diff options
Diffstat (limited to '')
| -rw-r--r-- | external/expat/0001-Fix-compiler-warnings.patch | 47 | ||||
| -rw-r--r-- | external/expat/UnpackedTarball_expat.mk | 3 | ||||
| -rw-r--r-- | external/harfbuzz/UnpackedTarball_harfbuzz.mk | 1 | ||||
| -rw-r--r-- | external/harfbuzz/tdf159529.patch.0 | 28 | ||||
| -rw-r--r-- | external/libxml2/ExternalPackage_libxml2.mk | 2 | ||||
| -rw-r--r-- | external/libxml2/libxml2-global-symbols.patch | 8 | ||||
| -rw-r--r-- | external/nss/README | 26 | ||||
| -rw-r--r-- | external/onlineupdate/UnpackedTarball_onlineupdate.mk | 6 | ||||
| -rw-r--r-- | external/onlineupdate/cygpath.patch | 11 | ||||
| -rw-r--r-- | external/onlineupdate/lo.patch | 138 | ||||
| -rw-r--r-- | external/xmlsec/BCryptKeyDerivation.patch.1 | 51 | ||||
| -rw-r--r-- | external/xmlsec/UnpackedTarball_xmlsec.mk | 2 |
12 files changed, 281 insertions, 42 deletions
diff --git a/external/expat/0001-Fix-compiler-warnings.patch b/external/expat/0001-Fix-compiler-warnings.patch new file mode 100644 index 0000000000..adec5ed0d9 --- /dev/null +++ b/external/expat/0001-Fix-compiler-warnings.patch @@ -0,0 +1,47 @@ +From 3f60a47cb5716bb810789a12ef6024c1dc448164 Mon Sep 17 00:00:00 2001 +From: Taichi Haradaguchi <20001722@ymail.ne.jp> +Date: Fri, 9 Feb 2024 19:28:35 +0900 +Subject: [PATCH] Fix compiler warnings + +> In file included from ./../lib/internal.h:149, +> from codepage.c:38: +> ./../lib/expat.h:1045:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef] +> 1045 | #if XML_GE == 1 +> | ^~~~~~ +> ./../lib/internal.h:158:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef] +> 158 | #if XML_GE == 1 +> | ^~~~~~ +--- + expat/lib/expat.h | 2 +- + expat/lib/internal.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/expat/lib/expat.h b/expat/lib/expat.h +index 95464b0d..79bbfb61 100644 +--- a/expat/lib/expat.h ++++ b/expat/lib/expat.h +@@ -1042,7 +1042,7 @@ typedef struct { + XMLPARSEAPI(const XML_Feature *) + XML_GetFeatureList(void); + +-#if XML_GE == 1 ++#if defined(XML_GE) && XML_GE == 1 + /* Added in Expat 2.4.0 for XML_DTD defined and + * added in Expat 2.6.0 for XML_GE == 1. */ + XMLPARSEAPI(XML_Bool) +diff --git a/expat/lib/internal.h b/expat/lib/internal.h +index cce71e4c..208c6b67 100644 +--- a/expat/lib/internal.h ++++ b/expat/lib/internal.h +@@ -155,7 +155,7 @@ extern "C" { + void _INTERNAL_trim_to_complete_utf8_characters(const char *from, + const char **fromLimRef); + +-#if XML_GE == 1 ++#if defined(XML_GE) && XML_GE == 1 + unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); + unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); + const char *unsignedCharToPrintable(unsigned char c); +-- +2.43.1 + diff --git a/external/expat/UnpackedTarball_expat.mk b/external/expat/UnpackedTarball_expat.mk index 5d4f41f6d1..465105f2ca 100644 --- a/external/expat/UnpackedTarball_expat.mk +++ b/external/expat/UnpackedTarball_expat.mk @@ -13,7 +13,10 @@ $(eval $(call gb_UnpackedTarball_set_tarball,expat,$(EXPAT_TARBALL))) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,expat,conftools)) +# * external/expat/0001-Fix-compiler-warnings.patch was sent to upstream as +# <https://github.com/libexpat/libexpat/pull/819> "Fix compiler warnings": $(eval $(call gb_UnpackedTarball_add_patches,expat,\ + external/expat/0001-Fix-compiler-warnings.patch \ external/expat/expat-winapi.patch \ )) diff --git a/external/harfbuzz/UnpackedTarball_harfbuzz.mk b/external/harfbuzz/UnpackedTarball_harfbuzz.mk index 9bc9e326b4..71627725fa 100644 --- a/external/harfbuzz/UnpackedTarball_harfbuzz.mk +++ b/external/harfbuzz/UnpackedTarball_harfbuzz.mk @@ -16,6 +16,7 @@ $(eval $(call gb_UnpackedTarball_update_autoconf_configs,harfbuzz)) $(eval $(call gb_UnpackedTarball_set_patchlevel,harfbuzz,0)) $(eval $(call gb_UnpackedTarball_add_patches,harfbuzz, \ + external/harfbuzz/tdf159529.patch.0 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/harfbuzz/tdf159529.patch.0 b/external/harfbuzz/tdf159529.patch.0 new file mode 100644 index 0000000000..d76313ce83 --- /dev/null +++ b/external/harfbuzz/tdf159529.patch.0 @@ -0,0 +1,28 @@ +--- ./src/hb-ot-font.cc 2023-11-11 09:08:45 ++++ ./src/hb-ot-font.cc 2024-02-20 18:53:55 +@@ -428,13 +428,23 @@ + const hb_ot_face_t *ot_face = ot_font->ot_face; + + #if !defined(HB_NO_OT_FONT_BITMAP) && !defined(HB_NO_COLOR) +- if (ot_face->sbix->get_extents (font, glyph, extents)) return true; ++ /* tdf#159529 clear the hb_ot_face_t's data after fetching 'sbix' table ++ * The 'sbix' table can be very large for color emoji fonts so clear any ++ * cached data in hb_ot_face_t after fetching that table's extents. */ ++ bool sbixResult = ot_face->sbix->get_extents (font, glyph, extents); ++ const_cast<hb_ot_face_t*>(ot_face)->sbix.fini (); ++ if (sbixResult) return true; + if (ot_face->CBDT->get_extents (font, glyph, extents)) return true; + #endif + #if !defined(HB_NO_COLOR) && !defined(HB_NO_PAINT) + if (ot_face->COLR->get_extents (font, glyph, extents)) return true; + #endif +- if (ot_face->glyf->get_extents (font, glyph, extents)) return true; ++ /* tdf#159529 clear the hb_ot_face_t's data after fetching 'glyf' table ++ * The 'glyf' table can be very large for color emoji fonts so clear any ++ * cached data in hb_ot_face_t after fetching that table's extents. */ ++ bool glyfResult = ot_face->glyf->get_extents (font, glyph, extents); ++ const_cast<hb_ot_face_t*>(ot_face)->glyf.fini (); ++ if (glyfResult) return true; + #ifndef HB_NO_OT_FONT_CFF + if (ot_face->cff2->get_extents (font, glyph, extents)) return true; + if (ot_face->cff1->get_extents (font, glyph, extents)) return true; diff --git a/external/libxml2/ExternalPackage_libxml2.mk b/external/libxml2/ExternalPackage_libxml2.mk index 3c399970cd..799044575f 100644 --- a/external/libxml2/ExternalPackage_libxml2.mk +++ b/external/libxml2/ExternalPackage_libxml2.mk @@ -21,7 +21,7 @@ else # COM=MSC $(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.dll,win32/bin.msvc/libxml2.dll)) endif else # OS!=WNT -$(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.11.$(LIBXML_VERSION_MICRO))) +$(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.12.$(LIBXML_VERSION_MICRO))) endif endif # DISABLE_DYNLOADING diff --git a/external/libxml2/libxml2-global-symbols.patch b/external/libxml2/libxml2-global-symbols.patch index cbbe5a6222..32146da4b3 100644 --- a/external/libxml2/libxml2-global-symbols.patch +++ b/external/libxml2/libxml2-global-symbols.patch @@ -13,7 +13,7 @@ } LIBXML2_2.6.28; LIBXML2_2.6.32 { -@@ -2231,3 +2231,49 @@ +@@ -2231,3 +2231,55 @@ xmlPopOutputCallbacks; } LIBXML2_2.9.8; @@ -23,6 +23,12 @@ + xmlNewSAXParserCtxt; +} LIBXML2_2.9.11; + ++LIBXML2_2.12.3 { ++ global: ++ xmlCtxtSetMaxAmplification; ++ xmlTextReaderSetMaxAmplification; ++} LIBXML2_2.11.4; ++ +# HACK: export global variable accessor functions (globals.h) +LIBXML2_GLOBAL_VARIABLES { + global: diff --git a/external/nss/README b/external/nss/README index 6997cea6ca..09931f64ea 100644 --- a/external/nss/README +++ b/external/nss/README @@ -1,5 +1,16 @@ Contains the Network Security Services (NSS) libraries from Mozilla +== ESR versions == + +Upstream releases both regular and "ESR" versions, the latter go into Firefox +ESR and Thunderbird. + +There is a new ESR version about once a year, and a ESR version gets micro +updates only when there are security issues to fix, and it's not always obvious +from the release notes of a regular release if there are security issues that +are relevant to LibreOffice, hence it's probably best to bundle only the ESR +versions and upgrade for every micro release (as recommended by upstream). + == Fips 140 and signed libraries == Fips 140 mode is not supported. That is, the *.chk files containing the @@ -20,18 +31,3 @@ With all supported macOS SDK we use NSS_USE_SYSTEM_SQLITE=1 to build using the system sqlite. -== system NSS on Linux == - -Note that different Linux distributions use different SONAMEs for the -NSS libraries, so it is not possible to use --with-system-nss and build -a portable generic LO installation set, despite NSS upstream apparently -maintaining ABI compatibility. - -Debian Squeeze: -0x000000000000000e (SONAME) Library soname: [libnss3.so.1d] -Fedora 20: -0x000000000000000e (SONAME) Library soname: [libnss3.so] - -For the record, the LSB specified SONAME is libnss3.so -http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html - diff --git a/external/onlineupdate/UnpackedTarball_onlineupdate.mk b/external/onlineupdate/UnpackedTarball_onlineupdate.mk index d27a191d50..166ede0a6b 100644 --- a/external/onlineupdate/UnpackedTarball_onlineupdate.mk +++ b/external/onlineupdate/UnpackedTarball_onlineupdate.mk @@ -18,6 +18,12 @@ $(eval $(call gb_UnpackedTarball_add_patches,onlineupdate, \ external/onlineupdate/lo.patch \ )) +ifeq ($(OS),WNT) +$(eval $(call gb_UnpackedTarball_add_patches,onlineupdate, \ + external/onlineupdate/cygpath.patch \ +)) +endif + # The update maintenance service that is used on Windows has a couple of checks that files in the # to-be-updated installation set are signed, which would fail for --disable-windows-build-signing; # so, as a HACK for debugging purposes, silence those problematic checks for --enable-dbgutil: diff --git a/external/onlineupdate/cygpath.patch b/external/onlineupdate/cygpath.patch new file mode 100644 index 0000000000..81003a2e7d --- /dev/null +++ b/external/onlineupdate/cygpath.patch @@ -0,0 +1,11 @@ +--- tools/update-packaging/make_incremental_update.sh ++++ tools/update-packaging/make_incremental_update.sh +@@ -110,7 +110,7 @@ + # Remove the / + newdir=$(echo "$newdir" | sed -e 's:\/$::') + fi +-workdir="$(mktemp -d)" ++workdir=$(cygpath -m "$(mktemp -d)") + updatemanifestv3="$workdir/updatev3.manifest" + + mkdir -p "$workdir" diff --git a/external/onlineupdate/lo.patch b/external/onlineupdate/lo.patch index 14b2a9a2de..35dfb2f80f 100644 --- a/external/onlineupdate/lo.patch +++ b/external/onlineupdate/lo.patch @@ -238,33 +238,49 @@ // Run update process on a background thread. ShowProgressUI may return --- tools/update-packaging/common.sh +++ tools/update-packaging/common.sh -@@ -76,6 +76,15 @@ +@@ -76,17 +76,8 @@ forced= fi -+ if [ -n "$IFSFILE" ]; then -+ ifsline=$(grep -F " \"$f\"" "$IFSFILE") -+ if [ -n "$ifsline" ]; then -+ testfile=$(printf '%s' "$ifsline" | cut -f 2 -d '"') -+ verbose_notice " add-if \"$testfile\" \"$f\"" -+ echo "add-if \"$testfile\" \"$f\"" >> "$filev3" -+ return -+ fi -+ fi - is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/') - if [ $is_extension = "1" ]; then - # Use the subdirectory of the extensions folder as the file to test +- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/') +- if [ $is_extension = "1" ]; then +- # Use the subdirectory of the extensions folder as the file to test +- # before performing this add instruction. +- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/') +- verbose_notice " add-if \"$testdir\" \"$f\"" +- echo "add-if \"$testdir\" \"$f\"" >> "$filev3" +- else +- verbose_notice " add \"$f\"$forced" +- echo "add \"$f\"" >> "$filev3" +- fi ++ verbose_notice " add-if \"$f\" \"$f\"$forced" ++ echo "add-if \"$f\" \"$f\"" >> "$filev3" + } + + check_for_add_if_not_update() { +@@ -113,17 +104,8 @@ + f="$1" + filev3="$2" + +- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/') +- if [ $is_extension = "1" ]; then +- # Use the subdirectory of the extensions folder as the file to test +- # before performing this add instruction. +- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/') +- verbose_notice " patch-if \"$testdir\" \"$f.patch\" \"$f\"" +- echo "patch-if \"$testdir\" \"$f.patch\" \"$f\"" >> "$filev3" +- else +- verbose_notice " patch \"$f.patch\" \"$f\"" +- echo "patch \"$f.patch\" \"$f\"" >> "$filev3" +- fi ++ verbose_notice " patch-if \"$f\" \"$f.patch\" \"$f\"" ++ echo "patch-if \"$f\" \"$f.patch\" \"$f\"" >> "$filev3" + } + + append_remove_instructions() { --- tools/update-packaging/make_full_update.sh +++ tools/update-packaging/make_full_update.sh -@@ -45,6 +45,7 @@ - - archive="$1" - targetdir="$2" -+IFSFILE=$3 - # Prevent the workdir from being inside the targetdir so it isn't included in - # the update mar. - if [ $(echo "$targetdir" | grep -c '\/$') = 1 ]; then -@@ -53,9 +54,10 @@ +@@ -53,9 +53,10 @@ fi workdir="$targetdir.work" updatemanifestv3="$workdir/updatev3.manifest" @@ -276,7 +292,7 @@ # Generate a list of all files in the target directory. pushd "$targetdir" -@@ -66,7 +68,6 @@ +@@ -66,7 +67,6 @@ if [ ! -f "precomplete" ]; then if [ ! -f "Contents/Resources/precomplete" ]; then notice "precomplete file is missing!" @@ -284,7 +300,7 @@ fi fi -@@ -99,7 +100,7 @@ +@@ -99,7 +99,7 @@ $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$targetdir/$f" > "$workdir/$f" copy_perm "$targetdir/$f" "$workdir/$f" @@ -293,7 +309,7 @@ done # Append remove instructions for any dead files. -@@ -110,7 +111,7 @@ +@@ -110,7 +110,7 @@ $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force "$updatemanifestv3" && mv -f "$updatemanifestv3.xz" "$updatemanifestv3" mar_command="$mar_command -C \"$workdir\" -c output.mar" @@ -302,3 +318,75 @@ mv -f "$workdir/output.mar" "$archive" # cleanup +--- tools/update-packaging/make_incremental_update.sh ++++ tools/update-packaging/make_incremental_update.sh +@@ -112,9 +112,10 @@ + fi + workdir="$(mktemp -d)" + updatemanifestv3="$workdir/updatev3.manifest" +-archivefiles="updatev3.manifest" + + mkdir -p "$workdir" ++ ++printf 'updatev3.manifest\n' >"$workdir/files.txt" + + # Generate a list of all files in the target directory. + pushd "$olddir" +@@ -135,7 +136,6 @@ + if [ ! -f "precomplete" ]; then + if [ ! -f "Contents/Resources/precomplete" ]; then + notice "precomplete file is missing!" +- exit 1 + fi + fi + +@@ -170,7 +170,7 @@ + $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f" + copy_perm "$newdir/$f" "$workdir/$f" + make_add_if_not_instruction "$f" "$updatemanifestv3" +- archivefiles="$archivefiles \"$f\"" ++ printf '%s\n' "$f" >>"$workdir/files.txt" + continue 1 + fi + +@@ -180,7 +180,7 @@ + $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f" + copy_perm "$newdir/$f" "$workdir/$f" + make_add_instruction "$f" "$updatemanifestv3" 1 +- archivefiles="$archivefiles \"$f\"" ++ printf '%s\n' "$f" >>"$workdir/files.txt" + continue 1 + fi + +@@ -227,11 +227,11 @@ + make_patch_instruction "$f" "$updatemanifestv3" + mv -f "$patchfile" "$workdir/$f.patch" + rm -f "$workdir/$f" +- archivefiles="$archivefiles \"$f.patch\"" ++ printf '%s\n' "$f.patch" >>"$workdir/files.txt" + else + make_add_instruction "$f" "$updatemanifestv3" + rm -f "$patchfile" +- archivefiles="$archivefiles \"$f\"" ++ printf '%s\n' "$f" >>"$workdir/files.txt" + fi + fi + else +@@ -270,7 +270,7 @@ + fi + + +- archivefiles="$archivefiles \"$f\"" ++ printf '%s\n' "$f" >>"$workdir/files.txt" + done + + notice "" +@@ -302,7 +302,7 @@ + $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force "$updatemanifestv3" && mv -f "$updatemanifestv3.xz" "$updatemanifestv3" + + mar_command="$mar_command -C \"$workdir\" -c output.mar" +-eval "$mar_command $archivefiles" ++eval "$mar_command -f $workdir/files.txt" + mv -f "$workdir/output.mar" "$archive" + + # cleanup diff --git a/external/xmlsec/BCryptKeyDerivation.patch.1 b/external/xmlsec/BCryptKeyDerivation.patch.1 new file mode 100644 index 0000000000..3747915f87 --- /dev/null +++ b/external/xmlsec/BCryptKeyDerivation.patch.1 @@ -0,0 +1,51 @@ +tdf#159519 Windows 7 does not have BCryptKeyDerivation + +It just occurred to me that these functions would of course not be called +by LibreOffice so this is untested. + +--- xmlsec/src/mscng/pbkdf2.c.orig 2024-02-21 19:02:56.539534152 +0100 ++++ xmlsec/src/mscng/pbkdf2.c 2024-02-21 19:01:03.282270354 +0100 +@@ -318,7 +318,20 @@ + } + + /* generate the output key */ ++#if 1 // _WIN32_WINNT <= 0x0601 ++ typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)( ++ BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG); ++ HMODULE hBCrypt = GetModuleHandle("bcrypt.dll"); ++ BCryptKeyDerivationPtr pBCryptKeyDerivation = ++ (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation"); ++ if(NULL == pBCryptKeyDerivation) { ++ xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status); ++ goto done; ++ } ++ status = (*pBCryptKeyDerivation)( ++#else + status = BCryptKeyDerivation( ++#endif + hKey, + ¶msPBKDF2, + pbOut, +--- xmlsec/src/mscng/concatkdf.c.orig 2024-02-21 19:02:37.962490885 +0100 ++++ xmlsec/src/mscng/concatkdf.c 2024-02-21 19:01:37.961351134 +0100 +@@ -318,7 +318,20 @@ + } + + /* generate the output key */ ++#if 1 // _WIN32_WINNT <= 0x0601 ++ typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)( ++ BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG); ++ HMODULE hBCrypt = GetModuleHandle("bcrypt.dll"); ++ BCryptKeyDerivationPtr pBCryptKeyDerivation = ++ (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation"); ++ if(NULL == pBCryptKeyDerivation) { ++ xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status); ++ goto done; ++ } ++ status = (*pBCryptKeyDerivation)( ++#else + status = BCryptKeyDerivation( ++#endif + hKey, + ¶msCONCATKDF2, + pbOut, diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk index 77d3386b27..906aece5f7 100644 --- a/external/xmlsec/UnpackedTarball_xmlsec.mk +++ b/external/xmlsec/UnpackedTarball_xmlsec.mk @@ -10,6 +10,8 @@ xmlsec_patches := # Remove this when Ubuntu 20.04 is EOL in 2025. xmlsec_patches += old-nss.patch.1 +# Remove this when Windows 7 is no longer supported +xmlsec_patches += BCryptKeyDerivation.patch.1 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec)) |