[Libreoffice-commits] core.git: Branch 'feature/cib_contract138c' - 8 commits - download.lst external/nss external/openssl external/poppler external/postgresql external/python3 external/redland RepositoryExternal.mk sc/source shell/source solenv/flatpak-manifest.in
Michael Stahl (via logerrit)
logerrit at kemper.freedesktop.org
Mon Mar 29 08:24:42 UTC 2021
Rebased ref, commits from common ancestor:
commit 69106c20bb8e30c0dc7f6ff038f9411807898fbf
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Feb 17 12:24:08 2021 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Mon Mar 29 09:57:59 2021 +0300
python3: add patch for CVE-2021-3177
Looks like Python 3.5 is EOL, so backport the patch.
Change-Id: I9ba397b3ed7e5f4ee4f78b144d822ce260ca9fb4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111059
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
new file mode 100644
index 000000000000..fdcc5cb65267
--- /dev/null
+++ b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
@@ -0,0 +1,175 @@
+From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson <benjamin at python.org>
+Date: Mon, 18 Jan 2021 15:11:46 -0600
+Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24250)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benjamin at python.org>
+---
+ Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 55 +++++++------------
+ 3 files changed, 66 insertions(+), 34 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
+index e4c25fd880..531894fdec 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ self.assertRaises(ArgumentError, func, 99)
+
+
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
++
+ ################################################################
+
+ if __name__ == '__main__':
+diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+new file mode 100644
+index 0000000000..7df65a156f
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+@@ -0,0 +1,2 @@
++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
++:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index 70e416b950..9fcf95f543 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -451,54 +451,43 @@ PyCArg_dealloc(PyCArgObject *self)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+
+ #ifdef HAVE_LONG_LONG
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+-#ifdef MS_WIN32
+- "<cparam '%c' (%I64d)>",
+-#else
+- "<cparam '%c' (%qd)>",
+-#endif
++ return PyUnicode_FromFormat("<cparam '%c' (%qd)>",
+ self->tag, self->value.q);
+- break;
+ #endif
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
+-
++ case 'f': {
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++ if (f == NULL) {
++ return NULL;
++ }
++ { PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
++ Py_DECREF(f);
++ return result; }
++ }
+ case 'c':
+- sprintf(buffer, "<cparam '%c' (%c)>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+- break;
+
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -507,16 +495,14 @@ PyCArg_repr(PyCArgObject *self)
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ break;
+
+ default:
+- sprintf(buffer, "<cparam '%c' at %p>",
+- self->tag, self);
+- break;
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
++ (unsigned char)self->tag, (void *)self);
+ }
+- return PyUnicode_FromString(buffer);
+ }
+
+ static PyMemberDef PyCArgType_members[] = {
+--
+2.29.2
+
diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk
index ee99de1f5e0c..81a392f76f48 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\
external/python3/ubsan.patch.0 \
external/python3/python-3.5.tweak.strip.soabi.patch \
external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \
+ external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 \
))
ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),)
commit 4bc1b9066ecc2374e09e2d8a6180be4dfff2b832
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Tue Jan 19 15:38:05 2021 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Mon Mar 29 09:57:59 2021 +0300
postgresql: upgrade to release 13.1
Fixes CVE-2020-25694, plus a bunch more CVE that don't look relevant.
* --with-krb5 no longer exists, neither does --disable-shared
* remove internal-zlib.patch.1:
zlib is only used by pg_* tools / contrib/pgcrypto
* remove postgresql-libs-leak.patch:
some relic from pre-gbuild times, not clear what the point is for
static libs
* remove postgresql-9.2.1-libreoffice.patch:
another dmake .mk file relic, and the win32 nmake build system was
removed
* add postgres-msvc-build.patch.1 to fix Cygwin perl and openssl
* on WNT, libpq.dll is now built, no longer static lib
postgresql: fix mistake in RepositoryExternal.mk
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109640
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 234833f7823a1424b62c93e145f0cfe2c6b6efd5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109698
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
(cherry picked from commit 1362bf7fa2957d34a7cef18dd95ede22cc42787f)
Change-Id: Ic0232a28801b2f604d9f4e33d5621ae3362defaa
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 98cd8975f437..ad97513d677e 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -3050,9 +3050,15 @@ endef
else # !SYSTEM_POSTGRESQL
+ifeq ($(OS),WNT)
+$(eval $(call gb_Helper_register_packages_for_install,postgresqlsdbc,\
+ postgresql \
+))
+endif # WNT
+
define gb_LinkTarget__use_postgresql
-$(call gb_LinkTarget_use_external_project,$(1),postgresql)
+$(call gb_LinkTarget_use_external_project,$(1),postgresql,full)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,postgresql)/src/include \
@@ -3060,19 +3066,21 @@ $(call gb_LinkTarget_set_include,$(1),\
$$(INCLUDE) \
)
+ifeq ($(OS),WNT)
+
$(call gb_LinkTarget_add_libs,$(1),\
- $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.lib \
)
-ifeq ($(OS),WNT)
-$(call gb_LinkTarget_use_external,$(1),openssl)
+else # WNT
-$(call gb_LinkTarget_use_system_win32_libs,$(1),\
- secur32 \
- ws2_32 \
+$(call gb_LinkTarget_add_libs,$(1),\
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/common/libpgcommon$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/port/libpgport$(gb_StaticLibrary_PLAINEXT) \
)
-endif
+endif # WNT
endef
diff --git a/download.lst b/download.lst
index 340a8d2d21e7..e2cb3002a8a2 100644
--- a/download.lst
+++ b/download.lst
@@ -208,8 +208,8 @@ export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
export POPPLER_TARBALL := poppler-21.01.0.tar.xz
-export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126
-export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2
+export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
+export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
export PYTHON_TARBALL := Python-3.5.9.tar.xz
export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
diff --git a/external/postgresql/ExternalPackage_postgresql.mk b/external/postgresql/ExternalPackage_postgresql.mk
new file mode 100644
index 000000000000..f6c9a9bb6deb
--- /dev/null
+++ b/external/postgresql/ExternalPackage_postgresql.mk
@@ -0,0 +1,16 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalPackage_ExternalPackage,postgresql,postgresql))
+
+$(eval $(call gb_ExternalPackage_use_external_project,postgresql,postgresql))
+
+$(eval $(call gb_ExternalPackage_add_file,postgresql,$(LIBO_LIB_FOLDER)/libpq.dll,$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.dll))
+
+# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/ExternalProject_postgresql.mk b/external/postgresql/ExternalProject_postgresql.mk
index f6617e52fcd8..1e0c7d848047 100644
--- a/external/postgresql/ExternalProject_postgresql.mk
+++ b/external/postgresql/ExternalProject_postgresql.mk
@@ -12,7 +12,6 @@ $(eval $(call gb_ExternalProject_ExternalProject,postgresql))
$(eval $(call gb_ExternalProject_use_externals,postgresql,\
openldap \
openssl \
- zlib \
))
$(eval $(call gb_ExternalProject_register_targets,postgresql,\
@@ -25,8 +24,9 @@ $(eval $(call gb_ExternalProject_use_nmake,postgresql,build))
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_ExternalProject_run,build,\
- nmake -f win32.mak USE_SSL=1 USE_LDAP=1 \
- ,src)
+ MSBFLAGS=/p:Platform=$(if $(filter X86_64,$(CPUNAME)),x64,Win32) \
+ $(PERL) build.pl $(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release) libpq \
+ ,src/tools/msvc)
else
@@ -55,20 +55,24 @@ postgresql_LDFLAGS += \
endif
+# note: as of 13.1, zlib is not needed by libpq
+# passing MAKELEVEL=0 is required to find internal headers
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_ExternalProject_run,build,\
./configure \
- --without-readline --disable-shared --with-ldap \
+ --without-readline \
+ --without-zlib \
+ --with-ldap \
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
$(if $(DISABLE_OPENSSL),,--with-openssl \
- $(if $(WITH_KRB5), --with-krb5) \
$(if $(WITH_GSSAPI),--with-gssapi)) \
+ CFLAGS="-fPIC" \
CPPFLAGS="$(postgresql_CPPFLAGS)" \
LDFLAGS="$(postgresql_LDFLAGS)" \
EXTRA_LDAP_LIBS="-llber -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4" \
&& cd src/interfaces/libpq \
- && MAKEFLAGS= && $(MAKE) all-static-lib)
+ && MAKEFLAGS= && $(MAKE) MAKELEVEL=0 all-static-lib)
endif
diff --git a/external/postgresql/Module_postgresql.mk b/external/postgresql/Module_postgresql.mk
index 1f655c6e5034..7ea89dad3b39 100644
--- a/external/postgresql/Module_postgresql.mk
+++ b/external/postgresql/Module_postgresql.mk
@@ -14,4 +14,10 @@ $(eval $(call gb_Module_add_targets,postgresql,\
UnpackedTarball_postgresql \
))
+ifeq ($(OS),WNT)
+$(eval $(call gb_Module_add_targets,postgresql,\
+ ExternalPackage_postgresql \
+))
+endif # WNT
+
# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/UnpackedTarball_postgresql.mk b/external/postgresql/UnpackedTarball_postgresql.mk
index a7e57ab93301..390a5fc6f966 100644
--- a/external/postgresql/UnpackedTarball_postgresql.mk
+++ b/external/postgresql/UnpackedTarball_postgresql.mk
@@ -11,19 +11,11 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,postgresql))
$(eval $(call gb_UnpackedTarball_set_tarball,postgresql,$(POSTGRESQL_TARBALL),,postgresql))
-$(eval $(call gb_UnpackedTarball_set_patchlevel,postgresql,3))
-
$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
- external/postgresql/postgresql-libs-leak.patch \
- external/postgresql/postgresql-9.2.1-libreoffice.patch \
- external/postgresql/windows.patch.0 \
+ external/postgresql/postgres-msvc-build.patch.1 \
))
-ifeq ($(SYSTEM_ZLIB),)
-$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
- external/postgresql/internal-zlib.patch.1 \
-))
-endif
+$(eval $(call gb_UnpackedTarball_add_file,postgresql,src/tools/msvc/config.pl,external/postgresql/config.pl))
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,postgresql))
diff --git a/external/postgresql/config.pl b/external/postgresql/config.pl
new file mode 100644
index 000000000000..ae163ebbd166
--- /dev/null
+++ b/external/postgresql/config.pl
@@ -0,0 +1 @@
+$config->{openssl} = "$ENV{WORKDIR}/UnpackedTarball/openssl";
diff --git a/external/postgresql/internal-zlib.patch.1 b/external/postgresql/internal-zlib.patch.1
deleted file mode 100644
index ac2b728e1314..000000000000
--- a/external/postgresql/internal-zlib.patch.1
+++ /dev/null
@@ -1,29 +0,0 @@
-diff -up postgresql/configure.dt postgresql/configure
---- postgresql/configure.dt 2016-11-03 17:34:17.282388226 +0100
-+++ postgresql/configure 2016-11-03 17:34:35.004202484 +0100
-@@ -8566,13 +8566,13 @@ fi
-
- if test "$with_zlib" = yes; then
-
--{ $as_echo "$as_me:$LINENO: checking for inflate in -lz" >&5
--$as_echo_n "checking for inflate in -lz... " >&6; }
-+{ $as_echo "$as_me:$LINENO: checking for inflate in -lzlib" >&5
-+$as_echo_n "checking for inflate in -lzlib... " >&6; }
- if test "${ac_cv_lib_z_inflate+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_check_lib_save_LIBS=$LIBS
--LIBS="-lz $LIBS"
-+LIBS="-lzlib $LIBS"
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
-@@ -8636,7 +8636,7 @@ if test "x$ac_cv_lib_z_inflate" = x""yes
- #define HAVE_LIBZ 1
- _ACEOF
-
-- LIBS="-lz $LIBS"
-+ LIBS="-lzlib $LIBS"
-
- else
- { { $as_echo "$as_me:$LINENO: error: zlib library not found
diff --git a/external/postgresql/postgres-msvc-build.patch.1 b/external/postgresql/postgres-msvc-build.patch.1
new file mode 100644
index 000000000000..4ccd82aa28fb
--- /dev/null
+++ b/external/postgresql/postgres-msvc-build.patch.1
@@ -0,0 +1,110 @@
+Cygwin perl calls /bin/sh which can't resolve to .exe
+
+Also Cygwin perl has $Config{osname} different from MSWin32, and why even check that?
+
+--- postgresql/src/tools/msvc/build.pl.orig 2021-01-19 17:36:09.801463500 +0100
++++ postgresql/src/tools/msvc/build.pl 2021-01-19 17:36:20.426821300 +0100
+@@ -55,13 +55,13 @@
+ if ($buildwhat)
+ {
+ system(
+- "msbuild $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
++ "msbuild.exe $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
+ );
+ }
+ else
+ {
+ system(
+- "msbuild pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
++ "msbuild.exe pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
+ );
+ }
+
+--- postgresql/src/tools/msvc/Project.pm.orig 2021-01-19 17:59:18.799237700 +0100
++++ postgresql/src/tools/msvc/Project.pm 2021-01-19 17:59:48.487711700 +0100
+@@ -22,7 +22,7 @@
+ my $self = {
+ name => $name,
+ type => $type,
+- guid => $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE',
++ guid => Win32::GuidGen(),
+ files => {},
+ references => [],
+ libraries => [],
+--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 18:03:04.594229100 +0100
++++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 18:04:13.677610100 +0100
+@@ -59,7 +59,7 @@
+ {
+ my $self = shift;
+
+- if ($^O eq "MSWin32")
++ if (1) #($^O eq "MSWin32")
+ {
+ # Examine CL help output to determine if we are in 32 or 64-bit mode.
+ my $output = `cl /? 2>&1`;
+@@ -1081,7 +1081,7 @@
+ }
+ if ($fld ne "")
+ {
+- $flduid{$fld} = $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE';
++ $flduid{$fld} = Win32::GuidGen();
+ print $sln <<EOF;
+ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "$fld", "$fld", "$flduid{$fld}"
+ EndProject
+--- postgresql/src/tools/msvc/VSObjectFactory.pm.orig 2021-01-19 18:06:42.633421700 +0100
++++ postgresql/src/tools/msvc/VSObjectFactory.pm 2021-01-19 18:06:28.663523200 +0100
+@@ -111,7 +111,7 @@
+
+ sub DetermineVisualStudioVersion
+ {
+- if ($^O eq "MSWin32")
++ if (1) # ($^O eq "MSWin32")
+ {
+ # To determine version of Visual Studio we use nmake as it has
+ # existed for a long time and still exists in current Visual
+--- postgresql/src/tools/msvc/Mkvcbuild.pm.orig 2021-01-19 18:23:59.830153900 +0100
++++ postgresql/src/tools/msvc/Mkvcbuild.pm 2021-01-19 18:24:04.095411300 +0100
+@@ -9,7 +9,7 @@
+ use warnings;
+
+ use Carp;
+-use if ($^O eq "MSWin32"), 'Win32';
++use Win32;
+ use Project;
+ use Solution;
+ use Cwd;
+--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 20:27:21.366237600 +0100
++++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 20:28:17.773662900 +0100
+@@ -126,7 +126,8 @@
+ # openssl.exe is in the specified directory.
+ # Quote the .exe name in case it has spaces
+ my $opensslcmd =
+- qq("$self->{options}->{openssl}\\bin\\openssl.exe" version 2>&1);
++ qq("$self->{options}->{openssl}\\out32dll\\openssl.exe" version 2>&1);
++ print "$opensslcmd";
+ my $sslout = `$opensslcmd`;
+
+ $? >> 8 == 0
+@@ -964,8 +964,8 @@
+ # On both Win32 and Win64 the same library
+ # names are used without a debugging context.
+ $dbgsuffix = 0;
+- $libsslpath = '\lib\libssl.lib';
+- $libcryptopath = '\lib\libcrypto.lib';
++ $libsslpath = '\libssl.lib';
++ $libcryptopath = '\libcrypto.lib';
+ }
+
+ $proj->AddLibrary($self->{options}->{openssl} . $libsslpath,
+@@ -990,9 +990,9 @@
+ # to be here, so don't ask for it in last
+ # parameter.
+ $proj->AddLibrary(
+- $self->{options}->{openssl} . '\lib\ssleay32.lib', 0);
++ $self->{options}->{openssl} . '\out32dll\ssleay32.lib', 0);
+ $proj->AddLibrary(
+- $self->{options}->{openssl} . '\lib\libeay32.lib', 0);
++ $self->{options}->{openssl} . '\out32dll\libeay32.lib', 0);
+ }
+ }
+ }
diff --git a/external/postgresql/postgresql-9.2.1-libreoffice.patch b/external/postgresql/postgresql-9.2.1-libreoffice.patch
deleted file mode 100644
index 174ee8551a78..000000000000
--- a/external/postgresql/postgresql-9.2.1-libreoffice.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- misc/build/postgresql-9.1.1/src/interfaces/libpq/Makefile 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/Makefile 2011-12-15 09:02:18.000000000 +0100
-@@ -148,3 +148,6 @@
- maintainer-clean: distclean maintainer-clean-lib
- $(MAKE) -C test $@
- rm -f libpq-dist.rc
-+
-+libpq-flags.mk:
-+ @printf '%s\n' 'LIBPQ_DEP_LIBS+=$(SHLIB_LINK)' > '$@'
---- misc/build/postgresql-9.1.1/src/interfaces/libpq/win32.mak 2011-12-14 14:28:59.000000000 +0100
-+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/win32.mak 2011-12-15 09:11:37.000000000 +0100
-@@ -11,14 +11,12 @@
- !ENDIF
-
- !IFDEF DEBUG
--OPT=/Od /Zi /MDd
-+OPT=/Od /Zi
- LOPT=/DEBUG
--DEBUGDEF=/D _DEBUG
--OUTFILENAME=libpqd
-+OUTFILENAME=libpq
- !ELSE
- OPT=/O2 /MD
- LOPT=
--DEBUGDEF=/D NDEBUG
- OUTFILENAME=libpq
- !ENDIF
-
-@@ -67,18 +66,11 @@
- CPP=cl.exe
- RSC=rc.exe
-
--!IFDEF DEBUG
--OUTDIR=.\Debug
--INTDIR=.\Debug
--CPP_OBJS=.\Debug/
--!ELSE
--OUTDIR=.\Release
--INTDIR=.\Release
--CPP_OBJS=.\Release/
--!ENDIF
--
-+OUTDIR=.
-+INTDIR=.
-+CPP_OBJS=./
-
--ALL : config "$(OUTDIR)\$(OUTFILENAME).lib" "$(OUTDIR)\$(OUTFILENAME).dll"
-+ALL : config "$(OUTDIR)\$(OUTFILENAME).lib"
-
- CLEAN :
- - at erase "$(INTDIR)\getaddrinfo.obj"
-@@ -178,10 +170,11 @@
- "$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
--CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. /I "$(SSL_INC)" \
-+CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. $(SOLARINC) /I $(WORKDIR)/UnpackedTarball/openssl/include \
- /D "FRONTEND" $(DEBUGDEF) \
- /D "WIN32" /D "_WINDOWS" /Fp"$(INTDIR)\libpq.pch" \
- /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c \
-+ /D "_CRT_NONSTDC_NO_DEPRECATE" \
- /D "_CRT_SECURE_NO_DEPRECATE" $(ADD_DEFINES)
-
- !IFDEF USE_SSL
-@@ -222,7 +215,7 @@
- <<
-
- "$(INTDIR)\libpq.res" : "$(INTDIR)" libpq-dist.rc
-- $(RSC) $(RSC_PROJ) libpq-dist.rc
-+ $(RSC) $(SOLARINC) $(RSC_PROJ) libpq-dist.rc
-
-
- "$(OUTDIR)\$(OUTFILENAME).dll" : "$(OUTDIR)" "$(INTDIR)\libpq.res"
-
diff --git a/external/postgresql/postgresql-libs-leak.patch b/external/postgresql/postgresql-libs-leak.patch
deleted file mode 100644
index 8224137f1f97..000000000000
--- a/external/postgresql/postgresql-libs-leak.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --recursive -u misc/build/postgresql-9.1.1/configure.in misc/build/postgresql-9.1.1.patched/configure.in
---- misc/build/postgresql-9.1.1/configure.in 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/configure.in 2012-02-03 11:42:45.000000000 +0100
-@@ -903,18 +903,9 @@
- *** Not using spinlocks will cause poor performance.])
- fi
-
--if test "$with_gssapi" = yes ; then
-- if test "$PORTNAME" != "win32"; then
-- AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
-- [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
-- else
-- LIBS="$LIBS -lgssapi32"
-- fi
--fi
--
- if test "$with_krb5" = yes ; then
- if test "$PORTNAME" != "win32"; then
-- AC_SEARCH_LIBS(com_err, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken' com_err 'com_err -lssl -lcrypto'], [],
-+ AC_SEARCH_LIBS(com_err, [com_err 'com_err -lssl -lcrypto' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
- [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])])
- AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
- [AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])])
-@@ -924,6 +915,15 @@
- fi
- fi
-
-+if test "$with_gssapi" = yes ; then
-+ if test "$PORTNAME" != "win32"; then
-+ AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
-+ [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
-+ else
-+ LIBS="$LIBS -lgssapi32"
-+ fi
-+fi
-+
- if test "$with_openssl" = yes ; then
- dnl Order matters!
- if test "$PORTNAME" != "win32"; then
-
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index 8a3d0efbc71b..0a26b353e3bf 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -366,10 +366,11 @@
"dest-filename": "external/tarballs/poppler-0.74.0.tar.xz"
},
{
- "url": "https://dev-www.libreoffice.org/src/postgresql-9.2.24.tar.bz2",
- "sha256": "a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126",
+ "url": "https://dev-www.libreoffice.org/src/postgresql-13.1.tar.bz2",
+ "sha256": "12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f",
"type": "file",
- "dest-filename": "external/tarballs/postgresql-9.2.24.tar.bz2"
+ "dest-filename": "external/tarballs/c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2"
+ "dest-filename": "external/tarballs/postgresql-13.1.tar.bz2"
},
{
"url": "https://dev-www.libreoffice.org/src/a39f6c07ddb20d7dd2ff1f95fa21e2cd-raptor2-2.0.15.tar.gz",
commit 0c0d65634a2a5174a418a91e022d763b3f3fad56
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Jan 6 19:30:07 2021 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Mon Mar 29 09:57:59 2021 +0300
poppler: upgrade to release 21.01.0
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
(cherry picked from commit fb185106492f5aabac6ab57ae90cd81d51480093)
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108956
Tested-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
diff --git a/download.lst b/download.lst
index a272a9c8cc4e..340a8d2d21e7 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM := 234f8e573ea57fb6a008e7c1e56bfae1af5d1adf0e65f47555e1ae103874e4df
-export POPPLER_TARBALL := poppler-0.82.0.tar.xz
+export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
+export POPPLER_TARBALL := poppler-21.01.0.tar.xz
export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126
export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2
export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
diff --git a/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 b/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1
new file mode 100644
index 000000000000..05b2346d131f
--- /dev/null
+++ b/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1
@@ -0,0 +1,999 @@
+[PATCH] Partially revert 814fbda28cc8a37fed3134c2db8da28f86fb5ee0
+
+"Run clang-format" in poppler/Decrypt.cc
+---
+ poppler/Decrypt.cc | 848 +++++++++++++++++++++++----------------------
+ 1 file changed, 437 insertions(+), 411 deletions(-)
+
+diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
+index 62b11702..4b388ab9 100644
+--- a/poppler/Decrypt.cc
++++ b/poppler/Decrypt.cc
+@@ -599,139 +599,167 @@ static unsigned char rc4DecryptByte(unsigned char *state, unsigned char *x, unsi
+ // Returns false if EOF was reached, true otherwise
+ static bool aesReadBlock(Stream *str, unsigned char *in, bool addPadding)
+ {
+- int c, i;
++ int c, i;
+
+- for (i = 0; i < 16; ++i) {
+- if ((c = str->getChar()) != EOF) {
+- in[i] = (unsigned char)c;
+- } else {
+- break;
+- }
++ for (i = 0; i < 16; ++i) {
++ if ((c = str->getChar()) != EOF) {
++ in[i] = (unsigned char)c;
++ } else {
++ break;
+ }
++ }
+
+- if (i == 16) {
+- return true;
+- } else {
+- if (addPadding) {
+- c = 16 - i;
+- while (i < 16) {
+- in[i++] = (unsigned char)c;
+- }
+- }
+- return false;
++ if (i == 16) {
++ return true;
++ } else {
++ if (addPadding) {
++ c = 16 - i;
++ while (i < 16) {
++ in[i++] = (unsigned char)c;
++ }
+ }
++ return false;
++ }
+ }
+
+-static const unsigned char sbox[256] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };
+-
+-static const unsigned char invSbox[256] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };
+-
+-static const unsigned int rcon[11] = { 0x00000000, // unused
+- 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 };
+-
+-static inline unsigned int subWord(unsigned int x)
+-{
+- return (sbox[x >> 24] << 24) | (sbox[(x >> 16) & 0xff] << 16) | (sbox[(x >> 8) & 0xff] << 8) | sbox[x & 0xff];
+-}
++static const unsigned char sbox[256] = {
++ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
++ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
++ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
++ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
++ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
++ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
++ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
++ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
++ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
++ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
++ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
++ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
++ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
++ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
++ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
++ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
++};
+
+-static inline unsigned int rotWord(unsigned int x)
+-{
+- return ((x << 8) & 0xffffffff) | (x >> 24);
+-}
++static const unsigned char invSbox[256] = {
++ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
++ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
++ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
++ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
++ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
++ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
++ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
++ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
++ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
++ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
++ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
++ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
++ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
++ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
++ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
++ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
++};
+
+-static inline void subBytes(unsigned char *state)
+-{
+- int i;
++static const unsigned int rcon[11] = {
++ 0x00000000, // unused
++ 0x01000000,
++ 0x02000000,
++ 0x04000000,
++ 0x08000000,
++ 0x10000000,
++ 0x20000000,
++ 0x40000000,
++ 0x80000000,
++ 0x1b000000,
++ 0x36000000
++};
+
+- for (i = 0; i < 16; ++i) {
+- state[i] = sbox[state[i]];
+- }
++static inline unsigned int subWord(unsigned int x) {
++ return (sbox[x >> 24] << 24)
++ | (sbox[(x >> 16) & 0xff] << 16)
++ | (sbox[(x >> 8) & 0xff] << 8)
++ | sbox[x & 0xff];
+ }
+
+-static inline void invSubBytes(unsigned char *state)
+-{
+- int i;
++static inline unsigned int rotWord(unsigned int x) {
++ return ((x << 8) & 0xffffffff) | (x >> 24);
++}
+
+- for (i = 0; i < 16; ++i) {
+- state[i] = invSbox[state[i]];
+- }
++static inline void subBytes(unsigned char *state) {
++ int i;
++
++ for (i = 0; i < 16; ++i) {
++ state[i] = sbox[state[i]];
++ }
+ }
+
+-static inline void shiftRows(unsigned char *state)
+-{
+- unsigned char t;
++static inline void invSubBytes(unsigned char *state) {
++ int i;
+
+- t = state[4];
+- state[4] = state[5];
+- state[5] = state[6];
+- state[6] = state[7];
+- state[7] = t;
+-
+- t = state[8];
+- state[8] = state[10];
+- state[10] = t;
+- t = state[9];
+- state[9] = state[11];
+- state[11] = t;
+-
+- t = state[15];
+- state[15] = state[14];
+- state[14] = state[13];
+- state[13] = state[12];
+- state[12] = t;
++ for (i = 0; i < 16; ++i) {
++ state[i] = invSbox[state[i]];
++ }
+ }
+
+-static inline void invShiftRows(unsigned char *state)
+-{
+- unsigned char t;
++static inline void shiftRows(unsigned char *state) {
++ unsigned char t;
++
++ t = state[4];
++ state[4] = state[5];
++ state[5] = state[6];
++ state[6] = state[7];
++ state[7] = t;
++
++ t = state[8];
++ state[8] = state[10];
++ state[10] = t;
++ t = state[9];
++ state[9] = state[11];
++ state[11] = t;
++
++ t = state[15];
++ state[15] = state[14];
++ state[14] = state[13];
++ state[13] = state[12];
++ state[12] = t;
++}
+
+- t = state[7];
+- state[7] = state[6];
+- state[6] = state[5];
+- state[5] = state[4];
+- state[4] = t;
+-
+- t = state[8];
+- state[8] = state[10];
+- state[10] = t;
+- t = state[9];
+- state[9] = state[11];
+- state[11] = t;
+-
+- t = state[12];
+- state[12] = state[13];
+- state[13] = state[14];
+- state[14] = state[15];
+- state[15] = t;
++static inline void invShiftRows(unsigned char *state) {
++ unsigned char t;
++
++ t = state[7];
++ state[7] = state[6];
++ state[6] = state[5];
++ state[5] = state[4];
++ state[4] = t;
++
++ t = state[8];
++ state[8] = state[10];
++ state[10] = t;
++ t = state[9];
++ state[9] = state[11];
++ state[11] = t;
++
++ t = state[12];
++ state[12] = state[13];
++ state[13] = state[14];
++ state[14] = state[15];
++ state[15] = t;
+ }
+
+ // {02} \cdot s
+ struct Mul02Table
+ {
+- constexpr Mul02Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- values[s] = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- }
++ constexpr Mul02Table() : values()
++ {
++ for(int s = 0; s < 256; s++) {
++ values[s] = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul02Table mul02;
+@@ -739,17 +767,17 @@ static constexpr Mul02Table mul02;
+ // {03} \cdot s
+ struct Mul03Table
+ {
+- constexpr Mul03Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- values[s] = s ^ s2;
+- }
++ constexpr Mul03Table() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ values[s] = s ^ s2;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul03Table mul03;
+@@ -757,19 +785,19 @@ static constexpr Mul03Table mul03;
+ // {09} \cdot s
+ struct Mul09Table
+ {
+- constexpr Mul09Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s8;
+- }
++ constexpr Mul09Table() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul09Table mul09;
+@@ -777,19 +805,19 @@ static constexpr Mul09Table mul09;
+ // {0b} \cdot s
+ struct Mul0bTable
+ {
+- constexpr Mul0bTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s2 ^ s8;
+- }
++ constexpr Mul0bTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s2 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0bTable mul0b;
+@@ -797,19 +825,19 @@ static constexpr Mul0bTable mul0b;
+ // {0d} \cdot s
+ struct Mul0dTable
+ {
+- constexpr Mul0dTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s4 ^ s8;
+- }
++ constexpr Mul0dTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s4 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0dTable mul0d;
+@@ -817,329 +845,327 @@ static constexpr Mul0dTable mul0d;
+ // {0e} \cdot s
+ struct Mul0eTable
+ {
+- constexpr Mul0eTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s2 ^ s4 ^ s8;
+- }
++ constexpr Mul0eTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s2 ^ s4 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0eTable mul0e;
+
+-static inline void mixColumns(unsigned char *state)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = state[c];
+- s1 = state[4 + c];
+- s2 = state[8 + c];
+- s3 = state[12 + c];
+- state[c] = mul02(s0) ^ mul03(s1) ^ s2 ^ s3;
+- state[4 + c] = s0 ^ mul02(s1) ^ mul03(s2) ^ s3;
+- state[8 + c] = s0 ^ s1 ^ mul02(s2) ^ mul03(s3);
+- state[12 + c] = mul03(s0) ^ s1 ^ s2 ^ mul02(s3);
+- }
++static inline void mixColumns(unsigned char *state) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = state[c];
++ s1 = state[4+c];
++ s2 = state[8+c];
++ s3 = state[12+c];
++ state[c] = mul02(s0) ^ mul03(s1) ^ s2 ^ s3;
++ state[4+c] = s0 ^ mul02(s1) ^ mul03(s2) ^ s3;
++ state[8+c] = s0 ^ s1 ^ mul02(s2) ^ mul03(s3);
++ state[12+c] = mul03(s0) ^ s1 ^ s2 ^ mul02(s3);
++ }
+ }
+
+-static inline void invMixColumns(unsigned char *state)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = state[c];
+- s1 = state[4 + c];
+- s2 = state[8 + c];
+- s3 = state[12 + c];
+- state[c] = mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3);
+- state[4 + c] = mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3);
+- state[8 + c] = mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3);
+- state[12 + c] = mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3);
+- }
++static inline void invMixColumns(unsigned char *state) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = state[c];
++ s1 = state[4+c];
++ s2 = state[8+c];
++ s3 = state[12+c];
++ state[c] = mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3);
++ state[4+c] = mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3);
++ state[8+c] = mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3);
++ state[12+c] = mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3);
++ }
+ }
+
+-static inline void invMixColumnsW(unsigned int *w)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = w[c] >> 24;
+- s1 = w[c] >> 16;
+- s2 = w[c] >> 8;
+- s3 = w[c];
+- w[c] = ((mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3)) << 24) | ((mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3)) << 16) | ((mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3)) << 8) | (mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3));
+- }
++static inline void invMixColumnsW(unsigned int *w) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = w[c] >> 24;
++ s1 = w[c] >> 16;
++ s2 = w[c] >> 8;
++ s3 = w[c];
++ w[c] = ((mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3)) << 24)
++ | ((mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3)) << 16)
++ | ((mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3)) << 8)
++ | (mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3));
++ }
+ }
+
+-static inline void addRoundKey(unsigned char *state, const unsigned int *w)
+-{
+- int c;
++static inline void addRoundKey(unsigned char *state, const unsigned int *w) {
++ int c;
+
+- for (c = 0; c < 4; ++c) {
+- state[c] ^= w[c] >> 24;
+- state[4 + c] ^= w[c] >> 16;
+- state[8 + c] ^= w[c] >> 8;
+- state[12 + c] ^= w[c];
+- }
++ for (c = 0; c < 4; ++c) {
++ state[c] ^= w[c] >> 24;
++ state[4+c] ^= w[c] >> 16;
++ state[8+c] ^= w[c] >> 8;
++ state[12+c] ^= w[c];
++ }
+ }
+
+-static void aesKeyExpansion(DecryptAESState *s, const unsigned char *objKey, int /*objKeyLen*/, bool decrypt)
+-{
+- unsigned int temp;
+- int i, round;
++static void aesKeyExpansion(DecryptAESState *s,
++ const unsigned char *objKey, int /*objKeyLen*/, bool decrypt) {
++ unsigned int temp;
++ int i, round;
+
+- //~ this assumes objKeyLen == 16
++ //~ this assumes objKeyLen == 16
+
+- for (i = 0; i < 4; ++i) {
+- s->w[i] = (objKey[4 * i] << 24) + (objKey[4 * i + 1] << 16) + (objKey[4 * i + 2] << 8) + objKey[4 * i + 3];
+- }
+- for (i = 4; i < 44; ++i) {
+- temp = s->w[i - 1];
+- if (!(i & 3)) {
+- temp = subWord(rotWord(temp)) ^ rcon[i / 4];
+- }
+- s->w[i] = s->w[i - 4] ^ temp;
++ for (i = 0; i < 4; ++i) {
++ s->w[i] = (objKey[4*i] << 24) + (objKey[4*i+1] << 16) +
++ (objKey[4*i+2] << 8) + objKey[4*i+3];
++ }
++ for (i = 4; i < 44; ++i) {
++ temp = s->w[i-1];
++ if (!(i & 3)) {
++ temp = subWord(rotWord(temp)) ^ rcon[i/4];
+ }
++ s->w[i] = s->w[i-4] ^ temp;
++ }
+
+- /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
+- if (decrypt) {
+- for (round = 1; round <= 9; ++round) {
+- invMixColumnsW(&s->w[round * 4]);
+- }
++ /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
++ if (decrypt) {
++ for (round = 1; round <= 9; ++round) {
++ invMixColumnsW(&s->w[round * 4]);
+ }
++ }
+ }
+
+-static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in)
+-{
+- int c, round;
+-
+- // initial state (input is xor'd with previous output because of CBC)
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c] ^ s->buf[4 * c];
+- s->state[4 + c] = in[4 * c + 1] ^ s->buf[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2] ^ s->buf[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3] ^ s->buf[4 * c + 3];
+- }
++static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in) {
++ int c, round;
+
+- // round 0
+- addRoundKey(s->state, &s->w[0]);
++ // initial state (input is xor'd with previous output because of CBC)
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c] ^ s->buf[4*c];
++ s->state[4+c] = in[4*c+1] ^ s->buf[4*c+1];
++ s->state[8+c] = in[4*c+2] ^ s->buf[4*c+2];
++ s->state[12+c] = in[4*c+3] ^ s->buf[4*c+3];
++ }
+
+- // rounds 1-9
+- for (round = 1; round <= 9; ++round) {
+- subBytes(s->state);
+- shiftRows(s->state);
+- mixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[0]);
+
+- // round 10
++ // rounds 1-9
++ for (round = 1; round <= 9; ++round) {
+ subBytes(s->state);
+ shiftRows(s->state);
+- addRoundKey(s->state, &s->w[10 * 4]);
+-
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c];
+- s->buf[4 * c + 1] = s->state[4 + c];
+- s->buf[4 * c + 2] = s->state[8 + c];
+- s->buf[4 * c + 3] = s->state[12 + c];
+- }
+-
+- s->bufIdx = 0;
++ mixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 10
++ subBytes(s->state);
++ shiftRows(s->state);
++ addRoundKey(s->state, &s->w[10 * 4]);
++
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c];
++ s->buf[4*c+1] = s->state[4+c];
++ s->buf[4*c+2] = s->state[8+c];
++ s->buf[4*c+3] = s->state[12+c];
++ }
++
++ s->bufIdx = 0;
+ }
+
+-static void aesDecryptBlock(DecryptAESState *s, const unsigned char *in, bool last)
+-{
+- int c, round, n, i;
+-
+- // initial state
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c];
+- s->state[4 + c] = in[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3];
+- }
++static void aesDecryptBlock(DecryptAESState *s, const unsigned char *in, bool last) {
++ int c, round, n, i;
+
+- // round 0
+- addRoundKey(s->state, &s->w[10 * 4]);
++ // initial state
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c];
++ s->state[4+c] = in[4*c+1];
++ s->state[8+c] = in[4*c+2];
++ s->state[12+c] = in[4*c+3];
++ }
+
+- // rounds 1-9
+- for (round = 9; round >= 1; --round) {
+- invSubBytes(s->state);
+- invShiftRows(s->state);
+- invMixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[10 * 4]);
+
+- // round 10
++ // rounds 1-9
++ for (round = 9; round >= 1; --round) {
+ invSubBytes(s->state);
+ invShiftRows(s->state);
+- addRoundKey(s->state, &s->w[0]);
+-
+- // CBC
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c] ^ s->cbc[4 * c];
+- s->buf[4 * c + 1] = s->state[4 + c] ^ s->cbc[4 * c + 1];
+- s->buf[4 * c + 2] = s->state[8 + c] ^ s->cbc[4 * c + 2];
+- s->buf[4 * c + 3] = s->state[12 + c] ^ s->cbc[4 * c + 3];
+- }
+-
+- // save the input block for the next CBC
+- for (i = 0; i < 16; ++i) {
+- s->cbc[i] = in[i];
+- }
+-
+- // remove padding
+- s->bufIdx = 0;
+- if (last) {
+- n = s->buf[15];
+- if (n < 1 || n > 16) { // this should never happen
+- n = 16;
+- }
+- for (i = 15; i >= n; --i) {
+- s->buf[i] = s->buf[i - n];
+- }
+- s->bufIdx = n;
+- }
++ invMixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 10
++ invSubBytes(s->state);
++ invShiftRows(s->state);
++ addRoundKey(s->state, &s->w[0]);
++
++ // CBC
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c] ^ s->cbc[4*c];
++ s->buf[4*c+1] = s->state[4+c] ^ s->cbc[4*c+1];
++ s->buf[4*c+2] = s->state[8+c] ^ s->cbc[4*c+2];
++ s->buf[4*c+3] = s->state[12+c] ^ s->cbc[4*c+3];
++ }
++
++ // save the input block for the next CBC
++ for (i = 0; i < 16; ++i) {
++ s->cbc[i] = in[i];
++ }
++
++ // remove padding
++ s->bufIdx = 0;
++ if (last) {
++ n = s->buf[15];
++ if (n < 1 || n > 16) { // this should never happen
++ n = 16;
++ }
++ for (i = 15; i >= n; --i) {
++ s->buf[i] = s->buf[i-n];
++ }
++ s->bufIdx = n;
++ }
+ }
+
+ //------------------------------------------------------------------------
+ // AES-256 decryption
+ //------------------------------------------------------------------------
+
+-static void aes256KeyExpansion(DecryptAES256State *s, const unsigned char *objKey, int objKeyLen, bool decrypt)
+-{
+- unsigned int temp;
+- int i, round;
+-
+- //~ this assumes objKeyLen == 32
+-
+- for (i = 0; i < 8; ++i) {
+- s->w[i] = (objKey[4 * i] << 24) + (objKey[4 * i + 1] << 16) + (objKey[4 * i + 2] << 8) + objKey[4 * i + 3];
+- }
+- for (i = 8; i < 60; ++i) {
+- temp = s->w[i - 1];
+- if ((i & 7) == 0) {
+- temp = subWord(rotWord(temp)) ^ rcon[i / 8];
+- } else if ((i & 7) == 4) {
+- temp = subWord(temp);
+- }
+- s->w[i] = s->w[i - 8] ^ temp;
+- }
+-
+- /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
+- if (decrypt) {
+- for (round = 1; round <= 13; ++round) {
+- invMixColumnsW(&s->w[round * 4]);
+- }
++static void aes256KeyExpansion(DecryptAES256State *s,
++ const unsigned char *objKey, int objKeyLen, bool decrypt) {
++ unsigned int temp;
++ int i, round;
++
++ //~ this assumes objKeyLen == 32
++
++ for (i = 0; i < 8; ++i) {
++ s->w[i] = (objKey[4*i] << 24) + (objKey[4*i+1] << 16) +
++ (objKey[4*i+2] << 8) + objKey[4*i+3];
++ }
++ for (i = 8; i < 60; ++i) {
++ temp = s->w[i-1];
++ if ((i & 7) == 0) {
++ temp = subWord(rotWord(temp)) ^ rcon[i/8];
++ } else if ((i & 7) == 4) {
++ temp = subWord(temp);
++ }
++ s->w[i] = s->w[i-8] ^ temp;
++ }
++
++ /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
++ if (decrypt) {
++ for (round = 1; round <= 13; ++round) {
++ invMixColumnsW(&s->w[round * 4]);
+ }
++ }
+ }
+
+-static void aes256EncryptBlock(DecryptAES256State *s, const unsigned char *in)
+-{
+- int c, round;
+-
+- // initial state (input is xor'd with previous output because of CBC)
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c] ^ s->buf[4 * c];
+- s->state[4 + c] = in[4 * c + 1] ^ s->buf[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2] ^ s->buf[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3] ^ s->buf[4 * c + 3];
+- }
++static void aes256EncryptBlock(DecryptAES256State *s, const unsigned char *in) {
++ int c, round;
+
+- // round 0
+- addRoundKey(s->state, &s->w[0]);
++ // initial state (input is xor'd with previous output because of CBC)
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c] ^ s->buf[4*c];
++ s->state[4+c] = in[4*c+1] ^ s->buf[4*c+1];
++ s->state[8+c] = in[4*c+2] ^ s->buf[4*c+2];
++ s->state[12+c] = in[4*c+3] ^ s->buf[4*c+3];
++ }
+
+- // rounds 1-13
+- for (round = 1; round <= 13; ++round) {
+- subBytes(s->state);
+- shiftRows(s->state);
+- mixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[0]);
+
+- // round 14
++ // rounds 1-13
++ for (round = 1; round <= 13; ++round) {
+ subBytes(s->state);
+ shiftRows(s->state);
+- addRoundKey(s->state, &s->w[14 * 4]);
+-
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c];
+- s->buf[4 * c + 1] = s->state[4 + c];
+- s->buf[4 * c + 2] = s->state[8 + c];
+- s->buf[4 * c + 3] = s->state[12 + c];
+- }
+-
+- s->bufIdx = 0;
++ mixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 14
++ subBytes(s->state);
++ shiftRows(s->state);
++ addRoundKey(s->state, &s->w[14 * 4]);
++
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c];
++ s->buf[4*c+1] = s->state[4+c];
++ s->buf[4*c+2] = s->state[8+c];
++ s->buf[4*c+3] = s->state[12+c];
++ }
++
++ s->bufIdx = 0;
+ }
+
+-static void aes256DecryptBlock(DecryptAES256State *s, const unsigned char *in, bool last)
+-{
+- int c, round, n, i;
+-
+- // initial state
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c];
+- s->state[4 + c] = in[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3];
+- }
++static void aes256DecryptBlock(DecryptAES256State *s, const unsigned char *in, bool last) {
++ int c, round, n, i;
+
+- // round 0
+- addRoundKey(s->state, &s->w[14 * 4]);
++ // initial state
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c];
++ s->state[4+c] = in[4*c+1];
++ s->state[8+c] = in[4*c+2];
++ s->state[12+c] = in[4*c+3];
++ }
+
+- // rounds 13-1
+- for (round = 13; round >= 1; --round) {
+- invSubBytes(s->state);
+- invShiftRows(s->state);
+- invMixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[14 * 4]);
+
+- // round 14
++ // rounds 13-1
++ for (round = 13; round >= 1; --round) {
+ invSubBytes(s->state);
+ invShiftRows(s->state);
+- addRoundKey(s->state, &s->w[0]);
+-
+- // CBC
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c] ^ s->cbc[4 * c];
+- s->buf[4 * c + 1] = s->state[4 + c] ^ s->cbc[4 * c + 1];
+- s->buf[4 * c + 2] = s->state[8 + c] ^ s->cbc[4 * c + 2];
+- s->buf[4 * c + 3] = s->state[12 + c] ^ s->cbc[4 * c + 3];
+- }
+-
+- // save the input block for the next CBC
+- for (i = 0; i < 16; ++i) {
+- s->cbc[i] = in[i];
+- }
+-
+- // remove padding
+- s->bufIdx = 0;
+- if (last) {
+- n = s->buf[15];
+- if (n < 1 || n > 16) { // this should never happen
+- n = 16;
+- }
+- for (i = 15; i >= n; --i) {
+- s->buf[i] = s->buf[i - n];
+- }
+- s->bufIdx = n;
+- if (n > 16) {
+- error(errSyntaxError, -1, "Reducing bufIdx from {0:d} to 16 to not crash", n);
+- s->bufIdx = 16;
+- }
++ invMixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 14
++ invSubBytes(s->state);
++ invShiftRows(s->state);
++ addRoundKey(s->state, &s->w[0]);
++
++ // CBC
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c] ^ s->cbc[4*c];
++ s->buf[4*c+1] = s->state[4+c] ^ s->cbc[4*c+1];
++ s->buf[4*c+2] = s->state[8+c] ^ s->cbc[4*c+2];
++ s->buf[4*c+3] = s->state[12+c] ^ s->cbc[4*c+3];
++ }
++
++ // save the input block for the next CBC
++ for (i = 0; i < 16; ++i) {
++ s->cbc[i] = in[i];
++ }
++
++ // remove padding
++ s->bufIdx = 0;
++ if (last) {
++ n = s->buf[15];
++ if (n < 1 || n > 16) { // this should never happen
++ n = 16;
++ }
++ for (i = 15; i >= n; --i) {
++ s->buf[i] = s->buf[i-n];
++ }
++ s->bufIdx = n;
++ if (n > 16)
++ {
++ error(errSyntaxError, -1, "Reducing bufIdx from {0:d} to 16 to not crash", n);
++ s->bufIdx = 16;
+ }
++ }
+ }
+
+ //------------------------------------------------------------------------
+--
+2.29.2
+
diff --git a/external/poppler/StaticLibrary_poppler.mk b/external/poppler/StaticLibrary_poppler.mk
index ae03836f2ba6..994b175fee6e 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -51,6 +51,23 @@ endif
$(eval $(call gb_StaticLibrary_set_generated_cxx_suffix,poppler,cc))
+$(eval $(call gb_StaticLibrary_add_generated_cobjects,poppler,\
+ UnpackedTarball/poppler/poppler/CourierWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/SymbolWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesRomanWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/ZapfDingbatsWidths.pregenerated \
+))
+
$(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/goo/gfile \
UnpackedTarball/poppler/goo/GooTimer \
@@ -72,8 +89,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
UnpackedTarball/poppler/poppler/Array \
- UnpackedTarball/poppler/poppler/BuiltinFont \
- UnpackedTarball/poppler/poppler/BuiltinFontTables \
+ UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
UnpackedTarball/poppler/poppler/Catalog \
UnpackedTarball/poppler/poppler/CertificateInfo \
@@ -95,6 +111,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Hints \
UnpackedTarball/poppler/poppler/JArithmeticDecoder \
UnpackedTarball/poppler/poppler/JBIG2Stream \
+ UnpackedTarball/poppler/poppler/JSInfo \
UnpackedTarball/poppler/poppler/Lexer \
UnpackedTarball/poppler/poppler/Link \
UnpackedTarball/poppler/poppler/Linearization \
@@ -109,6 +126,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/PageTransition \
UnpackedTarball/poppler/poppler/Parser \
UnpackedTarball/poppler/poppler/PDFDoc \
+ UnpackedTarball/poppler/poppler/PDFDocBuilder \
UnpackedTarball/poppler/poppler/PDFDocEncoding \
UnpackedTarball/poppler/poppler/PDFDocFactory \
UnpackedTarball/poppler/poppler/ProfileData \
diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk
index 76fd33236e5d..0f29d38e097c 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,poppler,$(POPPLER_TARBALL),,poppler
$(eval $(call gb_UnpackedTarball_add_patches,poppler,\
external/poppler/poppler-config.patch.1 \
external/poppler/poppler-c++11.patch.1 \
+ external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 \
external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1 \
))
diff --git a/external/poppler/poppler-c++11.patch.1 b/external/poppler/poppler-c++11.patch.1
index 5a4d1a24e2e2..9e607b381de0 100644
--- a/external/poppler/poppler-c++11.patch.1
+++ b/external/poppler/poppler-c++11.patch.1
@@ -12,18 +12,18 @@ remove usage of newfangled C++ that baseline toolchains don't support
namespace {
@@ -366,7 +366,7 @@
- }
+ }
#else
- // First try to atomically open the file with CLOEXEC
-- const std::string modeStr = mode + "e"s;
-+ const std::string modeStr = mode + std::string("e");
- FILE *file = fopen(path, modeStr.c_str());
- if (file != nullptr)
- return file;
+ // First try to atomically open the file with CLOEXEC
+- const std::string modeStr = mode + "e"s;
++ const std::string modeStr = mode + std::string("e");
+ FILE *file = fopen(path, modeStr.c_str());
+ if (file != nullptr)
+ return file;
--- poppler/goo/gmem.h.orig 2019-01-16 11:25:28.161920038 +0100
+++ poppler/goo/gmem.h 2019-01-16 11:25:53.756882295 +0100
@@ -177,4 +177,6 @@
- return std::strncpy(r, s, n);
+ return std::strncpy(r, s, n);
}
+#include <o3tl/make_unique.hxx>
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index cb74cd66fb5e..b902402ea4e7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -1,5 +1,7 @@
*three* poppler config headers
+note: to get the 3rd one, use -DENABLE_CPP=on
+
mkdir build && cd build && cmake .. -DENABLE_DCTDECODER=libjpeg -DHAVE_CAIRO=off -DENABLE_LIBOPENJPEG=none -DENABLE_CMS=none -DENABLE_LIBCURL=off -DENABLE_ZLIB=off -DENABLE_ZLIB_UNCOMPRESS=off -DENABLE_NSS3=off -DENABLE_LIBPNG=off -DENABLE_LIBTIFF=off -DENABLE_SPLASH=off -DENABLE_UTILS=off -DENABLE_CPP=off -DENABLE_GLIB=off -DENABLE_GOBJECT_INTROSPECTION=off -DENABLE_GTK_DOC=off -DENABLE_QT5=off
manually disabled these because cmake failed to do it:
@@ -14,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,221 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -120,21 +122,6 @@ index 0fbd336a..451213f8 100644
+#endif
+
+#if !defined(_WIN32)
-+/* Define to 1 if you have the `rand_r' function. */
-+#define HAVE_RAND_R 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcpy_s' function. */
-+#define HAVE_STRCPY_S 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcat_s' function. */
-+#define HAVE_STRCAT_S 1
-+#endif
-+
-+#if !defined(_WIN32)
+/* Defines if strtok_r is available on your system */
+#define HAVE_STRTOK_R 1
+#endif
@@ -147,9 +134,6 @@ index 0fbd336a..451213f8 100644
+#define HAVE_POPEN 1
+#endif
+
-+/* Use splash for rendering. */
-+/* #undef HAVE_SPLASH */
-+
+#if !defined(__APPLE__) && !defined(_WIN32)
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
@@ -179,9 +163,6 @@ index 0fbd336a..451213f8 100644
+/* Define as const if the declaration of iconv() needs const. */
+#define ICONV_CONST
+
-+/* Enable multithreading support. */
-+#define MULTITHREADED 1
-+
+/* Generate OPI comments in PS output. */
+#define OPI_SUPPORT 1
+
@@ -195,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.82.0"
++#define PACKAGE_STRING "poppler 21.01.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -204,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.82.0"
++#define PACKAGE_VERSION "21.01.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -212,23 +193,17 @@ index 0fbd336a..451213f8 100644
+/* Support for curl based doc builder is compiled in. */
+/* #undef POPPLER_HAS_CURL_SUPPORT */
+
-+/* Include support for CMYK rasterization */
-+/* #undef SPLASH_CMYK */
-+
+/* Enable word list support. */
+#define TEXTOUT_WORD_LIST 1
+
+/* Defines if use cms */
+/* #undef USE_CMS */
+
-+/* Use fixed point arithmetic in the Splash backend */
-+/* #undef USE_FIXEDPOINT */
-+
+/* Use single precision arithmetic in the Splash backend */
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "0.82.0"
++#define VERSION "21.01.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -268,7 +243,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,166 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -288,6 +263,9 @@ index 0fbd336a..451213f8 100644
+// Copyright (C) 2014 Hib Eris <hib at hiberis.nl>
+// Copyright (C) 2016 Tor Lillqvist <tml at collabora.com>
+// Copyright (C) 2017 Adrian Johnson <ajohnson at redneon.com>
++// Copyright (C) 2018 Adam Reichold <adam.reichold at t-online.de>
++// Copyright (C) 2018 Stefan Brüns <stefan.bruens at rwth-aachen.de>
++// Copyright (C) 2020 Albert Astals Cid <aacid at kde.org>
+//
+// To see a description of the changes please see the Changelog file that
+// came with your tarball or type make ChangeLog if you are building from git
@@ -304,17 +282,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.82.0"
-+#endif
-+
-+/* Enable multithreading support. */
-+#ifndef MULTITHREADED
-+#define MULTITHREADED 1
-+#endif
-+
-+/* Use fixedpoint. */
-+#ifndef USE_FIXEDPOINT
-+/* #undef USE_FIXEDPOINT */
++#define POPPLER_VERSION "21.01.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -401,17 +369,17 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_BOOST_HEADERS */
+#endif
+
-+// Also, there are preprocessor symbols in the header files
-+// that are used but never defined when building poppler using configure
-+// or cmake: DISABLE_OUTLINE, DEBUG_MEM,
-+// ENABLE_PLUGINS, DEBUG_FORMS
++/* Is splash backend available */
++#ifndef HAVE_SPLASH
++/* #undef HAVE_SPLASH */
++#endif
+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2018 The Poppler Developers - http://poppler.freedesktop.org"
++#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org"
+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
@@ -429,7 +397,7 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
-+#include <stdio.h> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
++#include <cstdio> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
+#ifdef __MINGW_PRINTF_FORMAT
+#define GCC_PRINTF_FORMAT(fmt_index, va_index) \
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
@@ -471,9 +439,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "0.82.0"
-+#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 82
++#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION_MAJOR 21
++#define POPPLER_VERSION_MINOR 1
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
commit 94a54e7b9f09251dadc0ecb79be2392a78033b90
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Jan 6 17:39:19 2021 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Mon Mar 29 09:57:58 2021 +0300
openssl: add patch to fix CVE-2020-1971
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
(cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4)
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108953
Tested-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index 719b8b0e5842..ad600cce1412 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/opensslosxppc.patch \
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
+ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
new file mode 100644
index 000000000000..313f9cd870d7
--- /dev/null
+++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
@@ -0,0 +1,578 @@
+diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c
+--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h
+--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100
+@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_F_ASN1_ITEM_DUP 191
+ # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+ # define ASN1_F_ASN1_ITEM_EX_D2I 120
++# define ASN1_F_ASN1_ITEM_EX_I2D 231
+ # define ASN1_F_ASN1_ITEM_I2D_BIO 192
+ # define ASN1_F_ASN1_ITEM_I2D_FP 193
+ # define ASN1_F_ASN1_ITEM_PACK 198
+@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_AUX_ERROR 100
+ # define ASN1_R_BAD_CLASS 101
+ # define ASN1_R_BAD_OBJECT_HEADER 102
++# define ASN1_R_BAD_TEMPLATE 230
+ # define ASN1_R_BAD_PASSWORD_READ 103
+ # define ASN1_R_BAD_TAG 104
+ # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c
+--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100
+@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
++
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+ if (*pval) {
+diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c
+--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100
+@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c
+--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100
+@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
+ IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ ASN1_SEQUENCE(EDIPARTYNAME) = {
+- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
++ /* DirectoryString is a CHOICE type so use explicit tagging */
++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ } ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+ IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
+ (char *)a);
+ }
+
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++ int res;
++
++ if (a == NULL || b == NULL) {
++ /*
++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++ */
++ return -1;
++ }
++ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++ return -1;
++ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++ return 1;
++ /* If we get here then both have nameAssigner set, or both unset */
++ if (a->nameAssigner != NULL) {
++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++ if (res != 0)
++ return res;
++ }
++ /*
++ * partyName is required, so these should never be NULL. We treat it in
++ * the same way as the a == NULL || b == NULL case above
++ */
++ if (a->partyName == NULL || b->partyName == NULL)
++ return -1;
++
++ return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ break;
++
+ case GEN_EDIPARTY:
+- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ break;
+
+ case GEN_OTHERNAME:
+@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
+ {
+ switch (type) {
+ case GEN_X400:
++ a->d.x400Address = value;
++ break;
++
+ case GEN_EDIPARTY:
+- a->d.other = value;
++ a->d.ediPartyName = value;
+ break;
+
+ case GEN_OTHERNAME:
+@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
+ *ptype = a->type;
+ switch (a->type) {
+ case GEN_X400:
++ return a->d.x400Address;
++
+ case GEN_EDIPARTY:
+- return a->d.other;
++ return a->d.ediPartyName;
+
+ case GEN_OTHERNAME:
+ return a->d.otherName;
+diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c
+--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100
+@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch
+ }
+ }
+
++struct gennamedata {
++ const unsigned char der[22];
++ size_t derlen;
++} gennames[] = {
++ {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * SEQUENCE {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * [APPLICATION 0] {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { TRUE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { FALSE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
++ },
++ 22
++ }, {
++ /* [1 PRIMITIVE] { "a" } */
++ {
++ 0x81, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [1 PRIMITIVE] { "b" } */
++ {
++ 0x81, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "a" } */
++ {
++ 0x82, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "b" } */
++ {
++ 0x82, 0x01, 0x62
++ },
++ 3
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "a" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x61
++ },
++ 16
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "b" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x62
++ },
++ 16
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String {}
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 11
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /* [6 PRIMITIVE] { "a" } */
++ {
++ 0x86, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [6 PRIMITIVE] { "b" } */
++ {
++ 0x86, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [7 PRIMITIVE] { `11111111` } */
++ {
++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `22222222`} */
++ {
++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
++ {
++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
++ },
++ 18
++ }, {
++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
++ {
++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
++ },
++ 18
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x01
++ },
++ 15
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x02
++ },
++ 15
++ }
++};
++
++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
++
++static int test_GENERAL_NAME_cmp(void)
++{
++ size_t i, j;
++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
++ * OSSL_NELEM(gennames));
++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
++ * OSSL_NELEM(gennames));
++ int testresult = 0;
++
++ if (namesa == NULL || namesb == NULL)
++ goto end;
++
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ const unsigned char *derp = gennames[i].der;
++
++ /*
++ * We create two versions of each GENERAL_NAME so that we ensure when
++ * we compare them they are always different pointers.
++ */
++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ derp = gennames[i].der;
++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ if (namesa[i] == NULL || namesb[i] == NULL)
++ goto end;
++ }
++
++ /* Every name should be equal to itself and not equal to any others. */
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ for (j = 0; j < OSSL_NELEM(gennames); j++) {
++ if (i == j) {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0)
++ goto end;
++ } else {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0)
++ goto end;
++ }
++ }
++ }
++ testresult = 1;
++
++ end:
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ if (namesa != NULL)
++ GENERAL_NAME_free(namesa[i]);
++ if (namesb != NULL)
++ GENERAL_NAME_free(namesb[i]);
++ }
++ OPENSSL_free(namesa);
++ OPENSSL_free(namesb);
++
++ if (!testresult)
++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n");
++
++ return testresult;
++}
++
++
++
+ int main(void)
+ {
+ const struct set_name_fn *pfn = name_fns;
+@@ -342,5 +692,8 @@ int main(void)
+ }
+ ++pfn;
+ }
++
++ errors += !test_GENERAL_NAME_cmp();
++
+ return errors > 0 ? 1 : 0;
+ }
commit e903901f585a7f14dca81636fb8fff8831b001d1
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Nov 23 14:33:06 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Mon Mar 29 09:57:58 2021 +0300
CVE-2020-25713 raptor2: malformed input file can lead to a segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
use a better fix than the initial suggestion
See:
https: //bugs.mageia.org/show_bug.cgi?id=27605
https: //www.openwall.com/lists/oss-security/2020/11/13/1
Change-Id: Ida4783a61412ffce868eacf81310da338d3e2df1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106249
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
Tested-by: Jenkins
diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk
index 517b11a3d14f..fbdc8b6f5510 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
external/redland/raptor/xml2-config.patch \
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 \
+ external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \
external/redland/raptor/libtool.patch \
))
diff --git a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
new file mode 100644
index 000000000000..1fb279df3e4d
--- /dev/null
+++ b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm at redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ /* check it wasn't an earlier declaration too */
+ for(j = 0; j < nspace_declarations_count; j++)
+- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list