download.lst
| 4
external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
| 246 ++++++++++
external/libpng/0001-fix-Avoid-integer-overflows-in-function-png_xy_from_.patch.1
| 99 ++++
external/libpng/0001-libpng16-fix-Correct-the-function-png_fp_sub-in-png.patch.1
| 35 +
external/libpng/UnpackedTarball_libpng.mk
| 4
external/libpng/libpng-osx.patch.1
| 2
svgio/source/svgreader/svgstyleattributes.cxx
| 9
sw/source/core/fields/ddetbl.cxx
| 6
sw/source/core/layout/sortedobjs.cxx
| 6
sw/source/filter/ww8/ww8par.cxx
| 13
sw/source/filter/ww8/ww8par5.cxx
| 2
11 files changed, 417 insertions(+), 9 deletions(-)
New commits:
commit 38cdc0405fdb8bd602b9c2121f280de9ea3cb71c
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Dec 5 20:05:43 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:17 2024 +0100
crashtesting: HLINK_MARK embedded null import from forum-mso-en4-7137.doc
which causes problems on export to docx. Sanitize at the original
import.
Change-Id: I8b9fa86465c455fe872c41386889dc54e38eb9ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177904
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit f232952e727c50cc3a5927ff3b082f88e36c9bed)
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 5db85865ab81..c7854c7a1d96 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -347,6 +347,8 @@ void SwWW8ImplReader::ReadEmbeddedData(SvStream& rStrm,
SwDocShell const * pDocS
if( ::get_flag( nFlags, WW8_HLINK_MARK ) )
{
xTextMark.reset(new
OUString(read_uInt32_lenPrefixed_uInt16s_ToOUString(rStrm)));
+ if (clipToFirstNull(*xTextMark))
+ SAL_WARN("sw.ww8", "HLINK_MARK with embedded null, truncating to:
" << *xTextMark);
}
if (!xLongName && xShortName.get())
commit e9fed693f41514b1b84334f9db1c035bd286c097
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Dec 5 12:56:34 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:17 2024 +0100
crashtesting: HLINK embedded null import from ooo98294-1.doc
which causes problems on export to docx. Sanitize at the original
import.
Change-Id: I3b5521dac6a2b6926db6362d33500b11f0a69098
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177869
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit acd9e2165c42f0d6977e1ffd883983fe33c5d073)
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 41beb52670ff..5db85865ab81 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -220,6 +220,15 @@ namespace
}
}
+// returns true if an embedded null was found
+static bool clipToFirstNull(OUString& rStr)
+{
+ sal_Int32 nEmbeddedNullIdx = rStr.indexOf(0);
+ if (nEmbeddedNullIdx != -1)
+ rStr = rStr.copy(0, nEmbeddedNullIdx);
+ return nEmbeddedNullIdx != -1;
+}
+
void SwWW8ImplReader::ReadEmbeddedData(SvStream& rStrm, SwDocShell const *
pDocShell, struct HyperLinksTable& hlStr)
{
// (0x01B8) HLINK
@@ -350,6 +359,8 @@ void SwWW8ImplReader::ReadEmbeddedData(SvStream& rStrm,
SwDocShell const * pDocS
if (xLongName)
{
+ if (clipToFirstNull(*xLongName))
+ SAL_WARN("sw.ww8", "HLINK with embedded null, truncating to: " <<
*xLongName);
if (xTextMark)
{
if (xLongName->isEmpty())
commit f0e14b2323f7fcc799211544edae635bd1088beb
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Dec 1 19:17:49 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:17 2024 +0100
crashtesting: crash on load of forum-en-40508.odt + F9 to update fields
seems to already exist in oldest version I have
Change-Id: I3f3652952476678c121cbe3f800b7adf7f7aa1a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177626
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 9a81a5272196d6ba00551dd7ee0e4dab807e4052)
diff --git a/sw/source/core/fields/ddetbl.cxx b/sw/source/core/fields/ddetbl.cxx
index d42b387cb44e..68ab08de9d18 100644
--- a/sw/source/core/fields/ddetbl.cxx
+++ b/sw/source/core/fields/ddetbl.cxx
@@ -147,7 +147,11 @@ void SwDDETable::ChangeContent()
OSL_ENSURE( pBox->GetSttIdx(), "no content box" );
SwNodeIndex aNdIdx( *pBox->GetSttNd(), 1 );
SwTextNode* pTextNode = aNdIdx.GetNode().GetTextNode();
- OSL_ENSURE( pTextNode, "No Node" );
+ if (!pTextNode)
+ {
+ SAL_WARN("sw.core", "No TextNode in
SwDDETable::ChangeContent");
+ continue;
+ }
SwIndex aCntIdx( pTextNode, 0 );
pTextNode->EraseText( aCntIdx );
pTextNode->InsertText( aLine.getToken( 0, ' ',
nLineTokenPos ), aCntIdx );
commit 123779562069f92ae9cf95864367df044dc65fe5
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Dec 1 20:19:33 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:17 2024 +0100
crashtesting: crash on load of .doc output of forum-de3-398.odt
Change-Id: Ibcd898e25c8807dba36226d0ec7126588ba38837
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177631
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 4161486f9ae29452375aa57fd080cc6af7d6fd3b)
diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx
index 039f42511347..63a8a2e7a8a6 100644
--- a/sw/source/filter/ww8/ww8par5.cxx
+++ b/sw/source/filter/ww8/ww8par5.cxx
@@ -3075,7 +3075,7 @@ eF_ResT SwWW8ImplReader::Read_F_Tox( WW8FieldDesc* pF,
OUString& rStr )
{
--aIt;
- if(0x09 == sDelimiter[0])
+ if (!sDelimiter.isEmpty() &&
sDelimiter[0] == 0x09)
aIt->eTabAlign =
SvxTabAdjust::End;
else
{
commit 1a8790a8808fefa290d0258c47dbf43d10ee33e6
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Nov 22 09:59:44 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:16 2024 +0100
crashtesting: invalid iterator on load of forum-de-1233.odt docx export
although the actual order doesn't change there is a Delete/Insert of
the object in case the order should change.
::Insert will check if sorted and resort if not anyway, so presumably
if we just skip the middle-men and resort here if we need to then that
is equivalent, but without the invalidation for the already sorted case.
#0 SwSortedObjs::Remove (this=0x510ed40, _rAnchoredObj=...) at
core/sw/source/core/layout/sortedobjs.cxx:243
#1 0x00007fffce0af130 in SwSortedObjs::Update (this=0x510ed40,
_rAnchoredObj=...) at core/sw/source/core/layout/sortedobjs.cxx:282
#2 0x00007fffcdf32c40 in SwAnchoredObject::UpdateObjInSortedList
(this=0x51123c0) at core/sw/source/core/layout/anchoredobject.cxx:661
#3 0x00007fffcdf8fc38 in SwFlyFrame::SwClientNotify (this=0x5112260,
rMod=..., rHint=...) at core/sw/source/core/layout/fly.cxx:859
#4 0x00007fffcdf9d1bf in SwFlyAtContentFrame::SwClientNotify
(this=0x5112260, rMod=..., rHint=...) at
core/sw/source/core/layout/flycnt.cxx:112
#5 0x00007fffcd65bca8 in SwModify::CallSwClientNotify (this=0x4e68da0,
rHint=...) at core/sw/source/core/attr/calbck.cxx:311
#6 0x00007fffcd65bd71 in sw::BroadcastingModify::CallSwClientNotify
(this=0x4e68da0, rHint=...) at core/sw/source/core/attr/calbck.cxx:316
#7 0x00007fffcd65b42f in SwModify::SwClientNotify (this=0x4e68da0,
rHint=...) at core/sw/source/core/attr/calbck.cxx:302
#8 0x00007fffcd66771b in SwFormat::SwClientNotify (this=0x4e68da0,
rHint=...) at core/sw/source/core/attr/format.cxx:300
#9 0x00007fffcdf4448a in SwFrameFormat::SwClientNotify (this=0x4e68da0,
rMod=..., rHint=...) at core/sw/source/core/layout/atrfrm.cxx:2843
#10 0x00007fffcd65be1e in sw::ClientNotifyAttrChg (rModify=..., aSet=...,
aOld=..., aNew=...) at core/sw/source/core/attr/calbck.cxx:325
#11 0x00007fffcd66948e in SwFormat::SetFormatAttr (this=0x4e68da0,
rSet=SfxItemSet of pool 0x1bcebe0 with parent 0x4e68e68 and Which ranges: [(88,
141), (159, 159), (1014, 1034)] = {...})
at core/sw/source/core/attr/format.cxx:597
#12 0x00007fffce649a2c in SwXFrame::setPropertyValue (this=0x5e47b90,
rPropertyName="Size", _rValue=uno::Any("com.sun.star.awt.Size": ...))
at core/sw/source/core/unocore/unoframe.cxx:1867
#13 0x00007fffcdc4d7ea in SwTextBoxHelper::syncProperty (pShape=0x4dce770,
nWID=89, nMemberID=0 '
at core/sw/source/core/doc/textboxhelper.cxx:995
#14 0x00007fffcdf2e2d7 in SwAnchoredDrawObject::GetObjBoundRect
(this=0x4e69dd0) at core/sw/source/core/layout/anchoreddrawobject.cxx:757
#15 0x00007fffcdf320ca in SwAnchoredObject::GetObjRectWithSpaces
(this=0x4e69dd0) at core/sw/source/core/layout/anchoredobject.cxx:575
#16 0x00007fffcdf31eaa in
SwAnchoredObject::InvalidateObjPosForConsiderWrapInfluence (this=0x4e69dd0) at
core/sw/source/core/layout/anchoredobject.cxx:400
#17 0x00007fffcdf32be5 in SwAnchoredObject::UpdateObjInSortedList
(this=0x510e530) at core/sw/source/core/layout/anchoredobject.cxx:654
#18 0x00007fffcdf8fc38 in SwFlyFrame::SwClientNotify (this=0x510e3d0,
rMod=..., rHint=...) at core/sw/source/core/layout/fly.cxx:859
#19 0x00007fffcdf9d1bf in SwFlyAtContentFrame::SwClientNotify
(this=0x510e3d0, rMod=..., rHint=...) at
core/sw/source/core/layout/flycnt.cxx:112
#20 0x00007fffcd65bca8 in SwModify::CallSwClientNotify (this=0x4e364a0,
rHint=...) at core/sw/source/core/attr/calbck.cxx:311
#21 0x00007fffcd65bd71 in sw::BroadcastingModify::CallSwClientNotify
(this=0x4e364a0, rHint=...) at core/sw/source/core/attr/calbck.cxx:316
#22 0x00007fffcd65b42f in SwModify::SwClientNotify (this=0x4e364a0,
rHint=...) at core/sw/source/core/attr/calbck.cxx:302
#23 0x00007fffcd66771b in SwFormat::SwClientNotify (this=0x4e364a0,
rHint=...) at core/sw/source/core/attr/format.cxx:300
#24 0x00007fffcdf4448a in SwFrameFormat::SwClientNotify (this=0x4e364a0,
rMod=..., rHint=...) at core/sw/source/core/layout/atrfrm.cxx:2843
#25 0x00007fffcd65be1e in sw::ClientNotifyAttrChg (rModify=..., aSet=...,
aOld=..., aNew=...) at core/sw/source/core/attr/calbck.cxx:325
#26 0x00007fffcd66948e in SwFormat::SetFormatAttr (this=0x4e364a0,
rSet=SfxItemSet of pool 0x1bcebe0 with parent 0x4e36568 and Which ranges: [(88,
141), (159, 159), (1014, 1034)] = {...})
at core/sw/source/core/attr/format.cxx:597
#27 0x00007fffce649a2c in SwXFrame::setPropertyValue (this=0x4a86e10,
rPropertyName="Size", _rValue=uno::Any("com.sun.star.awt.Size": ...))
at core/sw/source/core/unocore/unoframe.cxx:1867
#28 0x00007fffcdc4d7ea in SwTextBoxHelper::syncProperty (pShape=0x4dc65f0,
nWID=89, nMemberID=0 '
at core/sw/source/core/doc/textboxhelper.cxx:995
#29 0x00007fffcdf2e2d7 in SwAnchoredDrawObject::GetObjBoundRect
(this=0x4e3a0d0) at core/sw/source/core/layout/anchoreddrawobject.cxx:757
#30 0x00007fffcdf320ca in SwAnchoredObject::GetObjRectWithSpaces
(this=0x4e3a0d0) at core/sw/source/core/layout/anchoredobject.cxx:575
#31 0x00007fffcdf815b3 in (anonymous namespace)::IsNextContentFullPage
(rThis=...) at core/sw/source/core/layout/flowfrm.cxx:217
#32 0x00007fffcdf81002 in SwFlowFrame::IsKeep (this=0x4e5a630, rKeep=...,
rBreak=..., bCheckIfLastRowShouldKeep=false) at
core/sw/source/core/layout/flowfrm.cxx:259
Change-Id: If2191e8b99d1b0347bab54a704013ce0a9a19410
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176992
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit f2cf4d91687fcebcad90a839dd5232a28b47e6e1)
diff --git a/sw/source/core/layout/sortedobjs.cxx
b/sw/source/core/layout/sortedobjs.cxx
index 40d87c43b7bf..b22f1cb760b2 100644
--- a/sw/source/core/layout/sortedobjs.cxx
+++ b/sw/source/core/layout/sortedobjs.cxx
@@ -263,8 +263,10 @@ void SwSortedObjs::Update( SwAnchoredObject& _rAnchoredObj
)
return;
}
- Remove( _rAnchoredObj );
- Insert( _rAnchoredObj );
+ if (is_sorted())
+ return;
+
+ UpdateAll();
}
void SwSortedObjs::UpdateAll()
commit 1839de6a3cac16b3f8b8608c4ed131c28a4a1cb4
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat May 4 20:36:24 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 21:01:16 2024 +0100
crashtesting: assert with stroke width of 4.86057e+93
on import attempt of moz1322643-3.svg
Change-Id: I5f18601767212c1eb7453aacbad076099a2a5b46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167142
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 21e0a2658a565b5359703670ad9a709b232a4a27)
diff --git a/svgio/source/svgreader/svgstyleattributes.cxx
b/svgio/source/svgreader/svgstyleattributes.cxx
index 502fe6991dd3..69032a50d87f 100644
--- a/svgio/source/svgreader/svgstyleattributes.cxx
+++ b/svgio/source/svgreader/svgstyleattributes.cxx
@@ -21,6 +21,7 @@
#include <algorithm>
+#include <sal/log.hxx>
#include <svgstyleattributes.hxx>
#include <drawinglayer/primitive2d/transformprimitive2d.hxx>
#include <drawinglayer/primitive2d/polypolygonprimitive2d.hxx>
@@ -671,9 +672,15 @@ namespace svgio
// get stroke width; SVG does not use 0.0 == hairline, so 0.0 is
no line at all
const double fStrokeWidth(getStrokeWidth().isSet() ?
getStrokeWidth().solve(mrOwner) : 1.0);
- if(!basegfx::fTools::more(fStrokeWidth, 0.0))
+ if (!basegfx::fTools::more(fStrokeWidth, 0.0))
return;
+ if (fStrokeWidth > std::numeric_limits<sal_Int32>::max())
+ {
+ SAL_WARN("svgio", "ignoring ludicrous stroke width: " <<
fStrokeWidth);
+ return;
+ }
+
drawinglayer::primitive2d::Primitive2DReference aNewLinePrimitive;
// if we have a line with two identical points it is not really a
line,
commit 48dc51e683fd90cdf2e46301131d8f666c5482f4
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Oct 13 19:44:11 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:57:08 2024 +0100
ofz#372757014 png_fp_sub Integer-overflow
Change-Id: I0dfe44f8e8f20c137a12eafb4fa108d266f89370
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174875
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit c43454149eceb21e8b935d24c864b6e2ad577615)
diff --git
a/external/libpng/0001-fix-Avoid-integer-overflows-in-function-png_xy_from_.patch.1
b/external/libpng/0001-fix-Avoid-integer-overflows-in-function-png_xy_from_.patch.1
new file mode 100644
index 000000000000..90b4d385fadd
--- /dev/null
+++
b/external/libpng/0001-fix-Avoid-integer-overflows-in-function-png_xy_from_.patch.1
@@ -0,0 +1,99 @@
+From 65470ac86c9d479e18c58c181170163925b5f9a1 Mon Sep 17 00:00:00 2001
+From: John Bowler <jbow...@acm.org>
+Date: Sat, 12 Oct 2024 14:55:03 -0700
+Subject: [PATCH] fix: Avoid integer overflows in function `png_xy_from_XYZ`
+
+This is a cherry-picked of commit f45531cc141dc20dc7a4046bbe92270b1e799a5d
+from branch 'libpng18'.
+
+Reviewed-by: Cosmin Truta <ctr...@gmail.com>
+Signed-off-by: John Bowler <jbow...@acm.org>
+Signed-off-by: Cosmin Truta <ctr...@gmail.com>
+---
+ png.c | 40 ++++++++++++++++++++++++----------------
+ 1 file changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/png.c b/png.c
+index 8cd0179a8..d99e2643b 100644
+--- a/png.c
++++ b/png.c
+@@ -1272,7 +1272,7 @@ png_safe_add(png_int_32 *addend0_and_result, png_int_32
addend1,
+ static int
+ png_xy_from_XYZ(png_xy *xy, const png_XYZ *XYZ)
+ {
+- png_int_32 d, dred, dgreen, dwhite, whiteX, whiteY;
++ png_int_32 d, dred, dgreen, dblue, dwhite, whiteX, whiteY;
+
+ /* 'd' in each of the blocks below is just X+Y+Z for each component,
+ * x, y and z are X,Y,Z/(X+Y+Z).
+@@ -1280,44 +1280,52 @@ png_xy_from_XYZ(png_xy *xy, const png_XYZ *XYZ)
+ d = XYZ->red_X;
+ if (png_safe_add(&d, XYZ->red_Y, XYZ->red_Z))
+ return 1;
+- if (png_muldiv(&xy->redx, XYZ->red_X, PNG_FP_1, d) == 0)
++ dred = d;
++ if (png_muldiv(&xy->redx, XYZ->red_X, PNG_FP_1, dred) == 0)
+ return 1;
+- if (png_muldiv(&xy->redy, XYZ->red_Y, PNG_FP_1, d) == 0)
++ if (png_muldiv(&xy->redy, XYZ->red_Y, PNG_FP_1, dred) == 0)
+ return 1;
+- dred = d;
+- whiteX = XYZ->red_X;
+- whiteY = XYZ->red_Y;
+
+ d = XYZ->green_X;
+ if (png_safe_add(&d, XYZ->green_Y, XYZ->green_Z))
+ return 1;
+- if (png_muldiv(&xy->greenx, XYZ->green_X, PNG_FP_1, d) == 0)
++ dgreen = d;
++ if (png_muldiv(&xy->greenx, XYZ->green_X, PNG_FP_1, dgreen) == 0)
+ return 1;
+- if (png_muldiv(&xy->greeny, XYZ->green_Y, PNG_FP_1, d) == 0)
++ if (png_muldiv(&xy->greeny, XYZ->green_Y, PNG_FP_1, dgreen) == 0)
+ return 1;
+- dgreen = d;
+- whiteX += XYZ->green_X;
+- whiteY += XYZ->green_Y;
+
+ d = XYZ->blue_X;
+ if (png_safe_add(&d, XYZ->blue_Y, XYZ->blue_Z))
+ return 1;
+- if (png_muldiv(&xy->bluex, XYZ->blue_X, PNG_FP_1, d) == 0)
++ dblue = d;
++ if (png_muldiv(&xy->bluex, XYZ->blue_X, PNG_FP_1, dblue) == 0)
+ return 1;
+- if (png_muldiv(&xy->bluey, XYZ->blue_Y, PNG_FP_1, d) == 0)
++ if (png_muldiv(&xy->bluey, XYZ->blue_Y, PNG_FP_1, dblue) == 0)
+ return 1;
+- whiteX += XYZ->blue_X;
+- whiteY += XYZ->blue_Y;
+
+ /* The reference white is simply the sum of the end-point (X,Y,Z) vectors
so
+ * the fillowing calculates (X+Y+Z) of the reference white (media white,
+ * encoding white) itself:
+ */
++ d = dblue;
+ if (png_safe_add(&d, dred, dgreen))
+ return 1;
+-
+ dwhite = d;
+
++ /* Find the white X,Y values from the sum of the red, green and blue X,Y
++ * values.
++ */
++ d = XYZ->red_X;
++ if (png_safe_add(&d, XYZ->green_X, XYZ->blue_X))
++ return 1;
++ whiteX = d;
++
++ d = XYZ->red_Y;
++ if (png_safe_add(&d, XYZ->green_Y, XYZ->blue_Y))
++ return 1;
++ whiteY = d;
++
+ if (png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite) == 0)
+ return 1;
+ if (png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite) == 0)
+--
+2.46.1
+
diff --git
a/external/libpng/0001-libpng16-fix-Correct-the-function-png_fp_sub-in-png.patch.1
b/external/libpng/0001-libpng16-fix-Correct-the-function-png_fp_sub-in-png.patch.1
new file mode 100644
index 000000000000..59a8ccc32c6d
--- /dev/null
+++
b/external/libpng/0001-libpng16-fix-Correct-the-function-png_fp_sub-in-png.patch.1
@@ -0,0 +1,35 @@
+From f14d5fcd1efec749d0137162efbee6013757494b Mon Sep 17 00:00:00 2001
+From: John Bowler <jbow...@acm.org>
+Date: Thu, 10 Oct 2024 08:40:41 -0700
+Subject: [PATCH] [libpng16] fix: Correct the function `png_fp_sub` in png.c
+
+The code erroneously evaluated `addend0+addend1` in the case where
+`addend1` is less than zero. The function is meant to subtract the
+second argument from the first.
+
+This is a cherry-pick of commit 79fd6d1edc8fe8c41ed58c6318bd57761d8f007e
+from branch 'libpng18'.
+
+Reviewed-by: Cosmin Truta <ctr...@gmail.com>
+Signed-off-by: John Bowler <jbow...@acm.org>
+Signed-off-by: Cosmin Truta <ctr...@gmail.com>
+---
+ png.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/png.c b/png.c
+index 8a1e2a451..240db5ab9 100644
+--- a/png.c
++++ b/png.c
+@@ -1241,7 +1241,7 @@ png_fp_sub(png_int_32 addend0, png_int_32 addend1, int
*error)
+ else if (addend1 < 0)
+ {
+ if (0x7fffffff + addend1 >= addend0)
+- return addend0+addend1;
++ return addend0-addend1;
+ }
+ else
+ return addend0;
+--
+2.46.1
+
diff --git a/external/libpng/UnpackedTarball_libpng.mk
b/external/libpng/UnpackedTarball_libpng.mk
index af17418daa6f..461b40931708 100644
--- a/external/libpng/UnpackedTarball_libpng.mk
+++ b/external/libpng/UnpackedTarball_libpng.mk
@@ -17,6 +17,8 @@ $(eval $(call gb_UnpackedTarball_add_files,libpng,.,\
$(eval $(call gb_UnpackedTarball_add_patches,libpng,\
external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1 \
+
external/libpng/0001-libpng16-fix-Correct-the-function-png_fp_sub-in-png.patch.1
\
+
external/libpng/0001-fix-Avoid-integer-overflows-in-function-png_xy_from_.patch.1
\
))
# vim: set noet sw=4 ts=4:
commit 76fdbc032565bdbff87c6e0cde30228780ccb24e
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Sep 17 13:41:24 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:57:08 2024 +0100
ofz#71606 use extended upstream solution
Change-Id: Id4c511572792da1edd7ebbe15c1fb994ac30bdd4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173561
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit bfb66b4ee83e5f92239ea02417ef4c1e4c8f659e)
diff --git a/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
b/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
index af8b53554ebc..7706f71139bb 100644
--- a/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
+++ b/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
@@ -1,27 +1,107 @@
-From e06f9a3bece6130212b244ac4e1a1d316990f3c0 Mon Sep 17 00:00:00 2001
+From 521e8e8f7f3ef05135380d5b755e147826364da5 Mon Sep 17 00:00:00 2001
From: John Bowler <jbow...@acm.org>
Date: Mon, 16 Sep 2024 17:30:38 -0700
Subject: [PATCH] ACES AP0 adjusted fixes
-The subtracts in PNG_XYZ_from_xy might be producing integer overflow
-with some valid but extreme xy values. This re-introduces the previous
-checks but with less limited bounds; sufficient I believe to accomodate
-any reasonable set of endpoints.
+The subtracts in PNG_XYZ_from_xy are producing integer overflow with
+some valid but extreme xy values. This re-introduces the previous
+checks but with less limited bounds; sufficient to accomodate the
+ACEScg end points (ACES AP1) but not for the ACES AP0 end points. Those
+were not working anyway because libpng reads the cHRM parameters as
+unsigned values so they must always be at least 0.
-This is a temporary fix since it outlaws valid PNG cHRM chunks; the only
-valid approaches are not to check or to using floating point arithmetic
-internally.
+A better solution requires recognizing reasonable negative values (ones
+which violate the current spec) and allowing them too, at least on read.
Signed-off-by: John Bowler <jbow...@acm.org>
---
- png.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
+ png.c | 156 ++++++++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 120 insertions(+), 36 deletions(-)
diff --git a/png.c b/png.c
-index 500daea5f..5d6db2974 100644
+index 500daea5f..8a1e2a451 100644
--- a/png.c
+++ b/png.c
-@@ -1289,6 +1289,20 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
+@@ -1203,22 +1203,66 @@ png_colorspace_sync(png_const_structrp png_ptr,
png_inforp info_ptr)
+ #endif /* GAMMA */
+
+ #ifdef PNG_COLORSPACE_SUPPORTED
+-static int
+-png_safe_add(png_int_32 *addend0_and_result, png_int_32 addend1,
+- png_int_32 addend2) {
+- /* Safely add three integers. Returns 0 on success, 1 on overlow.
++static png_int_32
++png_fp_add(png_int_32 addend0, png_int_32 addend1, int *error)
++{
++ /* Safely add two fixed point values setting an error flag and returning
0.5
++ * on overflow.
+ * IMPLEMENTATION NOTE: ANSI requires signed overflow not to occur,
therefore
+ * relying on addition of two positive values producing a negative one is
not
+ * safe.
+ */
+- int addend0 = *addend0_and_result;
+- if (0x7fffffff - addend0 < addend1)
+- return 1;
+- addend0 += addend1;
+- if (0x7fffffff - addend1 < addend2)
+- return 1;
+- *addend0_and_result = addend0 + addend2;
+- return 0;
++ if (addend0 > 0)
++ {
++ if (0x7fffffff - addend0 >= addend1)
++ return addend0+addend1;
++ }
++ else if (addend0 < 0)
++ {
++ if (-0x7fffffff - addend0 <= addend1)
++ return addend0+addend1;
++ }
++ else
++ return addend1;
++
++ *error = 1;
++ return PNG_FP_1/2;
++}
++
++static png_int_32
++png_fp_sub(png_int_32 addend0, png_int_32 addend1, int *error)
++{
++ /* As above but calculate addend0-addend1. */
++ if (addend1 > 0)
++ {
++ if (-0x7fffffff + addend1 <= addend0)
++ return addend0-addend1;
++ }
++ else if (addend1 < 0)
++ {
++ if (0x7fffffff + addend1 >= addend0)
++ return addend0+addend1;
++ }
++ else
++ return addend0;
++
++ *error = 1;
++ return PNG_FP_1/2;
++}
++
++static int
++png_safe_add(png_int_32 *addend0_and_result, png_int_32 addend1,
++ png_int_32 addend2)
++{
++ /* Safely add three integers. Returns 0 on success, 1 on overflow. Does
not
++ * set the result on overflow.
++ */
++ int error = 0;
++ int result = png_fp_add(*addend0_and_result,
++ png_fp_add(addend1, addend2, &error),
++ &error);
++ if (!error) *addend0_and_result = result;
++ return error;
+ }
+
+ /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
+@@ -1289,6 +1333,29 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
png_fixed_point red_inverse, green_inverse, blue_scale;
png_fixed_point left, right, denominator;
@@ -29,19 +109,138 @@ index 500daea5f..5d6db2974 100644
+ * have end points with 0 tristimulus values (these are impossible end
+ * points, but they are used to cover the possible colors). We check
+ * xy->whitey against 5, not 0, to avoid a possible integer overflow.
++ *
++ * The limits here will *not* accept ACES AP0, where bluey is -7700
++ * (-0.0770) because the PNG spec itself requires the xy values to be
++ * unsigned. whitey is also required to be 5 or more to avoid overflow.
++ *
++ * Instead the upper limits have been relaxed to accomodate ACES AP1 where
++ * redz ends up as -600 (-0.006). ProPhotoRGB was already "in range."
++ * The new limit accomodates the AP0 and AP1 ranges for z but not AP0 redy.
+ */
-+ if (xy->redx < -PNG_FP_1 || xy->redx > 2*PNG_FP_1) return 1;
-+ if (xy->redy < -PNG_FP_1 || xy->redy > 2*PNG_FP_1) return 1;
-+ if (xy->greenx < -PNG_FP_1 || xy->greenx > 2*PNG_FP_1) return 1;
-+ if (xy->greeny < -PNG_FP_1 || xy->greeny > 2*PNG_FP_1) return 1;
-+ if (xy->bluex < -PNG_FP_1 || xy->bluex > 2*PNG_FP_1) return 1;
-+ if (xy->bluey < -PNG_FP_1 || xy->bluey > 2*PNG_FP_1) return 1;
-+ if (xy->whitex < -PNG_FP_1 || xy->whitex > 2*PNG_FP_1) return 1;
-+ if (xy->whitey < -PNG_FP_1 || xy->whitey > 2*PNG_FP_1) return 1;
++ const png_fixed_point fpLimit = PNG_FP_1+(PNG_FP_1/10);
++ if (xy->redx < 0 || xy->redx > fpLimit) return 1;
++ if (xy->redy < 0 || xy->redy > fpLimit-xy->redx) return 1;
++ if (xy->greenx < 0 || xy->greenx > fpLimit) return 1;
++ if (xy->greeny < 0 || xy->greeny > fpLimit-xy->greenx) return 1;
++ if (xy->bluex < 0 || xy->bluex > fpLimit) return 1;
++ if (xy->bluey < 0 || xy->bluey > fpLimit-xy->bluex) return 1;
++ if (xy->whitex < 0 || xy->whitex > fpLimit) return 1;
++ if (xy->whitey < 5 || xy->whitey > fpLimit-xy->whitex) return 1;
+
/* The reverse calculation is more difficult because the original
tristimulus
* value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
* derived values were recorded in the cHRM chunk;
+@@ -1432,18 +1499,23 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
+ * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
+ *
+ * Accuracy:
+- * The input values have 5 decimal digits of accuracy. The values are all
in
+- * the range 0 < value < 1, so simple products are in the same range but
may
+- * need up to 10 decimal digits to preserve the original precision and
avoid
+- * underflow. Because we are using a 32-bit signed representation we
cannot
+- * match this; the best is a little over 9 decimal digits, less than 10.
++ * The input values have 5 decimal digits of accuracy.
++ *
++ * In the previous implementation the values were all in the range 0 <
value
++ * < 1, so simple products are in the same range but may need up to 10
++ * decimal digits to preserve the original precision and avoid underflow.
++ * Because we are using a 32-bit signed representation we cannot match
this;
++ * the best is a little over 9 decimal digits, less than 10.
++ *
++ * This range has now been extended to allow values up to 1.1, or 110,000
in
++ * fixed point.
+ *
+ * The approach used here is to preserve the maximum precision within the
+ * signed representation. Because the red-scale calculation above uses the
+- * difference between two products of values that must be in the range
-1..+1
+- * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
+- * factor is irrelevant in the calculation because it is applied to both
+- * numerator and denominator.
++ * difference between two products of values that must be in the range
++ * -1.1..+1.1 it is sufficient to divide the product by 8;
++ * ceil(121,000/32767*2). The factor is irrelevant in the calculation
++ * because it is applied to both numerator and denominator.
+ *
+ * Note that the values of the differences of the products of the
+ * chromaticities in the above equations tend to be small, for example for
+@@ -1465,19 +1537,25 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
+ * Adobe Wide Gamut RGB
+ * 0.258728243040113 0.724682314948566 0.016589442011321
+ */
+- /* By the argument, above overflow should be impossible here. The return
+- * value of 2 indicates an internal error to the caller.
++ int error = 0;
++
++ /* By the argument above overflow should be impossible here, however the
++ * code now simply returns a failure code. The xy subtracts in the
arguments
++ * to png_muldiv are *not* checked for overflow because the checks at the
++ * start guarantee they are in the range 0..110000 and png_fixed_point is a
++ * 32-bit signed number.
+ */
+- if (png_muldiv(&left, xy->greenx-xy->bluex, xy->redy - xy->bluey, 7) == 0)
++ if (png_muldiv(&left, xy->greenx-xy->bluex, xy->redy - xy->bluey, 8) == 0)
+ return 1;
+- if (png_muldiv(&right, xy->greeny-xy->bluey, xy->redx - xy->bluex, 7) == 0)
++ if (png_muldiv(&right, xy->greeny-xy->bluey, xy->redx - xy->bluex, 8) == 0)
+ return 1;
+- denominator = left - right;
++ denominator = png_fp_sub(left, right, &error);
++ if (error) return 1;
+
+ /* Now find the red numerator. */
+- if (png_muldiv(&left, xy->greenx-xy->bluex, xy->whitey-xy->bluey, 7) == 0)
++ if (png_muldiv(&left, xy->greenx-xy->bluex, xy->whitey-xy->bluey, 8) == 0)
+ return 1;
+- if (png_muldiv(&right, xy->greeny-xy->bluey, xy->whitex-xy->bluex, 7) == 0)
++ if (png_muldiv(&right, xy->greeny-xy->bluey, xy->whitex-xy->bluex, 8) == 0)
+ return 1;
+
+ /* Overflow is possible here and it indicates an extreme set of PNG cHRM
+@@ -1485,29 +1563,35 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
+ * scale value because this allows us to delay the multiplication of
white-y
+ * into the denominator, which tends to produce a small number.
+ */
+- if (png_muldiv(&red_inverse, xy->whitey, denominator, left-right) == 0 ||
++ if (png_muldiv(&red_inverse, xy->whitey, denominator,
++ png_fp_sub(left, right, &error)) == 0 || error ||
+ red_inverse <= xy->whitey /* r+g+b scales = white scale */)
+ return 1;
+
+ /* Similarly for green_inverse: */
+- if (png_muldiv(&left, xy->redy-xy->bluey, xy->whitex-xy->bluex, 7) == 0)
++ if (png_muldiv(&left, xy->redy-xy->bluey, xy->whitex-xy->bluex, 8) == 0)
+ return 1;
+- if (png_muldiv(&right, xy->redx-xy->bluex, xy->whitey-xy->bluey, 7) == 0)
++ if (png_muldiv(&right, xy->redx-xy->bluex, xy->whitey-xy->bluey, 8) == 0)
+ return 1;
+- if (png_muldiv(&green_inverse, xy->whitey, denominator, left-right) == 0 ||
++ if (png_muldiv(&green_inverse, xy->whitey, denominator,
++ png_fp_sub(left, right, &error)) == 0 || error ||
+ green_inverse <= xy->whitey)
+ return 1;
+
+ /* And the blue scale, the checks above guarantee this can't overflow but
it
+ * can still produce 0 for extreme cHRM values.
+ */
+- blue_scale = png_reciprocal(xy->whitey) - png_reciprocal(red_inverse) -
+- png_reciprocal(green_inverse);
+- if (blue_scale <= 0)
++ blue_scale = png_fp_sub(png_fp_sub(png_reciprocal(xy->whitey),
++ png_reciprocal(red_inverse), &error),
++ png_reciprocal(green_inverse), &error);
++ if (error || blue_scale <= 0)
+ return 1;
+
+
+- /* And fill in the png_XYZ: */
++ /* And fill in the png_XYZ. Again the subtracts are safe because of the
++ * checks on the xy values at the start (the subtracts just calculate the
++ * corresponding z values.)
++ */
+ if (png_muldiv(&XYZ->red_X, xy->redx, PNG_FP_1, red_inverse) == 0)
+ return 1;
+ if (png_muldiv(&XYZ->red_Y, xy->redy, PNG_FP_1, red_inverse) == 0)
--
2.46.0
commit 97346d35d8137b24f2fccbe8fbdd7c6da1640ba4
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Sep 17 09:22:51 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:57:08 2024 +0100
ofz#71606 use better upstream solution
Change-Id: I088db3a8defd4cddee657c25d35724932339b983
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173541
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit cf6dd625a440e250dc7edf13d03d7a8734a5ea7d)
diff --git a/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
b/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
new file mode 100644
index 000000000000..af8b53554ebc
--- /dev/null
+++ b/external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1
@@ -0,0 +1,47 @@
+From e06f9a3bece6130212b244ac4e1a1d316990f3c0 Mon Sep 17 00:00:00 2001
+From: John Bowler <jbow...@acm.org>
+Date: Mon, 16 Sep 2024 17:30:38 -0700
+Subject: [PATCH] ACES AP0 adjusted fixes
+
+The subtracts in PNG_XYZ_from_xy might be producing integer overflow
+with some valid but extreme xy values. This re-introduces the previous
+checks but with less limited bounds; sufficient I believe to accomodate
+any reasonable set of endpoints.
+
+This is a temporary fix since it outlaws valid PNG cHRM chunks; the only
+valid approaches are not to check or to using floating point arithmetic
+internally.
+
+Signed-off-by: John Bowler <jbow...@acm.org>
+---
+ png.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/png.c b/png.c
+index 500daea5f..5d6db2974 100644
+--- a/png.c
++++ b/png.c
+@@ -1289,6 +1289,20 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
+ png_fixed_point red_inverse, green_inverse, blue_scale;
+ png_fixed_point left, right, denominator;
+
++ /* Check xy and, implicitly, z. Note that wide gamut color spaces
typically
++ * have end points with 0 tristimulus values (these are impossible end
++ * points, but they are used to cover the possible colors). We check
++ * xy->whitey against 5, not 0, to avoid a possible integer overflow.
++ */
++ if (xy->redx < -PNG_FP_1 || xy->redx > 2*PNG_FP_1) return 1;
++ if (xy->redy < -PNG_FP_1 || xy->redy > 2*PNG_FP_1) return 1;
++ if (xy->greenx < -PNG_FP_1 || xy->greenx > 2*PNG_FP_1) return 1;
++ if (xy->greeny < -PNG_FP_1 || xy->greeny > 2*PNG_FP_1) return 1;
++ if (xy->bluex < -PNG_FP_1 || xy->bluex > 2*PNG_FP_1) return 1;
++ if (xy->bluey < -PNG_FP_1 || xy->bluey > 2*PNG_FP_1) return 1;
++ if (xy->whitex < -PNG_FP_1 || xy->whitex > 2*PNG_FP_1) return 1;
++ if (xy->whitey < -PNG_FP_1 || xy->whitey > 2*PNG_FP_1) return 1;
++
+ /* The reverse calculation is more difficult because the original
tristimulus
+ * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
+ * derived values were recorded in the cHRM chunk;
+--
+2.46.0
+
diff --git a/external/libpng/UnpackedTarball_libpng.mk
b/external/libpng/UnpackedTarball_libpng.mk
index dca4e4b5cfe9..af17418daa6f 100644
--- a/external/libpng/UnpackedTarball_libpng.mk
+++ b/external/libpng/UnpackedTarball_libpng.mk
@@ -15,4 +15,8 @@ $(eval $(call gb_UnpackedTarball_add_files,libpng,.,\
external/libpng/configs/pnglibconf.h \
))
+$(eval $(call gb_UnpackedTarball_add_patches,libpng,\
+ external/libpng/0001-ACES-AP0-adjusted-fixes.patch.1 \
+))
+
# vim: set noet sw=4 ts=4:
commit 61d1b6a0a1f373af10d1b41450172731d515008c
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Fri Sep 13 08:00:40 2024 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:40:14 2024 +0100
libpng: upgrade to 1.6.44
Downloaded from
https://unlimited.dl.sourceforge.net/project/libpng/libpng16/1.6.44/libpng-1.6.44.tar.xz
Change-Id: I0132e6edb0078d1d4479bb79b7f740c23719d72b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173295
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit f58e164140be718dd6c2de1664ea05526a478345)
(cherry picked from commit 7871bd95292e318392213a1c335ef72dcb99b4b6)
diff --git a/download.lst b/download.lst
index 661629d664a1..0a4f40662e19 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
6a5ca0652392a2d7c9db2ae5b40210843c0bbc081cbd410825ab00cc59f14a6c
-LIBPNG_TARBALL := libpng-1.6.43.tar.xz
+LIBPNG_SHA256SUM :=
60c4da1d5b7f0aa8d158da48e8f8afa9773c1c8baa5d21974df61f1886b8ce8e
+LIBPNG_TARBALL := libpng-1.6.44.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit 2b9cba661eeaccdd6b2f2f568ad5e545d62e6bbd
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Wed Mar 20 10:49:53 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:39:37 2024 +0100
libpng: upgrade to 1.6.43
Change-Id: Ia1ddc21dc521cf97b75a64d806417cbfe5dec623
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165050
Tested-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit f29222eaf385891620d4868827b27e734752018e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165182
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 78f0fa2f7e408cbc75ffe99f61f6a556bed2a032)
diff --git a/download.lst b/download.lst
index dac0c69c51c1..661629d664a1 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450
-LIBPNG_TARBALL := libpng-1.6.42.tar.xz
+LIBPNG_SHA256SUM :=
6a5ca0652392a2d7c9db2ae5b40210843c0bbc081cbd410825ab00cc59f14a6c
+LIBPNG_TARBALL := libpng-1.6.43.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit c470137e71db8ad4c839b3eb30ff287f4b4d340d
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Mon Feb 19 13:01:54 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:39:37 2024 +0100
libpng: upgrade to 1.6.42
Change-Id: I03fccf59bb1c2fa51478e812e629ff2ffac0e893
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163593
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 7b2ddc88019852b7731b888e7b8eb669e760a8d7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163830
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 3a423e3a288a9a5b10af6119e58123649f38e6a3)
diff --git a/download.lst b/download.lst
index 3e52385e7144..dac0c69c51c1 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
535b479b2467ff231a3ec6d92a525906fb8ef27978be4f66dbe05d3f3a01b3a1
-LIBPNG_TARBALL := libpng-1.6.40.tar.xz
+LIBPNG_SHA256SUM :=
c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450
+LIBPNG_TARBALL := libpng-1.6.42.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/libpng/UnpackedTarball_libpng.mk
b/external/libpng/UnpackedTarball_libpng.mk
index 2a8ad3f84406..dca4e4b5cfe9 100644
--- a/external/libpng/UnpackedTarball_libpng.mk
+++ b/external/libpng/UnpackedTarball_libpng.mk
@@ -15,8 +15,4 @@ $(eval $(call gb_UnpackedTarball_add_files,libpng,.,\
external/libpng/configs/pnglibconf.h \
))
-$(eval $(call gb_UnpackedTarball_add_patches,libpng,\
- external/libpng/libpng-osx.patch.1 \
-))
-
# vim: set noet sw=4 ts=4:
commit dd130d03638204b391cfd951bb8c13e640b7bc4c
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Mon Jul 3 22:01:59 2023 +0900
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:36:24 2024 +0100
libpng: upgrade to release 1.6.40
Change-Id: I2f366045097a6f063e26703b4132710573a40e65
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153879
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 2c733d79d8d1ce630711c5b9bcceb2b6f99eb51a)
diff --git a/download.lst b/download.lst
index 5e119e622144..3e52385e7144 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937
-LIBPNG_TARBALL := libpng-1.6.39.tar.xz
+LIBPNG_SHA256SUM :=
535b479b2467ff231a3ec6d92a525906fb8ef27978be4f66dbe05d3f3a01b3a1
+LIBPNG_TARBALL := libpng-1.6.40.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit 0a9c4e760c78a3870742417c9a54eccb494499cc
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Sun Dec 11 15:13:32 2022 +0900
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:35:27 2024 +0100
libpng: upgrade to release 1.6.39
Change-Id: I46ad0c9426a115ba19620814397a834923e03ca6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 9fb776f508a676d4c7255b5cfc6dfdc00d620a8c)
diff --git a/download.lst b/download.lst
index 822d3698460d..5e119e622144 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be
-LIBPNG_TARBALL := libpng-1.6.38.tar.xz
+LIBPNG_SHA256SUM :=
1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937
+LIBPNG_TARBALL := libpng-1.6.39.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit 2fbbe3aeeab55ce7900e2a8119351ec8a6cff06f
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Wed Sep 21 17:17:35 2022 +0900
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Dec 11 19:32:01 2024 +0100
libpng: update to release 1.6.38
Change-Id: Ife594699cc8736ffdfc8f68e462d11416d7930e9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140311
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 18f4fc547a8c055afdaec4aad69c9fea387696c3)
diff --git a/download.lst b/download.lst
index f219bbded558..822d3698460d 100644
--- a/download.lst
+++ b/download.lst
@@ -465,8 +465,8 @@ PIXMAN_TARBALL :=
e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
-LIBPNG_TARBALL := libpng-1.6.37.tar.xz
+LIBPNG_SHA256SUM :=
b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be
+LIBPNG_TARBALL := libpng-1.6.38.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/libpng/libpng-osx.patch.1
b/external/libpng/libpng-osx.patch.1
index 0e9d7336a762..387b3a8cc613 100644
--- a/external/libpng/libpng-osx.patch.1
+++ b/external/libpng/libpng-osx.patch.1
@@ -4,7 +4,7 @@ Avoid warning: 'inflateValidate' is only available on macOS
10.13 or newer [-Wun
--- a/pngrutil.c
+++ b/pngrutil.c
-@@ -419,7 +419,8 @@
+@@ -422,7 +422,8 @@
}
#if ZLIB_VERNUM >= 0x1290 && \
