avmedia/source/viewer/mediawindow_impl.cxx
| 13 -
config_host.mk.in
| 1
configure.ac
| 8
desktop/source/app/cmdlineargs.cxx
| 2
download.lst
| 8
editeng/source/items/frmitems.cxx
| 9
embeddedobj/source/commonembedding/persistence.cxx
| 17 +
external/poppler/StaticLibrary_poppler.mk
| 2
external/poppler/UnpackedTarball_poppler.mk
| 2
external/poppler/clang-std-ranges.patch.1
| 122 ++++++++++
external/poppler/disable-freetype.patch.1
| 7
external/poppler/disable-nss-and-gpgmepp.patch.1
| 103 --------
external/poppler/inc/pch/precompiled_poppler.hxx
| 9
external/poppler/poppler-config.patch.1
| 26 +-
external/redland/ExternalProject_raptor.mk
| 19 +
external/redland/ExternalProject_redland.mk
| 6
external/redland/Library_raptor.mk
| 2
external/redland/README
| 2
external/redland/UnpackedTarball_raptor.mk
| 6
external/redland/UnpackedTarball_redland.mk
| 1
external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
| 33 --
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
| 43 ---
external/redland/raptor/CVE-2024-57823.patch.1
| 35 ++
external/redland/raptor/Wint-conversion.patch
| 22 -
external/redland/raptor/libtool.patch
| 27 --
external/redland/raptor/raptor-android.patch.1
| 10
external/redland/raptor/raptor-bundled-soname.patch.1
| 12
external/redland/raptor/raptor-emscripten.patch.1
| 8
external/redland/raptor/raptor-freebsd.patch.1
| 31 --
external/redland/raptor/raptor-icu.patch
| 11
external/redland/raptor/raptor-msvc.patch.1
| 10
external/redland/raptor/raptor2.h
| 32 +-
external/redland/raptor/raptor_config.h
| 46 +--
external/redland/raptor/ubsan.patch
| 14 -
external/redland/raptor/xml2-config.patch
| 6
external/redland/rasqal/rasqal-pkgconfig.patch.1
| 3
external/redland/redland/ubsan.patch
| 11
forms/source/component/ImageControl.cxx
| 7
forms/source/component/clickableimage.cxx
| 11
include/toolkit/controls/unocontrols.hxx
| 2
package/qa/cppunit/data/pass/no_usb_2024-11-06.xlsx
|binary
package/qa/cppunit/data/tdf163818.odg
|binary
package/qa/cppunit/test_zippackage.cxx
| 22 +
package/source/zipapi/ZipFile.cxx
| 33 +-
sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
| 5
sfx2/source/appl/linkmgr2.cxx
| 5
shell/Library_syssh.mk
| 4
shell/source/win32/SysShExec.cxx
| 9
sw/source/filter/html/htmlgrin.cxx
| 3
toolkit/inc/helper/property.hxx
| 1
toolkit/source/awt/vclxwindows.cxx
| 1
toolkit/source/controls/dialogcontrol.cxx
| 4
toolkit/source/controls/unocontrols.cxx
| 14 -
toolkit/source/helper/property.cxx
| 2
tools/Library_tl.mk
| 2
tools/qa/cppunit/test_urlobj.cxx
| 44 +++
tools/source/fsys/urlobj.cxx
| 31 ++
unotools/source/misc/mediadescriptor.cxx
| 4
vcl/Library_vcl.mk
| 2
vcl/source/filter/graphicfilter.cxx
| 8
vcl/source/gdi/embeddedfontshelper.cxx
| 16 -
xmloff/source/forms/elementimport.cxx
| 9
xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk
| 1
xmlsecurity/CppunitTest_xmlsecurity_signing.mk
| 1
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
| 5
xmlsecurity/qa/unit/signing/signing.cxx
| 5
66 files changed, 555 insertions(+), 415 deletions(-)
New commits:
commit 938a409c31309e5220c64ac0ef19405c6020e62b
Author: Thorsten Behrens <thorsten.behr...@allotropia.de>
AuthorDate: Fri Jan 12 12:01:29 2024 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:43:35 2025 +0100
Fix system-libfixmath
Seems distros start to disagree on whether its liblibfixmath or just
libfixmath.
Change-Id: I54a42b2ba050980ae632ab3c82254131cad7787e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161969
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/config_host.mk.in b/config_host.mk.in
index 14569b3c17bd..f8c941679038 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -442,6 +442,7 @@ export LIBXML_JAR=@LIBXML_JAR@
export LIBXML_LIBS=$(gb_SPACE)@LIBXML_LIBS@
export LIBXSLT_CFLAGS=$(gb_SPACE)@LIBXSLT_CFLAGS@
export LIBXSLT_LIBS=$(gb_SPACE)@LIBXSLT_LIBS@
+export LIBFIXMATH_LIBS=$(gb_SPACE)@LIBFIXMATH_LIBS@
export LOCKFILE=@LOCKFILE@
export LO_CLANG_CC=@LO_CLANG_CC@
export LO_CLANG_CXX=@LO_CLANG_CXX@
diff --git a/configure.ac b/configure.ac
index b1ba82d94055..c5dc97845e4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10685,13 +10685,17 @@ if test "$with_system_libfixmath" = "yes"; then
AC_LANG_PUSH([C++])
AC_CHECK_HEADER([libfixmath/fix16.hpp], [],
[AC_MSG_ERROR([libfixmath/fix16.hpp not found. install libfixmath])],
[])
- AC_CHECK_LIB([libfixmath], [fix16_mul], [:], [AC_MSG_ERROR(libfixmath lib
not found or functional)], [])
+ AC_CHECK_LIB([libfixmath], [fix16_mul], [LIBFIXMATH_LIBS=-llibfixmath],
+ [AC_CHECK_LIB([fixmath], [fix16_mul],
[LIBFIXMATH_LIBS=-lfixmath],
+ [AC_MSG_ERROR(libfixmath lib not found or
functional)])])
AC_LANG_POP([C++])
else
AC_MSG_RESULT([internal])
SYSTEM_LIBFIXMATH=
+ LIBFIXMATH_LIBS=
fi
AC_SUBST([SYSTEM_LIBFIXMATH])
+AC_SUBST([LIBFIXMATH_LIBS])
dnl ===================================================================
dnl Check for system glm
diff --git a/tools/Library_tl.mk b/tools/Library_tl.mk
index 8269e6ae98bf..7933e7735cd6 100644
--- a/tools/Library_tl.mk
+++ b/tools/Library_tl.mk
@@ -116,7 +116,7 @@ endif
ifeq ($(SYSTEM_LIBFIXMATH),TRUE)
$(eval $(call gb_Library_add_libs,tl,\
- -llibfixmath \
+ $(LIBFIXMATH_LIBS) \
))
endif
diff --git a/vcl/Library_vcl.mk b/vcl/Library_vcl.mk
index fb9687dc47c0..d4c72bfe9c0d 100644
--- a/vcl/Library_vcl.mk
+++ b/vcl/Library_vcl.mk
@@ -565,7 +565,7 @@ vcl_headless_freetype_code=\
ifeq ($(SYSTEM_LIBFIXMATH),TRUE)
$(eval $(call gb_Library_add_libs,vcl,\
- -llibfixmath \
+ $(LIBFIXMATH_LIBS) \
))
endif
commit e6bbb36487c73c9399c34cb6242cfae27fc4f38e
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Dec 17 13:41:33 2024 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
xmlsecurity: fix tests to run with system NSS on Fedora 40
testDropMacroTemplateSignature fails printing this:
warn:xmlsecurity.xmlsec:3511616:3511616:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
signatures.c:599: xmlSecNssSignatureSetKey() 'rsa-sha1' 'VFY_CreateContext' 4
'NSS error: -8011'
because policy sets NSS_RSA_MIN_KEY_SIZE to 2048.
testPDFGood fails printing this:
warn:svl.crypto:3587940:3587940:svl/source/crypto/cryptosign.cxx:1941:
ValidateSignature: message is not signed
warn:xmlsecurity.helper:3587940:3587940:xmlsecurity/source/helper/pdfsignaturehelper.cxx:482:
failed to determine digest match
because enabling SEC_OID_SHA1 for NSS_USE_ALG_IN_ANY_SIGNATURE doesn't
enable it for SMIME signatures, so smime_allowed_by_policy() fails -
obviously one has to use NSS_USE_ALG_IN_SIGNATURE to enable it in any
signature.
Change-Id: I59ffaf0994eee6b51362fd3296f61465d0fc7903
(cherry picked from commit a7b7b00b78426bff8607c77106ea62dd213f0821)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178663
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk
b/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk
index 667acc97e3e1..67ba9ec124fa 100644
--- a/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk
+++ b/xmlsecurity/CppunitTest_xmlsecurity_pdfsigning.mk
@@ -38,6 +38,7 @@ ifneq ($(OS),WNT)
ifneq (,$(ENABLE_NSS))
$(eval $(call gb_CppunitTest_use_externals,xmlsecurity_pdfsigning,\
nssutil3 \
+ nss3 \
))
endif
endif
diff --git a/xmlsecurity/CppunitTest_xmlsecurity_signing.mk
b/xmlsecurity/CppunitTest_xmlsecurity_signing.mk
index 37d1c2a7dea7..87dae0916902 100644
--- a/xmlsecurity/CppunitTest_xmlsecurity_signing.mk
+++ b/xmlsecurity/CppunitTest_xmlsecurity_signing.mk
@@ -43,6 +43,7 @@ ifneq ($(OS),WNT)
ifneq (,$(ENABLE_NSS))
$(eval $(call gb_CppunitTest_use_externals,xmlsecurity_signing,\
nssutil3 \
+ nss3 \
))
endif
endif
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 46981b250a6f..6786d73ee986 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -13,6 +13,7 @@
#if USE_CRYPTO_NSS
#include <secoid.h>
+#include <nss.h>
#endif
#include <string_view>
@@ -80,7 +81,9 @@ void PDFSigningTest::setUp()
#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
- NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
#endif
#endif
}
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 259737fe82a3..5efeed8acfed 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -15,6 +15,7 @@
#if USE_CRYPTO_NSS
#include <secoid.h>
+#include <nss.h>
#endif
#include <test/unoapixml_test.hxx>
@@ -104,7 +105,9 @@ void SigningTest::setUp()
#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
- NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
#endif
#endif
}
commit ea1ba0be245d35fc9cc5036e6a4c7d969e8fe0fc
Author: Stephan Bergmann <stephan.bergm...@allotropia.de>
AuthorDate: Wed Jul 10 11:19:36 2024 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
Fix UBSan build of ExternalProject_redland
...after c75c21eef670fce33eb5a501357935dbd25be923 "Upgrade raptor to
2.0.16",
where it now started to fail with
> libtool: link: LD_RUN_PATH="/usr/local/lib:" /usr/bin/ccache
/home/tdf/lode/opt_private/clang-llvmorg-12.0.1/bin/clang
--gcc-toolchain=/opt/rh/gcc-toolset-12/root/usr -fsanitize=address
-fsanitize=undefined -fsanitize=float-divide-by-zero -fsanitize=local-bounds
-fsanitize-blacklist=/home/tdf/lode/jenkins/workspace/lo_ubsan/sanitize-ubsan-excludelist
-fno-sanitize=function -DLIBRDF_INTERNAL=1 -O0 -Wp,-U_FORTIFY_SOURCE
-fstrict-aliasing -fstrict-overflow -ggdb2 -gsplit-dwarf -Xclang
-debug-info-kind=constructor -Wl,-z -Wl,origin -Wl,-rpath -Wl,\$ORIGIN
-Wl,-rpath-link -Wl,/home/tdf/lode/jenkins/workspace/lo_ubsan/instdir/program
-Wl,-z -Wl,origin -Wl,-rpath -Wl,\$ORIGIN -Wl,-rpath-link
-Wl,/home/tdf/lode/jenkins/workspace/lo_ubsan/instdir/program -o
.libs/redland-db-upgrade db_upgrade.o
-L/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/raptor/src/.libs
/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/raptor/src/.libs/libraptor2.so
-L/home/tdf/
lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/libxml2/.libs
/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/libxml2/.libs/libxml2.so
-L/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/rasqal/src/.libs
/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/UnpackedTarball/rasqal/src/.libs/librasqal.so
../src/.libs/librdf.so
> /opt/rh/gcc-toolset-12/root/usr/bin/ld:
/home/tdf/lode/jenkins/workspace/lo_ubsan/instdir/program/libicuuc.so.74:
undefined reference to `__ubsan_vptr_type_cache'
> /opt/rh/gcc-toolset-12/root/usr/bin/ld:
/home/tdf/lode/jenkins/workspace/lo_ubsan/instdir/program/libicuuc.so.74:
undefined reference to `__ubsan_handle_function_type_mismatch_v1'
> /opt/rh/gcc-toolset-12/root/usr/bin/ld:
/home/tdf/lode/jenkins/workspace/lo_ubsan/instdir/program/libicuuc.so.74:
undefined reference to `__ubsan_handle_dynamic_type_cache_miss'
> clang-12: error: linker command failed with exit code 1 (use -v to see
invocation)
> make[3]: *** [Makefile:489: redland-db-upgrade] Error 1
(<https://ci.libreoffice.org/job/lo_ubsan/3239/>) because $(CC) is used to
link
a (nominally C-only) executable that links against C++ ICU shared libraries
that
in turn require a C++-specific UBSan library to be linked in. So just use
$(CXX) for linking instead.
Change-Id: If7c61c6ee7e1b43965a928b1560f8ab4ae2b0603
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170277
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
(cherry picked from commit b3300387f2e14ea59c70db513a8f6eda6fe17afa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173793
Tested-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
diff --git a/external/redland/UnpackedTarball_redland.mk
b/external/redland/UnpackedTarball_redland.mk
index 66e766d20fee..31ebcb8f2f0a 100644
--- a/external/redland/UnpackedTarball_redland.mk
+++ b/external/redland/UnpackedTarball_redland.mk
@@ -33,6 +33,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,redland,\
external/redland/redland/rpath.patch \
external/redland/redland/clang-cl.patch \
external/redland/redland/libtool.patch \
+ external/redland/redland/ubsan.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/redland/redland/ubsan.patch
b/external/redland/redland/ubsan.patch
new file mode 100644
index 000000000000..8226258ea38b
--- /dev/null
+++ b/external/redland/redland/ubsan.patch
@@ -0,0 +1,11 @@
+--- utils/Makefile.in
++++ utils/Makefile.in
+@@ -106,7 +106,7 @@
+ AM_V_at = $(am__v_at_@AM_V@)
+ am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+ am__v_at_0 = @
+-CCLD = $(CC)
++CCLD = $(CXX)
+ LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
commit a864292e7f71ee0992df28bee0c9a8c90ee042e7
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Jan 7 18:42:29 2025 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
sdext: adapt xpdfwrapper to poppler 24.12
Change-Id: Ia47edf2ac821e3ef5c40f7582253f894eac74060
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179902
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit aa94faf493945e854a888e809a9c5cc8d6d0b978)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179957
Tested-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
index 2517618e1019..a46932944ede 100644
--- a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
+++ b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
@@ -1037,7 +1037,12 @@ void PDFOutDev::drawImageMask(GfxState* pState, Object*,
Stream* str,
int bitsPerComponent = 1;
StreamColorSpaceMode csMode = streamCSNone;
+#if POPPLER_CHECK_VERSION(24, 12, 0)
+ bool hasAlpha;
+ str->getImageParams( &bitsPerComponent, &csMode, &hasAlpha );
+#else
str->getImageParams( &bitsPerComponent, &csMode );
+#endif
if( bitsPerComponent == 1 && (csMode == streamCSNone || csMode ==
streamCSDeviceGray) )
{
GfxRGB oneColor = { dblToCol( 1.0 ), dblToCol( 1.0 ), dblToCol( 1.0 )
};
commit 0347bb7713e8e7b856a0bdbd178059b4bbc39ac4
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Jan 30 20:37:38 2025 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
Filter out more unwanted command URIs
Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181016
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 7105fb698f897ddb38bd60315444c07356689e14)
diff --git a/desktop/source/app/cmdlineargs.cxx
b/desktop/source/app/cmdlineargs.cxx
index e7f315204048..fc791631bb0e 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -166,7 +166,7 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg,
CommandLineEvent cur
if (nURIlen < 0)
nURIlen = rest2.getLength();
auto const uri = rest2.subView(0, nURIlen);
- if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+ if (INetURLObject(uri).IsExoticProtocol()) {
// Let the "Open" machinery process the full command URI (leading to
failure, by intention,
// as the "Open" machinery does not know about those command URI
schemes):
curEvt = CommandLineEvent::Open;
commit 497201ccdeb247fe88d95e4fb9f05eb280e76aa0
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Jan 7 08:59:25 2025 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
check if non-file uris could be interpreted as a file system pathname
Change-Id: If283bec44ad1d648c68a5d0f028855e09c09017e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179868
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 400970acf4241632d084f66275161fc4b4ac1b21)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179990
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit df54e1e3532584ee11c6ebb54a35302a5c5f6201)
diff --git a/shell/Library_syssh.mk b/shell/Library_syssh.mk
index 72ff73842dc3..27657c4456aa 100644
--- a/shell/Library_syssh.mk
+++ b/shell/Library_syssh.mk
@@ -25,6 +25,10 @@ $(eval $(call gb_Library_use_system_win32_libs,syssh,\
shell32 \
))
+$(eval $(call gb_Library_use_libraries,syssh,\
+ tl \
+))
+
$(eval $(call
gb_Library_set_componentfile,syssh,shell/source/win32/syssh,services))
$(eval $(call gb_Library_add_exception_objects,syssh,\
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 57e59f96b6f0..41c9fd3be7fe 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -38,6 +38,7 @@
#include <o3tl/runtimetooustring.hxx>
#include <o3tl/safeCoInitUninit.hxx>
#include <o3tl/string_view.hxx>
+#include <tools/urlobj.hxx>
#include <prewin.h>
#include <Shlobj.h>
@@ -360,6 +361,14 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
}
}
}
+ } else {
+ // Filter out input that technically is a non-file URI, but could
be interpreted by
+ // ShellExecuteExW as a file system pathname.
+ if (INetURLObject(aCommand, INetProtocol::File).GetProtocol() ==
INetProtocol::File) {
+ throw css::lang::IllegalArgumentException(
+ "XSystemShellExecute.execute URIS_ONLY with non-URI
pathname " + aCommand,
+ getXWeak(), 0);
+ }
}
}
commit 1823a884c2edf31f0e6b489ee9d0ea2bb0d30baa
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jan 15 10:55:05 2025 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
redland: disable all raptor parsers except for "rdfxml"
It's the only one the unordf component invokes.
CVE-2024-57823 CVE-2024-57822 affect the "ntriples" and "turtle"
parsers.
However it appears that the function raptor_uri_normalize_path() could
also be called from raptor_libxml_* functions? Somewhat unclear, let's
add the patch just in case.
Change-Id: Idd7ebbc29c63e84ca2434b06c26f7aca34bdcaa5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/180272
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 2b50dc0e4482ac0ad27d69147b4175e05af4fba4)
diff --git a/external/redland/ExternalProject_raptor.mk
b/external/redland/ExternalProject_raptor.mk
index 8b800f76eea0..944f7e0b40d4 100644
--- a/external/redland/ExternalProject_raptor.mk
+++ b/external/redland/ExternalProject_raptor.mk
@@ -36,7 +36,7 @@ $(call gb_ExternalProject_get_state_target,raptor,build):
$(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl)))' \
CPPFLAGS="$(if $(SYSBASE),-I$(SYSBASE)/usr/include)
$(gb_EMSCRIPTEN_CPPFLAGS)" \
$(gb_RUN_CONFIGURE) ./configure --disable-gtk-doc \
- --enable-parsers="rdfxml ntriples turtle trig guess
rss-tag-soup" \
+ --enable-parsers="rdfxml" \
--without-www \
--without-xslt-config \
$(gb_CONFIGURE_PLATFORMS) \
diff --git a/external/redland/UnpackedTarball_raptor.mk
b/external/redland/UnpackedTarball_raptor.mk
index 6dc6491132df..dddfb4ba7923 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -30,6 +30,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
external/redland/raptor/xml2-config.patch \
external/redland/raptor/raptor-libxml2-11.patch.1 \
$(if $(SYSTEM_ICU),,external/redland/raptor/raptor-icu.patch) \
+ external/redland/raptor/CVE-2024-57823.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/redland/raptor/CVE-2024-57823.patch.1
b/external/redland/raptor/CVE-2024-57823.patch.1
new file mode 100644
index 000000000000..b06689304b0a
--- /dev/null
+++ b/external/redland/raptor/CVE-2024-57823.patch.1
@@ -0,0 +1,35 @@
+--- raptor2-2.0.15/src/raptor_rfc2396.c.CVE-2024-57823 2014-07-26
23:07:37.000000000 +0200
++++ raptor2-2.0.15/src/raptor_rfc2396.c 2025-01-13 12:59:22.175568228
+0100
+@@ -289,10 +289,8 @@ raptor_uri_normalize_path(unsigned char*
+ }
+
+
+-#if defined(RAPTOR_DEBUG)
+ if(path_len != strlen((const char*)path_buffer))
+ RAPTOR_FATAL4("Path '%s' length %ld does not match calculated %ld.",
(const char*)path_buffer, (long)strlen((const char*)path_buffer),
(long)path_len);
+-#endif
+
+ /* Remove all "<component>/../" path components */
+
+@@ -327,10 +325,8 @@ raptor_uri_normalize_path(unsigned char*
+ if(!prev || !cur)
+ continue;
+
+-#if defined(RAPTOR_DEBUG)
+ if(path_len != strlen((const char*)path_buffer))
+ RAPTOR_FATAL3("Path length %ld does not match calculated %ld.",
(long)strlen((const char*)path_buffer), (long)path_len);
+-#endif
+
+ /* If the current one is '..' */
+ if(s == (cur+2) && cur[0] == '.' && cur[1] == '.') {
+@@ -393,10 +389,8 @@ raptor_uri_normalize_path(unsigned char*
+ }
+
+
+-#if defined(RAPTOR_DEBUG)
+ if(path_len != strlen((const char*)path_buffer))
+ RAPTOR_FATAL3("Path length %ld does not match calculated %ld.",
(long)strlen((const char*)path_buffer), (long)path_len);
+-#endif
+
+ /* RFC3986 Appendix C.2 / 5.4.2 Abnormal Examples
+ * Remove leading /../ and /./
commit bd5265520874cfe27acd503e4bcae2df0e4e3c4a
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Wed Jul 3 14:08:47 2024 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
raptor: Use --without-www
it seems not used. Besides, it fails when upgrading
to libxml2 2.13.
See https://gerrit.libreoffice.org/c/core/+/169327
Change-Id: If383130eac3b5d6de911c4c273c8e371a4980f23
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169933
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 25b37b4c8c8c5aef7cd530d919258bd8e5dce068)
diff --git a/external/redland/ExternalProject_raptor.mk
b/external/redland/ExternalProject_raptor.mk
index deff4f8dce4b..8b800f76eea0 100644
--- a/external/redland/ExternalProject_raptor.mk
+++ b/external/redland/ExternalProject_raptor.mk
@@ -36,8 +36,8 @@ $(call gb_ExternalProject_get_state_target,raptor,build):
$(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl)))' \
CPPFLAGS="$(if $(SYSBASE),-I$(SYSBASE)/usr/include)
$(gb_EMSCRIPTEN_CPPFLAGS)" \
$(gb_RUN_CONFIGURE) ./configure --disable-gtk-doc \
- --enable-parsers="rdfxml ntriples turtle trig guess
rss-tag-soup" \
- --with-www=xml \
+ --enable-parsers="rdfxml ntriples turtle trig guess
rss-tag-soup" \
+ --without-www \
--without-xslt-config \
$(gb_CONFIGURE_PLATFORMS) \
$(if $(CROSS_COMPILING),$(if $(filter INTEL
ARM,$(CPUNAME)),ac_cv_c_bigendian=no)) \
commit f42c8d8817f3e0a479193c96027c3e6770b79e38
Author: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
AuthorDate: Wed Jul 17 13:38:22 2024 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
fix raptor build when using system-icu
Change-Id: I1671e5872deb583c1c0395ab49ab33b171d0e086
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170620
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit c1b00424f17eaea8f55565dae285521c1ec4d042)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/174003
Tested-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
diff --git a/external/redland/ExternalProject_raptor.mk
b/external/redland/ExternalProject_raptor.mk
index 02085cee5684..deff4f8dce4b 100644
--- a/external/redland/ExternalProject_raptor.mk
+++ b/external/redland/ExternalProject_raptor.mk
@@ -14,7 +14,9 @@ $(eval $(call gb_ExternalProject_use_externals,raptor,\
libxml2 \
))
+ifeq ($(SYSTEM_ICU),)
$(eval $(call gb_ExternalProject_use_package,raptor,icu_ure))
+endif
$(eval $(call gb_ExternalProject_register_targets,raptor,\
build \
commit 6539a5ead3208953432a778c072a20a3b84b00b3
Author: Taichi haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Sat Jan 6 14:49:07 2024 +0900
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
Upgrade raptor to 2.0.16
- Fixes CVE-2017-18926 and CVE-2020-25713.
- drop 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1:
merged upstream
- drop 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1:
merged upstream
- drop libtool.patch: merged upstream
- drop most of raptor-freebsd.patch.1: merged upstream
- drop most of raptor-msvc.patch.1: merged upsttream
- drop most of ubsan.patch: merged upstream
- drop Wint-conversion.patch: merged upstream
depend on package icu_ure to have libicuuc delivered and add corresponding
directory to rpath-link to make sure the right copy is picked up
use $(strip ...) in LDFLAGS to avoid having to escape , with $(COMMA)
(cherry-picked from c75c21eef670fce33eb5a501357935dbd25be923)
Change-Id: Ic05269ade5dae3761d98432ee504a51434a4c753
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161704
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Tested-by: Jenkins
diff --git a/configure.ac b/configure.ac
index 1c985f6a7978..b1ba82d94055 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10856,7 +10856,7 @@ dnl
===================================================================
ICU_MAJOR=73
ICU_MINOR=2
ICU_CFLAGS_internal="-I${WORKDIR}/UnpackedTarball/icu/source/i18n
-I${WORKDIR}/UnpackedTarball/icu/source/common"
-ICU_LIBS_internal="-L${WORKDIR}/UnpackedTarball/icu/source/lib"
+ICU_LIBS_internal="-L${WORKDIR}/UnpackedTarball/icu/source/lib -licuuc"
libo_CHECK_SYSTEM_MODULE([icu],[ICU],[icu-i18n >= 66])
if test "$SYSTEM_ICU" = TRUE; then
AC_LANG_PUSH([C++])
diff --git a/download.lst b/download.lst
index e97c5ba39d8a..a4a3569bd49c 100644
--- a/download.lst
+++ b/download.lst
@@ -565,8 +565,8 @@ QXP_TARBALL := libqxp-0.0.2.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-RAPTOR_SHA256SUM :=
ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
-RAPTOR_TARBALL := a39f6c07ddb20d7dd2ff1f95fa21e2cd-raptor2-2.0.15.tar.gz
+RAPTOR_SHA256SUM :=
089db78d7ac982354bdbf39d973baf09581e6904ac4c92a98c5caadb3de44680
+RAPTOR_TARBALL := raptor2-2.0.16.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/redland/ExternalProject_raptor.mk
b/external/redland/ExternalProject_raptor.mk
index 74759c65be31..02085cee5684 100644
--- a/external/redland/ExternalProject_raptor.mk
+++ b/external/redland/ExternalProject_raptor.mk
@@ -9,7 +9,12 @@
$(eval $(call gb_ExternalProject_ExternalProject,raptor))
-$(eval $(call gb_ExternalProject_use_external,raptor,libxml2))
+$(eval $(call gb_ExternalProject_use_externals,raptor,\
+ icu \
+ libxml2 \
+))
+
+$(eval $(call gb_ExternalProject_use_package,raptor,icu_ure))
$(eval $(call gb_ExternalProject_register_targets,raptor,\
build \
@@ -24,9 +29,9 @@ $(call gb_ExternalProject_get_state_target,raptor,build):
$(call gb_ExternalProject_get_build_flags,raptor) \
$(if $(filter
TRUE,$(DISABLE_DYNLOADING)),-fvisibility=hidden) \
$(if $(filter
GCCLINUXPOWERPC64,$(COM)$(OS)$(CPUNAME)),-mminimal-toc)" \
- LDFLAGS=" \
- $(if $(filter LINUX
FREEBSD,$(OS)),-Wl$(COMMA)-z$(COMMA)origin
-Wl$(COMMA)-rpath$(COMMA)\"\$$\$$ORIGIN") \
- $(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl))" \
+ LDFLAGS='$(strip \
+ $(if $(filter LINUX FREEBSD,$(OS)),$(strip -Wl,-z,origin
-Wl,-rpath,\$$$$ORIGIN -Wl,-rpath-link,$(INSTROOT)/$(LIBO_URE_LIB_FOLDER))) \
+ $(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl)))' \
CPPFLAGS="$(if $(SYSBASE),-I$(SYSBASE)/usr/include)
$(gb_EMSCRIPTEN_CPPFLAGS)" \
$(gb_RUN_CONFIGURE) ./configure --disable-gtk-doc \
--enable-parsers="rdfxml ntriples turtle trig guess
rss-tag-soup" \
diff --git a/external/redland/ExternalProject_redland.mk
b/external/redland/ExternalProject_redland.mk
index 0f7afa6d8182..238384a1a545 100644
--- a/external/redland/ExternalProject_redland.mk
+++ b/external/redland/ExternalProject_redland.mk
@@ -25,9 +25,9 @@ $(call gb_ExternalProject_get_state_target,redland,build):
$(call gb_ExternalProject_run,build,\
$(if $(filter -fsanitize=undefined,$(CC)),CC='$(CC)
-fno-sanitize=function') \
CFLAGS="$(CFLAGS) $(if $(filter
TRUE,$(DISABLE_DYNLOADING)),-fvisibility=hidden) $(call
gb_ExternalProject_get_build_flags,redland) $(gb_EMSCRIPTEN_CPPFLAGS)" \
- LDFLAGS=" \
- $(if $(filter LINUX
FREEBSD,$(OS)),-Wl$(COMMA)-z$(COMMA)origin
-Wl$(COMMA)-rpath$(COMMA)\"\$$\$$ORIGIN") \
- $(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl))" \
+ LDFLAGS='$(strip \
+ $(if $(filter LINUX FREEBSD,$(OS)),$(strip -Wl,-z,origin
-Wl,-rpath,\$$$$ORIGIN -Wl,-rpath-link,$(INSTROOT)/$(LIBO_URE_LIB_FOLDER))) \
+ $(if $(SYSBASE),$(if $(filter LINUX
SOLARIS,$(OS)),-L$(SYSBASE)/lib -L$(SYSBASE)/usr/lib -lpthread -ldl)))' \
CPPFLAGS="$(if $(SYSBASE),-I$(SYSBASE)/usr/include)" \
PKG_CONFIG="" \
RAPTOR2_CFLAGS="-I$(call
gb_UnpackedTarball_get_dir,raptor)/src" \
diff --git a/external/redland/Library_raptor.mk
b/external/redland/Library_raptor.mk
index b2779f7dec17..9cfc4aeb36fc 100644
--- a/external/redland/Library_raptor.mk
+++ b/external/redland/Library_raptor.mk
@@ -17,6 +17,8 @@ $(eval $(call gb_Library_set_include,raptor2, \
$(eval $(call gb_Library_use_unpacked,raptor2,raptor))
$(eval $(call gb_Library_use_externals,raptor2,\
+ icu_headers \
+ icuuc \
libxml2 \
libxslt \
))
diff --git a/external/redland/README b/external/redland/README
index 591e93398726..efa6f45d71ba 100644
--- a/external/redland/README
+++ b/external/redland/README
@@ -1,4 +1,4 @@
-Redland RDF library (librdf) from [http://librdf.org/]
+Redland RDF library (librdf) from [https://librdf.org/]
== License ==
[git:redland/LICENSE.txt]
diff --git a/external/redland/UnpackedTarball_raptor.mk
b/external/redland/UnpackedTarball_raptor.mk
index ae61e9e4f3dd..6dc6491132df 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,11 +28,8 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
external/redland/raptor/ubsan.patch \
$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
external/redland/raptor/xml2-config.patch \
-
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
\
-
external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
\
- external/redland/raptor/libtool.patch \
- external/redland/raptor/Wint-conversion.patch \
external/redland/raptor/raptor-libxml2-11.patch.1 \
+ $(if $(SYSTEM_ICU),,external/redland/raptor/raptor-icu.patch) \
))
# vim: set noet sw=4 ts=4:
diff --git
a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
deleted file mode 100644
index 1fb279df3e4d..000000000000
---
a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
+++ /dev/null
@@ -1,33 +0,0 @@
-From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com>
-Date: Tue, 24 Nov 2020 10:30:20 +0000
-Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
- segfault
-
-due to an out of bounds array access in
-raptor_xml_writer_start_element_common
-
-See:
-https://bugs.mageia.org/show_bug.cgi?id=27605
-https://www.openwall.com/lists/oss-security/2020/11/13/1
-https://gerrit.libreoffice.org/c/core/+/106249
----
- src/raptor_xml_writer.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
-index 56993dc3..4426d38c 100644
---- a/src/raptor_xml_writer.c
-+++ b/src/raptor_xml_writer.c
-@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer*
xml_writer,
-
- /* check it wasn't an earlier declaration too */
- for(j = 0; j < nspace_declarations_count; j++)
-- if(nspace_declarations[j].nspace ==
element->attributes[j]->nspace) {
-+ if(nspace_declarations[j].nspace ==
element->attributes[i]->nspace) {
- declare_me = 0;
- break;
- }
---
-2.28.0
-
diff --git
a/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
b/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
deleted file mode 100644
index 6fa726cae6da..000000000000
---
a/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
+++ /dev/null
@@ -1,43 +0,0 @@
-From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001
-From: Dave Beckett <d...@dajobe.org>
-Date: Sun, 16 Apr 2017 23:15:12 +0100
-Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer
-
-(raptor_xml_writer_start_element_common): Calculate max including for
-each attribute a potential name and value.
-
-Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617
-and #0000618 http://bugs.librdf.org/mantis/view.php?id=618
----
- src/raptor_xml_writer.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
-index 693b946..0d3a36a 100644
---- a/src/raptor_xml_writer.c
-+++ b/src/raptor_xml_writer.c
-@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer*
xml_writer,
- size_t nspace_declarations_count = 0;
- unsigned int i;
-
-- /* max is 1 per element and 1 for each attribute + size of declared */
- if(nstack) {
-- int nspace_max_count = element->attribute_count+1;
-+ int nspace_max_count = element->attribute_count * 2; /* attr and value */
-+ if(element->name->nspace)
-+ nspace_max_count++;
- if(element->declared_nspaces)
- nspace_max_count += raptor_sequence_size(element->declared_nspaces);
- if(element->xml_language)
-@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer*
xml_writer,
- }
- }
-
-- /* Add the attribute + value */
-+ /* Add the attribute's value */
- nspace_declarations[nspace_declarations_count].declaration=
- raptor_qname_format_as_xml(element->attributes[i],
-
&nspace_declarations[nspace_declarations_count].length);
---
-2.9.3
-
diff --git a/external/redland/raptor/Wint-conversion.patch
b/external/redland/raptor/Wint-conversion.patch
deleted file mode 100644
index fb85f4f13518..000000000000
--- a/external/redland/raptor/Wint-conversion.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- src/raptor_parse.c
-+++ src/raptor_parse.c
-@@ -257,7 +257,7 @@
- int
- raptor_world_get_parsers_count(raptor_world* world)
- {
-- RAPTOR_ASSERT_OBJECT_POINTER_RETURN_VALUE(world, raptor_world, NULL);
-+ RAPTOR_ASSERT_OBJECT_POINTER_RETURN_VALUE(world, raptor_world, 0);
-
- raptor_world_open(world);
-
---- src/raptor_serialize.c
-+++ src/raptor_serialize.c
-@@ -240,7 +240,7 @@
- int
- raptor_world_get_serializers_count(raptor_world* world)
- {
-- RAPTOR_ASSERT_OBJECT_POINTER_RETURN_VALUE(world, raptor_world, NULL);
-+ RAPTOR_ASSERT_OBJECT_POINTER_RETURN_VALUE(world, raptor_world, 0);
-
- raptor_world_open(world);
-
diff --git a/external/redland/raptor/libtool.patch
b/external/redland/raptor/libtool.patch
deleted file mode 100644
index b0baae661bab..000000000000
--- a/external/redland/raptor/libtool.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- build/ltmain.sh
-+++ build/ltmain.sh
-@@ -5301,6 +5301,12 @@
- prev=
- continue
- ;;
-+ mllvm)
-+ # Clang does not use LLVM to link, so we can simply discard any
-+ # '-mllvm $arg' options when doing the link step.
-+ prev=
-+ continue
-+ ;;
- objectlist)
- if test -f "$arg"; then
- save_arg=$arg
-@@ -5639,6 +5645,11 @@
- continue
- ;;
-
-+ -mllvm)
-+ prev=mllvm
-+ continue
-+ ;;
-+
- -module)
- module=yes
- continue
diff --git a/external/redland/raptor/raptor-android.patch.1
b/external/redland/raptor/raptor-android.patch.1
index cb843839c848..854f1c6b3932 100644
--- a/external/redland/raptor/raptor-android.patch.1
+++ b/external/redland/raptor/raptor-android.patch.1
@@ -1,13 +1,13 @@
No sonames on Android
---- a/configure 2013-03-29 19:46:34.922901756 +0100
-+++ b/configure 2013-03-29 19:46:56.051901574 +0100
-@@ -9866,7 +9866,7 @@
+--- a/configure 2023-03-02 02:58:10.000000000 +0900
++++ b/configure 2024-03-07 21:32:06.394607400 +0900
+@@ -11165,7 +11165,7 @@
*Sun\ F*) # Sun Fortran 8.3
tmp_sharedflag='-G' ;;
esac
-- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs
$compiler_flags ${wl}-soname $wl$soname -o $lib'
+- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs
$compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs
$compiler_flags -o $lib'
- if test "x$supports_anon_versioning" = xyes; then
+ if test yes = "$supports_anon_versioning"; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
diff --git a/external/redland/raptor/raptor-bundled-soname.patch.1
b/external/redland/raptor/raptor-bundled-soname.patch.1
index cce2482d147f..5e3eef560542 100644
--- a/external/redland/raptor/raptor-bundled-soname.patch.1
+++ b/external/redland/raptor/raptor-bundled-soname.patch.1
@@ -1,11 +1,11 @@
rhbz#809466 change soname of bundled redland libs
---- a/src/Makefile.in 2013-03-29 19:11:27.944919859 +0100
-+++ b/src/Makefile.in 2013-03-29 19:17:42.173916644 +0100
-@@ -507,7 +507,7 @@
- $(am__append_21) $(am__append_22) $(am__append_23) \
- $(am__append_24) $(am__append_25) $(am__append_26)
- libraptor2_la_LIBADD = $(am__append_29) @LTLIBOBJS@
+--- a/src/Makefile.in 2023-03-02 02:58:09.000000000 +0900
++++ b/src/Makefile.in 2024-01-06 13:59:13.424477428 +0900
+@@ -783,7 +783,7 @@
+ $(am__append_24) $(am__append_25) $(am__append_26) \
+ $(am__append_27) $(am__append_28)
+ libraptor2_la_LIBADD = $(am__append_31) @LTLIBOBJS@
-libraptor2_la_LDFLAGS = -version-info @RAPTOR_LIBTOOL_VERSION@ \
+libraptor2_la_LDFLAGS = -version-info @RAPTOR_LIBTOOL_VERSION@ -release lo \
@RAPTOR_LDFLAGS@ $(MEM_LIBS)
diff --git a/external/redland/raptor/raptor-emscripten.patch.1
b/external/redland/raptor/raptor-emscripten.patch.1
index e3c53b35b7b0..847ccfe8341b 100644
--- a/external/redland/raptor/raptor-emscripten.patch.1
+++ b/external/redland/raptor/raptor-emscripten.patch.1
@@ -1,12 +1,12 @@
-*- Mode: Diff -*-
--- raptor/src/sort_r.h
+++ raptor/src/sort_r.h
-@@ -27,7 +27,7 @@
- defined AMIGA)
+@@ -28,7 +28,7 @@
# define _SORT_R_BSD
#elif (defined _GNU_SOURCE || defined __gnu_hurd__ || defined __GNU__ || \
-- defined __linux__ || defined __MINGW32__ || defined __GLIBC__)
-+ defined __linux__ || defined __MINGW32__ || defined __GLIBC__ ||
defined __EMSCRIPTEN__)
+ defined __linux__ || defined __MINGW32__ || defined __GLIBC__ || \
+- defined __CYGWIN__)
++ defined __CYGWIN__ || defined __EMSCRIPTEN__)
# define _SORT_R_LINUX
#elif (defined _WIN32 || defined _WIN64 || defined __WINDOWS__)
# define _SORT_R_WINDOWS
diff --git a/external/redland/raptor/raptor-freebsd.patch.1
b/external/redland/raptor/raptor-freebsd.patch.1
index 349f3a197b8a..3909ada0a335 100644
--- a/external/redland/raptor/raptor-freebsd.patch.1
+++ b/external/redland/raptor/raptor-freebsd.patch.1
@@ -1,28 +1,17 @@
Usual patch to produce Linux-like .so files on FreeBSD
---- a/build/ltmain.sh 2008-02-02 22:28:24.000000000 +0900
-+++ b/build/ltmain.sh 2008-07-08 11:58:42.000000000 +0900
-@@ -7341,9 +7341,9 @@
- revision="$number_revision"
+--- a/build/ltmain.sh 2023-02-24 11:51:18.000000000 +0900
++++ b/build/ltmain.sh 2024-01-06 13:46:15.460224000 +0900
+@@ -9107,9 +9107,9 @@
+ revision=$number_revision
;;
- freebsd-aout|freebsd-elf|qnx|sunos)
-- current="$number_major"
-- revision="$number_minor"
-- age="0"
+ freebsd-aout|qnx|sunos)
+- current=$number_major
+- revision=$number_minor
+- age=0
+ current=`expr $number_major + $number_minor`
-+ age="$number_minor"
-+ revision="$number_revision"
++ age=$number_minor
++ revision=$number_revision
;;
irix|nonstopux)
func_arith $number_major + $number_minor
-@@ -7420,8 +7420,8 @@
- ;;
-
- freebsd-elf)
-- major=".$current"
-- versuffix=".$current"
-+ major=.`expr $current - $age`
-+ versuffix="$major.$age.$revision"
- ;;
-
- irix | nonstopux)
diff --git a/external/redland/raptor/raptor-icu.patch
b/external/redland/raptor/raptor-icu.patch
new file mode 100644
index 000000000000..227392dc5539
--- /dev/null
+++ b/external/redland/raptor/raptor-icu.patch
@@ -0,0 +1,11 @@
+--- configure 2023-03-02 02:58:10.000000000 +0900
++++ configure 2024-05-11 16:19:06.843539720 +0900
+@@ -16583,7 +16583,7 @@
+ printf "%s
" "yes" >&6; }
+
+ have_icu=yes
+- ICU_UC_VERSION=`$PKG_CONFIG icu-uc --modversion`
++ ICU_UC_VERSION="$ICU_MAJOR.$ICU_MINOR"
+
+ fi
+ ICU_UC_MAJOR_VERSION=`echo "$ICU_UC_VERSION" | sed -e 's/\..*$//'`
diff --git a/external/redland/raptor/raptor-msvc.patch.1
b/external/redland/raptor/raptor-msvc.patch.1
index 245b19bdca70..7bf9c76d01e8 100644
--- a/external/redland/raptor/raptor-msvc.patch.1
+++ b/external/redland/raptor/raptor-msvc.patch.1
@@ -1,13 +1,3 @@
---- raptor/src/raptor2.h.in.orig 2016-08-26 23:45:34.543400074 +0200
-+++ raptor/src/raptor2.h.in 2016-08-26 23:45:40.479399614 +0200
-@@ -2176,6 +2176,7 @@
- void* raptor_avltree_iterator_get(raptor_avltree_iterator* iterator);
-
- /* utility methods */
-+RAPTOR_API
- void raptor_sort_r(void *base, size_t nel, size_t width,
raptor_data_compare_arg_handler compar, void *user_data);
-
-
--- raptor/src/raptor_uri.c 2016-08-26 23:45:34.543400074 +0200
+++ raptor/src/raptor_uri.c 2016-08-26 23:45:40.479399614 +0200
@@ -51,6 +51,10 @@
diff --git a/external/redland/raptor/raptor2.h
b/external/redland/raptor/raptor2.h
index 4929117e772e..72935aa73a29 100644
--- a/external/redland/raptor/raptor2.h
+++ b/external/redland/raptor/raptor2.h
@@ -53,14 +53,14 @@ extern "C" {
*
* Format: major * 10000 + minor * 100 + release
*/
-#define RAPTOR_VERSION 20015
+#define RAPTOR_VERSION 20016
/**
* RAPTOR_VERSION_STRING:
*
* Raptor library version string
*/
-#define RAPTOR_VERSION_STRING "2.0.15"
+#define RAPTOR_VERSION_STRING "2.0.16"
/**
* RAPTOR_VERSION_MAJOR:
@@ -81,7 +81,7 @@ extern "C" {
*
* Raptor library release
*/
-#define RAPTOR_VERSION_RELEASE 15
+#define RAPTOR_VERSION_RELEASE 16
/**
* RAPTOR_API:
@@ -251,6 +251,14 @@ extern const unsigned int raptor_rdf_namespace_uri_len;
RAPTOR_API
extern const unsigned char * const raptor_rdf_schema_namespace_uri;
+/**
+ * raptor_rdf_schenma_namespace_uri_len:
+ *
+ * Length of #raptor_rdf_schenma_namespace_uri string
+ */
+RAPTOR_API
+extern const unsigned int raptor_rdf_schema_namespace_uri_len;
+
/**
* raptor_xmlschema_datatypes_namespace_uri:
*
@@ -1433,10 +1441,16 @@ int raptor_www_set_ssl_cert_options(raptor_www* www,
const char* cert_filename,
RAPTOR_API
int raptor_www_set_ssl_verify_options(raptor_www* www, int verify_peer, int
verify_host);
RAPTOR_API
+int raptor_www_set_user_agent2(raptor_www *www, const char *user_agent, size_t
user_agent_len);
+RAPTOR_API RAPTOR_DEPRECATED
void raptor_www_set_user_agent(raptor_www *www, const char *user_agent);
RAPTOR_API
+int raptor_www_set_proxy2(raptor_www *www, const char *proxy, size_t
proxy_len);
+RAPTOR_API RAPTOR_DEPRECATED
void raptor_www_set_proxy(raptor_www *www, const char *proxy);
RAPTOR_API
+int raptor_www_set_http_accept2(raptor_www *www, const char *value, size_t
value_len);
+RAPTOR_API RAPTOR_DEPRECATED
void raptor_www_set_http_accept(raptor_www *www, const char *value);
RAPTOR_API
void raptor_www_set_write_bytes_handler(raptor_www *www,
raptor_www_write_bytes_handler handler, void *user_data);
@@ -1812,8 +1826,8 @@ int raptor_iostream_read_eof(raptor_iostream *iostr);
/**
* raptor_escaped_write_bitflags:
* @RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_BF : Allow � �,
- * @RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_TNRU : ALlow
\u
- * @RAPTOR_ESCAPED_WRITE_BITFLAG_UTF8 : Allow UTF-8 for printable U
*
+ * @RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_TNRU : Allow
\u \U
+ * @RAPTOR_ESCAPED_WRITE_BITFLAG_UTF8 : Use UTF-8 instead of \u \U
for U+0080 or larger (will always use \u for U+0000..U+001F and U+007F)
* @RAPTOR_ESCAPED_WRITE_BITFLAG_SPARQL_URI_ESCAPES: Must escape
#x00-#x20<>\"{}|^` in URIs
* @RAPTOR_ESCAPED_WRITE_NTRIPLES_LITERAL: N-Triples literal
* @RAPTOR_ESCAPED_WRITE_NTRIPLES_URI: N-Triples URI
@@ -1823,7 +1837,7 @@ int raptor_iostream_read_eof(raptor_iostream *iostr);
* @RAPTOR_ESCAPED_WRITE_TURTLE_URI: Turtle 2013 URIs (like SPARQL)
* @RAPTOR_ESCAPED_WRITE_TURTLE_LITERAL: Turtle 2013 literals (like SPARQL)
* @RAPTOR_ESCAPED_WRITE_TURTLE_LONG_LITERAL: Turtle 2013 long literals (like
SPARQL)
- * @RAPTOR_ESCAPED_WRITE_JSON_LITERAL: JSON literals: � �
and \u \U
+ * @RAPTOR_ESCAPED_WRITE_JSON_LITERAL: JSON literals: UTF-8 plus � �
, \uXXXX only, no \U
*
* Bit flags for raptor_string_escaped_write() and friends.
*/
@@ -1851,8 +1865,8 @@ typedef enum {
RAPTOR_ESCAPED_WRITE_TURTLE_LITERAL = RAPTOR_ESCAPED_WRITE_SPARQL_LITERAL,
RAPTOR_ESCAPED_WRITE_TURTLE_LONG_LITERAL =
RAPTOR_ESCAPED_WRITE_SPARQL_LONG_LITERAL,
- /* JSON literals: � �
and \u \U */
- RAPTOR_ESCAPED_WRITE_JSON_LITERAL =
RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_TNRU |
RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_BF
+ /* JSON literals: UTF-8 plus � �
\uXXXX */
+ RAPTOR_ESCAPED_WRITE_JSON_LITERAL =
RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_TNRU |
RAPTOR_ESCAPED_WRITE_BITFLAG_BS_ESCAPES_BF | RAPTOR_ESCAPED_WRITE_BITFLAG_UTF8
} raptor_escaped_write_bitflags;
@@ -2153,6 +2167,8 @@ void* raptor_avltree_remove(raptor_avltree* tree, void*
p_data);
RAPTOR_API
int raptor_avltree_delete(raptor_avltree* tree, void* p_data);
RAPTOR_API
+void raptor_avltree_trim(raptor_avltree* tree);
+RAPTOR_API
void* raptor_avltree_search(raptor_avltree* tree, const void* p_data);
RAPTOR_API
int raptor_avltree_visit(raptor_avltree* tree, raptor_avltree_visit_handler
visit_handler, void* user_data);
diff --git a/external/redland/raptor/raptor_config.h
b/external/redland/raptor/raptor_config.h
index 74f58de95e94..b1e663519eee 100644
--- a/external/redland/raptor/raptor_config.h
+++ b/external/redland/raptor/raptor_config.h
@@ -66,12 +66,6 @@
/* Define to 1 if you have the <limits.h> header file. */
#define HAVE_LIMITS_H 1
-/* Define to 1 if you have the <math.h> header file. */
-#define HAVE_MATH_H 1
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
/* Define to 1 if you have the `qsort_r' function. */
#undef HAVE_QSORT_R
@@ -99,6 +93,9 @@
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
@@ -114,7 +111,7 @@
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
-/* Define to 1 if you have the `strtok_r' function. */
+/* have the strtok_r function */
#undef HAVE_STRTOK_R
/* Define to 1 if you have the <sys/param.h> header file. */
@@ -129,6 +126,9 @@
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
@@ -156,8 +156,10 @@
/* Is __FUNCTION__ available */
#define HAVE___FUNCTION__ 1
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
- */
+/* ICU UC major version */
+#define ICU_UC_MAJOR_VERSION ICU_MAJOR
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define to 1 if maintainer mode is enabled. */
@@ -166,9 +168,6 @@
/* need 'extern int optind' declaration? */
#undef NEED_OPTIND_DECLARATION
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
/* Name of package */
#undef PACKAGE
@@ -194,7 +193,7 @@
#undef RAPTOR_DEBUG
/* Use ICU for Unicode NFC check */
-#undef RAPTOR_ICU_NFC
+#define RAPTOR_ICU_NFC 1
/* does libxml struct xmlEntity have a field etype */
#define RAPTOR_LIBXML_ENTITY_ETYPE 1
@@ -259,6 +258,9 @@
/* Building JSON serializer */
#undef RAPTOR_SERIALIZER_JSON
+/* Building mKR serializer */
+#undef RAPTOR_SERIALIZER_MKR
+
/* Building N-Quads serializer */
#undef RAPTOR_SERIALIZER_NQUADS
@@ -278,7 +280,7 @@
#undef RAPTOR_SERIALIZER_TURTLE
/* Release version as a decimal */
-#define RAPTOR_VERSION_DECIMAL 20015
+#define RAPTOR_VERSION_DECIMAL 20016
/* Major version number */
#define RAPTOR_VERSION_MAJOR 2
@@ -287,7 +289,7 @@
#define RAPTOR_VERSION_MINOR 0
/* Release version number */
-#define RAPTOR_VERSION_RELEASE 15
+#define RAPTOR_VERSION_RELEASE 16
/* Have libcurl WWW library */
#undef RAPTOR_WWW_LIBCURL
@@ -307,14 +309,13 @@
/* Use libxml XML parser */
#define RAPTOR_XML_LIBXML 1
-/* Define to 1 if you have the ANSI C header files. */
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+ required in a freestanding environment). This macro is provided for
+ backward compatibility; new code need not use it. */
#undef STDC_HEADERS
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#undef TIME_WITH_SYS_TIME
-
/* Version number of package */
-#define VERSION "2.0.15"
+#define VERSION "2.0.16"
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
@@ -332,11 +333,6 @@
`char[]'. */
#undef YYTEXT_POINTER
-/* Enable large inode numbers on macOS 10.5. */
-#ifndef _DARWIN_USE_64_BIT_INODE
-# define _DARWIN_USE_64_BIT_INODE 1
-#endif
-
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
diff --git a/external/redland/raptor/ubsan.patch
b/external/redland/raptor/ubsan.patch
index 641d60bb7b49..54b041e80f1f 100644
--- a/external/redland/raptor/ubsan.patch
+++ b/external/redland/raptor/ubsan.patch
@@ -9,17 +9,3 @@
/* Remove <component>/.. at the end of the path */
*prev = '
path_len -= (s-prev);
---- src/raptor_uri.c
-+++ src/raptor_uri.c
-@@ -1336,9 +1336,9 @@
- !strncmp((const char*)base_detail->scheme,
- (const char*)reference_detail->scheme,
- base_detail->scheme_len) &&
-- !strncmp((const char*)base_detail->authority,
-+ (base_detail->authority_len == 0 || !strncmp((const
char*)base_detail->authority,
- (const char*)reference_detail->authority,
-- base_detail->authority_len)) {
-+ base_detail->authority_len))) {
-
- if(!base_detail->path) {
- if(reference_detail->path) {
diff --git a/external/redland/raptor/xml2-config.patch
b/external/redland/raptor/xml2-config.patch
index 2550acee044a..41f338eccb66 100644
--- a/external/redland/raptor/xml2-config.patch
+++ b/external/redland/raptor/xml2-config.patch
@@ -1,6 +1,6 @@
--- configure
+++ configure
-@@ -14197,6 +14197,11 @@
+@@ -16004,6 +16004,11 @@
test -n "$XML_CONFIG" && break
done
@@ -12,11 +12,11 @@
fi
fi
-@@ -14481,6 +14481,7 @@
+@@ -16104,6 +16109,7 @@
LIBXML_VERSION=`$PKG_CONFIG libxml-2.0 --modversion`
libxml_source="pkg-config"
+ XML_CONFIG="$PKG_CONFIG libxml-2.0"
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxml via
pkg-config" >&5
+ { printf "%s
" "$as_me:${as_lineno-$LINENO}: checking for libxml via pkg-config" >&5
diff --git a/external/redland/rasqal/rasqal-pkgconfig.patch.1
b/external/redland/rasqal/rasqal-pkgconfig.patch.1
index ac3eab07c4e4..0db4c993d256 100644
--- a/external/redland/rasqal/rasqal-pkgconfig.patch.1
+++ b/external/redland/rasqal/rasqal-pkgconfig.patch.1
@@ -7,8 +7,7 @@ Let the pkg-config stuff be overridden by variables
$as_echo "yes" >&6; }
- RAPTOR_VERSION=`$PKG_CONFIG raptor2 --modversion 2>/dev/null`
-+ RAPTOR_VERSION=2.0.15
++ RAPTOR_VERSION=2.0.16
raptor_too_old=0
as_arg_v1=$RAPTOR_VERSION
as_arg_v2=$RAPTOR_MIN_VERSION
-
commit c3bf797c6f4189cf661d8a4b78f788b408cefccb
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Jan 7 18:45:34 2025 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:40:40 2025 +0100
poppler: upgrade to release 25.01
Fixes CVE-2024-56378
- remove disable-nss-and-gpgmepp.patch.1 and instead build
CryptoSignBackend.cc which appears to have working ifdefs now
- run the update_pch script
- add clang-std-rotate.patch.1 because jenkins failed
Change-Id: I7fcdd10766287e83dc666041644f129378584d91
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179903
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit e28c5a2c93477d167eb449f08eca220cb3b26b31)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/179958
Tested-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index a6bc87190c71..e97c5ba39d8a 100644
--- a/download.lst
+++ b/download.lst
@@ -543,8 +543,8 @@ LIBTIFF_TARBALL := tiff-4.7.0.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-POPPLER_SHA256SUM :=
97453fbddf0c9a9eafa0ea45ac710d3d49bcf23a62e864585385d3c0b4403174
-POPPLER_TARBALL := poppler-24.08.0.tar.xz
+POPPLER_SHA256SUM :=
7eefc122207bbbd72a303c5e0743f4941e8ae861e24dcf0501e18ce1d1414112
+POPPLER_TARBALL := poppler-25.01.0.tar.xz
POPPLER_DATA_SHA256SUM :=
c835b640a40ce357e1b83666aabd95edffa24ddddd49b8daff63adb851cdab74
POPPLER_DATA_TARBALL := poppler-data-0.4.12.tar.gz
# three static lines
diff --git a/external/poppler/StaticLibrary_poppler.mk
b/external/poppler/StaticLibrary_poppler.mk
index 7b6f958245ac..bb179bfbfdbe 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -20,6 +20,7 @@ $(eval $(call gb_StaticLibrary_use_externals,poppler,\
$(eval $(call gb_StaticLibrary_set_warnings_disabled,poppler))
+# note: the "fofi" and "goo" subdirs are required for the PCH
$(eval $(call gb_StaticLibrary_set_include,poppler,\
-I$(WORKDIR)/UnpackedTarball/poppler \
-I$(WORKDIR)/UnpackedTarball/poppler/fofi \
@@ -87,6 +88,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/CertificateInfo \
UnpackedTarball/poppler/poppler/CharCodeToUnicode \
UnpackedTarball/poppler/poppler/CMap \
+ UnpackedTarball/poppler/poppler/CryptoSignBackend \
UnpackedTarball/poppler/poppler/DCTStream \
UnpackedTarball/poppler/poppler/DateInfo \
UnpackedTarball/poppler/poppler/Decrypt \
diff --git a/external/poppler/UnpackedTarball_poppler.mk
b/external/poppler/UnpackedTarball_poppler.mk
index 784fc768e2a7..3ebb9bb9492c 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -15,7 +15,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,poppler,0))
$(eval $(call gb_UnpackedTarball_add_patches,poppler,\
external/poppler/disable-freetype.patch.1 \
- external/poppler/disable-nss-and-gpgmepp.patch.1 \
+ external/poppler/clang-std-ranges.patch.1 \
external/poppler/poppler-config.patch.1 \
external/poppler/pch.patch.0 \
))
diff --git a/external/poppler/clang-std-ranges.patch.1
b/external/poppler/clang-std-ranges.patch.1
new file mode 100644
index 000000000000..3fae66b25fcf
--- /dev/null
+++ b/external/poppler/clang-std-ranges.patch.1
@@ -0,0 +1,122 @@
+clang jenkins bot fails with:
+
+In file included from
/home/tdf/lode/jenkins/workspace/lo_gerrit/Config/linux_clang_dbgutil_64/workdir/UnpackedTarball/poppler/splash/SplashFontEngine.cc:38:
+In file included from
/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/algorithm:60:
+In file included from
/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/stl_algobase.h:65:
+In file included from
/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/stl_iterator_base_types.h:71:
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:982:13:
error: no matching function for call to '__begin'
+ = decltype(ranges::__cust_access::__begin(std::declval<_Tp&>()));
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/ranges_base.h:595:5:
note: in instantiation of template type alias '__range_iter_t' requested here
+ using iterator_t = std::__detail::__range_iter_t<_Tp>;
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/ranges_util.h:121:36:
note: in instantiation of template type alias 'iterator_t' requested here
+ requires contiguous_iterator<iterator_t<_Derived>>
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/ranges_util.h:228:29:
note: in instantiation of template class
'std::ranges::view_interface<std::ranges::subrange<SplashFont **, SplashFont
**, std::ranges::subrange_kind::sized>>' requested here
+ class subrange : public view_interface<subrange<_It, _Sent, _Kind>>
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/ranges_algo.h:1499:7:
note: in instantiation of template class 'std::ranges::subrange<SplashFont **,
SplashFont **, std::ranges::subrange_kind::sized>' requested here
+ operator()(_Range&& __r, iterator_t<_Range> __middle) const
+ ^
+/home/tdf/lode/jenkins/workspace/lo_gerrit/Config/linux_clang_dbgutil_64/workdir/UnpackedTarball/poppler/splash/SplashFontEngine.cc:246:24:
note: in instantiation of function template specialization
'std::ranges::__rotate_fn::operator()<std::array<SplashFont *, 16> &>'
requested here
+ std::ranges::rotate(fontCache, fontCache.end() - 1);
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:966:7:
note: candidate template ignored: constraints not satisfied [with _Tp =
std::ranges::subrange<SplashFont **, SplashFont **,
std::ranges::subrange_kind::sized>]
+ __begin(_Tp& __t)
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:964:16:
note: because 'is_array_v<std::ranges::subrange<SplashFont **, SplashFont **,
std::ranges::subrange_kind::sized> >' evaluated to false
+ requires is_array_v<_Tp> || __member_begin<_Tp&> || __adl_begin<_Tp&>
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:964:35:
note: and 'std::ranges::subrange<SplashFont **, SplashFont **,
std::ranges::subrange_kind::sized> &' does not satisfy '__member_begin'
+ requires is_array_v<_Tp> || __member_begin<_Tp&> || __adl_begin<_Tp&>
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:947:23:
note: because '__decay_copy(__t.begin())' would be invalid: no member named
'begin' in 'std::ranges::subrange<SplashFont **, SplashFont **,
std::ranges::subrange_kind::sized>'
+ { __decay_copy(__t.begin()) } -> input_or_output_iterator;
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:964:59:
note: and 'std::ranges::subrange<SplashFont **, SplashFont **,
std::ranges::subrange_kind::sized> &' does not satisfy '__adl_begin'
+ requires is_array_v<_Tp> || __member_begin<_Tp&> || __adl_begin<_Tp&>
+ ^
+/opt/rh/gcc-toolset-12/root/usr/lib/gcc/x86_64-redhat-linux/12/../../../../include/c++/12/bits/iterator_concepts.h:958:19:
note: because '__decay_copy(begin(__t))' would be invalid: call to deleted
function 'begin'
+ { __decay_copy(begin(__t)) } -> input_or_output_iterator;
+ ^
+
+--- poppler/splash/SplashFontEngine.cc.orig2 2025-01-08 10:58:44.891336796
+0100
++++ poppler/splash/SplashFontEngine.cc 2025-01-08 11:02:24.548166442 +0100
+@@ -243,7 +243,11 @@
+ if (fontCache.back()) {
+ delete fontCache.back();
+ }
++#ifndef __clang__
+ std::ranges::rotate(fontCache, fontCache.end() - 1);
++#else
++ std::rotate(fontCache.begin(), fontCache.end() - 1, fontCache.end());
++#endif
+
+ fontCache[0] = newFont;
+ return fontCache[0];
+--- poppler/fofi/FoFiTrueType.cc.orig 2025-01-08 12:26:45.256494256 +0100
++++ poppler/fofi/FoFiTrueType.cc 2025-01-08 12:22:26.462723118 +0100
+@@ -1160,12 +1160,20 @@
+ locaTable[i].origOffset = glyfTableLen;
+ }
+ }
++#ifndef __clang__
+ std::ranges::sort(locaTable, cmpTrueTypeLocaOffsetFunctor());
++#else
++ std::sort(locaTable.begin(), locaTable.end(),
cmpTrueTypeLocaOffsetFunctor());
++#endif
+ for (i = 0; i < nGlyphs; ++i) {
+ locaTable[i].len = locaTable[i + 1].origOffset -
locaTable[i].origOffset;
+ }
+ locaTable[nGlyphs].len = 0;
++#ifndef __clang__
+ std::ranges::sort(locaTable, cmpTrueTypeLocaIdxFunctor());
++#else
++ std::sort(locaTable.begin(), locaTable.end(),
cmpTrueTypeLocaIdxFunctor());
++#endif
+ pos = 0;
+ for (i = 0; i <= nGlyphs; ++i) {
+ locaTable[i].newOffset = pos;
+--- poppler/poppler/CIDFontsWidthsBuilder.h.orig 2025-01-08
12:34:25.458714665 +0100
++++ poppler/poppler/CIDFontsWidthsBuilder.h 2025-01-08 12:35:05.809036940
+0100
+@@ -89,7 +89,11 @@
+ // How many elements at the end has this
+ int uniqueElementsFromEnd(int value)
+ {
++#ifndef __clang__
+ auto lastDifferent =
std::ranges::find_if(std::ranges::reverse_view(m_values), [value](auto
&&element) { return element != value; });
++#else
++ auto lastDifferent = std::find_if(m_values.rbegin(),
m_values.rend(), [value](auto &&element) { return element != value; });
++#endif
+ return std::distance(m_values.rbegin(), lastDifferent);
+ }
+
+--- poppler/poppler/Dict.cc.orig 2025-01-08 12:17:07.701541557 +0100
++++ poppler/poppler/Dict.cc 2025-01-08 12:29:29.609619053 +0100
+@@ -125,7 +125,11 @@
+ return &*pos;
+ }
+ } else {
++#ifndef __clang__
+ const auto pos =
std::ranges::find_if(std::ranges::reverse_view(entries), [key](const DictEntry
&entry) { return entry.first == key; });
++#else
++ const auto pos = std::find_if(entries.rbegin(), entries.rend(),
[key](const DictEntry &entry) { return entry.first == key; });
++#endif
+ if (pos != entries.rend()) {
+ return &*pos;
+ }
+--- poppler/poppler/CIDFontsWidthsBuilder.h.orig2 2025-01-08
13:26:29.167797754 +0100
++++ poppler/poppler/CIDFontsWidthsBuilder.h 2025-01-08 13:27:03.165988989
+0100
+@@ -152,7 +152,11 @@
+ if (differentValues || m_values.size() < 4) {
+ std::vector<int> savedValues;
+ if (m_values.size() >= 4) {
++#ifndef __clang__
+ auto lastDifferent =
std::ranges::find_if(std::ranges::reverse_view(m_values), [value =
m_values.back()](auto &&element) { return element != value; });
++#else
++ auto lastDifferent = std::find_if(m_values.rbegin(),
m_values.rend(), [value = m_values.back()](auto &&element) { return element !=
value; });
++#endif
+ if (std::distance(m_values.rbegin(), lastDifferent) >= 3)
{
+ savedValues.push_back(m_values.back());
+ m_values.pop_back();
diff --git a/external/poppler/disable-freetype.patch.1
b/external/poppler/disable-freetype.patch.1
index 5d7426242c35..211214eebb3e 100644
--- a/external/poppler/disable-freetype.patch.1
+++ b/external/poppler/disable-freetype.patch.1
@@ -8,16 +8,17 @@ disable freetype dependent code
#include <cctype>
-#include "goo/ft_utils.h"
+//#include "goo/ft_utils.h"
- #include "goo/gmem.h"
#include "goo/gfile.h"
#include "goo/GooString.h"
-@@ -78,8 +78,8 @@
+ #include "Error.h"
+@@ -78,9 +78,9 @@
#include "fofi/FoFiTrueType.h"
#include "fofi/FoFiIdentifier.h"
-#include <ft2build.h>
--#include FT_FREETYPE_H
+//#include <ft2build.h>
+ #include <variant>
+-#include FT_FREETYPE_H
+//#include FT_FREETYPE_H
#include <unordered_set>
diff --git a/external/poppler/disable-nss-and-gpgmepp.patch.1
b/external/poppler/disable-nss-and-gpgmepp.patch.1
deleted file mode 100644
index 1fc9ede6035c..000000000000
--- a/external/poppler/disable-nss-and-gpgmepp.patch.1
+++ /dev/null
@@ -1,103 +0,0 @@
-disable NSS/GPGMEPP dependent code.
-
---- poppler/poppler/Form.cc.orig 2023-06-05 19:29:14.000000000 +0900
-+++ poppler/poppler/Form.cc 2023-06-17 16:51:27.873431500 +0900
-@@ -64,7 +64,7 @@
- #include "Form.h"
- #include "PDFDoc.h"
- #include "DateInfo.h"
--#include "CryptoSignBackend.h"
-+/*#include "CryptoSignBackend.h"*/
- #include "SignatureInfo.h"
- #include "CertificateInfo.h"
- #include "XRef.h"
-@@ -584,7 +584,7 @@
- {
- return static_cast<FormFieldSignature
*>(field)->validateSignatureResult();
- }
--
-+#if 0
- // update hash with the specified range of data from the file
- static bool hashFileRange(FILE *f, CryptoSign::SigningInterface *handler,
Goffset start, Goffset end)
- {
-@@ -608,10 +608,12 @@
- delete[] buf;
- return true;
- }
-+#endif
-
- bool FormWidgetSignature::signDocument(const std::string &saveFilename, const
std::string &certNickname, const std::string &password, const GooString
*reason, const GooString *location, const std::optional<GooString>
&ownerPassword,
- const std::optional<GooString>
&userPassword)
- {
-+#if 0
- auto backend = CryptoSign::Factory::createActive();
- if (!backend) {
- return false;
-@@ -697,8 +699,8 @@
- signatureField->setSignature(*signature);
-
- fclose(file);
--
-- return true;
-+#endif
-+ return false;
- }
-
- static std::tuple<double, double> calculateDxDy(int rot, const PDFRectangle
*rect)
-@@ -2355,6 +2357,7 @@
-
- void
FormFieldSignature::hashSignedDataBlock(CryptoSign::VerificationInterface
*handler, Goffset block_len)
- {
-+#if 0
- if (!handler) {
- return;
- }
-@@ -2374,6 +2377,7 @@
- i += BLOCK_SIZE;
- }
- }
-+#endif
- }
-
- FormSignatureType FormWidgetSignature::signatureType() const
-@@ -2395,6 +2399,7 @@
-
- SignatureInfo *FormFieldSignature::validateSignatureAsync(bool doVerifyCert,
bool forceRevalidation, time_t validationTime, bool ocspRevocationCheck, bool
enableAIA, const std::function<void()> &doneCallback)
- {
-+#if 0
- auto backend = CryptoSign::Factory::createActive();
- if (!backend) {
- if (doneCallback) {
-@@ -2497,6 +2502,7 @@
-
-
signature_handler->validateCertificateAsync(std::chrono::system_clock::from_time_t(validationTime),
ocspRevocationCheck, enableAIA, doneCallback);
-
-+#endif
- return signature_info;
- }
-
-@@ -2508,10 +2508,13 @@
-
- CertificateValidationStatus FormFieldSignature::validateSignatureResult()
- {
-+#if 0
- if (!signature_handler) {
- return CERTIFICATE_GENERIC_ERROR;
- }
- return signature_handler->validateCertificateResult();
-+#endif
-+ return CERTIFICATE_GENERIC_ERROR;
- }
-
- std::vector<Goffset> FormFieldSignature::getSignedRangeBounds() const
-
---- poppler/poppler/Form.h 2024-05-13 10:18:04.303912457 +0200
-+++ poppler/poppler/Form.h 2024-05-13 11:41:51.547002511 +0200
-@@ -669,7 +669,6 @@
- double customAppearanceLeftFontSize = 20;
- Ref imageResource = Ref::INVALID();
- std::unique_ptr<X509CertificateInfo> certificate_info;
-- std::unique_ptr<CryptoSign::VerificationInterface> signature_handler;
-
- void print(int indent) override;
- };
diff --git a/external/poppler/inc/pch/precompiled_poppler.hxx
b/external/poppler/inc/pch/precompiled_poppler.hxx
index 0a3c0a98353c..9351ca348282 100644
--- a/external/poppler/inc/pch/precompiled_poppler.hxx
+++ b/external/poppler/inc/pch/precompiled_poppler.hxx
@@ -13,11 +13,11 @@
manual changes will be rewritten by the next run of update_pch.sh (which
presumably
also fixes all possible problems, so it's usually better to use it).
- Generated on 2024-06-10 17:25:06 using:
- ./bin/update_pch external/poppler poppler --cutoff=1 --exclude:system
--include:module --include:local
+ Generated on 2025-01-08 10:27:46 using:
+ ../master/bin/update_pch ../master/external/poppler poppler --cutoff=1
--exclude:system --include:module --include:local
If after updating build fails, use the following command to locate
conflicting headers:
- ./bin/update_pch_bisect ./external/poppler/inc/pch/precompiled_poppler.hxx
"make external/poppler.build" --find-conflicts
+ ./bin/update_pch_bisect
./../master/external/poppler/inc/pch/precompiled_poppler.hxx "make
../master/external/poppler.build" --find-conflicts
*/
#include <sal/config.h>
@@ -69,13 +69,16 @@
#include <iostream>
#include <limits>
#include <memory>
+#include <numbers>
#include <optional>
#include <poppler-config.h>
#include <random>
+#include <ranges>
#include <regex>
#include <set>
#include <sstream>
#include <unordered_set>
+#include <variant>
#include <vector>
#endif // PCH_LEVEL >= 1
#if PCH_LEVEL >= 2
diff --git a/external/poppler/poppler-config.patch.1
b/external/poppler/poppler-config.patch.1
index e2163319fd43..a12fb0107098 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -29,7 +29,7 @@ index 0fbd336a..451213f8 100644
+/* #undef ENABLE_LIBOPENJPEG */
+
+/* Build against libtiff. */
-+/* #define ENABLE_LIBTIFF 1 */
++/* #undef ENABLE_LIBTIFF */
+
+/* Build against libpng. */
+/* #define ENABLE_LIBPNG 1 */
@@ -41,16 +41,16 @@ index 0fbd336a..451213f8 100644
+/* #undef ENABLE_ZLIB_UNCOMPRESS */
+
+/* Build against libnss3 for digital signature validation */
-+/* #define ENABLE_NSS3 1 */
++/* #undef ENABLE_NSS3 */
+
+/* Build against libgpgme for digital signature validation */
+/* #undef ENABLE_GPGME */
+
+/* Signatures enabled */
-+/* #define ENABLE_SIGNATURES 1 */
++/* #undef ENABLE_SIGNATURES */
+
+/* Default signature backend */
-+/* #define DEFAULT_SIGNATURE_BACKEND "NSS" */
++#define DEFAULT_SIGNATURE_BACKEND "None"
+
+/* Use cairo for rendering. */
+/* #define HAVE_CAIRO 1 */
@@ -179,7 +179,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 24.06.0"
++#define PACKAGE_STRING "poppler 25.01.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -188,7 +188,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "24.06.0"
++#define PACKAGE_VERSION "25.01.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -206,7 +206,7 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "24.06.0"
++#define VERSION "25.01.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -290,7 +290,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "24.06.0"
++#define POPPLER_VERSION "25.01.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -320,7 +320,7 @@ index 0fbd336a..451213f8 100644
+
+/* Build against libtiff. */
+#ifndef ENABLE_LIBTIFF
-+/* #define ENABLE_LIBTIFF 1 */
++/* #undef ENABLE_LIBTIFF */
+#endif
+
+/* Build against libpng. */
@@ -377,7 +377,7 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2023 The Poppler Developers -
http://poppler.freedesktop.org";
++#define popplerCopyright "Copyright 2005-2025 The Poppler Developers -
http://poppler.freedesktop.org";
+#define xpdfCopyright "Copyright 1996-2011, 2022 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
@@ -437,9 +437,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "24.06.0"
-+#define POPPLER_VERSION_MAJOR 24
-+#define POPPLER_VERSION_MINOR 6
++#define POPPLER_VERSION "25.01.0"
++#define POPPLER_VERSION_MAJOR 25
++#define POPPLER_VERSION_MINOR 1
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
commit 468d0fee54129106ad3a0c6abae94c36dc57d7d3
Author: Stephan Bergmann <stephan.bergm...@allotropia.de>
AuthorDate: Sat Dec 7 17:36:22 2024 +0100
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:38:49 2025 +0100
Fix check for further exotic protocols
...that were added in 59891cd3985469bc44dbd05c9fc704eeb07f0c78 "look at
'embedded' protocols for protocols that support them"
Change-Id: I42836d6fd27cd99e39ab07e626053f002a2651f5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178047
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
(cherry picked from commit 8075798b22f2188530f57b8747589923bfd419ef)
diff --git a/tools/qa/cppunit/test_urlobj.cxx b/tools/qa/cppunit/test_urlobj.cxx
index fff77e41f5e7..12635eba8dd3 100644
--- a/tools/qa/cppunit/test_urlobj.cxx
+++ b/tools/qa/cppunit/test_urlobj.cxx
@@ -354,6 +354,49 @@ namespace tools_urlobj
}
}
+ void testIsExoticProtocol() {
+ {
+ INetURLObject url(u"vnd.sun.star.pkg://slot%3A0");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg,
url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject
url(u"vnd.sun.star.pkg://vnd.sun.star.pkg%3A%2F%2Fslot%253A0");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg,
url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject
url(u"vnd.sun.star.pkg://http%3A%2F%2Fexample.net");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::VndSunStarPkg,
url.GetProtocol());
+ CPPUNIT_ASSERT(!url.IsExoticProtocol());
+ }
+ {
+ INetURLObject url(u"vnd.sun.star.zip://slot%3A0");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject url(u"vnd.sun.star.zip://slot%3A0/foo");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject url(u"vnd.sun.star.zip://slot%3A0?foo");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject url(u"vnd.sun.star.zip://slot%3A0#foo");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol());
+ CPPUNIT_ASSERT(url.IsExoticProtocol());
+ }
+ {
+ INetURLObject
url(u"vnd.sun.star.zip://http%3A%2F%2Fexample.net");
+ CPPUNIT_ASSERT_EQUAL(INetProtocol::Generic, url.GetProtocol());
+ CPPUNIT_ASSERT(!url.IsExoticProtocol());
+ }
+ }
+
// Change the following lines only, if you add, remove or rename
// member functions of the current class,
// because these macros are need by auto register mechanism.
@@ -371,6 +414,7 @@ namespace tools_urlobj
CPPUNIT_TEST( testChangeScheme );
CPPUNIT_TEST( testTd146382 );
CPPUNIT_TEST( testParseSmart );
+ CPPUNIT_TEST( testIsExoticProtocol );
CPPUNIT_TEST_SUITE_END( );
}; // class createPool
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 785fbd09404f..a9ce65ecb538 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4891,10 +4891,21 @@ bool INetURLObject::IsExoticProtocol() const
{
return true;
}
- if (isSchemeEqualTo(u"vnd.sun.star.pkg") ||
isSchemeEqualTo(u"vnd.sun.star.zip"))
+ if (m_eScheme == INetProtocol::VndSunStarPkg) {
+ return
INetURLObject(GetHost(INetURLObject::DecodeMechanism::WithCharset))
+ .IsExoticProtocol();
+ }
+ if (isSchemeEqualTo(u"vnd.sun.star.zip"))
{
- OUString sPayloadURL =
GetURLPath(INetURLObject::DecodeMechanism::WithCharset);
- return sPayloadURL.startsWith(u"//") &&
INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol();
+ OUString sPayloadURL =
GetURLPath(INetURLObject::DecodeMechanism::NONE);
+ if (!sPayloadURL.startsWith(u"//")) {
+ return false;
+ }
+ auto const find = [&sPayloadURL](auto c) {
+ auto const n = sPayloadURL.indexOf(c, 2);
+ return n == -1 ? sPayloadURL.getLength() : n;
+ };
+ return INetURLObject(decode(sPayloadURL.subView(2, std::min(find('/'),
find('?')) - 2),
INetURLObject::DecodeMechanism::WithCharset)).IsExoticProtocol();
}
return false;
}
commit 12569d854f47501b556c663fef03f2f51c46be73
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Dec 6 14:41:19 2024 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:38:48 2025 +0100
look at 'embedded' protocols too
Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
(cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009)
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 23204f43375b..785fbd09404f 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4882,12 +4882,21 @@ OUString INetURLObject::CutExtension()
bool INetURLObject::IsExoticProtocol() const
{
- return m_eScheme == INetProtocol::Slot ||
- m_eScheme == INetProtocol::Macro ||
- m_eScheme == INetProtocol::Uno ||
- m_eScheme == INetProtocol::VndSunStarExpand ||
- isSchemeEqualTo(u"vnd.sun.star.script") ||
- isSchemeEqualTo(u"service");
+ if (m_eScheme == INetProtocol::Slot ||
+ m_eScheme == INetProtocol::Macro ||
+ m_eScheme == INetProtocol::Uno ||
+ m_eScheme == INetProtocol::VndSunStarExpand ||
+ isSchemeEqualTo(u"vnd.sun.star.script") ||
+ isSchemeEqualTo(u"service"))
+ {
+ return true;
+ }
+ if (isSchemeEqualTo(u"vnd.sun.star.pkg") ||
isSchemeEqualTo(u"vnd.sun.star.zip"))
+ {
+ OUString sPayloadURL =
GetURLPath(INetURLObject::DecodeMechanism::WithCharset);
+ return sPayloadURL.startsWith(u"//") &&
INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol();
+ }
+ return false;
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 1207178088363c141ead2cfa964659b4a873bf1f
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Nov 15 12:30:39 2024 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:38:48 2025 +0100
consider VndSunStarExpand an exotic protocol
and generally don't bother with it when fetching data
from urls
Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176797
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit d6c89af2598e866aa9cb4fa3600691fb558befdb)
diff --git a/avmedia/source/viewer/mediawindow_impl.cxx
b/avmedia/source/viewer/mediawindow_impl.cxx
index 82ca1b92821c..7a6755e40052 100644
--- a/avmedia/source/viewer/mediawindow_impl.cxx
+++ b/avmedia/source/viewer/mediawindow_impl.cxx
@@ -170,15 +170,16 @@ void MediaWindowImpl::dispose()
uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString&
rURL, const OUString& rReferer, const OUString*)
{
- uno::Reference<media::XPlayer> xPlayer;
-
if( rURL.isEmpty() )
- return xPlayer;
+ return nullptr;
if (SvtSecurityOptions::isUntrustedReferer(rReferer))
- {
- return xPlayer;
- }
+ return nullptr;
+
+ if (INetURLObject(rURL).IsExoticProtocol())
+ return nullptr;
+
+ uno::Reference<media::XPlayer> xPlayer;
// currently there isn't anything else, throw any mime type to the media
players
//if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)
diff --git a/editeng/source/items/frmitems.cxx
b/editeng/source/items/frmitems.cxx
index 94b7704303ba..505cef2c58b1 100644
--- a/editeng/source/items/frmitems.cxx
+++ b/editeng/source/items/frmitems.cxx
@@ -4398,6 +4398,13 @@ const GraphicObject*
SvxBrushItem::GetGraphicObject(OUString const & referer) co
return nullptr;
}
+ INetURLObject aGraphicURL( maStrLink );
+ if (aGraphicURL.IsExoticProtocol())
+ {
+ SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
+ return nullptr;
+ }
+
// tdf#94088 prepare graphic and state
Graphic aGraphic;
bool bGraphicLoaded = false;
@@ -4418,8 +4425,6 @@ const GraphicObject*
SvxBrushItem::GetGraphicObject(OUString const & referer) co
// a 'data:' scheme url and try to load that (embedded graphics)
if(!bGraphicLoaded)
{
- INetURLObject aGraphicURL( maStrLink );
-
if( INetProtocol::Data == aGraphicURL.GetProtocol() )
{
std::unique_ptr<SvMemoryStream> const
xMemStream(aGraphicURL.getData());
diff --git a/embeddedobj/source/commonembedding/persistence.cxx
b/embeddedobj/source/commonembedding/persistence.cxx
index 6859de216c24..f85830a8bd47 100644
--- a/embeddedobj/source/commonembedding/persistence.cxx
+++ b/embeddedobj/source/commonembedding/persistence.cxx
@@ -55,6 +55,7 @@
#include <comphelper/namedvaluecollection.hxx>
#include <comphelper/propertyvalue.hxx>
#include <unotools/configmgr.hxx>
+#include <tools/urlobj.hxx>
#include <unotools/mediadescriptor.hxx>
#include <unotools/securityoptions.hxx>
@@ -368,11 +369,19 @@ uno::Reference< util::XCloseable >
OCommonEmbeddedObject::LoadLink_Impl()
uno::Sequence< beans::PropertyValue > aArgs(
m_aDocMediaDescriptor.getLength() + nLen );
auto pArgs = aArgs.getArray();
- pArgs[0].Name = "URL";
- if(m_aLinkTempFile.is())
- pArgs[0].Value <<= m_aLinkTempFile->getUri();
+ OUString sURL;
+ if (m_aLinkTempFile.is())
+ sURL = m_aLinkTempFile->getUri();
else
- pArgs[0].Value <<= m_aLinkURL;
+ sURL = m_aLinkURL;
+ if (INetURLObject(sURL).IsExoticProtocol())
+ {
+ SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " <<
pArgs[0].Value);
+ return nullptr;
+ }
+
+ pArgs[0].Name = "URL";
+ pArgs[0].Value <<= sURL;
pArgs[1].Name = "FilterName";
pArgs[1].Value <<= m_aLinkFilterName;
diff --git a/forms/source/component/ImageControl.cxx
b/forms/source/component/ImageControl.cxx
index e9fda79d224b..9dd71a2d42e4 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -401,7 +401,7 @@ bool OImageControlModel::impl_updateStreamForURL_lck( const
OUString& _rURL, Val
{
OUString referer;
getPropertyValue("Referer") >>= referer;
- if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+ if (SvtSecurityOptions::isUntrustedReferer(referer) ||
INetURLObject(_rURL).IsExoticProtocol()) {
return false;
}
diff --git a/forms/source/component/clickableimage.cxx
b/forms/source/component/clickableimage.cxx
index 5d6a8f7a7f3d..9925c1c4b3a6 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -737,7 +737,7 @@ namespace frm
// the SfxMedium is not allowed to be created with an invalid URL, so
we have to check this first
INetURLObject aUrl(rURL);
- if (INetProtocol::NotValid == aUrl.GetProtocol())
+ if (INetProtocol::NotValid == aUrl.GetProtocol() ||
aUrl.IsExoticProtocol())
// we treat an invalid URL like we would treat no URL
return;
diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx
index a20501a1bad6..3412d727c656 100644
--- a/sfx2/source/appl/linkmgr2.cxx
+++ b/sfx2/source/appl/linkmgr2.cxx
@@ -534,8 +534,11 @@ bool LinkManager::GetGraphicFromAny(std::u16string_view
rMimeType,
sReferer = sh->GetMedium()->GetName();
OUString sURL = rValue.get<OUString>();
- if (!SvtSecurityOptions::isUntrustedReferer(sReferer))
+ if (!SvtSecurityOptions::isUntrustedReferer(sReferer) &&
+ !INetURLObject(sURL).IsExoticProtocol())
+ {
rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
+ }
if (rGraphic.IsNone())
rGraphic.SetDefaultType();
rGraphic.setOriginURL(sURL);
diff --git a/sw/source/filter/html/htmlgrin.cxx
b/sw/source/filter/html/htmlgrin.cxx
index 072b8945d234..eb7d3404770b 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -673,7 +673,8 @@ IMAGE_SETEVENT:
bool bNeedWidth = (!bPercentWidth && !nWidth) || bRelWidthScale;
bool bRelHeightScale = bPercentHeight && nHeight ==
SwFormatFrameSize::SYNCED;
bool bNeedHeight = (!bPercentHeight && !nHeight) || bRelHeightScale;
- if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc))
+ if ((bNeedWidth || bNeedHeight) && !bFuzzing && allowAccessLink(*m_xDoc) &&
+ !aGraphicURL.IsExoticProtocol())
{
GraphicDescriptor aDescriptor(aGraphicURL);
if (aDescriptor.Detect(/*bExtendedInfo=*/true))
diff --git a/toolkit/source/controls/unocontrols.cxx
b/toolkit/source/controls/unocontrols.cxx
index 9a4f19e7481b..f842f74347af 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -31,6 +31,7 @@
#include <o3tl/safeint.hxx>
#include <controls/formattedcontrol.hxx>
#include <toolkit/controls/unocontrols.hxx>
+#include <tools/urlobj.hxx>
#include <helper/property.hxx>
#include <toolkit/helper/macros.hxx>
#include <unotools/securityoptions.hxx>
@@ -69,7 +70,7 @@ css::uno::Reference< css::graphic::XGraphic >
ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const
& referer )
{
uno::Reference< graphic::XGraphic > xGraphic;
- if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
+ if (_rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) ||
INetURLObject(_rURL).IsExoticProtocol())
return xGraphic;
try
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 18ee57b18ee4..23204f43375b 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4885,6 +4885,7 @@ bool INetURLObject::IsExoticProtocol() const
return m_eScheme == INetProtocol::Slot ||
m_eScheme == INetProtocol::Macro ||
m_eScheme == INetProtocol::Uno ||
+ m_eScheme == INetProtocol::VndSunStarExpand ||
isSchemeEqualTo(u"vnd.sun.star.script") ||
isSchemeEqualTo(u"service");
}
diff --git a/unotools/source/misc/mediadescriptor.cxx
b/unotools/source/misc/mediadescriptor.cxx
index f797728f7b3f..1fde1e426401 100644
--- a/unotools/source/misc/mediadescriptor.cxx
+++ b/unotools/source/misc/mediadescriptor.cxx
@@ -337,6 +337,10 @@ bool MediaDescriptor::impl_openStreamWithURL( const
OUString& sURL, bool bLockFi
if (sURL.matchIgnoreAsciiCase(".component:"))
return false; // No UCB content for .component URLs
+
+ if (INetURLObject(sURL).IsExoticProtocol())
+ return false;
+
OUString referer(getUnpackedValueOrDefault(PROP_REFERRER, OUString()));
if (SvtSecurityOptions::isUntrustedReferer(referer)) {
return false;
diff --git a/vcl/source/filter/graphicfilter.cxx
b/vcl/source/filter/graphicfilter.cxx
index 25bcdd201ccd..a7e0ffe972a4 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -466,10 +466,16 @@ ErrCode GraphicFilter::CanImportGraphic(
std::u16string_view rMainUrl, SvStream&
ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject&
rPath,
sal_uInt16 nFormat, sal_uInt16 *
pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
{
- ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter",
"GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
OUString aMainUrl( rPath.GetMainURL(
INetURLObject::DecodeMechanism::NONE ) );
+ if (rPath.IsExoticProtocol())
+ {
+ SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic
protocol: " << aMainUrl);
+ return ERRCODE_GRFILTER_FORMATERROR;
+ }
+
+ ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream(
aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
if (xStream)
{
commit 001392270b285c42c1f79faafb053d141599a5f9
Author: Stephan Bergmann <stephan.bergm...@allotropia.de>
AuthorDate: Tue Jun 11 14:15:47 2024 +0200
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Mon Mar 3 02:38:48 2025 +0100
Some missing "block untrusted referer links" for form controls
...where "Referer" is now passed in as an additional property, so that the
relevant objects can decide whether to obtain graphics while loading a
document
Change-Id: Ie3dabc574861713212b906a0d7793f438a7d50a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168674
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
(cherry picked from commit dc01a6e7efd3e4c41287dc10c7ea1fdfa1ab5cb5)
diff --git a/forms/source/component/ImageControl.cxx
b/forms/source/component/ImageControl.cxx
index c2bc0953c6c8..e9fda79d224b 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -52,6 +52,7 @@
#include <comphelper/property.hxx>
#include <comphelper/types.hxx>
#include <cppuhelper/queryinterface.hxx>
+#include <unotools/securityoptions.hxx>
#include <unotools/ucbstreamhelper.hxx>
#include <svl/urihelper.hxx>
@@ -398,6 +399,12 @@ void OImageControlModel::read(const
Reference<XObjectInputStream>& _rxInStream)
bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL,
ValueChangeInstigator _eInstigator )
{
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (SvtSecurityOptions::isUntrustedReferer(referer)) {
+ return false;
+ }
+
// create a stream for the image specified by the URL
std::unique_ptr< SvStream > pImageStream;
Reference< XInputStream > xImageStream;
diff --git a/forms/source/component/clickableimage.cxx
b/forms/source/component/clickableimage.cxx
index e1f6f068faf0..5d6a8f7a7f3d 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -47,6 +47,7 @@
#include <comphelper/types.hxx>
#include <cppuhelper/exc_hlp.hxx>
#include <svtools/imageresourceaccess.hxx>
+#include <unotools/securityoptions.hxx>
#define LOCAL_URL_PREFIX '#'
@@ -757,8 +758,12 @@ namespace frm
m_bProdStarted = false;
- // Kick off download (caution: can be synchronous).
- m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ OUString referer;
+ getPropertyValue("Referer") >>= referer;
+ if (!SvtSecurityOptions::isUntrustedReferer(referer)) {
+ // Kick off download (caution: can be synchronous).
+ m_pMedium->Download(LINK(this, OClickableImageBaseModel,
DownloadDoneLink));
+ }
}
else
{
diff --git a/include/toolkit/controls/unocontrols.hxx
b/include/toolkit/controls/unocontrols.hxx
index 1fba20389a8b..7c5c424fe276 100644
--- a/include/toolkit/controls/unocontrols.hxx
+++ b/include/toolkit/controls/unocontrols.hxx
@@ -70,7 +70,7 @@ public:
// appropriately ( e.g. NULL if non GraphicObject scheme ) or a valid
// object if the rURL points to a valid object
static css::uno::Reference< css::graphic::XGraphic >
getGraphicAndGraphicObjectFromURL_nothrow( css::uno::Reference<
css::graphic::XGraphicObject >& xOutGraphicObject, const OUString& _rURL );
- static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL );
+ static css::uno::Reference< css::graphic::XGraphic >
getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer );
};
diff --git a/toolkit/inc/helper/property.hxx b/toolkit/inc/helper/property.hxx
index 013f73496482..9a26e06a9902 100644
--- a/toolkit/inc/helper/property.hxx
+++ b/toolkit/inc/helper/property.hxx
@@ -205,6 +205,7 @@ namespace com::sun::star::uno {
#define BASEPROPERTY_HIGHLIGHT_COLOR 169
#define BASEPROPERTY_HIGHLIGHT_TEXT_COLOR 170
#define BASEPROPERTY_TYPEDITEMLIST 171 // AnySequence
+#define BASEPROPERTY_REFERER 172
// These properties are not bound, they are always extracted from the
BASEPROPERTY_FONTDESCRIPTOR property
diff --git a/toolkit/source/awt/vclxwindows.cxx
b/toolkit/source/awt/vclxwindows.cxx
index d6ba5e48a6e8..e156cd21b69d 100644
--- a/toolkit/source/awt/vclxwindows.cxx
+++ b/toolkit/source/awt/vclxwindows.cxx
@@ -206,6 +206,7 @@ namespace toolkit
void VCLXGraphicControl::ImplGetPropertyIds( std::vector< sal_uInt16 > &rIds )
{
+ PushPropertyIds(rIds, BASEPROPERTY_REFERER, 0);
VCLXWindow::ImplGetPropertyIds( rIds );
}
diff --git a/toolkit/source/controls/dialogcontrol.cxx
b/toolkit/source/controls/dialogcontrol.cxx
index ba954a15412a..6326d76bc581 100644
--- a/toolkit/source/controls/dialogcontrol.cxx
+++ b/toolkit/source/controls/dialogcontrol.cxx
@@ -418,7 +418,7 @@ void UnoDialogControl::PrepareWindowDescriptor(
css::awt::WindowDescriptor& rDes
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(PROPERTY_DIALOGSOURCEURL),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl );
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl, "" );
ImplSetPropertyValue( PROPERTY_GRAPHIC, uno::Any( xGraphic ), true );
}
}
@@ -633,7 +633,7 @@ void UnoDialogControl::ImplModelPropertiesChanged( const
Sequence< PropertyChang
( !aImageURL.isEmpty() ))
{
OUString absoluteUrl =
getPhysicalLocation(ImplGetPropertyValue(GetPropertyName(BASEPROPERTY_DIALOGSOURCEURL)),
uno::Any(aImageURL));
- xGraphic = ImageHelper::getGraphicFromURL_nothrow( absoluteUrl
);
+ xGraphic = ImageHelper::getGraphicFromURL_nothrow(
absoluteUrl, "" );
}
ImplSetPropertyValue( GetPropertyName( BASEPROPERTY_GRAPHIC),
uno::Any( xGraphic ), true );
break;
diff --git a/toolkit/source/controls/unocontrols.cxx
b/toolkit/source/controls/unocontrols.cxx
index d9bc55f8cb45..9a4f19e7481b 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
#include <toolkit/controls/unocontrols.hxx>
#include <helper/property.hxx>
#include <toolkit/helper/macros.hxx>
+#include <unotools/securityoptions.hxx>
// for introspection
#include <awt/vclxwindows.hxx>
@@ -61,14 +62,14 @@ uno::Reference< graphic::XGraphic >
ImageHelper::getGraphicAndGraphicObjectFromURL_nothrow( uno::Reference<
graphic::XGraphicObject >& xOutGraphicObj, const OUString& _rURL )
{
xOutGraphicObj = nullptr;
- return ImageHelper::getGraphicFromURL_nothrow( _rURL );
+ return ImageHelper::getGraphicFromURL_nothrow( _rURL, "" );
}
css::uno::Reference< css::graphic::XGraphic >
-ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL )
+ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const
& referer )
{
uno::Reference< graphic::XGraphic > xGraphic;
- if ( _rURL.isEmpty() )
+ if ( _rURL.isEmpty() || SvtSecurityOptions::isUntrustedReferer(referer) )
return xGraphic;
try
@@ -605,7 +606,11 @@ void
GraphicControlModel::setFastPropertyValue_NoBroadcast( std::unique_lock<std
mbAdjustingGraphic = true;
OUString sImageURL;
OSL_VERIFY( rValue >>= sImageURL );
- setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL ) ) );
+ css::uno::Any any;
+ getFastPropertyValue(rGuard, any, BASEPROPERTY_REFERER);
+ OUString referer;
+ any >>= referer;
+ setDependentFastPropertyValue( rGuard, BASEPROPERTY_GRAPHIC,
uno::Any( ImageHelper::getGraphicFromURL_nothrow( sImageURL, referer ) ) );
mbAdjustingGraphic = false;
}
break;
diff --git a/toolkit/source/helper/property.cxx
b/toolkit/source/helper/property.cxx
index 945c4b016a64..db33e8a28ba6 100644
--- a/toolkit/source/helper/property.cxx
+++ b/toolkit/source/helper/property.cxx
@@ -271,6 +271,8 @@ static const ImpPropertyInfoMap & ImplGetPropertyInfos()
DECL_PROP_3 ( "InactiveSelectionBackgroundColor",
INACTIVE_SEL_BACKGROUND_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "ActiveSelectionTextColor",
ACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
DECL_PROP_3 ( "InactiveSelectionTextColor",
INACTIVE_SEL_TEXT_COLOR, sal_Int32, BOUND, MAYBEDEFAULT, MAYBEVOID ),
+
+ DECL_PROP_2("Referer", REFERER, OUString, BOUND, MAYBEVOID),
};
return aImplPropertyInfos;
}
diff --git a/xmloff/source/forms/elementimport.cxx
b/xmloff/source/forms/elementimport.cxx
index d1d691d6519a..a46b8d2835f8 100644
--- a/xmloff/source/forms/elementimport.cxx
+++ b/xmloff/source/forms/elementimport.cxx
@@ -567,6 +567,15 @@ namespace xmloff
OUStringToOString(m_sServiceName,
RTL_TEXTENCODING_ASCII_US) +
")!").getStr());
xReturn.set(xPure, UNO_QUERY);
+ if (auto const props = Reference<css::beans::XPropertySet>(xPure,
css::uno::UNO_QUERY))
+ {
+ try {
+ props->setPropertyValue(
+ "Referer",
css::uno::Any(m_rFormImport.getGlobalContext().GetBaseURL()));
+ } catch (css::uno::Exception &) {
+ TOOLS_INFO_EXCEPTION("xmloff.forms", "setPropertyValue
Referer failed");
+ }
+ }
}
else
-e
... etc. - the rest is truncated
