RepositoryExternal.mk | 2
download.lst | 12
external/expat/expat-winapi.patch | 14
external/liborcus/UnpackedTarball_liborcus.mk | 4
external/liborcus/allow-utf-8-in-xml-names.patch | 301 +++++
external/libxml2/libxml2-config.patch.1 | 4
external/libxml2/libxml2-global-symbols.patch | 4
external/openssl/UnpackedTarball_openssl.mk | 2
external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 | 56
external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 | 578
++++++++++
external/poppler/StaticLibrary_poppler.mk | 22
external/poppler/poppler-config.patch.1 | 72 -
instsetoo_native/CustomTarget_install.mk | 2
postprocess/CustomTarget_signing.mk | 2
postprocess/signing/signing.pl | 3
sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx | 4
shell/source/unix/exec/shellexec.cxx | 4
shell/source/win32/SysShExec.cxx | 64 -
solenv/bin/modules/installer/windows/msp.pm | 2
19 files changed, 1060 insertions(+), 92 deletions(-)
New commits:
commit 392a3409dff21009e9cf5036e86078a8de9cbb1b
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Aug 25 11:32:11 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:56:42 2021 +0200
openssl: add patch for CVE-2021-3712
Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121027
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/external/openssl/UnpackedTarball_openssl.mk
b/external/openssl/UnpackedTarball_openssl.mk
index ad600cce1412..e7fca1116545 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
+ external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
new file mode 100644
index 000000000000..cf809750ecfb
--- /dev/null
+++ b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
@@ -0,0 +1,56 @@
+From ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <m...@openssl.org>
+Date: Tue, 17 Aug 2021 14:41:48 +0100
+Subject: [PATCH] Fix a read buffer overrun in X509_CERT_AUX_print()
+
+This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed
+the same bug but in master/1.1.1 it is in the function X509_aux_print().
+The original commit had the following description:
+
+Fix a read buffer overrun in X509_aux_print().
+
+The ASN1_STRING_get0_data(3) manual explitely cautions the reader
+that the data is not necessarily NUL-terminated, and the function
+X509_alias_set1(3) does not sanitize the data passed into it in any
+way either, so we must assume the return value from X509_alias_get0(3)
+is merely a byte array and not necessarily a string in the sense
+of the C language.
+
+I found this bug while writing manual pages for X509_print_ex(3)
+and related functions. Theo Buehler <t...@openbsd.org> checked my
+patch to fix the same bug in LibreSSL, see
+
+http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
+
+As an aside, note that the function still produces incomplete and
+misleading results when the data contains a NUL byte in the middle
+and that error handling is consistently absent throughout, even
+though the function provides an "int" return value obviously intended
+to be 1 for success and 0 for failure, and even though this function
+is called by another function that also wants to return 1 for success
+and 0 for failure and even does so in many of its code paths, though
+not in others. But let's stay focussed. Many things would be nice
+to have in the wide wild world, but a buffer overflow must not be
+allowed to remain in our backyard.
+
+CVE-2021-3712
+
+Reviewed-by: Paul Dale <pa...@openssl.org>
+---
+ crypto/asn1/t_x509a.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
+index d1b897a469fd..b1bc9d0cd28b 100644
+--- a/crypto/asn1/t_x509a.c
++++ b/crypto/asn1/t_x509a.c
+@@ -104,7 +104,8 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int
indent)
+ } else
+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ if (aux->alias)
+- BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
++ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length,
++ aux->alias->data);
+ if (aux->keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for (i = 0; i < aux->keyid->length; i++)
commit 4d95ebbabceb709cdbddb1adb3862ab9c5e0604e
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Thu Jan 7 10:15:51 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:56:23 2021 +0200
openssl_headers depends on generated opensslconf.h
...at workdir/UnpackedTarball/openssl/include/openssl/opensslconf.h, as can
be
seen with failed builds like
<https://ci.libreoffice.org//job/lo_tb_master_mac/35209>:
[...]
> [build PAT] openssl
> [build C ]
UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw.c
> [build C ]
UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c
> [build DEP] LNK:Library/libclucene.dylib
> [build LNK] Library/libclucene.dylib
> In file included from
/Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/mariadb-connector-c/libmariadb/secure/openssl_crypt.c:21:
>
/Users/tdf/lode/jenkins/workspace/lo_tb_master_mac/workdir/UnpackedTarball/openssl/include/openssl/evp.h:13:11:
fatal error: 'openssl/opensslconf.h' file not found
> # include <openssl/opensslconf.h>
> ^~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
Change-Id: Ied1dcdd0afb6099e9218671c6a06c0edaafc931e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108928
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit 0f7008e91f45cf8e3cee6f372ce012b38a795e26)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108911
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 74b6e9d45a7f97c8723f638a784017be99f3a8c2)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109339
Tested-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index a75ca5097b62..7756ac7d0b7b 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -1551,7 +1551,7 @@ $(call gb_ExternalProject_use_package,$(1),openssl)
endef
define gb_LinkTarget__use_openssl_headers
-$(call gb_LinkTarget_use_external_project,$(1),openssl)
+$(call gb_LinkTarget_use_external_project,$(1),openssl,full)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,openssl)/include \
$$(INCLUDE) \
commit 91eacacfdd85792ae37f06a629ba48710795c86c
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jan 6 17:39:19 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:56:10 2021 +0200
openssl: add patch to fix CVE-2020-1971
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108948
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/external/openssl/UnpackedTarball_openssl.mk
b/external/openssl/UnpackedTarball_openssl.mk
index 719b8b0e5842..ad600cce1412 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/opensslosxppc.patch \
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
+ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
new file mode 100644
index 000000000000..313f9cd870d7
--- /dev/null
+++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
@@ -0,0 +1,578 @@
+diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference
openssl-1.0.2k/crypto/asn1/asn1_err.c
+--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04
10:08:08.506247597 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486
+0100
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0),
"ASN1_item_ex_i2d"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference
openssl-1.0.2k/crypto/asn1/asn1.h
+--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04
11:00:06.896637900 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100
+@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_F_ASN1_ITEM_DUP 191
+ # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+ # define ASN1_F_ASN1_ITEM_EX_D2I 120
++# define ASN1_F_ASN1_ITEM_EX_I2D 231
+ # define ASN1_F_ASN1_ITEM_I2D_BIO 192
+ # define ASN1_F_ASN1_ITEM_I2D_FP 193
+ # define ASN1_F_ASN1_ITEM_PACK 198
+@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_AUX_ERROR 100
+ # define ASN1_R_BAD_CLASS 101
+ # define ASN1_R_BAD_OBJECT_HEADER 102
++# define ASN1_R_BAD_TEMPLATE 230
+ # define ASN1_R_BAD_PASSWORD_READ 103
+ # define ASN1_R_BAD_TAG 104
+ # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference
openssl-1.0.2k/crypto/asn1/tasn_dec.c
+--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04
10:12:42.036057323 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333
+0100
+@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
++
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+ if (*pval) {
+diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference
openssl-1.0.2k/crypto/asn1/tasn_enc.c
+--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04
10:18:30.261472002 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987
+0100
+@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference
openssl-1.0.2k/crypto/x509v3/v3_genn.c
+--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04
10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263
+0100
+@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
+ IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ ASN1_SEQUENCE(EDIPARTYNAME) = {
+- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
++ /* DirectoryString is a CHOICE type so use explicit tagging */
++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ } ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+ IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
+ (char *)a);
+ }
+
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++ int res;
++
++ if (a == NULL || b == NULL) {
++ /*
++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++ */
++ return -1;
++ }
++ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++ return -1;
++ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++ return 1;
++ /* If we get here then both have nameAssigner set, or both unset */
++ if (a->nameAssigner != NULL) {
++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++ if (res != 0)
++ return res;
++ }
++ /*
++ * partyName is required, so these should never be NULL. We treat it in
++ * the same way as the a == NULL || b == NULL case above
++ */
++ if (a->partyName == NULL || b->partyName == NULL)
++ return -1;
++
++ return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ break;
++
+ case GEN_EDIPARTY:
+- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ break;
+
+ case GEN_OTHERNAME:
+@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
+ {
+ switch (type) {
+ case GEN_X400:
++ a->d.x400Address = value;
++ break;
++
+ case GEN_EDIPARTY:
+- a->d.other = value;
++ a->d.ediPartyName = value;
+ break;
+
+ case GEN_OTHERNAME:
+@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
+ *ptype = a->type;
+ switch (a->type) {
+ case GEN_X400:
++ return a->d.x400Address;
++
+ case GEN_EDIPARTY:
+- return a->d.other;
++ return a->d.ediPartyName;
+
+ case GEN_OTHERNAME:
+ return a->d.otherName;
+diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference
openssl-1.0.2k/crypto/x509v3/v3nametest.c
+--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04
10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263
+0100
+@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch
+ }
+ }
+
++struct gennamedata {
++ const unsigned char der[22];
++ size_t derlen;
++} gennames[] = {
++ {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * SEQUENCE {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * [APPLICATION 0] {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { TRUE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { FALSE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
++ },
++ 22
++ }, {
++ /* [1 PRIMITIVE] { "a" } */
++ {
++ 0x81, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [1 PRIMITIVE] { "b" } */
++ {
++ 0x81, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "a" } */
++ {
++ 0x82, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "b" } */
++ {
++ 0x82, 0x01, 0x62
++ },
++ 3
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "a" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x61
++ },
++ 16
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "b" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x62
++ },
++ 16
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String {}
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 11
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /* [6 PRIMITIVE] { "a" } */
++ {
++ 0x86, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [6 PRIMITIVE] { "b" } */
++ {
++ 0x86, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [7 PRIMITIVE] { `11111111` } */
++ {
++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `22222222`} */
++ {
++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
++ {
++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
++ },
++ 18
++ }, {
++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
++ {
++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
++ },
++ 18
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x01
++ },
++ 15
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x02
++ },
++ 15
++ }
++};
++
++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
++
++static int test_GENERAL_NAME_cmp(void)
++{
++ size_t i, j;
++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
++ * OSSL_NELEM(gennames));
++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
++ * OSSL_NELEM(gennames));
++ int testresult = 0;
++
++ if (namesa == NULL || namesb == NULL)
++ goto end;
++
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ const unsigned char *derp = gennames[i].der;
++
++ /*
++ * We create two versions of each GENERAL_NAME so that we ensure when
++ * we compare them they are always different pointers.
++ */
++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ derp = gennames[i].der;
++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ if (namesa[i] == NULL || namesb[i] == NULL)
++ goto end;
++ }
++
++ /* Every name should be equal to itself and not equal to any others. */
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ for (j = 0; j < OSSL_NELEM(gennames); j++) {
++ if (i == j) {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0)
++ goto end;
++ } else {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0)
++ goto end;
++ }
++ }
++ }
++ testresult = 1;
++
++ end:
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ if (namesa != NULL)
++ GENERAL_NAME_free(namesa[i]);
++ if (namesb != NULL)
++ GENERAL_NAME_free(namesb[i]);
++ }
++ OPENSSL_free(namesa);
++ OPENSSL_free(namesb);
++
++ if (!testresult)
++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n");
++
++ return testresult;
++}
++
++
++
+ int main(void)
+ {
+ const struct set_name_fn *pfn = name_fns;
+@@ -342,5 +692,8 @@ int main(void)
+ }
+ ++pfn;
+ }
++
++ errors += !test_GENERAL_NAME_cmp();
++
+ return errors > 0 ? 1 : 0;
+ }
commit 606040235bbd24ade4e62bba4c9c12d7b2e3faa9
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 25 10:44:13 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:55:52 2021 +0200
upgrade to Expat 2.4.1
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index 959dc69352ef..82744c18d324 100644
--- a/download.lst
+++ b/download.lst
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM :=
e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
export ETONYEK_VERSION_MICRO := 9
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM :=
9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102
-export EXPAT_TARBALL := expat-2.2.8.tar.bz2
+export EXPAT_SHA256SUM :=
2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40
+export EXPAT_TARBALL := expat-2.4.1.tar.bz2
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
diff --git a/external/expat/expat-winapi.patch
b/external/expat/expat-winapi.patch
index b33c12b83b4c..bd4da1472fc8 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -11,3 +11,17 @@
# endif
#endif /* not defined XML_STATIC */
+--- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100
++++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600
+0100
+@@ -92,6 +92,11 @@
+
+ #include <expat_config.h>
+
++#ifdef _WIN32
++# undef HAVE_GETRANDOM
++# undef HAVE_SYSCALL_GETRANDOM
++#endif
++
+ #include "ascii.h"
+ #include "expat.h"
+ #include "siphash.h"
commit 7fcd9187a962b0b5dea492ad50e62ff8592784da
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri May 21 13:33:26 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:54:17 2021 +0200
libxml2: upgrade to release 2.9.12
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
diff --git a/download.lst b/download.lst
index 6d2b527f7dfb..959dc69352ef 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM :=
083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM :=
13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4
export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
-export LIBXML_SHA256SUM :=
aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
-export LIBXML_VERSION_MICRO := 10
+export LIBXML_SHA256SUM :=
c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
+export LIBXML_VERSION_MICRO := 12
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
export LIBXSLT_SHA256SUM :=
98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
export LIBXSLT_VERSION_MICRO := 34
diff --git a/external/libxml2/libxml2-config.patch.1
b/external/libxml2/libxml2-config.patch.1
index 8c28fb6a7806..5a2ef1485e92 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR.
+exec_prefix=${WORKDIR}/UnpackedTarball/libxml2
+includedir=${WORKDIR}/UnpackedTarball/libxml2/include
+libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs
+ cflags=
+ libs=
- usage()
- {
@@ -67,7 +72,8 @@
;;
diff --git a/external/libxml2/libxml2-global-symbols.patch
b/external/libxml2/libxml2-global-symbols.patch
index 49ee73731562..cfec9c530281 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -14,8 +14,8 @@
LIBXML2_2.6.32 {
@@ -2231,3 +2231,43 @@
- xmlHashDefaultDeallocator;
- } LIBXML2_2.9.1;
+ xmlPopOutputCallbacks;
+ } LIBXML2_2.9.8;
+# HACK: export global variable accessor functions (globals.h)
+LIBXML2_GLOBAL_VARIABLES {
commit b9fb17bd958ca655291693e56da404bedcd16e53
Author: Luboš Luňák <l.lu...@collabora.com>
AuthorDate: Thu Apr 29 20:10:34 2021 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:52:57 2021 +0200
allow utf-8 in xml names (liborcus) (tdf#141672)
Change-Id: Ib150d55b588a572e4352396f18de2331983b2aae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114892
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lu...@collabora.com>
(cherry picked from commit 6b7c2fa65eb68be520ed4135cc245e33fa22e8bf)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114915
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk
b/external/liborcus/UnpackedTarball_liborcus.mk
index e1d810a49dc2..69622222f342 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -27,6 +27,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/0001-Prevent-unsigned-integer-underflow.patch \
))
+$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
+ external/liborcus/allow-utf-8-in-xml-names.patch \
+))
+
ifeq ($(OS),WNT)
$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/windows-constants-hack.patch \
diff --git a/external/liborcus/allow-utf-8-in-xml-names.patch
b/external/liborcus/allow-utf-8-in-xml-names.patch
new file mode 100644
index 000000000000..e3430881053d
--- /dev/null
+++ b/external/liborcus/allow-utf-8-in-xml-names.patch
@@ -0,0 +1,301 @@
+From fa9b6845ed583f5486372c6ffbc59e02a140d303 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Lu=C5=88=C3=A1k?= <l.lu...@centrum.cz>
+Date: Thu, 29 Apr 2021 19:12:20 +0200
+Subject: [PATCH] allow utf-8 in xml names (#137)
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
+has a list of all allowed characters.
+---
+ include/orcus/sax_parser_base.hpp | 3 +
+ src/orcus_test_xml.cpp | 1 +
+ src/parser/sax_parser_base.cpp | 201 ++++++++++++++++++++++++++++--
+ test/xml/non-ascii/check.txt | 4 +
+ test/xml/non-ascii/input.xml | 4 +
+ 5 files changed, 201 insertions(+), 12 deletions(-)
+ create mode 100644 test/xml/non-ascii/check.txt
+ create mode 100644 test/xml/non-ascii/input.xml
+
+diff --git a/include/orcus/sax_parser_base.hpp
b/include/orcus/sax_parser_base.hpp
+index 9939e133..8394c07b 100644
+--- a/include/orcus/sax_parser_base.hpp
++++ b/include/orcus/sax_parser_base.hpp
+@@ -218,6 +218,9 @@ protected:
+ void element_name(parser_element& elem, std::ptrdiff_t begin_pos);
+ void attribute_name(pstring& attr_ns, pstring& attr_name);
+ void characters_with_encoded_char(cell_buffer& buf);
++
++ int is_name_char();
++ int is_name_start_char();
+ };
+
+ }}
+diff --git a/src/orcus_test_xml.cpp b/src/orcus_test_xml.cpp
+index 8a864d68..35f3dea7 100644
+--- a/src/orcus_test_xml.cpp
++++ b/src/orcus_test_xml.cpp
+@@ -77,6 +77,7 @@ const char* sax_parser_test_dirs[] = {
+ SRCDIR"/test/xml/no-decl-1/",
+ SRCDIR"/test/xml/underscore-identifier/",
+ SRCDIR"/test/xml/self-closing-root/",
++ SRCDIR"/test/xml/non-ascii/",
+ };
+
+ const char* sax_parser_parse_only_test_dirs[] = {
+diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp
+index 97aa34ec..db51ff94 100644
+--- a/src/parser/sax_parser_base.cpp
++++ b/src/parser/sax_parser_base.cpp
+@@ -328,20 +328,182 @@ bool parser_base::value(pstring& str, bool decode)
+ return transient_stream();
+ }
+
++// https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
++// Return length of the character in bytes, otherwise 0.
++template< bool only_start_name >
++static
++int is_name_char_helper(const char* mp_char, const char* mp_end)
++{
++ const unsigned char first = mp_char[0];
++ // Note that ':' technically is an allowed name character, but it is
handled separately
++ // e.g. in element_name(), so here pretend it isn't.
++ if (/*first == ':' ||*/ first == '_' || (first >= 'A' && first <= 'Z') ||
(first >= 'a' && first <= 'z'))
++ return 1;
++ if (!only_start_name && (first == '-' || first == '.' || (first >= '0' &&
first <= '9')))
++ return 1;
++
++ if (first < 0x7f) // other ascii characters are not allowed
++ return 0;
++ if (mp_end < mp_char + 1)
++ return 0;
++ const unsigned char second = mp_char[1];
++
++ // 0xb7 = 0xc2 0xb7 utf-8
++ if (!only_start_name && first == 0xc2 && second == 0xb7)
++ return 2;
++
++ // [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF]
++ // 0xc0 = 0xc3 0x80 utf-8
++ if (first < 0xc3)
++ return 0;
++ // xd7 = 0xc3 0x97 utf-8, 0xf7 = 0xc3 0xb7 utf-8
++ if (first == 0xc3)
++ return second >= 0x80 && second <= 0xff && second != 0x97 && second
!= 0xb7 ? 2 : 0;
++ // 0x2ff = 0xcb 0xbf utf-8, 0x300 = 0xcc 0x80 utf-8
++ if (first >= 0xc4 && first <= 0xcb)
++ return 2;
++
++ // [#x0300-#x036F]
++ // 0x0300 = 0xcc 0x80 utf-8, 0x36f = 0xcd 0xaf utf-8
++ if (!only_start_name && first == 0xcc)
++ return 2;
++ if (!only_start_name && first == 0xcd && second <= 0xaf)
++ return 2;
++
++ // [#x370-#x37D] | [#x37F-#x1FFF]
++ // 0x370 = 0xcd 0xb0 utf-8, 0x37e = 0xcd 0xbe
++ if (first < 0xcd)
++ return 0;
++ if (first == 0xcd)
++ return second >= 0xb0 && second != 0xbe ? 2 : 0;
++ // 0x07ff = 0xdf 0xbf utf-8 (the last 2-byte utf-8)
++ if (first <= 0xdf)
++ return 2;
++
++ if (first < 0xe0)
++ return 0;
++ if (mp_end < mp_char + 2)
++ return 0;
++ const unsigned char third = mp_char[2];
++
++ // 0x0800 = 0xe0 0xa0 0x80 utf-8, 0x1fff = 0xe1 0xbf 0xbf utf-8, 0x2000 =
0xe2 0x80 0x80
++ if (first == 0xe0 || first == 0xe1)
++ return 3;
++
++ // [#x200C-#x200D]
++ // 0x200c = 0xe2 0x80 0x8c utf-8, 0x200d = 0xe2 0x80 0x8d utf-8
++ if (first < 0xe2)
++ return 0;
++ if (first == 0xe2 && second == 0x80 && (third == 0x8c || third == 0x8d))
++ return 3;
++
++ // [#x203F-#x2040]
++ // 0x203f = 0xe2 0x80 0xbf utf-8, 0x2040 = 0xe2 0x81 0x80 utf-8
++ if (!only_start_name && first == 0xe2 && second == 0x80 && third == 0xbf)
++ return 3;
++ if (!only_start_name && first == 0xe2 && second == 0x81 && third == 0x80)
++ return 3;
++
++ // [#x2070-#x218F]
++ // 0x2070 = 0xe2 0x81 0xb0 utf-8, 0x218f = 0xe2 0x86 0x8f utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0x81)
++ return 0;
++ if (second >= 0x81 && second < 0x86)
++ return 3;
++ if (second == 0x86 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#x2C00-#x2FEF]
++ // 0x2c00 = 0xe2 0xb0 0x80 utf-8, 0x2fef = 0xe2 0xbf 0xaf utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0xb0)
++ return 0;
++ if (second < 0xbf)
++ return 3;
++ if (second == 0xbf && third <= 0xaf)
++ return 3;
++ }
++
++ // [#x3001-#xD7FF]
++ // 0x3001 = 0xe3 0x80 0x81 utf-8, 0xd7ff = 0xed 0x9f 0xbf utf-8, 0xd800 =
0xed 0xa0 0x80 utf-8
++ if (first < 0xe3)
++ return 0;
++ if (first < 0xed)
++ return 3;
++ if (first == 0xed && second <= 0x9f)
++ return 3;
++
++ // [#xF900-#xFDCF]
++ // 0xf900 = 0xef 0xa4 0x80 utf-8, 0xfdcf = 0xef 0xb7 0x8f utf-8
++ if (first == 0xef)
++ {
++ if (second < 0xa4)
++ return 0;
++ if (second < 0xb7)
++ return 3;
++ if (second == 0xb7 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#xFDF0-#xFFFD]
++ // 0xfdf0 = 0xef 0xb7 0xb0 utf-8, 0xfffd = 0xef 0xbf 0xbd utf-8
++ if (first == 0xef)
++ {
++ assert(second >= 0xb7);
++ if (second == 0xb7 && third < 0xb0)
++ return 0;
++ if (second < 0xbe)
++ return 3;
++ if (second == 0xbf && third <= 0xbd)
++ return 3;
++ }
++
++ if (first < 0xf0)
++ return 0;
++ if (mp_end < mp_char + 3)
++ return 0;
++ // const unsigned char fourth = mp_char[3];
++
++ // [#x10000-#xEFFFF]
++ // 0x10000 = 0xf0 0x90 0x80 0x80 utf-8, 0xeffff = 0xf3 0xaf 0xbf 0xbf
utf-8,
++ // 0xf0000 = 0xf3 0xb0 0x80 0x80 utf-8
++ if (first >= 0xf0 && first < 0xf2)
++ return 4;
++ if (first == 0xf3 && second < 0xb0)
++ return 4;
++
++ return 0;
++}
++
++int parser_base::is_name_char()
++{
++ return is_name_char_helper<false>(mp_char, mp_end);
++}
++
++int parser_base::is_name_start_char()
++{
++ return is_name_char_helper<true>(mp_char, mp_end);
++}
++
+ void parser_base::name(pstring& str)
+ {
+ const char* p0 = mp_char;
+- char c = cur_char();
+- if (!is_alpha(c) && c != '_')
++ int skip = is_name_start_char();
++ if (skip == 0)
+ {
+ ::std::ostringstream os;
+- os << "name must begin with an alphabet, but got this instead '" << c
<< "'";
++ os << "name must begin with an alphabet, but got this instead '" <<
cur_char() << "'";
+ throw malformed_xml_error(os.str(), offset());
+ }
++ next(skip);
+
+ #if defined(__ORCUS_CPU_FEATURES) && defined(__SSE4_2__)
+
+- const __m128i match = _mm_loadu_si128((const __m128i*)"azAZ09--__");
++ const __m128i match = _mm_loadu_si128((const __m128i*)"azAZ09--__..");
+ const int mode = _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES |
_SIDD_UBYTE_OPS | _SIDD_NEGATIVE_POLARITY;
+
+ size_t n_total = available_size();
+@@ -351,20 +513,35 @@ void parser_base::name(pstring& str)
+ __m128i char_block = _mm_loadu_si128((const __m128i*)mp_char);
+
+ int n = std::min<size_t>(16u, n_total);
+- int r = _mm_cmpestri(match, 10, char_block, n, mode);
++ int r = _mm_cmpestri(match, 12, char_block, n, mode);
+ mp_char += r; // Move the current char position.
++ n_total -= r;
+
+- if (r < 16)
+- // No need to move to the next segment. Stop here.
+- break;
++ if (r < 16 && n_total)
++ {
++ // There is a character that does not match the SSE-based
ASCII-only check.
++ // It may either by an ascii character that is not allowed, in
which case stop,
++ // or it may possibly be an allowed utf-8 character, in which
case move over it
++ // using the slow function.
++ skip = is_name_char();
++ if(skip == 0)
++ break;
++ next(skip);
++ n_total -= skip;
++ }
+
+- // Skip 16 chars to the next segment.
+- n_total -= 16;
+ }
++ cur_char_checked(); // check end of xml stream
+
+ #else
+- while (is_alpha(c) || is_numeric(c) || is_name_char(c))
+- c = next_char_checked();
++ for(;;)
++ {
++ cur_char_checked(); // check end of xml stream
++ skip = is_name_char();
++ if(skip == 0)
++ break;
++ next(skip);
++ }
+ #endif
+
+ str = pstring(p0, mp_char-p0);
+diff --git a/test/xml/non-ascii/check.txt b/test/xml/non-ascii/check.txt
+new file mode 100644
+index 00000000..77b7c003
+--- /dev/null
++++ b/test/xml/non-ascii/check.txt
+@@ -0,0 +1,4 @@
++/Myšička
++/Myšička@jméno="Žužla"
++/Myšička/Nožičky
++/Myšička/Nožičky"4"
+diff --git a/test/xml/non-ascii/input.xml b/test/xml/non-ascii/input.xml
+new file mode 100644
+index 00000000..c516744b
+--- /dev/null
++++ b/test/xml/non-ascii/input.xml
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<Myšička jméno="Žužla">
++ <Nožičky>4</Nožičky>
++</Myšička>
+--
+2.26.2
+
commit dd75371c2ed09dd77624ac2966963e375003996f
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Tue Feb 16 09:30:09 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:52:40 2021 +0200
Improve checkExtension
Change-Id: Iff416a9c5930ad5903f7ee51a2abbc94d5f40800
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110970
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit f456c4dacf700e064e112ef068ff7edb04239754)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110922
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit f19d95986756412e5d72047656eec17a720c5e57)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113049
Tested-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 4c69da98e89e..00384b8bd235 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -409,21 +409,28 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
}
}
pathname = o3tl::toU(path);
+ // ShellExecuteExW appears to ignore trailing dots, so remove them:
+ while (pathname.endsWith(".", &pathname)) {}
auto const n = pathname.lastIndexOf('.');
if (n > pathname.lastIndexOf('\\')) {
auto const ext = pathname.copy(n + 1);
- OUString env;
- if (osl_getEnvironment(OUString("PATHEXT").pData, &env.pData)
!= osl_Process_E_None)
- {
- SAL_INFO("shell", "osl_getEnvironment(PATHEXT) failed");
- }
- if (!(checkExtension(ext, env)
- && checkExtension(
- ext,
-
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;.JAR")))
- {
- throw css::lang::IllegalArgumentException(
- "XSystemShellExecute.execute, cannot process <" +
aCommand + ">", {}, 0);
+ if (!ext.isEmpty()) {
+ OUString env;
+ if (osl_getEnvironment(OUString("PATHEXT").pData,
&env.pData)
+ != osl_Process_E_None)
+ {
+ SAL_INFO("shell", "osl_getEnvironment(PATHEXT)
failed");
+ }
+ if (!(checkExtension(ext, env)
+ && checkExtension(
+ ext,
+
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;"
+ ".JAR;.APPLICATION;.LNK;.SCR")))
+ {
+ throw css::lang::IllegalArgumentException(
+ "XSystemShellExecute.execute, cannot process <" +
aCommand + ">", {},
+ 0);
+ }
}
}
}
commit 672041221a30eb2e8a4b344f74093f1d894802dc
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Tue Jan 28 01:28:24 2020 +0300
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:52:22 2021 +0200
tdf#130216: normalize paths with .. segments
... which obviously are rejected by SHGetFileInfoW and SHParseDisplayName
that it calls internally.
Change-Id: I2f5f3c675ea6aa1c2d92eef30be4399a8d600255
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87565
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87737
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 394f7a4f42d3..4c69da98e89e 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -37,6 +37,7 @@
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <shellapi.h>
+#include <Shlobj.h>
#include <Shobjidl.h>
#include <objbase.h>
@@ -327,21 +328,33 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
+ "> failed with " + OUString::number(e1)),
{}, 0);
}
+ const int MAX_LONG_PATH = 32767; // max longpath on WinNT
+ if (pathname.getLength() >= MAX_LONG_PATH)
+ {
+ throw css::lang::IllegalArgumentException(
+ "XSystemShellExecute.execute, path <" + pathname + "> too
long", {}, 0);
+ }
+ wchar_t path[MAX_LONG_PATH];
+ wcscpy_s(path, o3tl::toW(pathname.getStr()));
for (int i = 0;; ++i) {
+ // tdf#130216: normalize c:\path\to\something\..\else into
c:\path\to\else
+ if (PathResolve(path, nullptr, PRF_VERIFYEXISTS |
PRF_REQUIREABSOLUTE) == 0)
+ {
+ throw css::lang::IllegalArgumentException(
+ "XSystemShellExecute.execute, PathResolve(" +
OUString(o3tl::toU(path))
+ + ") failed",
+ {}, 0);
+ }
SHFILEINFOW info;
- if (SHGetFileInfoW(
- o3tl::toW(pathname.getStr()), 0, &info, sizeof info,
SHGFI_EXETYPE)
- != 0)
+ if (SHGetFileInfoW(path, 0, &info, sizeof info, SHGFI_EXETYPE)
!= 0)
{
throw css::lang::IllegalArgumentException(
"XSystemShellExecute.execute, cannot process <" +
aCommand + ">", {}, 0);
}
- if (SHGetFileInfoW(
- o3tl::toW(pathname.getStr()), 0, &info, sizeof info,
SHGFI_ATTRIBUTES)
- == 0)
+ if (SHGetFileInfoW(path, 0, &info, sizeof info,
SHGFI_ATTRIBUTES) == 0)
{
throw css::lang::IllegalArgumentException(
- "XSystemShellExecute.execute, SHGetFileInfoW(" +
pathname + ") failed", {},
+ "XSystemShellExecute.execute, SHGetFileInfoW(" +
OUString(o3tl::toU(path)) + ") failed", {},
0);
}
if ((info.dwAttributes & SFGAO_LINK) == 0) {
@@ -366,7 +379,7 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
+ o3tl::runtimeToOUString(e3.what())),
{}, 0);
}
- e2 = file->Load(o3tl::toW(pathname.getStr()), STGM_READ);
+ e2 = file->Load(path, STGM_READ);
if (FAILED(e2)) {
throw css::lang::IllegalArgumentException(
("XSystemShellExecute.execute, IPersistFile.Load
failed with "
@@ -380,16 +393,14 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
+ OUString::number(e2)),
{}, 0);
}
- wchar_t path[MAX_PATH];
WIN32_FIND_DATAW wfd;
- e2 = link->GetPath(path, MAX_PATH, &wfd, SLGP_RAWPATH);
+ e2 = link->GetPath(path, SAL_N_ELEMENTS(path), &wfd,
SLGP_RAWPATH);
if (FAILED(e2)) {
throw css::lang::IllegalArgumentException(
("XSystemShellExecute.execute, IShellLink.GetPath
failed with "
+ OUString::number(e2)),
{}, 0);
}
- pathname = o3tl::toU(path);
// Fail at some arbitrary nesting depth, to avoid an infinite
loop:
if (i == 30) {
throw css::lang::IllegalArgumentException(
@@ -397,6 +408,7 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
{}, 0);
}
}
+ pathname = o3tl::toU(path);
auto const n = pathname.lastIndexOf('.');
if (n > pathname.lastIndexOf('\\')) {
auto const ext = pathname.copy(n + 1);
commit ecdb5a911d3c8a97ae59acc554eff78502725ebd
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Nov 25 09:13:12 2020 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:49:59 2021 +0200
Better handling of Java files
Change-Id: Ifa662be39ac7d35241ee31956e2556b7ba3b5a02
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106558
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit 696739056f37430154d6333b8f7228d1c44d09b3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106520
Reviewed-by: Michael Stahl <michael.st...@cib.de>
(cherry picked from commit ec5adc39cbea6d754ef68ab3d03fb16066b27e40)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107060
Tested-by: Michael Stahl <michael.st...@cib.de>
diff --git a/shell/source/unix/exec/shellexec.cxx
b/shell/source/unix/exec/shellexec.cxx
index 313007787489..0810b0534112 100644
--- a/shell/source/unix/exec/shellexec.cxx
+++ b/shell/source/unix/exec/shellexec.cxx
@@ -150,6 +150,10 @@ void SAL_CALL ShellExec::execute( const OUString&
aCommand, const OUString& aPar
{
throw css::lang::IllegalArgumentException(
"XSystemShellExecute.execute, cannot process <" + aCommand
+ ">", {}, 0);
+ } else if (pathname.endsWithIgnoreAsciiCase(".class")
+ || pathname.endsWithIgnoreAsciiCase(".jar"))
+ {
+ dir = true;
}
}
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index c4091616f7d8..394f7a4f42d3 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -407,7 +407,8 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
}
if (!(checkExtension(ext, env)
&& checkExtension(
- ext,
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY")))
+ ext,
+
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;.JAR")))
{
throw css::lang::IllegalArgumentException(
"XSystemShellExecute.execute, cannot process <" +
aCommand + ">", {}, 0);
commit ca3632ad0804b99a614a1a5dcebb10f8bce36b92
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jan 6 19:30:07 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:49:26 2021 +0200
poppler: upgrade to release 21.01.0
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108949
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/download.lst b/download.lst
index 5f7f7dadb8fb..6d2b527f7dfb 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM :=
234f8e573ea57fb6a008e7c1e56bfae1af5d1adf0e65f47555e1ae103874e4df
-export POPPLER_TARBALL := poppler-0.82.0.tar.xz
+export POPPLER_SHA256SUM :=
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
+export POPPLER_TARBALL := poppler-21.01.0.tar.xz
export POSTGRESQL_SHA256SUM :=
a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126
export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
diff --git a/external/poppler/StaticLibrary_poppler.mk
b/external/poppler/StaticLibrary_poppler.mk
index 8bf9f528ee9e..3cc0a95e3617 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -35,6 +35,23 @@ endif
$(eval $(call gb_StaticLibrary_set_generated_cxx_suffix,poppler,cc))
+$(eval $(call gb_StaticLibrary_add_generated_cobjects,poppler,\
+ UnpackedTarball/poppler/poppler/CourierWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldObliqueWidths.pregenerated
\
+ UnpackedTarball/poppler/poppler/HelveticaObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/SymbolWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesRomanWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/ZapfDingbatsWidths.pregenerated \
+))
+
$(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/goo/gfile \
UnpackedTarball/poppler/goo/GooTimer \
@@ -56,8 +73,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
UnpackedTarball/poppler/poppler/Array \
- UnpackedTarball/poppler/poppler/BuiltinFont \
- UnpackedTarball/poppler/poppler/BuiltinFontTables \
+ UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
UnpackedTarball/poppler/poppler/Catalog \
UnpackedTarball/poppler/poppler/CertificateInfo \
@@ -79,6 +95,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Hints \
UnpackedTarball/poppler/poppler/JArithmeticDecoder \
UnpackedTarball/poppler/poppler/JBIG2Stream \
+ UnpackedTarball/poppler/poppler/JSInfo \
UnpackedTarball/poppler/poppler/Lexer \
UnpackedTarball/poppler/poppler/Link \
UnpackedTarball/poppler/poppler/Linearization \
@@ -93,6 +110,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/PageTransition \
UnpackedTarball/poppler/poppler/Parser \
UnpackedTarball/poppler/poppler/PDFDoc \
+ UnpackedTarball/poppler/poppler/PDFDocBuilder \
UnpackedTarball/poppler/poppler/PDFDocEncoding \
UnpackedTarball/poppler/poppler/PDFDocFactory \
UnpackedTarball/poppler/poppler/ProfileData \
diff --git a/external/poppler/poppler-config.patch.1
b/external/poppler/poppler-config.patch.1
index cb74cd66fb5e..b902402ea4e7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -1,5 +1,7 @@
*three* poppler config headers
+note: to get the 3rd one, use -DENABLE_CPP=on
+
mkdir build && cd build && cmake .. -DENABLE_DCTDECODER=libjpeg
-DHAVE_CAIRO=off -DENABLE_LIBOPENJPEG=none -DENABLE_CMS=none
-DENABLE_LIBCURL=off -DENABLE_ZLIB=off -DENABLE_ZLIB_UNCOMPRESS=off
-DENABLE_NSS3=off -DENABLE_LIBPNG=off -DENABLE_LIBTIFF=off -DENABLE_SPLASH=off
-DENABLE_UTILS=off -DENABLE_CPP=off -DENABLE_GLIB=off
-DENABLE_GOBJECT_INTROSPECTION=off -DENABLE_GTK_DOC=off -DENABLE_QT5=off
manually disabled these because cmake failed to do it:
@@ -14,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,221 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -120,21 +122,6 @@ index 0fbd336a..451213f8 100644
+#endif
+
+#if !defined(_WIN32)
-+/* Define to 1 if you have the `rand_r' function. */
-+#define HAVE_RAND_R 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcpy_s' function. */
-+#define HAVE_STRCPY_S 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcat_s' function. */
-+#define HAVE_STRCAT_S 1
-+#endif
-+
-+#if !defined(_WIN32)
+/* Defines if strtok_r is available on your system */
+#define HAVE_STRTOK_R 1
+#endif
@@ -147,9 +134,6 @@ index 0fbd336a..451213f8 100644
+#define HAVE_POPEN 1
+#endif
+
-+/* Use splash for rendering. */
-+/* #undef HAVE_SPLASH */
-+
+#if !defined(__APPLE__) && !defined(_WIN32)
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
@@ -179,9 +163,6 @@ index 0fbd336a..451213f8 100644
+/* Define as const if the declaration of iconv() needs const. */
+#define ICONV_CONST
+
-+/* Enable multithreading support. */
-+#define MULTITHREADED 1
-+
+/* Generate OPI comments in PS output. */
+#define OPI_SUPPORT 1
+
@@ -195,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.82.0"
++#define PACKAGE_STRING "poppler 21.01.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -204,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.82.0"
++#define PACKAGE_VERSION "21.01.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -212,23 +193,17 @@ index 0fbd336a..451213f8 100644
+/* Support for curl based doc builder is compiled in. */
+/* #undef POPPLER_HAS_CURL_SUPPORT */
+
-+/* Include support for CMYK rasterization */
-+/* #undef SPLASH_CMYK */
-+
+/* Enable word list support. */
+#define TEXTOUT_WORD_LIST 1
+
+/* Defines if use cms */
+/* #undef USE_CMS */
+
-+/* Use fixed point arithmetic in the Splash backend */
-+/* #undef USE_FIXEDPOINT */
-+
+/* Use single precision arithmetic in the Splash backend */
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "0.82.0"
++#define VERSION "21.01.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -268,7 +243,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,166 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -288,6 +263,9 @@ index 0fbd336a..451213f8 100644
+// Copyright (C) 2014 Hib Eris <h...@hiberis.nl>
+// Copyright (C) 2016 Tor Lillqvist <t...@collabora.com>
+// Copyright (C) 2017 Adrian Johnson <ajohn...@redneon.com>
++// Copyright (C) 2018 Adam Reichold <adam.reich...@t-online.de>
++// Copyright (C) 2018 Stefan Brüns <stefan.bru...@rwth-aachen.de>
++// Copyright (C) 2020 Albert Astals Cid <aa...@kde.org>
+//
+// To see a description of the changes please see the Changelog file that
+// came with your tarball or type make ChangeLog if you are building from git
@@ -304,17 +282,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.82.0"
-+#endif
-+
-+/* Enable multithreading support. */
-+#ifndef MULTITHREADED
-+#define MULTITHREADED 1
-+#endif
-+
-+/* Use fixedpoint. */
-+#ifndef USE_FIXEDPOINT
-+/* #undef USE_FIXEDPOINT */
++#define POPPLER_VERSION "21.01.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -401,17 +369,17 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_BOOST_HEADERS */
+#endif
+
-+// Also, there are preprocessor symbols in the header files
-+// that are used but never defined when building poppler using configure
-+// or cmake: DISABLE_OUTLINE, DEBUG_MEM,
-+// ENABLE_PLUGINS, DEBUG_FORMS
++/* Is splash backend available */
++#ifndef HAVE_SPLASH
++/* #undef HAVE_SPLASH */
++#endif
+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2018 The Poppler Developers -
http://poppler.freedesktop.org";
++#define popplerCopyright "Copyright 2005-2021 The Poppler Developers -
http://poppler.freedesktop.org";
+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
@@ -429,7 +397,7 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
-+#include <stdio.h> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
++#include <cstdio> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
+#ifdef __MINGW_PRINTF_FORMAT
+#define GCC_PRINTF_FORMAT(fmt_index, va_index) \
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
@@ -471,9 +439,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "0.82.0"
-+#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 82
++#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION_MAJOR 21
++#define POPPLER_VERSION_MINOR 1
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
commit 3c3e46fd87f953d85dce9df5f4e9ed1e5933094b
Author: Martin Whitaker <f...@martin-whitaker.me.uk>
AuthorDate: Fri May 8 21:47:25 2020 +0200
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:49:07 2021 +0200
tdf#131353: Fix build with poppler 0.86.0
Change-Id: I89b4635a6a3e3a5522172d6f4c3f14e6c14994b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93789
Tested-by: René Engelhard <r...@debian.org>
Tested-by: Jenkins
Reviewed-by: Tomáš Chvátal <tchva...@suse.com>
(cherry picked from commit b42ab78fb871924896b3cc38a7b2f1257151f711)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96639
Reviewed-by: Adolfo Jayme Barrientos <fit...@ubuntu.com>
diff --git a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
index 36bab70cc6ad..94e771b9e8dc 100644
--- a/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
+++ b/sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx
@@ -563,7 +563,9 @@ void PDFOutDev::processLink(Link* link, Catalog*)
if (!(pAction && pAction->getKind() == actionURI))
return;
-#if POPPLER_CHECK_VERSION(0, 72, 0)
+#if POPPLER_CHECK_VERSION(0, 86, 0)
+ const char* pURI = static_cast<LinkURI*>(pAction)->getURI().c_str();
+#elif POPPLER_CHECK_VERSION(0, 72, 0)
const char* pURI = static_cast<LinkURI*>(pAction)->getURI()->c_str();
#else
const char* pURI = static_cast<LinkURI*>(pAction)->getURI()->getCString();
commit c5ccacf74d3895ddc9eef6f2d754a46d9a13b8dc
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Wed Apr 18 07:19:00 2018 -0700
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:46:12 2021 +0200
[cp] HACK: sleep before sign
On Windows, with 16x parallel build, build-nocheck target fails,
because it tries to sign a file that is already in use (gengal).
Change-Id: Ic582334f2c02f5e38f49d048fc0425025ffeee41
Reviewed-on: https://gerrit.libreoffice.org/75235
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl
index 769b9efbcc7a..a443984a2a7b 100644
--- a/postprocess/signing/signing.pl
+++ b/postprocess/signing/signing.pl
@@ -41,6 +41,7 @@ my @args = ();
my @files_to_sign = ();
#### main #####
+sleep(120);
$myname = script_id();
if ( $#ARGV < 2 ) {
usage();
commit 339d94c0d95847c18f2a0f8219b0fa7161d6fc43
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Thu Feb 11 08:27:23 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Sat Oct 9 23:46:04 2021 +0200
try to use a different timestamp service
Change-Id: I0fdbe2871d74836d530a69532bf22c17f642c922
diff --git a/instsetoo_native/CustomTarget_install.mk
b/instsetoo_native/CustomTarget_install.mk
index ab620d5844ed..99082b14be22 100644
--- a/instsetoo_native/CustomTarget_install.mk
+++ b/instsetoo_native/CustomTarget_install.mk
@@ -131,7 +131,7 @@ endif
endif # LIBO_TEST_INSTALL
touch $@
-TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll";
+TIMESTAMPURL ?= "http://timestamp.digicert.com/";
$(call gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_signing.done:
\
$(if $(filter HELP,$(BUILD_TYPE)),$(call
gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_helppack_signing.done)
\
$(if $(filter ODK,$(BUILD_TYPE)),$(call
gb_CustomTarget_get_workdir,instsetoo_native/install)/msi_sdk_signing.done) \
diff --git a/postprocess/CustomTarget_signing.mk
b/postprocess/CustomTarget_signing.mk
index 7ba7c5832f17..c2f03ce937a1 100644
--- a/postprocess/CustomTarget_signing.mk
+++ b/postprocess/CustomTarget_signing.mk
@@ -15,7 +15,7 @@ $(eval $(call
gb_CustomTarget_register_targets,postprocess/signing,\
))
# PFXFILE and PFXPASSWORD should be set in environment
-TIMESTAMPURL ?= "http://timestamp.globalsign.com/scripts/timestamp.dll";
+TIMESTAMPURL ?= "http://timestamp.digicert.com/";
$(call gb_CustomTarget_get_workdir,postprocess/signing)/signing.done: \
$(SRCDIR)/postprocess/signing/signing.pl \
diff --git a/postprocess/signing/signing.pl b/postprocess/signing/signing.pl
index ed8065399f05..769b9efbcc7a 100644
--- a/postprocess/signing/signing.pl
+++ b/postprocess/signing/signing.pl
@@ -241,7 +241,7 @@ sub usage #09.07.2007 08:39
print "\t -e filename\t\t\tFile which contains a list of files which don't
have to be signed.\n";
print "\t -f pfx_filename\t\t\"Personal Information Exchange\" file.\n";
print "\t -p password\t\t\tPassword for \"Personal Information Exchange\"
file.\n";
- print "\t -t timestamp\t\t\tTimestamp URL e.g.
\"http://timestamp.verisign.com/scripts/timstamp.dll\"\n";;
+ print "\t -t timestamp\t\t\tTimestamp URL e.g.
\"http://timestamp.digicert.com/\"\n";;
print "\t -l log_filename\t\tFile for logging.\n";
print "\t -v\t\t\t\tVerbose.\n";
} ##usage
diff --git a/solenv/bin/modules/installer/windows/msp.pm
b/solenv/bin/modules/installer/windows/msp.pm
index 1bbeea8d20cb..95f51d846c40 100644
--- a/solenv/bin/modules/installer/windows/msp.pm
+++ b/solenv/bin/modules/installer/windows/msp.pm
@@ -1194,7 +1194,7 @@ sub create_msp_patch
my $systemcall = "signtool.exe sign ";
if ( defined($ENV{'PFXFILE'}) ) { $systemcall .= "-f $ENV{'PFXFILE'}
"; }
if ( defined($ENV{'PFXPASSWORD'}) ) { $systemcall .= "-p
$ENV{'PFXPASSWORD'} "; }
- if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t
$ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t
http://timestamp.globalsign.com/scripts/timestamp.dll "; }
+ if ( defined($ENV{'TIMESTAMPURL'}) ) { $systemcall .= "-t
$ENV{'TIMESTAMPURL'} "; } else { $systemcall .= "-t
http://timestamp.digicert.com/ "; }
$systemcall .= "-d \"" . $allvariables->{'PRODUCTNAME'} . " " .
$allvariables->{'PRODUCTVERSION'} . " Patch " .
$allvariables->{'WINDOWSPATCHLEVEL'} . "\" ";
$systemcall .= $localmspfilename;
installer::logger::print_message( "... code signing and timestamping
with signtool.exe ...\n" );
