You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ji...@apache.org on 2017/07/05 12:20:58 UTC

svn commit: r1800869 - in /openoffice/branches/AOO414: ./ main/ main/LICENSE main/expat/expat-2.1.0.patch main/expat/expat-2.2.1.patch main/expat/expat-winapi.patch main/expat/makefile.mk main/expat/prj/d.lst main/external_deps.lst

Author: jim
Date: Wed Jul  5 12:20:58 2017
New Revision: 1800869

URL: http://svn.apache.org/viewvc?rev=1800869&view=rev
Log:
Merge r1755873, r1800568 from trunk:

#i127069#: bundled expat version 2.1.0 has two vulnerabilities
 
Upgrade bundled expat to version 2.2.0, which fixes:
	CVE-2016-5300
	CVE-2012-6702
 
It is not known whether these can be exploited when expat is used 
as part of OpenOffice.  All of input files to expat seem to come
from the OpenOffice source.
 
One patch is needed to the expat source, without which saxparser 
crashes during the build.  It has been submitted upstream, see
<https://sourceforge.net/p/expat/bugs/539/>.  It is only triggered
when building expat with -DXML_UNICODE which is not the default,
but this flag is used when building the bundled expat.



#i127461#: Update bundled expat to version 2.2.1

Version 2.2.0 that is bundled in trunk has vulnerabilities CVE-2017-9233
and CVE-2016-9063 and other potential problems.  It is not known whether
these impact OpenOffice.

The patch for <https://sourceforge.net/p/expat/bugs/539/> is included so
we no longer need a local patch for that.  We do need a new patch to
work around the lack of <stdint.h> in MS Visual Studio 9.0.


Submitted by: truckman
Reviewed by: jim

Added:
    openoffice/branches/AOO414/main/expat/expat-2.2.1.patch
      - copied unchanged from r1800568, openoffice/trunk/main/expat/expat-2.2.1.patch
Removed:
    openoffice/branches/AOO414/main/expat/expat-2.1.0.patch
Modified:
    openoffice/branches/AOO414/   (props changed)
    openoffice/branches/AOO414/main/   (props changed)
    openoffice/branches/AOO414/main/LICENSE
    openoffice/branches/AOO414/main/expat/expat-winapi.patch
    openoffice/branches/AOO414/main/expat/makefile.mk
    openoffice/branches/AOO414/main/expat/prj/d.lst
    openoffice/branches/AOO414/main/external_deps.lst

Propchange: openoffice/branches/AOO414/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jul  5 12:20:58 2017
@@ -2,5 +2,5 @@
 /openoffice/branches/ia2:1417739-1541842
 /openoffice/branches/ooxml-osba:1546391,1546395,1546574,1546934,1547030,1547392,1551920,1551954,1551958,1552283
 /openoffice/branches/rejuvenate01:1480411,1534063,1534098,1536312,1549902,1560617
-/openoffice/trunk:1571617,1571619,1571677,1572577,1572587,1573547,1574058,1574101,1575922,1576216,1576748,1578786,1579934,1580657,1580779,1581746,1581840,1582359,1582365,1582709,1583336,1583418,1583589,1583988,1585171,1585261,1586242,1586249,1586583,1587468,1589050,1591501,1592692,1592716,1594206,1595847,1595851,1595858,1596218,1596491,1596494,1597076,1597102,1597109,1599169,1599173-1599174,1600581,1600587,1600590,1600630,1600861,1600863,1600883,1602434,1602791,1602823,1602850,1603416,1603897,1604709,1604786,1605044,1605355,1605689,1606055,1606061,1607111,1607793,1607836,1608348,1608359,1608376,1608730,1608733,1609204,1609208,1609302,1609426,1610347,1610411,1610422,1610671,1611549,1612539,1612801,1621121,1623847,1623849-1623850,1642300-1642302,1647713,1652476,1654282,1668939,1669457,1669459,1669462-1669463,1669465,1689883,1689959,1690740,1690755,1690854,1694131-1694132,1694701,1702894,1702898,1702986,1702988,1705542-1705543,1705551,1706649,1707397,1707659,1723875,1729921,1730154,176
 0461,1761439,1763017,1763019,1765170,1766467,1766530,1766915,1780015,1784925,1784961,1785175,1793216
+/openoffice/trunk:1571617,1571619,1571677,1572577,1572587,1573547,1574058,1574101,1575922,1576216,1576748,1578786,1579934,1580657,1580779,1581746,1581840,1582359,1582365,1582709,1583336,1583418,1583589,1583988,1585171,1585261,1586242,1586249,1586583,1587468,1589050,1591501,1592692,1592716,1594206,1595847,1595851,1595858,1596218,1596491,1596494,1597076,1597102,1597109,1599169,1599173-1599174,1600581,1600587,1600590,1600630,1600861,1600863,1600883,1602434,1602791,1602823,1602850,1603416,1603897,1604709,1604786,1605044,1605355,1605689,1606055,1606061,1607111,1607793,1607836,1608348,1608359,1608376,1608730,1608733,1609204,1609208,1609302,1609426,1610347,1610411,1610422,1610671,1611549,1612539,1612801,1621121,1623847,1623849-1623850,1642300-1642302,1647713,1652476,1654282,1668939,1669457,1669459,1669462-1669463,1669465,1689883,1689959,1690740,1690755,1690854,1694131-1694132,1694701,1702894,1702898,1702986,1702988,1705542-1705543,1705551,1706649,1707397,1707659,1723875,1729921,1730154,175
 5873,1760461,1761439,1763017,1763019,1765170,1766467,1766530,1766915,1780015,1784925,1784961,1785175,1793216,1800568
 /openoffice/trunk/main:1705369

Propchange: openoffice/branches/AOO414/main/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jul  5 12:20:58 2017
@@ -2,4 +2,4 @@
 /openoffice/branches/ia2/main:1417739-1541842
 /openoffice/branches/ooxml-osba/main:1546391,1546395,1546574,1546934,1547030,1547392,1551920,1551954,1551958,1552283
 /openoffice/branches/rejuvenate01/main:1480411,1534063,1534098,1536312,1549902,1560617
-/openoffice/trunk/main:1571617,1571677,1572569,1572577,1573547,1574058,1574101,1575922,1576216,1576748,1578786,1579934,1580657,1580779,1581746,1581840,1582359,1582365,1582709,1583336,1583418,1583589,1583988,1585171,1585261,1586242,1586249,1586583,1587468,1589050,1591501,1592692,1592716,1594206,1595847,1595851,1595858,1596218,1596491,1596494,1597076,1597102,1597109,1599169,1599173-1599174,1600581,1600587,1600590,1600630,1600861,1600863,1600883,1602434,1602791,1602823,1602850,1603416,1603897,1603941,1604028,1604709,1604786,1605044,1605355,1605689,1606055,1606061,1606706,1607111,1607793,1607836,1608348,1608376,1608730,1608733,1609204,1609208,1609302,1609426,1610347,1610411,1610422,1610671,1611470,1611549,1612070-1612071,1612539,1612801,1616457,1616944,1620195,1621121,1623847,1623849-1623850,1630814,1633294,1633297,1635806,1642300-1642302,1643177,1650314,1652476,1654282,1668939,1669457,1669459,1669462-1669463,1669465,1677190,1687177,1689883,1689959,1692551,1694132,1694701,1695962,169780
 7,1700078,1700126,1700135,1702107,1702894,1702898,1702986,1702988,1705193,1705196,1705199,1705276,1705364,1705368-1705369,1705542,1706649,1707167,1707169-1707170,1707175,1707397,1707408,1707412,1707642,1707645,1707659,1707844,1708477,1708483,1709212,1709377,1709403,1723875,1729921,1730154,1760461,1761439,1763017,1763019,1765170,1766467,1766915,1780015,1784925,1784961,1785175,1793216
+/openoffice/trunk/main:1571617,1571677,1572569,1572577,1573547,1574058,1574101,1575922,1576216,1576748,1578786,1579934,1580657,1580779,1581746,1581840,1582359,1582365,1582709,1583336,1583418,1583589,1583988,1585171,1585261,1586242,1586249,1586583,1587468,1589050,1591501,1592692,1592716,1594206,1595847,1595851,1595858,1596218,1596491,1596494,1597076,1597102,1597109,1599169,1599173-1599174,1600581,1600587,1600590,1600630,1600861,1600863,1600883,1602434,1602791,1602823,1602850,1603416,1603897,1603941,1604028,1604709,1604786,1605044,1605355,1605689,1606055,1606061,1606706,1607111,1607793,1607836,1608348,1608376,1608730,1608733,1609204,1609208,1609302,1609426,1610347,1610411,1610422,1610671,1611470,1611549,1612070-1612071,1612539,1612801,1616457,1616944,1620195,1621121,1623847,1623849-1623850,1630814,1633294,1633297,1635806,1642300-1642302,1643177,1650314,1652476,1654282,1668939,1669457,1669459,1669462-1669463,1669465,1677190,1687177,1689883,1689959,1692551,1694132,1694701,1695962,169780
 7,1700078,1700126,1700135,1702107,1702894,1702898,1702986,1702988,1705193,1705196,1705199,1705276,1705364,1705368-1705369,1705542,1706649,1707167,1707169-1707170,1707175,1707397,1707408,1707412,1707642,1707645,1707659,1707844,1708477,1708483,1709212,1709377,1709403,1723875,1729921,1730154,1755873,1760461,1761439,1763017,1763019,1765170,1766467,1766915,1780015,1784925,1784961,1785175,1793216,1800568

Modified: openoffice/branches/AOO414/main/LICENSE
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO414/main/LICENSE?rev=1800869&r1=1800868&r2=1800869&view=diff
==============================================================================
--- openoffice/branches/AOO414/main/LICENSE (original)
+++ openoffice/branches/AOO414/main/LICENSE Wed Jul  5 12:20:58 2017
@@ -1049,9 +1049,8 @@ ____
 For integration of XML Expat - built in main/expat/
 - MIT license
 
-Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
-                               and Clark Cooper
-Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers.
+Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
+Copyright (c) 2001-2016 Expat maintainers
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

Modified: openoffice/branches/AOO414/main/expat/expat-winapi.patch
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO414/main/expat/expat-winapi.patch?rev=1800869&r1=1800868&r2=1800869&view=diff
==============================================================================
--- openoffice/branches/AOO414/main/expat/expat-winapi.patch (original)
+++ openoffice/branches/AOO414/main/expat/expat-winapi.patch Wed Jul  5 12:20:58 2017
@@ -1,5 +1,6 @@
---- misc/expat-2.1.0/lib/expat_external.h	2009-11-16 08:53:17.375000000 +0000
-+++ misc/build/expat-2.1.0/lib/expat_external.h	2009-11-16 08:53:34.703125000 +0000
+diff -ur misc/expat-2.2.1/lib/expat_external.h misc/build/expat-2.2.0/lib/expat_external.h
+--- misc/expat-2.2.1/lib/expat_external.h	2016-06-21 05:58:38.000000000 -0700
++++ misc/build/expat-2.2.1/lib/expat_external.h	2016-07-31 17:10:53.551556000 -0700
 @@ -7,10 +7,6 @@
  
  /* External API definitions */

Modified: openoffice/branches/AOO414/main/expat/makefile.mk
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO414/main/expat/makefile.mk?rev=1800869&r1=1800868&r2=1800869&view=diff
==============================================================================
--- openoffice/branches/AOO414/main/expat/makefile.mk (original)
+++ openoffice/branches/AOO414/main/expat/makefile.mk Wed Jul  5 12:20:58 2017
@@ -38,8 +38,8 @@ all:
 
 # --- Files --------------------------------------------------------
 
-TARFILE_NAME=expat-2.1.0
-TARFILE_MD5=dd7dab7a5fea97d2a6a43f511449b7cd 
+TARFILE_NAME=expat-2.2.1
+TARFILE_MD5=d9c3baeab58774cefc2f04faf29f2cf8
 ADDITIONAL_FILES=lib$/makefile.mk
 PATCH_FILES=$(TARFILE_NAME).patch \
             expat-winapi.patch

Modified: openoffice/branches/AOO414/main/expat/prj/d.lst
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO414/main/expat/prj/d.lst?rev=1800869&r1=1800868&r2=1800869&view=diff
==============================================================================
--- openoffice/branches/AOO414/main/expat/prj/d.lst (original)
+++ openoffice/branches/AOO414/main/expat/prj/d.lst Wed Jul  5 12:20:58 2017
@@ -1,7 +1,7 @@
 mkdir: %_DEST%\inc%_EXT%\external\expat
 mkdir: %_DEST%\lib%_EXT%\x64
-..\%__SRC%\misc\build\expat-2.1.0\lib\expat.h %_DEST%\inc%_EXT%\external\expat.h
-..\%__SRC%\misc\build\expat-2.1.0\lib\expat_external.h %_DEST%\inc%_EXT%\external\expat_external.h
+..\%__SRC%\misc\build\expat-2.2.1\lib\expat.h %_DEST%\inc%_EXT%\external\expat.h
+..\%__SRC%\misc\build\expat-2.2.1\lib\expat_external.h %_DEST%\inc%_EXT%\external\expat_external.h
 ..\%__SRC%\slb\expat_xmltok.lib %_DEST%\lib%_EXT%\expat_xmltok.lib
 ..\%__SRC%\slb\expat_xmlparse.lib %_DEST%\lib%_EXT%\expat_xmlparse.lib
 ..\%__SRC%\slb\ascii_expat_xmlparse.lib %_DEST%\lib%_EXT%\ascii_expat_xmlparse.lib

Modified: openoffice/branches/AOO414/main/external_deps.lst
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO414/main/external_deps.lst?rev=1800869&r1=1800868&r2=1800869&view=diff
==============================================================================
--- openoffice/branches/AOO414/main/external_deps.lst (original)
+++ openoffice/branches/AOO414/main/external_deps.lst Wed Jul  5 12:20:58 2017
@@ -225,9 +225,9 @@ if (SYSTEM_VIGRA != YES)
     URL1 = $(OOO_EXTRAS)$(MD5)-$(name)
 
 if (SYSTEM_EXPAT != YES)
-    MD5 = dd7dab7a5fea97d2a6a43f511449b7cd
-    name = expat-2.1.0.tar.gz
-    URL1 = http://sourceforge.net/projects/expat/files/expat/2.1.0/expat-2.1.0.tar.gz/download
+    MD5 = d9c3baeab58774cefc2f04faf29f2cf8
+    name = expat-2.2.1.tar.bz2
+    URL1 = https://sourceforge.net/projects/expat/files/expat/2.2.1/expat-2.2.1.tar.bz2
     URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
 
 if (SYSTEM_CURL != YES)