source

Andras Timar (via logerrit) Sun, 26 Mar 2023 08:28:02 -0700

 configure.ac                                      |    2 -
 connectivity/source/drivers/hsqldb/HDriver.cxx    |   31 ++++++++++++++++++
 download.lst                                      |    8 ++--
 external/curl/asan-poison-nsspem.patch.0          |    2 -
 external/curl/curl-nss.patch.1                    |    6 +--
 external/hsqldb/UnpackedTarball_hsqldb.mk         |    1 
 external/hsqldb/patches/disable-dump-script.patch |   36 ++++++++++++++++++++++
 formula/source/core/api/token.cxx                 |   13 +++----
 sc/source/core/inc/interpre.hxx                   |   12 +++++++
 sc/source/core/tool/interpr1.cxx                  |    4 +-
 sc/source/core/tool/interpr3.cxx                  |    4 +-
 sc/source/core/tool/interpr4.cxx                  |   10 +++++-
 12 files changed, 107 insertions(+), 22 deletions(-)


New commits:
commit 5e841d59848e240e5294b222f29e8f55021ca429
Author:     Andras Timar <andras.ti...@collabora.com>
AuthorDate: Sun Mar 26 17:27:33 2023 +0200
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:27:33 2023 +0200

    Bump version to 7.2.7.2.M11
    
    Change-Id: Id6824d6808964f5bc090ab534dd32d1f2bc12963

diff --git a/configure.ac b/configure.ac
index f8ae44a0c56f..d6d8d9d9ac73 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for 
the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no 
idea.
 
-AC_INIT([LibreOffice],[7.2.7.2.M10],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[7.2.7.2.M11],[],[],[http://documentfoundation.org/])
 
 dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just 
fine if it is installed
 dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails 
hard
commit a56063c15f60a64cab007bf03dc506dd8ff4758f
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Mon Feb 27 16:10:06 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:23:52 2023 +0200

    Always push a result, even if it's only an error
    
    PERCENTILE() and QUARTILE() if an error was passed as argument (or
    an error encountered during obtaining arguments) omitted to push
    an error result, only setting the error.
    
    Fallout from
    
        commit f336f63da900d76c2bf6e5690f1c8a7bd15a0aa2
        CommitDate: Thu Mar 3 16:28:59 2016 +0000
    
            tdf#94635 Add FORECAST.ETS functions to Calc
    
    Change-Id: I23e276fb0ce735cfd6383cc963446499dcf819f4
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147922
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit 64914560e279c71ff1233f4bab851e2a292797e6)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147900
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit da8ca6920b78addc827171f53a42abdd59da9f9c)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148326
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/sc/source/core/tool/interpr3.cxx b/sc/source/core/tool/interpr3.cxx
index 9f5812a787a1..43c35cc7ac1a 100644
--- a/sc/source/core/tool/interpr3.cxx
+++ b/sc/source/core/tool/interpr3.cxx
@@ -3466,7 +3466,7 @@ void ScInterpreter::ScPercentile( bool bInclusive )
     GetNumberSequenceArray( 1, aArray, false );
     if ( aArray.empty() || nGlobalError != FormulaError::NONE )
     {
-        SetError( FormulaError::NoValue );
+        PushNoValue();
         return;
     }
     if ( bInclusive )
@@ -3489,7 +3489,7 @@ void ScInterpreter::ScQuartile( bool bInclusive )
     GetNumberSequenceArray( 1, aArray, false );
     if ( aArray.empty() || nGlobalError != FormulaError::NONE )
     {
-        SetError( FormulaError::NoValue );
+        PushNoValue();
         return;
     }
     if ( bInclusive )
commit e1f403815ad96b7b29bcb55715264cfb13bf78f4
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Fri Feb 17 12:03:54 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:23:43 2023 +0200

    Stack check safety belt before fishing in muddy waters
    
    Have it hit hard in debug builds.
    
    Change-Id: I9ea54844a0661fd7a75616a2876983a74b2d5bad
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147205
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit 9d91fbba6f374fa1c10b38eae003da89bd4e6d4b)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147902
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/sc/source/core/inc/interpre.hxx b/sc/source/core/inc/interpre.hxx
index c7b93798bc58..c80ec572f1b5 100644
--- a/sc/source/core/inc/interpre.hxx
+++ b/sc/source/core/inc/interpre.hxx
@@ -231,6 +231,7 @@ private:
     inline bool MustHaveParamCount( short nAct, short nMust );
     inline bool MustHaveParamCount( short nAct, short nMust, short nMax );
     inline bool MustHaveParamCountMin( short nAct, short nMin );
+    inline bool MustHaveParamCountMinWithStackCheck( short nAct, short nMin );
     void PushParameterExpected();
     void PushIllegalParameter();
     void PushIllegalArgument();
@@ -1085,6 +1086,17 @@ inline bool ScInterpreter::MustHaveParamCountMin( short 
nAct, short nMin )
     return false;
 }
 
+inline bool ScInterpreter::MustHaveParamCountMinWithStackCheck( short nAct, 
short nMin )
+{
+    assert(sp >= nAct);
+    if (sp < nAct)
+    {
+        PushParameterExpected();
+        return false;
+    }
+    return MustHaveParamCountMin( nAct, nMin);
+}
+
 inline bool ScInterpreter::CheckStringPositionArgument( double & fVal )
 {
     if (!std::isfinite( fVal))
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index cc710efc353e..a957b916f64a 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -7515,7 +7515,7 @@ void ScInterpreter::ScVLookup()
 void ScInterpreter::ScSubTotal()
 {
     sal_uInt8 nParamCount = GetByte();
-    if ( !MustHaveParamCountMin( nParamCount, 2 ) )
+    if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 2 ) )
         return;
 
     // We must fish the 1st parameter deep from the stack! And push it on top.
@@ -7562,7 +7562,7 @@ void ScInterpreter::ScSubTotal()
 void ScInterpreter::ScAggregate()
 {
     sal_uInt8 nParamCount = GetByte();
-    if ( !MustHaveParamCountMin( nParamCount, 3 ) )
+    if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 3 ) )
         return;
 
     const FormulaError nErr = nGlobalError;
commit bce8eaac0fdab2340be9718ed1241a98b01c0c46
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Thu Feb 16 20:20:31 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:23:27 2023 +0200

    Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions
    
    OR and AND for legacy infix notation are classified as binary
    operators but in fact are functions with parameter count. In case
    no argument is supplied, GetByte() returns 0 and for that case the
    implicit binary operator 2 parameters were wrongly assumed.
    Similar for functions expecting 1 parameter, without argument 1
    was assumed. For "real" unary and binary operators the compiler
    already checks parameters. Omit OR and AND and 1-parameter
    functions from this implicit assumption and return the actual 0
    count.
    
    Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147235
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/formula/source/core/api/token.cxx 
b/formula/source/core/api/token.cxx
index 6464f3d52b0f..60807f1e3ff0 100644
--- a/formula/source/core/api/token.cxx
+++ b/formula/source/core/api/token.cxx
@@ -93,17 +93,14 @@ sal_uInt8 FormulaToken::GetParamCount() const
         return 0;       // parameters and specials
                         // ocIf... jump commands not for FAP, have cByte then
 //2do: bool parameter whether FAP or not?
-    else if ( GetByte() )
+    else if (GetByte())
         return GetByte();   // all functions, also ocExternal and ocMacro
-    else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP)
-        return 2;           // binary
-    else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP)
-            || eOp == ocPercentSign)
-        return 1;           // unary
+    else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP && 
eOp != ocAnd && eOp != ocOr)
+        return 2;           // binary operators, compiler checked; OR and AND 
legacy but are functions
+    else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP) || 
eOp == ocPercentSign)
+        return 1;           // unary operators, compiler checked
     else if (SC_OPCODE_START_NO_PAR <= eOp && eOp < SC_OPCODE_STOP_NO_PAR)
         return 0;           // no parameter
-    else if (SC_OPCODE_START_1_PAR <= eOp && eOp < SC_OPCODE_STOP_1_PAR)
-        return 1;           // one parameter
     else if (FormulaCompiler::IsOpCodeJumpCommand( eOp ))
         return 1;           // only the condition counts as parameter
     else
diff --git a/sc/source/core/tool/interpr4.cxx b/sc/source/core/tool/interpr4.cxx
index 288d01d2eacc..1b165ff5c962 100644
--- a/sc/source/core/tool/interpr4.cxx
+++ b/sc/source/core/tool/interpr4.cxx
@@ -4019,7 +4019,15 @@ StackVar ScInterpreter::Interpret()
                 else if (sp >= pCur->GetParamCount())
                     nStackBase = sp - pCur->GetParamCount();
                 else
-                    nStackBase = sp;    // underflow?!?
+                {
+                    SAL_WARN("sc.core", "Stack anomaly at " << aPos.Format(
+                                ScRefFlags::VALID | ScRefFlags::FORCE_DOC | 
ScRefFlags::TAB_3D, &mrDoc)
+                            << "  eOp: " << static_cast<int>(eOp)
+                            << "  params: " << 
static_cast<int>(pCur->GetParamCount())
+                            << "  nStackBase: " << nStackBase << "  sp: " << 
sp);
+                    nStackBase = sp;
+                    assert(!"underflow");
+                }
             }
 
             switch( eOp )
commit e06651e87c1483bf87cbe621c521e87b76a45347
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 13 13:56:10 2023 +0000
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:22:54 2023 +0200

    disable script dump
    
    Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19

diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx 
b/connectivity/source/drivers/hsqldb/HDriver.cxx
index e4d4e399ba2a..45cca64f48da 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -290,6 +290,37 @@ namespace connectivity
                         } // if ( xStream.is() )
                         ::comphelper::disposeComponent(xStream);
                     }
+
+                    // disallow any database/script files that contain a 
"SCRIPT[.*]" entry (this is belt and braces
+                    // in that bundled hsqldb 1.8.0 is patched to also reject 
them)
+                    //
+                    // hsqldb 2.6.0 release notes have: added system role 
SCRIPT_OPS for export / import of database structure and data
+                    // which seems to provide a builtin way to do this with 
contemporary hsqldb
+                    static const OUStringLiteral sScript(u"script");
+                    if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+                    {
+                        Reference<XStream > xStream = 
xStorage->openStreamElement(sScript, ElementModes::READ);
+                        if (xStream.is())
+                        {
+                            std::unique_ptr<SvStream> 
pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+                            if (pStream)
+                            {
+                                OStringBuffer sLine;
+                                while (pStream->ReadLine(sLine))
+                                {
+                                    OString sText = 
sLine.makeStringAndClear().trim();
+                                    if 
(sText.startsWithIgnoreAsciiCase("SCRIPT"))
+                                    {
+                                        ::connectivity::SharedResources 
aResources;
+                                        sMessage = 
aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$",
 sSystemPath);
+                                        break;
+                                    }
+                                }
+                            }
+                        } // if ( xStream.is() )
+                        ::comphelper::disposeComponent(xStream);
+                    }
+
                 }
                 catch(Exception&)
                 {
diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk 
b/external/hsqldb/UnpackedTarball_hsqldb.mk
index cbba770f19a0..ed262cccf4ca 100644
--- a/external/hsqldb/UnpackedTarball_hsqldb.mk
+++ b/external/hsqldb/UnpackedTarball_hsqldb.mk
@@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
                external/hsqldb/patches/jdbc-4.1.patch \
                external/hsqldb/patches/multipleResultSets.patch \
        ) \
+       external/hsqldb/patches/disable-dump-script.patch \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/hsqldb/patches/disable-dump-script.patch 
b/external/hsqldb/patches/disable-dump-script.patch
new file mode 100644
index 000000000000..13e0213f7e57
--- /dev/null
+++ b/external/hsqldb/patches/disable-dump-script.patch
@@ -0,0 +1,36 @@
+--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
11:08:11.297243034 +0000
++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
13:49:17.973089433 +0000
+@@ -392,31 +392,19 @@
+      */
+     private Result processScript() throws IOException, HsqlException {
+ 
+-        String           token = tokenizer.getString();
+-        ScriptWriterText dsw   = null;
++        tokenizer.getString();
+ 
+         session.checkAdmin();
+ 
+         try {
+             if (tokenizer.wasValue()) {
+-                if (tokenizer.getType() != Types.VARCHAR) {
+-                    throw Trace.error(Trace.INVALID_IDENTIFIER);
+-                }
+-
+-                dsw = new ScriptWriterText(database, token, true, true, true);
+-
+-                dsw.writeAll();
+-
+-                return new Result(ResultConstants.UPDATECOUNT);
++                throw Trace.error(Trace.ACCESS_IS_DENIED);
+             } else {
+                 tokenizer.back();
+ 
+                 return DatabaseScript.getScript(database, false);
+             }
+         } finally {
+-            if (dsw != null) {
+-                dsw.close();
+-            }
+         }
+     }
+ 
commit f09a6450186ad60dc74109174ad306bef08d9280
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Mar 21 10:46:46 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:20:58 2023 +0200

    curl: upgrade to release 8.0.1
    
    Apparently 8.0.0 had a serious regression.
    
    Change-Id: Icc761f5e5e01b5d9bebecc13f7cba608f5834f54
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149212
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/download.lst b/download.lst
index 9940aa007886..30077b0da278 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc
-export CURL_TARBALL := curl-8.0.0.tar.xz
+export CURL_SHA256SUM := 
0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0
+export CURL_TARBALL := curl-8.0.1.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
commit ec7cd0fd095b9506f9040596444636da81f4c5a3
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Mar 20 11:52:22 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:20:49 2023 +0200

    curl: upgrade to release 8.0.0
    
    Fixes CVE-2023-27535.
    
    Also hopefully fixes excessive storage consumption during build:
    o build: drop the use of XC_AMEND_DISTCLEAN [62]
    
    Change-Id: I8792e95bc7634ee496488e80fec5a1310b24a31c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149153
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149211
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/download.lst b/download.lst
index 714eb6d21fc9..9940aa007886 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
-export CURL_TARBALL := curl-7.88.1.tar.xz
+export CURL_SHA256SUM := 
759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc
+export CURL_TARBALL := curl-8.0.0.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
commit 2b64fd223f0f6fb3449b3fd8242ab387c960bfd7
Author:     Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Thu Feb 23 15:31:02 2023 +0900
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:20:41 2023 +0200

    curl: upgrade to release 7.88.1
    
    Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO.
    
    Reference: https://curl.se/docs/security.html
    
    Change-Id: If9b3fc7c5ce66bfe1027caff39ea2c1cf55df7ad
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147977
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 6074d16b8c631e679a67364837d4ca9799731152)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147987
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/download.lst b/download.lst
index 1cb33c935563..714eb6d21fc9 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff
-export CURL_TARBALL := curl-7.87.0.tar.xz
+export CURL_SHA256SUM := 
1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
+export CURL_TARBALL := curl-7.88.1.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/asan-poison-nsspem.patch.0 
b/external/curl/asan-poison-nsspem.patch.0
index 1f490bd6bf86..b348d44ee573 100644
--- a/external/curl/asan-poison-nsspem.patch.0
+++ b/external/curl/asan-poison-nsspem.patch.0
@@ -1,6 +1,6 @@
 --- lib/vtls/nss.c
 +++ lib/vtls/nss.c
-@@ -1945,7 +1945,7 @@
+@@ -1926,7 +1926,7 @@
  
    PK11_SetPasswordFunc(nss_get_password);
  
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index 2128849369e7..2e8766b3d45f 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,7 +1,7 @@
 diff -ur curl.org/configure curl/configure
---- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
-+++ curl/configure     2016-03-13 15:16:44.132000076 +0100
-@@ -28230,7 +28230,12 @@
+--- curl.orig/configure        2023-02-20 16:11:55.000000000 +0900
++++ curl/configure     2023-02-23 15:40:58.617432471 +0900
+@@ -28675,7 +28675,12 @@
        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired 
libraries and compilation flags for NSS." >&5
  printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation 
flags for NSS." >&2;}
        addld="-L$OPT_NSS/lib"
commit 6b47fc4d39fac6a516b4017d9e92366210be2360
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Feb 21 11:11:42 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 17:20:22 2023 +0200

    nss: upgrade to release 3.88.1
    
    Fixes CVE-2023-0767 CVE-2022-3479
    
    Change-Id: I688dc7d0785ed3344c33e331c7e9ef37baa720ee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147387
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 538975a0e511ad79a7dd3c71300b993d1554cd03)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147360
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit 389cdfa04fbf7bffde6af9e6c87325579e3e136a)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147372
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/download.lst b/download.lst
index 909f93b8d5a8..1cb33c935563 100644
--- a/download.lst
+++ b/download.lst
@@ -193,8 +193,8 @@ export MYTHES_SHA256SUM := 
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
 export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
 export NEON_SHA256SUM := 
cf1ee3ac27a215814a9c80803fcee4f0ede8466ebead40267a9bd115e16a8678
 export NEON_TARBALL := neon-0.31.2.tar.gz
-export NSS_SHA256SUM := 
8b5a2e9e3d632a78ad4d9c8d2ea502d2790d7a8e7b1986d173107232eca27432
-export NSS_TARBALL := nss-3.86-with-nspr-4.35.tar.gz
+export NSS_SHA256SUM := 
fcfa26d2738ec5b0cf72ab4be784eac832a75132cda2e295799c04d62a93607a
+export NSS_TARBALL := nss-3.88.1-with-nspr-4.35.tar.gz
 export ODFGEN_SHA256SUM := 
55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
 export ODFGEN_VERSION_MICRO := 8
 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz

[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-7-2' - 9 commits - configure.ac connectivity/source download.lst external/curl external/hsqldb formula/source sc/source

Reply via email to