download.lst | 8 ++-- external/expat/0001-Fix-compiler-warnings.patch | 47 ++++++++++++++++++++++++ external/expat/UnpackedTarball_expat.mk | 3 + external/nss/README | 26 +++++-------- sc/source/core/data/document.cxx | 4 ++ sc/source/core/tool/compiler.cxx | 10 +++-- 6 files changed, 76 insertions(+), 22 deletions(-)
New commits: commit eb89d3a01d5e7a8ff1f213a89a78f5ccd2064635 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Fri Feb 9 03:42:30 2024 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 17:16:09 2024 +0100 Expat: upgrade to release 2.6.0 Fixes CVE-2023-52425 and CVE-2023-52426. Change-Id: Id135bbaea893a83129bdbee44948c09322a64c07 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163146 Tested-by: Jenkins Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp> (cherry picked from commit b7e4078033b064bfc3847db0916a4df389117817) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163393 Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit 0ba4dfa1000a9177f1ea855ec4ffaddf7fc44c19) diff --git a/download.lst b/download.lst index f3ec2be0203c..b0b140679a21 100644 --- a/download.lst +++ b/download.lst @@ -97,8 +97,8 @@ ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick # will not run into conflicts -EXPAT_SHA256SUM := ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe -EXPAT_TARBALL := expat-2.5.0.tar.xz +EXPAT_SHA256SUM := cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e +EXPAT_TARBALL := expat-2.6.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/expat/0001-Fix-compiler-warnings.patch b/external/expat/0001-Fix-compiler-warnings.patch new file mode 100644 index 000000000000..adec5ed0d9be --- /dev/null +++ b/external/expat/0001-Fix-compiler-warnings.patch @@ -0,0 +1,47 @@ +From 3f60a47cb5716bb810789a12ef6024c1dc448164 Mon Sep 17 00:00:00 2001 +From: Taichi Haradaguchi <20001...@ymail.ne.jp> +Date: Fri, 9 Feb 2024 19:28:35 +0900 +Subject: [PATCH] Fix compiler warnings + +> In file included from ./../lib/internal.h:149, +> from codepage.c:38: +> ./../lib/expat.h:1045:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef] +> 1045 | #if XML_GE == 1 +> | ^~~~~~ +> ./../lib/internal.h:158:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef] +> 158 | #if XML_GE == 1 +> | ^~~~~~ +--- + expat/lib/expat.h | 2 +- + expat/lib/internal.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/expat/lib/expat.h b/expat/lib/expat.h +index 95464b0d..79bbfb61 100644 +--- a/expat/lib/expat.h ++++ b/expat/lib/expat.h +@@ -1042,7 +1042,7 @@ typedef struct { + XMLPARSEAPI(const XML_Feature *) + XML_GetFeatureList(void); + +-#if XML_GE == 1 ++#if defined(XML_GE) && XML_GE == 1 + /* Added in Expat 2.4.0 for XML_DTD defined and + * added in Expat 2.6.0 for XML_GE == 1. */ + XMLPARSEAPI(XML_Bool) +diff --git a/expat/lib/internal.h b/expat/lib/internal.h +index cce71e4c..208c6b67 100644 +--- a/expat/lib/internal.h ++++ b/expat/lib/internal.h +@@ -155,7 +155,7 @@ extern "C" { + void _INTERNAL_trim_to_complete_utf8_characters(const char *from, + const char **fromLimRef); + +-#if XML_GE == 1 ++#if defined(XML_GE) && XML_GE == 1 + unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); + unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); + const char *unsignedCharToPrintable(unsigned char c); +-- +2.43.1 + diff --git a/external/expat/UnpackedTarball_expat.mk b/external/expat/UnpackedTarball_expat.mk index 5d4f41f6d147..465105f2ca8c 100644 --- a/external/expat/UnpackedTarball_expat.mk +++ b/external/expat/UnpackedTarball_expat.mk @@ -13,7 +13,10 @@ $(eval $(call gb_UnpackedTarball_set_tarball,expat,$(EXPAT_TARBALL))) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,expat,conftools)) +# * external/expat/0001-Fix-compiler-warnings.patch was sent to upstream as +# <https://github.com/libexpat/libexpat/pull/819> "Fix compiler warnings": $(eval $(call gb_UnpackedTarball_add_patches,expat,\ + external/expat/0001-Fix-compiler-warnings.patch \ external/expat/expat-winapi.patch \ )) commit ee9d878cfce42c1f12ca3d8d232fac7e8a8beaf2 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Fri Feb 16 10:34:54 2024 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 16:37:44 2024 +0100 nss: upgrade to release 3.98 Fixes CVE-2023-5388 Also update README, and remove obsolete documentation of Debian's mangled SONAME; relevant Debian changelog: nss (2:3.13.4-2) unstable; urgency=low * debian/control, debian/libnss3*, debian/rules, mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn: Move to unversioned library. ABI compatibility is ensured upstream, and the SO version, if it needed a change at any time, would be a change in the library name. There is no reason to keep making compatibility more difficult with other distros and upstream binary releases. While previous versions were one-way compatible (binaries built against other distros or upstream nspr could work on Debian), this approach works both ways. -- Mike Hommey <gland...@debian.org> Thu, 17 May 2012 09:45:36 +0200 Change-Id: Ifc1eae68827fa88ae001a3903c8555af67b488ac Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163494 Tested-by: Jenkins Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com> (cherry picked from commit cd94b0af38d712fa6eb0e0f43ce13ac6e72535d9) diff --git a/download.lst b/download.lst index 8d38cd7ca8fe..f3ec2be0203c 100644 --- a/download.lst +++ b/download.lst @@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -NSS_SHA256SUM := a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce -NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz +NSS_SHA256SUM := 59bb55a59b02e4004fc26ad0aa1a13fe8d73c6c90c447dd2f2efb73fb81083ed +NSS_TARBALL := nss-3.98-with-nspr-4.35.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/nss/README b/external/nss/README index 6997cea6ca06..09931f64ea20 100644 --- a/external/nss/README +++ b/external/nss/README @@ -1,5 +1,16 @@ Contains the Network Security Services (NSS) libraries from Mozilla +== ESR versions == + +Upstream releases both regular and "ESR" versions, the latter go into Firefox +ESR and Thunderbird. + +There is a new ESR version about once a year, and a ESR version gets micro +updates only when there are security issues to fix, and it's not always obvious +from the release notes of a regular release if there are security issues that +are relevant to LibreOffice, hence it's probably best to bundle only the ESR +versions and upgrade for every micro release (as recommended by upstream). + == Fips 140 and signed libraries == Fips 140 mode is not supported. That is, the *.chk files containing the @@ -20,18 +31,3 @@ With all supported macOS SDK we use NSS_USE_SYSTEM_SQLITE=1 to build using the system sqlite. -== system NSS on Linux == - -Note that different Linux distributions use different SONAMEs for the -NSS libraries, so it is not possible to use --with-system-nss and build -a portable generic LO installation set, despite NSS upstream apparently -maintaining ABI compatibility. - -Debian Squeeze: -0x000000000000000e (SONAME) Library soname: [libnss3.so.1d] -Fedora 20: -0x000000000000000e (SONAME) Library soname: [libnss3.so] - -For the record, the LSB specified SONAME is libnss3.so -http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html - commit 2a6f7367e72c0d4a954ad727e29458f747cba785 Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Wed Feb 14 22:18:30 2024 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 16:37:38 2024 +0100 nss: upgrade to release 3.97 Change-Id: If0eaf6a93f57239d81491c635922745bf3f38fd5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163410 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> (cherry picked from commit f25b7efba56757b085f7a836f57d9c2fc8fd14b8) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163408 Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit 85c6a7a4944efa5b91e25a35860997e254d35f4c) diff --git a/download.lst b/download.lst index 9854a586cbe8..8d38cd7ca8fe 100644 --- a/download.lst +++ b/download.lst @@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -NSS_SHA256SUM := f78ab1d911cae8bbc94758fb3bd0f731df4087423a4ff5db271ba65381f6b739 -NSS_TARBALL := nss-3.90-with-nspr-4.35.tar.gz +NSS_SHA256SUM := a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce +NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts commit 4e43c53fc209f7c7970e6383c1a9c28a3f1a61d7 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Thu Jun 15 07:09:06 2023 +0900 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 16:37:32 2024 +0100 nss: upgrade to release 3.90 Change-Id: Ic446f33abd5355886b8c8c181a088c07ea4605c1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153096 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 3f6bb9565d4edce563dbd938c655ae853926d362) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153083 Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org> (cherry picked from commit ead11155b611a355d0f4bfa91454b345a0cd15e0) diff --git a/download.lst b/download.lst index 2f302108f8de..9854a586cbe8 100644 --- a/download.lst +++ b/download.lst @@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -NSS_SHA256SUM := fcfa26d2738ec5b0cf72ab4be784eac832a75132cda2e295799c04d62a93607a -NSS_TARBALL := nss-3.88.1-with-nspr-4.35.tar.gz +NSS_SHA256SUM := f78ab1d911cae8bbc94758fb3bd0f731df4087423a4ff5db271ba65381f6b739 +NSS_TARBALL := nss-3.90-with-nspr-4.35.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts commit 2f151f688d8496fd33d2debc9cebc549f106b16a Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Thu Feb 8 11:53:43 2024 +0000 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 16:35:16 2024 +0100 calc null-deref probably seen after a sheet was deleted /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f259a642520] /opt/collaboraoffice/program/../program/libsclo.so(+0x5b3db8)[0x7f25873b3db8] /opt/collaboraoffice/program/../program/libsclo.so(+0x4964a1)[0x7f25872964a1] this looks most likely: 00000000005b3db0 ScTable::ContainsNotesInRange(ScRange const&) const 0000000000496440 ScDocument::ContainsNotesInRange(ScRangeList const&) const Change-Id: Ib019fe8abc18538eee7096e1fe5589e83e4849da Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163136 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> (cherry picked from commit 1fd89488d282cad8386af12064876f8ba0ac2956) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163145 (cherry picked from commit ba81230114cfcd7b61ccfb7cb522d2d2630e375c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163171 (cherry picked from commit a2abdd3b72caab21ca1f8f511932aeb76de63c00) diff --git a/sc/source/core/data/document.cxx b/sc/source/core/data/document.cxx index 725f6918411a..3f1a41f908a3 100644 --- a/sc/source/core/data/document.cxx +++ b/sc/source/core/data/document.cxx @@ -6756,6 +6756,8 @@ void ScDocument::GetNotesInRange( const ScRangeList& rRangeList, std::vector<sc: const ScRange & rRange = rRangeList[i]; for( SCTAB nTab = rRange.aStart.Tab(); nTab <= rRange.aEnd.Tab(); ++nTab ) { + if (!maTabs[nTab]) + continue; maTabs[nTab]->GetNotesInRange( rRange, rNotes ); } } @@ -6773,6 +6775,8 @@ bool ScDocument::ContainsNotesInRange( const ScRangeList& rRangeList ) const const ScRange & rRange = rRangeList[i]; for( SCTAB nTab = rRange.aStart.Tab(); nTab <= rRange.aEnd.Tab(); ++nTab ) { + if (!maTabs[nTab]) + continue; bool bContainsNote = maTabs[nTab]->ContainsNotesInRange( rRange ); if(bContainsNote) return true; commit db9e998b09e62eabebde12618f858a6162a9938b Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Mon Jan 29 10:53:32 2024 +0000 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Fri Feb 16 16:35:16 2024 +0100 ofz: Use-of-uninitialized-value keep a high water mark of the highest initialized level Change-Id: Ib799331c523209c4f165dc4c40317e25b6b0cc7c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162625 Tested-by: Jenkins Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com> (cherry picked from commit f4b406fc87878130819b9dc57099235eb7c9a628) diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx index 84a0d64e155b..125c1acd8e9d 100644 --- a/sc/source/core/tool/compiler.cxx +++ b/sc/source/core/tool/compiler.cxx @@ -4521,6 +4521,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString( const OUString& rFormul pFunctionStack[0].eOp = ocNone; pFunctionStack[0].nSep = 0; size_t nFunction = 0; + size_t nHighWatermark = 0; short nBrackets = 0; bool bInArray = false; eLastOp = ocOpen; @@ -4540,6 +4541,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString( const OUString& rFormul ++nFunction; pFunctionStack[ nFunction ].eOp = eLastOp; pFunctionStack[ nFunction ].nSep = 0; + nHighWatermark = nFunction; } } break; @@ -4578,6 +4580,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString( const OUString& rFormul ++nFunction; pFunctionStack[ nFunction ].eOp = eOp; pFunctionStack[ nFunction ].nSep = 0; + nHighWatermark = nFunction; } } break; @@ -4608,6 +4611,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString( const OUString& rFormul ++nFunction; pFunctionStack[ nFunction ].eOp = eOp; pFunctionStack[ nFunction ].nSep = 0; + nHighWatermark = nFunction; } } break; @@ -4650,9 +4654,9 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString( const OUString& rFormul // Append a parameter for WEEKNUM, all 1.0 // Function is already closed, parameter count is nSep+1 size_t nFunc = nFunction + 1; - if (eOp == ocClose && - (pFunctionStack[ nFunc ].eOp == ocWeek && // 2nd week start - pFunctionStack[ nFunc ].nSep == 0)) + if (eOp == ocClose && nFunc <= nHighWatermark && + pFunctionStack[ nFunc ].nSep == 0 && + pFunctionStack[ nFunc ].eOp == ocWeek) // 2nd week start { if ( !static_cast<ScTokenArray*>(pArr)->Add( new FormulaToken( svSep, ocSep)) || !static_cast<ScTokenArray*>(pArr)->Add( new FormulaDoubleToken( 1.0)))