RepositoryExternal.mk | 2
download.lst | 28
+-
external/curl/ExternalPackage_curl.mk | 4
external/curl/ExternalProject_curl.mk | 7
external/curl/curl-7.26.0_win-proxy.patch | 2
external/curl/curl-msvc-disable-protocols.patch.1 | 7
external/curl/zlib.patch.0 | 4
external/expat/expat-winapi.patch | 11
+
external/icu/UnpackedTarball_icu.mk | 2
external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 | 94
++++++++++
external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 | 39
++++
external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk | 1
external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 | 38
++++
external/libxml2/libxml2-config.patch.1 | 4
external/libxml2/libxml2-global-symbols.patch | 4
external/libxslt/UnpackedTarball_libxslt.mk | 1
external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69
-------
external/libxslt/rpath.patch.0 | 2
xmlsecurity/inc/xmlsec-wrapper.h | 4
xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 4
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4
21 files changed, 230 insertions(+), 101 deletions(-)
New commits:
commit 4f4c55b5199f0dbaf1f1beeffeeaaa9ca8efcb2f
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Feb 21 11:33:21 2022 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:27:47 2022 +0200
libxml2: upgrade to release 2.9.13
Fixes CVE-2022-23308
Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130259
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130296
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index 24f6ae31ef99..f17901ded4b6 100644
--- a/download.lst
+++ b/download.lst
@@ -156,9 +156,9 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4
export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
-export LIBXML_SHA256SUM :=
c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
-export LIBXML_VERSION_MICRO := 12
-export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
+export LIBXML_SHA256SUM :=
276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e
+export LIBXML_VERSION_MICRO := 13
+export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.xz
export LIBXSLT_SHA256SUM :=
8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79
export LIBXSLT_VERSION_MICRO := 35
export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz
commit f18c7d33d34f33b2c3cb1f132f878127d4fed8ea
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Feb 19 16:53:58 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:24:13 2022 +0200
upgrade to expat 2.4.6
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130157
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130294
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index f785fe0e19cb..24f6ae31ef99 100644
--- a/download.lst
+++ b/download.lst
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM :=
e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
export ETONYEK_VERSION_MICRO := 9
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM :=
5963005ff8720735beb2d2db669afc681adcbcb43dd1eb397d5c2dd7adbc631f
-export EXPAT_TARBALL := expat-2.4.4.tar.gz
+export EXPAT_SHA256SUM :=
de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b
+export EXPAT_TARBALL := expat-2.4.6.tar.xz
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
commit 3a53a59c0c82fdfdeef96efc8dc8230975eb1687
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Feb 17 11:04:01 2022 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:15:22 2022 +0200
libxslt: upgrade to release 1.1.35
Fixes CVE-2021-30560
Change-Id: I334662ddc40955780321133be9aee23858e04dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130023
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit d74fbedd96c9563e1f6bb245dc7e136b30bc5e84)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130080
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 715c6919b2b4..f785fe0e19cb 100644
--- a/download.lst
+++ b/download.lst
@@ -159,9 +159,9 @@ export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
export LIBXML_SHA256SUM :=
c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
export LIBXML_VERSION_MICRO := 12
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
-export LIBXSLT_SHA256SUM :=
98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
-export LIBXSLT_VERSION_MICRO := 34
-export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz
+export LIBXSLT_SHA256SUM :=
8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79
+export LIBXSLT_VERSION_MICRO := 35
+export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.xz
export LPSOLVE_SHA256SUM :=
171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695
export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz
export LXML_SHA256SUM :=
940caef1ec7c78e0c34b0f6b94fe42d0f2022915ffc78643d28538a5cfd0f40e
diff --git a/external/libxslt/UnpackedTarball_libxslt.mk
b/external/libxslt/UnpackedTarball_libxslt.mk
index b035e99f0a79..eae318ef74b9 100644
--- a/external/libxslt/UnpackedTarball_libxslt.mk
+++ b/external/libxslt/UnpackedTarball_libxslt.mk
@@ -19,7 +19,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\
external/libxslt/libxslt-msvc.patch.2 \
external/libxslt/libxslt-1.1.26-memdump.patch \
external/libxslt/rpath.patch.0 \
- external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
deleted file mode 100644
index f82c2e4f77ee..000000000000
--- a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
+++ /dev/null
@@ -1,69 +0,0 @@
-From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001
-From: Chun-wei Fan <fanchun...@src.gnome.org>
-Date: Tue, 12 Nov 2019 17:37:05 +0800
-Subject: [PATCH] win32: Add configuration for profiler
-
-Without this the generated xsltconfig.h will not be complete as there
-will be a configuration variable that is left in the header, breaking
-builds.
-
-This will allow one to enable or disable profiler support in Windows
-builds, and the default is to enable this.
----
- win32/configure.js | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/win32/configure.js b/win32/configure.js
-index 56694cce..12c99f30 100644
---- a/win32/configure.js
-+++ b/win32/configure.js
-@@ -47,6 +47,7 @@ var withIconv = true;
- var withZlib = false;
- var withCrypto = true;
- var withModules = false;
-+var withProfiler = true;
- /* Win32 build options. */
- var dirSep = "\\";
- var compiler = "msvc";
-@@ -106,6 +107,7 @@ function usage()
- txt += " zlib: Use zlib library (" + (withZlib? "yes" : "no") +
")\n";
- txt += " crypto: Enable Crypto support (" + (withCrypto? "yes" :
"no") + ")\n";
- txt += " modules: Enable Module support (" + (withModules? "yes" :
"no") + ")\n";
-+ txt += " profiler: Enable Profiler support (" + (withProfiler? "yes"
: "no") + ")\n";
- txt += "\nWin32 build options, default value given in parentheses:\n\n";
- txt += " compiler: Compiler to be used [msvc|mingw] (" + compiler +
")\n";
- txt += " cruntime: C-runtime compiler option (only msvc) (" +
cruntime + ")\n";
-@@ -192,6 +194,7 @@ function discoverVersion()
- vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0"));
- vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0"));
- vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0"));
-+ vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0"));
- vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
- vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
- vf.WriteLine("PREFIX=" + buildPrefix);
-@@ -240,6 +243,8 @@ function configureXslt()
- of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/,
withDebugger? "1" : "0"));
- } else if (s.search(/\@WITH_MODULES\@/) != -1) {
- of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules?
"1" : "0"));
-+ } else if (s.search(/\@WITH_PROFILER\@/) != -1) {
-+ of.WriteLine(s.replace(/\@WITH_PROFILER\@/,
withProfiler? "1" : "0"));
- } else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) {
-
of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL"));
- } else
-@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error ==
0); i++) {
- withCrypto = strToBool(arg.substring(opt.length + 1,
arg.length));
- else if (opt == "modules")
- withModules = strToBool(arg.substring(opt.length + 1,
arg.length));
-+ else if (opt == "profiler")
-+ withProfiler = strToBool(arg.substring(opt.length + 1,
arg.length));
- else if (opt == "compiler")
- compiler = arg.substring(opt.length + 1, arg.length);
- else if (opt == "cruntime")
-@@ -477,6 +484,7 @@ txtOut += " Use iconv: " + boolToStr(withIconv) +
"\n";
- txtOut += " With zlib: " + boolToStr(withZlib) + "\n";
- txtOut += " Crypto: " + boolToStr(withCrypto) + "\n";
- txtOut += " Modules: " + boolToStr(withModules) + "\n";
-+txtOut += " Profiler: " + boolToStr(withProfiler) + "\n";
- txtOut += "\n";
- txtOut += "Win32 build configuration\n";
- txtOut += "-------------------------\n";
diff --git a/external/libxslt/rpath.patch.0 b/external/libxslt/rpath.patch.0
index 78c4859251df..798bccec750e 100644
--- a/external/libxslt/rpath.patch.0
+++ b/external/libxslt/rpath.patch.0
@@ -7,4 +7,4 @@
+hardcode_libdir_flag_spec=
;;
- netbsd*)
+ netbsd* | netbsdelf*-gnu)
commit bd83064f9eb224215f66a6064cb5aee4a9d7ba01
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Jan 28 19:40:40 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:06:58 2022 +0200
upgrade expat to 2.4.4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129072
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 8b537d5b40c617c29cf7ca19e63ab882525cf3aa)
Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129212
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index df3496b23488..715c6919b2b4 100644
--- a/download.lst
+++ b/download.lst
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM :=
e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
export ETONYEK_VERSION_MICRO := 9
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM :=
2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40
-export EXPAT_TARBALL := expat-2.4.1.tar.bz2
+export EXPAT_SHA256SUM :=
5963005ff8720735beb2d2db669afc681adcbcb43dd1eb397d5c2dd7adbc631f
+export EXPAT_TARBALL := expat-2.4.4.tar.gz
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
diff --git a/external/expat/expat-winapi.patch
b/external/expat/expat-winapi.patch
index bd4da1472fc8..7eae7d5d6139 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -13,15 +13,12 @@
--- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100
+++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600
+0100
-@@ -92,6 +92,11 @@
+@@ -64,6 +64,8 @@
+ #endif
- #include <expat_config.h>
-
-+#ifdef _WIN32
+ #ifdef _WIN32
+# undef HAVE_GETRANDOM
+# undef HAVE_SYSCALL_GETRANDOM
-+#endif
-+
- #include "ascii.h"
- #include "expat.h"
- #include "siphash.h"
+ /* force stdlib to define rand_s() */
+ # if ! defined(_CRT_RAND_S)
+ # define _CRT_RAND_S
commit 8a0102ff2acdc5bc788d4e3ed1c7f1b34f73c1e6
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 20 17:05:44 2021 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:05:35 2022 +0200
only use X509Data
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128110
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
index c060c8bf23b8..2d06dcfdd549 100644
--- a/xmlsecurity/inc/xmlsec-wrapper.h
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -43,6 +43,10 @@
#include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/x509.h>
+#endif
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+#include <xmlsec/mscng/x509.h>
#endif
#endif
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index 83f3820660d0..799b3ee50ad6 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -229,6 +229,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |=
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST
xmlSecMSCngKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
//The documentation says that the signature is only valid if the return
value is 0 (that is, not < 0)
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not
make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index 2cd4b40f1965..19142b49757b 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -244,6 +244,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |=
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ // limit possible key data to valid X509 certificates only, no
KeyValues
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData),
BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
+ throw RuntimeException("failed to limit allowed key data");
+
//Verify signature
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
commit 5c9c91be6353330da222beee36e6ac5945d92b3b
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 5 18:33:07 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 19:02:10 2022 +0200
icu: add patch for CVE-2021-30535
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124779
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 35eef8ec9b122a761400f3c6590ca1f9a187d772)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124701
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 105c258fcdd69f617de64b780ffcdb8304ff262c)
Change-Id: I398596f77aa47ab6d4db01b94422262048cffd3e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124838
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/external/icu/UnpackedTarball_icu.mk
b/external/icu/UnpackedTarball_icu.mk
index a5416b7ee078..a0ab0b9af4c5 100644
--- a/external/icu/UnpackedTarball_icu.mk
+++ b/external/icu/UnpackedTarball_icu.mk
@@ -40,6 +40,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\
external/icu/char8_t.patch \
external/icu/CVE-2018-18928.patch.2 \
external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 \
+ external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2 \
+ external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2 \
))
$(eval $(call
gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict))
diff --git a/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2
b/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2
new file mode 100644
index 000000000000..1ded56abf524
--- /dev/null
+++ b/external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2
@@ -0,0 +1,94 @@
+From cec7de7a390dd6907b0ea0feb4488ed3934ee71d Mon Sep 17 00:00:00 2001
+From: Frank Tang <ft...@chromium.org>
+Date: Tue, 16 Mar 2021 22:08:29 -0700
+Subject: [PATCH] ICU-21537 Fix invalid free by long locale name
+
+Do not free baseName if it is pointing to fullNameBuffer.
+
+Better Fix
+---
+ icu4c/source/common/locid.cpp | 9 +++++----
+ icu4c/source/test/intltest/collationtest.cpp | 10 ++++++++++
+ 2 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/icu4c/source/common/locid.cpp b/icu4c/source/common/locid.cpp
+index 5d604350ecd..e16fbb724a4 100644
+--- a/icu4c/source/common/locid.cpp
++++ b/icu4c/source/common/locid.cpp
+@@ -254,7 +254,7 @@ UOBJECT_DEFINE_RTTI_IMPLEMENTATION(Locale)
+
+ Locale::~Locale()
+ {
+- if (baseName != fullName) {
++ if ((baseName != fullName) && (baseName != fullNameBuffer)) {
+ uprv_free(baseName);
+ }
+ baseName = NULL;
+@@ -466,7 +466,7 @@ Locale& Locale::operator=(const Locale& other) {
+ }
+
+ Locale& Locale::operator=(Locale&& other) U_NOEXCEPT {
+- if (baseName != fullName) uprv_free(baseName);
++ if ((baseName != fullName) && (baseName != fullNameBuffer))
uprv_free(baseName);
+ if (fullName != fullNameBuffer) uprv_free(fullName);
+
+ if (other.fullName == other.fullNameBuffer) {
+@@ -1850,7 +1850,7 @@ Locale& Locale::init(const char* localeID, UBool
canonicalize)
+ {
+ fIsBogus = FALSE;
+ /* Free our current storage */
+- if (baseName != fullName) {
++ if ((baseName != fullName) && (baseName != fullNameBuffer)) {
+ uprv_free(baseName);
+ }
+ baseName = NULL;
+@@ -1886,6 +1886,7 @@ Locale& Locale::init(const char* localeID, UBool
canonicalize)
+ uloc_getName(localeID, fullName, sizeof(fullNameBuffer), &err);
+
+ if(err == U_BUFFER_OVERFLOW_ERROR || length >=
(int32_t)sizeof(fullNameBuffer)) {
++ U_ASSERT(baseName == nullptr);
+ /*Go to heap for the fullName if necessary*/
+ fullName = (char *)uprv_malloc(sizeof(char)*(length + 1));
+ if(fullName == 0) {
+@@ -2039,7 +2040,7 @@ Locale::hashCode() const
+ void
+ Locale::setToBogus() {
+ /* Free our current storage */
+- if(baseName != fullName) {
++ if((baseName != fullName) && (baseName != fullNameBuffer)) {
+ uprv_free(baseName);
+ }
+ baseName = NULL;
+diff --git a/icu4c/source/test/intltest/collationtest.cpp
b/icu4c/source/test/intltest/collationtest.cpp
+index de51eece5c4..4f1fee9375e 100644
+--- a/icu4c/source/test/intltest/collationtest.cpp
++++ b/icu4c/source/test/intltest/collationtest.cpp
+@@ -78,6 +78,7 @@ class CollationTest : public IntlTest {
+ void TestRootElements();
+ void TestTailoredElements();
+ void TestDataDriven();
++ void TestLongLocale();
+
+ private:
+ void checkFCD(const char *name, CollationIterator &ci, CodePointIterator
&cpi);
+@@ -148,6 +149,7 @@ void CollationTest::runIndexedTest(int32_t index, UBool
exec, const char *&name,
+ TESTCASE_AUTO(TestRootElements);
+ TESTCASE_AUTO(TestTailoredElements);
+ TESTCASE_AUTO(TestDataDriven);
++ TESTCASE_AUTO(TestLongLocale);
+ TESTCASE_AUTO_END;
+ }
+
+@@ -1852,4 +1854,12 @@ void CollationTest::TestDataDriven() {
+ }
+ }
+
++void CollationTest::TestLongLocale() {
++ IcuTestErrorCode errorCode(*this, "TestLongLocale");
++ Locale
longLocale("sie__1G_C_CEIE_CEZCX_CSUE_E_EIESZNI2_GB_LM_LMCSUE_LMCSX_"
++ "LVARIANT_MMCSIE_STEU_SU1GCEIE_SU6G_SU6SU6G_U_UBGE_UC_"
++ "UCEZCSI_UCIE_UZSIU_VARIANT_X@collation=bcs-ukvsz");
++ LocalPointer<Collator> coll(Collator::createInstance(longLocale,
errorCode));
++}
++
+ #endif // !UCONFIG_NO_COLLATION
diff --git a/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2
b/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2
new file mode 100644
index 000000000000..4709cd8c37fd
--- /dev/null
+++ b/external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2
@@ -0,0 +1,39 @@
+From e450fa50fc242282551f56b941dc93b9a8a0bcbb Mon Sep 17 00:00:00 2001
+From: Frank Tang <ft...@chromium.org>
+Date: Tue, 13 Apr 2021 15:16:50 -0700
+Subject: [PATCH] ICU-21587 Fix memory bug w/ baseName
+
+Edge cases not fixed in assign and move assign operator
+while the locale is long and call setKeywordValue with incorrect
+keyword/values.
+---
+ icu4c/source/common/locid.cpp | 11 +++++++++--
+ icu4c/source/test/intltest/loctest.cpp | 26 ++++++++++++++++++++++++++
+ icu4c/source/test/intltest/loctest.h | 2 ++
+ 3 files changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/icu4c/source/common/locid.cpp b/icu4c/source/common/locid.cpp
+index 02cd82a7b8e..3c6e5b06690 100644
+--- a/icu4c/source/common/locid.cpp
++++ b/icu4c/source/common/locid.cpp
+@@ -469,14 +469,18 @@ Locale& Locale::operator=(Locale&& other) U_NOEXCEPT {
+ if ((baseName != fullName) && (baseName != fullNameBuffer))
uprv_free(baseName);
+ if (fullName != fullNameBuffer) uprv_free(fullName);
+
+- if (other.fullName == other.fullNameBuffer) {
++ if (other.fullName == other.fullNameBuffer || other.baseName ==
other.fullNameBuffer) {
+ uprv_strcpy(fullNameBuffer, other.fullNameBuffer);
++ }
++ if (other.fullName == other.fullNameBuffer) {
+ fullName = fullNameBuffer;
+ } else {
+ fullName = other.fullName;
+ }
+
+- if (other.baseName == other.fullName) {
++ if (other.baseName == other.fullNameBuffer) {
++ baseName = fullNameBuffer;
++ } else if (other.baseName == other.fullName) {
+ baseName = fullName;
+ } else {
+ baseName = other.baseName;
commit f745c1d0681b00681ab166d53d49a172984a1ff2
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Nov 16 14:41:57 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 18:20:18 2022 +0200
postgresql: upgrade to release 13.5
Fixes CVE-2021-23222.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125334
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 882316a89fbc..df3496b23488 100644
--- a/download.lst
+++ b/download.lst
@@ -208,8 +208,8 @@ export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM :=
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
export POPPLER_TARBALL := poppler-21.01.0.tar.xz
-export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
-export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
+export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
+export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
export PYTHON_TARBALL := Python-3.5.9.tar.xz
export QXP_SHA256SUM :=
e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
commit 1028e098615a8d5300f6ccc1ee193e1acb0cb6b3
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Nov 9 12:35:04 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 18:02:42 2022 +0200
openldap: upgrade to release 2.4.59
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b7c670984e4af1c73fa05731ca8029cec487bd52)
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124953
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 32a244d3ffdc..882316a89fbc 100644
--- a/download.lst
+++ b/download.lst
@@ -190,8 +190,8 @@ export ODFVALIDATOR_SHA256SUM :=
984f2a479df79e27e7b01a5815ac53ae64e07746b882262
export ODFVALIDATOR_JAR :=
odfvalidator-1.2.0-incubating-SNAPSHOT-jar-with-dependencies-971c54fd38a968f5860014b44301872706f9e540.jar
export OFFICEOTRON_SHA256SUM :=
f2443f27561af52324eee03a1892d9f569adc8db9e7bca55614898bc2a13a770
export OFFICEOTRON_JAR :=
8249374c274932a21846fa7629c2aa9b-officeotron-0.7.4-master.jar
-export OPENLDAP_SHA256SUM :=
cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824
-export OPENLDAP_TARBALL := openldap-2.4.45.tgz
+export OPENLDAP_SHA256SUM :=
99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34
+export OPENLDAP_TARBALL := openldap-2.4.59.tgz
export OPENSSL_SHA256SUM :=
e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
export OPENSSL_TARBALL := openssl-1.1.1i.tar.gz
export ORCUS_SHA256SUM :=
3f48cfbc21ad74787218284939c04d42cb836c73bc393f27f538b668e4d78a5f
commit 84ac0cecf82b42e1eb65124c5195abba555c6b1f
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 5 19:40:49 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 17:57:00 2022 +0200
libjpeg-turbo: add patch for CVE-2020-17541
Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ebd556220a5045c1c81891b712648d220a168c70)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124837
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
index a99df67bb011..5440d16ecfc1 100644
--- a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
+++ b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
@@ -19,6 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libjpeg-turbo,\
external/libjpeg-turbo/jpeg-turbo.build.patch.1 \
$(if $(filter
WNT,$(OS)),external/libjpeg-turbo/jpeg-turbo.win_build.patch.1) \
external/libjpeg-turbo/ubsan.patch \
+ external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
\
))
# vim: set noet sw=4 ts=4:
diff --git
a/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
new file mode 100644
index 000000000000..cc3da737e7b0
--- /dev/null
+++ b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
@@ -0,0 +1,38 @@
+From c76f4a08263b0cea40d2967560ac7c21f6959079 Mon Sep 17 00:00:00 2001
+From: DRC <informat...@libjpeg-turbo.org>
+Date: Thu, 5 Dec 2019 13:12:28 -0600
+Subject: [PATCH] Huffman enc.: Fix very rare local buffer overrun
+
+... detected by ASan. This is a similar issue to the issue that was
+fixed with 402a715f82313384ef4606660c32d8678c79f197. Apparently it is
+possible to create a malformed JPEG image that exceeds the Huffman
+encoder's 256-byte local buffer when attempting to losslessly tranform
+the image. That makes sense, given that it was necessary to extend the
+Huffman decoder's local buffer to 512 bytes in order to handle all
+pathological cases (refer to 0463f7c9aad060fcd56e98d025ce16185279e2bc.)
+
+Since this issue affected only lossless transformation, a workflow that
+isn't generally exposed to arbitrary data exploits, and since the
+overrun did not overflow the stack (i.e. it did not result in a segfault
+or other user-visible issue, and valgrind didn't even detect it), it did
+not likely pose a security risk.
+
+Fixes #392
+---
+ ChangeLog.md | 10 ++++++++++
+ jchuff.c | 2 +-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/jchuff.c b/jchuff.c
+index 206958e2f..cb05055d9 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -432,7 +432,7 @@ dump_buffer(working_state *state)
+ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
+ * larger than 200 bytes.
+ */
+-#define BUFSIZE (DCTSIZE2 * 4)
++#define BUFSIZE (DCTSIZE2 * 8)
+
+ #define LOAD_BUFFER() { \
+ if (state->free_in_buffer < BUFSIZE) { \
commit fbdd241e64bbd651a7d0bbcac6a9f63403795ed3
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jul 21 11:57:51 2021 +0200
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 17:41:41 2022 +0200
curl: upgrade to release 7.78.0
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d)
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119423
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 6a3b785c3695..717b70efa0dc 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -2754,7 +2754,7 @@ $(call gb_LinkTarget_set_include,$(1),\
ifeq ($(COM),MSC)
$(call gb_LinkTarget_add_libs,$(1),\
- $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if
$(filter X86_64,$(CPUNAME)),x64,x86)-$(if
$(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
+ $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if
$(filter X86_64,$(CPUNAME)),x64,x86)-$(if
$(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/lib/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
)
else
$(call gb_LinkTarget_add_libs,$(1),\
diff --git a/download.lst b/download.lst
index c76f1a2deaba..32a244d3ffdc 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
cdf18794393d8bead915312708a9e5d819c6e9919de14b20d5c8e7987abd9772
-export CURL_TARBALL := curl-7.71.0.tar.xz
+export CURL_SHA256SUM :=
be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
+export CURL_TARBALL := curl-7.78.0.tar.xz
export EBOOK_SHA256SUM :=
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM :=
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/ExternalPackage_curl.mk
b/external/curl/ExternalPackage_curl.mk
index 8da569e3e0cf..1fb360c85ca9 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -14,13 +14,13 @@ $(eval $(call
gb_ExternalPackage_use_external_project,curl,curl))
ifneq ($(DISABLE_DYNLOADING),TRUE)
ifeq ($(COM),MSC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter
X86_64,$(CPUNAME)),x64,x86)-$(if
$(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter
X86_64,$(CPUNAME)),x64,x86)-$(if
$(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/bin/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
else ifeq ($(OS),MACOSX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib))
else ifeq ($(OS),AIX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.6.0))
+$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index 5cbedac82d1a..06cc96c2e8de 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -35,13 +35,13 @@ ifeq ($(SYSTEM_NSS),)
curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss
endif
-# use --with-darwinssl on macOS >10.5 and iOS to get a native UI for SSL certs
for CMIS usage
+# use --with-secure-transport on macOS >10.5 and iOS to get a native UI for
SSL certs for CMIS usage
# use --with-nss only on platforms other than macOS and iOS
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
./configure \
$(if $(filter iOS MACOSX,$(OS)),\
- --with-darwinssl,\
+ --with-secure-transport,\
$(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call
gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
--without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
@@ -49,7 +49,8 @@ $(call gb_ExternalProject_get_state_target,curl,build):
--without-libssh2 --without-metalink --without-nghttp2 \
--without-libssh --without-brotli \
--without-ngtcp2 --without-quiche \
- --disable-ares \
+ --without-zstd --without-hyper --without-gsasl
--without-gssapi \
+ --disable-mqtt --disable-ares \
--disable-dict --disable-file --disable-gopher
--disable-imap \
--disable-ldap --disable-ldaps --disable-manual
--disable-pop3 \
--disable-rtsp --disable-smb --disable-smtp
--disable-telnet \
diff --git a/external/curl/curl-7.26.0_win-proxy.patch
b/external/curl/curl-7.26.0_win-proxy.patch
index 852881570e36..46cdcc739d80 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -114,7 +114,7 @@
@@ -4663,6 +4739,7 @@
}
if(proxy)
- infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
+ infof(data, "Uses proxy env variable %s == '%s'", envp, proxy);
+#endif /* _WIN32 */
return proxy;
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1
b/external/curl/curl-msvc-disable-protocols.patch.1
index c8747a5fcc1d..a6d06c69b004 100644
--- a/external/curl/curl-msvc-disable-protocols.patch.1
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -2,18 +2,19 @@ disable protocols nobody needs in MSVC build
--- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200
+++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200
-@@ -733,4 +733,19 @@
+@@ -733,4 +733,20 @@
# define ENABLE_IPV6 1
#endif
+#define CURL_DISABLE_DICT 1
+#define CURL_DISABLE_FILE 1
-+//#undef CURL_DISABLE_FTP
++#undef CURL_DISABLE_FTP
+#define CURL_DISABLE_GOPHER 1
-+//#undef CURL_DISABLE_HTTP
++#undef CURL_DISABLE_HTTP
+#define CURL_DISABLE_IMAP 1
+#define CURL_DISABLE_LDAP 1
+#define CURL_DISABLE_LDAPS 1
++#define CURL_DISABLE_MQTT 1
+#define CURL_DISABLE_POP3 1
+#define CURL_DISABLE_RTSP 1
+#define CURL_DISABLE_SMB 1
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index 189e820d1afa..f4a0ad4b152f 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -54,8 +54,8 @@
clean_LIBS=$LIBS
-ZLIB_LIBS=""
AC_ARG_WITH(zlib,
- AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
- AC_HELP_STRING([--without-zlib],[disable use of zlib]),
+ AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
+ AS_HELP_STRING([--without-zlib],[disable use of zlib]),
[OPT_ZLIB="$withval"])
if test "$OPT_ZLIB" = "no" ; then
commit ab1a640d77bd255f2cec49b77ea02fd21420872f
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 25 10:44:13 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 17:40:09 2022 +0200
upgrade to Expat 2.4.1
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index f576c27d62b3..c76f1a2deaba 100644
--- a/download.lst
+++ b/download.lst
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM :=
e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
export ETONYEK_VERSION_MICRO := 9
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM :=
9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102
-export EXPAT_TARBALL := expat-2.2.8.tar.bz2
+export EXPAT_SHA256SUM :=
2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40
+export EXPAT_TARBALL := expat-2.4.1.tar.bz2
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
diff --git a/external/expat/expat-winapi.patch
b/external/expat/expat-winapi.patch
index b33c12b83b4c..bd4da1472fc8 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -11,3 +11,17 @@
# endif
#endif /* not defined XML_STATIC */
+--- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100
++++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600
+0100
+@@ -92,6 +92,11 @@
+
+ #include <expat_config.h>
+
++#ifdef _WIN32
++# undef HAVE_GETRANDOM
++# undef HAVE_SYSCALL_GETRANDOM
++#endif
++
+ #include "ascii.h"
+ #include "expat.h"
+ #include "siphash.h"
commit 924a37a631eeda55e3f1c32c2f0033ebf6dbd1bb
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri May 21 13:33:26 2021 +0200
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Thu Mar 31 17:10:25 2022 +0200
libxml2: upgrade to release 2.9.12
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
diff --git a/download.lst b/download.lst
index 18273be25612..f576c27d62b3 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4
export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
-export LIBXML_SHA256SUM :=
aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
-export LIBXML_VERSION_MICRO := 10
+export LIBXML_SHA256SUM :=
c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
+export LIBXML_VERSION_MICRO := 12
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
export LIBXSLT_SHA256SUM :=
98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
export LIBXSLT_VERSION_MICRO := 34
diff --git a/external/libxml2/libxml2-config.patch.1
b/external/libxml2/libxml2-config.patch.1
index 8c28fb6a7806..5a2ef1485e92 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR.
+exec_prefix=${WORKDIR}/UnpackedTarball/libxml2
+includedir=${WORKDIR}/UnpackedTarball/libxml2/include
+libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs
+ cflags=
+ libs=
- usage()
- {
@@ -67,7 +72,8 @@
;;
diff --git a/external/libxml2/libxml2-global-symbols.patch
b/external/libxml2/libxml2-global-symbols.patch
index 49ee73731562..cfec9c530281 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -14,8 +14,8 @@
LIBXML2_2.6.32 {
@@ -2231,3 +2231,43 @@
- xmlHashDefaultDeallocator;
- } LIBXML2_2.9.1;
+ xmlPopOutputCallbacks;
+ } LIBXML2_2.9.8;
+# HACK: export global variable accessor functions (globals.h)
+LIBXML2_GLOBAL_VARIABLES {
