40,19 +48,20 @@ +@@ -33,19 +37,20 @@ ifeq (arm,$(CPU_ARCH)) # Nothing set for arm currently. else @@ -66,7 +66,7 @@ diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk # GCC <= 3 DARWIN_SDK_FRAMEWORKS = -F$(MACOS_SDK_DIR)/System/Library/Frameworks ifneq (,$(shell find $(MACOS_SDK_DIR)/Library/Frameworks -maxdepth 0)) -@@ -108,7 +120,7 @@ +@@ -108,7 +113,7 @@ # May override this with different compatibility and current version numbers. DARWIN_DYLIB_VERSIONS = -compatibility_version 1 -current_version 1 # May override this with -bundle to create a loadable module. @@ -78,7 +78,7 @@ diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk diff -ru a/nss/Makefile b/nss/Makefile --- a/a/nss/Makefile 2014-09-29 16:50:22.990304789 +0100 +++ b/b/nss/Makefile 2014-09-29 16:51:59.207931908 +0100 -@@ -72,6 +72,9 @@ +@@ -82,6 +82,9 @@ ifeq ($(OS_TARGET),WIN95) NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95 endif diff --git a/external/nss/ubsan.patch.0 b/external/nss/ubsan.patch.0 index 2c32d90b00ce..5f97d3e9d24e 100644 --- a/external/nss/ubsan.patch.0 +++ b/external/nss/ubsan.patch.0 @@ -27,7 +27,7 @@ count * sizeof(lgdbSlotData); data->data = (unsigned char *)PORT_ZAlloc(dataLen); -@@ -327,7 +327,7 @@ +@@ -329,7 +329,7 @@ } if ((encoded->major == LGDB_DB_EXT1_VERSION_MAJOR) && (encoded->minor >= LGDB_DB_EXT1_VERSION_MINOR)) { commit 50adb5b1267c61e9852c19c08f876915fad695a5 Author: Eike Rathke <er...@redhat.com> AuthorDate: Mon Feb 27 16:10:06 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 Always push a result, even if it's only an error PERCENTILE() and QUARTILE() if an error was passed as argument (or an error encountered during obtaining arguments) omitted to push an error result, only setting the error. Fallout from commit f336f63da900d76c2bf6e5690f1c8a7bd15a0aa2 CommitDate: Thu Mar 3 16:28:59 2016 +0000 tdf#94635 Add FORECAST.ETS functions to Calc Change-Id: I23e276fb0ce735cfd6383cc963446499dcf819f4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147922 Reviewed-by: Eike Rathke <er...@redhat.com> Tested-by: Jenkins (cherry picked from commit 64914560e279c71ff1233f4bab851e2a292797e6) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147900 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit da8ca6920b78addc827171f53a42abdd59da9f9c) diff --git a/sc/source/core/tool/interpr3.cxx b/sc/source/core/tool/interpr3.cxx index 8d7ba5ea4952..885db473c9f8 100644 --- a/sc/source/core/tool/interpr3.cxx +++ b/sc/source/core/tool/interpr3.cxx @@ -3466,7 +3466,7 @@ void ScInterpreter::ScPercentile( bool bInclusive ) GetNumberSequenceArray( 1, aArray, false ); if ( aArray.empty() || nGlobalError != FormulaError::NONE ) { - SetError( FormulaError::NoValue ); + PushNoValue(); return; } if ( bInclusive ) @@ -3489,7 +3489,7 @@ void ScInterpreter::ScQuartile( bool bInclusive ) GetNumberSequenceArray( 1, aArray, false ); if ( aArray.empty() || nGlobalError != FormulaError::NONE ) { - SetError( FormulaError::NoValue ); + PushNoValue(); return; } if ( bInclusive ) commit bc057fc44d388bb0c1c0fa40461b213df9861d5f Author: Eike Rathke <er...@redhat.com> AuthorDate: Fri Feb 17 12:03:54 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 Stack check safety belt before fishing in muddy waters Have it hit hard in debug builds. Change-Id: I9ea54844a0661fd7a75616a2876983a74b2d5bad Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147205 Reviewed-by: Eike Rathke <er...@redhat.com> Tested-by: Jenkins (cherry picked from commit 9d91fbba6f374fa1c10b38eae003da89bd4e6d4b) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147245 Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit 166a07062dd4ffedca6106f439a6fcddaeee5eb5) diff --git a/sc/source/core/inc/interpre.hxx b/sc/source/core/inc/interpre.hxx index 322b2e32d5a0..2bad90aa12cb 100644 --- a/sc/source/core/inc/interpre.hxx +++ b/sc/source/core/inc/interpre.hxx @@ -231,6 +231,7 @@ private: inline bool MustHaveParamCount( short nAct, short nMust ); inline bool MustHaveParamCount( short nAct, short nMust, short nMax ); inline bool MustHaveParamCountMin( short nAct, short nMin ); + inline bool MustHaveParamCountMinWithStackCheck( short nAct, short nMin ); void PushParameterExpected(); void PushIllegalParameter(); void PushIllegalArgument(); @@ -1082,6 +1083,17 @@ inline bool ScInterpreter::MustHaveParamCountMin( short nAct, short nMin ) return false; } +inline bool ScInterpreter::MustHaveParamCountMinWithStackCheck( short nAct, short nMin ) +{ + assert(sp >= nAct); + if (sp < nAct) + { + PushParameterExpected(); + return false; + } + return MustHaveParamCountMin( nAct, nMin); +} + inline bool ScInterpreter::CheckStringPositionArgument( double & fVal ) { if (!std::isfinite( fVal)) diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx index 42d6dde67df2..27917500254a 100644 --- a/sc/source/core/tool/interpr1.cxx +++ b/sc/source/core/tool/interpr1.cxx @@ -7524,7 +7524,7 @@ void ScInterpreter::ScVLookup() void ScInterpreter::ScSubTotal() { sal_uInt8 nParamCount = GetByte(); - if ( !MustHaveParamCountMin( nParamCount, 2 ) ) + if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 2 ) ) return; // We must fish the 1st parameter deep from the stack! And push it on top. @@ -7571,7 +7571,7 @@ void ScInterpreter::ScSubTotal() void ScInterpreter::ScAggregate() { sal_uInt8 nParamCount = GetByte(); - if ( !MustHaveParamCountMin( nParamCount, 3 ) ) + if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 3 ) ) return; const FormulaError nErr = nGlobalError; commit c07900133324ecd150c5af2af8192f3f82f9c9b1 Author: Eike Rathke <er...@redhat.com> AuthorDate: Thu Feb 16 20:20:31 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions OR and AND for legacy infix notation are classified as binary operators but in fact are functions with parameter count. In case no argument is supplied, GetByte() returns 0 and for that case the implicit binary operator 2 parameters were wrongly assumed. Similar for functions expecting 1 parameter, without argument 1 was assumed. For "real" unary and binary operators the compiler already checks parameters. Omit OR and AND and 1-parameter functions from this implicit assumption and return the actual 0 count. Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173 Reviewed-by: Eike Rathke <er...@redhat.com> Tested-by: Jenkins (cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129 Reviewed-by: Caolán McNamara <caol...@redhat.com> (cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49) diff --git a/formula/source/core/api/token.cxx b/formula/source/core/api/token.cxx index a7d44f897a24..6e50ca011983 100644 --- a/formula/source/core/api/token.cxx +++ b/formula/source/core/api/token.cxx @@ -93,17 +93,14 @@ sal_uInt8 FormulaToken::GetParamCount() const return 0; // parameters and specials // ocIf... jump commands not for FAP, have cByte then //2do: bool parameter whether FAP or not? - else if ( GetByte() ) + else if (GetByte()) return GetByte(); // all functions, also ocExternal and ocMacro - else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP) - return 2; // binary - else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP) - || eOp == ocPercentSign) - return 1; // unary + else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP && eOp != ocAnd && eOp != ocOr) + return 2; // binary operators, compiler checked; OR and AND legacy but are functions + else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP) || eOp == ocPercentSign) + return 1; // unary operators, compiler checked else if (SC_OPCODE_START_NO_PAR <= eOp && eOp < SC_OPCODE_STOP_NO_PAR) return 0; // no parameter - else if (SC_OPCODE_START_1_PAR <= eOp && eOp < SC_OPCODE_STOP_1_PAR) - return 1; // one parameter else if (FormulaCompiler::IsOpCodeJumpCommand( eOp )) return 1; // only the condition counts as parameter else diff --git a/sc/source/core/tool/interpr4.cxx b/sc/source/core/tool/interpr4.cxx index f0dee4b21b63..d9ea8acd5c8e 100644 --- a/sc/source/core/tool/interpr4.cxx +++ b/sc/source/core/tool/interpr4.cxx @@ -4011,7 +4011,15 @@ StackVar ScInterpreter::Interpret() else if (sp >= pCur->GetParamCount()) nStackBase = sp - pCur->GetParamCount(); else - nStackBase = sp; // underflow?!? + { + SAL_WARN("sc.core", "Stack anomaly at " << aPos.Format( + ScRefFlags::VALID | ScRefFlags::FORCE_DOC | ScRefFlags::TAB_3D, &mrDoc) + << " eOp: " << static_cast<int>(eOp) + << " params: " << static_cast<int>(pCur->GetParamCount()) + << " nStackBase: " << nStackBase << " sp: " << sp); + nStackBase = sp; + assert(!"underflow"); + } } switch( eOp ) commit c3675ee7f592f9c0ec23bc4c7fcf3cf16216e92f Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Feb 13 13:56:10 2023 +0000 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 14:01:59 2023 +0200 disable script dump Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit 448f8729bbf42b4fe9019e4886e7cef136d3a7b8) diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx b/connectivity/source/drivers/hsqldb/HDriver.cxx index 962e574879cf..198f6cebf396 100644 --- a/connectivity/source/drivers/hsqldb/HDriver.cxx +++ b/connectivity/source/drivers/hsqldb/HDriver.cxx @@ -290,6 +290,37 @@ namespace connectivity } // if ( xStream.is() ) ::comphelper::disposeComponent(xStream); } + + // disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces + // in that bundled hsqldb 1.8.0 is patched to also reject them) + // + // hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data + // which seems to provide a builtin way to do this with contemporary hsqldb + static const OUStringLiteral sScript(u"script"); + if (!bIsNewDatabase && xStorage->isStreamElement(sScript)) + { + Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ); + if (xStream.is()) + { + std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream)); + if (pStream) + { + OString sLine; + while (pStream->ReadLine(sLine)) + { + OString sText = sLine.trim(); + if (sText.startsWithIgnoreAsciiCase("SCRIPT")) + { + ::connectivity::SharedResources aResources; + sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath); + break; + } + } + } + } // if ( xStream.is() ) + ::comphelper::disposeComponent(xStream); + } + } catch(Exception&) { diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk b/external/hsqldb/UnpackedTarball_hsqldb.mk index cbba770f19a0..ed262cccf4ca 100644 --- a/external/hsqldb/UnpackedTarball_hsqldb.mk +++ b/external/hsqldb/UnpackedTarball_hsqldb.mk @@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\ external/hsqldb/patches/jdbc-4.1.patch \ external/hsqldb/patches/multipleResultSets.patch \ ) \ + external/hsqldb/patches/disable-dump-script.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/hsqldb/patches/disable-dump-script.patch b/external/hsqldb/patches/disable-dump-script.patch new file mode 100644 index 000000000000..401dd38abc9a --- /dev/null +++ b/external/hsqldb/patches/disable-dump-script.patch @@ -0,0 +1,14 @@ +--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 11:08:11.297243034 +0000 ++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 13:49:17.973089433 +0000 +@@ -403,6 +403,11 @@ + throw Trace.error(Trace.INVALID_IDENTIFIER); + } + ++ // added condition to avoid execution of spurious command in .script or .log file ++ if (session.isProcessingScript() || session.isProcessingLog()) { ++ return new Result(ResultConstants.UPDATECOUNT); ++ } ++ + dsw = new ScriptWriterText(database, token, true, true, true); + + dsw.writeAll(); commit 6adbba78df74a13c65c7d3d808b45b9c208f997b Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Feb 8 12:11:24 2023 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 13:34:38 2023 +0200 openssl: upgrade to release 1.1.1t Fixes CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 Change-Id: I93ce0362b17bd07b0644564a0676daaa56bc8b50 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146653 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> (cherry picked from commit f9229fdadbd205a8953577efc72a6e43717c764e) diff --git a/download.lst b/download.lst index 40c99b598997..a3384ab2bb92 100644 --- a/download.lst +++ b/download.lst @@ -451,8 +451,8 @@ OPENLDAP_TARBALL := openldap-2.4.59.tgz # three static lines # so that git cherry-pick # will not run into conflicts -OPENSSL_SHA256SUM := d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca -OPENSSL_TARBALL := openssl-1.1.1q.tar.gz +OPENSSL_SHA256SUM := 8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b +OPENSSL_TARBALL := openssl-1.1.1t.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts commit 4c3ecfcd68477083fbb639451868a2857fa8702d Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Tue May 9 13:11:55 2023 +0200 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Tue May 9 13:34:37 2023 +0200 add three static lines beween tarballs to ease cherry-picking Change-Id: I0cac71673666e3d34708a9258c674d453475c0b1 diff --git a/download.lst b/download.lst index 2e492a942b2e..40c99b598997 100644 --- a/download.lst +++ b/download.lst @@ -5,117 +5,273 @@ ABW_SHA256SUM := e763a9dc21c3d2667402d66e202e3f8ef4db51b34b79ef41f56cacb86dcd6eed ABW_TARBALL := libabw-0.1.3.tar.xz +# three static lines +# so that git cherry-pick +# will not run into conflicts APR_SHA256SUM := 1af06e1720a58851d90694a984af18355b65bb0d047be03ec7d659c746d6dbdb APR_TARBALL := apr-1.5.2.tar.gz APR_UTIL_SHA256SUM := 976a12a59bc286d634a21d7be0841cc74289ea9077aa1af46be19d1a6e844c19 APR_UTIL_TARBALL := apr-util-1.5.4.tar.gz +# three static lines +# so that git cherry-pick +# will not run into conflicts # please repack the tarball using external/boost/repack_tarball.sh BOOST_SHA256SUM := 9b334d6c6d7af5a0687280788cd84444398b8e0b472cd88e52bbc3c3ef11d98e BOOST_TARBALL := boost_1_77_0.tar.xz +# three static lines +# so that git cherry-pick +# will not run into conflicts BOX2D_SHA256SUM := 58ffc8475a8650aadc351345aef696937747b40501ab78d72c197c5ff5b3035c BOX2D_TARBALL := box2d-2.3.1.tar.gz +# three static lines +# so that git cherry-pick +# will not run into conflicts BREAKPAD_SHA256SUM := c44a2e898895cfc13b42d2371ba4b88b0777d7782214d6cdc91c33720f3b0d91 BREAKPAD_TARBALL := breakpad-b324760c7f53667af128a6b77b790323da04fcb9.tar.xz +# three static lines +# so that git cherry-pick +# will not run into conflicts BSH_SHA256SUM := 9e93c73e23aff644b17dfff656444474c14150e7f3b38b19635e622235e01c96 BSH_TARBALL := beeca87be45ec87d241ddd0e1bad80c1-bsh-2.0b6-src.zip +# three static lines +# so that git cherry-pick +# will not run into conflicts BZIP2_SHA256SUM := ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269 BZIP2_TARBALL := bzip2-1.0.8.tar.gz +# three static lines +# so that git cherry-pick +# will not run into conflicts CAIRO_SHA256SUM := 74b24c1ed436bbe87499179a3b27c43f4143b8676d8ad237a6fa787401959705 CAIRO_VERSION_MICRO := 4 CAIRO_TARBALL := cairo-1.17.$(CAIRO_VERSION_MICRO).tar.xz +# three static lines +# so that git cherry-pick +# will not run into conflicts CDR_SHA256SUM := 5666249d613466b9aa1e987ea4109c04365866e9277d80f6cd9663e86b8ecdd4 CDR_TARBALL := libcdr-0.1.7.tar.xz +# three static lines +# so that git cherry-pick +# will not run into conflicts CLUCENE_SHA256SUM := ddfdc433dd8ad31b5c5819cc4404a8d2127472a3b720d3e744e8c51d79732eab CLUCENE_TARBALL := 48d647fbd8ef8889e5a7f422c1bfda94-clucene-core-2.3.3.4.tar.gz +# three static lines +# so that git cherry-pick +# will not run into conflicts DTOA_SHA256SUM := 0082d0684f7db6f62361b76c4b7faba19e0c7ce5cb8e36c4b65fea8281e711b4 DTOA_TARBALL := dtoa-20180411.tgz +# three static lines +# so that git cherry-pick +# will not run into conflicts LIBCMIS_SHA256SUM := d7b18d9602190e10d437f8a964a32e983afd57e2db316a07d87477a79f5000a2 LIBCMIS_TARBALL := libcmis-0.5.2.tar.xz +# three static lines +# so that git cherry-pick ... etc. - the rest is truncated