You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by tr...@apache.org on 2016/08/10 21:29:48 UTC
svn commit: r1755873 - in /openoffice/trunk/main: LICENSE
expat/expat-2.1.0.patch expat/expat-2.2.0.patch expat/expat-winapi.patch
expat/makefile.mk expat/prj/d.lst external_deps.lst
Author: truckman
Date: Wed Aug 10 21:29:48 2016
New Revision: 1755873
URL: http://svn.apache.org/viewvc?rev=1755873&view=rev
Log:
#i127069#: bundled expat version 2.1.0 has two vulnerabilities
Upgrade bundled expat to version 2.2.0, which fixes:
CVE-2016-5300
CVE-2012-6702
It is not known whether these can be exploited when expat is used
as part of OpenOffice. All of input files to expat seem to come
from the OpenOffice source.
One patch is needed to the expat source, without which saxparser
crashes during the build. It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>. It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.
Added:
openoffice/trunk/main/expat/expat-2.2.0.patch
- copied, changed from r1755010, openoffice/trunk/main/expat/expat-2.1.0.patch
Removed:
openoffice/trunk/main/expat/expat-2.1.0.patch
Modified:
openoffice/trunk/main/LICENSE
openoffice/trunk/main/expat/expat-winapi.patch
openoffice/trunk/main/expat/makefile.mk
openoffice/trunk/main/expat/prj/d.lst
openoffice/trunk/main/external_deps.lst
Modified: openoffice/trunk/main/LICENSE
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/LICENSE?rev=1755873&r1=1755872&r2=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/LICENSE (original)
+++ openoffice/trunk/main/LICENSE Wed Aug 10 21:29:48 2016
@@ -1029,9 +1029,8 @@ ____
For integration of XML Expat - built in main/expat/
- MIT license
-Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
- and Clark Cooper
-Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers.
+Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
+Copyright (c) 2001-2016 Expat maintainers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
Copied: openoffice/trunk/main/expat/expat-2.2.0.patch (from r1755010, openoffice/trunk/main/expat/expat-2.1.0.patch)
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/expat/expat-2.2.0.patch?p2=openoffice/trunk/main/expat/expat-2.2.0.patch&p1=openoffice/trunk/main/expat/expat-2.1.0.patch&r1=1755010&r2=1755873&rev=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/expat/expat-2.1.0.patch (original)
+++ openoffice/trunk/main/expat/expat-2.2.0.patch Wed Aug 10 21:29:48 2016
@@ -1,5 +1,5 @@
---- misc/expat-2.1.0/lib/makefile.mk Wed Aug 20 14:33:55 2008
-+++ misc/build/expat-2.1.0/lib/makefile.mk Wed Aug 20 14:26:42 2008
+--- misc/expat-2.2.0/lib/makefile.mk Wed Aug 20 14:33:55 2008
++++ misc/build/expat-2.2.0/lib/makefile.mk Wed Aug 20 14:26:42 2008
@@ -1 +1,83 @@
-dummy
+#**************************************************************
@@ -36,7 +36,7 @@
+CFLAGS+=-I..
+
+.IF "$(OS)"=="WNT"
-+CDEFS+=-DCOMPILED_FROM_DSP
++CDEFS+=-DWIN32
+.ELSE
+CDEFS+=-DHAVE_EXPAT_CONFIG_H
+.ENDIF
@@ -73,7 +73,7 @@
+SLOFILES_X64=$(SLO_X64)$/xmlparse.obj \
+ $(SLO_X64)$/xmlrole.obj \
+ $(SLO_X64)$/xmltok.obj
-+CDEFS_X64+=-DXML_UNICODE -DCOMPILED_FROM_DSP
++CDEFS_X64+=-DXML_UNICODE -DWIN32
+CFLAGS_X64+=-I..
+LIB1TARGET_X64=$(SLB_X64)$/$(TARGET)_xmlparse.lib
+LIB1OBJFILES_X64=$(SLO_X64)$/xmlparse.obj
@@ -85,3 +85,32 @@
+.INCLUDE : set_wntx64.mk
+.INCLUDE : target.mk
+.INCLUDE : tg_wntx64.mk
+--- misc/expat-2.2.0/lib/xmltok.c 2016-06-21 05:58:38.000000000 -0700
++++ misc/build/expat-2.2.0/lib/xmltok.c 2016-08-05 10:08:54.265761000 -0700
+@@ -402,7 +402,7 @@
+ case BT_LEAD2:
+ if (fromLim - from < 2) {
+ res = XML_CONVERT_INPUT_INCOMPLETE;
+- break;
++ goto after;
+ }
+ *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));
+ from += 2;
+@@ -410,7 +410,7 @@
+ case BT_LEAD3:
+ if (fromLim - from < 3) {
+ res = XML_CONVERT_INPUT_INCOMPLETE;
+- break;
++ goto after;
+ }
+ *to++ = (unsigned short)(((from[0] & 0xf) << 12)
+ | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));
+@@ -441,6 +441,8 @@
+ break;
+ }
+ }
++ if (from < fromLim)
++ res = XML_CONVERT_OUTPUT_EXHAUSTED;
+ after:
+ *fromP = from;
+ *toP = to;
Modified: openoffice/trunk/main/expat/expat-winapi.patch
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/expat/expat-winapi.patch?rev=1755873&r1=1755872&r2=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/expat/expat-winapi.patch (original)
+++ openoffice/trunk/main/expat/expat-winapi.patch Wed Aug 10 21:29:48 2016
@@ -1,5 +1,6 @@
---- misc/expat-2.1.0/lib/expat_external.h 2009-11-16 08:53:17.375000000 +0000
-+++ misc/build/expat-2.1.0/lib/expat_external.h 2009-11-16 08:53:34.703125000 +0000
+diff -ur misc/expat-2.2.0/lib/expat_external.h misc/build/expat-2.2.0/lib/expat_external.h
+--- misc/expat-2.2.0/lib/expat_external.h 2016-06-21 05:58:38.000000000 -0700
++++ misc/build/expat-2.2.0/lib/expat_external.h 2016-07-31 17:10:53.551556000 -0700
@@ -7,10 +7,6 @@
/* External API definitions */
Modified: openoffice/trunk/main/expat/makefile.mk
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/expat/makefile.mk?rev=1755873&r1=1755872&r2=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/expat/makefile.mk (original)
+++ openoffice/trunk/main/expat/makefile.mk Wed Aug 10 21:29:48 2016
@@ -38,8 +38,8 @@ all:
# --- Files --------------------------------------------------------
-TARFILE_NAME=expat-2.1.0
-TARFILE_MD5=dd7dab7a5fea97d2a6a43f511449b7cd
+TARFILE_NAME=expat-2.2.0
+TARFILE_MD5=2f47841c829facb346eb6e3fab5212e2
ADDITIONAL_FILES=lib$/makefile.mk
PATCH_FILES=$(TARFILE_NAME).patch \
expat-winapi.patch
Modified: openoffice/trunk/main/expat/prj/d.lst
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/expat/prj/d.lst?rev=1755873&r1=1755872&r2=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/expat/prj/d.lst (original)
+++ openoffice/trunk/main/expat/prj/d.lst Wed Aug 10 21:29:48 2016
@@ -1,7 +1,7 @@
mkdir: %_DEST%\inc%_EXT%\external\expat
mkdir: %_DEST%\lib%_EXT%\x64
-..\%__SRC%\misc\build\expat-2.1.0\lib\expat.h %_DEST%\inc%_EXT%\external\expat.h
-..\%__SRC%\misc\build\expat-2.1.0\lib\expat_external.h %_DEST%\inc%_EXT%\external\expat_external.h
+..\%__SRC%\misc\build\expat-2.2.0\lib\expat.h %_DEST%\inc%_EXT%\external\expat.h
+..\%__SRC%\misc\build\expat-2.2.0\lib\expat_external.h %_DEST%\inc%_EXT%\external\expat_external.h
..\%__SRC%\slb\expat_xmltok.lib %_DEST%\lib%_EXT%\expat_xmltok.lib
..\%__SRC%\slb\expat_xmlparse.lib %_DEST%\lib%_EXT%\expat_xmlparse.lib
..\%__SRC%\slb\ascii_expat_xmlparse.lib %_DEST%\lib%_EXT%\ascii_expat_xmlparse.lib
Modified: openoffice/trunk/main/external_deps.lst
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/external_deps.lst?rev=1755873&r1=1755872&r2=1755873&view=diff
==============================================================================
--- openoffice/trunk/main/external_deps.lst (original)
+++ openoffice/trunk/main/external_deps.lst Wed Aug 10 21:29:48 2016
@@ -221,9 +221,9 @@ if (SYSTEM_VIGRA != YES)
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_EXPAT != YES)
- MD5 = dd7dab7a5fea97d2a6a43f511449b7cd
- name = expat-2.1.0.tar.gz
- URL1 = http://sourceforge.net/projects/expat/files/expat/2.1.0/expat-2.1.0.tar.gz/download
+ MD5 = 2f47841c829facb346eb6e3fab5212e2
+ name = expat-2.2.0.tar.bz2
+ URL1 = http://downloads.sourceforge.net/project/expat/expat/2.2.0/expat-2.2.0.tar.bz2
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_CURL != YES)