libxml2 bug fixes from upstream

From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities

libxml2 bug fixes from upstream

From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities

When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
return NULL which cause a infinite loop in xmlStringLenDecodeEntities

Found with libFuzzer.

From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 7 Aug 2020 21:54:27 +0200
Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'

Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
array access.

Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
the report.

Fixes #178.

From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 20 Aug 2019 16:33:06 +0800
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream

When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.

Found with libFuzzer.

Patch by: Zhipeng Xie <xiezhipeng1@huawei.com> via gnome.org
Patch by: Nick Wellnhofer <wellnhofer@aevum.de> via gnome.org

show more ...

Upgrade libxslt to version 1.1.34 and libxml2 to version 2.9.10.

This version of libxslt contains the bugfix and three CVE patches that
we had cherry picked from upstream.

Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.

libxml2-nan-inf-fix.patch has been incorporated upstream.

Cherry-pick four upstream post 1.1.33 libxslt commits to ad

Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.

libxml2-nan-inf-fix.patch has been incorporated upstream.

Cherry-pick four upstream post 1.1.33 libxslt commits to address three
CVEs and one functionality regression. Without the latter fix, xsltproc
generates bad code for the writerfilter module causing a build failure.

show more ...

Assume that GCC 4.2.x and above are OK...


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO416@1839777 13f79535-47bb-0310-9956-ffa450edef68

The gcc on CentOS5 (4.1.2) does not support Wno-array-bounds
so disable it for all LINUX at present...

TODO: Just disable for this compiler and not for all Linux


git-svn-id

The gcc on CentOS5 (4.1.2) does not support Wno-array-bounds
so disable it for all LINUX at present...

TODO: Just disable for this compiler and not for all Linux


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO416@1839776 13f79535-47bb-0310-9956-ffa450edef68

show more ...

Merge r1748497, r1758150, r1839130 from trunk:

#i126893#: Upgrade bundled libxml2 version to 2.9.3 and libxslt to 1.1.28

These security vulnerabilities have been fixed since the rel

Merge r1748497, r1758150, r1839130 from trunk:

#i126893#: Upgrade bundled libxml2 version to 2.9.3 and libxslt to 1.1.28

These security vulnerabilities have been fixed since the release of
libxml2-2.7.8 which is bundled with OpenOffice:
CVE-2011-3202
CVE-2011-3919
CVE-2013-0338
CVE-2013-0339
CVE-2013-2877
CVE-2014-0191
CVE-2014-3660
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8035
CVE-2015-8241
CVE-2015-8242

This vulnerability has been fixed since the release of libxslt-1.1.26:
CVE-2015-7995

Upgrade libxml2 to version 2.9.3 which has no publicly disclosed
vulnerabilities at this time.

Rebase libxml2-configure.patch to the new version of libxml2. The
freebsd-elf change to ltmain.sh is no longer necessary and is eliminated
from the patch. The fixes in libxml2-fixes.patch were either fixed
upstream or don't seem to apply anymore, so this patch file was deleted.
The fixes in libxml2-testapi.patch and libxml2-runtest.patch are in now
in the upstream source, so these patch files have been deleted.
The libxml2-mingw.patch and Solaris-specific libxml2-global-symbols.patch
were not updated and are disconnected from the build. Several of the
fixes in libxml2-long-path.patch are now fixed upstream.

Upgrade libxslt to version 1.1.28 and add libxslt-CVE-2015-7995.patch,
which is imported from the FreeBSD port and which appears to have been
cherry picked from upstream.

Rebase libxslt-configure.patch to the new version of libxslt, with
the libtool-related changes coming from the libxslt port to FreeBSD.
The fixes in libxslt-bsd.patch are now present in the upstream
source, so this patch was deleted.

Tested by: kschenk


Upgrade bundled libxml2 from version 2.9.3 to version 2.9.4 to fix:
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4449
CVE-2016-4483
It is not known whether any of these affect OpenOffice.

Import a post-2.9.4 patch from the upstream git repo to fix a build
problem on systems with pre-C99 compilers.



Upgrade bundled libxml2 to version 2.9.8 and libxslt to version
1.1.32. Some of the patches for the previous version of libxml2
have been picked up upstream and are no longer needed. One new
patch is needed for clean builds on Windows, so cherrypick it from
upstream.


Submitted by: truckman
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/openoffice/branches/AOO416@1839349 13f79535-47bb-0310-9956-ffa450edef68

show more ...

i121528 - fix win build. Add upstream patch by Rob Richards.

git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1424811 13f79535-47bb-0310-9956-ffa450edef68

i121528 - Update internal libxml2 to version 2.7.8.

Despite not being the latest version, 2.7.8 has been relatively well
tested and introduces no API changes.

The last update to

i121528 - Update internal libxml2 to version 2.7.8.

Despite not being the latest version, 2.7.8 has been relatively well
tested and introduces no API changes.

The last update to our internal XML C parser was done in Oct 6 2009,
so the list of enhancements is quite big:
http://xmlsoft.org/news.html

In addition to the normal updates we include a couple of vulnerability
fixes from FreeBSD.


git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1424721 13f79535-47bb-0310-9956-ffa450edef68

show more ...

Restore the incorrectly removed message in libxml2 makefile.mk

git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1344546 13f79535-47bb-0310-9956-ffa450edef68

Fix issue #93433: build breaks in libxml2 on Korean Windows due to special character

* /libmxl2/libxml2-testapi.patch : replaced '\248' encoded in ISO-8859-1 with '\xf8'
* /libmxl2/libxm

Fix issue #93433: build breaks in libxml2 on Korean Windows due to special character

* /libmxl2/libxml2-testapi.patch : replaced '\248' encoded in ISO-8859-1 with '\xf8'
* /libmxl2/libxml2-runtest.patch : replaced 'e' encoded in ISO-8859-1 as in 'resume' with \xe9

Patch by: tora3@nichoume.com


git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1344534 13f79535-47bb-0310-9956-ffa450edef68

show more ...

remove svn:executable properties from many more non-exec files

git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1244909 13f79535-47bb-0310-9956-ffa450edef68

remove svn:executable properties from make and pack files

git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1244512 13f79535-47bb-0310-9956-ffa450edef68

Update headers to Alv2 headers

git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1229815 13f79535-47bb-0310-9956-ffa450edef68

Initial import of the old OOo hg repository tip revision.

.../trunk/main is a copy of (currently tip-most)
http://hg.services.openoffice.org/OOO340/rev/c904c1944462

.../trunk/

Initial import of the old OOo hg repository tip revision.

.../trunk/main is a copy of (currently tip-most)
http://hg.services.openoffice.org/OOO340/rev/c904c1944462

.../trunk/extras/l10n is a copy of (currently tip-most)
http://hg.services.openoffice.org/master_l10n/OOO340/rev/af6bc9467af5

Note that the following files with line-end and/or encoding anomalies were left out (they will need to be to be checked in separately):

/ooo/trunk/core/dictionaries/de_DE/README_hyph_de_DE.txt
/ooo/trunk/core/dictionaries/de_CH/README_hyph_de_CH.txt
/ooo/trunk/core/dictionaries/de_AT/README_hyph_de_AT.txt
/ooo/trunk/core/gettext/gettext-0.18.1.1.patch
/ooo/trunk/core/apache-commons/patches/codec.patch
/ooo/trunk/core/libcroco/libcroco-0.6.2.patch
/ooo/trunk/core/testautomation/writer/optional/input/import/mactext.txt
/ooo/trunk/core/graphite/graphite-2.3.1.patch
/ooo/trunk/core/hwpfilter/source/hwpeq.cpp
/ooo/trunk/core/solenv/bin/cwstouched.pl
/ooo/trunk/core/readlicense_oo/html/THIRDPARTYLICENSEREADME.html
/ooo/trunk/core/writerfilter/source/doctok/escher.html
/ooo/trunk/core/writerfilter/source/odiapi/qname/resource/office2003/WordprocessingML Schemas/xsdlib.xsd
/ooo/trunk/core/writerfilter/source/odiapi/qname/resource/office2003/WordprocessingML Schemas/wordnetaux.xsd
/ooo/trunk/core/filter/source/xslt/odf2xhtml/export/common/body.xsl
/ooo/trunk/core/filter/source/xslt/odf2xhtml/export/common/styles/style_mapping_css.xsl

Also: Repository.mk from the l10n toplevel


git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1162288 13f79535-47bb-0310-9956-ffa450edef68

show more ...