download.lst | 32 +- external/expat/expat-winapi.patch | 15 - external/graphite/StaticLibrary_graphite.mk | 4 external/graphite/UnpackedTarball_graphite.mk | 8 external/graphite/graphite2.issue1115.patch.1 | 22 - external/graphite/graphite2.win64.patch.1 | 60 ----- external/graphite/ubsan.patch | 62 ----- external/icu/UnpackedTarball_icu.mk | 2 external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 | 94 ++++++++ external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 | 39 +++ external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk | 1 external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 | 38 +++ external/libxslt/UnpackedTarball_libxslt.mk | 1 external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69 ------ external/libxslt/rpath.patch.0 | 2 external/nss/ExternalProject_nss.mk | 1 external/nss/UnpackedTarball_nss.mk | 4 external/nss/nss-android.patch.1 | 6 external/nss/nss-ios.patch | 112 ---------- sw/qa/unit/sw-dialogs-test.cxx | 1 sw/qa/unit/sw-dialogs-test_2.cxx | 1 xmlsecurity/inc/xmlsec-wrapper.h | 4 xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 4 xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4 24 files changed, 217 insertions(+), 369 deletions(-)
New commits: commit 4ffb983bf7ffd80853938e4324e8ee49e5f5807d Author: Michael Stahl <[email protected]> AuthorDate: Mon Feb 21 11:33:21 2022 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 16:20:07 2022 +0200 libxml2: upgrade to release 2.9.13 Fixes CVE-2022-23308 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130259 Reviewed-by: Xisco Fauli <[email protected]> Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5 diff --git a/download.lst b/download.lst index c46bf6dc0d57..cec3e30ecf3c 100644 --- a/download.lst +++ b/download.lst @@ -156,9 +156,9 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304 export LIBTOMMATH_TARBALL := ltm-1.0.zip export XMLSEC_SHA256SUM := 97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6 export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz -export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92 -export LIBXML_VERSION_MICRO := 12 -export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz +export LIBXML_SHA256SUM := 276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e +export LIBXML_VERSION_MICRO := 13 +export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.xz export LIBXSLT_SHA256SUM := 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 export LIBXSLT_VERSION_MICRO := 35 export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz commit 419cc6c48f6cd942081ee5d6e8f267ab4925c21a Author: Caolán McNamara <[email protected]> AuthorDate: Sat Feb 19 16:53:58 2022 +0000 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 16:02:13 2022 +0200 upgrade to expat 2.4.6 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130157 Reviewed-by: Michael Stahl <[email protected]> Reviewed-by: Xisco Fauli <[email protected]> Reviewed-by: Christian Lohmaier <[email protected]> Tested-by: Christian Lohmaier <[email protected]> diff --git a/download.lst b/download.lst index b5912d3afd58..c46bf6dc0d57 100644 --- a/download.lst +++ b/download.lst @@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a export ETONYEK_VERSION_MICRO := 9 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz -export EXPAT_SHA256SUM := 5963005ff8720735beb2d2db669afc681adcbcb43dd1eb397d5c2dd7adbc631f -export EXPAT_TARBALL := expat-2.4.4.tar.gz +export EXPAT_SHA256SUM := de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b +export EXPAT_TARBALL := expat-2.4.6.tar.xz export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017 commit 42ec5f7ce3d947b0b2e3f4d6076a955e5b2a29ef Author: Michael Stahl <[email protected]> AuthorDate: Thu Feb 17 11:04:01 2022 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 15:56:10 2022 +0200 libxslt: upgrade to release 1.1.35 Fixes CVE-2021-30560 Change-Id: I334662ddc40955780321133be9aee23858e04dc1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130023 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit d74fbedd96c9563e1f6bb245dc7e136b30bc5e84) diff --git a/download.lst b/download.lst index 065748d9d99e..b5912d3afd58 100644 --- a/download.lst +++ b/download.lst @@ -159,9 +159,9 @@ export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92 export LIBXML_VERSION_MICRO := 12 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz -export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f -export LIBXSLT_VERSION_MICRO := 34 -export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz +export LIBXSLT_SHA256SUM := 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 +export LIBXSLT_VERSION_MICRO := 35 +export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz export LPSOLVE_SHA256SUM := 171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695 export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz export LXML_SHA256SUM := 940caef1ec7c78e0c34b0f6b94fe42d0f2022915ffc78643d28538a5cfd0f40e diff --git a/external/libxslt/UnpackedTarball_libxslt.mk b/external/libxslt/UnpackedTarball_libxslt.mk index b035e99f0a79..eae318ef74b9 100644 --- a/external/libxslt/UnpackedTarball_libxslt.mk +++ b/external/libxslt/UnpackedTarball_libxslt.mk @@ -19,7 +19,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\ external/libxslt/libxslt-msvc.patch.2 \ external/libxslt/libxslt-1.1.26-memdump.patch \ external/libxslt/rpath.patch.0 \ - external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 deleted file mode 100644 index f82c2e4f77ee..000000000000 --- a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 +++ /dev/null @@ -1,69 +0,0 @@ -From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001 -From: Chun-wei Fan <[email protected]> -Date: Tue, 12 Nov 2019 17:37:05 +0800 -Subject: [PATCH] win32: Add configuration for profiler - -Without this the generated xsltconfig.h will not be complete as there -will be a configuration variable that is left in the header, breaking -builds. - -This will allow one to enable or disable profiler support in Windows -builds, and the default is to enable this. ---- - win32/configure.js | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/win32/configure.js b/win32/configure.js -index 56694cce..12c99f30 100644 ---- a/win32/configure.js -+++ b/win32/configure.js -@@ -47,6 +47,7 @@ var withIconv = true; - var withZlib = false; - var withCrypto = true; - var withModules = false; -+var withProfiler = true; - /* Win32 build options. */ - var dirSep = "\\"; - var compiler = "msvc"; -@@ -106,6 +107,7 @@ function usage() - txt += " zlib: Use zlib library (" + (withZlib? "yes" : "no") + ")\n"; - txt += " crypto: Enable Crypto support (" + (withCrypto? "yes" : "no") + ")\n"; - txt += " modules: Enable Module support (" + (withModules? "yes" : "no") + ")\n"; -+ txt += " profiler: Enable Profiler support (" + (withProfiler? "yes" : "no") + ")\n"; - txt += "\nWin32 build options, default value given in parentheses:\n\n"; - txt += " compiler: Compiler to be used [msvc|mingw] (" + compiler + ")\n"; - txt += " cruntime: C-runtime compiler option (only msvc) (" + cruntime + ")\n"; -@@ -192,6 +194,7 @@ function discoverVersion() - vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0")); - vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0")); - vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0")); -+ vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0")); - vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0")); - vf.WriteLine("STATIC=" + (buildStatic? "1" : "0")); - vf.WriteLine("PREFIX=" + buildPrefix); -@@ -240,6 +243,8 @@ function configureXslt() - of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/, withDebugger? "1" : "0")); - } else if (s.search(/\@WITH_MODULES\@/) != -1) { - of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules? "1" : "0")); -+ } else if (s.search(/\@WITH_PROFILER\@/) != -1) { -+ of.WriteLine(s.replace(/\@WITH_PROFILER\@/, withProfiler? "1" : "0")); - } else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) { - of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL")); - } else -@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) { - withCrypto = strToBool(arg.substring(opt.length + 1, arg.length)); - else if (opt == "modules") - withModules = strToBool(arg.substring(opt.length + 1, arg.length)); -+ else if (opt == "profiler") -+ withProfiler = strToBool(arg.substring(opt.length + 1, arg.length)); - else if (opt == "compiler") - compiler = arg.substring(opt.length + 1, arg.length); - else if (opt == "cruntime") -@@ -477,6 +484,7 @@ txtOut += " Use iconv: " + boolToStr(withIconv) + "\n"; - txtOut += " With zlib: " + boolToStr(withZlib) + "\n"; - txtOut += " Crypto: " + boolToStr(withCrypto) + "\n"; - txtOut += " Modules: " + boolToStr(withModules) + "\n"; -+txtOut += " Profiler: " + boolToStr(withProfiler) + "\n"; - txtOut += "\n"; - txtOut += "Win32 build configuration\n"; - txtOut += "-------------------------\n"; diff --git a/external/libxslt/rpath.patch.0 b/external/libxslt/rpath.patch.0 index 78c4859251df..798bccec750e 100644 --- a/external/libxslt/rpath.patch.0 +++ b/external/libxslt/rpath.patch.0 @@ -7,4 +7,4 @@ +hardcode_libdir_flag_spec= ;; - netbsd*) + netbsd* | netbsdelf*-gnu) commit 1f78eaea0a159cdc3835d478613761ee7b9aee00 Author: Caolán McNamara <[email protected]> AuthorDate: Fri Jan 28 19:40:40 2022 +0000 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 15:54:34 2022 +0200 upgrade expat to 2.4.4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129072 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 8b537d5b40c617c29cf7ca19e63ab882525cf3aa) Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688 diff --git a/download.lst b/download.lst index 075ab6391246..065748d9d99e 100644 --- a/download.lst +++ b/download.lst @@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a export ETONYEK_VERSION_MICRO := 9 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz -export EXPAT_SHA256SUM := 2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40 -export EXPAT_TARBALL := expat-2.4.1.tar.bz2 +export EXPAT_SHA256SUM := 5963005ff8720735beb2d2db669afc681adcbcb43dd1eb397d5c2dd7adbc631f +export EXPAT_TARBALL := expat-2.4.4.tar.gz export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017 diff --git a/external/expat/expat-winapi.patch b/external/expat/expat-winapi.patch index bd4da1472fc8..7eae7d5d6139 100644 --- a/external/expat/expat-winapi.patch +++ b/external/expat/expat-winapi.patch @@ -13,15 +13,12 @@ --- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100 +++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600 +0100 -@@ -92,6 +92,11 @@ +@@ -64,6 +64,8 @@ + #endif - #include <expat_config.h> - -+#ifdef _WIN32 + #ifdef _WIN32 +# undef HAVE_GETRANDOM +# undef HAVE_SYSCALL_GETRANDOM -+#endif -+ - #include "ascii.h" - #include "expat.h" - #include "siphash.h" + /* force stdlib to define rand_s() */ + # if ! defined(_CRT_RAND_S) + # define _CRT_RAND_S commit 5c494aa3c72b1f833999bdc55a7cdf9403678f87 Author: Caolán McNamara <[email protected]> AuthorDate: Mon Dec 20 17:05:44 2021 +0000 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 15:53:17 2022 +0200 only use X509Data Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 Tested-by: Jenkins Reviewed-by: Miklos Vajna <[email protected]> (cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178 Reviewed-by: Adolfo Jayme Barrientos <[email protected]> (cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139) Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h index c060c8bf23b8..476c51b3f964 100644 --- a/xmlsecurity/inc/xmlsec-wrapper.h +++ b/xmlsecurity/inc/xmlsec-wrapper.h @@ -43,6 +43,10 @@ #include <xmlsec/nss/app.h> #include <xmlsec/nss/crypto.h> #include <xmlsec/nss/pkikeys.h> +#include <xmlsec/nss/x509.h> +#endif +#ifdef XMLSEC_CRYPTO_MSCRYPTO +#include <xmlsec/mscrypto/x509.h> #endif #endif diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx index 6b16efd46752..118ddcbf8696 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx @@ -229,6 +229,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCryptoKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index e50daa47e868..c4e21d791c2d 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -244,6 +244,10 @@ SAL_CALL XMLSignature_NssImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode ); commit 3cc80641157dd62656fb2db705a0ed40d77ca781 Author: Michael Stahl <[email protected]> AuthorDate: Tue Oct 19 15:17:39 2021 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 15:51:56 2022 +0200 nss: upgrade to release 3.73 Fixes: CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures Need adding NSS_DISABLE_AVX2 for old vs2015 windows builds. Includes: nss: upgrade to release 3.71 Conflicts: download.lst Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218 Tested-by: Thorsten Behrens <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436) (cherry picked from commit c0be9f7f82d3e9e371b3b08585ad15dd31ebd786) Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f diff --git a/download.lst b/download.lst index 0141e9d321db..075ab6391246 100644 --- a/download.lst +++ b/download.lst @@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45 -export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz +export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9 +export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index b270ebd9fc74..59135e7dc1f8 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -20,6 +20,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta $(call gb_ExternalProject_run,build,\ $(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \ OS_TARGET=WIN95 \ + NSS_DISABLE_AVX2=1 \ $(if $(filter X86_64,$(CPUNAME)),USE_64=1) \ LIB="$(ILIB)" \ XCFLAGS="-arch:SSE $(SOLARINC)" \ diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index fd0cfa56e1d3..e1b42122fa25 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -22,8 +22,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.patch \ external/nss/nss.vs2015.pdb.patch \ external/nss/macos-dlopen.patch.0 \ - $(if $(filter iOS,$(OS)), \ - external/nss/nss-ios.patch) \ + $(if $(filter ANDROID,$(OS)), \ + external/nss/nss-android.patch.1) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ $(if $(filter WNT,$(OS)), \ diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 index 50c549303604..bc574bc1ec71 100644 --- a/external/nss/nss-android.patch.1 +++ b/external/nss/nss-android.patch.1 @@ -8,9 +8,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s +if test $1 = "arm-unknown-linux-androideabi"; then echo $1; exit; fi +if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi + - # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <<EOF diff -ur nss.org/nspr/configure nss/nspr/configure --- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200 +++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200 diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch deleted file mode 100644 index 9d4af2c724e9..000000000000 --- a/external/nss/nss-ios.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- a/a/nspr/config/autoconf.mk.in -+++ a/a/nspr/config/autoconf.mk.in -@@ -67,7 +67,7 @@ - MSC_VER = @MSC_VER@ - AR = @AR@ - AR_FLAGS = @AR_FLAGS@ --LD = @LD@ -+LD = echo - RANLIB = @RANLIB@ - PERL = @PERL@ - RC = @RC@ ---- a/a/nspr/configure -+++ a/a/nspr/configure -@@ -755,7 +755,7 @@ - OBJDIR='$(OBJDIR_NAME)' - OBJDIR_NAME=. - OBJDIR_SUFFIX=OBJ --NSINSTALL='$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall' -+NSINSTALL=${NSINSTALL?'$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall'} - NOSUCHFILE=/no-such-file - LIBNSPR='-L$(dist_libdir) -lnspr$(MOD_MAJOR_VERSION)' - LIBPLC='-L$(dist_libdir) -lplc$(MOD_MAJOR_VERSION)' -@@ -3060,7 +3060,7 @@ - LIB_SUFFIX=a - DLL_SUFFIX=so - ASM_SUFFIX=s --MKSHLIB='$(LD) $(DSO_LDOPTS) -o $@' -+MKSHLIB='touch $@; echo' - PR_MD_ASFILES= - PR_MD_CSRCS= - PR_MD_ARCH_DIR=unix -@@ -3904,7 +3904,7 @@ - DSO_CFLAGS=-fPIC - DSO_LDOPTS='-dynamiclib -compatibility_version 1 -current_version 1 -all_load -install_name @__________________________________________________OOO/$@ -headerpad_max_install_names' - _OPTIMIZE_FLAGS=-O2 -- MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' -+ MKSHLIB=touch $@ - STRIP="$STRIP -x -S" - DLL_SUFFIX=dylib - USE_PTHREADS=1 ---- a/a/nss/coreconf/ruleset.mk -+++ a/a/nss/coreconf/ruleset.mk -@@ -68,7 +68,7 @@ - endif - - ifeq ($(MKPROG),) -- MKPROG = $(CC) -+ MKPROG = touch $@; echo - endif - - # ---- a/a/nss/coreconf/Darwin.mk -+++ a/a/nss/coreconf/Darwin.mk -@@ -124,7 +124,7 @@ - DSO_LDOPTS += --coverage - endif - --MKSHLIB = $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) -+MKSHLIB = touch $@; echo - DLL_SUFFIX = dylib - ifdef MAPFILE - MKSHLIB += -exported_symbols_list $(MAPFILE) ---- a/a/nss/coreconf/UNIX.mk -+++ a/a/nss/coreconf/UNIX.mk -@@ -21,10 +21,14 @@ - - ifdef BUILD_TREE - NSINSTALL_DIR = $(BUILD_TREE)/nss -+ifndef NSINSTALL - NSINSTALL = $(BUILD_TREE)/nss/nsinstall -+endif - else - NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -+ifndef NSINSTALL - NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall -+endif - endif - - MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend ---- a/a/nspr/pr/include/md/_darwin.h -+++ a/a/nspr/pr/include/md/_darwin.h -@@ -26,6 +26,8 @@ - #define _PR_SI_ARCHITECTURE "ppc" - #elif defined(__arm__) - #define _PR_SI_ARCHITECTURE "arm" -+#elif defined(__arm64__) -+#define _PR_SI_ARCHITECTURE "arm64" - #elif defined(__aarch64__) - #define _PR_SI_ARCHITECTURE "aarch64" - #else ---- a/a/nspr/pr/src/Makefile.in -+++ a/a/nspr/pr/src/Makefile.in -@@ -180,7 +180,7 @@ - endif - - ifeq ($(OS_TARGET),MacOSX) --OS_LIBS = -framework CoreServices -framework CoreFoundation -+OS_LIBS = -framework CoreFoundation - endif - - EXTRA_LIBS += $(OS_LIBS) ---- a/a/nss/cmd/shlibsign/sign.sh -+++ a/a/nss/cmd/shlibsign/sign.sh -@@ -2,6 +2,8 @@ - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+exit 0 - - # arguments: - # 1: full path to DIST/OBJDIR (parent dir of "lib") commit 3ceb6dd2db694ae5d3d65ac7e2669a9170fcfc7d Author: Michael Stahl <[email protected]> AuthorDate: Fri Nov 5 18:33:07 2021 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:53:07 2022 +0200 icu: add patch for CVE-2021-30535 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124779 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 35eef8ec9b122a761400f3c6590ca1f9a187d772) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124701 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit 105c258fcdd69f617de64b780ffcdb8304ff262c) Change-Id: I398596f77aa47ab6d4db01b94422262048cffd3e diff --git a/external/icu/UnpackedTarball_icu.mk b/external/icu/UnpackedTarball_icu.mk index a5416b7ee078..a0ab0b9af4c5 100644 --- a/external/icu/UnpackedTarball_icu.mk +++ b/external/icu/UnpackedTarball_icu.mk @@ -40,6 +40,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\ external/icu/char8_t.patch \ external/icu/CVE-2018-18928.patch.2 \ external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 \ + external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 \ + external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 \ )) $(eval $(call gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict)) diff --git a/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 b/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 new file mode 100644 index 000000000000..1ded56abf524 --- /dev/null +++ b/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 @@ -0,0 +1,94 @@ +From cec7de7a390dd6907b0ea0feb4488ed3934ee71d Mon Sep 17 00:00:00 2001 +From: Frank Tang <[email protected]> +Date: Tue, 16 Mar 2021 22:08:29 -0700 +Subject: [PATCH] ICU-21537 Fix invalid free by long locale name + +Do not free baseName if it is pointing to fullNameBuffer. + +Better Fix +--- + icu4c/source/common/locid.cpp | 9 +++++---- + icu4c/source/test/intltest/collationtest.cpp | 10 ++++++++++ + 2 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/icu4c/source/common/locid.cpp b/icu4c/source/common/locid.cpp +index 5d604350ecd..e16fbb724a4 100644 +--- a/icu4c/source/common/locid.cpp ++++ b/icu4c/source/common/locid.cpp +@@ -254,7 +254,7 @@ UOBJECT_DEFINE_RTTI_IMPLEMENTATION(Locale) + + Locale::~Locale() + { +- if (baseName != fullName) { ++ if ((baseName != fullName) && (baseName != fullNameBuffer)) { + uprv_free(baseName); + } + baseName = NULL; +@@ -466,7 +466,7 @@ Locale& Locale::operator=(const Locale& other) { + } + + Locale& Locale::operator=(Locale&& other) U_NOEXCEPT { +- if (baseName != fullName) uprv_free(baseName); ++ if ((baseName != fullName) && (baseName != fullNameBuffer)) uprv_free(baseName); + if (fullName != fullNameBuffer) uprv_free(fullName); + + if (other.fullName == other.fullNameBuffer) { +@@ -1850,7 +1850,7 @@ Locale& Locale::init(const char* localeID, UBool canonicalize) + { + fIsBogus = FALSE; + /* Free our current storage */ +- if (baseName != fullName) { ++ if ((baseName != fullName) && (baseName != fullNameBuffer)) { + uprv_free(baseName); + } + baseName = NULL; +@@ -1886,6 +1886,7 @@ Locale& Locale::init(const char* localeID, UBool canonicalize) + uloc_getName(localeID, fullName, sizeof(fullNameBuffer), &err); + + if(err == U_BUFFER_OVERFLOW_ERROR || length >= (int32_t)sizeof(fullNameBuffer)) { ++ U_ASSERT(baseName == nullptr); + /*Go to heap for the fullName if necessary*/ + fullName = (char *)uprv_malloc(sizeof(char)*(length + 1)); + if(fullName == 0) { +@@ -2039,7 +2040,7 @@ Locale::hashCode() const + void + Locale::setToBogus() { + /* Free our current storage */ +- if(baseName != fullName) { ++ if((baseName != fullName) && (baseName != fullNameBuffer)) { + uprv_free(baseName); + } + baseName = NULL; +diff --git a/icu4c/source/test/intltest/collationtest.cpp b/icu4c/source/test/intltest/collationtest.cpp +index de51eece5c4..4f1fee9375e 100644 +--- a/icu4c/source/test/intltest/collationtest.cpp ++++ b/icu4c/source/test/intltest/collationtest.cpp +@@ -78,6 +78,7 @@ class CollationTest : public IntlTest { + void TestRootElements(); + void TestTailoredElements(); + void TestDataDriven(); ++ void TestLongLocale(); + + private: + void checkFCD(const char *name, CollationIterator &ci, CodePointIterator &cpi); +@@ -148,6 +149,7 @@ void CollationTest::runIndexedTest(int32_t index, UBool exec, const char *&name, + TESTCASE_AUTO(TestRootElements); + TESTCASE_AUTO(TestTailoredElements); + TESTCASE_AUTO(TestDataDriven); ++ TESTCASE_AUTO(TestLongLocale); + TESTCASE_AUTO_END; + } + +@@ -1852,4 +1854,12 @@ void CollationTest::TestDataDriven() { + } + } + ++void CollationTest::TestLongLocale() { ++ IcuTestErrorCode errorCode(*this, "TestLongLocale"); ++ Locale longLocale("sie__1G_C_CEIE_CEZCX_CSUE_E_EIESZNI2_GB_LM_LMCSUE_LMCSX_" ++ "LVARIANT_MMCSIE_STEU_SU1GCEIE_SU6G_SU6SU6G_U_UBGE_UC_" ++ "UCEZCSI_UCIE_UZSIU_VARIANT_X@collation=bcs-ukvsz"); ++ LocalPointer<Collator> coll(Collator::createInstance(longLocale, errorCode)); ++} ++ + #endif // !UCONFIG_NO_COLLATION diff --git a/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 b/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 new file mode 100644 index 000000000000..4709cd8c37fd --- /dev/null +++ b/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 @@ -0,0 +1,39 @@ +From e450fa50fc242282551f56b941dc93b9a8a0bcbb Mon Sep 17 00:00:00 2001 +From: Frank Tang <[email protected]> +Date: Tue, 13 Apr 2021 15:16:50 -0700 +Subject: [PATCH] ICU-21587 Fix memory bug w/ baseName + +Edge cases not fixed in assign and move assign operator +while the locale is long and call setKeywordValue with incorrect +keyword/values. +--- + icu4c/source/common/locid.cpp | 11 +++++++++-- + icu4c/source/test/intltest/loctest.cpp | 26 ++++++++++++++++++++++++++ + icu4c/source/test/intltest/loctest.h | 2 ++ + 3 files changed, 37 insertions(+), 2 deletions(-) + +diff --git a/icu4c/source/common/locid.cpp b/icu4c/source/common/locid.cpp +index 02cd82a7b8e..3c6e5b06690 100644 +--- a/icu4c/source/common/locid.cpp ++++ b/icu4c/source/common/locid.cpp +@@ -469,14 +469,18 @@ Locale& Locale::operator=(Locale&& other) U_NOEXCEPT { + if ((baseName != fullName) && (baseName != fullNameBuffer)) uprv_free(baseName); + if (fullName != fullNameBuffer) uprv_free(fullName); + +- if (other.fullName == other.fullNameBuffer) { ++ if (other.fullName == other.fullNameBuffer || other.baseName == other.fullNameBuffer) { + uprv_strcpy(fullNameBuffer, other.fullNameBuffer); ++ } ++ if (other.fullName == other.fullNameBuffer) { + fullName = fullNameBuffer; + } else { + fullName = other.fullName; + } + +- if (other.baseName == other.fullName) { ++ if (other.baseName == other.fullNameBuffer) { ++ baseName = fullNameBuffer; ++ } else if (other.baseName == other.fullName) { + baseName = fullName; + } else { + baseName = other.baseName; commit 284c1ccb287124d8cb066b1834d55850af7bdb8c Author: Michael Stahl <[email protected]> AuthorDate: Tue Nov 16 14:41:57 2021 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:28:27 2022 +0200 postgresql: upgrade to release 13.5 Fixes CVE-2021-23222. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315) Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0 diff --git a/download.lst b/download.lst index 838902fee569..0141e9d321db 100644 --- a/download.lst +++ b/download.lst @@ -208,8 +208,8 @@ export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f export LIBPNG_TARBALL := libpng-1.6.37.tar.xz export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3 export POPPLER_TARBALL := poppler-21.01.0.tar.xz -export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f -export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2 +export POSTGRESQL_SHA256SUM := 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 +export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2 export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 export PYTHON_TARBALL := Python-3.5.9.tar.xz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c commit c21b5fa7adfe415aa3416c25ba5b6f27eda2c76f Author: Michael Stahl <[email protected]> AuthorDate: Tue Nov 9 12:35:04 2021 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:21:12 2022 +0200 openldap: upgrade to release 2.4.59 Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of other CVEs that affect only the server. Unfortunately it looks like NSS support was removed in release 2.5.0. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit b7c670984e4af1c73fa05731ca8029cec487bd52) Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f diff --git a/download.lst b/download.lst index a3f272b7cf6d..838902fee569 100644 --- a/download.lst +++ b/download.lst @@ -190,8 +190,8 @@ export ODFVALIDATOR_SHA256SUM := 984f2a479df79e27e7b01a5815ac53ae64e07746b882262 export ODFVALIDATOR_JAR := odfvalidator-1.2.0-incubating-SNAPSHOT-jar-with-dependencies-971c54fd38a968f5860014b44301872706f9e540.jar export OFFICEOTRON_SHA256SUM := f2443f27561af52324eee03a1892d9f569adc8db9e7bca55614898bc2a13a770 export OFFICEOTRON_JAR := 8249374c274932a21846fa7629c2aa9b-officeotron-0.7.4-master.jar -export OPENLDAP_SHA256SUM := cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824 -export OPENLDAP_TARBALL := openldap-2.4.45.tgz +export OPENLDAP_SHA256SUM := 99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34 +export OPENLDAP_TARBALL := openldap-2.4.59.tgz export OPENSSL_SHA256SUM := ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6 export OPENSSL_TARBALL := openssl-1.0.2r.tar.gz export ORCUS_SHA256SUM := 3f48cfbc21ad74787218284939c04d42cb836c73bc393f27f538b668e4d78a5f commit fc5cb0e610d3aecd03f8638fad02af0c31978840 Author: Michael Stahl <[email protected]> AuthorDate: Fri Nov 5 19:40:49 2021 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:20:18 2022 +0200 libjpeg-turbo: add patch for CVE-2020-17541 Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70) diff --git a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk index a99df67bb011..5440d16ecfc1 100644 --- a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk +++ b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk @@ -19,6 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libjpeg-turbo,\ external/libjpeg-turbo/jpeg-turbo.build.patch.1 \ $(if $(filter WNT,$(OS)),external/libjpeg-turbo/jpeg-turbo.win_build.patch.1) \ external/libjpeg-turbo/ubsan.patch \ + external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 new file mode 100644 index 000000000000..cc3da737e7b0 --- /dev/null +++ b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 @@ -0,0 +1,38 @@ +From c76f4a08263b0cea40d2967560ac7c21f6959079 Mon Sep 17 00:00:00 2001 +From: DRC <[email protected]> +Date: Thu, 5 Dec 2019 13:12:28 -0600 +Subject: [PATCH] Huffman enc.: Fix very rare local buffer overrun + +... detected by ASan. This is a similar issue to the issue that was +fixed with 402a715f82313384ef4606660c32d8678c79f197. Apparently it is +possible to create a malformed JPEG image that exceeds the Huffman +encoder's 256-byte local buffer when attempting to losslessly tranform +the image. That makes sense, given that it was necessary to extend the +Huffman decoder's local buffer to 512 bytes in order to handle all +pathological cases (refer to 0463f7c9aad060fcd56e98d025ce16185279e2bc.) + +Since this issue affected only lossless transformation, a workflow that +isn't generally exposed to arbitrary data exploits, and since the +overrun did not overflow the stack (i.e. it did not result in a segfault +or other user-visible issue, and valgrind didn't even detect it), it did +not likely pose a security risk. + +Fixes #392 +--- + ChangeLog.md | 10 ++++++++++ + jchuff.c | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/jchuff.c b/jchuff.c +index 206958e2f..cb05055d9 100644 +--- a/jchuff.c ++++ b/jchuff.c +@@ -432,7 +432,7 @@ dump_buffer(working_state *state) + * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block + * larger than 200 bytes. + */ +-#define BUFSIZE (DCTSIZE2 * 4) ++#define BUFSIZE (DCTSIZE2 * 8) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ commit c9e5e85dd7cf504a5809eb1f5891b010e353fd51 Author: Miklos Vajna <[email protected]> AuthorDate: Thu Dec 13 09:13:39 2018 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:18:36 2022 +0200 graphite: update to 1.3.12 Martin Hosken thinks all patches are redundant now, so drop them. Change-Id: I062168416a1289b7f4dd42d8ae58b7df56a37712 Reviewed-on: https://gerrit.libreoffice.org/65074 Tested-by: Jenkins Reviewed-by: Miklos Vajna <[email protected]> (cherry picked from commit 6b84708914f9c026776b28a300ac6d278272881f) diff --git a/download.lst b/download.lst index 9c02c062885f..a3f272b7cf6d 100644 --- a/download.lst +++ b/download.lst @@ -94,8 +94,8 @@ export GLM_SHA256SUM := d0312c360efe04dd048b3311fe375ff36f1993b4c2e3cb58c8106299 export GLM_TARBALL := bae83fa5dc7f081768daace6e199adc3-glm-0.9.4.6-libreoffice.zip export GPGME_SHA256SUM := 1b29fedb8bfad775e70eafac5b0590621683b2d9869db994568e6401f4034ceb export GPGME_TARBALL := gpgme-1.9.0.tar.bz2 -export GRAPHITE_SHA256SUM := aa5e58356cd084000609ebbd93fef456a1bc0ab9e46fea20e81552fb286232a9 -export GRAPHITE_TARBALL := graphite2-minimal-1.3.10.tgz +export GRAPHITE_SHA256SUM := 0ebf80886bfc39e591c59bc975f4bb5dc717da7489eedfdb8acf84435261e7df +export GRAPHITE_TARBALL := graphite2-minimal-1.3.12.tgz export HARFBUZZ_SHA256SUM := 3c592f86fa0da69e2e0e98cae9f5d5b61def3bb7948aa00ca45748f27fa545fd export HARFBUZZ_TARBALL := harfbuzz-1.8.4.tar.bz2 export HSQLDB_SHA256SUM := d30b13f4ba2e3b6a2d4f020c0dee0a9fb9fc6fbcc2d561f36b78da4bf3802370 diff --git a/external/graphite/StaticLibrary_graphite.mk b/external/graphite/StaticLibrary_graphite.mk index 8c16482ba11b..9eeff041dc28 100644 --- a/external/graphite/StaticLibrary_graphite.mk +++ b/external/graphite/StaticLibrary_graphite.mk @@ -44,7 +44,6 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,graphite,\ UnpackedTarball/graphite/src/gr_segment \ UnpackedTarball/graphite/src/gr_slot \ UnpackedTarball/graphite/src/json \ - UnpackedTarball/graphite/src/CachedFace \ UnpackedTarball/graphite/src/CmapCache \ UnpackedTarball/graphite/src/Code \ UnpackedTarball/graphite/src/Collider \ @@ -60,9 +59,6 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,graphite,\ UnpackedTarball/graphite/src/NameTable \ UnpackedTarball/graphite/src/Pass \ UnpackedTarball/graphite/src/Position \ - UnpackedTarball/graphite/src/SegCache \ - UnpackedTarball/graphite/src/SegCacheEntry \ - UnpackedTarball/graphite/src/SegCacheStore \ UnpackedTarball/graphite/src/Segment \ UnpackedTarball/graphite/src/Silf \ UnpackedTarball/graphite/src/Slot \ diff --git a/external/graphite/UnpackedTarball_graphite.mk b/external/graphite/UnpackedTarball_graphite.mk index a162d172b795..0abd4b657d91 100644 --- a/external/graphite/UnpackedTarball_graphite.mk +++ b/external/graphite/UnpackedTarball_graphite.mk @@ -11,12 +11,4 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,graphite)) $(eval $(call gb_UnpackedTarball_set_tarball,graphite,$(GRAPHITE_TARBALL))) -$(eval $(call gb_UnpackedTarball_set_patchlevel,graphite,0)) - -$(eval $(call gb_UnpackedTarball_add_patches,graphite,\ - external/graphite/graphite2.issue1115.patch.1 \ - external/graphite/graphite2.win64.patch.1 \ - external/graphite/ubsan.patch \ -)) - # vim: set noet sw=4 ts=4: diff --git a/external/graphite/graphite2.issue1115.patch.1 b/external/graphite/graphite2.issue1115.patch.1 deleted file mode 100644 index 454114bb32c9..000000000000 --- a/external/graphite/graphite2.issue1115.patch.1 +++ /dev/null @@ -1,22 +0,0 @@ ---- graphite/src/Code.cpp -+++ graphite/src/Code.cpp -@@ -175,8 +175,8 @@ Machine::Code::Code(bool is_constraint, - bytecode_end, - pre_context, - rule_length, -- silf.numClasses(), -- face.glyphs().numAttrs(), -+ static_cast<uint16>(silf.numClasses()), -+ static_cast<uint16>(face.glyphs().numAttrs()), - face.numFeatures(), - {1,1,1,1,1,1,1,1, - 1,1,1,1,1,1,1,255, -@@ -184,7 +184,7 @@ Machine::Code::Code(bool is_constraint, - 1,1,1,1,1,1,0,0, - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0, silf.numUser()} -+ 0,0,0,0,0,0,0, static_cast<byte>(silf.numUser())} - }; - - decoder dec(lims, *this, pt); diff --git a/external/graphite/graphite2.win64.patch.1 b/external/graphite/graphite2.win64.patch.1 deleted file mode 100644 index d7cf11e63189..000000000000 --- a/external/graphite/graphite2.win64.patch.1 +++ /dev/null @@ -1,60 +0,0 @@ -diff -urN graphite2-1.3.4.orig/src/inc/json.h graphite2-1.3.4/src/inc/json.h ---- graphite2-1.3.4.orig/src/inc/json.h 2015-12-22 14:25:46.403566441 +0100 -+++ graphite2-1.3.4/src/inc/json.h 2015-12-22 14:26:13.439722846 +0100 -@@ -85,6 +85,9 @@ - json & operator << (string) throw(); - json & operator << (number) throw(); - json & operator << (integer) throw(); -+#ifdef _WIN64 -+ json & operator << (size_t) throw(); -+#endif - json & operator << (long unsigned int d) throw(); - json & operator << (boolean) throw(); - json & operator << (_null_t) throw(); -diff -urN graphite2-1.3.4.orig/src/inc/Main.h graphite2-1.3.4/src/inc/Main.h ---- graphite2-1.3.4.orig/src/inc/Main.h 2015-12-22 14:25:46.399566417 +0100 -+++ graphite2-1.3.4/src/inc/Main.h 2015-12-22 14:26:13.439722846 +0100 -@@ -25,6 +25,9 @@ - of the License or (at your option) any later version. - */ - #pragma once -+#ifdef _WIN32 -+#pragma warning(disable: 4510 4610) -+#endif - - #include <cstdlib> - #include "graphite2/Types.h" -diff -urN graphite2-1.3.4.orig/src/json.cpp graphite2-1.3.4/src/json.cpp ---- graphite2-1.3.4.orig/src/json.cpp 2015-12-22 14:25:46.399566417 +0100 -+++ graphite2-1.3.4/src/json.cpp 2015-12-22 14:26:13.439722846 +0100 -@@ -133,6 +133,9 @@ - } - json & json::operator << (json::integer d) throw() { context(seq); fprintf(_stream, "%ld", d); return *this; } - json & json::operator << (long unsigned d) throw() { context(seq); fprintf(_stream, "%ld", d); return *this; } -+#ifdef _WIN64 -+json & json::operator << (size_t d) throw() { context(seq); fprintf(_stream, "%ld", d); return *this; } -+#endif - json & json::operator << (json::boolean b) throw() { context(seq); fputs(b ? "true" : "false", _stream); return *this; } - json & json::operator << (json::_null_t) throw() { context(seq); fputs("null",_stream); return *this; } - -diff -urN graphite2-1.3.4.orig/src/Pass.cpp graphite2-1.3.4/src/Pass.cpp ---- graphite2-1.3.4.orig/src/Pass.cpp 2015-12-22 14:25:46.399566417 +0100 -+++ graphite2-1.3.4/src/Pass.cpp 2015-12-22 14:26:13.439722846 +0100 -@@ -568,7 +568,7 @@ - if (r->rule->preContext > fsm.slots.context()) - continue; - *fsm.dbgout << json::flat << json::object -- << "id" << r->rule - m_rules -+ << "id" << static_cast<size_t>(r->rule - m_rules) - << "failed" << true - << "input" << json::flat << json::object - << "start" << objectid(dslot(&fsm.slots.segment, input_slot(fsm.slots, -r->rule->preContext))) -@@ -582,7 +582,7 @@ - void Pass::dumpRuleEventOutput(const FiniteStateMachine & fsm, const Rule & r, Slot * const last_slot) const - { - *fsm.dbgout << json::item << json::flat << json::object -- << "id" << &r - m_rules -+ << "id" << static_cast<size_t>(&r - m_rules) - << "failed" << false - << "input" << json::flat << json::object - << "start" << objectid(dslot(&fsm.slots.segment, input_slot(fsm.slots, 0))) diff --git a/external/graphite/ubsan.patch b/external/graphite/ubsan.patch deleted file mode 100644 index 86039de4e1c8..000000000000 --- a/external/graphite/ubsan.patch +++ /dev/null @@ -1,62 +0,0 @@ ---- src/TtfUtil.cpp -+++ src/TtfUtil.cpp -@@ -1247,7 +1247,7 @@ - void * GlyfLookup(const void * pGlyf, size_t nGlyfOffset, size_t nTableLen) - { - const uint8 * pByte = reinterpret_cast<const uint8 *>(pGlyf); -- if (nGlyfOffset + pByte < pByte || nGlyfOffset + sizeof(Sfnt::Glyph) >= nTableLen) -+ if (nGlyfOffset > nTableLen || sizeof(Sfnt::Glyph) >= nTableLen - nGlyfOffset) - return NULL; - return const_cast<uint8 *>(pByte + nGlyfOffset); - } ---- src/gr_face.cpp -+++ src/gr_face.cpp -@@ -87,7 +87,7 @@ - - Face *res = new Face(appFaceHandle, *ops); - if (res && load_face(*res, faceOptions)) -- return static_cast<gr_face *>(res); -+ return reinterpret_cast<gr_face *>(res); - - delete res; - return 0; -@@ -195,7 +195,7 @@ - - void gr_face_destroy(gr_face *face) - { -- delete face; -+ delete static_cast<Face *>(face); - } - - ---- src/gr_font.cpp -+++ src/gr_font.cpp -@@ -50,7 +50,7 @@ - if (face == 0) return 0; - - Font * const res = new Font(ppm, *face, appFontHandle, font_ops); -- return static_cast<gr_font*>(res); -+ return reinterpret_cast<gr_font*>(res); - } - - gr_font* gr_make_font_with_advance_fn(float ppm/*pixels per em*/, const void* appFontHandle/*non-NULL*/, gr_advance_fn getAdvance, const gr_face * face/*needed for scaling*/) -@@ -61,7 +61,7 @@ - - void gr_font_destroy(gr_font *font) - { -- delete font; -+ delete static_cast<Font *>(font); - } - - ---- src/inc/Code.h -+++ src/inc/Code.h -@@ -162,7 +162,7 @@ - { - if (_code && !_own) - { -- _code += dist / sizeof(instr); -+ _code += dist / int(sizeof(instr)); - _data += dist; - } - } commit b4901a8ab84ce4eaa3a27229024125e1b69bfe65 Author: Gabor Kelemen <[email protected]> AuthorDate: Fri Apr 1 14:16:31 2022 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Apr 1 14:16:31 2022 +0200 Add missing headers to compile some unit tests on Linux Change-Id: Ia9c4e95e49514c552dd220388fe6c60d05de4f55 diff --git a/sw/qa/unit/sw-dialogs-test.cxx b/sw/qa/unit/sw-dialogs-test.cxx index f5968d36b7e7..d0ede8bc5214 100644 --- a/sw/qa/unit/sw-dialogs-test.cxx +++ b/sw/qa/unit/sw-dialogs-test.cxx @@ -15,6 +15,7 @@ #include <tools/svlibrary.h> #include <sfx2/app.hxx> #include <vcl/abstdlg.hxx> +#include <osl/module.hxx> #include <swabstdlg.hxx> diff --git a/sw/qa/unit/sw-dialogs-test_2.cxx b/sw/qa/unit/sw-dialogs-test_2.cxx index fe59616aace7..761ed71c12b1 100644 --- a/sw/qa/unit/sw-dialogs-test_2.cxx +++ b/sw/qa/unit/sw-dialogs-test_2.cxx @@ -15,6 +15,7 @@ #include <tools/svlibrary.h> #include <sfx2/app.hxx> #include <vcl/abstdlg.hxx> +#include <osl/module.hxx> #include <swabstdlg.hxx> #include <swdll.hxx>
