summaryrefslogtreecommitdiffstats
path: root/external
diff options
context:
space:
mode:
Diffstat (limited to 'external')
-rw-r--r--external/expat/0001-Fix-compiler-warnings.patch47
-rw-r--r--external/expat/UnpackedTarball_expat.mk3
-rw-r--r--external/harfbuzz/UnpackedTarball_harfbuzz.mk1
-rw-r--r--external/harfbuzz/tdf159529.patch.028
-rw-r--r--external/libxml2/ExternalPackage_libxml2.mk2
-rw-r--r--external/libxml2/libxml2-global-symbols.patch8
-rw-r--r--external/nss/README26
-rw-r--r--external/onlineupdate/UnpackedTarball_onlineupdate.mk6
-rw-r--r--external/onlineupdate/cygpath.patch11
-rw-r--r--external/onlineupdate/lo.patch138
-rw-r--r--external/xmlsec/BCryptKeyDerivation.patch.151
-rw-r--r--external/xmlsec/UnpackedTarball_xmlsec.mk2
12 files changed, 281 insertions, 42 deletions
diff --git a/external/expat/0001-Fix-compiler-warnings.patch b/external/expat/0001-Fix-compiler-warnings.patch
new file mode 100644
index 0000000000..adec5ed0d9
--- /dev/null
+++ b/external/expat/0001-Fix-compiler-warnings.patch
@@ -0,0 +1,47 @@
+From 3f60a47cb5716bb810789a12ef6024c1dc448164 Mon Sep 17 00:00:00 2001
+From: Taichi Haradaguchi <20001722@ymail.ne.jp>
+Date: Fri, 9 Feb 2024 19:28:35 +0900
+Subject: [PATCH] Fix compiler warnings
+
+> In file included from ./../lib/internal.h:149,
+> from codepage.c:38:
+> ./../lib/expat.h:1045:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef]
+> 1045 | #if XML_GE == 1
+> | ^~~~~~
+> ./../lib/internal.h:158:5: warning: "XML_GE" is not defined, evaluates to 0 [-Wundef]
+> 158 | #if XML_GE == 1
+> | ^~~~~~
+---
+ expat/lib/expat.h | 2 +-
+ expat/lib/internal.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/expat.h b/expat/lib/expat.h
+index 95464b0d..79bbfb61 100644
+--- a/expat/lib/expat.h
++++ b/expat/lib/expat.h
+@@ -1042,7 +1042,7 @@ typedef struct {
+ XMLPARSEAPI(const XML_Feature *)
+ XML_GetFeatureList(void);
+
+-#if XML_GE == 1
++#if defined(XML_GE) && XML_GE == 1
+ /* Added in Expat 2.4.0 for XML_DTD defined and
+ * added in Expat 2.6.0 for XML_GE == 1. */
+ XMLPARSEAPI(XML_Bool)
+diff --git a/expat/lib/internal.h b/expat/lib/internal.h
+index cce71e4c..208c6b67 100644
+--- a/expat/lib/internal.h
++++ b/expat/lib/internal.h
+@@ -155,7 +155,7 @@ extern "C" {
+ void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
+ const char **fromLimRef);
+
+-#if XML_GE == 1
++#if defined(XML_GE) && XML_GE == 1
+ unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
+ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
+ const char *unsignedCharToPrintable(unsigned char c);
+--
+2.43.1
+
diff --git a/external/expat/UnpackedTarball_expat.mk b/external/expat/UnpackedTarball_expat.mk
index 5d4f41f6d1..465105f2ca 100644
--- a/external/expat/UnpackedTarball_expat.mk
+++ b/external/expat/UnpackedTarball_expat.mk
@@ -13,7 +13,10 @@ $(eval $(call gb_UnpackedTarball_set_tarball,expat,$(EXPAT_TARBALL)))
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,expat,conftools))
+# * external/expat/0001-Fix-compiler-warnings.patch was sent to upstream as
+# <https://github.com/libexpat/libexpat/pull/819> "Fix compiler warnings":
$(eval $(call gb_UnpackedTarball_add_patches,expat,\
+ external/expat/0001-Fix-compiler-warnings.patch \
external/expat/expat-winapi.patch \
))
diff --git a/external/harfbuzz/UnpackedTarball_harfbuzz.mk b/external/harfbuzz/UnpackedTarball_harfbuzz.mk
index 9bc9e326b4..71627725fa 100644
--- a/external/harfbuzz/UnpackedTarball_harfbuzz.mk
+++ b/external/harfbuzz/UnpackedTarball_harfbuzz.mk
@@ -16,6 +16,7 @@ $(eval $(call gb_UnpackedTarball_update_autoconf_configs,harfbuzz))
$(eval $(call gb_UnpackedTarball_set_patchlevel,harfbuzz,0))
$(eval $(call gb_UnpackedTarball_add_patches,harfbuzz, \
+ external/harfbuzz/tdf159529.patch.0 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/harfbuzz/tdf159529.patch.0 b/external/harfbuzz/tdf159529.patch.0
new file mode 100644
index 0000000000..d76313ce83
--- /dev/null
+++ b/external/harfbuzz/tdf159529.patch.0
@@ -0,0 +1,28 @@
+--- ./src/hb-ot-font.cc 2023-11-11 09:08:45
++++ ./src/hb-ot-font.cc 2024-02-20 18:53:55
+@@ -428,13 +428,23 @@
+ const hb_ot_face_t *ot_face = ot_font->ot_face;
+
+ #if !defined(HB_NO_OT_FONT_BITMAP) && !defined(HB_NO_COLOR)
+- if (ot_face->sbix->get_extents (font, glyph, extents)) return true;
++ /* tdf#159529 clear the hb_ot_face_t's data after fetching 'sbix' table
++ * The 'sbix' table can be very large for color emoji fonts so clear any
++ * cached data in hb_ot_face_t after fetching that table's extents. */
++ bool sbixResult = ot_face->sbix->get_extents (font, glyph, extents);
++ const_cast<hb_ot_face_t*>(ot_face)->sbix.fini ();
++ if (sbixResult) return true;
+ if (ot_face->CBDT->get_extents (font, glyph, extents)) return true;
+ #endif
+ #if !defined(HB_NO_COLOR) && !defined(HB_NO_PAINT)
+ if (ot_face->COLR->get_extents (font, glyph, extents)) return true;
+ #endif
+- if (ot_face->glyf->get_extents (font, glyph, extents)) return true;
++ /* tdf#159529 clear the hb_ot_face_t's data after fetching 'glyf' table
++ * The 'glyf' table can be very large for color emoji fonts so clear any
++ * cached data in hb_ot_face_t after fetching that table's extents. */
++ bool glyfResult = ot_face->glyf->get_extents (font, glyph, extents);
++ const_cast<hb_ot_face_t*>(ot_face)->glyf.fini ();
++ if (glyfResult) return true;
+ #ifndef HB_NO_OT_FONT_CFF
+ if (ot_face->cff2->get_extents (font, glyph, extents)) return true;
+ if (ot_face->cff1->get_extents (font, glyph, extents)) return true;
diff --git a/external/libxml2/ExternalPackage_libxml2.mk b/external/libxml2/ExternalPackage_libxml2.mk
index 3c399970cd..799044575f 100644
--- a/external/libxml2/ExternalPackage_libxml2.mk
+++ b/external/libxml2/ExternalPackage_libxml2.mk
@@ -21,7 +21,7 @@ else # COM=MSC
$(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.dll,win32/bin.msvc/libxml2.dll))
endif
else # OS!=WNT
-$(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.11.$(LIBXML_VERSION_MICRO)))
+$(eval $(call gb_ExternalPackage_add_file,libxml2,$(LIBO_URE_LIB_FOLDER)/libxml2.so.2,.libs/libxml2.so.2.12.$(LIBXML_VERSION_MICRO)))
endif
endif # DISABLE_DYNLOADING
diff --git a/external/libxml2/libxml2-global-symbols.patch b/external/libxml2/libxml2-global-symbols.patch
index cbbe5a6222..32146da4b3 100644
--- a/external/libxml2/libxml2-global-symbols.patch
+++ b/external/libxml2/libxml2-global-symbols.patch
@@ -13,7 +13,7 @@
} LIBXML2_2.6.28;
LIBXML2_2.6.32 {
-@@ -2231,3 +2231,49 @@
+@@ -2231,3 +2231,55 @@
xmlPopOutputCallbacks;
} LIBXML2_2.9.8;
@@ -23,6 +23,12 @@
+ xmlNewSAXParserCtxt;
+} LIBXML2_2.9.11;
+
++LIBXML2_2.12.3 {
++ global:
++ xmlCtxtSetMaxAmplification;
++ xmlTextReaderSetMaxAmplification;
++} LIBXML2_2.11.4;
++
+# HACK: export global variable accessor functions (globals.h)
+LIBXML2_GLOBAL_VARIABLES {
+ global:
diff --git a/external/nss/README b/external/nss/README
index 6997cea6ca..09931f64ea 100644
--- a/external/nss/README
+++ b/external/nss/README
@@ -1,5 +1,16 @@
Contains the Network Security Services (NSS) libraries from Mozilla
+== ESR versions ==
+
+Upstream releases both regular and "ESR" versions, the latter go into Firefox
+ESR and Thunderbird.
+
+There is a new ESR version about once a year, and a ESR version gets micro
+updates only when there are security issues to fix, and it's not always obvious
+from the release notes of a regular release if there are security issues that
+are relevant to LibreOffice, hence it's probably best to bundle only the ESR
+versions and upgrade for every micro release (as recommended by upstream).
+
== Fips 140 and signed libraries ==
Fips 140 mode is not supported. That is, the *.chk files containing the
@@ -20,18 +31,3 @@ With all supported macOS SDK we use
NSS_USE_SYSTEM_SQLITE=1
to build using the system sqlite.
-== system NSS on Linux ==
-
-Note that different Linux distributions use different SONAMEs for the
-NSS libraries, so it is not possible to use --with-system-nss and build
-a portable generic LO installation set, despite NSS upstream apparently
-maintaining ABI compatibility.
-
-Debian Squeeze:
-0x000000000000000e (SONAME) Library soname: [libnss3.so.1d]
-Fedora 20:
-0x000000000000000e (SONAME) Library soname: [libnss3.so]
-
-For the record, the LSB specified SONAME is libnss3.so
-http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html
-
diff --git a/external/onlineupdate/UnpackedTarball_onlineupdate.mk b/external/onlineupdate/UnpackedTarball_onlineupdate.mk
index d27a191d50..166ede0a6b 100644
--- a/external/onlineupdate/UnpackedTarball_onlineupdate.mk
+++ b/external/onlineupdate/UnpackedTarball_onlineupdate.mk
@@ -18,6 +18,12 @@ $(eval $(call gb_UnpackedTarball_add_patches,onlineupdate, \
external/onlineupdate/lo.patch \
))
+ifeq ($(OS),WNT)
+$(eval $(call gb_UnpackedTarball_add_patches,onlineupdate, \
+ external/onlineupdate/cygpath.patch \
+))
+endif
+
# The update maintenance service that is used on Windows has a couple of checks that files in the
# to-be-updated installation set are signed, which would fail for --disable-windows-build-signing;
# so, as a HACK for debugging purposes, silence those problematic checks for --enable-dbgutil:
diff --git a/external/onlineupdate/cygpath.patch b/external/onlineupdate/cygpath.patch
new file mode 100644
index 0000000000..81003a2e7d
--- /dev/null
+++ b/external/onlineupdate/cygpath.patch
@@ -0,0 +1,11 @@
+--- tools/update-packaging/make_incremental_update.sh
++++ tools/update-packaging/make_incremental_update.sh
+@@ -110,7 +110,7 @@
+ # Remove the /
+ newdir=$(echo "$newdir" | sed -e 's:\/$::')
+ fi
+-workdir="$(mktemp -d)"
++workdir=$(cygpath -m "$(mktemp -d)")
+ updatemanifestv3="$workdir/updatev3.manifest"
+
+ mkdir -p "$workdir"
diff --git a/external/onlineupdate/lo.patch b/external/onlineupdate/lo.patch
index 14b2a9a2de..35dfb2f80f 100644
--- a/external/onlineupdate/lo.patch
+++ b/external/onlineupdate/lo.patch
@@ -238,33 +238,49 @@
// Run update process on a background thread. ShowProgressUI may return
--- tools/update-packaging/common.sh
+++ tools/update-packaging/common.sh
-@@ -76,6 +76,15 @@
+@@ -76,17 +76,8 @@
forced=
fi
-+ if [ -n "$IFSFILE" ]; then
-+ ifsline=$(grep -F " \"$f\"" "$IFSFILE")
-+ if [ -n "$ifsline" ]; then
-+ testfile=$(printf '%s' "$ifsline" | cut -f 2 -d '"')
-+ verbose_notice " add-if \"$testfile\" \"$f\""
-+ echo "add-if \"$testfile\" \"$f\"" >> "$filev3"
-+ return
-+ fi
-+ fi
- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/')
- if [ $is_extension = "1" ]; then
- # Use the subdirectory of the extensions folder as the file to test
+- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/')
+- if [ $is_extension = "1" ]; then
+- # Use the subdirectory of the extensions folder as the file to test
+- # before performing this add instruction.
+- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/')
+- verbose_notice " add-if \"$testdir\" \"$f\""
+- echo "add-if \"$testdir\" \"$f\"" >> "$filev3"
+- else
+- verbose_notice " add \"$f\"$forced"
+- echo "add \"$f\"" >> "$filev3"
+- fi
++ verbose_notice " add-if \"$f\" \"$f\"$forced"
++ echo "add-if \"$f\" \"$f\"" >> "$filev3"
+ }
+
+ check_for_add_if_not_update() {
+@@ -113,17 +104,8 @@
+ f="$1"
+ filev3="$2"
+
+- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/')
+- if [ $is_extension = "1" ]; then
+- # Use the subdirectory of the extensions folder as the file to test
+- # before performing this add instruction.
+- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/')
+- verbose_notice " patch-if \"$testdir\" \"$f.patch\" \"$f\""
+- echo "patch-if \"$testdir\" \"$f.patch\" \"$f\"" >> "$filev3"
+- else
+- verbose_notice " patch \"$f.patch\" \"$f\""
+- echo "patch \"$f.patch\" \"$f\"" >> "$filev3"
+- fi
++ verbose_notice " patch-if \"$f\" \"$f.patch\" \"$f\""
++ echo "patch-if \"$f\" \"$f.patch\" \"$f\"" >> "$filev3"
+ }
+
+ append_remove_instructions() {
--- tools/update-packaging/make_full_update.sh
+++ tools/update-packaging/make_full_update.sh
-@@ -45,6 +45,7 @@
-
- archive="$1"
- targetdir="$2"
-+IFSFILE=$3
- # Prevent the workdir from being inside the targetdir so it isn't included in
- # the update mar.
- if [ $(echo "$targetdir" | grep -c '\/$') = 1 ]; then
-@@ -53,9 +54,10 @@
+@@ -53,9 +53,10 @@
fi
workdir="$targetdir.work"
updatemanifestv3="$workdir/updatev3.manifest"
@@ -276,7 +292,7 @@
# Generate a list of all files in the target directory.
pushd "$targetdir"
-@@ -66,7 +68,6 @@
+@@ -66,7 +67,6 @@
if [ ! -f "precomplete" ]; then
if [ ! -f "Contents/Resources/precomplete" ]; then
notice "precomplete file is missing!"
@@ -284,7 +300,7 @@
fi
fi
-@@ -99,7 +100,7 @@
+@@ -99,7 +99,7 @@
$XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$targetdir/$f" > "$workdir/$f"
copy_perm "$targetdir/$f" "$workdir/$f"
@@ -293,7 +309,7 @@
done
# Append remove instructions for any dead files.
-@@ -110,7 +111,7 @@
+@@ -110,7 +110,7 @@
$XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force "$updatemanifestv3" && mv -f "$updatemanifestv3.xz" "$updatemanifestv3"
mar_command="$mar_command -C \"$workdir\" -c output.mar"
@@ -302,3 +318,75 @@
mv -f "$workdir/output.mar" "$archive"
# cleanup
+--- tools/update-packaging/make_incremental_update.sh
++++ tools/update-packaging/make_incremental_update.sh
+@@ -112,9 +112,10 @@
+ fi
+ workdir="$(mktemp -d)"
+ updatemanifestv3="$workdir/updatev3.manifest"
+-archivefiles="updatev3.manifest"
+
+ mkdir -p "$workdir"
++
++printf 'updatev3.manifest\n' >"$workdir/files.txt"
+
+ # Generate a list of all files in the target directory.
+ pushd "$olddir"
+@@ -135,7 +136,6 @@
+ if [ ! -f "precomplete" ]; then
+ if [ ! -f "Contents/Resources/precomplete" ]; then
+ notice "precomplete file is missing!"
+- exit 1
+ fi
+ fi
+
+@@ -170,7 +170,7 @@
+ $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f"
+ copy_perm "$newdir/$f" "$workdir/$f"
+ make_add_if_not_instruction "$f" "$updatemanifestv3"
+- archivefiles="$archivefiles \"$f\""
++ printf '%s\n' "$f" >>"$workdir/files.txt"
+ continue 1
+ fi
+
+@@ -180,7 +180,7 @@
+ $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f"
+ copy_perm "$newdir/$f" "$workdir/$f"
+ make_add_instruction "$f" "$updatemanifestv3" 1
+- archivefiles="$archivefiles \"$f\""
++ printf '%s\n' "$f" >>"$workdir/files.txt"
+ continue 1
+ fi
+
+@@ -227,11 +227,11 @@
+ make_patch_instruction "$f" "$updatemanifestv3"
+ mv -f "$patchfile" "$workdir/$f.patch"
+ rm -f "$workdir/$f"
+- archivefiles="$archivefiles \"$f.patch\""
++ printf '%s\n' "$f.patch" >>"$workdir/files.txt"
+ else
+ make_add_instruction "$f" "$updatemanifestv3"
+ rm -f "$patchfile"
+- archivefiles="$archivefiles \"$f\""
++ printf '%s\n' "$f" >>"$workdir/files.txt"
+ fi
+ fi
+ else
+@@ -270,7 +270,7 @@
+ fi
+
+
+- archivefiles="$archivefiles \"$f\""
++ printf '%s\n' "$f" >>"$workdir/files.txt"
+ done
+
+ notice ""
+@@ -302,7 +302,7 @@
+ $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force "$updatemanifestv3" && mv -f "$updatemanifestv3.xz" "$updatemanifestv3"
+
+ mar_command="$mar_command -C \"$workdir\" -c output.mar"
+-eval "$mar_command $archivefiles"
++eval "$mar_command -f $workdir/files.txt"
+ mv -f "$workdir/output.mar" "$archive"
+
+ # cleanup
diff --git a/external/xmlsec/BCryptKeyDerivation.patch.1 b/external/xmlsec/BCryptKeyDerivation.patch.1
new file mode 100644
index 0000000000..3747915f87
--- /dev/null
+++ b/external/xmlsec/BCryptKeyDerivation.patch.1
@@ -0,0 +1,51 @@
+tdf#159519 Windows 7 does not have BCryptKeyDerivation
+
+It just occurred to me that these functions would of course not be called
+by LibreOffice so this is untested.
+
+--- xmlsec/src/mscng/pbkdf2.c.orig 2024-02-21 19:02:56.539534152 +0100
++++ xmlsec/src/mscng/pbkdf2.c 2024-02-21 19:01:03.282270354 +0100
+@@ -318,7 +318,20 @@
+ }
+
+ /* generate the output key */
++#if 1 // _WIN32_WINNT <= 0x0601
++ typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)(
++ BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG);
++ HMODULE hBCrypt = GetModuleHandle("bcrypt.dll");
++ BCryptKeyDerivationPtr pBCryptKeyDerivation =
++ (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation");
++ if(NULL == pBCryptKeyDerivation) {
++ xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status);
++ goto done;
++ }
++ status = (*pBCryptKeyDerivation)(
++#else
+ status = BCryptKeyDerivation(
++#endif
+ hKey,
+ &paramsPBKDF2,
+ pbOut,
+--- xmlsec/src/mscng/concatkdf.c.orig 2024-02-21 19:02:37.962490885 +0100
++++ xmlsec/src/mscng/concatkdf.c 2024-02-21 19:01:37.961351134 +0100
+@@ -318,7 +318,20 @@
+ }
+
+ /* generate the output key */
++#if 1 // _WIN32_WINNT <= 0x0601
++ typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)(
++ BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG);
++ HMODULE hBCrypt = GetModuleHandle("bcrypt.dll");
++ BCryptKeyDerivationPtr pBCryptKeyDerivation =
++ (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation");
++ if(NULL == pBCryptKeyDerivation) {
++ xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status);
++ goto done;
++ }
++ status = (*pBCryptKeyDerivation)(
++#else
+ status = BCryptKeyDerivation(
++#endif
+ hKey,
+ &paramsCONCATKDF2,
+ pbOut,
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 77d3386b27..906aece5f7 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -10,6 +10,8 @@
xmlsec_patches :=
# Remove this when Ubuntu 20.04 is EOL in 2025.
xmlsec_patches += old-nss.patch.1
+# Remove this when Windows 7 is no longer supported
+xmlsec_patches += BCryptKeyDerivation.patch.1
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))