download.lst | 8 ++--
external/expat/0001-Fix-compiler-warnings.patch | 47 ++++++++++++++++++++++++
external/expat/UnpackedTarball_expat.mk | 3 +
external/nss/README | 26 +++++--------
sc/source/core/data/document.cxx | 4 ++
sc/source/core/tool/compiler.cxx | 10 +++--
6 files changed, 76 insertions(+), 22 deletions(-)
New commits:
commit eb89d3a01d5e7a8ff1f213a89a78f5ccd2064635
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Fri Feb 9 03:42:30 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 17:16:09 2024 +0100
Expat: upgrade to release 2.6.0
Fixes CVE-2023-52425 and CVE-2023-52426.
Change-Id: Id135bbaea893a83129bdbee44948c09322a64c07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163146
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit b7e4078033b064bfc3847db0916a4df389117817)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163393
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 0ba4dfa1000a9177f1ea855ec4ffaddf7fc44c19)
diff --git a/download.lst b/download.lst
index f3ec2be0203c..b0b140679a21 100644
--- a/download.lst
+++ b/download.lst
@@ -97,8 +97,8 @@ ETONYEK_TARBALL :=
libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-EXPAT_SHA256SUM :=
ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe
-EXPAT_TARBALL := expat-2.5.0.tar.xz
+EXPAT_SHA256SUM :=
cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e
+EXPAT_TARBALL := expat-2.6.0.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/expat/0001-Fix-compiler-warnings.patch
b/external/expat/0001-Fix-compiler-warnings.patch
new file mode 100644
index 000000000000..adec5ed0d9be
--- /dev/null
+++ b/external/expat/0001-Fix-compiler-warnings.patch
@@ -0,0 +1,47 @@
+From 3f60a47cb5716bb810789a12ef6024c1dc448164 Mon Sep 17 00:00:00 2001
+From: Taichi Haradaguchi <20001...@ymail.ne.jp>
+Date: Fri, 9 Feb 2024 19:28:35 +0900
+Subject: [PATCH] Fix compiler warnings
+
+> In file included from ./../lib/internal.h:149,
+> from codepage.c:38:
+> ./../lib/expat.h:1045:5: warning: "XML_GE" is not defined, evaluates to 0
[-Wundef]
+> 1045 | #if XML_GE == 1
+> | ^~~~~~
+> ./../lib/internal.h:158:5: warning: "XML_GE" is not defined, evaluates to 0
[-Wundef]
+> 158 | #if XML_GE == 1
+> | ^~~~~~
+---
+ expat/lib/expat.h | 2 +-
+ expat/lib/internal.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/expat.h b/expat/lib/expat.h
+index 95464b0d..79bbfb61 100644
+--- a/expat/lib/expat.h
++++ b/expat/lib/expat.h
+@@ -1042,7 +1042,7 @@ typedef struct {
+ XMLPARSEAPI(const XML_Feature *)
+ XML_GetFeatureList(void);
+
+-#if XML_GE == 1
++#if defined(XML_GE) && XML_GE == 1
+ /* Added in Expat 2.4.0 for XML_DTD defined and
+ * added in Expat 2.6.0 for XML_GE == 1. */
+ XMLPARSEAPI(XML_Bool)
+diff --git a/expat/lib/internal.h b/expat/lib/internal.h
+index cce71e4c..208c6b67 100644
+--- a/expat/lib/internal.h
++++ b/expat/lib/internal.h
+@@ -155,7 +155,7 @@ extern "C" {
+ void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
+ const char **fromLimRef);
+
+-#if XML_GE == 1
++#if defined(XML_GE) && XML_GE == 1
+ unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
+ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
+ const char *unsignedCharToPrintable(unsigned char c);
+--
+2.43.1
+
diff --git a/external/expat/UnpackedTarball_expat.mk
b/external/expat/UnpackedTarball_expat.mk
index 5d4f41f6d147..465105f2ca8c 100644
--- a/external/expat/UnpackedTarball_expat.mk
+++ b/external/expat/UnpackedTarball_expat.mk
@@ -13,7 +13,10 @@ $(eval $(call
gb_UnpackedTarball_set_tarball,expat,$(EXPAT_TARBALL)))
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,expat,conftools))
+# * external/expat/0001-Fix-compiler-warnings.patch was sent to upstream as
+# <https://github.com/libexpat/libexpat/pull/819> "Fix compiler warnings":
$(eval $(call gb_UnpackedTarball_add_patches,expat,\
+ external/expat/0001-Fix-compiler-warnings.patch \
external/expat/expat-winapi.patch \
))
commit ee9d878cfce42c1f12ca3d8d232fac7e8a8beaf2
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Feb 16 10:34:54 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 16:37:44 2024 +0100
nss: upgrade to release 3.98
Fixes CVE-2023-5388
Also update README, and remove obsolete documentation of Debian's
mangled SONAME; relevant Debian changelog:
nss (2:3.13.4-2) unstable; urgency=low
* debian/control, debian/libnss3*, debian/rules,
mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn:
Move to unversioned library. ABI compatibility is ensured upstream, and
the SO version, if it needed a change at any time, would be a change in
the library name. There is no reason to keep making compatibility more
difficult with other distros and upstream binary releases. While
previous
versions were one-way compatible (binaries built against other distros
or
upstream nspr could work on Debian), this approach works both ways.
-- Mike Hommey <gland...@debian.org> Thu, 17 May 2012 09:45:36 +0200
Change-Id: Ifc1eae68827fa88ae001a3903c8555af67b488ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163494
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit cd94b0af38d712fa6eb0e0f43ce13ac6e72535d9)
diff --git a/download.lst b/download.lst
index 8d38cd7ca8fe..f3ec2be0203c 100644
--- a/download.lst
+++ b/download.lst
@@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-NSS_SHA256SUM :=
a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce
-NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz
+NSS_SHA256SUM :=
59bb55a59b02e4004fc26ad0aa1a13fe8d73c6c90c447dd2f2efb73fb81083ed
+NSS_TARBALL := nss-3.98-with-nspr-4.35.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/nss/README b/external/nss/README
index 6997cea6ca06..09931f64ea20 100644
--- a/external/nss/README
+++ b/external/nss/README
@@ -1,5 +1,16 @@
Contains the Network Security Services (NSS) libraries from Mozilla
+== ESR versions ==
+
+Upstream releases both regular and "ESR" versions, the latter go into Firefox
+ESR and Thunderbird.
+
+There is a new ESR version about once a year, and a ESR version gets micro
+updates only when there are security issues to fix, and it's not always obvious
+from the release notes of a regular release if there are security issues that
+are relevant to LibreOffice, hence it's probably best to bundle only the ESR
+versions and upgrade for every micro release (as recommended by upstream).
+
== Fips 140 and signed libraries ==
Fips 140 mode is not supported. That is, the *.chk files containing the
@@ -20,18 +31,3 @@ With all supported macOS SDK we use
NSS_USE_SYSTEM_SQLITE=1
to build using the system sqlite.
-== system NSS on Linux ==
-
-Note that different Linux distributions use different SONAMEs for the
-NSS libraries, so it is not possible to use --with-system-nss and build
-a portable generic LO installation set, despite NSS upstream apparently
-maintaining ABI compatibility.
-
-Debian Squeeze:
-0x000000000000000e (SONAME) Library soname: [libnss3.so.1d]
-Fedora 20:
-0x000000000000000e (SONAME) Library soname: [libnss3.so]
-
-For the record, the LSB specified SONAME is libnss3.so
-http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html
-
commit 2a6f7367e72c0d4a954ad727e29458f747cba785
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Wed Feb 14 22:18:30 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 16:37:38 2024 +0100
nss: upgrade to release 3.97
Change-Id: If0eaf6a93f57239d81491c635922745bf3f38fd5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163410
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit f25b7efba56757b085f7a836f57d9c2fc8fd14b8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163408
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 85c6a7a4944efa5b91e25a35860997e254d35f4c)
diff --git a/download.lst b/download.lst
index 9854a586cbe8..8d38cd7ca8fe 100644
--- a/download.lst
+++ b/download.lst
@@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-NSS_SHA256SUM :=
f78ab1d911cae8bbc94758fb3bd0f731df4087423a4ff5db271ba65381f6b739
-NSS_TARBALL := nss-3.90-with-nspr-4.35.tar.gz
+NSS_SHA256SUM :=
a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce
+NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit 4e43c53fc209f7c7970e6383c1a9c28a3f1a61d7
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Thu Jun 15 07:09:06 2023 +0900
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 16:37:32 2024 +0100
nss: upgrade to release 3.90
Change-Id: Ic446f33abd5355886b8c8c181a088c07ea4605c1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153096
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 3f6bb9565d4edce563dbd938c655ae853926d362)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153083
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit ead11155b611a355d0f4bfa91454b345a0cd15e0)
diff --git a/download.lst b/download.lst
index 2f302108f8de..9854a586cbe8 100644
--- a/download.lst
+++ b/download.lst
@@ -409,8 +409,8 @@ NEON_TARBALL := neon-0.30.2.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-NSS_SHA256SUM :=
fcfa26d2738ec5b0cf72ab4be784eac832a75132cda2e295799c04d62a93607a
-NSS_TARBALL := nss-3.88.1-with-nspr-4.35.tar.gz
+NSS_SHA256SUM :=
f78ab1d911cae8bbc94758fb3bd0f731df4087423a4ff5db271ba65381f6b739
+NSS_TARBALL := nss-3.90-with-nspr-4.35.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
commit 2f151f688d8496fd33d2debc9cebc549f106b16a
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Feb 8 11:53:43 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 16:35:16 2024 +0100
calc null-deref
probably seen after a sheet was deleted
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f259a642520]
/opt/collaboraoffice/program/../program/libsclo.so(+0x5b3db8)[0x7f25873b3db8]
/opt/collaboraoffice/program/../program/libsclo.so(+0x4964a1)[0x7f25872964a1]
this looks most likely:
00000000005b3db0 ScTable::ContainsNotesInRange(ScRange const&) const
0000000000496440 ScDocument::ContainsNotesInRange(ScRangeList const&) const
Change-Id: Ib019fe8abc18538eee7096e1fe5589e83e4849da
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163136
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 1fd89488d282cad8386af12064876f8ba0ac2956)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163145
(cherry picked from commit ba81230114cfcd7b61ccfb7cb522d2d2630e375c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163171
(cherry picked from commit a2abdd3b72caab21ca1f8f511932aeb76de63c00)
diff --git a/sc/source/core/data/document.cxx b/sc/source/core/data/document.cxx
index 725f6918411a..3f1a41f908a3 100644
--- a/sc/source/core/data/document.cxx
+++ b/sc/source/core/data/document.cxx
@@ -6756,6 +6756,8 @@ void ScDocument::GetNotesInRange( const ScRangeList&
rRangeList, std::vector<sc:
const ScRange & rRange = rRangeList[i];
for( SCTAB nTab = rRange.aStart.Tab(); nTab <= rRange.aEnd.Tab();
++nTab )
{
+ if (!maTabs[nTab])
+ continue;
maTabs[nTab]->GetNotesInRange( rRange, rNotes );
}
}
@@ -6773,6 +6775,8 @@ bool ScDocument::ContainsNotesInRange( const ScRangeList&
rRangeList ) const
const ScRange & rRange = rRangeList[i];
for( SCTAB nTab = rRange.aStart.Tab(); nTab <= rRange.aEnd.Tab();
++nTab )
{
+ if (!maTabs[nTab])
+ continue;
bool bContainsNote = maTabs[nTab]->ContainsNotesInRange( rRange );
if(bContainsNote)
return true;
commit db9e998b09e62eabebde12618f858a6162a9938b
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Jan 29 10:53:32 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Feb 16 16:35:16 2024 +0100
ofz: Use-of-uninitialized-value
keep a high water mark of the highest initialized level
Change-Id: Ib799331c523209c4f165dc4c40317e25b6b0cc7c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162625
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
(cherry picked from commit f4b406fc87878130819b9dc57099235eb7c9a628)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 84a0d64e155b..125c1acd8e9d 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -4521,6 +4521,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString(
const OUString& rFormul
pFunctionStack[0].eOp = ocNone;
pFunctionStack[0].nSep = 0;
size_t nFunction = 0;
+ size_t nHighWatermark = 0;
short nBrackets = 0;
bool bInArray = false;
eLastOp = ocOpen;
@@ -4540,6 +4541,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString(
const OUString& rFormul
++nFunction;
pFunctionStack[ nFunction ].eOp = eLastOp;
pFunctionStack[ nFunction ].nSep = 0;
+ nHighWatermark = nFunction;
}
}
break;
@@ -4578,6 +4580,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString(
const OUString& rFormul
++nFunction;
pFunctionStack[ nFunction ].eOp = eOp;
pFunctionStack[ nFunction ].nSep = 0;
+ nHighWatermark = nFunction;
}
}
break;
@@ -4608,6 +4611,7 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString(
const OUString& rFormul
++nFunction;
pFunctionStack[ nFunction ].eOp = eOp;
pFunctionStack[ nFunction ].nSep = 0;
+ nHighWatermark = nFunction;
}
}
break;
@@ -4650,9 +4654,9 @@ std::unique_ptr<ScTokenArray> ScCompiler::CompileString(
const OUString& rFormul
// Append a parameter for WEEKNUM, all 1.0
// Function is already closed, parameter count is nSep+1
size_t nFunc = nFunction + 1;
- if (eOp == ocClose &&
- (pFunctionStack[ nFunc ].eOp == ocWeek && // 2nd week
start
- pFunctionStack[ nFunc ].nSep == 0))
+ if (eOp == ocClose && nFunc <= nHighWatermark &&
+ pFunctionStack[ nFunc ].nSep == 0 &&
+ pFunctionStack[ nFunc ].eOp == ocWeek) // 2nd week start
{
if ( !static_cast<ScTokenArray*>(pArr)->Add( new
FormulaToken( svSep, ocSep)) ||
!static_cast<ScTokenArray*>(pArr)->Add( new
FormulaDoubleToken( 1.0)))
