From b522be747ff554b0fa8b1666014792d961e12343 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Wed, 14 Jun 2023 10:08:13 +0100 Subject: tdf#157231 CVE-2023-4863 upgrade to libwebp-1.3.2.tar.gz Change-Id: Ib60466a59069b59fa884654167f33ccc58e59330 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156908 Tested-by: Jenkins CollaboraOffice Reviewed-by: Miklos Vajna --- RepositoryExternal.mk | 1 + bin/lo-all-static-libs | 1 + download.lst | 4 ++-- external/libwebp/Makefile.vc.patch | 33 ++++++++++++++++++--------------- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index 40e45964078b..b4eb2be23c23 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -2777,6 +2777,7 @@ $(call gb_LinkTarget_add_libs,$(1),\ else $(call gb_LinkTarget_add_libs,$(1),\ -L$(call gb_UnpackedTarball_get_dir,libwebp)/src/.libs -lwebp \ + -L$(call gb_UnpackedTarball_get_dir,libwebp)/sharpyuv/.libs -lsharpyuv \ ) endif $(call gb_LinkTarget_use_external_project,$(1),libwebp) diff --git a/bin/lo-all-static-libs b/bin/lo-all-static-libs index fbe6d7010624..83c7b281a63c 100755 --- a/bin/lo-all-static-libs +++ b/bin/lo-all-static-libs @@ -124,6 +124,7 @@ echo $INSTDIR/$LIBO_LIB_FOLDER/lib*.a \ $WORKDIR/UnpackedTarball/librevenge/src/*/.libs/*.a \ $WORKDIR/UnpackedTarball/libvisio/src/lib/.libs/*.a \ $WORKDIR/UnpackedTarball/libwebp/src/.libs/*.a \ + $WORKDIR/UnpackedTarball/libwebp/sharpyuv/.libs/*.a \ $WORKDIR/UnpackedTarball/libwp?/src/lib/.libs/*.a \ $WORKDIR/UnpackedTarball/raptor/src/.libs/*.a \ $WORKDIR/UnpackedTarball/rasqal/src/.libs/*.a \ diff --git a/download.lst b/download.lst index 781d9537663d..e1256fc40ef1 100644 --- a/download.lst +++ b/download.lst @@ -188,8 +188,8 @@ export LIBNUMBERTEXT_SHA256SUM := 17b8249cb89ae11ae15a85612d2665626c0e0e3e56b356 export LIBNUMBERTEXT_TARBALL := libnumbertext-1.0.7.tar.xz export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304f7281f8f7347483 export LIBTOMMATH_TARBALL := ltm-1.0.zip -export LIBWEBP_SHA256SUM := 808b98d2f5b84e9b27fdef6c5372dac769c3bda4502febbfa5031bd3c4d7d018 -export LIBWEBP_TARBALL := libwebp-1.2.1.tar.gz +export LIBWEBP_SHA256SUM := 2a499607df669e40258e53d0ade8035ba4ec0175244869d1025d460562aa09b4 +export LIBWEBP_TARBALL := libwebp-1.3.2.tar.gz export XMLSEC_SHA256SUM := 2d84360b03042178def1d9ff538acacaed2b3a27411db7b2874f1612ed71abc8 export XMLSEC_TARBALL := xmlsec1-1.2.30.tar.gz export LIBXML_SHA256SUM := 5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c diff --git a/external/libwebp/Makefile.vc.patch b/external/libwebp/Makefile.vc.patch index 653998319b82..41c899921a1c 100644 --- a/external/libwebp/Makefile.vc.patch +++ b/external/libwebp/Makefile.vc.patch @@ -1,7 +1,7 @@ --- Makefile.vc.sav 2021-07-30 00:55:37.000000000 +0200 +++ Makefile.vc 2022-01-25 17:35:30.206117700 +0100 -@@ -7,11 +7,11 @@ - LIBWEBPDEMUX_BASENAME = libwebpdemux +@@ -8,11 +8,11 @@ + LIBSHARPYUV_BASENAME = libsharpyuv !IFNDEF ARCH -!IF ! [ cl 2>&1 | find "x86" > NUL ] @@ -15,7 +15,7 @@ ARCH = ARM !ELSE !ERROR Unable to auto-detect toolchain architecture! \ -@@ -27,8 +27,8 @@ +@@ -28,8 +28,8 @@ ## Nothing more to do below this line! NOLOGO = /nologo @@ -25,7 +25,7 @@ +CCDEBUG = $(CC) $(NOLOGO) /Od /Zi /D_DEBUG /RTC1 CFLAGS = /I. /Isrc $(NOLOGO) /W3 /EHsc /c CFLAGS = $(CFLAGS) /DWIN32 /D_CRT_SECURE_NO_WARNINGS /DWIN32_LEAN_AND_MEAN - LDFLAGS = /LARGEADDRESSAWARE /MANIFEST /NXCOMPAT /DYNAMICBASE + LDFLAGS = /LARGEADDRESSAWARE /MANIFEST:EMBED /NXCOMPAT /DYNAMICBASE @@ -67,7 +67,7 @@ RTLIB = /MD RTLIBD = /MDd @@ -35,7 +35,7 @@ DIROBJ = $(DIRBASE)\obj DIRLIB = $(DIRBASE)\lib DIRINC = $(DIRBASE)\include -@@ -86,10 +86,10 @@ +@@ -87,10 +87,10 @@ # Target configuration !IF "$(CFG)" == "release-static" @@ -48,9 +48,9 @@ RTLIB = $(RTLIBD) STATICLIBBUILD = TRUE LIBWEBPDECODER_BASENAME = $(LIBWEBPDECODER_BASENAME)_debug -@@ -97,11 +97,11 @@ - LIBWEBPMUX_BASENAME = $(LIBWEBPMUX_BASENAME)_debug +@@ -99,11 +99,11 @@ LIBWEBPDEMUX_BASENAME = $(LIBWEBPDEMUX_BASENAME)_debug + LIBSHARPYUV_BASENAME = $(LIBSHARPYUV_BASENAME)_debug !ELSE IF "$(CFG)" == "release-dynamic" -CC = $(CCNODBG) +CC_ = $(CCNODBG) @@ -62,7 +62,7 @@ RC = $(RCDEBUG) RTLIB = $(RTLIBD) DLLBUILD = TRUE -@@ -112,7 +112,7 @@ +@@ -115,7 +115,7 @@ !ENDIF !IF "$(STATICLIBBUILD)" == "TRUE" @@ -71,25 +71,25 @@ CFGSET = TRUE LIBWEBPDECODER = $(DIRLIB)\$(LIBWEBPDECODER_BASENAME).lib LIBWEBP = $(DIRLIB)\$(LIBWEBP_BASENAME).lib -@@ -120,7 +120,7 @@ +@@ -123,7 +123,7 @@ LIBWEBPDEMUX = $(DIRLIB)\$(LIBWEBPDEMUX_BASENAME).lib + LIBSHARPYUV = $(DIRLIB)\$(LIBSHARPYUV_BASENAME).lib !ELSE IF "$(DLLBUILD)" == "TRUE" - DLLINC = webp_dll.h --CC = $(CC) /I$(DIROBJ) /FI$(DLLINC) $(RTLIB) /DWEBP_DLL -+CC_ = $(CC_) /I$(DIROBJ) /FI$(DLLINC) $(RTLIB) /DWEBP_DLL +-CC = $(CC) /I$(DIROBJ) $(RTLIB) /DWEBP_DLL ++CC_ = $(CC_) /I$(DIROBJ) $(RTLIB) /DWEBP_DLL LIBWEBPDECODER = $(DIRLIB)\$(LIBWEBPDECODER_BASENAME)_dll.lib LIBWEBP = $(DIRLIB)\$(LIBWEBP_BASENAME)_dll.lib LIBWEBPMUX = $(DIRLIB)\$(LIBWEBPMUX_BASENAME)_dll.lib -@@ -421,7 +421,7 @@ - $(DIROBJ)\$(DLLINC) +@@ -434,7 +434,7 @@ + !IF "$(DLLBUILD)" == "TRUE" {$(DIROBJ)}.c{$(DIROBJ)}.obj: - $(CC) $(CFLAGS) /Fd$(LIBWEBP_PDBNAME) /Fo$@ $< + $(CC_) $(CFLAGS) /Fd$(LIBWEBP_PDBNAME) /Fo$@ $< {src}.rc{$(DIROBJ)}.res: $(RC) /fo$@ $< -@@ -461,39 +461,39 @@ +@@ -467,41 +467,41 @@ # File-specific flag builds. Note batch rules take precedence over wildcards, # so for now name each file individually. $(DIROBJ)\examples\anim_diff.obj: examples\anim_diff.c @@ -122,6 +122,9 @@ {imageio}.c{$(DIROBJ)\imageio}.obj:: - $(CC) $(CFLAGS) /Fd$(DIROBJ)\imageio\ /Fo$(DIROBJ)\imageio\ $< + $(CC_) $(CFLAGS) /Fd$(DIROBJ)\imageio\ /Fo$(DIROBJ)\imageio\ $< + {sharpyuv}.c{$(DIROBJ)\sharpyuv}.obj:: +- $(CC) $(CFLAGS) /Fd$(DIROBJ)\sharpyuv\ /Fo$(DIROBJ)\sharpyuv\ $< ++ $(CC_) $(CFLAGS) /Fd$(DIROBJ)\sharpyuv\ /Fo$(DIROBJ)\sharpyuv\ $< {src\dec}.c{$(DIROBJ)\dec}.obj:: - $(CC) $(CFLAGS) /Fd$(LIBWEBP_PDBNAME) /Fo$(DIROBJ)\dec\ $< + $(CC_) $(CFLAGS) /Fd$(LIBWEBP_PDBNAME) /Fo$(DIROBJ)\dec\ $< -- cgit