download.lst | 4 +- external/poppler/UnpackedTarball_poppler.mk | 2 + external/poppler/disable-freetype.patch.1 | 41 +++++++++++++++++++++++ external/poppler/gcc7-EntityInfo.patch.1 | 48 ++++++++++++++++++++++++++++ external/poppler/pch.patch.0 | 4 +- external/poppler/poppler-config.patch.1 | 27 +++++++-------- sdext/Executable_xpdfimport.mk | 4 ++ 7 files changed, 111 insertions(+), 19 deletions(-)
New commits: commit 16de18eeb5f1b94b699cc5f81bb214298c0f8dfe Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Sep 14 15:54:49 2022 +0200 Commit: Thorsten Behrens <thorsten.behr...@allotropia.de> CommitDate: Thu Sep 15 16:43:20 2022 +0200 poppler: upgrade to release 22.09.0 Fixes CVE-2022-38784 Add external/poppler/disable-freetype.patch.1 to get rid of some new code that unconditionally requires freetype, to avoid building that on WNT/MACOSX. Change-Id: I854d1865286b6fb4112cdf37898cda0203c52f2e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139941 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 8fce9a0a41b1bbebd325fc9d98a79d8decd3950c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139850 Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de> diff --git a/download.lst b/download.lst index 3af8236e81a5..242a342a7b2a 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f export LIBPNG_TARBALL := libpng-1.6.37.tar.xz export LIBTIFF_SHA256SUM := 49307b510048ccc7bc40f2cba6e8439182fe6e654057c1a1683139bf2ecb1dc1 export LIBTIFF_TARBALL := tiff-4.4.0.tar.xz -export POPPLER_SHA256SUM := 7d3493056b5b86413e5c693c2cae02c5c06cd8e618d14c2c31e2c84b67b2313e -export POPPLER_TARBALL := poppler-22.01.0.tar.xz +export POPPLER_SHA256SUM := d7a8f748211359cadb774ba3e18ecda6464b34027045c0648eb30d5852a41e2e +export POPPLER_TARBALL := poppler-22.09.0.tar.xz export POPPLER_DATA_SHA256SUM := 2cec05cd1bb03af98a8b06a1e22f6e6e1a65b1e2f3816cb3069bb0874825f08c export POPPLER_DATA_TARBALL := poppler-data-0.4.11.tar.gz export POSTGRESQL_SHA256SUM := 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk index b790693889d3..5726814fee82 100644 --- a/external/poppler/UnpackedTarball_poppler.mk +++ b/external/poppler/UnpackedTarball_poppler.mk @@ -16,6 +16,8 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,poppler,0)) $(eval $(call gb_UnpackedTarball_add_patches,poppler,\ external/poppler/poppler-config.patch.1 \ external/poppler/pch.patch.0 \ + external/poppler/disable-freetype.patch.1 \ + external/poppler/gcc7-EntityInfo.patch.1 \ )) ifneq ($(filter -fsanitize=%,$(CC)),) diff --git a/external/poppler/disable-freetype.patch.1 b/external/poppler/disable-freetype.patch.1 new file mode 100644 index 000000000000..d59006eba979 --- /dev/null +++ b/external/poppler/disable-freetype.patch.1 @@ -0,0 +1,41 @@ +disable freetype dependent code + +--- poppler/poppler/Form.cc.orig 2022-09-14 15:46:48.588316681 +0200 ++++ poppler/poppler/Form.cc 2022-09-14 15:48:01.468274551 +0200 +@@ -46,7 +46,7 @@ + #include <cstdlib> + #include <cstring> + #include <cctype> +-#include "goo/ft_utils.h" ++//#include "goo/ft_utils.h" + #include "goo/gmem.h" + #include "goo/gfile.h" + #include "goo/GooString.h" +@@ -77,8 +77,8 @@ + #include "fofi/FoFiTrueType.h" + #include "fofi/FoFiIdentifier.h" + +-#include <ft2build.h> +-#include FT_FREETYPE_H ++//#include <ft2build.h> ++//#include FT_FREETYPE_H + + // return a newly allocated char* containing an UTF16BE string of size length + char *pdfDocEncodingToUTF16(const std::string &orig, int *length) +@@ -2730,6 +2730,8 @@ + + Form::AddFontResult Form::addFontToDefaultResources(const std::string &filepath, int faceIndex, const std::string &fontFamily, const std::string &fontStyle) + { ++ return {}; ++#if 0 + if (!GooString::endsWith(filepath, ".ttf") && !GooString::endsWith(filepath, ".ttc") && !GooString::endsWith(filepath, ".otf")) { + error(errIO, -1, "We only support embedding ttf/ttc/otf fonts for now. The font file for {0:s} {1:s} was {2:s}", fontFamily.c_str(), fontStyle.c_str(), filepath.c_str()); + return {}; +@@ -2939,6 +2941,7 @@ + } + + return { dictFontName, fontDictRef }; ++#endif + } + + std::string Form::getFallbackFontForChar(Unicode uChar, const GfxFont &fontToEmulate) const diff --git a/external/poppler/gcc7-EntityInfo.patch.1 b/external/poppler/gcc7-EntityInfo.patch.1 new file mode 100644 index 000000000000..b450bff93af9 --- /dev/null +++ b/external/poppler/gcc7-EntityInfo.patch.1 @@ -0,0 +1,48 @@ +gcc 7.3.1 says: + +workdir/UnpackedTarball/poppler/poppler/CertificateInfo.cc:42:34: error: function ‘X509CertificateInfo::EntityInfo& X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo&&)’ defaulted on its redeclaration with an exception-specification that differs from the implicit exception-specification ‘’ + +--- poppler/poppler/CertificateInfo.h.orig 2022-09-14 19:32:12.426351385 +0200 ++++ poppler/poppler/CertificateInfo.h 2022-09-14 19:32:18.947347812 +0200 +@@ -70,7 +70,7 @@ + ~EntityInfo(); + + EntityInfo(EntityInfo &&) noexcept; +- EntityInfo &operator=(EntityInfo &&) noexcept; ++ EntityInfo &operator=(EntityInfo &&) /*noexcept*/; + + EntityInfo(const EntityInfo &) = delete; + EntityInfo &operator=(const EntityInfo &) = delete; +--- poppler/poppler/CertificateInfo.cc.orig 2022-09-14 19:31:10.225385467 +0200 ++++ poppler/poppler/CertificateInfo.cc 2022-09-14 19:31:12.572384182 +0200 +@@ -39,7 +39,7 @@ + + X509CertificateInfo::EntityInfo::EntityInfo(X509CertificateInfo::EntityInfo &&other) noexcept = default; + +-X509CertificateInfo::EntityInfo &X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo &&other) noexcept = default; ++X509CertificateInfo::EntityInfo &X509CertificateInfo::EntityInfo::operator=(X509CertificateInfo::EntityInfo &&other) /*noexcept*/ = default; + + X509CertificateInfo::X509CertificateInfo() : ku_extensions(KU_NONE), cert_version(-1), is_self_signed(false) { } + +--- poppler/poppler/GfxFont.cc.orig 2022-09-14 20:24:32.569607333 +0200 ++++ poppler/poppler/GfxFont.cc 2022-09-14 20:24:52.323596186 +0200 +@@ -180,7 +180,7 @@ + + GfxFontLoc::GfxFontLoc(GfxFontLoc &&other) noexcept = default; + +-GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) noexcept = default; ++GfxFontLoc &GfxFontLoc::operator=(GfxFontLoc &&other) /*noexcept*/ = default; + + void GfxFontLoc::setPath(GooString *pathA) + { +--- poppler/poppler/GfxFont.h.orig 2022-09-14 20:24:30.784608340 +0200 ++++ poppler/poppler/GfxFont.h 2022-09-14 20:25:08.850586861 +0200 +@@ -124,7 +124,7 @@ + GfxFontLoc(const GfxFontLoc &) = delete; + GfxFontLoc(GfxFontLoc &&) noexcept; + GfxFontLoc &operator=(const GfxFontLoc &) = delete; +- GfxFontLoc &operator=(GfxFontLoc &&other) noexcept; ++ GfxFontLoc &operator=(GfxFontLoc &&other) /*noexcept*/; + + // Set the 'path' string from a GooString on the heap. + // Ownership of the object is taken. diff --git a/external/poppler/pch.patch.0 b/external/poppler/pch.patch.0 index 89b165f53511..9ffeeb8421f5 100644 --- a/external/poppler/pch.patch.0 +++ b/external/poppler/pch.patch.0 @@ -2,10 +2,10 @@ +++ ./goo/gdir.h 2021-11-03 15:16:04.306277081 +0100 @@ -37,6 +37,8 @@ - #include "poppler-config.h" + #include <memory> +#include "gfile.h" + class GooString; - //------------------------------------------------------------------------ + #if defined(_WIN32) diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1 index 2a24d4510197..455a88e2afc4 100644 --- a/external/poppler/poppler-config.patch.1 +++ b/external/poppler/poppler-config.patch.1 @@ -16,7 +16,7 @@ new file mode 100644 index 0fbd336a..451213f8 100644 --- /dev/null +++ b/config.h -@@ -0,0 +1,223 @@ +@@ -0,0 +1,220 @@ +/* config.h. Generated from config.h.cmake by cmake. */ + +/* Build against libcurl. */ @@ -105,9 +105,6 @@ index 0fbd336a..451213f8 100644 +#define HAVE_TIMEGM 1 +#endif + -+/* Define if you have the iconv() function and it works. */ -+/* #undef HAVE_ICONV */ -+ +/* Define to 1 if you have the `z' library (-lz). */ +/* #undef HAVE_LIBZ */ + @@ -176,7 +173,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_NAME "poppler" + +/* Define to the full name and version of this package. */ -+#define PACKAGE_STRING "poppler 21.11.0" ++#define PACKAGE_STRING "poppler 22.09.0" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "poppler" @@ -185,7 +182,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_URL "" + +/* Define to the version of this package. */ -+#define PACKAGE_VERSION "21.11.0" ++#define PACKAGE_VERSION "22.09.0" + +/* Poppler data dir */ +#define POPPLER_DATADIR "/usr/local/share/poppler" @@ -203,7 +200,7 @@ index 0fbd336a..451213f8 100644 +/* #undef USE_FLOAT */ + +/* Version number of package */ -+#define VERSION "21.11.0" ++#define VERSION "22.09.0" + +#if defined(__APPLE__) +#elif defined (_WIN32) @@ -229,7 +226,7 @@ index 0fbd336a..451213f8 100644 +#define popen _popen +#define pclose _pclose +#define strncasecmp _strnicmp -+// error C4005: "strcasecmp": macro redefinition #define strcasecmp _stricmp ++#define strcasecmp _stricmp +#endif + +/* Number of bits in a file offset, on hosts where this is settable. */ @@ -250,7 +247,7 @@ index 0fbd336a..451213f8 100644 +// +// poppler-config.h +// -+// Copyright 1996-2011 Glyph & Cog, LLC ++// Copyright 1996-2011, 2022 Glyph & Cog, LLC +// +//======================================================================== + @@ -284,7 +281,7 @@ index 0fbd336a..451213f8 100644 + +/* Defines the poppler version. */ +#ifndef POPPLER_VERSION -+#define POPPLER_VERSION "21.11.0" ++#define POPPLER_VERSION "22.09.0" +#endif + +/* Use single precision arithmetic in the Splash backend */ @@ -376,8 +373,8 @@ index 0fbd336a..451213f8 100644 +//------------------------------------------------------------------------ + +// copyright notice -+#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org" -+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC" ++#define popplerCopyright "Copyright 2005-2022 The Poppler Developers - http://poppler.freedesktop.org" ++#define xpdfCopyright "Copyright 1996-2011, 2022 Glyph & Cog, LLC" + +//------------------------------------------------------------------------ +// Win32 stuff @@ -436,9 +433,9 @@ index 0fbd336a..451213f8 100644 + +#include "poppler-global.h" + -+#define POPPLER_VERSION "21.11.0" -+#define POPPLER_VERSION_MAJOR 21 -+#define POPPLER_VERSION_MINOR 11 ++#define POPPLER_VERSION "22.09.0" ++#define POPPLER_VERSION_MAJOR 22 ++#define POPPLER_VERSION_MINOR 9 +#define POPPLER_VERSION_MICRO 0 + +namespace poppler diff --git a/sdext/Executable_xpdfimport.mk b/sdext/Executable_xpdfimport.mk index 495671a4ecae..e8b6f7a90837 100644 --- a/sdext/Executable_xpdfimport.mk +++ b/sdext/Executable_xpdfimport.mk @@ -22,6 +22,10 @@ $(eval $(call gb_Executable_add_exception_objects,xpdfimport,\ sdext/source/pdfimport/xpdfwrapper/wrapper_gpl \ )) +$(eval $(call gb_Executable_use_system_win32_libs,xpdfimport,\ + shell32 \ +)) + $(eval $(call gb_Executable_add_default_nativeres,xpdfimport)) ifneq ($(SYSTEM_POPPLER),)