Rebased ref, commits from common ancestor:
commit 24fd02e70ada0aedef545704cf375868aebfb0da
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Thu Sep 9 13:43:04 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Fri Sep 10 20:30:33 2021 +0200
Bump product version to 6.2.8.2.M5
Change-Id: I59145513f596b583c80f5e9a843956b3175aa3d2
diff --git a/configure.ac b/configure.ac
index 078dfca928d7..a60bef2d6124 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for
the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no
idea.
-AC_INIT([LibreOffice],[6.2.8.2.M4],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.2.8.2.M5],[],[],[http://documentfoundation.org/])
AC_PREREQ([2.59])
commit 5f69069d895cd3d96a9b25816d946ceeb6b1bbfa
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Aug 25 11:32:11 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Fri Sep 10 20:30:33 2021 +0200
openssl: add patch for CVE-2021-3712
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121029
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/external/openssl/UnpackedTarball_openssl.mk
b/external/openssl/UnpackedTarball_openssl.mk
index ad600cce1412..e7fca1116545 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
+ external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
new file mode 100644
index 000000000000..cf809750ecfb
--- /dev/null
+++ b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
@@ -0,0 +1,56 @@
+From ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <m...@openssl.org>
+Date: Tue, 17 Aug 2021 14:41:48 +0100
+Subject: [PATCH] Fix a read buffer overrun in X509_CERT_AUX_print()
+
+This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed
+the same bug but in master/1.1.1 it is in the function X509_aux_print().
+The original commit had the following description:
+
+Fix a read buffer overrun in X509_aux_print().
+
+The ASN1_STRING_get0_data(3) manual explitely cautions the reader
+that the data is not necessarily NUL-terminated, and the function
+X509_alias_set1(3) does not sanitize the data passed into it in any
+way either, so we must assume the return value from X509_alias_get0(3)
+is merely a byte array and not necessarily a string in the sense
+of the C language.
+
+I found this bug while writing manual pages for X509_print_ex(3)
+and related functions. Theo Buehler <t...@openbsd.org> checked my
+patch to fix the same bug in LibreSSL, see
+
+http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
+
+As an aside, note that the function still produces incomplete and
+misleading results when the data contains a NUL byte in the middle
+and that error handling is consistently absent throughout, even
+though the function provides an "int" return value obviously intended
+to be 1 for success and 0 for failure, and even though this function
+is called by another function that also wants to return 1 for success
+and 0 for failure and even does so in many of its code paths, though
+not in others. But let's stay focussed. Many things would be nice
+to have in the wide wild world, but a buffer overflow must not be
+allowed to remain in our backyard.
+
+CVE-2021-3712
+
+Reviewed-by: Paul Dale <pa...@openssl.org>
+---
+ crypto/asn1/t_x509a.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
+index d1b897a469fd..b1bc9d0cd28b 100644
+--- a/crypto/asn1/t_x509a.c
++++ b/crypto/asn1/t_x509a.c
+@@ -104,7 +104,8 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int
indent)
+ } else
+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ if (aux->alias)
+- BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
++ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length,
++ aux->alias->data);
+ if (aux->keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for (i = 0; i < aux->keyid->length; i++)
commit fface4cb41ef8c060abd2f88ca24a6b8dd765067
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri May 21 13:33:26 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Fri Sep 10 20:30:33 2021 +0200
libxml2: upgrade to release 2.9.12
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115935
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 2f85df41e355..720b66ff4017 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6
export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
-export LIBXML_SHA256SUM :=
aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
-export LIBXML_VERSION_MICRO := 10
+export LIBXML_SHA256SUM :=
c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
+export LIBXML_VERSION_MICRO := 12
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
export LIBXSLT_SHA256SUM :=
8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
export LIBXSLT_VERSION_MICRO := 33
diff --git a/external/libxml2/libxml2-config.patch.1
b/external/libxml2/libxml2-config.patch.1
index 8c28fb6a7806..5a2ef1485e92 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR.
+exec_prefix=${WORKDIR}/UnpackedTarball/libxml2
+includedir=${WORKDIR}/UnpackedTarball/libxml2/include
+libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs
+ cflags=
+ libs=
- usage()
- {
@@ -67,7 +72,8 @@
;;
diff --git a/external/libxml2/libxml2-global-symbols.patch
b/external/libxml2/libxml2-global-symbols.patch
index 49ee73731562..cfec9c530281 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -14,8 +14,8 @@
LIBXML2_2.6.32 {
@@ -2231,3 +2231,43 @@
- xmlHashDefaultDeallocator;
- } LIBXML2_2.9.1;
+ xmlPopOutputCallbacks;
+ } LIBXML2_2.9.8;
+# HACK: export global variable accessor functions (globals.h)
+LIBXML2_GLOBAL_VARIABLES {
commit f0819605109b51430967e6f5e1d1e04aba9ce5a0
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Wed Nov 20 15:05:02 2019 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Fri Sep 10 20:30:33 2021 +0200
libxml2: upgrade to release 2.9.10
... which is, surprisingly enough, required to build the latest libxslt.
Reviewed-on: https://gerrit.libreoffice.org/83311
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit d1bf39a78ed239d4493f0470ca937852265e79d6)
Reviewed-on: https://gerrit.libreoffice.org/83347
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
(cherry picked from commit e9dc4662d4ba3bde91407911f1bc1a7aa25fa0ce)
Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
Reviewed-on: https://gerrit.libreoffice.org/83418
Reviewed-by: Michael Stahl <michael.st...@cib.de>
Tested-by: Michael Stahl <michael.st...@cib.de>
diff --git a/download.lst b/download.lst
index e15f327e825a..2f85df41e355 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6
export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
-export LIBXML_SHA256SUM :=
94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871
-export LIBXML_VERSION_MICRO := 9
+export LIBXML_SHA256SUM :=
aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
+export LIBXML_VERSION_MICRO := 10
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
export LIBXSLT_SHA256SUM :=
8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
export LIBXSLT_VERSION_MICRO := 33
diff --git a/external/libxml2/libxml2-android.patch
b/external/libxml2/libxml2-android.patch
index 714de61068fb..42af83274026 100644
--- a/external/libxml2/libxml2-android.patch
+++ b/external/libxml2/libxml2-android.patch
@@ -4,7 +4,7 @@
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-recursive
--all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \
+-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \
+all-am: Makefile $(LTLIBRARIES) \
config.h
install-binPROGRAMS: install-libLTLIBRARIES
diff --git a/external/libxml2/libxml2-config.patch.1
b/external/libxml2/libxml2-config.patch.1
index 7d96fb530e57..8c28fb6a7806 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -25,45 +25,19 @@ Hack the xml2-config to return paths into WORKDIR.
;;
--cflags)
-- echo @XML_INCLUDEDIR@ @XML_CFLAGS@
-+ echo -I${includedir}
-+# echo @XML_INCLUDEDIR@ @XML_CFLAGS@
+- cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++ #cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++ cflags="-I${includedir}"
;;
--libtool-libs)
-@@ -82,19 +88,24 @@
- ;;
+@@ -91,7 +96,8 @@
+ libs="@XML_LIBDIR@ $libs"
+ fi
- --libs)
-- if [ "`uname`" = "Linux" ]
-- then
-- if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" =
"-L/usr/lib64" ]
-- then
-- echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-- else
-- echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-- fi
-- else
-- echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
@WIN32_EXTRA_LIBADD@
-- fi
-+ echo -L${libdir} -lxml2 -lm
-+# if [ "`uname`" = "Linux" ]
-+# then
-+# if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" =
"-L/usr/lib64" ]
-+# then
-+# echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+# else
-+# echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+# fi
-+# else
-+# echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
@WIN32_EXTRA_LIBADD@
-+# fi
- ;;
+- libs="$libs @WIN32_EXTRA_LIBADD@"
++ #libs="$libs @WIN32_EXTRA_LIBADD@"
++ libs="-L${libdir} -lxml2 -lm"
+ ;;
-+ print) # ugly configure hack
-+ exit 0
-+ ;;
-+
*)
- usage
- exit 1
