[Libreoffice-commits] core.git: Branch 'distro/mimo/mimo-6-2' - 6 commits - configure.ac download.lst external/curl external/libxml2 external/libxslt external/openssl RepositoryExternal.mk

Andras Timar (via logerrit) logerrit at kemper.freedesktop.org
Mon Sep 13 09:34:34 UTC 2021


Rebased ref, commits from common ancestor:
commit f4723c0a07d118b68793b05fd8a440da2b339ad5
Author:     Andras Timar <andras.timar at collabora.com>
AuthorDate: Thu Sep 9 13:43:04 2021 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:58 2021 +0200

    Bump product version to 6.2.8.2.M5
    
    Change-Id: I59145513f596b583c80f5e9a843956b3175aa3d2

diff --git a/configure.ac b/configure.ac
index 078dfca928d7..a60bef2d6124 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea.
 
-AC_INIT([LibreOffice],[6.2.8.2.M4],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.2.8.2.M5],[],[],[http://documentfoundation.org/])
 
 AC_PREREQ([2.59])
 
commit 0a1ad6296d7fbb4b087a23efb84ef7a1969f3ee4
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Aug 25 11:32:11 2021 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:58 2021 +0200

    openssl: add patch for CVE-2021-3712
    
    Change-Id: I4061cbac18ddf9c7f932a27bf2b54a2b1c2f9d99
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121029
    Tested-by: Michael Stahl <michael.stahl at allotropia.de>
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index ad600cce1412..e7fca1116545 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
 	external/openssl/openssl-3650-masm.patch.1 \
 	external/openssl/openssl-fixbuild.patch.1 \
 	external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
+	external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
new file mode 100644
index 000000000000..cf809750ecfb
--- /dev/null
+++ b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1
@@ -0,0 +1,56 @@
+From ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Tue, 17 Aug 2021 14:41:48 +0100
+Subject: [PATCH] Fix a read buffer overrun in X509_CERT_AUX_print()
+
+This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed
+the same bug but in master/1.1.1 it is in the function X509_aux_print().
+The original commit had the following description:
+
+Fix a read buffer overrun in X509_aux_print().
+
+The ASN1_STRING_get0_data(3) manual explitely cautions the reader
+that the data is not necessarily NUL-terminated, and the function
+X509_alias_set1(3) does not sanitize the data passed into it in any
+way either, so we must assume the return value from X509_alias_get0(3)
+is merely a byte array and not necessarily a string in the sense
+of the C language.
+
+I found this bug while writing manual pages for X509_print_ex(3)
+and related functions.  Theo Buehler <tb at openbsd.org> checked my
+patch to fix the same bug in LibreSSL, see
+
+http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
+
+As an aside, note that the function still produces incomplete and
+misleading results when the data contains a NUL byte in the middle
+and that error handling is consistently absent throughout, even
+though the function provides an "int" return value obviously intended
+to be 1 for success and 0 for failure, and even though this function
+is called by another function that also wants to return 1 for success
+and 0 for failure and even does so in many of its code paths, though
+not in others.  But let's stay focussed.  Many things would be nice
+to have in the wide wild world, but a buffer overflow must not be
+allowed to remain in our backyard.
+
+CVE-2021-3712
+
+Reviewed-by: Paul Dale <pauli at openssl.org>
+---
+ crypto/asn1/t_x509a.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
+index d1b897a469fd..b1bc9d0cd28b 100644
+--- a/crypto/asn1/t_x509a.c
++++ b/crypto/asn1/t_x509a.c
+@@ -104,7 +104,8 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+     } else
+         BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+     if (aux->alias)
+-        BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
++        BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length,
++                   aux->alias->data);
+     if (aux->keyid) {
+         BIO_printf(out, "%*sKey Id: ", indent, "");
+         for (i = 0; i < aux->keyid->length; i++)
commit 9903bae748b16085e2cec67ac42e6b01a1840197
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Wed Nov 20 15:08:24 2019 +0100
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:58 2021 +0200

    libxslt: upgrade to release 1.1.34
    
    Fixes CVE-2019-18197.
    
    Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
    
    Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
    Reviewed-on: https://gerrit.libreoffice.org/83312
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>
    (cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1)
    Reviewed-on: https://gerrit.libreoffice.org/83377
    (cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473)
    Reviewed-on: https://gerrit.libreoffice.org/83419
    Tested-by: Michael Stahl <michael.stahl at cib.de>

diff --git a/download.lst b/download.lst
index 720b66ff4017..22d73b69a31f 100644
--- a/download.lst
+++ b/download.lst
@@ -159,8 +159,8 @@ export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
 export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
 export LIBXML_VERSION_MICRO := 12
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
-export LIBXSLT_SHA256SUM := 8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
-export LIBXSLT_VERSION_MICRO := 33
+export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
+export LIBXSLT_VERSION_MICRO := 34
 export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz
 export LPSOLVE_SHA256SUM := 171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695
 export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz
diff --git a/external/libxslt/UnpackedTarball_libxslt.mk b/external/libxslt/UnpackedTarball_libxslt.mk
index beb591b8b2a8..b035e99f0a79 100644
--- a/external/libxslt/UnpackedTarball_libxslt.mk
+++ b/external/libxslt/UnpackedTarball_libxslt.mk
@@ -19,7 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\
 	external/libxslt/libxslt-msvc.patch.2 \
 	external/libxslt/libxslt-1.1.26-memdump.patch \
 	external/libxslt/rpath.patch.0 \
-	external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 \
+	external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 b/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
deleted file mode 100644
index 260f35d1a35e..000000000000
--- a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
+++ /dev/null
@@ -1,120 +0,0 @@
-From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer at aevum.de>
-Date: Sun, 24 Mar 2019 09:51:39 +0100
-Subject: [PATCH] Fix security framework bypass
-
-xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
-don't check for this condition and allow access. With a specially
-crafted URL, xsltCheckRead could be tricked into returning an error
-because of a supposedly invalid URL that would still be loaded
-succesfully later on.
-
-Fixes #12.
-
-Thanks to Felix Wilhelm for the report.
----
- libxslt/documents.c | 18 ++++++++++--------
- libxslt/imports.c   |  9 +++++----
- libxslt/transform.c |  9 +++++----
- libxslt/xslt.c      |  9 +++++----
- 4 files changed, 25 insertions(+), 20 deletions(-)
-
-diff --git a/libxslt/documents.c b/libxslt/documents.c
-index 3f3a7312..4aad11bb 100644
---- a/libxslt/documents.c
-+++ b/libxslt/documents.c
-@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
- 	int res;
- 
- 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
--	if (res == 0) {
--	    xsltTransformError(ctxt, NULL, NULL,
--		 "xsltLoadDocument: read rights for %s denied\n",
--			     URI);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(ctxt, NULL, NULL,
-+                     "xsltLoadDocument: read rights for %s denied\n",
-+                                 URI);
- 	    return(NULL);
- 	}
-     }
-@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
- 	int res;
- 
- 	res = xsltCheckRead(sec, NULL, URI);
--	if (res == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsltLoadStyleDocument: read rights for %s denied\n",
--			     URI);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsltLoadStyleDocument: read rights for %s denied\n",
-+                                 URI);
- 	    return(NULL);
- 	}
-     }
-diff --git a/libxslt/imports.c b/libxslt/imports.c
-index 874870cc..3783b247 100644
---- a/libxslt/imports.c
-+++ b/libxslt/imports.c
-@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
- 	int secres;
- 
- 	secres = xsltCheckRead(sec, NULL, URI);
--	if (secres == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsl:import: read rights for %s denied\n",
--			     URI);
-+	if (secres <= 0) {
-+            if (secres == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsl:import: read rights for %s denied\n",
-+                                 URI);
- 	    goto error;
- 	}
-     }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 13793914..0636dbd0 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
-      */
-     if (ctxt->sec != NULL) {
- 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
--	if (ret == 0) {
--	    xsltTransformError(ctxt, NULL, inst,
--		 "xsltDocumentElem: write rights for %s denied\n",
--			     filename);
-+	if (ret <= 0) {
-+            if (ret == 0)
-+                xsltTransformError(ctxt, NULL, inst,
-+                     "xsltDocumentElem: write rights for %s denied\n",
-+                                 filename);
- 	    xmlFree(URL);
- 	    xmlFree(filename);
- 	    return;
-diff --git a/libxslt/xslt.c b/libxslt/xslt.c
-index 780a5ad7..a234eb79 100644
---- a/libxslt/xslt.c
-+++ b/libxslt/xslt.c
-@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
- 	int res;
- 
- 	res = xsltCheckRead(sec, NULL, filename);
--	if (res == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsltParseStylesheetFile: read rights for %s denied\n",
--			     filename);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsltParseStylesheetFile: read rights for %s denied\n",
-+                                 filename);
- 	    return(NULL);
- 	}
-     }
--- 
-2.18.1
-
diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
new file mode 100644
index 000000000000..f82c2e4f77ee
--- /dev/null
+++ b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
@@ -0,0 +1,69 @@
+From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001
+From: Chun-wei Fan <fanchunwei at src.gnome.org>
+Date: Tue, 12 Nov 2019 17:37:05 +0800
+Subject: [PATCH] win32: Add configuration for profiler
+
+Without this the generated xsltconfig.h will not be complete as there
+will be a configuration variable that is left in the header, breaking
+builds.
+
+This will allow one to enable or disable profiler support in Windows
+builds, and the default is to enable this.
+---
+ win32/configure.js | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/win32/configure.js b/win32/configure.js
+index 56694cce..12c99f30 100644
+--- a/win32/configure.js
++++ b/win32/configure.js
+@@ -47,6 +47,7 @@ var withIconv = true;
+ var withZlib = false;
+ var withCrypto = true;
+ var withModules = false;
++var withProfiler = true;
+ /* Win32 build options. */
+ var dirSep = "\\";
+ var compiler = "msvc";
+@@ -106,6 +107,7 @@ function usage()
+ 	txt += "  zlib:       Use zlib library (" + (withZlib? "yes" : "no") + ")\n";
+ 	txt += "  crypto:     Enable Crypto support (" + (withCrypto? "yes" : "no") + ")\n";
+ 	txt += "  modules:    Enable Module support (" + (withModules? "yes" : "no") + ")\n";
++	txt += "  profiler:   Enable Profiler support (" + (withProfiler? "yes" : "no") + ")\n";
+ 	txt += "\nWin32 build options, default value given in parentheses:\n\n";
+ 	txt += "  compiler:   Compiler to be used [msvc|mingw] (" + compiler + ")\n";
+ 	txt += "  cruntime:   C-runtime compiler option (only msvc) (" + cruntime + ")\n";
+@@ -192,6 +194,7 @@ function discoverVersion()
+ 	vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0"));
+ 	vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0"));
+ 	vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0"));
++	vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0"));
+ 	vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
+ 	vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
+ 	vf.WriteLine("PREFIX=" + buildPrefix);
+@@ -240,6 +243,8 @@ function configureXslt()
+ 			of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/, withDebugger? "1" : "0"));
+ 		} else if (s.search(/\@WITH_MODULES\@/) != -1) {
+ 			of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules? "1" : "0"));
++		} else if (s.search(/\@WITH_PROFILER\@/) != -1) {
++			of.WriteLine(s.replace(/\@WITH_PROFILER\@/, withProfiler? "1" : "0"));
+ 		} else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) {
+ 			of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL"));
+ 		} else
+@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) {
+ 			withCrypto = strToBool(arg.substring(opt.length + 1, arg.length));
+ 		else if (opt == "modules")
+ 			withModules = strToBool(arg.substring(opt.length + 1, arg.length));
++		else if (opt == "profiler")
++			withProfiler = strToBool(arg.substring(opt.length + 1, arg.length));
+ 		else if (opt == "compiler")
+ 			compiler = arg.substring(opt.length + 1, arg.length);
+  		else if (opt == "cruntime")
+@@ -477,6 +484,7 @@ txtOut += "         Use iconv: " + boolToStr(withIconv) + "\n";
+ txtOut += "         With zlib: " + boolToStr(withZlib) + "\n";
+ txtOut += "            Crypto: " + boolToStr(withCrypto) + "\n";
+ txtOut += "           Modules: " + boolToStr(withModules) + "\n";
++txtOut += "          Profiler: " + boolToStr(withProfiler) + "\n";
+ txtOut += "\n";
+ txtOut += "Win32 build configuration\n";
+ txtOut += "-------------------------\n";
diff --git a/external/libxslt/libxslt-config.patch.1 b/external/libxslt/libxslt-config.patch.1
index 5f9d107bd1e7..e4ce5d9e27cf 100644
--- a/external/libxslt/libxslt-config.patch.1
+++ b/external/libxslt/libxslt-config.patch.1
@@ -23,13 +23,13 @@ Hack the xslt-config to return paths into WORKDIR.
  
  usage()
  {
-@@ -89,7 +95,8 @@
-     shift
- done
+@@ -92,7 +98,8 @@
+             libs="@XSLT_LIBDIR@ $libs"
+         fi
  
--the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+#the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+the_libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
- if test "$includedir" != "/usr/include"; then
-     the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`"
- else
+-        libs="$libs @EXTRA_LIBS@"
++        #libs="$libs @EXTRA_LIBS@"
++        libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
+        	;;
+ 
+     *)
diff --git a/external/libxslt/libxslt-internal-symbols.patch.1 b/external/libxslt/libxslt-internal-symbols.patch.1
index 7b13e1007c00..84a15154d729 100644
--- a/external/libxslt/libxslt-internal-symbols.patch.1
+++ b/external/libxslt/libxslt-internal-symbols.patch.1
@@ -1,13 +1,13 @@
 --- xslt/libxslt/libxslt.syms.orig	2017-09-05 16:25:50.504966267 +0200
 +++ xslt/libxslt/libxslt.syms	2017-09-05 16:41:00.256895709 +0200
 @@ -497,5 +497,10 @@
- # xsltInternals
-   xsltFlagRVTs;
-   xsltDecimalFormatGetByQName;
+ 
+ # pattern
+   xsltCompMatchClearCache;
 +
 +# Solaris ld needs explicit auto-reduction (or, alternatively, "-B local")
 +    local:
 +  *;
 +
- } LIBXML2_1.1.27;
+ } LIBXML2_1.1.30;
  
commit ecf34a5a990fd88a32c971a0a6144b16ba8a806c
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Fri May 21 13:33:26 2021 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:57 2021 +0200

    libxml2: upgrade to release 2.9.12
    
    Fixes:
    CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
    
    * external/libxml2/ubsan.patch.0: remove, fixed upstream
    
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
    (cherry picked from commit bf0c6a98ae38cd2188d7f7e94f1563e5ce6a8ce4)
    
    Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115935
    Tested-by: Michael Stahl <michael.stahl at allotropia.de>
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/download.lst b/download.lst
index 2f85df41e355..720b66ff4017 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
 export LIBTOMMATH_TARBALL := ltm-1.0.zip
 export XMLSEC_SHA256SUM := 97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6
 export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
-export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
-export LIBXML_VERSION_MICRO := 10
+export LIBXML_SHA256SUM := c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92
+export LIBXML_VERSION_MICRO := 12
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
 export LIBXSLT_SHA256SUM := 8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
 export LIBXSLT_VERSION_MICRO := 33
diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1
index 8c28fb6a7806..5a2ef1485e92 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -18,9 +18,9 @@ Hack the xml2-config to return paths into WORKDIR.
 +exec_prefix=${WORKDIR}/UnpackedTarball/libxml2
 +includedir=${WORKDIR}/UnpackedTarball/libxml2/include
 +libdir=${WORKDIR}/UnpackedTarball/libxml2/.libs
+ cflags=
+ libs=
  
- usage()
- {
 @@ -67,7 +72,8 @@
  	;;
  
diff --git a/external/libxml2/libxml2-global-symbols.patch b/external/libxml2/libxml2-global-symbols.patch
index 49ee73731562..cfec9c530281 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -14,8 +14,8 @@
  
  LIBXML2_2.6.32 {
 @@ -2231,3 +2231,43 @@
-   xmlHashDefaultDeallocator;
- } LIBXML2_2.9.1;
+   xmlPopOutputCallbacks;
+ } LIBXML2_2.9.8;
  
 +# HACK: export global variable accessor functions (globals.h)
 +LIBXML2_GLOBAL_VARIABLES {
commit 7a0bf807f4e8a1343a578c1461bac68144527f81
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Wed Nov 20 15:05:02 2019 +0100
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:57 2021 +0200

    libxml2: upgrade to release 2.9.10
    
    ... which is, surprisingly enough, required to build the latest libxslt.
    
    Reviewed-on: https://gerrit.libreoffice.org/83311
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>
    (cherry picked from commit d1bf39a78ed239d4493f0470ca937852265e79d6)
    Reviewed-on: https://gerrit.libreoffice.org/83347
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
    (cherry picked from commit e9dc4662d4ba3bde91407911f1bc1a7aa25fa0ce)
    
    Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
    Reviewed-on: https://gerrit.libreoffice.org/83418
    Reviewed-by: Michael Stahl <michael.stahl at cib.de>
    Tested-by: Michael Stahl <michael.stahl at cib.de>

diff --git a/download.lst b/download.lst
index e15f327e825a..2f85df41e355 100644
--- a/download.lst
+++ b/download.lst
@@ -156,8 +156,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
 export LIBTOMMATH_TARBALL := ltm-1.0.zip
 export XMLSEC_SHA256SUM := 97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6
 export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
-export LIBXML_SHA256SUM := 94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871
-export LIBXML_VERSION_MICRO := 9
+export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
+export LIBXML_VERSION_MICRO := 10
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
 export LIBXSLT_SHA256SUM := 8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
 export LIBXSLT_VERSION_MICRO := 33
diff --git a/external/libxml2/libxml2-android.patch b/external/libxml2/libxml2-android.patch
index 714de61068fb..42af83274026 100644
--- a/external/libxml2/libxml2-android.patch
+++ b/external/libxml2/libxml2-android.patch
@@ -4,7 +4,7 @@
  	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
  check: $(BUILT_SOURCES)
  	$(MAKE) $(AM_MAKEFLAGS) check-recursive
--all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \
+-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \
 +all-am: Makefile $(LTLIBRARIES) \
  		config.h
  install-binPROGRAMS: install-libLTLIBRARIES
diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1
index 7d96fb530e57..8c28fb6a7806 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -25,45 +25,19 @@ Hack the xml2-config to return paths into WORKDIR.
  	;;
  
      --cflags)
--       	echo @XML_INCLUDEDIR@ @XML_CFLAGS@
-+        echo -I${includedir}
-+#       	echo @XML_INCLUDEDIR@ @XML_CFLAGS@
+-        cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++        #cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++        cflags="-I${includedir}"
         	;;
  
      --libtool-libs)
-@@ -82,19 +88,24 @@
-        	;;
+@@ -91,7 +96,8 @@
+             libs="@XML_LIBDIR@ $libs"
+         fi
  
-     --libs)
--        if [ "`uname`" = "Linux" ]
--	then
--	    if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
--	    then
--		echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
--	    else
--		echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
--	    fi
--	else
--	    echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@ @WIN32_EXTRA_LIBADD@
--	fi
-+        echo -L${libdir} -lxml2 -lm
-+#        if [ "`uname`" = "Linux" ]
-+#	then
-+#	    if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
-+#	    then
-+#		echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+#	    else
-+#		echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+#	    fi
-+#	else
-+#	    echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@ @WIN32_EXTRA_LIBADD@
-+#	fi
-        	;;
+-        libs="$libs @WIN32_EXTRA_LIBADD@"
++        #libs="$libs @WIN32_EXTRA_LIBADD@"
++        libs="-L${libdir} -lxml2 -lm"
+         ;;
  
-+    print) # ugly configure hack
-+        exit 0
-+        ;;
-+ 
      *)
- 	usage
- 	exit 1
commit 7f30bfdd6c5a370ab30e645fbe7f7d8ea5bd2e62
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Jul 21 11:57:51 2021 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Mon Sep 13 11:33:57 2021 +0200

    curl: upgrade to release 7.78.0
    
    * Fixes CVE-2020-8284 CVE-2021-22924
    * Also fixes these which don't look relevant to LO:
      CVE-2020-8231
      CVE-2020-8285 CVE-2020-8286
      CVE-2021-22876 CVE-2021-22890
      CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
      CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
    * disable some new protocols and dependencies
    * remove curl-ios.patch.1 as the code no longer exists upstream
    
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
    (cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262
    Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
    (cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d)
    
    Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119427
    Tested-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
    Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>

diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 236b1e2a61d9..041ad56f18bd 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -2746,7 +2746,7 @@ $(call gb_LinkTarget_set_include,$(1),\
 
 ifeq ($(COM),MSC)
 $(call gb_LinkTarget_add_libs,$(1),\
-	$(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
+	$(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
 )
 else
 $(call gb_LinkTarget_add_libs,$(1),\
diff --git a/download.lst b/download.lst
index dc54069ee54c..e15f327e825a 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
 export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 7766d263929404f693905b5e5222aa0f2bdf8c66ab4b8758f0c0820a42b966cd
-export CURL_TARBALL := curl-7.65.0.tar.xz
+export CURL_SHA256SUM := be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
+export CURL_TARBALL := curl-7.78.0.tar.xz
 export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk
index 56c418b6ef0c..1fb360c85ca9 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -14,13 +14,13 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl))
 ifneq ($(DISABLE_DYNLOADING),TRUE)
 
 ifeq ($(COM),MSC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
 else ifeq ($(OS),MACOSX)
 $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib))
 else ifeq ($(OS),AIX)
 $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
 else
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0))
 endif
 
 endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index 73d5620eaa01..81886b36fbc5 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -35,20 +35,22 @@ ifeq ($(SYSTEM_NSS),)
 curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss
 endif
 
-# use --with-darwinssl on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage
+# use --with-secure-transport on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage
 # use --with-nss only on platforms other than Mac OS X and iOS
 $(call gb_ExternalProject_get_state_target,curl,build):
 	$(call gb_ExternalProject_run,build,\
 		./configure \
-			$(if $(filter iOS MACOSX,$(OS)),\
-				--with-darwinssl,\
+			$(if $(filter IOS MACOSX,$(OS)),\
+				--with-secure-transport,\
 				$(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
 			--without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \
 			--enable-ftp --enable-http --enable-ipv6 \
 			--without-libidn2 --without-libpsl --without-librtmp \
 			--without-libssh2 --without-metalink --without-nghttp2 \
 			--without-libssh --without-brotli \
-			--disable-ares \
+			--without-ngtcp2 --without-quiche \
+			--without-zstd --without-hyper --without-gsasl --without-gssapi \
+			--disable-mqtt --disable-ares \
 			--disable-dict --disable-file --disable-gopher --disable-imap \
 			--disable-ldap --disable-ldaps --disable-manual --disable-pop3 \
 			--disable-rtsp --disable-smb --disable-smtp --disable-telnet  \
diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0
index 2f7fe567460c..2fbb10c2a9aa 100644
--- a/external/curl/clang-cl.patch.0
+++ b/external/curl/clang-cl.patch.0
@@ -4,8 +4,8 @@
  !ELSE
  CC_NODEBUG  = $(CC) /O2 /DNDEBUG
  CC_DEBUG    = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
--CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
-+CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC)
+-CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
++CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC)
  !ENDIF
  
  LFLAGS     = /nologo /machine:$(MACHINE)
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index 5361433a917b..5bb98fa04741 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -114,7 +114,7 @@
 @@ -4663,6 +4739,7 @@
    }
    if(proxy)
-     infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
+     infof(data, "Uses proxy env variable %s == '%s'", envp, proxy);
 +#endif /* WIN32 */
  
    return proxy;
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1
index c8747a5fcc1d..a6d06c69b004 100644
--- a/external/curl/curl-msvc-disable-protocols.patch.1
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -2,18 +2,19 @@ disable protocols nobody needs in MSVC build
 
 --- curl/lib/config-win32.h.orig	2017-08-09 16:43:29.464000000 +0200
 +++ curl/lib/config-win32.h	2017-08-09 16:47:38.549200000 +0200
-@@ -733,4 +733,19 @@
+@@ -733,4 +733,20 @@
  #  define ENABLE_IPV6 1
  #endif
  
 +#define CURL_DISABLE_DICT 1
 +#define CURL_DISABLE_FILE 1
-+//#undef CURL_DISABLE_FTP
++#undef CURL_DISABLE_FTP
 +#define CURL_DISABLE_GOPHER 1
-+//#undef CURL_DISABLE_HTTP
++#undef CURL_DISABLE_HTTP
 +#define CURL_DISABLE_IMAP 1
 +#define CURL_DISABLE_LDAP 1
 +#define CURL_DISABLE_LDAPS 1
++#define CURL_DISABLE_MQTT 1
 +#define CURL_DISABLE_POP3 1
 +#define CURL_DISABLE_RTSP 1
 +#define CURL_DISABLE_SMB 1
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 80160958c99d..a5b79a8e9c49 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -6,8 +6,8 @@ MSVC: using SOLARINC
  !ELSE
  CC_NODEBUG  = $(CC) /O2 /DNDEBUG
  CC_DEBUG    = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
--CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL
-+CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
+-CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL
++CFLAGS      = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
  !ENDIF
  
  LFLAGS     = /nologo /machine:$(MACHINE)
@@ -18,10 +18,10 @@ MSVC: using SOLARINC
 -RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
 +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
  CURL_CC       = $(CC_DEBUG) $(RTLIB_DEBUG)
- CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
  !ELSE
 -RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
 +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
  CURL_CC       = $(CC_NODEBUG) $(RTLIB)
- CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
  !ENDIF
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index 189e820d1afa..f4a0ad4b152f 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -54,8 +54,8 @@
  clean_LIBS=$LIBS
 -ZLIB_LIBS=""
  AC_ARG_WITH(zlib,
- AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
- AC_HELP_STRING([--without-zlib],[disable use of zlib]),
+ AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
+ AS_HELP_STRING([--without-zlib],[disable use of zlib]),
                 [OPT_ZLIB="$withval"])
  
  if test "$OPT_ZLIB" = "no" ; then


More information about the Libreoffice-commits mailing list