chart2/source/tools/InternalDataProvider.cxx
| 7 +
download.lst
| 14 +-
external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
| 1
external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
| 38 ++++++
external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
| 58 ----------
external/libodfgen/ExternalProject_libodfgen.mk
| 4
external/libodfgen/Library_odfgen.mk
| 3
external/libodfgen/UnpackedTarball_libodfgen.mk
| 8 -
external/libodfgen/c++11.patch
| 44 -------
external/libodfgen/libodfgen-bundled-soname.patch.0
| 5
external/openldap/openldap-2.4.44.patch.1
| 12 ++
external/postgresql/UnpackedTarball_postgresql.mk
| 3
external/postgresql/arm64.patch.1
| 53 +++++++++
include/vcl/RawBitmap.hxx
| 4
lotuswordpro/source/filter/lwpfribptr.cxx
| 35 +++---
lotuswordpro/source/filter/lwpfribptr.hxx
| 4
sc/source/core/tool/interpr1.cxx
| 2
solenv/flatpak-manifest.in
| 7 -
svtools/source/svhtml/parhtml.cxx
| 6 -
sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
|binary
sw/qa/core/data/ww8/pass/ofz34749-1.doc
|binary
sw/qa/core/data/ww8/pass/ofz38011-1.doc
|binary
sw/source/core/text/itrform2.cxx
| 4
sw/source/core/undo/undobj.cxx
| 11 +
sw/source/filter/ww8/ww8par.cxx
| 13 +-
sw/source/filter/ww8/ww8par.hxx
| 12 +-
sw/source/filter/ww8/ww8par2.cxx
| 9 +
sw/source/filter/ww8/ww8par6.cxx
| 3
tools/source/generic/poly.cxx
| 2
vcl/unx/generic/printer/cpdmgr.cxx
| 49 ++++----
30 files changed, 234 insertions(+), 177 deletions(-)
New commits:
commit eef7146a78eb02223c3e36a0c5660c480b93bbac
Author: Tor Lillqvist <t...@collabora.com>
AuthorDate: Wed Nov 10 13:36:43 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:32 2021 +0100
Add forward declaration to openldap to fix compilation with current Xcode
For some reason the warning about this undeclared function is treated
as an error by the Clang version in current Xcode, at least for me,
even if openldap isn't compiled with -Werror.
Change-Id: Ic8479ca63031319ce55c6fb9d95132019ae82cae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124959
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/external/openldap/openldap-2.4.44.patch.1
b/external/openldap/openldap-2.4.44.patch.1
index 0d3cf5b70c3f..317ef9a62e56 100644
--- a/external/openldap/openldap-2.4.44.patch.1
+++ b/external/openldap/openldap-2.4.44.patch.1
@@ -1,3 +1,4 @@
+-*- Mode: diff -*-
--- openldap.org/configure
+++ openldap/configure
@@ -15735,7 +15735,7 @@
@@ -52,6 +53,17 @@
#undef NSS_VERSION_INT
#define NSS_VERSION_INT ((NSS_VMAJOR << 24) | (NSS_VMINOR << 16) | \
+--- openldap.org/libraries/libldap/tls2.c
++++ openldap.org/libraries/libldap/tls2.c
+@@ -80,6 +80,8 @@
+ { BER_BVNULL, BER_BVNULL }
+ };
+
++int ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in );
++
+ #ifdef HAVE_TLS
+
+ void
--- openldap.org/Makefile.in
+++ openldap/Makefile.in
@@ -13,7 +13,7 @@
commit adc89cf8122d4b888c4afd51fe148108b9e26c8e
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Nov 16 14:41:57 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
postgresql: upgrade to release 13.5
Fixes CVE-2021-23222.
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 9f2f2824d484..5c8a0a91adbf 100644
--- a/download.lst
+++ b/download.lst
@@ -242,8 +242,8 @@ export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM :=
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
export POPPLER_TARBALL := poppler-21.01.0.tar.xz
-export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
-export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
+export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
+export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
bd746ed1ad9ccfa9b2a8d13736a5c452025c3600913d000078e6ed1df3d767b6
export PYTHON_TARBALL := Python-3.8.8rc1.tar.xz
export QRCODEGEN_SHA256SUM :=
fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a
commit b0a59d0f29a6c4f05f90f0bb614960ee7b9c7cb7
Author: Thorsten Behrens <thorsten.behr...@allotropia.de>
AuthorDate: Sun Mar 14 02:24:59 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
Fix ARM64 build after postgres upgrade to 13.1
Change-Id: I12bdda6aedd9b7b15423f997fe8c6910d9c9e9d5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112464
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit db8fb941ecc4c6e0279b47e4560b4b285339a17f)
diff --git a/external/postgresql/UnpackedTarball_postgresql.mk
b/external/postgresql/UnpackedTarball_postgresql.mk
index c189b10dcb4b..b941de56822e 100644
--- a/external/postgresql/UnpackedTarball_postgresql.mk
+++ b/external/postgresql/UnpackedTarball_postgresql.mk
@@ -17,8 +17,11 @@ $(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
external/postgresql/windows.patch.0 \
external/postgresql/postgresql.exit.patch.0 \
external/postgresql/postgres-msvc-build.patch.1 \
+ $(if $(filter WNT_ARM64,$(OS)_$(CPUNAME)),
external/postgresql/arm64.patch.1) \
))
+ifeq ($(CROSS_COMPILING),)
$(eval $(call
gb_UnpackedTarball_add_file,postgresql,src/tools/msvc/config.pl,external/postgresql/config.pl))
+endif
# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/arm64.patch.1
b/external/postgresql/arm64.patch.1
new file mode 100644
index 000000000000..7f8f2d6e4137
--- /dev/null
+++ b/external/postgresql/arm64.patch.1
@@ -0,0 +1,53 @@
+diff -ur postgresql.org/src/tools/msvc/Mkvcbuild.pm
postgresql/src/tools/msvc/Mkvcbuild.pm
+--- postgresql.org/src/tools/msvc/Mkvcbuild.pm 2021-03-14 02:09:15.288060770
+0100
++++ postgresql/src/tools/msvc/Mkvcbuild.pm 2021-03-14 02:12:22.351726582
+0100
+@@ -107,13 +107,6 @@
+
+ push(@pgportfiles, 'strtof.c') if ($vsVersion < '14.00');
+
+- if ($vsVersion >= '9.00')
+- {
+- push(@pgportfiles, 'pg_crc32c_sse42_choose.c');
+- push(@pgportfiles, 'pg_crc32c_sse42.c');
+- push(@pgportfiles, 'pg_crc32c_sb8.c');
+- }
+- else
+ {
+ push(@pgportfiles, 'pg_crc32c_sb8.c');
+ }
+diff -ur postgresql.org/src/tools/msvc/MSBuildProject.pm
postgresql/src/tools/msvc/MSBuildProject.pm
+--- postgresql.org/src/tools/msvc/MSBuildProject.pm 2021-03-14
02:09:15.288060770 +0100
++++ postgresql/src/tools/msvc/MSBuildProject.pm 2021-03-14
02:12:22.351726582 +0100
+@@ -307,8 +307,7 @@
+ : ($self->{type} eq "dll" ? 'DynamicLibrary' : 'StaticLibrary');
+ my $libs = $self->GetAdditionalLinkerDependencies($cfgname, ';');
+
+- my $targetmachine =
+- $self->{platform} eq 'Win32' ? 'MachineX86' : 'MachineX64';
++ my $targetmachine = "MachineARM64";
+
+ my $includes = $self->{includes};
+ unless ($includes eq '' or $includes =~ /;$/)
+@@ -347,7 +347,6 @@
+
<ProgramDatabaseFile>.\\$cfgname\\$self->{name}\\$self->{name}.pdb</ProgramDatabaseFile>
+ <GenerateMapFile>false</GenerateMapFile>
+ <MapFileName>.\\$cfgname\\$self->{name}\\$self->{name}.map</MapFileName>
+- <RandomizedBaseAddress>false</RandomizedBaseAddress>
+ <!-- Permit links to MinGW-built, 32-bit DLLs (default before VS2012).
-->
+ <ImageHasSafeExceptionHandlers/>
+ <SubSystem>Console</SubSystem>
+diff -ur postgresql.org/src/tools/msvc/Solution.pm
postgresql/src/tools/msvc/Solution.pm
+--- postgresql.org/src/tools/msvc/Solution.pm 2021-03-14 02:09:15.288060770
+0100
++++ postgresql/src/tools/msvc/Solution.pm 2021-03-14 02:12:22.351726582
+0100
+@@ -62,10 +62,7 @@
+ if (1) #($^O eq "MSWin32")
+ {
+ # Examine CL help output to determine if we are in 32 or 64-bit
mode.
+- my $output = `cl /? 2>&1`;
+- $? >> 8 == 0 or die "cl command not found";
+- $self->{platform} =
+- ($output =~ /^\/favor:<.+AMD64/m) ? 'x64' : 'Win32';
++ $self->{platform} = 'ARM64';
+ }
+ else
+ {
commit 4286da80f0039be767ab427dc203b6a426437261
Author: Tor Lillqvist <t...@collabora.com>
AuthorDate: Tue Jan 26 23:21:42 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
A patch chunk should have an equal number of context lines before and after
Some versions of the patch program are picky about that.
Change-Id: I0006ecefcf4afe10971c5f3571c3d32d97598696
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109998
Tested-by: Jenkins
Reviewed-by: Tor Lillqvist <t...@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125927
Tested-by: Tor Lillqvist <t...@collabora.com>
diff --git a/external/libodfgen/libodfgen-bundled-soname.patch.0
b/external/libodfgen/libodfgen-bundled-soname.patch.0
index f5c0caf8d6d1..d012fe3a8f65 100644
--- a/external/libodfgen/libodfgen-bundled-soname.patch.0
+++ b/external/libodfgen/libodfgen-bundled-soname.patch.0
@@ -1,7 +1,9 @@
+-*- Mode: Diff -*-
diff -urN src/Makefile.in.orig src/Makefile.in
--- src/Makefile.in.orig 2016-03-02 17:17:02.812606210 +0100
+++ src/Makefile.in 2016-03-02 17:17:25.176670151 +0100
-@@ -355,6 +355,6 @@
+@@ -355,7 +355,7 @@
+ $(XML_CFLAGS) -DLIBODFGEN_BUILD $(am__append_1)
libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LIBADD =
@LIBODFGEN_WIN32_RESOURCE@ $(REVENGE_LIBS) $(XML_LIBS)
libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_DEPENDENCIES
= @LIBODFGEN_WIN32_RESOURCE@
-libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LDFLAGS =
$(version_info) -export-dynamic -no-undefined
commit c13518b7e6d4dc158f5fd22af7964494bb801631
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Nov 16 14:28:15 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
ofz#40766 svtools, sw: HTMLParser: really stop inserting control chars
35d248cab1f0d4800f72abb5cb6afb56f40d9083 forgot to fix one place where
control characters were in a presumed XML declaration.
Another place looks missing where comments are handled, but it's not
clear if these can be passed on to Writer.
Revert the previous fix from commit
b3325ef8cdfc2c82eec34e747106f75a9fccb7e4.
Change-Id: I11ad13de9122533626e512ce0384051e3e5bd97f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125306
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit a7116b890ccd6dd1721413b4de6591a8057668ef)
diff --git a/svtools/source/svhtml/parhtml.cxx
b/svtools/source/svhtml/parhtml.cxx
index 76791dc5abcd..fa7f99c52348 100644
--- a/svtools/source/svhtml/parhtml.cxx
+++ b/svtools/source/svhtml/parhtml.cxx
@@ -1058,6 +1058,7 @@ HtmlTokenId HTMLParser::GetNextToken_()
sTmpBuffer.appendUtf32( nNextCh );
nNextCh = GetNextChar();
} while( '>' != nNextCh && '/' != nNextCh &&
!rtl::isAsciiWhiteSpace( nNextCh ) &&
+ !linguistic::IsControlChar(nNextCh) &&
IsParserWorking() && !rInput.eof() );
if( !sTmpBuffer.isEmpty() )
@@ -1135,8 +1136,11 @@ HtmlTokenId HTMLParser::GetNextToken_()
if( !bDone )
sTmpBuffer.appendUtf32(nNextCh);
}
- else
+ else if (!linguistic::IsControlChar(nNextCh)
+ || nNextCh == '\r' || nNextCh == '\n' ||
nNextCh == '\t')
+ {
sTmpBuffer.appendUtf32(nNextCh);
+ }
if( !bDone )
nNextCh = GetNextChar();
}
commit 65147ff38c42273e9456b24c70e92e1fa93ddc92
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Sep 25 19:57:36 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
ofz#39252 use safer SwUnoCursor for the pos to move back to
Change-Id: Iba6f200cea92196986bd30564cf56ab5d8b954b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122611
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index a145b13279e4..f6345d06d565 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2012,7 +2012,7 @@ void SwWW8ImplReader::ImportDopTypography(const
WW8DopTypography &rTypo)
* Footnotes and Endnotes
*/
WW8ReaderSave::WW8ReaderSave(SwWW8ImplReader* pRdr ,WW8_CP nStartCp) :
- maTmpPos(*pRdr->m_pPaM->GetPoint()),
+ mxTmpPos(pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pPaM->GetPoint())),
mxOldStck(std::move(pRdr->m_xCtrlStck)),
mxOldAnchorStck(std::move(pRdr->m_xAnchorStck)),
mxOldRedlines(std::move(pRdr->m_xRedlineStack)),
@@ -2109,7 +2109,7 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
- *pRdr->m_pPaM->GetPoint() = maTmpPos;
+ *pRdr->m_pPaM->GetPoint() = GetStartPos();
if (mxOldPlcxMan != pRdr->m_xPlcxMan)
pRdr->m_xPlcxMan = mxOldPlcxMan;
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 8717e20eebfe..032f5c4060ba 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -595,7 +595,7 @@ class WW8ReaderSave
{
private:
WW8PLCFxSaveAll maPLCFxSave;
- SwPosition maTmpPos;
+ std::shared_ptr<SwUnoCursor> mxTmpPos;
std::deque<bool> maOldApos;
std::deque<WW8FieldEntry> maOldFieldStack;
std::unique_ptr<SwWW8FltControlStack> mxOldStck;
@@ -623,7 +623,7 @@ private:
public:
WW8ReaderSave(SwWW8ImplReader* pRdr, WW8_CP nStart=-1);
void Restore(SwWW8ImplReader* pRdr);
- const SwPosition &GetStartPos() const { return maTmpPos; }
+ const SwPosition &GetStartPos() const { return *mxTmpPos->GetPoint(); }
};
enum class eF_ResT { OK, TEXT, TAGIGN, READ_FSPA };
commit 48d5aa51a0b48b9640147e560ec34af517213222
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Sep 2 13:35:34 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:31 2021 +0100
ofz#38011 save and restore m_pLastAnchorPos via UnoCursor
when we do some operations that may delete paragraphs
Change-Id: I2165dd287771f06c6d0fd061dd7659b06db4bd72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121511
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/qa/core/data/ww8/pass/ofz38011-1.doc
b/sw/qa/core/data/ww8/pass/ofz38011-1.doc
new file mode 100644
index 000000000000..8ef58ca5395d
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz38011-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index ad64bb616bd1..06c9fa247e54 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -2750,8 +2750,17 @@ void WW8TabDesc::MoveOutsideTable()
void WW8TabDesc::FinishSwTable()
{
m_pIo->m_xRedlineStack->closeall(*m_pIo->m_pPaM->GetPoint());
+
+ // ofz#38011 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(m_pIo->m_pLastAnchorPos ?
m_pIo->m_rDoc.CreateUnoCursor(*m_pIo->m_pLastAnchorPos) : nullptr);
+ m_pIo->m_pLastAnchorPos.reset();
+
m_pIo->m_xRedlineStack = std::move(mxOldRedlineStack);
+ if (xLastAnchorCursor)
+ m_pIo->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
WW8DupProperties aDup(m_pIo->m_rDoc,m_pIo->m_xCtrlStck.get());
m_pIo->m_xCtrlStck->SetAttr( *m_pIo->m_pPaM->GetPoint(), 0, false);
commit db092b14692d0d0d81b330de94e66bc55d991250
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Aug 29 16:58:11 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:30 2021 +0100
ofz#37796 limit to numeric_limits<int>::max
Change-Id: I6e09226fad1e566ba2758d0084042b603b84d221
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121230
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/include/vcl/RawBitmap.hxx b/include/vcl/RawBitmap.hxx
index 710559d11d48..5f6c5eecd11f 100644
--- a/include/vcl/RawBitmap.hxx
+++ b/include/vcl/RawBitmap.hxx
@@ -31,6 +31,10 @@ public:
, mnBitCount(nBitCount)
{
assert(nBitCount == 24 || nBitCount == 32);
+ if (rSize.getWidth() > std::numeric_limits<sal_Int32>::max() ||
rSize.getWidth() < 0)
+ throw std::bad_alloc();
+ if (rSize.getHeight() > std::numeric_limits<sal_Int32>::max() ||
rSize.getHeight() < 0)
+ throw std::bad_alloc();
sal_Int32 nRowSize, nDataSize;
if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount / 8,
nRowSize)
|| o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(),
nDataSize)
commit f835cd19bf7ce165508b5009cc3f1d3f14904327
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Aug 18 16:57:18 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:30 2021 +0100
ofz#37322 Bad-cast
use a SwUnoCursor for the LastAnchorPos around here, this is similar to
ofz#9858 Bad-cast
Change-Id: I194a39ae13c382740b0ba8145dcc33fb2107105d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120679
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
new file mode 100644
index 000000000000..fd64eeed2963
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc differ
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 42e8c415b156..a145b13279e4 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2095,8 +2095,17 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->m_xCtrlStck = std::move(mxOldStck);
pRdr->m_xRedlineStack->closeall(*pRdr->m_pPaM->GetPoint());
+
+ // ofz#37322 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(pRdr->m_pLastAnchorPos ?
pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pLastAnchorPos) : nullptr);
+ pRdr->m_pLastAnchorPos.reset();
+
pRdr->m_xRedlineStack = std::move(mxOldRedlines);
+ if (xLastAnchorCursor)
+ pRdr->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
commit 2d8d0bef42f63b52cdd084ebda711cc5866d1f66
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jul 12 16:21:04 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:30 2021 +0100
crashtesting: UaF on layout of ooo98566-1.odt
in:
sw/source/core/text/itrform2.cxx:2643 SwTextFormatter::NewFlyCntPortion
at: pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame)
(gdb) print m_pCurr
$2 = (SwLineLayout *) 0x55ea220a0020
after calling GetFlyFrame m_pCurr is unchanged and we will call
m_pCurr->MaxAscentDescent
on it.
But m_pCurr is deleted during GetFlyFrame by...
#18 0x00007f98c5cd337f in SwLineLayout::~SwLineLayout()
(this=this@entry=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/portxt.hxx:26
#19 0x00007f98c5cd347a in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#20 0x00007f98c5cd3485 in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#21 0x00007f98c5d05e70 in
std::default_delete<SwParaPortion>::operator()(SwParaPortion*) const
(__ptr=<optimized out>, this=<optimized out>)
at /usr/include/c++/8/bits/unique_ptr.h:75
#22 0x00007f98c5d05e70 in std::unique_ptr<SwParaPortion,
std::default_delete<SwParaPortion> >::reset(SwParaPortion*)
(__p=<optimized out>, this=<optimized out>) at
/usr/include/c++/8/bits/unique_ptr.h:382
#23 0x00007f98c5d05e70 in SwTextLine::SetPara(SwParaPortion*, bool)
(bDelete=true, pNew=0x0, this=<optimized out>)
at source/libo-core/sw/source/core/text/txtcache.hxx:45
#24 0x00007f98c5d05e70 in SwTextFrame::ClearPara()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtcache.cxx:113
#25 0x00007f98c5d1be89 in SwTextFrame::Init()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtfrm.cxx:757
#26 0x00007f98c5d2630c in SwTextFrame::Prepare(PrepareHint, void const*,
bool)
(this=0x55ea21302b60, ePrep=PrepareHint::FlyFrameArrive,
pVoid=<optimized out>, bNotify=<optimized out>)
at source/libo-core/sw/source/core/text/txtfrm.cxx:3086
#27 0x00007f98c5b1edb8 in
SwFlyInContentFrame::NotifyBackground(SwPageFrame*, SwRect const&, PrepareHint)
(this=<optimized out>, rRect=..., eHint=<optimized out>) at
source/libo-core/sw/inc/anchoredobject.hxx:205
#28 0x00007f98c5b261a6 in Notify(SwFlyFrame*, SwPageFrame*, SwRect const&,
SwRect const*)
(pFly=pFly@entry=0x55ea21a18d60, pOld=0x0, rOld=SwRect = {...},
pOldPrt=pOldPrt@entry=0x7ffeb50390f8)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#29 0x00007f98c5b2ceca in SwFlyNotify::~SwFlyNotify()
(this=0x7ffeb50390d0, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/layout/frmtool.cxx:648
#30 0x00007f98c5b1fa25 in SwFlyInContentFrame::MakeAll(OutputDevice*)
(this=0x55ea21a18d60)
at source/libo-core/sw/source/core/inc/frmtool.hxx:419
#31 0x00007f98c5aec3a9 in SwFrame::PrepareMake(OutputDevice*)
(this=0x55ea21a18d60, pRenderContext=0x55ea212bc4c0)
at source/libo-core/sw/source/core/layout/calcmove.cxx:375
#32 0x00007f98c5b17ad2 in SwFlyFrame::Calc(OutputDevice*) const
(this=<optimized out>, pRenderContext=<optimized out>)
at source/libo-core/sw/source/core/layout/fly.cxx:2890
#33 0x00007f98c5b636c5 in SwObjectFormatter::FormatLayout_(SwLayoutFrame&)
(this=this@entry=0x55ea2244d150, _rLayoutFrame=...)
at source/libo-core/include/rtl/ref.hxx:206
#34 0x00007f98c5b6413e in SwObjectFormatter::FormatObj_(SwAnchoredObject&)
(this=this@entry=0x55ea2244d150, _rAnchoredObj=...)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:296
#35 0x00007f98c5b6705b in
SwObjectFormatterTextFrame::DoFormatObj(SwAnchoredObject&, bool)
(this=0x55ea2244d150, _rAnchoredObj=..., _bCheckForMovedFwd=<optimized
out>)
at source/libo-core/sw/source/core/layout/objectformattertxtfrm.cxx:136
#36 0x00007f98c5b6359f in SwObjectFormatter::FormatObj(SwAnchoredObject&,
SwFrame*, SwPageFrame const*)
(_rAnchoredObj=..., _pAnchorFrame=<optimized out>,
_pPageFrame=<optimized out>)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:190
#37 0x00007f98c5d717aa in SwTextFlyCnt::GetFlyFrame_(SwFrame const*)
(this=this@entry=0x55ea214d8810, pCurrFrame=pCurrFrame@entry=0x55ea21302b60)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#38 0x00007f98c5cb511b in SwTextFlyCnt::GetFlyFrame(SwFrame const*)
(pCurrFrame=0x55ea21302b60, this=0x55ea214d8810)
at source/libo-core/sw/inc/txtflcnt.hxx:48
#39 0x00007f98c5cb511b in
SwTextFormatter::NewFlyCntPortion(SwTextFormatInfo&, SwTextAttr*) const
(this=this@entry=0x7ffeb503a6b0, rInf=..., pHint=0x55ea214d8810) at
source/libo-core/sw/source/core/text/itrform2.cxx:2643
(gdb) print this
(SwLinePortion * const) 0x55ea220a0020
The SwTextFrame of SwTextFrame::ClearPara is the same pFrame/m_pFrame at
SwTextFormatter::NewFlyCntPortion
ClearPara is not called if the SwTextFrame is "Locked", so try using that
to protect GetFlyFrame
Change-Id: Ia9dcb1f345f6953d995f2acf1ec23492d1680364
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118784
Tested-by: Jenkins
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/core/text/itrform2.cxx b/sw/source/core/text/itrform2.cxx
index aa4ba00b8d8d..f689bf2d962b 100644
--- a/sw/source/core/text/itrform2.cxx
+++ b/sw/source/core/text/itrform2.cxx
@@ -2570,7 +2570,11 @@ SwFlyCntPortion *SwTextFormatter::NewFlyCntPortion(
SwTextFormatInfo &rInf,
SwFlyInContentFrame *pFly;
SwFrameFormat* pFrameFormat =
static_cast<SwTextFlyCnt*>(pHint)->GetFlyCnt().GetFrameFormat();
if( RES_FLYFRMFMT == pFrameFormat->Which() )
+ {
+ // set Lock pFrame to avoid m_pCurr getting deleted
+ TextFrameLockGuard aGuard(m_pFrame);
pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame);
+ }
else
pFly = nullptr;
// aBase is the document-global position, from which the new extra portion
is placed
commit 19a753cb2f31173a6373f64067fcf20e26332cd5
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jul 1 14:56:45 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:30 2021 +0100
ofz#34749 don't remove trailing paragraph if something got anchored to it
Change-Id: Ic6eec2f9829c415abd4f2628bc51efbf98f918fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118228
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/qa/core/data/ww8/pass/ofz34749-1.doc
b/sw/qa/core/data/ww8/pass/ofz34749-1.doc
new file mode 100644
index 000000000000..d657a71b5245
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz34749-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index d309b756d5e2..8717e20eebfe 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -929,6 +929,14 @@ public:
explicit wwExtraneousParas(SwDoc &rDoc) : m_rDoc(rDoc) {}
~wwExtraneousParas() { delete_all_from_doc(); }
void insert(SwTextNode *pTextNode) { m_aTextNodes.insert(pTextNode); }
+ void check_anchor_destination(SwTextNode *pTextNode)
+ {
+ auto it = m_aTextNodes.find(pTextNode);
+ if (it == m_aTextNodes.end())
+ return;
+ SAL_WARN("sw.ww8", "It is unexpected to anchor something in a para
scheduled for removal");
+ m_aTextNodes.erase(it);
+ }
void delete_all_from_doc();
};
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 00859aac5221..c2d17d929af5 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -2464,6 +2464,9 @@ bool SwWW8ImplReader::StartApo(const ApoTestResults
&rApo, const WW8_TablePos *p
}
else
{
+ // ofz#34749 we shouldn't anchor anything into an 'extra'
paragraph scheduled for
+ // removal at end of import, but check if that scenario is
happening
+
m_aExtraneousParas.check_anchor_destination(m_pPaM->GetNode().GetTextNode());
m_xSFlyPara->pFlyFormat =
m_rDoc.MakeFlySection(WW8SwFlyPara::eAnchor,
m_pPaM->GetPoint(), &aFlySet);
OSL_ENSURE(m_xSFlyPara->pFlyFormat->GetAnchor().GetAnchorId() ==
commit 820d89395fc2abbad59035dbe406f60f52208f86
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Jun 27 19:08:36 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:30 2021 +0100
ofz#35504 Integer-overflow
Change-Id: I7a462b821f286411d759b5259461fcdbf1741859
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117955
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 8b4727782350..f5d57435a60a 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -255,7 +255,7 @@ ImplPolygon::ImplPolygon( const tools::Rectangle& rBound,
const Point& rStart, c
}
- if( ( nRadX > 32 ) && ( nRadY > 32 ) && ( nRadX + nRadY ) < 8192 )
+ if (nRadX > 32 && nRadY > 32 && o3tl::saturating_add(nRadX, nRadY) <
8192)
nPoints >>= 1;
// compute threshold
commit cd5dff9227701ab0085d32166f9e510bc8bddc16
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Mar 19 14:11:45 2021 +0000
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:29 2021 +0100
cid#1473818 Use after free
Change-Id: Idd74e0debd12e42ff97d79b56e76cde6fd98aa2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112745
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 236f3a8e60e05147a37f294774b0c07d40aff36f)
diff --git a/vcl/unx/generic/printer/cpdmgr.cxx
b/vcl/unx/generic/printer/cpdmgr.cxx
index bebd568330c5..0789ae7e1ca7 100644
--- a/vcl/unx/generic/printer/cpdmgr.cxx
+++ b/vcl/unx/generic/printer/cpdmgr.cxx
@@ -43,11 +43,11 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
gpointer user_data)
{
gchar* contents;
- GDBusNodeInfo *introspection_data;
-
// Get Interface for introspection
- g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
+ if (!g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr))
+ return;
+
+ GDBusNodeInfo *introspection_data = g_dbus_node_info_new_for_xml
(contents, nullptr);
g_dbus_connection_register_object (connection,
"/org/libreoffice/PrintDialog",
@@ -63,28 +63,29 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
std::vector<std::pair<std::string, gchar*>> backends =
current->getTempBackends();
for (auto const& backend : backends)
{
- GDBusProxy *proxy;
// Get Interface for introspection
- g_file_get_contents (BACKEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
- proxy = g_dbus_proxy_new_sync (connection,
- G_DBUS_PROXY_FLAGS_NONE,
- introspection_data->interfaces[0],
- backend.first.c_str(),
- backend.second,
- "org.openprinting.PrintBackend",
- nullptr,
- nullptr);
+ if (g_file_get_contents(BACKEND_INTERFACE, &contents, nullptr,
nullptr))
+ {
+ introspection_data = g_dbus_node_info_new_for_xml (contents,
nullptr);
+ GDBusProxy *proxy = g_dbus_proxy_new_sync (connection,
+ G_DBUS_PROXY_FLAGS_NONE,
+ introspection_data->interfaces[0],
+ backend.first.c_str(),
+ backend.second,
+ "org.openprinting.PrintBackend",
+ nullptr,
+ nullptr);
+ g_assert (proxy != nullptr);
+ g_dbus_proxy_call(proxy, "ActivateBackend",
+ nullptr,
+ G_DBUS_CALL_FLAGS_NONE,
+ -1, nullptr, nullptr, nullptr);
+
+ g_free(contents);
+ g_object_unref(proxy);
+ g_dbus_node_info_unref(introspection_data);
+ }
g_free(backend.second);
- g_assert (proxy != nullptr);
- g_dbus_proxy_call(proxy, "ActivateBackend",
- nullptr,
- G_DBUS_CALL_FLAGS_NONE,
- -1, nullptr, nullptr, nullptr);
-
- g_free(contents);
- g_object_unref(proxy);
- g_dbus_node_info_unref(introspection_data);
}
}
commit acae583ca57484908f2980dfa0b2e94043785e93
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Tue Mar 9 15:52:21 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:29 2021 +0100
Avoid signed-integer-overflow parsing table:cell-range-address="PivotChart"
...as happens during UITest_chart
UITEST_TEST_NAME=tdf107097.tdf107097.test_tdf107097 ever since
86b192965ee8d625092b723337f6a65bdf34dcb7 "tdf#107097: sc: Add UItest" added
that
test (see <https://ci.libreoffice.org/job/lo_ubsan/1919/>),
> /chart2/source/tools/XMLRangeHelper.cxx:136:52: runtime error: signed
integer overflow: 15 * 308915776 cannot be represented in type 'int'
> #0 0x2ad74a554918 in (anonymous
namespace)::lcl_getSingleCellAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::Cell&)
/chart2/source/tools/XMLRangeHelper.cxx:136:52
> #1 0x2ad74a553482 in (anonymous
namespace)::lcl_getCellAddressFromXMLString(rtl::OUString const&, int, int,
chart::XMLRangeHelper::Cell&, rtl::OUString&)
/chart2/source/tools/XMLRangeHelper.cxx:217:13
> #2 0x2ad74a5505da in (anonymous
namespace)::lcl_getCellRangeAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::CellRange&)
/chart2/source/tools/XMLRangeHelper.cxx:253:19
> #3 0x2ad74a54fde1 in
chart::XMLRangeHelper::getCellRangeFromXMLString(rtl::OUString const&)
/chart2/source/tools/XMLRangeHelper.cxx:328:15
> #4 0x2ad74a2aed4d in
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx:1227:39
> #5 0x2ad74a2b0164 in non-virtual thunk to
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx
> #6 0x2ad6c4784257 in (anonymous
namespace)::lcl_ConvertRange(rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::chart2::XChartDocument> const&)
/xmloff/source/chart/SchXMLPlotAreaContext.cxx:76:32
> #7 0x2ad6c4779a67 in SchXMLPlotAreaContext::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:233:34
> #8 0x2ad6c4c6328a in SvXMLImport::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/core/xmlimp.cxx:797:15
> #9 0x2ad704988b78 in (anonymous
namespace)::Entity::startElement((anonymous namespace)::Event const*)
/sax/source/fastparser/fastparser.cxx:468:27
> #10 0x2ad70496f681 in
sax_fastparser::FastSaxParserImpl::consume((anonymous namespace)::EventList&)
/sax/source/fastparser/fastparser.cxx:1026:25
> #11 0x2ad70496c65f in
sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:870:22
> #12 0x2ad7049905d1 in
sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:1482:13
> #13 0x2ad6c4c52b80 in
SvXMLImport::parseStream(com::sun::star::xml::sax::InputSource const&)
/xmloff/source/core/xmlimp.cxx:504:15
> #14 0x2ad749aafe1e in
chart::XMLFilter::impl_ImportStream(rtl::OUString const&, rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&,
com::sun::star::uno::Reference<com::sun::star::lang::XMultiComponentFactory>
const&,
com::sun::star::uno::Reference<com::sun::star::document::XGraphicStorageHandler>
const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>
const&) /chart2/source/model/filter/XMLFilter.cxx:473:34
> #15 0x2ad749aa9f01 in
chart::XMLFilter::impl_Import(com::sun::star::uno::Reference<com::sun::star::lang::XComponent>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:375:35
> #16 0x2ad749aa0988 in
chart::XMLFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:221:13
> #17 0x2ad749c2c76e in
chart::ChartModel::impl_load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:567:18
> #18 0x2ad749c30eea in
chart::ChartModel::loadFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:759:5
> #19 0x2ad74244b977 in
OCommonEmbeddedObject::LoadDocumentFromStorage_Impl()
/embeddedobj/source/commonembedding/persistence.cxx:535:19
> #20 0x2ad7423d7bde in OCommonEmbeddedObject::SwitchStateTo_Impl(int)
/embeddedobj/source/commonembedding/embedobj.cxx:185:49
> #21 0x2ad7423e32ff in OCommonEmbeddedObject::changeState(int)
/embeddedobj/source/commonembedding/embedobj.cxx:453:13
> #22 0x2ad7424b7057 in
OCommonEmbeddedObject::getPreferredVisualRepresentation(long)
/embeddedobj/source/commonembedding/visobj.cxx:168:9
> #23 0x2ad67e08fdb6 in
comphelper::EmbeddedObjectContainer::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /comphelper/source/container/embeddedobjectcontainer.cxx:1425:54
> #24 0x2ad6a447182c in
svt::EmbeddedObjectRef::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /svtools/source/misc/embedhlp.cxx:809:12
> #25 0x2ad6a446c7d4 in svt::EmbeddedObjectRef::GetGraphicStream(bool)
const /svtools/source/misc/embedhlp.cxx:616:23
> #26 0x2ad6a4469e58 in svt::EmbeddedObjectRef::GetReplacement(bool)
/svtools/source/misc/embedhlp.cxx:424:46
> #27 0x2ad6a446d4ea in svt::EmbeddedObjectRef::GetGraphic() const
/svtools/source/misc/embedhlp.cxx:453:54
> #28 0x2ad69d4a9470 in SdrOle2Obj::GetGraphic() const
/svx/source/svdraw/svdoole2.cxx:1635:33
> #29 0x2ad71b222d01 in
ScDrawTransferObj::ScDrawTransferObj(std::unique_ptr<SdrModel,
std::default_delete<SdrModel> >, ScDocShell*, TransferableObjectDescriptor
const&) /sc/source/ui/app/drwtrans.cxx:191:107
> #30 0x2ad71d7da932 in ScDrawView::DoCopy()
/sc/source/ui/view/drawvie4.cxx:364:56
> #31 0x2ad71c1fb75a in ScDrawShell::ExecDrawFunc(SfxRequest&)
/sc/source/ui/drawfunc/drawsh5.cxx:328:20
> #32 0x2ad71c1b181f in SfxStubScDrawShellExecDrawFunc(SfxShell*,
SfxRequest&) /workdir/SdiTarget/sc/sdi/scslots.hxx:2823:1
> #33 0x2ad68de39d05 in SfxShell::CallExec(void (*)(SfxShell*,
SfxRequest&), SfxRequest&) /include/sfx2/shell.hxx:197:35
> #34 0x2ad68ddd1214 in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot
const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:16
> #35 0x2ad68dde721f in SfxDispatcher::Execute_(SfxShell&, SfxSlot
const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
> #36 0x2ad68dd5edff in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot
const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> #37 0x2ad68e24a322 in
SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /sfx2/source/control/unoctitm.cxx:758:53
> #38 0x2ad68e245261 in
SfxOfficeDispatch::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
/sfx2/source/control/unoctitm.cxx:229:16
> #39 0x2ad67e465052 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:61:12
> #40 0x2ad67e4657c5 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:76:12
> #41 0x2ad6b39a49a6 in UITest::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uitest.cxx:24:12
> #42 0x2ad6b39b7240 in (anonymous
namespace)::UITestUnoObj::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uno/uitest_uno.cxx:69:12
> #43 0x2ad6ee6508db in gcc3::callVirtualMethod(void*, unsigned int,
void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int,
unsigned long*, double*)
/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #44 0x2ad6ee64abf2 in
cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*,
bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int,
_typelib_MethodParameter*, void*, void**, _uno_Any**)
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #45 0x2ad6ee64773d in unoInterfaceProxyDispatch
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #46 0x2ad6f3a7d2ca in
binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*,
std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny>
>*) const /binaryurp/source/incomingrequest.cxx:235:13
Creating a pivot chart apparently generates XML output containing
<chart:plot-area table:cell-range-address="PivotChart" ...>
which does not conform to ODF, see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-February/086884.html>
"Integer overflow in Calc lcl_getSingleCellAddressFromXMLString nColumn
computation" for details.
And, ignoring the signed-integer-overflow UB for now,
InternalDataProvider::convertRangeFromXML would always have returned an
empty
OUString for an input of aXMLRange="PivotChart":
chart::XMLRangeHelper::getCellRangeFromXMLString with
rXMLString="PivotChart"
calls lcl_getCellAddressFromXMLString with rXMLString="PivotChart",
nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so
calls
lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so it
doesn't set rOutTableName, so lcl_getCellAddressFromXMLString returns
bResult=false, so chart::XMLRangeHelper::getCellRangeFromXMLString returns
an
empty CellRange().
So, similar to 9e5314f19c9dcff35b5cee5c5a1b7f744e495b2e "tdf#107097 invoke
internal DP and correctly handle 'range' names" added special handling of
aXMLRange values starting with "PT@" to
InternalDataProvider::convertRangeFromXML, also add explicit special
handling
for "PivotChart" (instead of relying on the later code returning an empty
string, but after invoking UB).
Change-Id: I1671f0ab3b3ab00dce8e348aa3b7141ebebaaad5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112207
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/chart2/source/tools/InternalDataProvider.cxx
b/chart2/source/tools/InternalDataProvider.cxx
index d6b02814ab78..6f7388654ffb 100644
--- a/chart2/source/tools/InternalDataProvider.cxx
+++ b/chart2/source/tools/InternalDataProvider.cxx
@@ -1238,6 +1238,13 @@ OUString SAL_CALL
InternalDataProvider::convertRangeToXML( const OUString& aRang
OUString SAL_CALL InternalDataProvider::convertRangeFromXML( const OUString&
aXMLRange )
{
+ // Handle non-standards-conforming table:cell-range-address="PivotChart",
see
+ // <https://bugs.documentfoundation.org/show_bug.cgi?id=112783> "PIVOT
CHARTS: Save produces
+ // invalid file because of invalid cell address":
+ if (aXMLRange == "PivotChart") {
+ return "";
+ }
+
const OUString aPivotTableID("PT@");
if (aXMLRange.startsWith(aPivotTableID))
return aXMLRange.copy(aPivotTableID.getLength());
commit 283cceb647b64530fd1798177aa70c5eb710962c
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Feb 28 18:53:55 2021 +0000
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:29 2021 +0100
ofz#31538 null-deref
Change-Id: I3264c0fd509e16cf4727847199f0be316d03d0e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111713
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/core/undo/undobj.cxx b/sw/source/core/undo/undobj.cxx
index cc1f806f1696..a13f87a7786d 100644
--- a/sw/source/core/undo/undobj.cxx
+++ b/sw/source/core/undo/undobj.cxx
@@ -1583,9 +1583,14 @@ static bool IsNotBackspaceHeuristic(
SwPosition const& rStart, SwPosition const& rEnd)
{
// check if the selection is backspace/delete created by DelLeft/DelRight
- return rStart.nNode.GetIndex() + 1 != rEnd.nNode.GetIndex()
- || rEnd.nContent != 0
- || rStart.nContent != rStart.nNode.GetNode().GetTextNode()->Len();
+ if (rStart.nNode.GetIndex() + 1 != rEnd.nNode.GetIndex())
+ return true;
+ if (rEnd.nContent != 0)
+ return true;
+ const SwTextNode* pTextNode = rStart.nNode.GetNode().GetTextNode();
+ if (!pTextNode || rStart.nContent != pTextNode->Len())
+ return true;
+ return false;
}
bool IsDestroyFrameAnchoredAtChar(SwPosition const & rAnchorPos,
commit 88a58b0f0ff287384929c6a8a4722195d126587a
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jan 28 14:54:13 2021 +0000
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:29 2021 +0100
ofz#30005 crash in LwpFribPtr::XFConvert
Change-Id: I4f03c1cd8bc12f3fa09c815837b289ff088c91d3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110086
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/lotuswordpro/source/filter/lwpfribptr.cxx
b/lotuswordpro/source/filter/lwpfribptr.cxx
index dc00504a9be6..01089461d576 100644
--- a/lotuswordpro/source/filter/lwpfribptr.cxx
+++ b/lotuswordpro/source/filter/lwpfribptr.cxx
@@ -84,7 +84,8 @@
#include <lwpdropcapmgr.hxx>
LwpFribPtr::LwpFribPtr()
- : m_pFribs(nullptr),m_pXFPara(nullptr),m_pPara(nullptr)
+ : m_pFribs(nullptr)
+ , m_pPara(nullptr)
{
}
@@ -173,7 +174,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_TEXT:
{
LwpFribText* textFrib= static_cast<LwpFribText*>(pFrib);
- textFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ textFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TAB:
@@ -245,7 +246,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_UNICODE3: //fall through
{
LwpFribUnicode* unicodeFrib= static_cast<LwpFribUnicode*>(pFrib);
- unicodeFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ unicodeFrib->XFConvert(m_pXFPara.get(), m_pPara->GetStory());
}
break;
case FRIB_TAG_HARDSPACE:
@@ -254,13 +255,13 @@ void LwpFribPtr::XFConvert()
LwpStory *pStory = m_pPara->GetStory();
LwpHyperlinkMgr* pHyperlink = pStory ? pStory->GetHyperlinkMgr() :
nullptr;
if (pHyperlink && pHyperlink->GetHyperlinkFlag())
- pFrib->ConvertHyperLink(m_pXFPara,pHyperlink,sHardSpace);
+ pFrib->ConvertHyperLink(m_pXFPara.get(),
pHyperlink,sHardSpace);
else
- pFrib->ConvertChars(m_pXFPara,sHardSpace);
+ pFrib->ConvertChars(m_pXFPara.get(), sHardSpace);
}
break;
case FRIB_TAG_SOFTHYPHEN:
- pFrib->ConvertChars(m_pXFPara,u"\x00ad");
+ pFrib->ConvertChars(m_pXFPara.get(), u"\x00ad");
break;
case FRIB_TAG_FRAME:
{
@@ -271,64 +272,64 @@ void LwpFribPtr::XFConvert()
LwpFoundry* pFoundry = m_pPara->GetFoundry();
LwpDropcapMgr* pMgr = pFoundry ? pFoundry->GetDropcapMgr() :
nullptr;
if (pMgr)
- pMgr->SetXFPara(m_pXFPara);
+ pMgr->SetXFPara(m_pXFPara.get());
}
- frameFrib->XFConvert(m_pXFPara);
+ frameFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_CHBLOCK:
{
LwpFribCHBlock* chbFrib = static_cast<LwpFribCHBlock*>(pFrib);
- chbFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ chbFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TABLE:
{
LwpFribTable* tableFrib = static_cast<LwpFribTable*>(pFrib);
//tableFrib->XFConvert(m_pPara->GetXFContainer());
- tableFrib->XFConvert(m_pXFPara);
+ tableFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_BOOKMARK:
{
LwpFribBookMark* bookmarkFrib =
static_cast<LwpFribBookMark*>(pFrib);
- bookmarkFrib->XFConvert(m_pXFPara);
+ bookmarkFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_FOOTNOTE:
{
LwpFribFootnote* pFootnoteFrib =
static_cast<LwpFribFootnote*>(pFrib);
- pFootnoteFrib->XFConvert(m_pXFPara);
+ pFootnoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_FIELD:
{
LwpFribField* fieldFrib = static_cast<LwpFribField*>(pFrib);
- fieldFrib->XFConvert(m_pXFPara);
+ fieldFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_NOTE:
{
LwpFribNote* pNoteFrib = static_cast<LwpFribNote*>(pFrib);
- pNoteFrib->XFConvert(m_pXFPara);
+ pNoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_PAGENUMBER:
{
LwpFribPageNumber* pagenumFrib =
static_cast<LwpFribPageNumber*>(pFrib);
- pagenumFrib->XFConvert(m_pXFPara);
+ pagenumFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_DOCVAR:
{
LwpFribDocVar* docFrib = static_cast<LwpFribDocVar*>(pFrib);
- docFrib->XFConvert(m_pXFPara);
+ docFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYMARKER:
{
LwpFribRubyMarker* rubyFrib =
static_cast<LwpFribRubyMarker*>(pFrib);
- rubyFrib->XFConvert(m_pXFPara);
+ rubyFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYFRAME:
diff --git a/lotuswordpro/source/filter/lwpfribptr.hxx
b/lotuswordpro/source/filter/lwpfribptr.hxx
index d51ecdbfab75..5014d2b250c6 100644
--- a/lotuswordpro/source/filter/lwpfribptr.hxx
+++ b/lotuswordpro/source/filter/lwpfribptr.hxx
@@ -76,14 +76,14 @@ public:
private:
LwpFrib* m_pFribs;
- XFParagraph* m_pXFPara; //Current XFPara used for frib parsing
+ rtl::Reference<XFParagraph> m_pXFPara; //Current XFPara used for frib
parsing
LwpPara* m_pPara; //for get foundry
static void ProcessDropcap(LwpStory* pStory, const LwpFrib* pFrib,
sal_uInt32 nLen);
public:
void XFConvert();
void SetXFPara(XFParagraph* Para) { m_pXFPara = Para; }
- XFParagraph* GetXFPara() { return m_pXFPara; }
+ XFParagraph* GetXFPara() { return m_pXFPara.get(); }
void SetPara(LwpPara* para) { m_pPara = para; }
void RegisterStyle();
LwpFrib* GetFribs() { return m_pFribs; }
commit 1399c6f23005b538f99c3e1ef30c5989a3d3f2d2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jan 4 17:19:47 2021 +0000
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:29 2021 +0100
ofz#29234 Integer-overflow
sc/source/core/tool/interpr1.cxx:9578:39: runtime error: signed integer
overflow: 1 + 2147483647 cannot be represented in type 'int'
Change-Id: I2975ae1daab826f10f0e52e7d7421ac8dcc9fffc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108677
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index 4f2789160a1c..74bcf76768b6 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -9605,6 +9605,8 @@ void ScInterpreter::ScMid()
OUString aStr = GetString().getString();
if ( nStart < 1 || nSubLen < 0 )
PushIllegalArgument();
+ else if (nStart > kScInterpreterMaxStrLen || nSubLen >
kScInterpreterMaxStrLen)
+ PushError(FormulaError::StringOverflow);
else
{
sal_Int32 nLen = aStr.getLength();
commit 323872dd20fd0cf4114d940cc959844c33f330f7
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Nov 9 12:35:04 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:28 2021 +0100
openldap: upgrade to release 2.4.59
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 69b3596aba08..9f2f2824d484 100644
--- a/download.lst
+++ b/download.lst
@@ -224,8 +224,8 @@ export ODFVALIDATOR_SHA256SUM :=
d55495ab3a86544650587de2a72180ddf8bfc6376d14ddf
export ODFVALIDATOR_JAR :=
odfvalidator-0.9.0-RC2-SNAPSHOT-jar-with-dependencies-2726ab578664434a545f8379a01a9faffac0ae73.jar
export OFFICEOTRON_SHA256SUM :=
f2443f27561af52324eee03a1892d9f569adc8db9e7bca55614898bc2a13a770
export OFFICEOTRON_JAR :=
8249374c274932a21846fa7629c2aa9b-officeotron-0.7.4-master.jar
-export OPENLDAP_SHA256SUM :=
cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824
-export OPENLDAP_TARBALL := openldap-2.4.45.tgz
+export OPENLDAP_SHA256SUM :=
99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34
+export OPENLDAP_TARBALL := openldap-2.4.59.tgz
export OPENSSL_SHA256SUM :=
0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
export OPENSSL_TARBALL := openssl-1.1.1l.tar.gz
export ORCUS_SHA256SUM :=
c700d1325f744104d9fca0d5a019434901e9d51a16eedfb05792f90a298587a4
commit c2da736a5d666ddf4746c175433b07499fd1dfbf
Author: David Tardon <dtar...@redhat.com>
AuthorDate: Sun Jan 17 16:27:55 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:29:28 2021 +0100
upload libodfgen 0.1.8
Change-Id: Ibc59469b74d54a2b307ea708ea5c4a752532f0b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109840
Tested-by: Jenkins
Reviewed-by: David Tardon <dtar...@redhat.com>
diff --git a/download.lst b/download.lst
index 992c25c13408..69b3596aba08 100644
--- a/download.lst
+++ b/download.lst
@@ -217,9 +217,9 @@ export NEON_SHA256SUM :=
cf1ee3ac27a215814a9c80803fcee4f0ede8466ebead40267a9bd11
export NEON_TARBALL := neon-0.31.2.tar.gz
export NSS_SHA256SUM :=
07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9
export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz
-export ODFGEN_SHA256SUM :=
2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
-export ODFGEN_VERSION_MICRO := 6
-export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
+export ODFGEN_SHA256SUM :=
55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
+export ODFGEN_VERSION_MICRO := 8
+export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
export ODFVALIDATOR_SHA256SUM :=
d55495ab3a86544650587de2a72180ddf8bfc6376d14ddfa923992dbc86a06e0
export ODFVALIDATOR_JAR :=
odfvalidator-0.9.0-RC2-SNAPSHOT-jar-with-dependencies-2726ab578664434a545f8379a01a9faffac0ae73.jar
export OFFICEOTRON_SHA256SUM :=
f2443f27561af52324eee03a1892d9f569adc8db9e7bca55614898bc2a13a770
diff --git
a/external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
b/external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
deleted file mode 100644
index 1fc4e6b9d261..000000000000
---
a/external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
+++ /dev/null
@@ -1,58 +0,0 @@
-From 68e0c8e4c834df57bc9a0e8da72151f69ff5e7a6 Mon Sep 17 00:00:00 2001
-From: David Tardon <dtar...@redhat.com>
-Date: Fri, 12 Aug 2016 12:50:39 +0200
-Subject: [PATCH] tdf#101077 make double->string conversion locale-agnostic
-
----
- src/OdsGenerator.cxx | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/OdsGenerator.cxx b/src/OdsGenerator.cxx
-index 52e135e..8cb7203 100644
---- a/src/OdsGenerator.cxx
-+++ b/src/OdsGenerator.cxx
-@@ -26,6 +26,8 @@
-
- #include <librevenge/librevenge.h>
-
-+#include <iomanip>
-+#include <locale>
- #include <map>
- #include <stack>
- #include <sstream>
-@@ -46,6 +48,19 @@
- #include "OdcGenerator.hxx"
- #include "OdfGenerator.hxx"
-
-+namespace
-+{
-+
-+librevenge::RVNGString makePreciseStr(const double value)
-+{
-+ std::ostringstream os;
-+ os.imbue(std::locale::classic());
-+ os << std::fixed << std::setprecision(8) << value;
-+ return os.str().c_str();
-+}
-+
-+}
-+
- class OdsGeneratorPrivate : public OdfGenerator
- {
- public:
-@@ -968,10 +983,10 @@ void OdsGenerator::openSheetCell(const
librevenge::RVNGPropertyList &propList)
- // we need the maximum precision here,
so we must avoid getStr() when possible
- librevenge::RVNGString value;
- if
(propList["librevenge:value"]->getUnit()==librevenge::RVNG_GENERIC)
-- value.sprintf("%.8f",
propList["librevenge:value"]->getDouble());
-+ value =
makePreciseStr(propList["librevenge:value"]->getDouble());
- else if
(propList["librevenge:value"]->getUnit()==librevenge::RVNG_PERCENT)
- {
-- value.sprintf("%.8f",
propList["librevenge:value"]->getDouble()*100.);
-+ value =
makePreciseStr(propList["librevenge:value"]->getDouble()*100.);
- value.append('%');
- }
- else
---
-2.7.4
-
diff --git a/external/libodfgen/ExternalProject_libodfgen.mk
b/external/libodfgen/ExternalProject_libodfgen.mk
index 679598542b30..a32e3786e7f6 100644
--- a/external/libodfgen/ExternalProject_libodfgen.mk
+++ b/external/libodfgen/ExternalProject_libodfgen.mk
@@ -16,6 +16,7 @@ $(eval $(call gb_ExternalProject_register_targets,libodfgen,\
))
$(eval $(call gb_ExternalProject_use_externals,libodfgen,\
+ libxml2 \
revenge \
))
@@ -34,10 +35,11 @@ $(call gb_ExternalProject_get_state_target,libodfgen,build)
:
--disable-werror \
--disable-weffc \
--without-docs \
- --with-sharedptr=c++11 \
$(if
$(verbose),--disable-silent-rules,--enable-silent-rules) \
CXXFLAGS="$(gb_CXXFLAGS) $(if
$(ENABLE_OPTIMIZED),$(gb_COMPILEROPTFLAGS),$(gb_COMPILERNOOPTFLAGS))" \
CPPFLAGS="$(CPPFLAGS) $(if $(SYSTEM_REVENGE),,$(if
$(filter-out MSC,$(COM)),-DLIBREVENGE_VISIBILITY))" \
+ XML_CFLAGS="$(LIBXML_CFLAGS)" \
+ XML_LIBS="$(LIBXML_LIBS)" \
$(if $(filter LINUX,$(OS)),$(if $(SYSTEM_REVENGE),, \
'LDFLAGS=-Wl$(COMMA)-z$(COMMA)origin \
-Wl$(COMMA)-rpath$(COMMA)\$$$$ORIGIN'))
\
diff --git a/external/libodfgen/Library_odfgen.mk
b/external/libodfgen/Library_odfgen.mk
index 946fa9081452..b67f5ad89715 100644
--- a/external/libodfgen/Library_odfgen.mk
+++ b/external/libodfgen/Library_odfgen.mk
@@ -12,6 +12,7 @@ $(eval $(call gb_Library_Library,odfgen))
$(eval $(call gb_Library_use_unpacked,odfgen,libodfgen))
$(eval $(call gb_Library_use_externals,odfgen,\
+ libxml2 \
revenge \
))
@@ -26,7 +27,6 @@ $(eval $(call gb_Library_add_defs,odfgen,\
-DDLL_EXPORT \
-DLIBODFGEN_BUILD \
-DNDEBUG \
- -DSHAREDPTR_STD \
-DPACKAGE=\"libodfgen\" \
-DVERSION=\"0.1.$(ODFGEN_VERSION_MICRO)\" \
))
@@ -40,6 +40,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,odfgen,\
UnpackedTarball/libodfgen/src/GraphicStyle \
UnpackedTarball/libodfgen/src/InternalHandler \
UnpackedTarball/libodfgen/src/ListStyle \
+ UnpackedTarball/libodfgen/src/NumberingStyle \
UnpackedTarball/libodfgen/src/OdcGenerator \
UnpackedTarball/libodfgen/src/OdfGenerator \
UnpackedTarball/libodfgen/src/OdgGenerator \
diff --git a/external/libodfgen/UnpackedTarball_libodfgen.mk
b/external/libodfgen/UnpackedTarball_libodfgen.mk
index c4ea2939f4cb..d6c84e517970 100644
--- a/external/libodfgen/UnpackedTarball_libodfgen.mk
+++ b/external/libodfgen/UnpackedTarball_libodfgen.mk
@@ -29,12 +29,4 @@ $(eval $(call gb_UnpackedTarball_add_patches,libodfgen, \
endif
endif
-# * external/libodfgen/c++11.patch: obsoleted upstream by
-#
<https://sourceforge.net/p/libwpd/libodfgen/ci/e11112e50562de4f3252227bfba175ededf82194/>
-# "boost::shared_ptr -> std::shared_ptr"
-$(eval $(call gb_UnpackedTarball_add_patches,libodfgen, \
-
external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
\
- external/libodfgen/c++11.patch \
-))
-
# vim: set noet sw=4 ts=4:
diff --git a/external/libodfgen/c++11.patch b/external/libodfgen/c++11.patch
deleted file mode 100644
index f41d1a166964..000000000000
--- a/external/libodfgen/c++11.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-# Add -std=c++11 before existing CXXFLAGS, in case those already contain some
-std= (which will thus
-# override the preceding -std=c++11, which is likely what the caller passing
in those CXXFLAGS
-# intends):
-#
-#--- configure.ac
-#+++ configure.ac
-#@@ -217,7 +217,7 @@
-# AS_IF([test "x$with_sharedptr" = "xc++11"], [
-# AC_MSG_CHECKING([for c++11 shared ptr])
-# save_CXXFLAGS="$CXXFLAGS"
-#- CXXFLAGS="$CXXFLAGS -std=c++11"
-#+ CXXFLAGS="-std=c++11 $CXXFLAGS"
-# AC_COMPILE_IFELSE([
-# AC_LANG_PROGRAM(
-# [[#include <memory>]],
-#@@ -241,7 +241,7 @@
-# AC_MSG_RESULT([no])
-# ], [
-# AC_MSG_RESULT([yes])
-#- CXXFLAGS="$CXXFLAGS -std=c++11"
-#+ CXXFLAGS="-std=c++11 $CXXFLAGS"
-# ])
-# ])
-# AS_IF([test "x$with_sharedptr" = "xtr1"], [
---- configure
-+++ configure
-@@ -16723,7 +16723,7 @@
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++11 shared ptr"
>&5
- $as_echo_n "checking for c++11 shared ptr... " >&6; }
- save_CXXFLAGS="$CXXFLAGS"
-- CXXFLAGS="$CXXFLAGS -std=c++11"
-+ CXXFLAGS="-std=c++11 $CXXFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -16780,7 +16780,7 @@
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
-- CXXFLAGS="$CXXFLAGS -std=c++11"
-+ CXXFLAGS="-std=c++11 $CXXFLAGS"
-
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
diff --git a/external/libodfgen/libodfgen-bundled-soname.patch.0
b/external/libodfgen/libodfgen-bundled-soname.patch.0
index 052ba795e40e..f5c0caf8d6d1 100644
--- a/external/libodfgen/libodfgen-bundled-soname.patch.0
+++ b/external/libodfgen/libodfgen-bundled-soname.patch.0
@@ -1,9 +1,8 @@
diff -urN src/Makefile.in.orig src/Makefile.in
--- src/Makefile.in.orig 2016-03-02 17:17:02.812606210 +0100
+++ src/Makefile.in 2016-03-02 17:17:25.176670151 +0100
-@@ -355,7 +355,7 @@
- AM_CXXFLAGS = -I$(top_srcdir)/inc/ $(REVENGE_CFLAGS) $(DEBUG_CXXFLAGS)
-DLIBODFGEN_BUILD
- libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LIBADD =
@LIBODFGEN_WIN32_RESOURCE@ $(REVENGE_LIBS)
+@@ -355,6 +355,6 @@
+ libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LIBADD =
@LIBODFGEN_WIN32_RESOURCE@ $(REVENGE_LIBS) $(XML_LIBS)
libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_DEPENDENCIES
= @LIBODFGEN_WIN32_RESOURCE@
-libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LDFLAGS =
$(version_info) -export-dynamic -no-undefined
+libodfgen_@LIBODFGEN_MAJOR_VERSION@_@LIBODFGEN_MINOR_VERSION@_la_LDFLAGS =
$(version_info) -export-dynamic -no-undefined -release lo
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index d55a4ee06ed0..4a6af17fd819 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -313,11 +313,10 @@
"dest-filename": "libmwaw-0.3.17.tar.xz"
},
{
- "url":
"https://dev-www.libreoffice.org/src/libodfgen-0.1.6.tar.bz2";,
- "sha256":
"2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2",
+ "url":
"https://dev-www.libreoffice.org/src/libodfgen-0.1.8.tar.xz";,
+ "sha256":
"55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625",
"type": "file",
- "dest": "external/tarballs",
- "dest-filename": "libodfgen-0.1.6.tar.bz2"
+ "dest-filename": "external/tarballs/libodfgen-0.1.8.tar.xz"
},
{
"url":
"https://dev-www.libreoffice.org/src/libpagemaker-0.0.4.tar.xz";,
commit dc4fc4a2f068ea6a1633249dab0a9ca4813fb967
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 5 19:40:49 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 11:15:50 2021 +0100
libjpeg-turbo: add patch for CVE-2020-17541
Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70)
diff --git a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
index a99df67bb011..5440d16ecfc1 100644
--- a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
+++ b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
@@ -19,6 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libjpeg-turbo,\
external/libjpeg-turbo/jpeg-turbo.build.patch.1 \
$(if $(filter
WNT,$(OS)),external/libjpeg-turbo/jpeg-turbo.win_build.patch.1) \
external/libjpeg-turbo/ubsan.patch \
+ external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
\
))
# vim: set noet sw=4 ts=4:
diff --git
a/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
new file mode 100644
index 000000000000..cc3da737e7b0
--- /dev/null
+++ b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
@@ -0,0 +1,38 @@
+From c76f4a08263b0cea40d2967560ac7c21f6959079 Mon Sep 17 00:00:00 2001
+From: DRC <informat...@libjpeg-turbo.org>
+Date: Thu, 5 Dec 2019 13:12:28 -0600
+Subject: [PATCH] Huffman enc.: Fix very rare local buffer overrun
+
+... detected by ASan. This is a similar issue to the issue that was
+fixed with 402a715f82313384ef4606660c32d8678c79f197. Apparently it is
+possible to create a malformed JPEG image that exceeds the Huffman
+encoder's 256-byte local buffer when attempting to losslessly tranform
+the image. That makes sense, given that it was necessary to extend the
+Huffman decoder's local buffer to 512 bytes in order to handle all
+pathological cases (refer to 0463f7c9aad060fcd56e98d025ce16185279e2bc.)
+
+Since this issue affected only lossless transformation, a workflow that
+isn't generally exposed to arbitrary data exploits, and since the
+overrun did not overflow the stack (i.e. it did not result in a segfault
+or other user-visible issue, and valgrind didn't even detect it), it did
+not likely pose a security risk.
+
+Fixes #392
+---
+ ChangeLog.md | 10 ++++++++++
+ jchuff.c | 2 +-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/jchuff.c b/jchuff.c
+index 206958e2f..cb05055d9 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -432,7 +432,7 @@ dump_buffer(working_state *state)
+ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
+ * larger than 200 bytes.
+ */
+-#define BUFSIZE (DCTSIZE2 * 4)
++#define BUFSIZE (DCTSIZE2 * 8)
+
+ #define LOAD_BUFFER() { \
+ if (state->free_in_buffer < BUFSIZE) { \
