RepositoryExternal.mk | 2 download.lst | 8 +-- external/curl/ExternalPackage_curl.mk | 4 - external/curl/ExternalProject_curl.mk | 8 ++- external/curl/clang-cl.patch.0 | 4 - external/curl/curl-7.26.0_win-proxy.patch | 2 external/curl/curl-msvc-disable-protocols.patch.1 | 7 +-- external/curl/curl-msvc.patch.1 | 8 +-- external/curl/zlib.patch.0 | 14 ------ sw/source/filter/ww8/ww8par.hxx | 2 sw/source/filter/ww8/ww8par2.cxx | 47 +++++++++++++++++----- 11 files changed, 63 insertions(+), 43 deletions(-)
New commits: commit 6b0b9fce0042a75d82b9ae565f60cb8e963397af Author: Michael Stahl <[email protected]> AuthorDate: Thu May 2 10:59:01 2019 +0200 Commit: Andras Timar <[email protected]> CommitDate: Mon Oct 18 12:13:34 2021 +0200 libpng: upgrade to release 1.6.37 Fixes CVE-2019-7317. Reviewed-on: https://gerrit.libreoffice.org/71663 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit e2abbc0062398ea67cb13cb5b0b7bfdce78e652c) Change-Id: I3374f5cbd6552e2c1569d63ee680d0c1d9389621 diff --git a/download.lst b/download.lst index feff3c1c5d90..1cea2e4194f8 100644 --- a/download.lst +++ b/download.lst @@ -200,8 +200,8 @@ export PDFIUM_SHA256SUM := 7dc0d33fc24b1612865f5e173d48800ba3f2db891c57e3f92b9d2 export PDFIUM_TARBALL := pdfium-3235.tar.bz2 export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz -export LIBPNG_SHA256SUM := 2f1e960d92ce3b3abd03d06dfec9637dfbd22febf107a536b44f7a47c60659f6 -export LIBPNG_TARBALL := libpng-1.6.34.tar.xz +export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca +export LIBPNG_TARBALL := libpng-1.6.37.tar.xz export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3 export POPPLER_TARBALL := poppler-21.01.0.tar.xz export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461 commit 582218a2a5e801db67c0772a368e910ac86edd3d Author: Caolán McNamara <[email protected]> AuthorDate: Sat Oct 27 19:45:34 2018 +0100 Commit: Andras Timar <[email protected]> CommitDate: Mon Oct 18 12:04:33 2021 +0200 ofz#11125 pass param len around Change-Id: I4b382271df21c58de0e102af6e0b07a88a1d9610 Reviewed-on: https://gerrit.libreoffice.org/62448 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 6253b1a29c8c1bcd7fd9efb07ca1a12fb0fc1746) diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx index c0a4b44c4c93..b2db0fe83b44 100644 --- a/sw/source/filter/ww8/ww8par.hxx +++ b/sw/source/filter/ww8/ww8par.hxx @@ -1033,7 +1033,7 @@ struct WW8TabBandDesc static void setcelldefaults(WW8_TCell *pCells, short nCells); void ReadDef(bool bVer67, const sal_uInt8* pS, short nLen); void ProcessDirection(const sal_uInt8* pParams); - void ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSetBRC); + void ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSetBRC, sal_uInt16 nParamsLen); void ProcessSprmTTableBorders(int nBrcVer, const sal_uInt8* pParams, sal_uInt16 nParamsLen); void ProcessSprmTDxaCol(const sal_uInt8* pParamsTDxaCol); void ProcessSprmTDelete(const sal_uInt8* pParamsTDelete); diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx index 1ab43e948b90..2bb1a638bc2c 100644 --- a/sw/source/filter/ww8/ww8par2.cxx +++ b/sw/source/filter/ww8/ww8par2.cxx @@ -1360,11 +1360,17 @@ void WW8TabBandDesc::ReadDef(bool bVer67, const sal_uInt8* pS, short nLen) } } -void WW8TabBandDesc::ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSetBRC) +void WW8TabBandDesc::ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSetBRC, sal_uInt16 nParamsLen) { if( !pParamsTSetBRC || !pTCs ) // set one or more cell border(s) return; + if (nParamsLen < 3) + { + SAL_WARN("sw.ww8", "table border property is too short"); + return; + } + sal_uInt8 nitcFirst= pParamsTSetBRC[0];// first col to be changed sal_uInt8 nitcLim = pParamsTSetBRC[1];// (last col to be changed)+1 sal_uInt8 nFlag = *(pParamsTSetBRC+2); @@ -1383,11 +1389,33 @@ void WW8TabBandDesc::ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSe WW8_TCell* pAktTC = pTCs + nitcFirst; WW8_BRCVer9 brcVer9; if( nBrcVer == 6 ) + { + if (nParamsLen < sizeof(WW8_BRCVer6) + 3) + { + SAL_WARN("sw.ww8", "table border property is too short"); + return; + } brcVer9 = WW8_BRCVer9(WW8_BRC(*reinterpret_cast<WW8_BRCVer6 const *>(pParamsTSetBRC+3))); + } else if( nBrcVer == 8 ) + { + static_assert(sizeof (WW8_BRC) == 4, "this has to match the msword size"); + if (nParamsLen < sizeof(WW8_BRC) + 3) + { + SAL_WARN("sw.ww8", "table border property is too short"); + return; + } brcVer9 = WW8_BRCVer9(*reinterpret_cast<WW8_BRC const *>(pParamsTSetBRC+3)); + } else + { + if (nParamsLen < sizeof(WW8_BRCVer9) + 3) + { + SAL_WARN("sw.ww8", "table border property is too short"); + return; + } brcVer9 = *reinterpret_cast<WW8_BRCVer9 const *>(pParamsTSetBRC+3); + } for( int i = nitcFirst; i < nitcLim; ++i, ++pAktTC ) { @@ -1400,7 +1428,6 @@ void WW8TabBandDesc::ProcessSprmTSetBRC(int nBrcVer, const sal_uInt8* pParamsTSe if( bChangeRight ) pAktTC->rgbrc[ WW8_RIGHT ] = brcVer9; } - } void WW8TabBandDesc::ProcessSprmTTableBorders(int nBrcVer, const sal_uInt8* pParams, sal_uInt16 nParamsLen) @@ -1920,7 +1947,8 @@ WW8TabDesc::WW8TabDesc(SwWW8ImplReader* pIoClass, WW8_CP nStartCp) : sal_uInt16 nTableBordersLen = 0; const sal_uInt8* pTableBorders90 = nullptr; sal_uInt16 nTableBorders90Len = 0; - std::vector<const sal_uInt8*> aTSetBrcs, aTSetBrc90s; + // params, len + std::vector<std::pair<const sal_uInt8*, sal_uInt16>> aTSetBrcs, aTSetBrc90s; WW8_TablePos *pTabPos = nullptr; // search end of a tab row @@ -2023,10 +2051,10 @@ WW8TabDesc::WW8TabDesc(SwWW8ImplReader* pIoClass, WW8_CP nStartCp) : } break; case sprmTSetBrc: - aTSetBrcs.push_back(pParams); // process at end + aTSetBrcs.emplace_back(pParams, nLen); // process at end break; case sprmTSetBrc90: - aTSetBrc90s.push_back(pParams); // process at end + aTSetBrc90s.emplace_back(pParams, nLen); // process at end break; case sprmTDxaCol: pNewBand->ProcessSprmTDxaCol(pParams); @@ -2074,11 +2102,10 @@ WW8TabDesc::WW8TabDesc(SwWW8ImplReader* pIoClass, WW8_CP nStartCp) : else if (pTableBorders) pNewBand->ProcessSprmTTableBorders(bOldVer ? 6 : 8, pTableBorders, nTableBordersLen); - std::vector<const sal_uInt8*>::const_iterator iter; - for (iter = aTSetBrcs.begin(); iter != aTSetBrcs.end(); ++iter) - pNewBand->ProcessSprmTSetBRC(bOldVer ? 6 : 8, *iter); - for (iter = aTSetBrc90s.begin(); iter != aTSetBrc90s.end(); ++iter) - pNewBand->ProcessSprmTSetBRC(9, *iter); + for (const auto& a : aTSetBrcs) + pNewBand->ProcessSprmTSetBRC(bOldVer ? 6 : 8, a.first, a.second); + for (const auto& a : aTSetBrc90s) + pNewBand->ProcessSprmTSetBRC(9, a.first, a.second); } if( nTabeDxaNew < SHRT_MAX ) commit 16de50447abdccf628b6f8241c084dca2b9719d6 Author: Andras Timar <[email protected]> AuthorDate: Thu Sep 9 13:23:43 2021 +0200 Commit: Andras Timar <[email protected]> CommitDate: Mon Oct 18 12:02:49 2021 +0200 curl: upgrade to release 7.78.0 Change-Id: Ie736220197663b22a39840459c21230192925e3e diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index 2de5ea486703..98326a3bdc32 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -2711,7 +2711,7 @@ $(call gb_LinkTarget_set_include,$(1),\ ifeq ($(COM),MSC) $(call gb_LinkTarget_add_libs,$(1),\ - $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \ + $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \ ) else $(call gb_LinkTarget_add_libs,$(1),\ diff --git a/download.lst b/download.lst index 768f985e5ec5..feff3c1c5d90 100644 --- a/download.lst +++ b/download.lst @@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := eaa812e9a871ea10dbe8e1d3f8f12a64a8e3e62aeab18cb23742e2f1727458ae -export CURL_TARBALL := curl-7.61.1.tar.gz +export CURL_SHA256SUM := be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5 +export CURL_TARBALL := curl-7.78.0.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64 diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk index 56c418b6ef0c..1fb360c85ca9 100644 --- a/external/curl/ExternalPackage_curl.mk +++ b/external/curl/ExternalPackage_curl.mk @@ -14,13 +14,13 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl)) ifneq ($(DISABLE_DYNLOADING),TRUE) ifeq ($(COM),MSC) -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll)) else ifeq ($(OS),MACOSX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib)) else ifeq ($(OS),AIX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4)) else -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0)) endif endif # $(DISABLE_DYNLOADING) diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 136e50f3a81c..81886b36fbc5 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -35,20 +35,22 @@ ifeq ($(SYSTEM_NSS),) curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss endif -# use --with-darwinssl on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage +# use --with-secure-transport on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage # use --with-nss only on platforms other than Mac OS X and iOS $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ ./configure \ $(if $(filter IOS MACOSX,$(OS)),\ - --with-darwinssl,\ + --with-secure-transport,\ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \ --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ --without-libssh --without-brotli \ - --disable-ares \ + --without-ngtcp2 --without-quiche \ + --without-zstd --without-hyper --without-gsasl --without-gssapi \ + --disable-mqtt --disable-ares \ --disable-dict --disable-file --disable-gopher --disable-imap \ --disable-ldap --disable-ldaps --disable-manual --disable-pop3 \ --disable-rtsp --disable-smb --disable-smtp --disable-telnet \ diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0 index 2f7fe567460c..2fbb10c2a9aa 100755 --- a/external/curl/clang-cl.patch.0 +++ b/external/curl/clang-cl.patch.0 @@ -4,8 +4,8 @@ !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd --CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) -+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) !ENDIF LFLAGS = /nologo /machine:$(MACHINE) diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 5361433a917b..5bb98fa04741 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -114,7 +114,7 @@ @@ -4663,6 +4739,7 @@ } if(proxy) - infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy); + infof(data, "Uses proxy env variable %s == '%s'", envp, proxy); +#endif /* WIN32 */ return proxy; diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index c8747a5fcc1d..a6d06c69b004 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,18 +2,19 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -733,4 +733,19 @@ +@@ -733,4 +733,20 @@ # define ENABLE_IPV6 1 #endif +#define CURL_DISABLE_DICT 1 +#define CURL_DISABLE_FILE 1 -+//#undef CURL_DISABLE_FTP ++#undef CURL_DISABLE_FTP +#define CURL_DISABLE_GOPHER 1 -+//#undef CURL_DISABLE_HTTP ++#undef CURL_DISABLE_HTTP +#define CURL_DISABLE_IMAP 1 +#define CURL_DISABLE_LDAP 1 +#define CURL_DISABLE_LDAPS 1 ++#define CURL_DISABLE_MQTT 1 +#define CURL_DISABLE_POP3 1 +#define CURL_DISABLE_RTSP 1 +#define CURL_DISABLE_SMB 1 diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 80160958c99d..a5b79a8e9c49 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -6,8 +6,8 @@ MSVC: using SOLARINC !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd --CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL -+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) !ENDIF LFLAGS = /nologo /machine:$(MACHINE) @@ -18,10 +18,10 @@ MSVC: using SOLARINC -RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG) - CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc !ELSE -RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_NODEBUG) $(RTLIB) - CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc !ENDIF diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b3e821039740..f4a0ad4b152f 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,15 +1,5 @@ --- configure +++ configure -@@ -937,8 +937,8 @@ - ZLIB_LIBS - HAVE_LIBZ_FALSE - HAVE_LIBZ_TRUE --HAVE_LIBZ - PKGCONFIG -+HAVE_LIBZ - CURL_DISABLE_GOPHER - CURL_DISABLE_SMTP - CURL_DISABLE_SMB @@ -20709,7 +20709,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS @@ -64,8 +54,8 @@ clean_LIBS=$LIBS -ZLIB_LIBS="" AC_ARG_WITH(zlib, - AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) - AC_HELP_STRING([--without-zlib],[disable use of zlib]), + AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) + AS_HELP_STRING([--without-zlib],[disable use of zlib]), [OPT_ZLIB="$withval"]) if test "$OPT_ZLIB" = "no" ; then
