| Age | Commit message (Collapse) | Author |
|---|
|
Downloaded from https://curl.se/download/curl-8.10.0.tar.xz
Change-Id: I1eb9506a73162ce2e2adf1fe1e02267c34bc78ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173194
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
...see
<https://emscripten.org/docs/porting/networking.html#full-posix-sockets-over-websocket-proxy-server>.
This requires
<https://github.com/stbergmann/emscripten/commit/4aff1f28b88480791236adcc6d5cb2d919ad4bf3>
"-sPROXY_POSIX_SOCKETS: Add websocket_proxy_poll". When configured with
--disable-socketpair (which appears to have no negative consequences),
external/curl appears to only call poll(2) with socket-related file descriptors,
so we can use websocket_proxy_poll instead.
The URL on which the websocket_to_posix_proxy process listens must be specified
as Module.uno_websocket_to_posix_socket_url.
Change-Id: I4ad23098b5bbc0646fa50859c0aeb9870d1cc92a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172243
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
Tested-by: Jenkins
|
|
* Which also requires external/curl. But implicitly use --without-gssapi,
checking for it in configure.ac would fail with
> configure: error: could not find function 'gss_init_sec_context' required for GSSAPI
And building ExternalProject_curl needs to see the -pthread from
gb_EMSCRIPTEN_CPPFLAGS, otherwise linking Executable_soffice_bin would fail with
> wasm-ld: error: --shared-memory is disallowed by libcurl_la-easy.o because it was not compiled with 'atomics' or 'bulk-memory' features.
* By default, GetCABundleFile in include/systools/opensslinit.hxx will fail
now. (But to make https work, applications could bring along their own such
file in the Emscripten FS, in one of the places where GetCABundleFile checks for
it.) So, for Emscripten only, make failure of GetCABundleFile non-fatal in
InitCurl_easy.
* Some code in sw was erroneously hidden behind !ENABLE_WASM_STRIP_EXTRA (off
by default for Emscripten), but is needed with HAVE_FEATURE_CURL.
* See <https://emscripten.org/docs/porting/networking.html> for how to actually
use networking in an Emscripten application.
Change-Id: I2bbe9f3fd0e20143e18eb1e8104568b1c7a304de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172167
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
|
|
Downloaded from https://curl.se/download/curl-8.9.0.tar.xz
Change-Id: Id8198dcc73e1679e8f672459b19d84606ae3e762
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170934
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Tested-by: Jenkins
|
|
This will link libgssapi_krb5.so.2 which is in krb5-libs (ABI CL1 in
RHEL8, ABI CL2 in RHEL9).
Change-Id: I2dbaa64e70f4502c5a47c6c85123c94b9ad41277
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170758
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Downloaded from https://curl.se/download/curl-8.8.0.tar.xz
Change-Id: Ib6ecbdb774f4d2643d8e848d8826704a51884eac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167929
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
…by a simple/static $(gb_UnpackedTarball_workdir)/foo
see also 0c4c84a14b01c71c76a9c45a7f26aec4d64f3e4f
Change-Id: I8e6aa55c85534c4446556548910c950ddbe7c6fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167163
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Jenkins
|
|
FTP support has been deprecated since LO 7.4.
The UCP currently doesn't even support TLS connections.
Also disable FTP protocol in libcurl.
Also remove JunitTest_ucb_complex: turns out the only test in it,
checkWrongFtpConnection, fails on Linux because now GIO UCP handles
ftp:// URLs and it throws InteractiveAugmentedIOException instead of
expected ones, and on other platforms it would fail differently because
there is no GIO.
Change-Id: I4631d124371fef390f105fb16bf09aaa59e739e7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159065
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2023-38039
* NSS support was removed in this release, so NSS related patches are not necessary now.
* add configure options for curl.
Change-Id: I71e09bac3c69ce4b13deee770a32225f39f79c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156917
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
|
|
...after
<https://github.com/llvm/llvm-project/commit/279a4d0d67c874e80c171666822f2fabdd6fa926>
"-fsanitize=function: support C".
This includes reverts of 16af9e81863a80116f808ee3cfa4a1bab7c67ac5 "update clang
asan suppressions" and 151a43f3d00f6523079c53d6c2d064f80b9a55d6 ""update clang
asan suppressions".
Change-Id: I49740f5f3a784af1d62b830b47bfdfa27fe3e471
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156935
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
The current URL of the curl project's website is https://curl.se/.
Change-Id: Ibbbd2b0c8b6616bd1f59af06f2a41f62674d3bab
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152939
Tested-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
|
|
Fixes CVE-2023-28321, CVE-2023-28322, and 2 more CVEs that
probably don't affect LibreOffice
Change-Id: If8720ba3647216063bffc8678aa64dad9a317128
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152809
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO.
Reference: https://curl.se/docs/security.html
Change-Id: If9b3fc7c5ce66bfe1027caff39ea2c1cf55df7ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147673
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
As discussed in the mailing list thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2023-January/089808.html>
"Plan to remove dead C++ UNO bridge implementations (bridges/source/cpp_uno/*)",
the bridge implementation at bridges/source/cpp_uno/gcc3_aix_powerpc is
apparently dead and should thus be removed. However, that was the only bridge
implementation for AIX, which implies that support for the AIX platform as a
whole is dead and should thus be removed.
Change-Id: I96de3f7f97d4fd770ff78256f0ea435383688be9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146057
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Fixes CVE-2022-43551 and CVE-2022-43552.
https://curl.se/docs/CVE-2022-43551.html
https://curl.se/docs/CVE-2022-43552.html
Change-Id: I979ed11c212aef226ad9f26420462e5f9dbe15e5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144885
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
otherwise with (default due to --disable-dynamic-loading) --disable-nss
we get:
configure: error: select TLS backend(s) or disable TLS with --without-ssl.
Select from these:
--with-amissl
--with-bearssl
--with-gnutls
--with-mbedtls
--with-nss
--with-openssl (also works for BoringSSL and libressl)
--with-rustls
--with-schannel
--with-secure-transport
--with-wolfssl
alternative we could --without-ssl entirely without nss
Change-Id: Iea25b918c135664dffacfb74089d7c7c0818695e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141956
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ic6995dfcc11c872092c5e1a53c84dfed5d254eea
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141955
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2022-32221 which could affect libcmis, CVE-2022-42915,
and 2 more CVEs that probably don't affect LO.
* remove --without-ssl:
On the one hand, on GNU/Linux this now results in:
configure: error: --without-ssl has been set together with an explicit option to use an ssl library
On the other hand, using the more obvious --without-openssl yields a link
failure on Android on the nss check in configure:
configure:28220: checking for SSL_VersionRangeSet in -lnss
/home/cl/Android/Sdk/ndk/20.1.5948944/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9.x/../../../../aarch64-linux-android/bin/ld: warning: liblog.so, needed by /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so, not found (try using -rpath or -rpath-link)
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_write'
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_assert'
... so add the -llog for android in curl-nss.patch.1
Change-Id: I3931a1eec2d681c2ce0e5695039492772e9fcc81
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141866
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2022-35252
Change-Id: I549240f6ae31ae94f925422517cd03ef2e3b5732
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140411
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
There is no justification why this patch was added, upstream doesn't
want to add such a feature[1], and maintaining feature patches in LO
for bundled externals doesn't make sense.
Also, this doesn't respect the Inet::Settings::ooInetHTTPProxy*
settings from the configuration.
Let's remove it and hope nobody complains.
[1] https://curl.se/mail/lib-2022-05/0083.html
Change-Id: I1ccdefb76f69e6795a28d4d25bf443555c16ab0b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135182
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781
plus 6 more CVEs that shouldn't affect LO.
Remove obsolete configure-eval-fix.patch.0.
Change-Id: Ifbd7ff5acf390df1d95d6b8be0dc7751e4753bbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
This is basically ea68de2968c0dbcd8e7549435e829db06795c16d but
for LDFLAGS. A number of external libs cannot use this because
their libtool mishandles -fuse-ld.
Change-Id: Idee379eb0a3afb475b536519ee3de064b4e218f4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133639
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
No idea why we just provided the platform flags when cross-
compiling. In the curious case, where the host platform is
detected as x86_64-pc-mingw32 per default and we actually
want to override it with x86_64-pc-cygwin, we don't do a
cross compile, but must override the host platform.
But there is additional special handling needed for the omitted
cross-platform build in the special case of --host=i686-pc-cygwin
and --build=x86_64-pc-cygwin, where we deliberatly ignore cross
building; Windows is already a slow build, so try to keep this
optimization (AMD64 can execute x86 binaries).
There is the theoretical case, where the externals config.guess
would have detected something else and that "magically" even
worked, while the LO detected triplet would fail, but this
should be fixed in the external in any way.
Change-Id: Ib7a9719e0e406fe90334b7611dc3f01b51692bfa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129153
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
This fixes the same issue as
<https://github.com/curl/curl/commit/e39421cef31f13a19b6bef5c644978e0c54e4e16>
"curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval", just in a less
intrusive way so that we can get away with just fixing the resulting configure
rather than having to run any Autotools reconfiguration commands.
40a84af1bdd7b3c414a8a78ca32b0951c03f9976 "upgrade to curl-7.81.0" caused
<https://ci.libreoffice.org/job/lo_ubsan/2272/> to fail with the cryptic
[...]
> checking for gethostbyname in -lnetwork... no
> checking for gethostbyname in -lnet... no
> configure: error: couldn't find libraries for gethostbyname()
> /home/tdf/lode/jenkins/workspace/lo_ubsan/external/curl/ExternalProject_curl.mk:41: recipe for target '/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/ExternalProject/curl/build' failed
> make[1]: *** [/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/ExternalProject/curl/build] Error 1
because somewhere in the middle of curl's configure LD_LIBRARY_PATH got garbled
because of this issue, so that invoking
/home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang started to fail with
> /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.22' not found (required by /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang)
> /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang)
> /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /home/tdf/lode/opt_private/clang-llvmorg-9.0.1/bin/clang)
(because that clang is built against a local GCC and libstdc++, so needs
LD_LIBRARY_PATH to be set up properly to find the latter), which caused the
gethostbyname check to fail (as seen when looking into that build's
workdir/UnpackedTarball/curl/config.log).
Change-Id: I3d45018cdfdb22b98c0dec0757e754a172a811de
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128850
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
...than ae36ee4f3aa544e53e2edad93d6d79160b27bc9d "Work around use-after-poison"
for
> ==1922539==ERROR: AddressSanitizer: use-after-poison on address
> 0x61d00190fab0 at pc 0x00000026aaa9 bp 0x7f422ee84b80 sp
> 0x7f422ee84348 WRITE of size 192 at 0x61d00190fab0 thread T44 #0 in
> memset at
> ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:800:3
> (instdir/program/soffice.bin +0x26aaa8) #1 at <null>
> (/lib64/libnsspem.so +0x15f3d) #2 at <null> (/lib64/libnsspem.so
> +0x16185) #3 at <null> (/lib64/libnsspem.so +0x8a9b) #4 at <null>
> (/lib64/libnsspem.so +0xe13b) #5 in secmod_ModuleInit at
> workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11load.c:244:11
> (instdir/program/libnss3.so +0x4ad372) #6 in secmod_LoadPKCS11Module
> at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11load.c:544:10
> (instdir/program/libnss3.so +0x4b1fca) #7 in SECMOD_LoadModule at
> workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pars.c:1946:10
> (instdir/program/libnss3.so +0x50de92) #8 in SECMOD_LoadUserModule
> at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pars.c:2042:28
> (instdir/program/libnss3.so +0x50e9a9) #9 in nss_load_module at
> workdir/UnpackedTarball/curl/lib/vtls/nss.c:1310:12
> (instdir/program/libcurl.so.4 +0x4fdd25) #10 in nss_setup_connect at
> workdir/UnpackedTarball/curl/lib/vtls/nss.c:1894:12
> (instdir/program/libcurl.so.4 +0x4eeffb) #11 in nss_connect_common
> at workdir/UnpackedTarball/curl/lib/vtls/nss.c:2235:14
> (instdir/program/libcurl.so.4 +0x4ee237) #12 in
> nss_connect_nonblocking at
> workdir/UnpackedTarball/curl/lib/vtls/nss.c:2291:10
> (instdir/program/libcurl.so.4 +0x4ebe4a) #13 in
> Curl_ssl_connect_nonblocking at
> workdir/UnpackedTarball/curl/lib/vtls/vtls.c:361:12
> (instdir/program/libcurl.so.4 +0x514039) #14 in https_connecting at
> workdir/UnpackedTarball/curl/lib/http.c:1591:12
> (instdir/program/libcurl.so.4 +0x2f29ce) #15 in Curl_http_connect at
> workdir/UnpackedTarball/curl/lib/http.c:1517:14
> (instdir/program/libcurl.so.4 +0x2f23d5) #16 in protocol_connect at
> workdir/UnpackedTarball/curl/lib/multi.c:1696:16
> (instdir/program/libcurl.so.4 +0x3b8620) #17 in multi_runsingle at
> workdir/UnpackedTarball/curl/lib/multi.c:1997:16
> (instdir/program/libcurl.so.4 +0x3a2232) #18 in curl_multi_perform
> at workdir/UnpackedTarball/curl/lib/multi.c:2568:14
> (instdir/program/libcurl.so.4 +0x39dc5c) #19 in
> http_dav_ucp::CurlProcessor::ProcessRequestImpl(http_dav_ucp::CurlSession&,
> http_dav_ucp::CurlUri const&, curl_slist*,
> com::sun::star::uno::Reference<com::sun::star::io::XOutputStream>
> const*, com::sun::star::uno::Sequence<signed char> const*,
> std::pair<std::__debug::vector<rtl::OUString,
> std::allocator<rtl::OUString> > const&, http_dav_ucp::DAVResource&>
> const*, (anonymous namespace)::ResponseHeaders&) at
> ucb/source/ucp/webdav-curl/CurlSession.cxx:880:14
> (instdir/program/../program/libucpdav1.so +0x5aad30) 0x61d00190fab0
> is located 48 bytes inside of 2048-byte region
> [0x61d00190fa80,0x61d001910280) allocated by thread T44 here: #0 in
> malloc at
> ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
> (instdir/program/soffice.bin +0x2d3c7e) #1 in PR_Malloc at
> workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:448:55
> (instdir/program/libnspr4.so +0x123629) #2 in PL_ArenaAllocate at
> workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:134:27
> (instdir/program/libplds4.so +0x9a32) #3 at <null>
> (/lib64/libnsspem.so +0x15f77)
during UITest_sw_options:
That --with-system-nss workaround for <https://ci.libreoffice.org/job/lo_ubsan/>
had caused CppunitTest_desktop_lib to start to fail there, presumably "caused by
--with-system-nss on the CentOS7 baseline", see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-December/088136.html>
"Re: [global-libreoffice-ci] UBSAN Linux Build - Build # 2217 - Still Failing!"
And while I had initially not been able to reproduce the use-after-poison during
UITest_sw_options with my local ASan+UBSan build (on Fedora 35), I now found out
that that was just because my machine happened to not have an nsspem library
installed in the system (the nss-pem RPM on Fedora). With that system library
installed, my local build failed UITest_sw_options in the same way as the
Jenkins tinderbox.
Which lead me to the idea of avoiding the whole mess by avoiding that CUrl loads
the (apparently optional) nsspem library in ASan builds altogether. (Another
approach might have been to disable the __asan_poison_memory_region
functionality in workdir/UnpackedTarball/nss/nspr/lib/ds/plarena.h, but the
chosen approach nicely makes us less dependent on accidental differences in
build-time execution environments, at least for ASan builds.)
Change-Id: I8fd2ff255771622f26ad666ca78a6d9ded0af2d7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126451
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
There's no official MSVC support in ccache yet, but there are patches
in progress of getting upstreamed. So right now it's necessary
to get a patched ccache.
Ccache cannot work with -Zi option, since sharing debuginfo in a .PDB
cannot be cached. Added --enable-z7-symbols that gets enabled
by default if ccache is detected.
It works even with PCHs enabled, and externals seem to work too.
I get almost 100% hit rate on a rebuild, although such a rebuild
is slower than on Linux.
Change-Id: I1d230ee1fccc441b9d9bec794cc2e1ec13161999
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125179
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: I53eb6ed41fb8a17a79f72807df15822e9c1c6e88
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124290
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
This causes:
soffice.bin: sendf.c:243: Curl_infof: Assertion `!strchr(fmt, '\n')' failed.
Change-Id: I5a78b2225f6769cc49025e1e73ce72cd3d6bec16
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122963
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
- configure with:
- --host=wasm64-local-emscripten
- had to make a few externals optional, so adding:
- --disable-nss
- --disable-cmis
- --disable-curl
Change-Id: I48d1c73d2675ad2e2beaf2c341578199efbd24ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111130
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
We must link nss statically, including the three dylibs that normally
are loaded at run-time, because including bare dylibs in an iOS appp
on the App Store is not OK. See
https://developer.apple.com/forums/thread/125796 .
For linking the softokn3 library statically, NSS already had code,
behind NSS_STATIC_SOFTOKEN ifdefs. Introduce two more macros:
NSS_STATIC_FREEBL for the freebl library and NSS_STATIC_PKCS11 for the
nssckbi library.
Turn off parallelism for the sub-make building nss. There seems to be
race conditions or something when running simultaneous instances of
the nsinstall.py script or the nsinstall program in nss (used when
building nss for the build platform).
When cross-compiling from macOS, use python3 to run the nsinstall.py
script, as it is Python 3.
Change-Id: Idd427b5ebf21f802b3feb0d5a3d259317ba8fc67
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103106
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103218
Tested-by: Jenkins
|
|
Adds three Windows gb_* variables:
- gb_MSBUILD_CONFIG_AND_PLATFORM can be passed as msbuild flags
- gb_MSBUILD_PLATFORM maps debug / release settings
- gb_MSBUILD_CONFIG maps the CPUTYPE to the default msbuild names
and converts the users in external projects.
Change-Id: Ie9b817721180d78d104db11c44241e4b3e46bba9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102701
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
Change-Id: I65741410e9ba14326a6ad7a676d1dfb10006e34f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97988
Tested-by: Jenkins
Reviewed-by: Tor Lillqvist <tml@collabora.com>
|
|
Fixes CVE-2020-8169, and about 3 other ones that don't affect LO/libcmis.
Disable new optional dependencies "ngtcp2" and "quiche".
Change-Id: I595ed909c4e792ac3244643511a338b117e7f102
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97406
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
See instructions in solenv/gbuild/Trace.mk . This generates a file than
can be viewed e.g. in the Chromium tracing view.
Change-Id: I5f90647c58ca729375525b6daed2d4918adc8188
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88754
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: I3a725e4681c11f503dae57436b05b5a80ff2979c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88764
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.
Apparently there's no code in LO that uses the CURLU_URLENCODE flag.
The other one, CVE-2019-5436, doesn't matter because we disable tftp.
Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
...after eeeec33ada5923f1f534334b22c15d6e2c6f1d35 "merge
--enable-selective-debuginfo into --enable-symbols" had removed it
Change-Id: I83aed6e21c4b983d8645707daa65bd85ec16ff6b
Reviewed-on: https://gerrit.libreoffice.org/71798
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
...at least some of which have presumably been missing from
ce43d0ae9279edbf1ad108fe0d8325327a038d49 "use consistent #define checks for the
Windows platform" by accident (and some just clean up comments)
Change-Id: I5532685c7df96ae3c8a25b73d8064d7433964a9b
Reviewed-on: https://gerrit.libreoffice.org/68580
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I651b7f202fa52ff5f5357a11aa72c43eb7dc7f95
Reviewed-on: https://gerrit.libreoffice.org/64102
Tested-by: Jenkins
Reviewed-by: Bartosz Kosiorek <gang65@poczta.onet.pl>
|
|
This gets rid of the horrible hack in gbuild.mk to accomodate the
case-incorrect iOS platform makefiles that cannot be renamed without
upsetting git on file systems that sadly lack the case sensitivity
feature.
Keep the macro defined to IOS though.
Change-Id: I1022bfef4900da00e75fc1ccce786b20f8673234
Reviewed-on: https://gerrit.libreoffice.org/62705
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
This fixes the following CVEs:
* FTP: shutdown response buffer overflow CVE-2018-1000300
* RTSP: bad headers buffer over-read CVE-2018-1000301
Change-Id: Ic3229577083286501162aa5979a94ce934739557
Reviewed-on: https://gerrit.libreoffice.org/54418
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
chmod -x for .patch, .pptm, and .vb
Change-Id: I98e1221e48df22e8b58aaf305898cbe301f187ce
Reviewed-on: https://gerrit.libreoffice.org/52568
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
* fixes 2 CVEs
* disable some new optional dependencies
Change-Id: If7725d126e68de04b67969a83c0ea08573a43679
Reviewed-on: https://gerrit.libreoffice.org/48493
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
... instead of hard-coding some subset of the variables everywhere.
Change-Id: I5eac5663563ee9d6cb7b57f5f6e9d55560587276
Reviewed-on: https://gerrit.libreoffice.org/44167
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
("IDE Minimal Rebuild", according to
<https://msdn.microsoft.com/en-us/library/6ce2bkt7.aspx>)
Change-Id: I1b549c50bea4285bc6c89302f757f2e7e0bf1784
|
|
- fixes a very minor CVE: CVE-2017-1000254
- the Windows nmakefiles we were previously using have been
removed, so we use the *other* Windows nmake build system now
- /EHs override is pointless, default /EHsc should work fine
- the macros defined in ExternalProject are not needed any more
- curl-msvc-schannel.patch.1: drop, not needed with new makefiles
- curl-osx.patch.1: none of it applies, presumably fixed upstream
Change-Id: I15c71b9c82c31d286d935b57543a1b0216123b66
Reviewed-on: https://gerrit.libreoffice.org/43724
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
...which wants to take it from CFLAGS, otherwise defaults to 10.8
Change-Id: I1b086ee8abba1e4b46c67b6b4fe6a05c4ef7a3d8
|
