[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.4' - 2 commits - download.lst external/libxml2 sfx2/source

Michael Stahl (via logerrit) logerrit at kemper.freedesktop.org
Wed May 26 12:20:12 UTC 2021 

 download.lst                                  |    4 +--
 external/libxml2/UnpackedTarball_libxml2.mk   |    1 
 external/libxml2/libxml2-config.patch.1       |    4 +--
 external/libxml2/libxml2-global-symbols.patch |    4 +--
 external/libxml2/ubsan.patch.0                |   11 --------
 sfx2/source/doc/objstor.cxx                   |   33 ++++++++++++++++++++++++++
 6 files changed, 39 insertions(+), 18 deletions(-)

New commits:
commit e107cd5ec4bb54a761db997c5ab6c47ff2014287
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Fri May 21 13:33:26 2021 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 26 14:19:33 2021 +0200

    libxml2: upgrade to release 2.9.12
    
    Fixes:
    CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
    
    * external/libxml2/ubsan.patch.0: remove, fixed upstream
    
    Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
    (cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115927
    Tested-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/download.lst b/download.lst
index 5837f378154e..063242641f8e 100644
--- a/download.lst
+++ b/download.lst
@@ -180,8 +180,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
 export LIBTOMMATH_TARBALL := ltm-1.0.zip
 export XMLSEC_SHA256SUM := 13eec4811ea30e3f0e16a734d1dbf7f9d246a71d540b48d143a07b489f6222d4
 export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
-export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
-export LIBXML_VERSION_MICRO := 10
+export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
+export LIBXML_VERSION_MICRO := 12
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
 export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
 export LIBXSLT_VERSION_MICRO := 34
diff --git a/external/libxml2/UnpackedTarball_libxml2.mk b/external/libxml2/UnpackedTarball_libxml2.mk
index 37b5bad97549..83df02849cb3 100644
--- a/external/libxml2/UnpackedTarball_libxml2.mk
+++ b/external/libxml2/UnpackedTarball_libxml2.mk
@@ -21,7 +21,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxml2,\
 	$(if $(gb_Module_CURRENTMODULE_SYMBOLS_ENABLED), \
 		external/libxml2/libxml2-icu-sym.patch.0, \
 		external/libxml2/libxml2-icu.patch.0) \
-	external/libxml2/ubsan.patch.0 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1
index 8c28fb6a7806..5a2ef1485e92 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR.
 +exec_prefix=${WORKDIR}/UnpackedTarball/libxml2
 +includedir=${WORKDIR}/UnpackedTarball/libxml2/include
 +libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs
+ cflags=
+ libs=
  
- usage()
- {
 @@ -67,7 +72,8 @@
  	;;
  
diff --git a/external/libxml2/libxml2-global-symbols.patch b/external/libxml2/libxml2-global-symbols.patch
index 49ee73731562..cfec9c530281 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -14,8 +14,8 @@
  
  LIBXML2_2.6.32 {
 @@ -2231,3 +2231,43 @@
-   xmlHashDefaultDeallocator;
- } LIBXML2_2.9.1;
+   xmlPopOutputCallbacks;
+ } LIBXML2_2.9.8;
  
 +# HACK: export global variable accessor functions (globals.h)
 +LIBXML2_GLOBAL_VARIABLES {
diff --git a/external/libxml2/ubsan.patch.0 b/external/libxml2/ubsan.patch.0
deleted file mode 100644
index b52259719673..000000000000
--- a/external/libxml2/ubsan.patch.0
+++ /dev/null
@@ -1,11 +0,0 @@
---- xpath.c
-+++ xpath.c
-@@ -14529,7 +14529,7 @@
- 	}
- 
- 	stream = xmlPatterncompile(str, dict, XML_PATTERN_XPATH,
--			&namespaces[0]);
-+			namespaces); // i.e., &namespaces[0] if namespaces != NULL
- 	if (namespaces != NULL) {
- 	    xmlFree((xmlChar **)namespaces);
- 	}
commit 79340597d848b0809c3bc836be3dd815d09f7502
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Fri Jul 10 14:30:34 2020 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Wed May 26 14:19:25 2021 +0200

    tdf#134582 sfx2: when storing, set Version on embedded object storage
    
    This previously wasn't needed because there was only one version for
    which it was checked (1.2) but since commit
    a541cd91951eca15e40764244b34c72b347f9f26 there's a second version so
    when loading an existing embedded object in one version and storing it
    in another, the Version must be updated so the attribute in
    META-INF/manifest.xml matches the one in content.xml.
    
    Change-Id: Ic2fc303c6f6bc254050d531d578029377976ecb5
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98521
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>
    (cherry picked from commit 519d96fd8b83ef4c61576d87b58f97b7e6e6e3c6)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98459
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
    (cherry picked from commit a24a4cc1838e3a2d55261a8edf6cb63186f4c38f)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108950
    Tested-by: Michael Stahl <michael.stahl at allotropia.de>
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 0a2dd750dad7..49d90e54c599 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -994,6 +994,39 @@ bool SfxObjectShell::DoSave()
 
         pImpl->bIsSaving = true;
 
+        if (IsOwnStorageFormat(*GetMedium()))
+        {
+            SvtSaveOptions::ODFSaneDefaultVersion nDefVersion = SvtSaveOptions::ODFSVER_012;
+            if (!utl::ConfigManager::IsFuzzing())
+            {
+                SvtSaveOptions aSaveOpt;
+                nDefVersion = aSaveOpt.GetODFSaneDefaultVersion();
+            }
+            uno::Reference<beans::XPropertySet> const xProps(GetMedium()->GetStorage(), uno::UNO_QUERY);
+            assert(xProps.is());
+            if (nDefVersion >= SvtSaveOptions::ODFSVER_012) // property exists only since ODF 1.2
+            {
+                try // tdf#134582 set Version on embedded objects as they
+                {   // could have been loaded with a different/old version
+#if 0
+// not on old branch
+                    if (SvtSaveOptions::ODFSVER_013 <= nDefVersion)
+                    {
+                        xProps->setPropertyValue("Version", uno::makeAny<OUString>(ODFVER_013_TEXT));
+                    }
+                    else
+#endif
+                    {
+                        xProps->setPropertyValue("Version", uno::makeAny<OUString>(ODFVER_012_TEXT));
+                    }
+                }
+                catch (uno::Exception&)
+                {
+                    TOOLS_WARN_EXCEPTION("sfx.doc", "SfxObjectShell::DoSave");
+                }
+            }
+        }
+
         uno::Sequence< beans::NamedValue > aEncryptionData;
         if ( IsPackageStorageFormat_Impl( *GetMedium() ) )
         {

More information about the Libreoffice-commits mailing list