RepositoryExternal.mk | 2 configure.ac | 2 download.lst | 4 external/icu/UnpackedTarball_icu.mk | 1 external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 | 118 ++++++++++ external/python3/ExternalProject_python3.mk | 6 external/python3/UnpackedTarball_python3.mk | 1 external/python3/python-3.3.5-pyexpat-symbols.patch.1 | 28 -- shell/source/win32/SysShExec.cxx | 6 9 files changed, 129 insertions(+), 39 deletions(-)
New commits: commit 85739a186d0089c18e97aa7ac2075d3f74b79e04 Author: Michael Stahl <[email protected]> AuthorDate: Tue Mar 24 10:48:04 2020 +0100 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 20:46:19 2021 +0200 icu: add patch to fix CVE-2020-10531 Change-Id: I0aca4af1bd79f28bf1c920a4d05e80948106aaac Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90971 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 002d1152dc418f7d624409e76cd9d4ac0b42c7f8) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90975 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit 63b573faf984875cda7a879e696ea75fae81df57) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90988 diff --git a/external/icu/UnpackedTarball_icu.mk b/external/icu/UnpackedTarball_icu.mk index 9e5f7974a700..a5416b7ee078 100644 --- a/external/icu/UnpackedTarball_icu.mk +++ b/external/icu/UnpackedTarball_icu.mk @@ -39,6 +39,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\ external/icu/gcc9.patch \ external/icu/char8_t.patch \ external/icu/CVE-2018-18928.patch.2 \ + external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 \ )) $(eval $(call gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict)) diff --git a/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 new file mode 100644 index 000000000000..07b3db6774be --- /dev/null +++ b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 @@ -0,0 +1,118 @@ +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang <[email protected]> +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 +--- + icu4c/source/common/unistr.cpp | 6 ++- + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ + icu4c/source/test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp +index 901bb3358ba..077b4d6ef20 100644 +--- a/icu4c/source/common/unistr.cpp ++++ b/icu4c/source/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp +index b6515ea813c..ad38bdf53a3 100644 +--- a/icu4c/source/test/intltest/ustrtest.cpp ++++ b/icu4c/source/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h +index 218befdcc68..4a356a92c7a 100644 +--- a/icu4c/source/test/intltest/ustrtest.h ++++ b/icu4c/source/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest { + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif commit 75a897274ac847c0a8c7185f96c3fdd9e5703c5d Author: Stephan Bergmann <[email protected]> AuthorDate: Wed Jan 15 17:16:02 2020 +0100 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 20:45:59 2021 +0200 Remove a fragment from a file URL early on ...as ShellExecuteExW would ignore it anyway Change-Id: I969db094bb7d2ea230ac8c36eb23d71a90fbe466 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86868 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 14b36a16b225bf7c988f118d499a7287c47cd83e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86877 Reviewed-by: Mike Kaganski <[email protected]> diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx index 6948ee34b490..00384b8bd235 100644 --- a/shell/source/win32/SysShExec.cxx +++ b/shell/source/win32/SysShExec.cxx @@ -302,6 +302,7 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa static_cast< XSystemShellExecute* >( this ), 3 ); + OUString preprocessed_command(aCommand); if ((nFlags & URIS_ONLY) != 0) { css::uno::Reference< css::uri::XUriReference > uri( @@ -315,8 +316,10 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa static_cast< cppu::OWeakObject * >(this), 0); } if (uri->getScheme().equalsIgnoreAsciiCase("file")) { + // ShellExecuteExW appears to ignore the fragment of a file URL anyway, so remove it: + uri->clearFragment(); + preprocessed_command = uri->getUriReference(); OUString pathname; - uri->clearFragment(); // getSystemPathFromFileURL fails for URLs with fragment auto const e1 = osl::FileBase::getSystemPathFromFileURL(uri->getUriReference(), pathname); if (e1 != osl::FileBase::E_None) { @@ -439,7 +442,6 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa and names no existing file (remember the jump mark sign '#' is a valid file name character we remove the jump mark, else ShellExecuteEx fails */ - OUString preprocessed_command(aCommand); if (is_system_path(preprocessed_command)) { if (has_jump_mark(preprocessed_command) && !is_existing_file(preprocessed_command)) commit 1da0f80f7717ccf8bc36a1f366ac957c0d16e9f8 Author: Michael Stahl <[email protected]> AuthorDate: Mon Nov 18 18:45:46 2019 +0100 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 20:45:21 2021 +0200 python3: upgrade to release 3.5.9 Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056 and expat CVE-2019-15903. python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a mystery why --with-system-expat is used everywhere but on MacOSX, where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no obvious reason, so try to remove the special case and get rid of the patch. Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96 Reviewed-on: https://gerrit.libreoffice.org/83117 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076) Reviewed-on: https://gerrit.libreoffice.org/83189 Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/configure.ac b/configure.ac index a60bef2d6124..fd2fda691e95 100644 --- a/configure.ac +++ b/configure.ac @@ -8449,7 +8449,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=5 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.9 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index 3840aa7ffdca..48f0e39f77c7 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f export POPPLER_TARBALL := poppler-21.01.0.tar.xz export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2 -export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc -export PYTHON_TARBALL := Python-3.5.7.tar.xz +export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 +export PYTHON_TARBALL := Python-3.5.9.tar.xz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c export QXP_TARBALL := libqxp-0.0.2.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk index 7e9952ac6cc7..7eef2ce179f6 100644 --- a/external/python3/ExternalProject_python3.mk +++ b/external/python3/ExternalProject_python3.mk @@ -44,9 +44,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : else -# this was added in 2004, hopefully is obsolete now (and why only intel anyway)? $(if $(filter SOLARIS-INTEL,$(OS)$(CPUNAME)),--disable-ipv6) - -# --with-system-expat: this should find the one in the solver (or system) +# --with-system-expat: this should find the one in the workdir (or system) # create a symlink "LO_lib" because the .so are in a directory with platform # specific name like build/lib.linux-x86_64-3.3 @@ -68,7 +66,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(ENABLE_VALGRIND),--with-valgrind) \ --prefix=/python-inst \ - $(if $(filter MACOSX,$(OS)),,--with-system-expat) \ + --with-system-expat \ $(if $(filter AIX,$(OS)), \ --disable-ipv6 --with-threads OPT="-g0 -fwrapv -O3 -Wall", \ $(if $(gb_Module_CURRENTMODULE_DEBUG_ENABLED), \ diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index 07ff3b6f2ced..0bb80810796f 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/python-3.5.4-msvc-disable.patch.1 \ external/python3/python-3.3.0-pythreadstate.patch.1 \ external/python3/python-3.3.0-clang.patch.1 \ - external/python3/python-3.3.5-pyexpat-symbols.patch.1 \ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \ diff --git a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 b/external/python3/python-3.3.5-pyexpat-symbols.patch.1 deleted file mode 100644 index c04c78cf36e7..000000000000 --- a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 +++ /dev/null @@ -1,28 +0,0 @@ -HACK: Fix build breakage on MacOS: - -*** WARNING: renaming "pyexpat" since importing it failed: dlopen(build/lib.macosx-10.6-i386-3.3/pyexpat.so, 2): Symbol not found: _XML_ErrorString - -This reverts c242a8f30806 from the python hg repo: - -restore namespacing of pyexpat symbols (closes #19186) - - -See http://bugs.python.org/issue19186#msg214069 - -The recommendation to include Modules/inc at first broke the Linux build... - -So do it this way, as it was before. Needs some realignment later. - ---- python3/Modules/expat/expat_external.h -+++ python3/Modules/expat/expat_external.h -@@ -7,10 +7,6 @@ - - /* External API definitions */ - --/* Namespace external symbols to allow multiple libexpat version to -- co-exist. */ --#include "pyexpatns.h" -- - #if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__) - #define XML_USE_MSC_EXTENSIONS 1 - #endif commit 872f34ee115349a1866dc72f61d5f90311b90439 Author: Stephan Bergmann <[email protected]> AuthorDate: Thu Jan 7 10:15:51 2021 +0100 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 20:44:45 2021 +0200 openssl_headers depends on generated opensslconf.h ...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can be seen with failed builds like <https://ci.libreoffice.org//job/lo_tb_master_mac/35209>: [...] > [build PAT] openssl > [build C ] UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c > [build C ] UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c > [build DEP] LNK:Library/libclucene.dylib > [build LNK] Library/libclucene.dylib > In file included from /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21: > /Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11: fatal error: 'openssl/opensslconf.h' file not found > # include <openssl/opensslconf.h> > ^~~~~~~~~~~~~~~~~~~~~~~ > 1 error generated. Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26) diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index 041ad56f18bd..f668abd69592 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -1551,7 +1551,7 @@ $(call gb_ExternalProject_use_package,$(1),openssl) endef define gb_LinkTarget__use_openssl_headers -$(call gb_LinkTarget_use_external_project,$(1),openssl) +$(call gb_LinkTarget_use_external_project,$(1),openssl,full) $(call gb_LinkTarget_set_include,$(1),\ -I$(call gb_UnpackedTarball_get_dir,openssl)/include \ $$(INCLUDE) \
