[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-7-3' - 12 commits - configure.ac connectivity/source download.lst external/curl external/hsqldb formula/source RepositoryExternal.mk sc/source

[Andras Timar (via logerrit)]

 RepositoryExternal.mk                             |    3 --
 configure.ac                                      |    2 -
 connectivity/source/drivers/hsqldb/HDriver.cxx    |   31 ++++++++++++++++++++++
 download.lst                                      |   16 +++++------
 external/curl/asan-poison-nsspem.patch.0          |    2 -
 external/curl/curl-nss.patch.1                    |    6 ++--
 external/hsqldb/UnpackedTarball_hsqldb.mk         |    1 
 external/hsqldb/patches/disable-dump-script.patch |   14 +++++++++
 formula/source/core/api/token.cxx                 |   13 +++------
 sc/source/core/inc/interpre.hxx                   |   12 ++++++++
 sc/source/core/tool/interpr1.cxx                  |    4 +-
 sc/source/core/tool/interpr3.cxx                  |    4 +-
 sc/source/core/tool/interpr4.cxx                  |   10 ++++++-
 13 files changed, 90 insertions(+), 28 deletions(-)

New commits:
commit 6f8d96fb45a1aeed23320b329eb84f973332bb4d
Author:     Andras Timar <andras.ti...@collabora.com>
AuthorDate: Sun Mar 26 21:23:07 2023 +0200
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:44 2023 +0200

    Bump version to 7.3.7.2.M3
    
    Change-Id: I558140c9cdd2cba55f0164db51686d0b972d66ae

diff --git a/configure.ac b/configure.ac
index 93758ed6b508..fac7acde7c2b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for 
the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no 
idea.
 
-AC_INIT([LibreOffice],[7.3.7.2.M2],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[7.3.7.2.M3],[],[],[http://documentfoundation.org/])
 
 dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just 
fine if it is installed
 dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails 
hard
commit efb5a7cbe0729461ba51112cadd75237cf71ca2e
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Mar 21 10:46:46 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:44 2023 +0200

    curl: upgrade to release 8.0.1
    
    Apparently 8.0.0 had a serious regression.
    
    Change-Id: Icc761f5e5e01b5d9bebecc13f7cba608f5834f54
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149212
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/download.lst b/download.lst
index 2dbcb9871974..48cc3bc01199 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc
-export CURL_TARBALL := curl-8.0.0.tar.xz
+export CURL_SHA256SUM := 
0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0
+export CURL_TARBALL := curl-8.0.1.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
a7ced37f4102b745ac86d6a70a9da399cc139ff168ba6b8002b4d8d43c900c15
commit 93c5b2a3fb67611c2a985e59216c047bcdc4a6d8
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Mar 20 11:52:22 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:44 2023 +0200

    curl: upgrade to release 8.0.0
    
    Fixes CVE-2023-27535.
    
    Also hopefully fixes excessive storage consumption during build:
    o build: drop the use of XC_AMEND_DISTCLEAN [62]
    
    Change-Id: I8792e95bc7634ee496488e80fec5a1310b24a31c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149153
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149211
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/download.lst b/download.lst
index 24692deee9d0..2dbcb9871974 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
-export CURL_TARBALL := curl-7.88.1.tar.xz
+export CURL_SHA256SUM := 
759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc
+export CURL_TARBALL := curl-8.0.0.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
a7ced37f4102b745ac86d6a70a9da399cc139ff168ba6b8002b4d8d43c900c15
commit 8929a3d0ca095460ca46ed0319b92556456c9c44
Author:     Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Thu Feb 23 15:31:02 2023 +0900
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    curl: upgrade to release 7.88.1
    
    Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO.
    
    Reference: https://curl.se/docs/security.html
    
    Change-Id: If9b3fc7c5ce66bfe1027caff39ea2c1cf55df7ad
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147977
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 6074d16b8c631e679a67364837d4ca9799731152)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147987
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/download.lst b/download.lst
index 68351689db8f..24692deee9d0 100644
--- a/download.lst
+++ b/download.lst
@@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 
89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707
 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 export CT2N_SHA256SUM := 
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 
ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff
-export CURL_TARBALL := curl-7.87.0.tar.xz
+export CURL_SHA256SUM := 
1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
+export CURL_TARBALL := curl-7.88.1.tar.xz
 export EBOOK_SHA256SUM := 
7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 
a7ced37f4102b745ac86d6a70a9da399cc139ff168ba6b8002b4d8d43c900c15
diff --git a/external/curl/asan-poison-nsspem.patch.0 
b/external/curl/asan-poison-nsspem.patch.0
index 1f490bd6bf86..b348d44ee573 100644
--- a/external/curl/asan-poison-nsspem.patch.0
+++ b/external/curl/asan-poison-nsspem.patch.0
@@ -1,6 +1,6 @@
 --- lib/vtls/nss.c
 +++ lib/vtls/nss.c
-@@ -1945,7 +1945,7 @@
+@@ -1926,7 +1926,7 @@
  
    PK11_SetPasswordFunc(nss_get_password);
  
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
index 2128849369e7..2e8766b3d45f 100644
--- a/external/curl/curl-nss.patch.1
+++ b/external/curl/curl-nss.patch.1
@@ -1,7 +1,7 @@
 diff -ur curl.org/configure curl/configure
---- curl.org/configure 2016-03-13 15:14:07.177000076 +0100
-+++ curl/configure     2016-03-13 15:16:44.132000076 +0100
-@@ -28230,7 +28230,12 @@
+--- curl.orig/configure        2023-02-20 16:11:55.000000000 +0900
++++ curl/configure     2023-02-23 15:40:58.617432471 +0900
+@@ -28675,7 +28675,12 @@
        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired 
libraries and compilation flags for NSS." >&5
  printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation 
flags for NSS." >&2;}
        addld="-L$OPT_NSS/lib"
commit d752540ce36495e00cc8da46dc8b631748b4d4a4
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Feb 8 12:11:24 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    openssl: upgrade to release 1.1.1t
    
    Fixes CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304
    
    Change-Id: I93ce0362b17bd07b0644564a0676daaa56bc8b50
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146653
    Tested-by: Jenkins
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>

diff --git a/download.lst b/download.lst
index e071ca00c7ba..68351689db8f 100644
--- a/download.lst
+++ b/download.lst
@@ -202,8 +202,8 @@ export OFFICEOTRON_SHA256SUM := 
f2443f27561af52324eee03a1892d9f569adc8db9e7bca55
 export OFFICEOTRON_JAR := 
8249374c274932a21846fa7629c2aa9b-officeotron-0.7.4-master.jar
 export OPENLDAP_SHA256SUM := 
99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34
 export OPENLDAP_TARBALL := openldap-2.4.59.tgz
-export OPENSSL_SHA256SUM := 
c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa
-export OPENSSL_TARBALL := openssl-1.1.1s.tar.gz
+export OPENSSL_SHA256SUM := 
8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b
+export OPENSSL_TARBALL := openssl-1.1.1t.tar.gz
 export ORCUS_SHA256SUM := 
2a86c405a5929f749b27637509596421d46805753364ab258b035fd01fbde143
 export ORCUS_TARBALL := liborcus-0.17.2.tar.bz2
 export PAGEMAKER_SHA256SUM := 
66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
commit d9efe623a4765d77be0e7c52829027a840d8e02c
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Feb 21 11:11:42 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    nss: upgrade to release 3.88.1
    
    Fixes CVE-2023-0767 CVE-2022-3479
    
    Change-Id: I688dc7d0785ed3344c33e331c7e9ef37baa720ee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147387
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 538975a0e511ad79a7dd3c71300b993d1554cd03)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147360
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit 389cdfa04fbf7bffde6af9e6c87325579e3e136a)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147372
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/download.lst b/download.lst
index c0027e6e67dc..e071ca00c7ba 100644
--- a/download.lst
+++ b/download.lst
@@ -191,8 +191,8 @@ export MYTHES_SHA256SUM := 
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
 export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
 export NEON_SHA256SUM := 
cf1ee3ac27a215814a9c80803fcee4f0ede8466ebead40267a9bd115e16a8678
 export NEON_TARBALL := neon-0.31.2.tar.gz
-export NSS_SHA256SUM := 
8b5a2e9e3d632a78ad4d9c8d2ea502d2790d7a8e7b1986d173107232eca27432
-export NSS_TARBALL := nss-3.86-with-nspr-4.35.tar.gz
+export NSS_SHA256SUM := 
fcfa26d2738ec5b0cf72ab4be784eac832a75132cda2e295799c04d62a93607a
+export NSS_TARBALL := nss-3.88.1-with-nspr-4.35.tar.gz
 export ODFGEN_SHA256SUM := 
55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
 export ODFGEN_VERSION_MICRO := 8
 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
commit 2cd1aa6d851806f1af132274197554358a25d2c6
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Mon Feb 27 16:10:06 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    Always push a result, even if it's only an error
    
    PERCENTILE() and QUARTILE() if an error was passed as argument (or
    an error encountered during obtaining arguments) omitted to push
    an error result, only setting the error.
    
    Fallout from
    
        commit f336f63da900d76c2bf6e5690f1c8a7bd15a0aa2
        CommitDate: Thu Mar 3 16:28:59 2016 +0000
    
            tdf#94635 Add FORECAST.ETS functions to Calc
    
    Change-Id: I23e276fb0ce735cfd6383cc963446499dcf819f4
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147922
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit 64914560e279c71ff1233f4bab851e2a292797e6)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147900
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit da8ca6920b78addc827171f53a42abdd59da9f9c)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148326
    Tested-by: Andras Timar <andras.ti...@collabora.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/sc/source/core/tool/interpr3.cxx b/sc/source/core/tool/interpr3.cxx
index 8d7ba5ea4952..885db473c9f8 100644
--- a/sc/source/core/tool/interpr3.cxx
+++ b/sc/source/core/tool/interpr3.cxx
@@ -3466,7 +3466,7 @@ void ScInterpreter::ScPercentile( bool bInclusive )
     GetNumberSequenceArray( 1, aArray, false );
     if ( aArray.empty() || nGlobalError != FormulaError::NONE )
     {
-        SetError( FormulaError::NoValue );
+        PushNoValue();
         return;
     }
     if ( bInclusive )
@@ -3489,7 +3489,7 @@ void ScInterpreter::ScQuartile( bool bInclusive )
     GetNumberSequenceArray( 1, aArray, false );
     if ( aArray.empty() || nGlobalError != FormulaError::NONE )
     {
-        SetError( FormulaError::NoValue );
+        PushNoValue();
         return;
     }
     if ( bInclusive )
commit 626e04943f2b8a2e6a309c52b75d375c199dc880
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Fri Feb 17 12:03:54 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    Stack check safety belt before fishing in muddy waters
    
    Have it hit hard in debug builds.
    
    Change-Id: I9ea54844a0661fd7a75616a2876983a74b2d5bad
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147205
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit 9d91fbba6f374fa1c10b38eae003da89bd4e6d4b)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147902
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/sc/source/core/inc/interpre.hxx b/sc/source/core/inc/interpre.hxx
index 322b2e32d5a0..2bad90aa12cb 100644
--- a/sc/source/core/inc/interpre.hxx
+++ b/sc/source/core/inc/interpre.hxx
@@ -231,6 +231,7 @@ private:
     inline bool MustHaveParamCount( short nAct, short nMust );
     inline bool MustHaveParamCount( short nAct, short nMust, short nMax );
     inline bool MustHaveParamCountMin( short nAct, short nMin );
+    inline bool MustHaveParamCountMinWithStackCheck( short nAct, short nMin );
     void PushParameterExpected();
     void PushIllegalParameter();
     void PushIllegalArgument();
@@ -1082,6 +1083,17 @@ inline bool ScInterpreter::MustHaveParamCountMin( short 
nAct, short nMin )
     return false;
 }
 
+inline bool ScInterpreter::MustHaveParamCountMinWithStackCheck( short nAct, 
short nMin )
+{
+    assert(sp >= nAct);
+    if (sp < nAct)
+    {
+        PushParameterExpected();
+        return false;
+    }
+    return MustHaveParamCountMin( nAct, nMin);
+}
+
 inline bool ScInterpreter::CheckStringPositionArgument( double & fVal )
 {
     if (!std::isfinite( fVal))
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index 42d6dde67df2..27917500254a 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -7524,7 +7524,7 @@ void ScInterpreter::ScVLookup()
 void ScInterpreter::ScSubTotal()
 {
     sal_uInt8 nParamCount = GetByte();
-    if ( !MustHaveParamCountMin( nParamCount, 2 ) )
+    if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 2 ) )
         return;
 
     // We must fish the 1st parameter deep from the stack! And push it on top.
@@ -7571,7 +7571,7 @@ void ScInterpreter::ScSubTotal()
 void ScInterpreter::ScAggregate()
 {
     sal_uInt8 nParamCount = GetByte();
-    if ( !MustHaveParamCountMin( nParamCount, 3 ) )
+    if ( !MustHaveParamCountMinWithStackCheck( nParamCount, 3 ) )
         return;
 
     const FormulaError nErr = nGlobalError;
commit 29a32f6e405e6c8dfb9729a3d72e23dccdfa53a9
Author:     Eike Rathke <er...@redhat.com>
AuthorDate: Thu Feb 16 20:20:31 2023 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions
    
    OR and AND for legacy infix notation are classified as binary
    operators but in fact are functions with parameter count. In case
    no argument is supplied, GetByte() returns 0 and for that case the
    implicit binary operator 2 parameters were wrongly assumed.
    Similar for functions expecting 1 parameter, without argument 1
    was assumed. For "real" unary and binary operators the compiler
    already checks parameters. Omit OR and AND and 1-parameter
    functions from this implicit assumption and return the actual 0
    count.
    
    Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
    Reviewed-by: Eike Rathke <er...@redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147235
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/formula/source/core/api/token.cxx 
b/formula/source/core/api/token.cxx
index a7d44f897a24..6e50ca011983 100644
--- a/formula/source/core/api/token.cxx
+++ b/formula/source/core/api/token.cxx
@@ -93,17 +93,14 @@ sal_uInt8 FormulaToken::GetParamCount() const
         return 0;       // parameters and specials
                         // ocIf... jump commands not for FAP, have cByte then
 //2do: bool parameter whether FAP or not?
-    else if ( GetByte() )
+    else if (GetByte())
         return GetByte();   // all functions, also ocExternal and ocMacro
-    else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP)
-        return 2;           // binary
-    else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP)
-            || eOp == ocPercentSign)
-        return 1;           // unary
+    else if (SC_OPCODE_START_BIN_OP <= eOp && eOp < SC_OPCODE_STOP_BIN_OP && 
eOp != ocAnd && eOp != ocOr)
+        return 2;           // binary operators, compiler checked; OR and AND 
legacy but are functions
+    else if ((SC_OPCODE_START_UN_OP <= eOp && eOp < SC_OPCODE_STOP_UN_OP) || 
eOp == ocPercentSign)
+        return 1;           // unary operators, compiler checked
     else if (SC_OPCODE_START_NO_PAR <= eOp && eOp < SC_OPCODE_STOP_NO_PAR)
         return 0;           // no parameter
-    else if (SC_OPCODE_START_1_PAR <= eOp && eOp < SC_OPCODE_STOP_1_PAR)
-        return 1;           // one parameter
     else if (FormulaCompiler::IsOpCodeJumpCommand( eOp ))
         return 1;           // only the condition counts as parameter
     else
diff --git a/sc/source/core/tool/interpr4.cxx b/sc/source/core/tool/interpr4.cxx
index f0dee4b21b63..d9ea8acd5c8e 100644
--- a/sc/source/core/tool/interpr4.cxx
+++ b/sc/source/core/tool/interpr4.cxx
@@ -4011,7 +4011,15 @@ StackVar ScInterpreter::Interpret()
                 else if (sp >= pCur->GetParamCount())
                     nStackBase = sp - pCur->GetParamCount();
                 else
-                    nStackBase = sp;    // underflow?!?
+                {
+                    SAL_WARN("sc.core", "Stack anomaly at " << aPos.Format(
+                                ScRefFlags::VALID | ScRefFlags::FORCE_DOC | 
ScRefFlags::TAB_3D, &mrDoc)
+                            << "  eOp: " << static_cast<int>(eOp)
+                            << "  params: " << 
static_cast<int>(pCur->GetParamCount())
+                            << "  nStackBase: " << nStackBase << "  sp: " << 
sp);
+                    nStackBase = sp;
+                    assert(!"underflow");
+                }
             }
 
             switch( eOp )
commit cd38da637c11e74ca0c9784b0d083a17f4af18f0
Author:     Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Sun Jan 2 20:14:04 2022 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:08:43 2023 +0200

    Replace obsolete *_use_external_project for libjpeg-turbo
    
    ...which no longer is an ExternalProject but just a StaticLibrary since
    1295f497e0cc7fc7cfcb66182496a4d29aa701b3 "upgrade libjpeg-turbo to 2.1.1".
    (This caused e.g. a from-scratch `make Library_pdfium` to fail with
    
    > [PRJ] libjpeg-turbo
    > touch: cannot touch '.../workdir/ExternalProject/libjpeg-turbo.done': No 
such file or directory
    
    when workdir/ExternalProject/ happens not to exist yet.)
    
    Change-Id: Id0f0e3b13cc7e9e556d9c8e7698d4dfa1bb01659
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127874
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sberg...@redhat.com>

diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 414c4bba741d..64d8d1ac1aa7 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -418,7 +418,6 @@ gb_ExternalProject__use_libjpeg :=
 else
 
 define gb_LinkTarget__use_libjpeg
-$(call gb_LinkTarget_use_external_project,$(1),libjpeg-turbo,full)
 $(call gb_LinkTarget_set_include,$(1),\
        -I$(call gb_UnpackedTarball_get_dir,libjpeg-turbo) \
        $$(INCLUDE) \
@@ -428,7 +427,7 @@ $(call 
gb_LinkTarget_use_static_libraries,$(1),libjpeg-turbo)
 endef
 
 define gb_ExternalProject__use_libjpeg
-$(call gb_ExternalProject_use_external_project,$(1),libjpeg-turbo)
+$(call gb_ExternalProject_use_static_libraries,$(1),libjpeg-turbo)
 
 endef
 
commit becab1a7acd959e8fe3fcd9702bd68cb97ee263b
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jan 13 16:41:14 2022 +0000
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:00:37 2023 +0200

    upgrade to libjpeg-turbo-2.1.2
    
    Change-Id: I6d24be03c6401a815e6f19d79f418fcc90334393
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128387
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/download.lst b/download.lst
index 06c67ec28196..c0027e6e67dc 100644
--- a/download.lst
+++ b/download.lst
@@ -138,8 +138,8 @@ export JFREEREPORT_LIBXML_SHA256SUM := 
7d2797fe9f79a77009721e3f14fa4a1dec17a6d70
 export JFREEREPORT_LIBXML_TARBALL := 
ace6ab49184e329db254e454a010f56d-libxml-1.1.7.zip
 export JFREEREPORT_SAC_SHA256SUM := 
085f2112c51fa8c1783fac12fbd452650596415121348393bb51f0f7e85a9045
 export JFREEREPORT_SAC_TARBALL := 
39bb3fcea1514f1369fcfc87542390fd-sacjava-1.3.zip
-export LIBJPEG_TURBO_SHA256SUM := 
20e9cd3e5f517950dfb7a300ad344543d88719c254407ffb5ad88d891bf701c4
-export LIBJPEG_TURBO_TARBALL := libjpeg-turbo-2.1.1.tar.gz
+export LIBJPEG_TURBO_SHA256SUM := 
09b96cb8cbff9ea556a9c2d173485fd19488844d55276ed4f42240e1e2073ce5
+export LIBJPEG_TURBO_TARBALL := libjpeg-turbo-2.1.2.tar.gz
 export LANGTAGREG_SHA256SUM := 
d9dcf20be5ad4856daef023087421bedc1477f9b4247fc8ea53bb32e07c97837
 export LANGTAGREG_TARBALL := language-subtag-registry-2021-12-29.tar.bz2
 export LANGUAGETOOL_SHA256SUM := 
48c87e41636783bba438b65fd895821e369ed139e1465fac654323ad93c5a82d
commit ab10a3123655b56c8bd9adf4ee22a1829a543f84
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 13 13:56:10 2023 +0000
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Mar 26 23:00:37 2023 +0200

    disable script dump
    
    Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19

diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx 
b/connectivity/source/drivers/hsqldb/HDriver.cxx
index 962e574879cf..84dc2132756d 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -290,6 +290,37 @@ namespace connectivity
                         } // if ( xStream.is() )
                         ::comphelper::disposeComponent(xStream);
                     }
+
+                    // disallow any database/script files that contain a 
"SCRIPT[.*]" entry (this is belt and braces
+                    // in that bundled hsqldb 1.8.0 is patched to also reject 
them)
+                    //
+                    // hsqldb 2.6.0 release notes have: added system role 
SCRIPT_OPS for export / import of database structure and data
+                    // which seems to provide a builtin way to do this with 
contemporary hsqldb
+                    const OUString sScript( "script" );
+                    if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+                    {
+                        Reference<XStream > xStream = 
xStorage->openStreamElement(sScript, ElementModes::READ);
+                        if (xStream.is())
+                        {
+                            std::unique_ptr<SvStream> 
pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+                            if (pStream)
+                            {
+                                OString sLine;
+                                while (pStream->ReadLine(sLine))
+                                {
+                                    OString sText = sLine.trim();
+                                    if 
(sText.startsWithIgnoreAsciiCase("SCRIPT"))
+                                    {
+                                        ::connectivity::SharedResources 
aResources;
+                                        sMessage = 
aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$",
 sSystemPath);
+                                        break;
+                                    }
+                                }
+                            }
+                        } // if ( xStream.is() )
+                        ::comphelper::disposeComponent(xStream);
+                    }
+
                 }
                 catch(Exception&)
                 {
diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk 
b/external/hsqldb/UnpackedTarball_hsqldb.mk
index cbba770f19a0..ed262cccf4ca 100644
--- a/external/hsqldb/UnpackedTarball_hsqldb.mk
+++ b/external/hsqldb/UnpackedTarball_hsqldb.mk
@@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
                external/hsqldb/patches/jdbc-4.1.patch \
                external/hsqldb/patches/multipleResultSets.patch \
        ) \
+       external/hsqldb/patches/disable-dump-script.patch \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/hsqldb/patches/disable-dump-script.patch 
b/external/hsqldb/patches/disable-dump-script.patch
new file mode 100644
index 000000000000..401dd38abc9a
--- /dev/null
+++ b/external/hsqldb/patches/disable-dump-script.patch
@@ -0,0 +1,14 @@
+--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
11:08:11.297243034 +0000
++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
13:49:17.973089433 +0000
+@@ -403,6 +403,11 @@
+                     throw Trace.error(Trace.INVALID_IDENTIFIER);
+                 }
+ 
++                // added condition to avoid execution of spurious command in 
.script or .log file
++                if (session.isProcessingScript() || 
session.isProcessingLog()) {
++                    return new Result(ResultConstants.UPDATECOUNT);
++                }
++
+                 dsw = new ScriptWriterText(database, token, true, true, true);
+ 
+                 dsw.writeAll();