summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md5
-rw-r--r--RepositoryExternal.mk27
-rw-r--r--basctl/source/basicide/baside2.cxx16
-rwxr-xr-xbin/check-elf-dynamic-objects2
-rw-r--r--comphelper/source/misc/docpasswordhelper.cxx72
-rw-r--r--comphelper/source/misc/documentinfo.cxx14
-rw-r--r--configure.ac4
-rw-r--r--cui/source/options/optinet2.cxx14
-rw-r--r--dbaccess/source/core/dataaccess/ModelImpl.cxx7
-rw-r--r--dbaccess/source/core/dataaccess/databasedocument.cxx25
-rw-r--r--dbaccess/source/core/inc/ModelImpl.hxx2
-rw-r--r--desktop/qa/desktop_app/test_desktop_app.cxx23
-rw-r--r--desktop/source/app/cmdlineargs.cxx10
-rw-r--r--download.lst36
-rw-r--r--external/curl/ExternalPackage_curl.mk2
-rw-r--r--external/curl/ExternalProject_curl.mk1
-rw-r--r--external/curl/clang-cl.patch.04
-rw-r--r--external/curl/curl-msvc.patch.18
-rw-r--r--external/curl/zlib.patch.010
-rw-r--r--external/expat/ExternalProject_expat.mk2
-rw-r--r--external/expat/StaticLibrary_expat.mk1
-rw-r--r--external/expat/StaticLibrary_expat_x64.mk1
-rw-r--r--external/expat/UnpackedTarball_expat.mk1
-rw-r--r--external/expat/expat-winapi.patch18
-rw-r--r--external/icu/ExternalProject_icu.mk5
-rw-r--r--external/icu/UnpackedTarball_icu.mk1
-rw-r--r--external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.237
-rw-r--r--external/libgpg-error/UnpackedTarball_libgpg-error.mk1
-rw-r--r--external/libgpg-error/libgpg-error_gawk5.patch114
-rw-r--r--external/libgpg-error/w32-build-fixes.patch2
-rw-r--r--external/liblangtag/UnpackedTarball_liblangtag.mk3
-rw-r--r--external/liblangtag/Wformat-overflow.patch17
-rw-r--r--external/liborcus/UnpackedTarball_liborcus.mk4
-rw-r--r--external/liborcus/allow-utf-8-in-xml-names.patch263
-rw-r--r--external/libxml2/libxml2-android.patch2
-rw-r--r--external/libxml2/libxml2-config.patch.146
-rw-r--r--external/libxslt/UnpackedTarball_libxslt.mk2
-rw-r--r--external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1120
-rw-r--r--external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.169
-rw-r--r--external/libxslt/libxslt-config.patch.118
-rw-r--r--external/libxslt/libxslt-internal-symbols.patch.18
-rw-r--r--external/nss/ExternalProject_nss.mk14
-rw-r--r--external/nss/UnpackedTarball_nss.mk37
-rw-r--r--external/nss/clang-cl.patch.016
-rw-r--r--external/nss/nsinstall.py19
-rw-r--r--external/nss/nss-3.13.5-zlib-werror.patch7
-rw-r--r--external/nss/nss-chromium-nss-static.patch487
-rw-r--r--external/nss/nss-more-static.patch39
-rw-r--r--external/nss/nss-win32-make.patch.12
-rw-r--r--external/nss/nss.aix.patch2
-rw-r--r--external/nss/nss.patch27
-rw-r--r--external/nss/nss.vs2015.pdb.patch4
-rw-r--r--external/nss/nss.windows.patch4
-rw-r--r--external/openssl/UnpackedTarball_openssl.mk1
-rw-r--r--external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1578
-rw-r--r--external/pdfium/Library_pdfium.mk175
-rw-r--r--external/pdfium/UnpackedTarball_pdfium.mk20
-rw-r--r--external/pdfium/build.patch.1118
-rw-r--r--external/pdfium/c++20-comparison.patch13
-rw-r--r--external/pdfium/configs/build_config.h6
-rw-r--r--external/pdfium/icu.patch.113
-rw-r--r--external/pdfium/msvc2015.patch.1202
-rw-r--r--external/pdfium/pdfium4137-numerics.patch.33364
-rw-r--r--external/pdfium/ubsan.patch26
-rw-r--r--external/pdfium/visibility.patch.130
-rw-r--r--external/pdfium/windows7.patch.134
-rw-r--r--external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.127
-rw-r--r--external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1999
-rw-r--r--external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1169
-rw-r--r--external/poppler/StaticLibrary_poppler.mk23
-rw-r--r--external/poppler/UnpackedTarball_poppler.mk5
-rw-r--r--external/poppler/poppler-c++11.patch.116
-rw-r--r--external/poppler/poppler-config.patch.177
-rw-r--r--external/postgresql/ExternalPackage_postgresql.mk16
-rw-r--r--external/postgresql/ExternalProject_postgresql.mk16
-rw-r--r--external/postgresql/Module_postgresql.mk6
-rw-r--r--external/postgresql/UnpackedTarball_postgresql.mk12
-rw-r--r--external/postgresql/config.pl1
-rw-r--r--external/postgresql/internal-zlib.patch.129
-rw-r--r--external/postgresql/postgres-msvc-build.patch.1110
-rw-r--r--external/postgresql/postgresql-9.2.1-autoreconf.patch521
-rw-r--r--external/postgresql/postgresql-9.2.1-libreoffice.patch74
-rw-r--r--external/postgresql/postgresql-libs-leak.patch40
-rw-r--r--external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1175
-rw-r--r--external/python3/ExternalProject_python3.mk6
-rw-r--r--external/python3/UnpackedTarball_python3.mk3
-rw-r--r--external/python3/python-3.3.5-pyexpat-symbols.patch.128
-rw-r--r--external/python3/python-3.5.7-c99.patch.162
-rw-r--r--external/redland/UnpackedTarball_raptor.mk1
-rw-r--r--external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.133
-rw-r--r--external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.168
-rw-r--r--external/xmlsec/UnpackedTarball_xmlsec.mk2
-rw-r--r--external/xmlsec/xmlsec1-customkeymanage.patch.14321
-rw-r--r--filter/source/graphicfilter/icgm/bitmap.cxx58
-rw-r--r--filter/source/graphicfilter/icgm/bitmap.hxx2
-rw-r--r--filter/source/graphicfilter/icgm/cgm.cxx4
-rw-r--r--filter/source/graphicfilter/icgm/class7.cxx8
-rw-r--r--forms/source/xforms/submission.cxx3
-rw-r--r--forms/source/xforms/submission/submission.hxx6
-rw-r--r--include/comphelper/documentinfo.hxx5
-rw-r--r--include/oox/ole/axcontrol.hxx2
-rw-r--r--include/sfx2/DocumentMetadataAccess.hxx9
-rw-r--r--include/sfx2/docmacromode.hxx14
-rw-r--r--include/sfx2/objsh.hxx5
-rw-r--r--include/sfx2/strings.hrc4
-rw-r--r--include/svl/sigstruct.hxx48
-rw-r--r--include/vcl/BitmapTools.hxx3
-rw-r--r--include/vcl/filter/PDFiumLibrary.hxx95
-rw-r--r--include/vcl/filter/pdfdocument.hxx8
-rw-r--r--include/xmloff/xmlimp.hxx9
-rw-r--r--include/xmloff/xmlnmspe.hxx10
-rw-r--r--include/xmloff/xmltoken.hxx13
-rw-r--r--instsetoo_native/inc_openoffice/windows/msi_languages/Control.ulf62
-rw-r--r--instsetoo_native/inc_openoffice/windows/msi_templates/Control.idt578
-rw-r--r--instsetoo_native/inc_openoffice/windows/msi_templates/Dialog.idt62
-rw-r--r--instsetoo_native/inc_openoffice/windows/msi_templates/Property.idt2
-rw-r--r--instsetoo_native/inc_openoffice/windows/msi_templates/TextStyl.idt25
-rw-r--r--lotuswordpro/source/filter/lwptablelayout.cxx14
-rw-r--r--lotuswordpro/source/filter/lwptablelayout.hxx2
-rw-r--r--offapi/UnoApi_offapi.mk1
-rw-r--r--offapi/com/sun/star/frame/XTransientDocumentsDocumentContentIdentifierFactory.idl59
-rw-r--r--offapi/com/sun/star/security/DocumentSignatureInformation.idl1
-rw-r--r--oox/source/core/filterdetect.cxx30
-rw-r--r--oox/source/ole/vbaproject.cxx4
-rw-r--r--package/source/xstor/owriteablestream.cxx8
-rw-r--r--package/source/xstor/owriteablestream.hxx3
-rw-r--r--package/source/xstor/xstorage.cxx2
-rw-r--r--postprocess/CustomTarget_signing.mk2
-rw-r--r--postprocess/signing/signing.pl3
-rw-r--r--sal/textenc/tcvtkr6.tab2
-rw-r--r--sc/source/filter/excel/xiescher.cxx36
-rw-r--r--sc/source/filter/inc/xiescher.hxx11
-rw-r--r--sc/source/filter/qpro/qproform.cxx14
-rw-r--r--sc/source/filter/xml/xmlwrap.cxx4
-rw-r--r--sc/source/ui/docshell/docsh.cxx13
-rw-r--r--sc/source/ui/docshell/docsh4.cxx64
-rw-r--r--sc/source/ui/docshell/externalrefmgr.cxx62
-rw-r--r--sc/source/ui/inc/docsh.hxx2
-rw-r--r--sc/source/ui/vba/vbasheetobject.cxx13
-rw-r--r--sc/source/ui/vba/vbasheetobject.hxx4
-rw-r--r--scripting/source/protocolhandler/scripthandler.cxx6
-rw-r--r--scripting/source/pyprov/pythonscript.py4
-rw-r--r--sd/source/filter/ppt/pptin.cxx2
-rw-r--r--sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx36
-rw-r--r--sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.hxx18
-rw-r--r--sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx4
-rw-r--r--sfx2/source/appl/appopen.cxx16
-rw-r--r--sfx2/source/dialog/dinfdlg.cxx2
-rw-r--r--sfx2/source/dialog/filedlghelper.cxx18
-rw-r--r--sfx2/source/doc/DocumentMetadataAccess.cxx39
-rw-r--r--sfx2/source/doc/docmacromode.cxx35
-rw-r--r--sfx2/source/doc/objmisc.cxx50
-rw-r--r--sfx2/source/doc/objstor.cxx46
-rw-r--r--sfx2/source/doc/objxtor.cxx1
-rw-r--r--sfx2/source/doc/sfxbasemodel.cxx7
-rw-r--r--sfx2/source/inc/objshimp.hxx4
-rw-r--r--sfx2/source/notify/eventsupplier.cxx183
-rw-r--r--shell/source/unix/exec/shellexec.cxx4
-rw-r--r--shell/source/win32/SysShExec.cxx72
-rw-r--r--shell/source/win32/simplemail/senddoc.cxx5
-rw-r--r--solenv/bin/modules/installer.pm2
-rw-r--r--solenv/bin/modules/installer/windows/msp.pm2
-rw-r--r--solenv/flatpak-manifest.in11
-rw-r--r--svl/source/crypto/cryptosign.cxx16
-rw-r--r--svtools/source/svhtml/parhtml.cxx19
-rw-r--r--svx/source/svdraw/svdograf.cxx9
-rw-r--r--sw/qa/core/data/ww5/pass/ofz18526-1.docbin0 -> 781 bytes
-rw-r--r--sw/qa/core/data/ww6/pass/ofz-trailingpara.docbin0 -> 35109 bytes
-rw-r--r--sw/qa/core/data/ww8/pass/ofz18414-1.docbin0 -> 59801 bytes
-rw-r--r--sw/source/core/edit/edfcol.cxx3
-rw-r--r--sw/source/core/layout/fly.cxx2
-rw-r--r--sw/source/core/layout/ssfrm.cxx2
-rw-r--r--sw/source/core/unocore/unocrsrhelper.cxx12
-rw-r--r--sw/source/filter/html/htmlform.cxx16
-rw-r--r--sw/source/filter/html/htmlgrin.cxx19
-rw-r--r--sw/source/filter/html/swhtml.cxx1
-rw-r--r--sw/source/filter/html/swhtml.hxx4
-rw-r--r--sw/source/filter/ww8/ww8par.cxx79
-rw-r--r--sw/source/filter/ww8/ww8par.hxx4
-rw-r--r--sw/source/filter/ww8/ww8par2.cxx5
-rw-r--r--sw/source/filter/ww8/ww8par5.cxx39
-rw-r--r--sw/source/filter/ww8/ww8par6.cxx11
-rw-r--r--sw/source/filter/ww8/ww8scan.cxx43
-rw-r--r--sw/source/filter/ww8/ww8scan.hxx6
-rw-r--r--sw/source/filter/ww8/ww8toolbar.cxx6
-rw-r--r--sw/source/filter/xml/swxml.cxx4
-rw-r--r--sw/source/uibase/dbui/dbmgr.cxx746
-rw-r--r--ucb/source/ucp/tdoc/tdoc_provider.cxx27
-rw-r--r--ucb/source/ucp/tdoc/tdoc_provider.hxx13
-rw-r--r--uui/source/secmacrowarnings.cxx13
-rw-r--r--vcl/CppunitTest_vcl_filter_ipdf.mk49
-rw-r--r--vcl/Library_vcl.mk1
-rw-r--r--vcl/Module_vcl.mk6
-rw-r--r--vcl/qa/cppunit/filter/ipdf/data/dict-array-dict.pdf55
-rw-r--r--vcl/qa/cppunit/filter/ipdf/ipdf.cxx81
-rw-r--r--vcl/qa/cppunit/pdfexport/pdfexport.cxx17
-rw-r--r--vcl/source/filter/ipdf/pdfdocument.cxx108
-rw-r--r--vcl/source/filter/ipdf/pdfread.cxx18
-rw-r--r--vcl/source/font/fontcharmap.cxx88
-rw-r--r--vcl/source/pdf/PDFiumLibrary.cxx98
-rw-r--r--writerfilter/source/dmapper/DomainMapper.cxx4
-rw-r--r--writerfilter/source/rtftok/rtfdocumentimpl.cxx25
-rw-r--r--xmloff/source/core/xmlimp.cxx40
-rw-r--r--xmloff/source/core/xmltoken.cxx13
-rw-r--r--xmloff/source/script/XMLEventImportHelper.cxx3
-rw-r--r--xmloff/source/token/tokens.txt10
-rw-r--r--xmlsecurity/CppunitTest_xmlsecurity_signing.mk4
-rw-r--r--xmlsecurity/Library_xmlsecurity.mk5
-rw-r--r--xmlsecurity/inc/biginteger.hxx3
-rw-r--r--xmlsecurity/inc/macrosecurity.hxx2
-rw-r--r--xmlsecurity/inc/pdfio/pdfdocument.hxx6
-rw-r--r--xmlsecurity/inc/xmlsignaturehelper.hxx12
-rw-r--r--xmlsecurity/inc/xsecctl.hxx27
-rwxr-xr-xxmlsecurity/qa/create-certs/create-certs.sh6
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p1.pdfbin0 -> 29646 bytes
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdfbin0 -> 22023 bytes
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/data/partial-in-between.pdfbin0 -> 104501 bytes
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx61
-rw-r--r--xmlsecurity/qa/unit/signing/data/cert8.dbbin65536 -> 65536 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/data/hide-and-replace-shadow-file-signed-2.pdfbin0 -> 17896 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/data/key3.dbbin16384 -> 16384 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/data/notype-xades.odtbin0 -> 13918 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/data/tdf42316.ottbin0 -> 10242 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/data/tdf42316_odt12.ottbin0 -> 14625 bytes
-rw-r--r--xmlsecurity/qa/unit/signing/signing.cxx506
-rw-r--r--xmlsecurity/source/component/documentdigitalsignatures.cxx52
-rw-r--r--xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx41
-rw-r--r--xmlsecurity/source/dialogs/macrosecurity.cxx62
-rw-r--r--xmlsecurity/source/helper/documentsignaturehelper.cxx63
-rw-r--r--xmlsecurity/source/helper/documentsignaturemanager.cxx12
-rw-r--r--xmlsecurity/source/helper/ooxmlsecexporter.cxx221
-rw-r--r--xmlsecurity/source/helper/ooxmlsecparser.cxx1451
-rw-r--r--xmlsecurity/source/helper/ooxmlsecparser.hxx75
-rw-r--r--xmlsecurity/source/helper/pdfsignaturehelper.cxx14
-rw-r--r--xmlsecurity/source/helper/xmlsignaturehelper.cxx162
-rw-r--r--xmlsecurity/source/helper/xsecctl.cxx202
-rw-r--r--xmlsecurity/source/helper/xsecparser.cxx1704
-rw-r--r--xmlsecurity/source/helper/xsecparser.hxx106
-rw-r--r--xmlsecurity/source/helper/xsecsign.cxx75
-rw-r--r--xmlsecurity/source/helper/xsecverify.cxx233
-rw-r--r--xmlsecurity/source/pdfio/pdfdocument.cxx264
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx4
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx47
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx2
-rw-r--r--xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx36
-rw-r--r--xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx25
-rw-r--r--xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx4
-rw-r--r--xmlsecurity/uiconfig/ui/digitalsignaturesdialog.ui4
-rw-r--r--xmlsecurity/uiconfig/ui/securitytrustpage.ui4
-rw-r--r--xmlsecurity/workben/pdfverify.cxx12
250 files changed, 13837 insertions, 8436 deletions
diff --git a/README.md b/README.md
index d164e4784078..6ae0487c6ac9 100644
--- a/README.md
+++ b/README.md
@@ -14,13 +14,16 @@ The most recent version reviewed by MIMO can be downloaded at <https://www.mim.o
## Release notes
+### `6.1.6.3.M14`
+
+* Fix [acim#1422](https://acim.08000linux.com/issues/1422): Fixing CVE-2019-9853
+
### `6.1.6.3.M13`
* Fix [acim#1418](https://acim.08000linux.com/issues/1418): Nouvelles failles dans libreoffice by fixing two CVE:
- CVE-2019-9855
- CVE-2019-9854
-
### `6.1.6.3.M12`
* Fix [acim#1408](https://acim.08000linux.com/issues/1404): Demande d'intégration du patch de sécurité pour LibreOffice by fixing two CVE:
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 7e629a89cb34..e029f3f32026 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -1580,7 +1580,7 @@ $(call gb_ExternalProject_use_package,$(1),openssl)
endef
define gb_LinkTarget__use_openssl_headers
-$(call gb_LinkTarget_use_external_project,$(1),openssl)
+$(call gb_LinkTarget_use_external_project,$(1),openssl,full)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,openssl)/include \
$$(INCLUDE) \
@@ -3072,9 +3072,15 @@ endef
else # !SYSTEM_POSTGRESQL
+ifeq ($(OS),WNT)
+$(eval $(call gb_Helper_register_packages_for_install,postgresqlsdbc,\
+ postgresql \
+))
+endif # WNT
+
define gb_LinkTarget__use_postgresql
-$(call gb_LinkTarget_use_external_project,$(1),postgresql)
+$(call gb_LinkTarget_use_external_project,$(1),postgresql,full)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,postgresql)/src/include \
@@ -3082,19 +3088,21 @@ $(call gb_LinkTarget_set_include,$(1),\
$$(INCLUDE) \
)
+ifeq ($(OS),WNT)
+
$(call gb_LinkTarget_add_libs,$(1),\
- $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.lib \
)
-ifeq ($(OS),WNT)
-$(call gb_LinkTarget_use_external,$(1),openssl)
+else # WNT
-$(call gb_LinkTarget_use_system_win32_libs,$(1),\
- secur32 \
- ws2_32 \
+$(call gb_LinkTarget_add_libs,$(1),\
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/common/libpgcommon$(gb_StaticLibrary_PLAINEXT) \
+ $(call gb_UnpackedTarball_get_dir,postgresql)/src/port/libpgport$(gb_StaticLibrary_PLAINEXT) \
)
-endif
+endif # WNT
endef
@@ -4210,6 +4218,7 @@ ifneq ($(ENABLE_PDFIUM),)
define gb_LinkTarget__use_pdfium
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,pdfium)/public \
+ -DCOMPONENT_BUILD \
$$(INCLUDE) \
)
$(call gb_LinkTarget_use_libraries,$(1),pdfium)
diff --git a/basctl/source/basicide/baside2.cxx b/basctl/source/basicide/baside2.cxx
index 08ee292a6d94..ba19471502e4 100644
--- a/basctl/source/basicide/baside2.cxx
+++ b/basctl/source/basicide/baside2.cxx
@@ -53,6 +53,7 @@
#include <vcl/xtextedt.hxx>
#include <toolkit/helper/vclunohelper.hxx>
#include <cassert>
+#include <officecfg/Office/Common.hxx>
namespace basctl
{
@@ -298,15 +299,14 @@ void ModulWindow::BasicExecute()
{
// #116444# check security settings before macro execution
ScriptDocument aDocument( GetDocument() );
- if ( aDocument.isDocument() )
+ bool bMacrosDisabled = officecfg::Office::Common::Security::Scripting::DisableMacrosExecution::get();
+ if (bMacrosDisabled || (aDocument.isDocument() && !aDocument.allowMacros()))
{
- if ( !aDocument.allowMacros() )
- {
- std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(GetFrameWeld(),
- VclMessageType::Warning, VclButtonsType::Ok, IDEResId(RID_STR_CANNOTRUNMACRO)));
- xBox->run();
- return;
- }
+ std::unique_ptr<weld::MessageDialog> xBox(
+ Application::CreateMessageDialog(GetFrameWeld(), VclMessageType::Warning,
+ VclButtonsType::Ok, IDEResId(RID_STR_CANNOTRUNMACRO)));
+ xBox->run();
+ return;
}
CheckCompileBasic();
diff --git a/bin/check-elf-dynamic-objects b/bin/check-elf-dynamic-objects
index 1a11e6dca223..20d8bc0aba2c 100755
--- a/bin/check-elf-dynamic-objects
+++ b/bin/check-elf-dynamic-objects
@@ -67,7 +67,7 @@ x11whitelist="libX11.so.6 libXext.so.6 libSM.so.6 libICE.so.6 libXinerama.so.1 l
openglwhitelist="libGL.so.1"
giowhitelist="libgio-2.0.so.0 libgobject-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libglib-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3"
gstreamer010whitelist="libgstpbutils-0.10.so.0 libgstinterfaces-0.10.so.0 libgstreamer-0.10.so.0"
-gstreamerwhitelist="libgstpbutils-1.0.so.0 libgstvideo-1.0.so.0 libgstbase-1.0.so.0 libgstreamer-1.0.so.0"
+gstreamerwhitelist="libgsttag-1.0.so.0 libgstaudio-1.0.so.0 libgstpbutils-1.0.so.0 libgstvideo-1.0.so.0 libgstbase-1.0.so.0 libgstreamer-1.0.so.0"
gtk2whitelist="libgtk-x11-2.0.so.0 libgdk-x11-2.0.so.0 libpangocairo-1.0.so.0 libfribidi.so.0 libatk-1.0.so.0 libcairo.so.2 libgio-2.0.so.0 libpangoft2-1.0.so.0 libpango-1.0.so.0 libfontconfig.so.1 libfreetype.so.6 libgdk_pixbuf-2.0.so.0 libgobject-2.0.so.0 libglib-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3"
gtk3whitelist="libgtk-3.so.0 libgdk-3.so.0 libcairo-gobject.so.2 libpangocairo-1.0.so.0 libfribidi.so.0 libatk-1.0.so.0 libcairo.so.2 libgio-2.0.so.0 libpangoft2-1.0.so.0 libpango-1.0.so.0 libfontconfig.so.1 libfreetype.so.6 libgdk_pixbuf-2.0.so.0 libgobject-2.0.so.0 libglib-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3"
kde4whitelist="libkio.so.5 libkfile.so.4 libkdeui.so.5 libkdecore.so.5 libQtNetwork.so.4 libQtGui.so.4 libQtCore.so.4 libglib-2.0.so.0"
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index 3f470520fbf5..1a4f29755c36 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -25,6 +25,7 @@
#include <comphelper/storagehelper.hxx>
#include <comphelper/hash.hxx>
#include <comphelper/base64.hxx>
+#include <comphelper/propertysequence.hxx>
#include <comphelper/sequence.hxx>
#include <com/sun/star/beans/PropertyValue.hpp>
#include <com/sun/star/task/XInteractionHandler.hpp>
@@ -426,8 +427,28 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
bool* pbIsDefaultPassword )
{
css::uno::Sequence< css::beans::NamedValue > aEncData;
+ OUString aPassword;
DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword;
+ sal_Int32 nMediaEncDataCount = rMediaEncData.getLength();
+
+ // tdf#93389: if the document is being restored from autorecovery, we need to add encryption
+ // data also for real document type.
+ // TODO: get real filter name here (from CheckPasswd_Impl), to only add necessary data
+ bool bForSalvage = false;
+ if (nMediaEncDataCount)
+ {
+ for (auto& val : rMediaEncData)
+ {
+ if (val.Name == "ForSalvage")
+ {
+ --nMediaEncDataCount; // don't consider this element below
+ val.Value >>= bForSalvage;
+ break;
+ }
+ }
+ }
+
// first, try provided default passwords
if( pbIsDefaultPassword )
*pbIsDefaultPassword = false;
@@ -439,8 +460,12 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
if( !aIt->isEmpty() )
{
eResult = rVerifier.verifyPassword( *aIt, aEncData );
- if( pbIsDefaultPassword )
- *pbIsDefaultPassword = eResult == DocPasswordVerifierResult::OK;
+ if (eResult == DocPasswordVerifierResult::OK)
+ {
+ aPassword = *aIt;
+ if (pbIsDefaultPassword)
+ *pbIsDefaultPassword = true;
+ }
}
}
}
@@ -448,7 +473,7 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
// try media encryption data (skip, if result is OK or ABORT)
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
- if( rMediaEncData.getLength() > 0 )
+ if (nMediaEncDataCount)
{
eResult = rVerifier.verifyEncryptionData( rMediaEncData );
if( eResult == DocPasswordVerifierResult::OK )
@@ -460,7 +485,11 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
if( eResult == DocPasswordVerifierResult::WrongPassword )
{
if( !rMediaPassword.isEmpty() )
+ {
eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = rMediaPassword;
+ }
}
// request a password (skip, if result is OK or ABORT)
@@ -476,6 +505,8 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
{
if( !pRequest->getPassword().isEmpty() )
eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
+ if (eResult == DocPasswordVerifierResult::OK)
+ aPassword = pRequest->getPassword();
}
else
{
@@ -488,6 +519,41 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
{
}
+ if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty())
+ {
+ if (std::find_if(std::cbegin(aEncData), std::cend(aEncData),
+ [](const css::beans::NamedValue& val) {
+ return val.Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8;
+ })
+ == std::cend(aEncData))
+ {
+ // tdf#118639: We need ODF encryption data for autorecovery, where password
+ // will already be unavailable, so generate and append it here
+ aEncData = comphelper::concatSequences(
+ aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword));
+ }
+
+ if (bForSalvage)
+ {
+ // TODO: add individual methods for different target filter, and only call what's needed
+
+ // 1. Prepare binary MS formats encryption data
+ auto aUniqueID = GenerateRandomByteSequence(16);
+ auto aEnc97Key = GenerateStd97Key(aPassword.getStr(), aUniqueID);
+ // 2. Add MS binary and OOXML encryption data to result
+ uno::Sequence< beans::NamedValue > aContainer(3);
+ aContainer[0].Name = "STD97EncryptionKey";
+ aContainer[0].Value <<= aEnc97Key;
+ aContainer[1].Name = "STD97UniqueID";
+ aContainer[1].Value <<= aUniqueID;
+ aContainer[2].Name = "OOXPassword";
+ aContainer[2].Value <<= aPassword;
+
+ aEncData = comphelper::concatSequences(
+ aEncData, aContainer);
+ }
+ }
+
return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >();
}
diff --git a/comphelper/source/misc/documentinfo.cxx b/comphelper/source/misc/documentinfo.cxx
index b63450590554..f0d2840d922a 100644
--- a/comphelper/source/misc/documentinfo.cxx
+++ b/comphelper/source/misc/documentinfo.cxx
@@ -157,6 +157,20 @@ namespace comphelper {
return sTitle;
}
+ void DocumentInfo::notifyMacroEventRead(const css::uno::Reference<css::frame::XModel>& rModel)
+ {
+ if (!rModel.is())
+ return;
+
+ // like BreakMacroSignature of XMLScriptContext use XModel::attachResource
+ // to propagate this notification
+ css::uno::Sequence<css::beans::PropertyValue> aMedDescr = rModel->getArgs();
+ sal_Int32 nNewLen = aMedDescr.getLength() + 1;
+ aMedDescr.realloc(nNewLen);
+ aMedDescr[nNewLen-1].Name = "MacroEventRead";
+ aMedDescr[nNewLen-1].Value <<= true;
+ rModel->attachResource(rModel->getURL(), aMedDescr);
+ }
} // namespace comphelper
diff --git a/configure.ac b/configure.ac
index 7189dd37b5c6..34720ba7e7b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
# several non-alphanumeric characters, those are split off and used only for the
# ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea.
-AC_INIT([LibreOffice],[6.1.6.3.M13],[],[],[http://documentfoundation.org/])
+AC_INIT([LibreOffice],[6.1.6.3.M15],[],[],[http://documentfoundation.org/])
AC_PREREQ([2.59])
@@ -8289,7 +8289,7 @@ internal)
SYSTEM_PYTHON=
PYTHON_VERSION_MAJOR=3
PYTHON_VERSION_MINOR=5
- PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7
+ PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.9
if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
fi
diff --git a/cui/source/options/optinet2.cxx b/cui/source/options/optinet2.cxx
index bf7f6bd26737..2964531afc84 100644
--- a/cui/source/options/optinet2.cxx
+++ b/cui/source/options/optinet2.cxx
@@ -834,20 +834,6 @@ IMPL_STATIC_LINK_NOARG(SvxSecurityTabPage, MacroSecPBHdl, Button*, void)
void SvxSecurityTabPage::InitControls()
{
- // Hide all controls which belong to the macro security button in case the macro
- // security settings managed by the macro security dialog opened via the button
- // are all readonly or if the macros are disabled in general.
- // @@@ Better would be to query the dialog whether it is 'useful' or not. Exposing
- // macro security dialog implementations here, which is bad.
- if ( mpSecOptions->IsMacroDisabled()
- || ( mpSecOptions->IsReadOnly( SvtSecurityOptions::EOption::MacroSecLevel )
- && mpSecOptions->IsReadOnly( SvtSecurityOptions::EOption::MacroTrustedAuthors )
- && mpSecOptions->IsReadOnly( SvtSecurityOptions::EOption::SecureUrls ) ) )
- {
- //Hide these
- m_pMacroSecFrame->Hide();
- }
-
#ifndef UNX
m_pCertFrame->Hide();
#endif
diff --git a/dbaccess/source/core/dataaccess/ModelImpl.cxx b/dbaccess/source/core/dataaccess/ModelImpl.cxx
index af71c72510c4..3281d0dd2b7e 100644
--- a/dbaccess/source/core/dataaccess/ModelImpl.cxx
+++ b/dbaccess/source/core/dataaccess/ModelImpl.cxx
@@ -376,6 +376,7 @@ ODatabaseModelImpl::ODatabaseModelImpl( const Reference< XComponentContext >& _r
,m_bSuppressVersionColumns(true)
,m_bModified(false)
,m_bDocumentReadOnly(false)
+ ,m_bMacroCallsSeenWhileLoading(false)
,m_pSharedConnectionManager(nullptr)
,m_nControllerLockCount(0)
{
@@ -409,6 +410,7 @@ ODatabaseModelImpl::ODatabaseModelImpl(
,m_bSuppressVersionColumns(true)
,m_bModified(false)
,m_bDocumentReadOnly(false)
+ ,m_bMacroCallsSeenWhileLoading(false)
,m_pSharedConnectionManager(nullptr)
,m_nControllerLockCount(0)
{
@@ -1274,6 +1276,11 @@ bool ODatabaseModelImpl::documentStorageHasMacros() const
return ( *m_aEmbeddedMacros != eNoMacros );
}
+bool ODatabaseModelImpl::macroCallsSeenWhileLoading() const
+{
+ return m_bMacroCallsSeenWhileLoading;
+}
+
Reference< XEmbeddedScripts > ODatabaseModelImpl::getEmbeddedDocumentScripts() const
{
return Reference< XEmbeddedScripts >( getModel_noCreate(), UNO_QUERY );
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx b/dbaccess/source/core/dataaccess/databasedocument.cxx
index eee5e8465031..eb20c56ed849 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -744,15 +744,24 @@ sal_Bool SAL_CALL ODatabaseDocument::attachResource( const OUString& _rURL, cons
bool ODatabaseDocument::impl_attachResource( const OUString& i_rLogicalDocumentURL,
const Sequence< PropertyValue >& i_rMediaDescriptor, DocumentGuard& _rDocGuard )
{
- if ( ( i_rLogicalDocumentURL == getURL() )
- && ( i_rMediaDescriptor.getLength() == 1 )
- && ( i_rMediaDescriptor[0].Name == "BreakMacroSignature" )
- )
+ if (i_rLogicalDocumentURL == getURL())
{
- // this is a BAD hack of the Basic importer code ... there should be a dedicated API for this,
- // not this bad mis-using of existing interfaces
- return false;
- // (we do not support macro signatures, so we can ignore this call)
+ ::comphelper::NamedValueCollection aArgs(i_rMediaDescriptor);
+
+ // this misuse of attachresource is a hack of the Basic importer code
+ // repurposing existing interfaces for uses it probably wasn't intended
+ // for
+
+ // we do not support macro signatures, so we can ignore that request
+ aArgs.remove("BreakMacroSignature");
+
+ bool bMacroEventRead = false;
+ if ((aArgs.get( "MacroEventRead" ) >>= bMacroEventRead) && bMacroEventRead)
+ m_pImpl->m_bMacroCallsSeenWhileLoading = true;
+ aArgs.remove( "MacroEventRead" );
+
+ if (aArgs.empty())
+ return false;
}
// if no URL has been provided, the caller was lazy enough to not call our getURL - which is not allowed anymore,
diff --git a/dbaccess/source/core/inc/ModelImpl.hxx b/dbaccess/source/core/inc/ModelImpl.hxx
index 4a763c577912..d7a642a02397 100644
--- a/dbaccess/source/core/inc/ModelImpl.hxx
+++ b/dbaccess/source/core/inc/ModelImpl.hxx
@@ -208,6 +208,7 @@ public:
bool m_bSuppressVersionColumns : 1;
bool m_bModified : 1;
bool m_bDocumentReadOnly : 1;
+ bool m_bMacroCallsSeenWhileLoading : 1;
css::uno::Reference< css::beans::XPropertyBag >
m_xSettings;
css::uno::Sequence< OUString > m_aTableFilter;
@@ -436,6 +437,7 @@ public:
virtual void setCurrentMacroExecMode( sal_uInt16 ) override;
virtual OUString getDocumentLocation() const override;
virtual bool documentStorageHasMacros() const override;
+ virtual bool macroCallsSeenWhileLoading() const override;
virtual css::uno::Reference< css::document::XEmbeddedScripts > getEmbeddedDocumentScripts() const override;
virtual SignatureState getScriptingSignatureState() override;
virtual bool hasTrustedScriptingSignature( bool bAllowUIToAddAuthor ) override;
diff --git a/desktop/qa/desktop_app/test_desktop_app.cxx b/desktop/qa/desktop_app/test_desktop_app.cxx
index ef588a580266..1a027dfade78 100644
--- a/desktop/qa/desktop_app/test_desktop_app.cxx
+++ b/desktop/qa/desktop_app/test_desktop_app.cxx
@@ -110,6 +110,29 @@ void Test::testTdf100837() {
CPPUNIT_ASSERT_EQUAL(OUString("bar"), vForceOpenList[0]);
CPPUNIT_ASSERT_EQUAL(OUString("baz"), vForceOpenList[1]);
}
+
+ {
+ // 3. Test enocded URLs
+ TestSupplier supplier{ "foo", "ms-word:ofe%7Cu%7cbar1", "ms-word:ofv%7cu%7Cbar2", "ms-word:nft%7Cu%7cbar3", "baz" };
+ desktop::CommandLineArgs args(supplier);
+ auto vOpenList = args.GetOpenList();
+ auto vForceOpenList = args.GetForceOpenList();
+ auto vViewList = args.GetViewList();
+ auto vForceNewList = args.GetForceNewList();
+ // 2 documents go to Open list: foo; baz
+ CPPUNIT_ASSERT_EQUAL(decltype(vOpenList.size())(2), vOpenList.size());
+ CPPUNIT_ASSERT_EQUAL(OUString("foo"), vOpenList[0]);
+ CPPUNIT_ASSERT_EQUAL(OUString("baz"), vOpenList[1]);
+ // 1 document goes to ForceOpen list: bar1
+ CPPUNIT_ASSERT_EQUAL(decltype(vForceOpenList.size())(1), vForceOpenList.size());
+ CPPUNIT_ASSERT_EQUAL(OUString("bar1"), vForceOpenList[0]);
+ // 1 document goes to View list: bar2
+ CPPUNIT_ASSERT_EQUAL(decltype(vViewList.size())(1), vViewList.size());
+ CPPUNIT_ASSERT_EQUAL(OUString("bar2"), vViewList[0]);
+ // 1 document goes to ForceNew list: bar3
+ CPPUNIT_ASSERT_EQUAL(decltype(vForceNewList.size())(1), vForceNewList.size());
+ CPPUNIT_ASSERT_EQUAL(OUString("bar3"), vForceNewList[0]);
+ }
}
CPPUNIT_TEST_SUITE_REGISTRATION(Test);
diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index 490bf183de33..8fe83f523c48 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -127,23 +127,27 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
OUString rest2;
long nURIlen = -1;
+
+ // URL might be encoded
+ OUString decoded_rest = rest1.replaceAll("%7C", "|").replaceAll("%7c", "|");
+
// 2. Discriminate by command name (incl. 1st command argument descriptor)
// Extract URI: everything up to possible next argument
- if (rest1.startsWith("ofv|u|", &rest2))
+ if (decoded_rest.startsWith("ofv|u|", &rest2))
{
// Open for view - override only in default mode
if (curEvt == CommandLineEvent::Open)
curEvt = CommandLineEvent::View;
nURIlen = rest2.indexOf("|");
}
- else if (rest1.startsWith("ofe|u|", &rest2))
+ else if (decoded_rest.startsWith("ofe|u|", &rest2))
{
// Open for editing - override only in default mode
if (curEvt == CommandLineEvent::Open)
curEvt = CommandLineEvent::ForceOpen;
nURIlen = rest2.indexOf("|");
}
- else if (rest1.startsWith("nft|u|", &rest2))
+ else if (decoded_rest.startsWith("nft|u|", &rest2))
{
// New from template - override only in default mode
if (curEvt == CommandLineEvent::Open)
diff --git a/download.lst b/download.lst
index e84baea4995e..175d1400c8ef 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5
-export CURL_TARBALL := curl-7.64.0.tar.gz
+export CURL_SHA256SUM := cdf18794393d8bead915312708a9e5d819c6e9919de14b20d5c8e7987abd9772
+export CURL_TARBALL := curl-7.71.0.tar.xz
export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
@@ -42,8 +42,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
export ETONYEK_SHA256SUM := 9dc92347aee0cc9ed57b175a3e21f9d96ebe55d30fecb10e841d1050794ed82d
export ETONYEK_VERSION_MICRO := 8
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM := d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6
-export EXPAT_TARBALL := expat-2.2.5.tar.bz2
+export EXPAT_SHA256SUM := 9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102
+export EXPAT_TARBALL := expat-2.2.8.tar.bz2
export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
@@ -154,11 +154,11 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
export LIBTOMMATH_TARBALL := ltm-1.0.zip
export XMLSEC_SHA256SUM := 967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2
export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz
-export LIBXML_SHA256SUM := 94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871
-export LIBXML_VERSION_MICRO := 9
+export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
+export LIBXML_VERSION_MICRO := 10
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
-export LIBXSLT_SHA256SUM := 8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
-export LIBXSLT_VERSION_MICRO := 33
+export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
+export LIBXSLT_VERSION_MICRO := 34
export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz
export LPSOLVE_SHA256SUM := 171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695
export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM := f271ec73291fa3e4bd4b59109f8035cc3a192fc33886f40ed4f9ee4b31c746e9
-export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz
+export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
+export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
@@ -200,18 +200,18 @@ export OWNCLOUD_ANDROID_LIB_SHA256SUM := b18b3e3ef7fae6a79b62f2bb43cc47a5346b633
export OWNCLOUD_ANDROID_LIB_TARBALL := owncloud-android-library-0.9.4-no-binary-deps.tar.gz
export PAGEMAKER_SHA256SUM := 66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
export PAGEMAKER_TARBALL := libpagemaker-0.0.4.tar.xz
-export PDFIUM_SHA256SUM := 80331b48166501a192d65476932f17044eeb5f10faa6ea50f4f175169475c957
-export PDFIUM_TARBALL := pdfium-3426.tar.bz2
+export PDFIUM_SHA256SUM := eca406d47ac7e2a84dcc86f93c08f96e591d409589e881477fa75e488e4851d8
+export PDFIUM_TARBALL := pdfium-4306.tar.bz2
export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82ea9fb0076b2f
-export POPPLER_TARBALL := poppler-0.74.0.tar.xz
-export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461
-export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
-export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc
-export PYTHON_TARBALL := Python-3.5.7.tar.xz
+export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
+export POPPLER_TARBALL := poppler-21.01.0.tar.xz
+export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
+export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
+export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
+export PYTHON_TARBALL := Python-3.5.9.tar.xz
export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73
export QXP_TARBALL := libqxp-0.0.1.tar.xz
export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk
index 56c418b6ef0c..8da569e3e0cf 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -20,7 +20,7 @@ $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dyli
else ifeq ($(OS),AIX)
$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.6.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index 136e50f3a81c..ebcb6068b7c1 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -48,6 +48,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
--without-libidn2 --without-libpsl --without-librtmp \
--without-libssh2 --without-metalink --without-nghttp2 \
--without-libssh --without-brotli \
+ --without-ngtcp2 --without-quiche \
--disable-ares \
--disable-dict --disable-file --disable-gopher --disable-imap \
--disable-ldap --disable-ldaps --disable-manual --disable-pop3 \
diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0
index 2f7fe567460c..2fbb10c2a9aa 100644
--- a/external/curl/clang-cl.patch.0
+++ b/external/curl/clang-cl.patch.0
@@ -4,8 +4,8 @@
!ELSE
CC_NODEBUG = $(CC) /O2 /DNDEBUG
CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
--CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
-+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC)
+-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC)
!ENDIF
LFLAGS = /nologo /machine:$(MACHINE)
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 80160958c99d..a5b79a8e9c49 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -6,8 +6,8 @@ MSVC: using SOLARINC
!ELSE
CC_NODEBUG = $(CC) /O2 /DNDEBUG
CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
--CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL
-+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
+-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL
++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
!ENDIF
LFLAGS = /nologo /machine:$(MACHINE)
@@ -18,10 +18,10 @@ MSVC: using SOLARINC
-RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG)
- CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
!ELSE
-RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
CURL_CC = $(CC_NODEBUG) $(RTLIB)
- CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
!ENDIF
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index b3e821039740..189e820d1afa 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,15 +1,5 @@
--- configure
+++ configure
-@@ -937,8 +937,8 @@
- ZLIB_LIBS
- HAVE_LIBZ_FALSE
- HAVE_LIBZ_TRUE
--HAVE_LIBZ
- PKGCONFIG
-+HAVE_LIBZ
- CURL_DISABLE_GOPHER
- CURL_DISABLE_SMTP
- CURL_DISABLE_SMB
@@ -20709,7 +20709,6 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS
diff --git a/external/expat/ExternalProject_expat.mk b/external/expat/ExternalProject_expat.mk
index 1a638eed14d6..87886eab1f7e 100644
--- a/external/expat/ExternalProject_expat.mk
+++ b/external/expat/ExternalProject_expat.mk
@@ -15,7 +15,7 @@ $(eval $(call gb_ExternalProject_register_targets,expat,\
$(call gb_ExternalProject_get_state_target,expat,configure) :
$(call gb_ExternalProject_run,configure,\
- ./configure \
+ ./configure --without-docbook \
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \
$(if $(filter INTEL ARM,$(CPUNAME)),ac_cv_c_bigendian=no)) \
,,expat_configure.log)
diff --git a/external/expat/StaticLibrary_expat.mk b/external/expat/StaticLibrary_expat.mk
index 31d03d03102e..bdcc767e2905 100644
--- a/external/expat/StaticLibrary_expat.mk
+++ b/external/expat/StaticLibrary_expat.mk
@@ -48,7 +48,6 @@ $(eval $(call gb_StaticLibrary_add_cflags,expat,\
))
$(eval $(call gb_StaticLibrary_add_generated_cobjects,expat,\
- UnpackedTarball/expat/lib/loadlibrary \
UnpackedTarball/expat/lib/xmlparse \
UnpackedTarball/expat/lib/xmlrole \
UnpackedTarball/expat/lib/xmltok \
diff --git a/external/expat/StaticLibrary_expat_x64.mk b/external/expat/StaticLibrary_expat_x64.mk
index 4f92d0fb284e..a38ba28c80dd 100644
--- a/external/expat/StaticLibrary_expat_x64.mk
+++ b/external/expat/StaticLibrary_expat_x64.mk
@@ -25,7 +25,6 @@ $(eval $(call gb_StaticLibrary_add_defs,expat_x64,\
))
$(eval $(call gb_StaticLibrary_add_x64_generated_cobjects,expat_x64,\
- UnpackedTarball/expat/lib/loadlibrary_x64 \
UnpackedTarball/expat/lib/xmlparse_x64 \
UnpackedTarball/expat/lib/xmltok_x64 \
UnpackedTarball/expat/lib/xmlrole_x64 \
diff --git a/external/expat/UnpackedTarball_expat.mk b/external/expat/UnpackedTarball_expat.mk
index 7c83f65af284..5d4f41f6d147 100644
--- a/external/expat/UnpackedTarball_expat.mk
+++ b/external/expat/UnpackedTarball_expat.mk
@@ -26,7 +26,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,expat,\
$(eval $(call gb_UnpackedTarball_set_post_action,expat,\
$(if $(filter $(BUILD_X64),TRUE), \
- cp lib/loadlibrary.c lib/loadlibrary_x64.c && \
cp lib/xmlparse.c lib/xmlparse_x64.c && \
cp lib/xmltok.c lib/xmltok_x64.c && \
cp lib/xmlrole.c lib/xmlrole_x64.c) \
diff --git a/external/expat/expat-winapi.patch b/external/expat/expat-winapi.patch
index 3fe8a8a63e5a..b33c12b83b4c 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -1,13 +1,13 @@
--- misc/expat-2.1.0/lib/expat_external.h 2009-11-16 08:53:17.375000000 +0000
+++ misc/build/expat-2.1.0/lib/expat_external.h 2009-11-16 08:53:34.703125000 +0000
-@@ -7,10 +7,6 @@
+@@ -81,10 +81,6 @@
+ # ifndef XML_BUILDING_EXPAT
+ /* using Expat from an application */
- /* External API definitions */
-
--#if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__)
--# define XML_USE_MSC_EXTENSIONS 1
--#endif
+-# if defined(_MSC_EXTENSIONS) && ! defined(__BEOS__) && ! defined(__CYGWIN__)
+-# define XMLIMPORT __declspec(dllimport)
+-# endif
-
- /* Expat tries very hard to make the API boundary very specifically
- defined. There are two macros defined to control this boundary;
- each of these can be defined before including this header to
+ # endif
+ #endif /* not defined XML_STATIC */
+
diff --git a/external/icu/ExternalProject_icu.mk b/external/icu/ExternalProject_icu.mk
index e1ec30938bf7..66030e8a9914 100644
--- a/external/icu/ExternalProject_icu.mk
+++ b/external/icu/ExternalProject_icu.mk
@@ -13,7 +13,10 @@ $(eval $(call gb_ExternalProject_register_targets,icu,\
build \
))
-icu_CPPFLAGS:="-DHAVE_GCC_ATOMICS=$(if $(filter TRUE,$(GCC_HAVE_BUILTIN_ATOMIC)),1,0)"
+# -I to find o3tl headers
+icu_CPPFLAGS:=" \
+ -DHAVE_GCC_ATOMICS=$(if $(filter TRUE,$(GCC_HAVE_BUILTIN_ATOMIC)),1,0) \
+ -I$(SRCDIR)/include"
ifeq ($(OS),WNT)
diff --git a/external/icu/UnpackedTarball_icu.mk b/external/icu/UnpackedTarball_icu.mk
index c789e6eb8d84..3aa491bbf3f5 100644
--- a/external/icu/UnpackedTarball_icu.mk
+++ b/external/icu/UnpackedTarball_icu.mk
@@ -36,6 +36,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\
external/icu/icu4c-khmerbreakengine.patch.1 \
external/icu/ofz4860.patch.2 \
external/icu/icu4c-61-werror-shadow.patch.1 \
+ external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 \
))
$(eval $(call gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict))
diff --git a/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2 b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2
new file mode 100644
index 000000000000..d3b34db670c5
--- /dev/null
+++ b/external/icu/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca.patch.2
@@ -0,0 +1,37 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+---
+ icu4c/source/common/unistr.cpp | 6 ++-
+ icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
+ icu4c/source/test/intltest/ustrtest.h | 1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
+index 901bb3358ba..077b4d6ef20 100644
+--- a/icu4c/source/common/unistr.cpp
++++ b/icu4c/source/common/unistr.cpp
+@@ -31,6 +31,7 @@
+ #include "ustr_imp.h"
+ #include "umutex.h"
+ #include "uassert.h"
++#include <o3tl/safeint.hxx>
+
+ #if 0
+
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+ }
+
+ int32_t oldLength = length();
+- int32_t newLength = oldLength + srcLength;
++ int32_t newLength;
++ if (o3tl::checked_add(oldLength, srcLength, newLength)) {
++ setToBogus();
++ return *this;
++ }
+ // optimize append() onto a large-enough, owned string
+ if((newLength <= getCapacity() && isBufferWritable()) ||
+ cloneArrayIfNeeded(newLength, getGrowCapacity(newLength))) {
diff --git a/external/libgpg-error/UnpackedTarball_libgpg-error.mk b/external/libgpg-error/UnpackedTarball_libgpg-error.mk
index ad2145a96aa7..ea99c3c3c076 100644
--- a/external/libgpg-error/UnpackedTarball_libgpg-error.mk
+++ b/external/libgpg-error/UnpackedTarball_libgpg-error.mk
@@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,libgpg-error,$(LIBGPGERROR_TARBALL)
$(eval $(call gb_UnpackedTarball_set_patchlevel,libgpg-error,0))
$(eval $(call gb_UnpackedTarball_add_patches,libgpg-error, \
+ external/libgpg-error/libgpg-error_gawk5.patch \
$(if $(filter MSC,$(COM)),external/libgpg-error/w32-build-fixes.patch) \
$(if $(filter MSC,$(COM)),external/libgpg-error/w32-build-fixes-2.patch.1) \
$(if $(filter MSC,$(COM)),external/libgpg-error/w32-build-fixes-3.patch.1) \
diff --git a/external/libgpg-error/libgpg-error_gawk5.patch b/external/libgpg-error/libgpg-error_gawk5.patch
new file mode 100644
index 000000000000..3be76a4538a8
--- /dev/null
+++ b/external/libgpg-error/libgpg-error_gawk5.patch
@@ -0,0 +1,114 @@
+--- src/Makefile.am
++++ src/Makefile.am~
+@@ -266,7 +266,7 @@
+
+ errnos-sym.h: Makefile mkstrtable.awk errnos.in
+ $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \
+- -v prefix=GPG_ERR_ -v namespace=errnos_ \
++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
+ $(srcdir)/errnos.in >$@
+
+
+--- src/mkerrcodes.awk
++++ src/mkerrcodes.awk~
+@@ -81,7 +81,7 @@
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+--- src/mkerrcodes1.awk
++++ src/mkerrcodes1.awk~
+@@ -81,7 +81,7 @@
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+--- src/mkerrcodes2.awk
++++ src/mkerrcodes2.awk~
+@@ -91,7 +91,7 @@
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+--- src/mkerrnos.awk
++++ src/mkerrnos.awk~
+@@ -83,7 +83,7 @@
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+--- src/mkstrtable.awk
++++ src/mkstrtable.awk~
+@@ -77,7 +77,7 @@
+ #
+ # The variable prefix can be used to prepend a string to each message.
+ #
+-# The variable namespace can be used to prepend a string to each
++# The variable pkg_namespace can be used to prepend a string to each
+ # variable and macro name.
+
+ BEGIN {
+@@ -102,7 +102,7 @@
+ print "/* The purpose of this complex string table is to produce";
+ print " optimal code with a minimum of relocations. */";
+ print "";
+- print "static const char " namespace "msgstr[] = ";
++ print "static const char " pkg_namespace "msgstr[] = ";
+ header = 0;
+ }
+ else
+@@ -110,7 +110,7 @@
+ }
+
+ !header {
+- sub (/\#.+/, "");
++ sub (/#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+@@ -150,7 +150,7 @@
+ else
+ print " gettext_noop (\"" last_msgstr "\");";
+ print "";
+- print "static const int " namespace "msgidx[] =";
++ print "static const int " pkg_namespace "msgidx[] =";
+ print " {";
+ for (i = 0; i < coded_msgs; i++)
+ print " " pos[i] ",";
+@@ -158,7 +158,7 @@
+ print " };";
+ print "";
+ print "static GPG_ERR_INLINE int";
+- print namespace "msgidxof (int code)";
++ print pkg_namespace "msgidxof (int code)";
+ print "{";
+ print " return (0 ? 0";
+
+--- src/Makefile.in
++++ src/Makefile.in~
+@@ -1321,7 +1321,7 @@
+
+ errnos-sym.h: Makefile mkstrtable.awk errnos.in
+ $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \
+- -v prefix=GPG_ERR_ -v namespace=errnos_ \
++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
+ $(srcdir)/errnos.in >$@
+
+ mkheader: mkheader.c Makefile
+
diff --git a/external/libgpg-error/w32-build-fixes.patch b/external/libgpg-error/w32-build-fixes.patch
index e8a6b6145d46..96a62e32042c 100644
--- a/external/libgpg-error/w32-build-fixes.patch
+++ b/external/libgpg-error/w32-build-fixes.patch
@@ -136,7 +136,7 @@ diff -ru libgpg-error.orig/src/Makefile.in libgpg-error/src/Makefile.in
errnos-sym.h: Makefile mkstrtable.awk errnos.in
@@ -1325,7 +1325,7 @@
- -v prefix=GPG_ERR_ -v namespace=errnos_ \
+ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
$(srcdir)/errnos.in >$@
-mkheader: mkheader.c Makefile
diff --git a/external/liblangtag/UnpackedTarball_liblangtag.mk b/external/liblangtag/UnpackedTarball_liblangtag.mk
index cd52b169fa57..66b8051782d0 100644
--- a/external/liblangtag/UnpackedTarball_liblangtag.mk
+++ b/external/liblangtag/UnpackedTarball_liblangtag.mk
@@ -17,6 +17,8 @@ $(eval $(call gb_UnpackedTarball_set_pre_action,liblangtag,\
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,liblangtag))
+$(eval $(call gb_UnpackedTarball_set_patchlevel,liblangtag,0))
+
ifneq ($(OS),MACOSX)
ifneq ($(OS),WNT)
$(eval $(call gb_UnpackedTarball_add_patches,liblangtag,\
@@ -29,6 +31,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liblangtag, \
$(if $(SYSTEM_LIBXML),,external/liblangtag/langtag-libtool-rpath.patch.0) \
external/liblangtag/clang-cl.patch.0 \
external/liblangtag/langtag-valencia.patch.0 \
+ external/liblangtag/Wformat-overflow.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/liblangtag/Wformat-overflow.patch b/external/liblangtag/Wformat-overflow.patch
new file mode 100644
index 000000000000..f2d017e4b395
--- /dev/null
+++ b/external/liblangtag/Wformat-overflow.patch
@@ -0,0 +1,17 @@
+--- liblangtag/lt-script-db.c
++++ liblangtag/lt-script-db.c
+@@ -134,8 +134,12 @@
+ cnode = cnode->next;
+ }
+ if (!subtag) {
+- lt_warning("No subtag node: description = '%s'",
+- desc);
++ if (!desc) {
++ lt_warning("No subtag nor description node");
++ } else {
++ lt_warning("No subtag node: description = '%s'",
++ desc);
++ }
+ goto bail1;
+ }
+ if (!desc) {
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk
index 3ab387e734be..94f477ec7970 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -20,6 +20,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/rpath.patch.0 \
))
+$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
+ external/liborcus/allow-utf-8-in-xml-names.patch \
+))
+
ifeq ($(OS),WNT)
$(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/windows-constants-hack.patch \
diff --git a/external/liborcus/allow-utf-8-in-xml-names.patch b/external/liborcus/allow-utf-8-in-xml-names.patch
new file mode 100644
index 000000000000..7a2f2bb2cfb0
--- /dev/null
+++ b/external/liborcus/allow-utf-8-in-xml-names.patch
@@ -0,0 +1,263 @@
+From 6049e745a3ca8ce49ee0f7b737e157c3e27450bb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Lu=C5=88=C3=A1k?= <l.lunak@centrum.cz>
+Date: Thu, 29 Apr 2021 19:12:20 +0200
+Subject: [PATCH] allow utf-8 in xml names (#137)
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
+has a list of all allowed characters.
+---
+ include/orcus/sax_parser_base.hpp | 3 +
+ src/orcus_test_xml.cpp | 1 +
+ src/parser/sax_parser_base.cpp | 178 +++++++++++++++++++++++++++++-
+ test/xml/non-ascii/check.txt | 4 +
+ test/xml/non-ascii/input.xml | 4 +
+ 5 files changed, 185 insertions(+), 5 deletions(-)
+ create mode 100644 test/xml/non-ascii/check.txt
+ create mode 100644 test/xml/non-ascii/input.xml
+
+diff --git a/include/orcus/sax_parser_base.hpp b/include/orcus/sax_parser_base.hpp
+index 7aab041d..057dba31 100644
+--- a/include/orcus/sax_parser_base.hpp
++++ b/include/orcus/sax_parser_base.hpp
+@@ -219,6 +219,9 @@ protected:
+ void element_name(parser_element& elem, const char* begin_pos);
+ void attribute_name(pstring& attr_ns, pstring& attr_name);
+ void characters_with_encoded_char(cell_buffer& buf);
++
++ int is_name_char();
++ int is_name_start_char();
+ };
+
+ }}
+diff --git a/src/orcus_test_xml.cpp b/src/orcus_test_xml.cpp
+index 94bdfb16..c81eb302 100644
+--- a/src/orcus_test_xml.cpp
++++ b/src/orcus_test_xml.cpp
+@@ -76,6 +76,7 @@ const char* sax_parser_test_dirs[] = {
+ SRCDIR"/test/xml/single-quote/",
+ SRCDIR"/test/xml/no-decl-1/",
+ SRCDIR"/test/xml/underscore-identifier/",
++ SRCDIR"/test/xml/non-ascii/",
+ };
+
+ const char* sax_parser_parse_only_test_dirs[] = {
+diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp
+index bb53e417..ecbd7f99 100644
+--- a/src/parser/sax_parser_base.cpp
++++ b/src/parser/sax_parser_base.cpp
+@@ -332,19 +332,187 @@ bool parser_base::value(pstring& str, bool decode)
+ return false;
+ }
+
++// https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-NameStartChar
++// Return length of the character in bytes, otherwise 0.
++template< bool only_start_name >
++static
++int is_name_char_helper(const char* mp_char, const char* mp_end)
++{
++ const unsigned char first = mp_char[0];
++ // Note that ':' technically is an allowed name character, but it is handled separately
++ // e.g. in element_name(), so here pretend it isn't.
++ if (/*first == ':' ||*/ first == '_' || (first >= 'A' && first <= 'Z') || (first >= 'a' && first <= 'z'))
++ return 1;
++ if (!only_start_name && (first == '-' || first == '.' || (first >= '0' && first <= '9')))
++ return 1;
++
++ if (first < 0x7f) // other ascii characters are not allowed
++ return 0;
++ if (mp_end < mp_char + 1)
++ return 0;
++ const unsigned char second = mp_char[1];
++
++ // 0xb7 = 0xc2 0xb7 utf-8
++ if (!only_start_name && first == 0xc2 && second == 0xb7)
++ return 2;
++
++ // [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF]
++ // 0xc0 = 0xc3 0x80 utf-8
++ if (first < 0xc3)
++ return 0;
++ // xd7 = 0xc3 0x97 utf-8, 0xf7 = 0xc3 0xb7 utf-8
++ if (first == 0xc3)
++ return second >= 0x80 && second <= 0xff && second != 0x97 && second != 0xb7 ? 2 : 0;
++ // 0x2ff = 0xcb 0xbf utf-8, 0x300 = 0xcc 0x80 utf-8
++ if (first >= 0xc4 && first <= 0xcb)
++ return 2;
++
++ // [#x0300-#x036F]
++ // 0x0300 = 0xcc 0x80 utf-8, 0x36f = 0xcd 0xaf utf-8
++ if (!only_start_name && first == 0xcc)
++ return 2;
++ if (!only_start_name && first == 0xcd && second <= 0xaf)
++ return 2;
++
++ // [#x370-#x37D] | [#x37F-#x1FFF]
++ // 0x370 = 0xcd 0xb0 utf-8, 0x37e = 0xcd 0xbe
++ if (first < 0xcd)
++ return 0;
++ if (first == 0xcd)
++ return second >= 0xb0 && second != 0xbe ? 2 : 0;
++ // 0x07ff = 0xdf 0xbf utf-8 (the last 2-byte utf-8)
++ if (first <= 0xdf)
++ return 2;
++
++ if (first < 0xe0)
++ return 0;
++ if (mp_end < mp_char + 2)
++ return 0;
++ const unsigned char third = mp_char[2];
++
++ // 0x0800 = 0xe0 0xa0 0x80 utf-8, 0x1fff = 0xe1 0xbf 0xbf utf-8, 0x2000 = 0xe2 0x80 0x80
++ if (first == 0xe0 || first == 0xe1)
++ return 3;
++
++ // [#x200C-#x200D]
++ // 0x200c = 0xe2 0x80 0x8c utf-8, 0x200d = 0xe2 0x80 0x8d utf-8
++ if (first < 0xe2)
++ return 0;
++ if (first == 0xe2 && second == 0x80 && (third == 0x8c || third == 0x8d))
++ return 3;
++
++ // [#x203F-#x2040]
++ // 0x203f = 0xe2 0x80 0xbf utf-8, 0x2040 = 0xe2 0x81 0x80 utf-8
++ if (!only_start_name && first == 0xe2 && second == 0x80 && third == 0xbf)
++ return 3;
++ if (!only_start_name && first == 0xe2 && second == 0x81 && third == 0x80)
++ return 3;
++
++ // [#x2070-#x218F]
++ // 0x2070 = 0xe2 0x81 0xb0 utf-8, 0x218f = 0xe2 0x86 0x8f utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0x81)
++ return 0;
++ if (second >= 0x81 && second < 0x86)
++ return 3;
++ if (second == 0x86 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#x2C00-#x2FEF]
++ // 0x2c00 = 0xe2 0xb0 0x80 utf-8, 0x2fef = 0xe2 0xbf 0xaf utf-8
++ if (first == 0xe2)
++ {
++ if (second < 0xb0)
++ return 0;
++ if (second < 0xbf)
++ return 3;
++ if (second == 0xbf && third <= 0xaf)
++ return 3;
++ }
++
++ // [#x3001-#xD7FF]
++ // 0x3001 = 0xe3 0x80 0x81 utf-8, 0xd7ff = 0xed 0x9f 0xbf utf-8, 0xd800 = 0xed 0xa0 0x80 utf-8
++ if (first < 0xe3)
++ return 0;
++ if (first < 0xed)
++ return 3;
++ if (first == 0xed && second <= 0x9f)
++ return 3;
++
++ // [#xF900-#xFDCF]
++ // 0xf900 = 0xef 0xa4 0x80 utf-8, 0xfdcf = 0xef 0xb7 0x8f utf-8
++ if (first == 0xef)
++ {
++ if (second < 0xa4)
++ return 0;
++ if (second < 0xb7)
++ return 3;
++ if (second == 0xb7 && third <= 0x8f)
++ return 3;
++ }
++
++ // [#xFDF0-#xFFFD]
++ // 0xfdf0 = 0xef 0xb7 0xb0 utf-8, 0xfffd = 0xef 0xbf 0xbd utf-8
++ if (first == 0xef)
++ {
++ assert(second >= 0xb7);
++ if (second == 0xb7 && third < 0xb0)
++ return 0;
++ if (second < 0xbe)
++ return 3;
++ if (second == 0xbf && third <= 0xbd)
++ return 3;
++ }
++
++ if (first < 0xf0)
++ return 0;
++ if (mp_end < mp_char + 3)
++ return 0;
++ // const unsigned char fourth = mp_char[3];
++
++ // [#x10000-#xEFFFF]
++ // 0x10000 = 0xf0 0x90 0x80 0x80 utf-8, 0xeffff = 0xf3 0xaf 0xbf 0xbf utf-8,
++ // 0xf0000 = 0xf3 0xb0 0x80 0x80 utf-8
++ if (first >= 0xf0 && first < 0xf2)
++ return 4;
++ if (first == 0xf3 && second < 0xb0)
++ return 4;
++
++ return 0;
++}
++
++int parser_base::is_name_char()
++{
++ return is_name_char_helper<false>(mp_char, mp_end);
++}
++
++int parser_base::is_name_start_char()
++{
++ return is_name_char_helper<true>(mp_char, mp_end);
++}
++
+ void parser_base::name(pstring& str)
+ {
+ const char* p0 = mp_char;
+- char c = cur_char();
+- if (!is_alpha(c) && c != '_')
++ int skip = is_name_start_char();
++ if (skip == 0)
+ {
+ ::std::ostringstream os;
+- os << "name must begin with an alphabet, but got this instead '" << c << "'";
++ os << "name must begin with an alphabet, but got this instead '" << cur_char() << "'";
+ throw malformed_xml_error(os.str(), offset());
+ }
++ next(skip);
+
+- while (is_alpha(c) || is_numeric(c) || is_name_char(c))
+- c = next_char_checked();
++ for(;;)
++ {
++ cur_char_checked(); // check end of xml stream
++ skip = is_name_char();
++ if(skip == 0)
++ break;
++ next(skip);
++ }
+
+ str = pstring(p0, mp_char-p0);
+ }
+diff --git a/test/xml/non-ascii/check.txt b/test/xml/non-ascii/check.txt
+new file mode 100644
+index 00000000..77b7c003
+--- /dev/null
++++ b/test/xml/non-ascii/check.txt
+@@ -0,0 +1,4 @@
++/Myšička
++/Myšička@jméno="Žužla"
++/Myšička/Nožičky
++/Myšička/Nožičky"4"
+diff --git a/test/xml/non-ascii/input.xml b/test/xml/non-ascii/input.xml
+new file mode 100644
+index 00000000..c516744b
+--- /dev/null
++++ b/test/xml/non-ascii/input.xml
+@@ -0,0 +1,4 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<Myšička jméno="Žužla">
++ <Nožičky>4</Nožičky>
++</Myšička>
+--
+2.26.2
+
diff --git a/external/libxml2/libxml2-android.patch b/external/libxml2/libxml2-android.patch
index 714de61068fb..42af83274026 100644
--- a/external/libxml2/libxml2-android.patch
+++ b/external/libxml2/libxml2-android.patch
@@ -4,7 +4,7 @@
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-recursive
--all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \
+-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \
+all-am: Makefile $(LTLIBRARIES) \
config.h
install-binPROGRAMS: install-libLTLIBRARIES
diff --git a/external/libxml2/libxml2-config.patch.1 b/external/libxml2/libxml2-config.patch.1
index 7d96fb530e57..8c28fb6a7806 100644
--- a/external/libxml2/libxml2-config.patch.1
+++ b/external/libxml2/libxml2-config.patch.1
@@ -25,45 +25,19 @@ Hack the xml2-config to return paths into WORKDIR.
;;
--cflags)
-- echo @XML_INCLUDEDIR@ @XML_CFLAGS@
-+ echo -I${includedir}
-+# echo @XML_INCLUDEDIR@ @XML_CFLAGS@
+- cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++ #cflags="@XML_INCLUDEDIR@ @XML_CFLAGS@"
++ cflags="-I${includedir}"
;;
--libtool-libs)
-@@ -82,19 +88,24 @@
- ;;
+@@ -91,7 +96,8 @@
+ libs="@XML_LIBDIR@ $libs"
+ fi
- --libs)
-- if [ "`uname`" = "Linux" ]
-- then
-- if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
-- then
-- echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-- else
-- echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-- fi
-- else
-- echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@ @WIN32_EXTRA_LIBADD@
-- fi
-+ echo -L${libdir} -lxml2 -lm
-+# if [ "`uname`" = "Linux" ]
-+# then
-+# if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
-+# then
-+# echo @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+# else
-+# echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@
-+# fi
-+# else
-+# echo @XML_LIBDIR@ @XML_LIBS@ @MODULE_PLATFORM_LIBS@ @WIN32_EXTRA_LIBADD@
-+# fi
- ;;
+- libs="$libs @WIN32_EXTRA_LIBADD@"
++ #libs="$libs @WIN32_EXTRA_LIBADD@"
++ libs="-L${libdir} -lxml2 -lm"
+ ;;
-+ print) # ugly configure hack
-+ exit 0
-+ ;;
-+
*)
- usage
- exit 1
diff --git a/external/libxslt/UnpackedTarball_libxslt.mk b/external/libxslt/UnpackedTarball_libxslt.mk
index beb591b8b2a8..b035e99f0a79 100644
--- a/external/libxslt/UnpackedTarball_libxslt.mk
+++ b/external/libxslt/UnpackedTarball_libxslt.mk
@@ -19,7 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\
external/libxslt/libxslt-msvc.patch.2 \
external/libxslt/libxslt-1.1.26-memdump.patch \
external/libxslt/rpath.patch.0 \
- external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 \
+ external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 b/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
deleted file mode 100644
index 260f35d1a35e..000000000000
--- a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
+++ /dev/null
@@ -1,120 +0,0 @@
-From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sun, 24 Mar 2019 09:51:39 +0100
-Subject: [PATCH] Fix security framework bypass
-
-xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
-don't check for this condition and allow access. With a specially
-crafted URL, xsltCheckRead could be tricked into returning an error
-because of a supposedly invalid URL that would still be loaded
-succesfully later on.
-
-Fixes #12.
-
-Thanks to Felix Wilhelm for the report.
----
- libxslt/documents.c | 18 ++++++++++--------
- libxslt/imports.c | 9 +++++----
- libxslt/transform.c | 9 +++++----
- libxslt/xslt.c | 9 +++++----
- 4 files changed, 25 insertions(+), 20 deletions(-)
-
-diff --git a/libxslt/documents.c b/libxslt/documents.c
-index 3f3a7312..4aad11bb 100644
---- a/libxslt/documents.c
-+++ b/libxslt/documents.c
-@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(ctxt->sec, ctxt, URI);
-- if (res == 0) {
-- xsltTransformError(ctxt, NULL, NULL,
-- "xsltLoadDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(ctxt, NULL, NULL,
-+ "xsltLoadDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(sec, NULL, URI);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltLoadStyleDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltLoadStyleDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-diff --git a/libxslt/imports.c b/libxslt/imports.c
-index 874870cc..3783b247 100644
---- a/libxslt/imports.c
-+++ b/libxslt/imports.c
-@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
- int secres;
-
- secres = xsltCheckRead(sec, NULL, URI);
-- if (secres == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsl:import: read rights for %s denied\n",
-- URI);
-+ if (secres <= 0) {
-+ if (secres == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsl:import: read rights for %s denied\n",
-+ URI);
- goto error;
- }
- }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 13793914..0636dbd0 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
- */
- if (ctxt->sec != NULL) {
- ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
-- if (ret == 0) {
-- xsltTransformError(ctxt, NULL, inst,
-- "xsltDocumentElem: write rights for %s denied\n",
-- filename);
-+ if (ret <= 0) {
-+ if (ret == 0)
-+ xsltTransformError(ctxt, NULL, inst,
-+ "xsltDocumentElem: write rights for %s denied\n",
-+ filename);
- xmlFree(URL);
- xmlFree(filename);
- return;
-diff --git a/libxslt/xslt.c b/libxslt/xslt.c
-index 780a5ad7..a234eb79 100644
---- a/libxslt/xslt.c
-+++ b/libxslt/xslt.c
-@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
- int res;
-
- res = xsltCheckRead(sec, NULL, filename);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltParseStylesheetFile: read rights for %s denied\n",
-- filename);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltParseStylesheetFile: read rights for %s denied\n",
-+ filename);
- return(NULL);
- }
- }
---
-2.18.1
-
diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
new file mode 100644
index 000000000000..f82c2e4f77ee
--- /dev/null
+++ b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
@@ -0,0 +1,69 @@
+From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001
+From: Chun-wei Fan <fanchunwei@src.gnome.org>
+Date: Tue, 12 Nov 2019 17:37:05 +0800
+Subject: [PATCH] win32: Add configuration for profiler
+
+Without this the generated xsltconfig.h will not be complete as there
+will be a configuration variable that is left in the header, breaking
+builds.
+
+This will allow one to enable or disable profiler support in Windows
+builds, and the default is to enable this.
+---
+ win32/configure.js | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/win32/configure.js b/win32/configure.js
+index 56694cce..12c99f30 100644
+--- a/win32/configure.js
++++ b/win32/configure.js
+@@ -47,6 +47,7 @@ var withIconv = true;
+ var withZlib = false;
+ var withCrypto = true;
+ var withModules = false;
++var withProfiler = true;
+ /* Win32 build options. */
+ var dirSep = "\\";
+ var compiler = "msvc";
+@@ -106,6 +107,7 @@ function usage()
+ txt += " zlib: Use zlib library (" + (withZlib? "yes" : "no") + ")\n";
+ txt += " crypto: Enable Crypto support (" + (withCrypto? "yes" : "no") + ")\n";
+ txt += " modules: Enable Module support (" + (withModules? "yes" : "no") + ")\n";
++ txt += " profiler: Enable Profiler support (" + (withProfiler? "yes" : "no") + ")\n";
+ txt += "\nWin32 build options, default value given in parentheses:\n\n";
+ txt += " compiler: Compiler to be used [msvc|mingw] (" + compiler + ")\n";
+ txt += " cruntime: C-runtime compiler option (only msvc) (" + cruntime + ")\n";
+@@ -192,6 +194,7 @@ function discoverVersion()
+ vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0"));
+ vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0"));
+ vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0"));
++ vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0"));
+ vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
+ vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
+ vf.WriteLine("PREFIX=" + buildPrefix);
+@@ -240,6 +243,8 @@ function configureXslt()
+ of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/, withDebugger? "1" : "0"));
+ } else if (s.search(/\@WITH_MODULES\@/) != -1) {
+ of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules? "1" : "0"));
++ } else if (s.search(/\@WITH_PROFILER\@/) != -1) {
++ of.WriteLine(s.replace(/\@WITH_PROFILER\@/, withProfiler? "1" : "0"));
+ } else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) {
+ of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL"));
+ } else
+@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) {
+ withCrypto = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "modules")
+ withModules = strToBool(arg.substring(opt.length + 1, arg.length));
++ else if (opt == "profiler")
++ withProfiler = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "compiler")
+ compiler = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "cruntime")
+@@ -477,6 +484,7 @@ txtOut += " Use iconv: " + boolToStr(withIconv) + "\n";
+ txtOut += " With zlib: " + boolToStr(withZlib) + "\n";
+ txtOut += " Crypto: " + boolToStr(withCrypto) + "\n";
+ txtOut += " Modules: " + boolToStr(withModules) + "\n";
++txtOut += " Profiler: " + boolToStr(withProfiler) + "\n";
+ txtOut += "\n";
+ txtOut += "Win32 build configuration\n";
+ txtOut += "-------------------------\n";
diff --git a/external/libxslt/libxslt-config.patch.1 b/external/libxslt/libxslt-config.patch.1
index 5f9d107bd1e7..e4ce5d9e27cf 100644
--- a/external/libxslt/libxslt-config.patch.1
+++ b/external/libxslt/libxslt-config.patch.1
@@ -23,13 +23,13 @@ Hack the xslt-config to return paths into WORKDIR.
usage()
{
-@@ -89,7 +95,8 @@
- shift
- done
+@@ -92,7 +98,8 @@
+ libs="@XSLT_LIBDIR@ $libs"
+ fi
--the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+#the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+the_libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
- if test "$includedir" != "/usr/include"; then
- the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`"
- else
+- libs="$libs @EXTRA_LIBS@"
++ #libs="$libs @EXTRA_LIBS@"
++ libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
+ ;;
+
+ *)
diff --git a/external/libxslt/libxslt-internal-symbols.patch.1 b/external/libxslt/libxslt-internal-symbols.patch.1
index 7b13e1007c00..84a15154d729 100644
--- a/external/libxslt/libxslt-internal-symbols.patch.1
+++ b/external/libxslt/libxslt-internal-symbols.patch.1
@@ -1,13 +1,13 @@
--- xslt/libxslt/libxslt.syms.orig 2017-09-05 16:25:50.504966267 +0200
+++ xslt/libxslt/libxslt.syms 2017-09-05 16:41:00.256895709 +0200
@@ -497,5 +497,10 @@
- # xsltInternals
- xsltFlagRVTs;
- xsltDecimalFormatGetByQName;
+
+ # pattern
+ xsltCompMatchClearCache;
+
+# Solaris ld needs explicit auto-reduction (or, alternatively, "-B local")
+ local:
+ *;
+
- } LIBXML2_1.1.27;
+ } LIBXML2_1.1.30;
diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk
index e83054ca79b7..4e17c1d4d04f 100644
--- a/external/nss/ExternalProject_nss.mk
+++ b/external/nss/ExternalProject_nss.mk
@@ -16,21 +16,25 @@ $(eval $(call gb_ExternalProject_register_targets,nss,\
))
ifeq ($(OS),WNT)
-$(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecutable_get_dependencies,python)
+$(call gb_ExternalProject_get_state_target,nss,build): \
+ $(call gb_ExternalExecutable_get_dependencies,python) \
+ $(SRCDIR)/external/nss/nsinstall.py
$(call gb_ExternalProject_run,build,\
$(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \
- MOZ_MSVCVERSION=9 OS_TARGET=WIN95 \
+ OS_TARGET=WIN95 \
$(if $(filter X86_64,$(CPUNAME)),USE_64=1) \
LIB="$(ILIB)" \
XCFLAGS="-arch:SSE $(SOLARINC)" \
- $(MAKE) -j1 nss_build_all RC="rc.exe $(SOLARINC)" \
+ $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \
NSINSTALL='$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \
,nss)
else # OS!=WNT
# make sure to specify NSPR_CONFIGURE_OPTS as env (before make command), so nss can append it's own defaults
# OTOH specify e.g. CC and NSINSTALL as arguments (after make command), so they will overrule nss makefile values
-$(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecutable_get_dependencies,python)
+$(call gb_ExternalProject_get_state_target,nss,build): \
+ $(call gb_ExternalExecutable_get_dependencies,python) \
+ $(SRCDIR)/external/nss/nsinstall.py
$(call gb_ExternalProject_run,build,\
$(if $(filter FREEBSD LINUX MACOSX,$(OS)),$(if $(filter X86_64,$(CPUNAME)),USE_64=1)) \
$(if $(filter IOS,$(OS)),\
@@ -45,7 +49,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta
$(if $(filter IOS-ARM,$(OS)-$(CPUNAME)),CPU_ARCH=arm) \
NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)") \
NSDISTMODE=copy \
- $(MAKE) -j1 AR="$(AR)" \
+ $(MAKE) AR="$(AR)" \
RANLIB="$(RANLIB)" \
NMEDIT="$(NM)edit" \
COMMA=$(COMMA) \
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index 98cfe73ab4aa..2e6e7f80e3ee 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -12,34 +12,31 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,nss))
$(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL)))
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/nss.patch \
- external/nss/nss.aix.patch \
- external/nss/nss-3.13.5-zlib-werror.patch \
- external/nss/nss_macosx.patch \
- external/nss/nss-win32-make.patch.1 \
- $(if $(filter WNT,$(OS)),external/nss/nss.windows.patch \
- external/nss/nss.nowerror.patch \
- external/nss/nss.vs2015.patch) \
+ external/nss/nss.patch \
+ external/nss/nss.aix.patch \
+ external/nss/nss-3.13.5-zlib-werror.patch \
+ external/nss/nss_macosx.patch \
+ external/nss/nss-win32-make.patch.1 \
external/nss/ubsan.patch.0 \
external/nss/clang-cl.patch.0 \
- $(if $(filter IOS,$(OS)), \
- external/nss/nss-chromium-nss-static.patch \
- external/nss/nss-more-static.patch \
+ external/nss/nss.vs2015.patch \
+ external/nss/nss.vs2015.pdb.patch \
+ $(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
- $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
- external/nss/nss.cygwin64.in32bit.patch) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.vs2015.pdb.patch) \
- $(if $(filter WNT,$(OS)), \
- external/nss/nss.utf8bom.patch.1) \
- $(if $(filter ANDROID,$(OS)), \
- external/nss/nss-android.patch.1) \
+ $(if $(filter ANDROID,$(OS)), \
+ external/nss/nss-android.patch.1) \
+ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \
+ external/nss/nss.cygwin64.in32bit.patch) \
+ $(if $(filter WNT,$(OS)), \
+ external/nss/nss.windows.patch \
+ external/nss/nss.nowerror.patch \
+ external/nss/nss.utf8bom.patch.1) \
))
ifeq ($(COM_IS_CLANG),TRUE)
ifneq ($(filter -fsanitize=%,$(CC)),)
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
- external/nss/asan.patch.1 \
+ external/nss/asan.patch.1 \
))
endif
endif
diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0
index 684cf74d3ca6..1d615c2397d8 100644
--- a/external/nss/clang-cl.patch.0
+++ b/external/nss/clang-cl.patch.0
@@ -15,29 +15,29 @@
--- nspr/pr/include/prbit.h
+++ nspr/pr/include/prbit.h
@@ -14,7 +14,7 @@
- ** functions.
*/
#if defined(_WIN32) && (_MSC_VER >= 1300) && \
-- (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM))
-+ (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) && !defined __clang__
+ (defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM) || \
+- defined(_M_ARM64))
++ defined(_M_ARM64)) && !defined __clang__
# include <intrin.h>
# pragma intrinsic(_BitScanForward,_BitScanReverse)
- __forceinline static int __prBitScanForward32(unsigned int val)
+ __forceinline static int __prBitScanForward32(unsigned int val)
@@ -32,7 +32,7 @@
# define pr_bitscan_ctz32(val) __prBitScanForward32(val)
# define pr_bitscan_clz32(val) __prBitScanReverse32(val)
# define PR_HAVE_BUILTIN_BITSCAN32
-#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \
+#elif defined __GNUC__ && ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \
- (defined(__i386__) || defined(__x86_64__) || defined(__arm__))
+ (defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \
+ defined(__aarch64__))
# define pr_bitscan_ctz32(val) __builtin_ctz(val)
- # define pr_bitscan_clz32(val) __builtin_clz(val)
@@ -136,7 +136,7 @@
*/
#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \
-- defined(_M_X64) || defined(_M_ARM))
-+ defined(_M_X64) || defined(_M_ARM)) && !defined __clang__
+- defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64))
++ defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined __clang__
#include <stdlib.h>
#pragma intrinsic(_rotl, _rotr)
#define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits)
diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py
index 31b3de3450c5..d90a85e6c540 100644
--- a/external/nss/nsinstall.py
+++ b/external/nss/nsinstall.py
@@ -99,17 +99,17 @@ def nsinstall(argv):
if options.D:
if len(args) != 1:
return 1
- if os.path.exists(args[0]):
+ try:
+ if options.m:
+ os.makedirs(args[0], options.m)
+ else:
+ os.makedirs(args[0])
+ except FileExistsError:
if not os.path.isdir(args[0]):
sys.stderr.write('nsinstall: ' + args[0] + ' is not a directory\n')
sys.exit(1)
if options.m:
os.chmod(args[0], options.m)
- sys.exit()
- if options.m:
- os.makedirs(args[0], options.m)
- else:
- os.makedirs(args[0])
return 0
# nsinstall arg1 [...] directory
@@ -155,7 +155,12 @@ def nsinstall(argv):
target = args.pop()
# ensure target directory
if not os.path.isdir(target):
- os.makedirs(target)
+ try:
+ os.makedirs(target)
+ except FileExistsError:
+ if not os.path.isdir(target):
+ sys.stderr.write('nsinstall: ' + target + ' is not a directoy!\n')
+ return 1
copy_all_entries(args, target)
return 0
diff --git a/external/nss/nss-3.13.5-zlib-werror.patch b/external/nss/nss-3.13.5-zlib-werror.patch
index 6cda50023f1b..0cdbf7808f81 100644
--- a/external/nss/nss-3.13.5-zlib-werror.patch
+++ b/external/nss/nss-3.13.5-zlib-werror.patch
@@ -1,9 +1,10 @@
--- a/a/nss/lib/zlib/gzguts.h 2010-08-22 03:07:03.000000000 +0200
+++ b/b/nss/lib/zlib/gzguts.h 2012-07-17 08:52:14.821552788 +0200
-@@ -26,6 +26,9 @@
- # include <limits.h>
+@@ -26,6 +26,10 @@
+ # define write _write
+ # define close _close
#endif
- #include <fcntl.h>
++
+#ifndef _WIN32
+#include <unistd.h>
+#endif
diff --git a/external/nss/nss-chromium-nss-static.patch b/external/nss/nss-chromium-nss-static.patch
deleted file mode 100644
index 9d7a4e4352b1..000000000000
--- a/external/nss/nss-chromium-nss-static.patch
+++ /dev/null
@@ -1,487 +0,0 @@
-Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch
-
---- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700
-@@ -13,9 +13,11 @@
- #include "certdb.h"
- #include "certi.h"
- #include "cryptohi.h"
-+#ifndef NSS_DISABLE_LIBPKIX
- #include "pkix.h"
- /*#include "pkix_sample_modules.h" */
- #include "pkix_pl_cert.h"
-+#endif /* NSS_DISABLE_LIBPKIX */
-
-
- #include "nsspki.h"
-@@ -24,6 +26,47 @@
- #include "pki3hack.h"
- #include "base.h"
-
-+#ifdef NSS_DISABLE_LIBPKIX
-+SECStatus
-+cert_VerifyCertChainPkix(
-+ CERTCertificate *cert,
-+ PRBool checkSig,
-+ SECCertUsage requiredUsage,
-+ PRTime time,
-+ void *wincx,
-+ CERTVerifyLog *log,
-+ PRBool *pSigerror,
-+ PRBool *pRevoked)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+
-+SECStatus
-+CERT_SetUsePKIXForValidation(PRBool enable)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+
-+PRBool
-+CERT_GetUsePKIXForValidation()
-+{
-+ return PR_FALSE;
-+}
-+
-+SECStatus CERT_PKIXVerifyCert(
-+ CERTCertificate *cert,
-+ SECCertificateUsage usages,
-+ CERTValInParam *paramsIn,
-+ CERTValOutParam *paramsOut,
-+ void *wincx)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+#endif /* NSS_DISABLE_LIBPKIX */
-+
- /*
- * Check the validity times of a certificate
- */
---- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700
-@@ -1752,7 +1752,7 @@
- }
- #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
-
--static CK_RV CK_ENTRY
-+CK_RV CK_ENTRY
- __ADJOIN(MODULE_NAME,C_GetFunctionList)
- (
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-@@ -1830,7 +1830,7 @@
- __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
- };
-
--static CK_RV CK_ENTRY
-+CK_RV CK_ENTRY
- __ADJOIN(MODULE_NAME,C_GetFunctionList)
- (
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-@@ -1840,6 +1840,8 @@
- return CKR_OK;
- }
-
-+#define NSS_STATIC
-+#ifndef NSS_STATIC
- /* This one is always present */
- CK_RV CK_ENTRY
- C_GetFunctionList
-@@ -1849,6 +1850,7 @@
- {
- return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
- }
-+#endif
-
- #undef __ADJOIN
-
---- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700
-@@ -1559,6 +1559,14 @@
- RSA_Cleanup();
- }
-
-+#define NSS_STATIC
-+#ifdef NSS_STATIC
-+void
-+BL_Unload(void)
-+{
-+}
-+#endif
-+
- PRBool bl_parentForkedAfterC_Initialize;
-
- /*
---- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700
-@@ -273,9 +273,22 @@
- return SECSuccess;
- }
-
-+/*
-+ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
-+ * if you're using NSS as static libraries), but want to conform to the
-+ * rest of the FIPS requirements.
-+ */
-+#define NSS_STATIC
-+#ifdef NSS_STATIC
-+#define PSEUDO_FIPS
-+#endif
-+
- PRBool
- BLAPI_SHVerify(const char *name, PRFuncPtr addr)
- {
-+#ifdef PSEUDO_FIPS
-+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
-+#else
- PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
- /* find our shared library name */
-@@ -291,11 +303,15 @@
- }
-
- return result;
-+#endif /* PSEUDO_FIPS */
- }
-
- PRBool
- BLAPI_SHVerifyFile(const char *shName)
- {
-+#ifdef PSEUDO_FIPS
-+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
-+#else
- char *checkName = NULL;
- PRFileDesc *checkFD = NULL;
- PRFileDesc *shFD = NULL;
-@@ -492,6 +508,7 @@
- }
-
- return result;
-+#endif /* PSEUDO_FIPS */
- }
-
- PRBool
---- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700
-@@ -201,7 +201,11 @@
-
- typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
- CERTImportCertificateFunc f, void *arg);
--
-+#define NSS_STATIC
-+#ifdef NSS_STATIC
-+extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
-+ CERTImportCertificateFunc f, void* arg);
-+#endif
-
- struct pkix_DecodeFuncStr {
- pkix_DecodeCertsFunc func; /* function pointer to the
-@@ -223,6 +226,11 @@
- */
- static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
- {
-+#ifdef NSS_STATIC
-+ pkix_decodeFunc.smimeLib = NULL;
-+ pkix_decodeFunc.func = CERT_DecodeCertPackage;
-+ return PR_SUCCESS;
-+#else
- pkix_decodeFunc.smimeLib =
- PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
- if (pkix_decodeFunc.smimeLib == NULL) {
-@@ -235,7 +243,7 @@
- return PR_FAILURE;
- }
- return PR_SUCCESS;
--
-+#endif
- }
-
- /*
---- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700
-@@ -20,9 +20,11 @@
- #include "secerr.h"
- #include "nssbase.h"
- #include "nssutil.h"
-+#ifndef NSS_DISABLE_LIBPKIX
- #include "pkixt.h"
- #include "pkix.h"
- #include "pkix_tools.h"
-+#endif /* NSS_DISABLE_LIBPKIX */
-
- #include "pki3hack.h"
- #include "certi.h"
-@@ -530,8 +532,10 @@
- PRBool dontFinalizeModules)
- {
- SECStatus rv = SECFailure;
-+#ifndef NSS_DISABLE_LIBPKIX
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_Error *pkixError = NULL;
-+#endif
- PRBool isReallyInitted;
- char *configStrings = NULL;
- char *configName = NULL;
-@@ -685,6 +689,7 @@
- pk11sdr_Init();
- cert_CreateSubjectKeyIDHashTable();
-
-+#ifndef NSS_DISABLE_LIBPKIX
- pkixError = PKIX_Initialize
- (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
-@@ -697,6 +702,7 @@
- CERT_SetUsePKIXForValidation(PR_TRUE);
- }
- }
-+#endif /* NSS_DISABLE_LIBPKIX */
-
-
- }
-@@ -1081,7 +1087,9 @@
- cert_DestroyLocks();
- ShutdownCRLCache();
- OCSP_ShutdownGlobal();
-+#ifndef NSS_DISABLE_LIBPKIX
- PKIX_Shutdown(plContext);
-+#endif
- SECOID_Shutdown();
- status = STAN_Shutdown();
- cert_DestroySubjectKeyIDHashTable();
---- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700
-@@ -318,6 +318,13 @@
- }
- }
-
-+#define NSS_STATIC
-+#ifdef NSS_STATIC
-+extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args);
-+extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+#else
- static const char* my_shlib_name =
- SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
- static const char* softoken_shlib_name =
-@@ -326,12 +332,14 @@
- static PRCallOnceType loadSoftokenOnce;
- static PRLibrary* softokenLib;
- static PRInt32 softokenLoadCount;
-+#endif /* NSS_STATIC */
-
- #include "prio.h"
- #include "prprf.h"
- #include <stdio.h>
- #include "prsystem.h"
-
-+#ifndef NSS_STATIC
- /* This function must be run only once. */
- /* determine if hybrid platform, then actually load the DSO. */
- static PRStatus
-@@ -348,6 +356,7 @@
- }
- return PR_FAILURE;
- }
-+#endif /* !NSS_STATIC */
-
- /*
- * load a new module into our address space and initialize it.
-@@ -366,6 +375,16 @@
-
- /* intenal modules get loaded from their internal list */
- if (mod->internal && (mod->dllName == NULL)) {
-+#ifdef NSS_STATIC
-+ if (mod->isFIPS) {
-+ entry = FC_GetFunctionList;
-+ } else {
-+ entry = NSC_GetFunctionList;
-+ }
-+ if (mod->isModuleDB) {
-+ mod->moduleDBFunc = NSC_ModuleDBFunc;
-+ }
-+#else
- /*
- * Loads softoken as a dynamic library,
- * even though the rest of NSS assumes this as the "internal" module.
-@@ -391,6 +410,7 @@
- mod->moduleDBFunc = (CK_C_GetFunctionList)
- PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
- }
-+#endif
-
- if (mod->moduleDBOnly) {
- mod->loaded = PR_TRUE;
-@@ -401,6 +421,15 @@
- if (mod->dllName == NULL) {
- return SECFailure;
- }
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+ if (strstr(mod->dllName, "nssckbi") != NULL) {
-+ mod->library = NULL;
-+ PORT_Assert(!mod->moduleDBOnly);
-+ entry = builtinsC_GetFunctionList;
-+ PORT_Assert(!mod->isModuleDB);
-+ goto library_loaded;
-+ }
-+#endif
-
- /* load the library. If this succeeds, then we have to remember to
- * unload the library if anything goes wrong from here on out...
-@@ -423,6 +452,9 @@
- mod->moduleDBFunc = (void *)
- PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
- }
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+library_loaded:
-+#endif
- if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
- if (entry == NULL) {
- if (mod->isModuleDB) {
-@@ -562,6 +594,7 @@
- * if not, we should change this to SECFailure and move it above the
- * mod->loaded = PR_FALSE; */
- if (mod->internal && (mod->dllName == NULL)) {
-+#ifndef NSS_STATIC
- if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
- if (softokenLib) {
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
-@@ -573,12 +606,18 @@
- }
- loadSoftokenOnce = pristineCallOnce;
- }
-+#endif
- return SECSuccess;
- }
-
- library = (PRLibrary *)mod->library;
- /* paranoia */
- if (library == NULL) {
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+ if (strstr(mod->dllName, "nssckbi") != NULL) {
-+ return SECSuccess;
-+ }
-+#endif
- return SECFailure;
- }
-
---- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700
-@@ -23,6 +23,8 @@
- static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
- static LGShutdownFunc legacy_glue_shutdown = NULL;
-
-+#define NSS_STATIC
-+#ifndef NSS_STATIC
- /*
- * The following 3 functions duplicate the work done by bl_LoadLibrary.
- * We should make bl_LoadLibrary a global and replace the call to
-@@ -160,6 +161,7 @@
-
- return lib;
- }
-+#endif /* STATIC LIBRARIES */
-
- /*
- * stub files for legacy db's to be able to encrypt and decrypt
-@@ -272,6 +274,21 @@
- return SECSuccess;
- }
-
-+#ifdef NSS_STATIC
-+#ifdef NSS_DISABLE_DBM
-+ return SECFailure;
-+#else
-+ lib = (PRLibrary *) 0x8;
-+
-+ legacy_glue_open = legacy_Open;
-+ legacy_glue_readSecmod = legacy_ReadSecmodDB;
-+ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
-+ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
-+ legacy_glue_addSecmod = legacy_AddSecmodDB;
-+ legacy_glue_shutdown = legacy_Shutdown;
-+ setCryptFunction = legacy_SetCryptFunctions;
-+#endif
-+#else
- lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
- if (lib == NULL) {
- return SECFailure;
-@@ -297,11 +314,14 @@
- PR_UnloadLibrary(lib);
- return SECFailure;
- }
-+#endif /* NSS_STATIC */
-
- /* verify the loaded library if we are in FIPS mode */
- if (isFIPS) {
- if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
-+#ifndef NSS_STATIC
- PR_UnloadLibrary(lib);
-+#endif
- return SECFailure;
- }
- legacy_glue_libCheckSucceeded = PR_TRUE;
-@@ -418,10 +438,12 @@
- #endif
- crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
- }
-+#ifndef NSS_STATIC
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
- if (!disableUnload) {
- PR_UnloadLibrary(legacy_glue_lib);
- }
-+#endif
- legacy_glue_lib = NULL;
- legacy_glue_open = NULL;
- legacy_glue_readSecmod = NULL;
---- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700
-@@ -38,6 +38,25 @@
- typedef void (*LGSetForkStateFunc)(PRBool);
- typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
-
-+extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
-+ const char *keyPrefix,
-+ int certVersion, int keyVersion, int flags,
-+ SDB **certDB, SDB **keyDB);
-+extern char ** legacy_ReadSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
-+ const char *filename,
-+ const char *dbname, char **params, PRBool rw);
-+extern SECStatus legacy_DeleteSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_AddSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_Shutdown(PRBool forked);
-+extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
-+
- /*
- * Softoken Glue Functions
- */
---- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200
-+++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700
-@@ -210,6 +210,8 @@
-
- extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
-
-+#define NSS_STATIC
-+#ifndef NSS_STATIC
- /*
- * Load a shared library called "newShLibName" in the same directory as
- * a shared library that is already loaded, called existingShLibName.
-@@ -244,6 +245,7 @@
- PORT_LoadLibraryFromOrigin(const char* existingShLibName,
- PRFuncPtr staticShLibFunc,
- const char *newShLibName);
-+#endif /* NSS_STATIC */
-
- SEC_END_PROTOS
-
diff --git a/external/nss/nss-more-static.patch b/external/nss/nss-more-static.patch
deleted file mode 100644
index 26948f0be24c..000000000000
--- a/external/nss/nss-more-static.patch
+++ /dev/null
@@ -1,39 +0,0 @@
---- a/a/nss/lib/freebl/loader.c
-+++ a/a/nss/lib/freebl/loader.c
-@@ -114,6 +114,7 @@
-
- #include "genload.c"
-
-+extern FREEBLGetVectorFn FREEBL_GetVector;
- /* This function must be run only once. */
- /* determine if hybrid platform, then actually load the DSO. */
- static PRStatus
-@@ -136,9 +136,9 @@
- return PR_FAILURE;
- }
-
-- handle = loader_LoadLibrary(name);
-- if (handle) {
-- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
-+ handle = 0;
-+ {
-+ PRFuncPtr address = FREEBL_GetVector;
- if (address) {
- FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address;
- const FREEBLVector *dsoVector = getVector();
-@@ -887,6 +887,7 @@
- void
- BL_Unload(void)
- {
-+#if 0
- /* This function is not thread-safe, but doesn't need to be, because it is
- * only called from functions that are also defined as not thread-safe,
- * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
-@@ -905,6 +905,7 @@
- }
- blLib = NULL;
- loadFreeBLOnce = pristineCallOnce;
-+#endif
- }
-
- /* ============== New for 3.003 =============================== */
diff --git a/external/nss/nss-win32-make.patch.1 b/external/nss/nss-win32-make.patch.1
index bc5a759275e2..7ba3df451ee6 100644
--- a/external/nss/nss-win32-make.patch.1
+++ b/external/nss/nss-win32-make.patch.1
@@ -1,7 +1,7 @@
--- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200
+++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200
@@ -259,7 +259,7 @@
- @$(MAKE_OBJDIR)
+ $(LIBRARY): $(OBJS) | $$(@D)/d
rm -f $@
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
- $(AR) $(subst /,\\,$(OBJS))
diff --git a/external/nss/nss.aix.patch b/external/nss/nss.aix.patch
index da9aacb10e84..4b0c6bfb3261 100644
--- a/external/nss/nss.aix.patch
+++ b/external/nss/nss.aix.patch
@@ -38,7 +38,7 @@ diff -ru a/nspr/pr/src/Makefile.in b/nspr/pr/src/Makefile.in
--- a/a/nspr/pr/src/Makefile.in 2014-09-29 16:46:35.281395079 +0100
+++ b/b/nspr/pr/src/Makefile.in 2014-09-29 16:50:33.909375948 +0100
@@ -74,7 +74,6 @@
- endif
+ endif # SunOS
ifeq ($(OS_ARCH),AIX)
-DSO_LDOPTS += -binitfini::_PR_Fini
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index 6219775c2d3c..d9aaee5199bb 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -12,14 +12,14 @@
--- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530
+++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530
@@ -438,7 +438,7 @@
- char *buf = *bufp;
- PRIntn buflen = *buflenp;
+ char *buf = *bufp;
+ PRIntn buflen = *buflenp;
-- if (align && ((long)buf & (align - 1))) {
-+ if (align && ((ptrdiff_t)buf & (align - 1))) {
- PRIntn skip = align - ((ptrdiff_t)buf & (align - 1));
- if (buflen < skip) {
- return 0;
+- if (align && ((long)buf & (align - 1))) {
++ if (align && ((ptrdiff_t)buf & (align - 1))) {
+ PRIntn skip = align - ((ptrdiff_t)buf & (align - 1));
+ if (buflen < skip) {
+ return 0;
--- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530
+++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530
@@ -10,17 +10,22 @@
@@ -153,16 +153,3 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
-@@ -89,10 +91,10 @@
- NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
- endif
- ifdef CC
--NSPR_CONFIGURE_ENV = CC=$(CC)
-+NSPR_CONFIGURE_ENV = CC="$(CC) "
- endif
- ifdef CCC
--NSPR_CONFIGURE_ENV += CXX=$(CCC)
-+NSPR_CONFIGURE_ENV += CXX="$(CCC) "
- endif
- # Remove -arch definitions. NSPR can't handle that.
- NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
diff --git a/external/nss/nss.vs2015.pdb.patch b/external/nss/nss.vs2015.pdb.patch
index dc4f4638b476..c66940132cdd 100644
--- a/external/nss/nss.vs2015.pdb.patch
+++ b/external/nss/nss.vs2015.pdb.patch
@@ -18,5 +18,5 @@ diff -ru nss.orig/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk
- OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
+ OPTIMIZER += -Zi -Fd./ -Od
NULLSTRING :=
- SPACE := $(NULLSTRING) # end of the line
- USERNAME := $(subst $(SPACE),_,$(USERNAME))
+ DEFINES += -DDEBUG -UNDEBUG
+ DLLFLAGS += -DEBUG -OUT:$@
diff --git a/external/nss/nss.windows.patch b/external/nss/nss.windows.patch
index 9dbeaa946520..901846e7bc1f 100644
--- a/external/nss/nss.windows.patch
+++ b/external/nss/nss.windows.patch
@@ -18,8 +18,8 @@
-core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))'
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(shell cygpath -m $(1))),$(1),$(shell cygpath -m $(PWD)/$(1))))'
- $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
- @$(MAKE_OBJDIR)
+ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c | $$(@D)/d
+ ifdef USE_NT_C_SYNTAX
--- a/a/nspr/pr/include/md/_win95.h
+++ b/b/nspr/pr/include/md/_win95.h
@@ -312,7 +312,7 @@
diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index 719b8b0e5842..ad600cce1412 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/opensslosxppc.patch \
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
+ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
new file mode 100644
index 000000000000..313f9cd870d7
--- /dev/null
+++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
@@ -0,0 +1,578 @@
+diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c
+--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h
+--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100
+@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_F_ASN1_ITEM_DUP 191
+ # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+ # define ASN1_F_ASN1_ITEM_EX_D2I 120
++# define ASN1_F_ASN1_ITEM_EX_I2D 231
+ # define ASN1_F_ASN1_ITEM_I2D_BIO 192
+ # define ASN1_F_ASN1_ITEM_I2D_FP 193
+ # define ASN1_F_ASN1_ITEM_PACK 198
+@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_AUX_ERROR 100
+ # define ASN1_R_BAD_CLASS 101
+ # define ASN1_R_BAD_OBJECT_HEADER 102
++# define ASN1_R_BAD_TEMPLATE 230
+ # define ASN1_R_BAD_PASSWORD_READ 103
+ # define ASN1_R_BAD_TAG 104
+ # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c
+--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100
+@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
++
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+ if (*pval) {
+diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c
+--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100
+@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c
+--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100
+@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
+ IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ ASN1_SEQUENCE(EDIPARTYNAME) = {
+- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
++ /* DirectoryString is a CHOICE type so use explicit tagging */
++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ } ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+ IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
+ (char *)a);
+ }
+
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++ int res;
++
++ if (a == NULL || b == NULL) {
++ /*
++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++ */
++ return -1;
++ }
++ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++ return -1;
++ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++ return 1;
++ /* If we get here then both have nameAssigner set, or both unset */
++ if (a->nameAssigner != NULL) {
++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++ if (res != 0)
++ return res;
++ }
++ /*
++ * partyName is required, so these should never be NULL. We treat it in
++ * the same way as the a == NULL || b == NULL case above
++ */
++ if (a->partyName == NULL || b->partyName == NULL)
++ return -1;
++
++ return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ break;
++
+ case GEN_EDIPARTY:
+- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ break;
+
+ case GEN_OTHERNAME:
+@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
+ {
+ switch (type) {
+ case GEN_X400:
++ a->d.x400Address = value;
++ break;
++
+ case GEN_EDIPARTY:
+- a->d.other = value;
++ a->d.ediPartyName = value;
+ break;
+
+ case GEN_OTHERNAME:
+@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
+ *ptype = a->type;
+ switch (a->type) {
+ case GEN_X400:
++ return a->d.x400Address;
++
+ case GEN_EDIPARTY:
+- return a->d.other;
++ return a->d.ediPartyName;
+
+ case GEN_OTHERNAME:
+ return a->d.otherName;
+diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c
+--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100
+@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch
+ }
+ }
+
++struct gennamedata {
++ const unsigned char der[22];
++ size_t derlen;
++} gennames[] = {
++ {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * SEQUENCE {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * [APPLICATION 0] {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { TRUE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { FALSE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
++ },
++ 22
++ }, {
++ /* [1 PRIMITIVE] { "a" } */
++ {
++ 0x81, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [1 PRIMITIVE] { "b" } */
++ {
++ 0x81, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "a" } */
++ {
++ 0x82, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "b" } */
++ {
++ 0x82, 0x01, 0x62
++ },
++ 3
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "a" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x61
++ },
++ 16
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "b" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x62
++ },
++ 16
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String {}
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 11
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /* [6 PRIMITIVE] { "a" } */
++ {
++ 0x86, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [6 PRIMITIVE] { "b" } */
++ {
++ 0x86, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [7 PRIMITIVE] { `11111111` } */
++ {
++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `22222222`} */
++ {
++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
++ {
++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
++ },
++ 18
++ }, {
++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
++ {
++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
++ },
++ 18
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x01
++ },
++ 15
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x02
++ },
++ 15
++ }
++};
++
++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
++
++static int test_GENERAL_NAME_cmp(void)
++{
++ size_t i, j;
++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
++ * OSSL_NELEM(gennames));
++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
++ * OSSL_NELEM(gennames));
++ int testresult = 0;
++
++ if (namesa == NULL || namesb == NULL)
++ goto end;
++
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ const unsigned char *derp = gennames[i].der;
++
++ /*
++ * We create two versions of each GENERAL_NAME so that we ensure when
++ * we compare them they are always different pointers.
++ */
++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ derp = gennames[i].der;
++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ if (namesa[i] == NULL || namesb[i] == NULL)
++ goto end;
++ }
++
++ /* Every name should be equal to itself and not equal to any others. */
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ for (j = 0; j < OSSL_NELEM(gennames); j++) {
++ if (i == j) {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0)
++ goto end;
++ } else {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0)
++ goto end;
++ }
++ }
++ }
++ testresult = 1;
++
++ end:
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ if (namesa != NULL)
++ GENERAL_NAME_free(namesa[i]);
++ if (namesb != NULL)
++ GENERAL_NAME_free(namesb[i]);
++ }
++ OPENSSL_free(namesa);
++ OPENSSL_free(namesb);
++
++ if (!testresult)
++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n");
++
++ return testresult;
++}
++
++
++
+ int main(void)
+ {
+ const struct set_name_fn *pfn = name_fns;
+@@ -342,5 +692,8 @@ int main(void)
+ }
+ ++pfn;
+ }
++
++ errors += !test_GENERAL_NAME_cmp();
++
+ return errors > 0 ? 1 : 0;
+ }
diff --git a/external/pdfium/Library_pdfium.mk b/external/pdfium/Library_pdfium.mk
index 0019535857a6..d9caafa8c955 100644
--- a/external/pdfium/Library_pdfium.mk
+++ b/external/pdfium/Library_pdfium.mk
@@ -20,12 +20,15 @@ $(eval $(call gb_Library_set_include,pdfium,\
))
$(eval $(call gb_Library_add_defs,pdfium,\
- -DPDFIUM_DLLIMPLEMENTATION \
+ -DFPDF_IMPLEMENTATION \
-DUSE_SYSTEM_LCMS2 \
-DUSE_SYSTEM_LIBJPEG \
-DUSE_SYSTEM_ZLIB \
+ -DUSE_SYSTEM_ICUUC \
-DMEMORY_TOOL_REPLACES_ALLOCATOR \
-DUNICODE \
+ -DWIN32_LEAN_AND_MEAN \
+ -DCOMPONENT_BUILD \
))
# Don't show warnings upstream doesn't care about.
@@ -40,15 +43,12 @@ $(eval $(call gb_Library_set_generated_cxx_suffix,pdfium,cpp))
# pdfium
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
- UnpackedTarball/pdfium/fpdfsdk/cfx_systemhandler \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_annot \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_annothandlermgr \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_annotiteration \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannothandler \
- UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_datetime \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_formfillenvironment \
- UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_interform \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_pageview \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_widget \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_widgethandler \
@@ -66,7 +66,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_fieldaction \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_filewriteadapter \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_helpers \
- UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_memoryaccess \
UnpackedTarball/pdfium/fpdfsdk/fpdf_annot \
UnpackedTarball/pdfium/fpdfsdk/fpdf_attachment \
UnpackedTarball/pdfium/fpdfsdk/fpdf_catalog \
@@ -79,20 +78,21 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/fpdf_save \
UnpackedTarball/pdfium/fpdfsdk/fpdf_text \
UnpackedTarball/pdfium/fpdfsdk/fpdf_view \
- UnpackedTarball/pdfium/fpdfsdk/ipdfsdk_pauseadapter \
- UnpackedTarball/pdfium/fpdfsdk/cpdf_annotcontext \
+ UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_pauseadapter \
+ UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_interactiveform \
+ UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_renderpage \
+ UnpackedTarball/pdfium/fpdfsdk/fpdf_signature \
))
# fdrm
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
- UnpackedTarball/pdfium/core/fdrm/crypto/fx_crypt \
- UnpackedTarball/pdfium/core/fdrm/crypto/fx_crypt_aes \
- UnpackedTarball/pdfium/core/fdrm/crypto/fx_crypt_sha \
+ UnpackedTarball/pdfium/core/fdrm/fx_crypt \
+ UnpackedTarball/pdfium/core/fdrm/fx_crypt_aes \
+ UnpackedTarball/pdfium/core/fdrm/fx_crypt_sha \
))
# formfiller
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
- UnpackedTarball/pdfium/fpdfsdk/formfiller/cba_fontmap \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_checkbox \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_combobox \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_formfiller \
@@ -103,6 +103,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textfield \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_button \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textobject \
+ UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_privatedata \
))
# fpdfapi
@@ -169,8 +170,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/cmaps/Korea1/UniKS-UTF16-H_0 \
UnpackedTarball/pdfium/core/fpdfapi/cmaps/Korea1/cmaps_korea1 \
UnpackedTarball/pdfium/core/fpdfapi/cmaps/fpdf_cmaps \
- UnpackedTarball/pdfium/core/fpdfapi/cpdf_modulemgr \
- UnpackedTarball/pdfium/core/fpdfapi/cpdf_pagerendercontext \
UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_pagecontentgenerator \
UnpackedTarball/pdfium/core/fpdfapi/font/cpdf_cidfont \
UnpackedTarball/pdfium/core/fpdfapi/font/cpdf_font \
@@ -185,7 +184,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_color \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_colorspace \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_colorstate \
- UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_contentmark \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_contentmarks \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_contentmarkitem \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_contentparser \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_docpagedata \
@@ -200,7 +199,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pagemodule \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pageobject \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pageobjectholder \
- UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pageobjectlist \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_path \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pathobject \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_pattern \
@@ -237,10 +235,8 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/parser/fpdf_parser_utility \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_object_walker \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_read_validator \
- UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_charposlist \
+ UnpackedTarball/pdfium/core/fpdfapi/render/charposlist \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_devicebuffer \
- UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_dibsource \
- UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_dibtransferfunc \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_docrenderdata \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_imagecacheentry \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_imageloader \
@@ -252,12 +248,13 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_renderstatus \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_scaledrenderbuffer \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_textrenderer \
- UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_transferfunc \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_type3cache \
- UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_type3glyphs \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_type3glyphmap \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_rendershading \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_rendertiling \
UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_creator \
- UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_encryptor \
- UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_flateencoder \
+ UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_encryptor \
+ UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_flateencoder \
UnpackedTarball/pdfium/core/fpdfapi/font/cfx_cttgsubtable \
UnpackedTarball/pdfium/core/fpdfapi/font/cfx_stockfontarray \
UnpackedTarball/pdfium/core/fpdfapi/font/cpdf_cid2unicodemap \
@@ -278,6 +275,18 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_object_avail \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_page_object_avail \
UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_cross_ref_avail \
+ UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_pagecontentmanager \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transparency \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_dib \
+ UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_object_stream \
+ UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_cross_ref_table \
+ UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_stringarchivestream \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_occontext \
+ UnpackedTarball/pdfium/core/fpdfapi/edit/cpdf_contentstream_write_utils \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_annotcontext \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_pagerendercontext \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transferfuncdib \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transferfunc \
))
# fpdfdoc
@@ -285,7 +294,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfdoc/cline \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_aaction \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_action \
- UnpackedTarball/pdfium/core/fpdfdoc/cpdf_actionfields \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_annot \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_annotlist \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_apsettings \
@@ -293,18 +301,16 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_bookmarktree \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_defaultappearance \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_dest \
- UnpackedTarball/pdfium/core/fpdfdoc/cpdf_docjsactions \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_filespec \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_formcontrol \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_formfield \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_iconfit \
- UnpackedTarball/pdfium/core/fpdfdoc/cpdf_interform \
+ UnpackedTarball/pdfium/core/fpdfdoc/cpdf_interactiveform \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_link \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_linklist \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_metadata \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_nametree \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_numbertree \
- UnpackedTarball/pdfium/core/fpdfdoc/cpdf_occontext \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_pagelabel \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_variabletext \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_viewerpreferences \
@@ -315,6 +321,9 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfdoc/ctypeset \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_structelement \
UnpackedTarball/pdfium/core/fpdfdoc/cpdf_structtree \
+ UnpackedTarball/pdfium/core/fpdfdoc/cba_fontmap \
+ UnpackedTarball/pdfium/core/fpdfdoc/cpdf_color_utils \
+ UnpackedTarball/pdfium/core/fpdfdoc/cpdf_icon \
))
# fpdftext
@@ -327,13 +336,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
# fxcodec
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_fax \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_flate \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_icc \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_jbig \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_jpeg \
- UnpackedTarball/pdfium/core/fxcodec/codec/fx_codec_jpx_opj \
+ UnpackedTarball/pdfium/core/fxcodec/fx_codec \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_ArithDecoder \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_ArithIntDecoder \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_BitStream \
@@ -343,7 +346,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_HtrdProc \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_HuffmanDecoder \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_HuffmanTable \
- UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_HuffmanTable_Standard \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Image \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_PatternDict \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_PddProc \
@@ -351,11 +353,20 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Segment \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_SymbolDict \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_TrdProc \
- UnpackedTarball/pdfium/core/fxcodec/bmp/fx_bmp \
- UnpackedTarball/pdfium/core/fxcodec/codec/ccodec_scanlinedecoder \
UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gif \
- UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gifcontext \
UnpackedTarball/pdfium/core/fxcodec/gif/cfx_lzwdecompressor \
+ UnpackedTarball/pdfium/core/fxcodec/cfx_codec_memory \
+ UnpackedTarball/pdfium/core/fxcodec/fax/faxmodule \
+ UnpackedTarball/pdfium/core/fxcodec/scanlinedecoder \
+ UnpackedTarball/pdfium/core/fxcodec/jpeg/jpegmodule \
+ UnpackedTarball/pdfium/core/fxcodec/jpx/cjpx_decoder \
+ UnpackedTarball/pdfium/core/fxcodec/jpx/jpx_decode_utils \
+ UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_DocumentContext \
+ UnpackedTarball/pdfium/core/fxcodec/basic/basicmodule \
+ UnpackedTarball/pdfium/core/fxcodec/flate/flatemodule \
+ UnpackedTarball/pdfium/core/fxcodec/icc/iccmodule \
+ UnpackedTarball/pdfium/core/fxcodec/jbig2/jbig2_decoder \
+ UnpackedTarball/pdfium/core/fxcodec/jpeg/jpeg_common \
))
# fxcrt
@@ -368,7 +379,6 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcrt/fx_memory \
UnpackedTarball/pdfium/core/fxcrt/fx_stream \
UnpackedTarball/pdfium/core/fxcrt/fx_system \
- UnpackedTarball/pdfium/core/fxcrt/fx_ucddata \
UnpackedTarball/pdfium/core/fxcrt/fx_unicode \
UnpackedTarball/pdfium/core/fxcrt/xml/cfx_xmldocument \
UnpackedTarball/pdfium/core/fxcrt/xml/cfx_xmlelement \
@@ -400,16 +410,18 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcrt/bytestring \
UnpackedTarball/pdfium/core/fxcrt/cfx_binarybuf \
UnpackedTarball/pdfium/core/fxcrt/cfx_bitstream \
- UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_posix \
- UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_windows \
UnpackedTarball/pdfium/core/fxcrt/cfx_utf8decoder \
UnpackedTarball/pdfium/core/fxcrt/cfx_widetextbuf \
UnpackedTarball/pdfium/core/fxcrt/fx_random \
UnpackedTarball/pdfium/core/fxcrt/fx_string \
UnpackedTarball/pdfium/core/fxcrt/widestring \
- UnpackedTarball/pdfium/core/fxcrt/cfx_seekablemultistream \
UnpackedTarball/pdfium/core/fxcrt/css/cfx_cssdata \
UnpackedTarball/pdfium/core/fxcrt/fx_codepage \
+ UnpackedTarball/pdfium/core/fxcrt/fx_number \
+ UnpackedTarball/pdfium/core/fxcrt/cfx_utf8encoder \
+ UnpackedTarball/pdfium/core/fxcrt/cfx_readonlymemorystream \
+ UnpackedTarball/pdfium/core/fxcrt/observed_ptr \
+ UnpackedTarball/pdfium/core/fxcrt/string_data_template \
))
# fxge
@@ -418,14 +430,13 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/dib/cfx_bitmapstorer \
UnpackedTarball/pdfium/core/fxge/dib/cfx_dibextractor \
UnpackedTarball/pdfium/core/fxge/dib/cfx_dibitmap \
- UnpackedTarball/pdfium/core/fxge/dib/cfx_dibsource \
- UnpackedTarball/pdfium/core/fxge/dib/cfx_filtereddib \
+ UnpackedTarball/pdfium/core/fxge/cfx_drawutils \
UnpackedTarball/pdfium/core/fxge/dib/cfx_imagerenderer \
UnpackedTarball/pdfium/core/fxge/dib/cfx_imagestretcher \
UnpackedTarball/pdfium/core/fxge/dib/cfx_imagetransformer \
UnpackedTarball/pdfium/core/fxge/dib/cfx_scanlinecompositor \
UnpackedTarball/pdfium/core/fxge/dib/cstretchengine \
- UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main \
+ UnpackedTarball/pdfium/core/fxge/dib/fx_dib \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitDingbats \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitFixed \
UnpackedTarball/pdfium/core/fxge/fontdata/chromefontdata/FoxitFixedBold \
@@ -447,7 +458,7 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/agg/fx_agg_driver \
UnpackedTarball/pdfium/core/fxge/cfx_cliprgn \
UnpackedTarball/pdfium/core/fxge/cfx_color \
- UnpackedTarball/pdfium/core/fxge/cfx_facecache \
+ UnpackedTarball/pdfium/core/fxge/cfx_glyphcache \
UnpackedTarball/pdfium/core/fxge/cfx_folderfontinfo \
UnpackedTarball/pdfium/core/fxge/cfx_font \
UnpackedTarball/pdfium/core/fxge/cfx_fontcache \
@@ -460,10 +471,14 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/cfx_renderdevice \
UnpackedTarball/pdfium/core/fxge/cfx_substfont \
UnpackedTarball/pdfium/core/fxge/cfx_unicodeencoding \
- UnpackedTarball/pdfium/core/fxge/cttfontdesc \
- UnpackedTarball/pdfium/core/fxge/fx_ge_fontmap \
- UnpackedTarball/pdfium/core/fxge/fx_ge_linux \
- UnpackedTarball/pdfium/core/fxge/fx_ge_text \
+ UnpackedTarball/pdfium/core/fxge/cfx_glyphbitmap \
+ UnpackedTarball/pdfium/core/fxge/scoped_font_transform \
+ UnpackedTarball/pdfium/core/fxge/text_glyph_pos \
+ UnpackedTarball/pdfium/core/fxge/fx_font \
+ UnpackedTarball/pdfium/core/fxge/dib/cfx_dibbase \
+ UnpackedTarball/pdfium/core/fxge/dib/cfx_cmyk_to_srgb \
+ UnpackedTarball/pdfium/core/fxge/text_char_pos \
+ UnpackedTarball/pdfium/core/fxge/cfx_face \
))
# javascript, build with pdf_enable_v8 disabled.
@@ -475,21 +490,21 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
# pwl
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_appstream \
+ UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_appstream \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_button \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_caret \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_combo_box \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_edit \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_edit_ctrl \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_edit_impl \
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_font_map \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_icon \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_box \
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_impl \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_cbbutton \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_cblistbox \
+ UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_list_ctrl \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_scroll_bar \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_special_button \
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_timer \
- UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_timer_handler \
+ UnpackedTarball/pdfium/core/fxcrt/cfx_timer \
UnpackedTarball/pdfium/fpdfsdk/pwl/cpwl_wnd \
))
@@ -534,12 +549,24 @@ $(eval $(call gb_Library_add_generated_cobjects,pdfium,\
UnpackedTarball/pdfium/third_party/libopenjpeg20/sparse_array \
))
+$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
+ UnpackedTarball/pdfium/third_party/libopenjpeg20/opj_malloc \
+))
+
# pdfium_base
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/address_space_randomization \
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/page_allocator \
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/spin_lock \
UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_alloc \
+ UnpackedTarball/pdfium/third_party/base/debug/alias \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/oom_callback \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_bucket \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_oom \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_page \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/partition_root_base \
+ UnpackedTarball/pdfium/third_party/base/allocator/partition_allocator/random \
+ UnpackedTarball/pdfium/third_party/base/memory/aligned_memory \
))
# skia_shared
@@ -598,6 +625,13 @@ $(eval $(call gb_Library_add_generated_cobjects,pdfium,\
UnpackedTarball/pdfium/third_party/freetype/src/src/smooth/smooth \
UnpackedTarball/pdfium/third_party/freetype/src/src/truetype/truetype \
UnpackedTarball/pdfium/third_party/freetype/src/src/type1/type1 \
+ UnpackedTarball/pdfium/third_party/freetype/src/src/base/ftdebug \
+))
+endif
+
+ifneq ($(OS),WNT)
+$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
+ UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_posix \
))
endif
@@ -606,22 +640,33 @@ ifeq ($(OS),WNT)
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/win32/cfx_psrenderer \
UnpackedTarball/pdfium/core/fxge/win32/cpsoutput \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_device \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_dib \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_gdipext \
- UnpackedTarball/pdfium/core/fxge/win32/fx_win32_print \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_device_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_display_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_plus_ext \
+ UnpackedTarball/pdfium/core/fxge/win32/cgdi_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cps_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/ctext_only_printer_driver \
+ UnpackedTarball/pdfium/core/fxge/win32/cwin32_platform \
+ UnpackedTarball/pdfium/core/fxge/cfx_windowsrenderdevice \
+ UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_windows \
+ UnpackedTarball/pdfium/third_party/base/win/win_util \
+ UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_windowsrenderdevice \
))
$(eval $(call gb_Library_use_system_win32_libs,pdfium,\
gdi32 \
))
+
+$(eval $(call gb_Library_add_defs,pdfium,\
+ -DWIN32 \
+))
endif
ifeq ($(OS),MACOSX)
# fxge
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/apple/fx_apple_platform \
- UnpackedTarball/pdfium/core/fxge/apple/fx_mac_imp \
+ UnpackedTarball/pdfium/core/fxge/apple/fx_mac_impl \
UnpackedTarball/pdfium/core/fxge/apple/fx_quartz_device \
))
@@ -638,12 +683,16 @@ $(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/android/cfpf_skiafont \
UnpackedTarball/pdfium/core/fxge/android/cfpf_skiafontmgr \
UnpackedTarball/pdfium/core/fxge/android/cfx_androidfontinfo \
- UnpackedTarball/pdfium/core/fxge/android/fx_android_imp \
- UnpackedTarball/pdfium/core/fxge/android/cfpf_skiabufferfont \
- UnpackedTarball/pdfium/core/fxge/android/cfpf_skiafilefont \
- UnpackedTarball/pdfium/core/fxge/android/cfpf_skiafontdescriptor \
+ UnpackedTarball/pdfium/core/fxge/android/fx_android_impl \
UnpackedTarball/pdfium/core/fxge/android/cfpf_skiapathfont \
))
endif
+ifeq ($(OS),LINUX)
+# fxge
+$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
+ UnpackedTarball/pdfium/core/fxge/fx_ge_linux \
+))
+endif
+
# vim: set noet sw=4 ts=4:
diff --git a/external/pdfium/UnpackedTarball_pdfium.mk b/external/pdfium/UnpackedTarball_pdfium.mk
index 2ac8404e3164..8b12e494f94b 100644
--- a/external/pdfium/UnpackedTarball_pdfium.mk
+++ b/external/pdfium/UnpackedTarball_pdfium.mk
@@ -8,11 +8,15 @@
#
pdfium_patches :=
-pdfium_patches += visibility.patch.1
pdfium_patches += ubsan.patch
-pdfium_patches += icu.patch.1
# Fixes build on our baseline.
pdfium_patches += build.patch.1
+# Avoids Windows 8 build dependency.
+pdfium_patches += windows7.patch.1
+pdfium_patches += c++20-comparison.patch
+ifeq (MSC,$(COM))
+pdfium_patches += pdfium4137-numerics.patch.3 msvc2015.patch.1
+endif
$(eval $(call gb_UnpackedTarball_UnpackedTarball,pdfium))
@@ -36,7 +40,17 @@ $(eval $(call gb_UnpackedTarball_set_post_action,pdfium,\
mv third_party/base/allocator/partition_allocator/address_space_randomization.cc third_party/base/allocator/partition_allocator/address_space_randomization.cpp && \
mv third_party/base/allocator/partition_allocator/page_allocator.cc third_party/base/allocator/partition_allocator/page_allocator.cpp && \
mv third_party/base/allocator/partition_allocator/partition_alloc.cc third_party/base/allocator/partition_allocator/partition_alloc.cpp && \
- mv third_party/base/allocator/partition_allocator/spin_lock.cc third_party/base/allocator/partition_allocator/spin_lock.cpp \
+ mv third_party/base/allocator/partition_allocator/spin_lock.cc third_party/base/allocator/partition_allocator/spin_lock.cpp && \
+ mv third_party/base/debug/alias.cc third_party/base/debug/alias.cpp && \
+ mv third_party/base/allocator/partition_allocator/oom_callback.cc third_party/base/allocator/partition_allocator/oom_callback.cpp && \
+ mv third_party/base/allocator/partition_allocator/partition_bucket.cc third_party/base/allocator/partition_allocator/partition_bucket.cpp && \
+ mv third_party/base/allocator/partition_allocator/partition_oom.cc third_party/base/allocator/partition_allocator/partition_oom.cpp && \
+ mv third_party/base/allocator/partition_allocator/partition_page.cc third_party/base/allocator/partition_allocator/partition_page.cpp && \
+ mv third_party/base/allocator/partition_allocator/partition_root_base.cc third_party/base/allocator/partition_allocator/partition_root_base.cpp && \
+ mv third_party/base/allocator/partition_allocator/random.cc third_party/base/allocator/partition_allocator/random.cpp && \
+ mv third_party/base/memory/aligned_memory.cc third_party/base/memory/aligned_memory.cpp && \
+ mv third_party/base/win/win_util.cc third_party/base/win/win_util.cpp && \
+ mv third_party/libopenjpeg20/opj_malloc.cc third_party/libopenjpeg20/opj_malloc.cpp \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/pdfium/build.patch.1 b/external/pdfium/build.patch.1
index 89d8e5e7d8d0..7cf1021938f5 100644
--- a/external/pdfium/build.patch.1
+++ b/external/pdfium/build.patch.1
@@ -1,38 +1,3 @@
-diff --git a/core/fxge/dib/cfx_imagetransformer.cpp b/core/fxge/dib/cfx_imagetransformer.cpp
-index 8e01127b0..f4ce4d915 100644
---- a/core/fxge/dib/cfx_imagetransformer.cpp
-+++ b/core/fxge/dib/cfx_imagetransformer.cpp
-@@ -315,14 +315,14 @@ bool CFX_ImageTransformer::Continue(IFX_PauseIndicator* pPause) {
- } else if (pDestMask) {
- CalcData cdata = {
- pDestMask.Get(), result2stretch, pSrcMaskBuf,
-- m_Storer.GetBitmap()->m_pAlphaMask->GetPitch(),
-+ static_cast<uint32_t>(m_Storer.GetBitmap()->m_pAlphaMask->GetPitch()),
- };
- CalcMask(cdata);
- }
-
- CalcData cdata = {pTransformed.Get(), result2stretch,
- m_Storer.GetBitmap()->GetBuffer(),
-- m_Storer.GetBitmap()->GetPitch()};
-+ static_cast<uint32_t>(m_Storer.GetBitmap()->GetPitch())};
- if (m_Storer.GetBitmap()->IsAlphaMask()) {
- CalcAlpha(cdata);
- } else {
-diff --git a/core/fxcrt/string_view_template.h b/core/fxcrt/string_view_template.h
-index 05694cf24..101253814 100644
---- a/core/fxcrt/string_view_template.h
-+++ b/core/fxcrt/string_view_template.h
-@@ -231,9 +231,6 @@ inline bool operator<(const T* lhs, const StringViewTemplate<T>& rhs) {
- return rhs > lhs;
- }
-
--extern template class StringViewTemplate<char>;
--extern template class StringViewTemplate<wchar_t>;
--
- using ByteStringView = StringViewTemplate<char>;
- using WideStringView = StringViewTemplate<wchar_t>;
-
diff --git a/core/fpdfdoc/cpdf_metadata.cpp b/core/fpdfdoc/cpdf_metadata.cpp
index 323de4ffc..f11a0b0ad 100644
--- a/core/fpdfdoc/cpdf_metadata.cpp
@@ -46,38 +11,6 @@ index 323de4ffc..f11a0b0ad 100644
std::vector<UnsupportedFeature> unsupported;
CheckForSharedFormInternal(doc->GetRoot(), &unsupported);
-diff --git a/fpdfsdk/cpdf_annotcontext.cpp b/fpdfsdk/cpdf_annotcontext.cpp
-index 20c5fc343..a40cd1eae 100644
---- a/fpdfsdk/cpdf_annotcontext.cpp
-+++ b/fpdfsdk/cpdf_annotcontext.cpp
-@@ -16,12 +16,12 @@ CPDF_AnnotContext::CPDF_AnnotContext(CPDF_Dictionary* pAnnotDict,
- CPDF_Page* pPage,
- CPDF_Stream* pStream)
- : m_pAnnotDict(pAnnotDict), m_pPage(pPage) {
-- SetForm(pStream);
-+ SetForm_(pStream);
- }
-
- CPDF_AnnotContext::~CPDF_AnnotContext() = default;
-
--void CPDF_AnnotContext::SetForm(CPDF_Stream* pStream) {
-+void CPDF_AnnotContext::SetForm_(CPDF_Stream* pStream) {
- if (!pStream)
- return;
-
-diff --git a/fpdfsdk/cpdf_annotcontext.h b/fpdfsdk/cpdf_annotcontext.h
-index 38cc91e03..7904ae044 100644
---- a/fpdfsdk/cpdf_annotcontext.h
-+++ b/fpdfsdk/cpdf_annotcontext.h
-@@ -23,7 +23,7 @@ class CPDF_AnnotContext {
- CPDF_Stream* pStream);
- ~CPDF_AnnotContext();
-
-- void SetForm(CPDF_Stream* pStream);
-+ void SetForm_(CPDF_Stream* pStream);
- bool HasForm() const { return !!m_pAnnotForm; }
- CPDF_Form* GetForm() const { return m_pAnnotForm.get(); }
- CPDF_Dictionary* GetAnnotDict() const { return m_pAnnotDict.Get(); }
diff --git a/third_party/base/span.h b/third_party/base/span.h
index 0fb627ba8..f71c362e2 100644
--- a/third_party/base/span.h
@@ -91,34 +24,27 @@ index 0fb627ba8..f71c362e2 100644
span& operator=(const span& other) noexcept = default;
~span() noexcept {
if (!size_) {
-diff --git a/fpdfsdk/fpdf_annot.cpp b/fpdfsdk/fpdf_annot.cpp
-index d3bf38d31..e8aea9707 100644
---- a/fpdfsdk/fpdf_annot.cpp
-+++ b/fpdfsdk/fpdf_annot.cpp
-@@ -389,7 +389,7 @@ FPDFAnnot_AppendObject(FPDF_ANNOTATION annot, FPDF_PAGEOBJECT obj) {
-
- // Get the annotation's corresponding form object for parsing its AP stream.
- if (!pAnnot->HasForm())
-- pAnnot->SetForm(pStream);
-+ pAnnot->SetForm_(pStream);
-
- // Check that the object did not come from the same annotation. If this check
- // succeeds, then it is assumed that the object came from
-@@ -425,7 +425,7 @@ FPDF_EXPORT int FPDF_CALLCONV FPDFAnnot_GetObjectCount(FPDF_ANNOTATION annot) {
- if (!pStream)
- return 0;
-
-- pAnnot->SetForm(pStream);
-+ pAnnot->SetForm_(pStream);
- }
- return pdfium::CollectionSize<int>(*pAnnot->GetForm()->GetPageObjectList());
+diff --git a/third_party/base/span.h b/third_party/base/span.h
+index 0fb627ba8..dda1fc8bc 100644
+--- a/third_party/base/span.h
++++ b/third_party/base/span.h
+@@ -204,7 +204,7 @@ class span {
+ // size()|.
+ template <typename Container,
+ typename = internal::EnableIfSpanCompatibleContainer<Container, T>>
+- constexpr span(Container& container)
++ span(Container& container)
+ : span(container.data(), container.size()) {}
+ template <
+ typename Container,
+--- a/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -70,7 +70,7 @@ Optional<OpjImageRgbData> alloc_rgb(size_t size) {
+ if (!data.b)
+ return {};
+
+- return data;
++ return std::move(data);
}
-@@ -442,7 +442,7 @@ FPDFAnnot_GetObject(FPDF_ANNOTATION annot, int index) {
- if (!pStream)
- return nullptr;
-
-- pAnnot->SetForm(pStream);
-+ pAnnot->SetForm_(pStream);
- }
- return FPDFPageObjectFromCPDFPageObject(
+ void sycc_to_rgb(int offset,
diff --git a/external/pdfium/c++20-comparison.patch b/external/pdfium/c++20-comparison.patch
new file mode 100644
index 000000000000..025f9ba010db
--- /dev/null
+++ b/external/pdfium/c++20-comparison.patch
@@ -0,0 +1,13 @@
+--- core/fxcrt/fx_memory_wrappers.h
++++ core/fxcrt/fx_memory_wrappers.h
+@@ -70,8 +70,8 @@
+ }
+
+ // There's no state, so they are all the same,
+- bool operator==(const FxAllocAllocator& that) { return true; }
+- bool operator!=(const FxAllocAllocator& that) { return false; }
++ bool operator==(const FxAllocAllocator& that) const { return true; }
++ bool operator!=(const FxAllocAllocator& that) const { return false; }
+ };
+
+ #endif // CORE_FXCRT_FX_MEMORY_WRAPPERS_H_
diff --git a/external/pdfium/configs/build_config.h b/external/pdfium/configs/build_config.h
index edd70af53034..ec93c278767c 100644
--- a/external/pdfium/configs/build_config.h
+++ b/external/pdfium/configs/build_config.h
@@ -6,7 +6,7 @@
// This file adds defines about the platform we're currently building on.
// Operating System:
-// OS_WIN / OS_MACOSX / OS_LINUX / OS_POSIX (MACOSX or LINUX)
+// OS_WIN / OS_APPLE / OS_LINUX / OS_POSIX (MACOSX or LINUX)
// Compiler:
// COMPILER_MSVC / COMPILER_GCC
// Processor:
@@ -21,7 +21,7 @@
#define OS_ANDROID 1
#define OS_LINUX 1
#elif defined(__APPLE__)
-#define OS_MACOSX 1
+#define OS_APPLE 1
#elif defined(__linux__)
#define OS_LINUX 1
#elif defined(__DragonFly__)
@@ -48,7 +48,7 @@
// For access to standard POSIX features, use OS_POSIX instead of a more
// specific macro.
-#if defined(OS_MACOSX) || defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
+#if defined(OS_APPLE) || defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
#define OS_POSIX 1
#endif
diff --git a/external/pdfium/icu.patch.1 b/external/pdfium/icu.patch.1
deleted file mode 100644
index 85e837d9b99f..000000000000
--- a/external/pdfium/icu.patch.1
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/core/fxcrt/fx_extension.h b/core/fxcrt/fx_extension.h
-index ff96de0f7..0195bd06f 100644
---- a/core/fxcrt/fx_extension.h
-+++ b/core/fxcrt/fx_extension.h
-@@ -13,7 +13,7 @@
-
- #include "core/fxcrt/fx_string.h"
- #include "third_party/base/span.h"
--#include "third_party/icu/source/common/unicode/uchar.h"
-+#include <unicode/uchar.h>
-
- #define FX_INVALID_OFFSET static_cast<uint32_t>(-1)
-
diff --git a/external/pdfium/msvc2015.patch.1 b/external/pdfium/msvc2015.patch.1
new file mode 100644
index 000000000000..36cb5332c7b0
--- /dev/null
+++ b/external/pdfium/msvc2015.patch.1
@@ -0,0 +1,202 @@
+Fix MSVC 2015 build
+
+--- pdfium/third_party/base/optional.h.orig 2020-10-26 19:26:04.000000000 +0100
++++ pdfium/third_party/base/optional.h 2020-12-03 16:00:54.879883100 +0100
+@@ -36,7 +36,7 @@
+ struct OptionalStorageBase {
+ // Provide non-defaulted default ctor to make sure it's not deleted by
+ // non-trivial T::T() in the union.
+- constexpr OptionalStorageBase() : dummy_() {}
++ OptionalStorageBase() : dummy_() {}
+
+ template <class... Args>
+ constexpr explicit OptionalStorageBase(in_place_t, Args&&... args)
+@@ -88,7 +88,7 @@
+ struct OptionalStorageBase<T, true /* trivially destructible */> {
+ // Provide non-defaulted default ctor to make sure it's not deleted by
+ // non-trivial T::T() in the union.
+- constexpr OptionalStorageBase() : dummy_() {}
++ OptionalStorageBase() : dummy_() {}
+
+ template <class... Args>
+ constexpr explicit OptionalStorageBase(in_place_t, Args&&... args)
+@@ -607,32 +607,32 @@
+ return *this;
+ }
+
+- constexpr const T* operator->() const {
++ const T* operator->() const {
+ CHECK(storage_.is_populated_);
+ return &storage_.value_;
+ }
+
+- constexpr T* operator->() {
++ T* operator->() {
+ CHECK(storage_.is_populated_);
+ return &storage_.value_;
+ }
+
+- constexpr const T& operator*() const & {
++ const T& operator*() const & {
+ CHECK(storage_.is_populated_);
+ return storage_.value_;
+ }
+
+- constexpr T& operator*() & {
++ T& operator*() & {
+ CHECK(storage_.is_populated_);
+ return storage_.value_;
+ }
+
+- constexpr const T&& operator*() const && {
++ const T&& operator*() const && {
+ CHECK(storage_.is_populated_);
+ return std::move(storage_.value_);
+ }
+
+- constexpr T&& operator*() && {
++ T&& operator*() && {
+ CHECK(storage_.is_populated_);
+ return std::move(storage_.value_);
+ }
+@@ -641,22 +641,22 @@
+
+ constexpr bool has_value() const { return storage_.is_populated_; }
+
+- constexpr T& value() & {
++ T& value() & {
+ CHECK(storage_.is_populated_);
+ return storage_.value_;
+ }
+
+- constexpr const T& value() const & {
++ const T& value() const & {
+ CHECK(storage_.is_populated_);
+ return storage_.value_;
+ }
+
+- constexpr T&& value() && {
++ T&& value() && {
+ CHECK(storage_.is_populated_);
+ return std::move(storage_.value_);
+ }
+
+- constexpr const T&& value() const && {
++ const T&& value() const && {
+ CHECK(storage_.is_populated_);
+ return std::move(storage_.value_);
+ }
+--- pdfium/third_party/base/span.h.orig 2020-10-26 19:26:04.000000000 +0100
++++ pdfium/third_party/base/span.h 2020-12-03 16:28:15.642138100 +0100
+@@ -193,7 +193,7 @@
+
+ // TODO(dcheng): Implement construction from a |begin| and |end| pointer.
+ template <size_t N>
+- constexpr span(T (&array)[N]) noexcept : span(array, N) {}
++ span(T (&array)[N]) noexcept : span(array, N) {}
+ // TODO(dcheng): Implement construction from std::array.
+ // Conversion from a container that provides |T* data()| and |integral_type
+ // size()|.
+--- pdfium/core/fpdfapi/page/cpdf_colorspace.cpp.orig 2020-12-03 16:54:15.514659400 +0100
++++ pdfium/core/fpdfapi/page/cpdf_colorspace.cpp 2020-12-03 16:38:52.167650200 +0100
+@@ -905,7 +905,7 @@
+ float R;
+ float G;
+ float B;
+- GetRGB(lab, &R, &G, &B);
++ GetRGB(pdfium::span<float>(lab), &R, &G, &B);
+ pDestBuf[0] = static_cast<int32_t>(B * 255);
+ pDestBuf[1] = static_cast<int32_t>(G * 255);
+ pDestBuf[2] = static_cast<int32_t>(R * 255);
+--- pdfium/core/fpdfapi/page/cpdf_meshstream.cpp.orig 2020-12-03 16:54:09.233498800 +0100
++++ pdfium/core/fpdfapi/page/cpdf_meshstream.cpp 2020-12-03 16:41:29.173766500 +0100
+@@ -209,7 +209,7 @@
+ func->Call(color_value, 1, result, &nResults);
+ }
+
+- m_pCS->GetRGB(result, &r, &g, &b);
++ m_pCS->GetRGB(pdfium::span<float>(result), &r, &g, &b);
+ return std::tuple<float, float, float>(r, g, b);
+ }
+
+--- pdfium/core/fpdfapi/parser/cpdf_security_handler.cpp.orig 2020-12-03 16:53:56.077095400 +0100
++++ pdfium/core/fpdfapi/parser/cpdf_security_handler.cpp 2020-12-03 16:44:23.951334200 +0100
+@@ -481,7 +481,7 @@
+ uint8_t passcode[32];
+ GetPassCode(owner_password, passcode);
+ uint8_t digest[16];
+- CRYPT_MD5Generate(passcode, digest);
++ CRYPT_MD5Generate(pdfium::span<uint8_t>(passcode), digest);
+ if (m_Revision >= 3) {
+ for (uint32_t i = 0; i < 50; i++)
+ CRYPT_MD5Generate(digest, digest);
+@@ -570,10 +570,10 @@
+ uint8_t passcode[32];
+ GetPassCode(owner_password_copy, passcode);
+ uint8_t digest[16];
+- CRYPT_MD5Generate(passcode, digest);
++ CRYPT_MD5Generate(pdfium::span<uint8_t>(passcode), digest);
+ if (m_Revision >= 3) {
+ for (uint32_t i = 0; i < 50; i++)
+- CRYPT_MD5Generate(digest, digest);
++ CRYPT_MD5Generate(pdfium::span<uint8_t>(digest), digest);
+ }
+ uint8_t enckey[32];
+ memcpy(enckey, digest, key_len);
+--- pdfium/core/fpdfapi/page/cpdf_dib.cpp.orig 2020-12-03 16:53:44.548444600 +0100
++++ pdfium/core/fpdfapi/page/cpdf_dib.cpp 2020-12-03 16:49:11.937584700 +0100
+@@ -874,7 +874,7 @@
+ color_values[0] += m_CompData[0].m_DecodeStep;
+ color_values[1] += m_CompData[0].m_DecodeStep;
+ color_values[2] += m_CompData[0].m_DecodeStep;
+- m_pColorSpace->GetRGB(color_values, &R, &G, &B);
++ m_pColorSpace->GetRGB(pdfium::span<float>(color_values), &R, &G, &B);
+ FX_ARGB argb1 = ArgbEncode(255, FXSYS_roundf(R * 255),
+ FXSYS_roundf(G * 255), FXSYS_roundf(B * 255));
+ if (argb0 != 0xFF000000 || argb1 != 0xFFFFFFFF) {
+--- pdfium/third_party/base/allocator/partition_allocator/partition_alloc.cc.orig 2020-12-03 17:09:02.887283800 +0100
++++ pdfium/third_party/base/allocator/partition_allocator/partition_alloc.cc 2020-12-03 17:07:22.198993800 +0100
+@@ -67,12 +67,12 @@
+ // Chained hooks are not supported. Registering a non-null hook when a
+ // non-null hook is already registered indicates somebody is trying to
+ // overwrite a hook.
+- CHECK((!allocation_observer_hook_ && !free_observer_hook_) ||
++ CHECK((!allocation_observer_hook_.load() && !free_observer_hook_.load()) ||
+ (!alloc_hook && !free_hook));
+ allocation_observer_hook_ = alloc_hook;
+ free_observer_hook_ = free_hook;
+
+- hooks_enabled_ = allocation_observer_hook_ || allocation_override_hook_;
++ hooks_enabled_ = allocation_observer_hook_.load() || allocation_override_hook_.load();
+ }
+
+ void PartitionAllocHooks::SetOverrideHooks(AllocationOverrideHook* alloc_hook,
+@@ -80,14 +80,14 @@
+ ReallocOverrideHook realloc_hook) {
+ subtle::SpinLock::Guard guard(set_hooks_lock_);
+
+- CHECK((!allocation_override_hook_ && !free_override_hook_ &&
+- !realloc_override_hook_) ||
++ CHECK((!allocation_override_hook_.load() && !free_override_hook_.load() &&
++ !realloc_override_hook_.load()) ||
+ (!alloc_hook && !free_hook && !realloc_hook));
+ allocation_override_hook_ = alloc_hook;
+ free_override_hook_ = free_hook;
+ realloc_override_hook_ = realloc_hook;
+
+- hooks_enabled_ = allocation_observer_hook_ || allocation_override_hook_;
++ hooks_enabled_ = allocation_observer_hook_.load() || allocation_override_hook_.load();
+ }
+
+ void PartitionAllocHooks::AllocationObserverHookIfEnabled(
+--- pdfium/third_party/base/allocator/partition_allocator/partition_page.h.orig 2020-12-03 17:13:56.944624000 +0100
++++ pdfium/third_party/base/allocator/partition_allocator/partition_page.h 2020-12-03 17:13:34.385932300 +0100
+@@ -25,6 +25,8 @@
+ struct DeferredUnmap {
+ void* ptr = nullptr;
+ size_t size = 0;
++ DeferredUnmap(void* const p, size_t const s) : ptr(p), size(s) {}
++ DeferredUnmap() = default;
+ // In most cases there is no page to unmap and ptr == nullptr. This function
+ // is inlined to avoid the overhead of a function call in the common case.
+ ALWAYS_INLINE void Run();
diff --git a/external/pdfium/pdfium4137-numerics.patch.3 b/external/pdfium/pdfium4137-numerics.patch.3
new file mode 100644
index 000000000000..7d27ccd7f3cb
--- /dev/null
+++ b/external/pdfium/pdfium4137-numerics.patch.3
@@ -0,0 +1,3364 @@
+Restore numerics headers from release 4137
+
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/checked_math.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/checked_math.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/checked_math.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/checked_math.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,395 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_H_
+-#define THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_H_
+-
+-#include <stddef.h>
+-
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/checked_math_impl.h"
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-template <typename T>
+-class CheckedNumeric {
+- static_assert(std::is_arithmetic<T>::value,
+- "CheckedNumeric<T>: T must be a numeric type.");
+-
+- public:
+- using type = T;
+-
+- constexpr CheckedNumeric() = default;
+-
+- // Copy constructor.
+- template <typename Src>
+- constexpr CheckedNumeric(const CheckedNumeric<Src>& rhs)
+- : state_(rhs.state_.value(), rhs.IsValid()) {}
+-
+- template <typename Src>
+- friend class CheckedNumeric;
+-
+- // This is not an explicit constructor because we implicitly upgrade regular
+- // numerics to CheckedNumerics to make them easier to use.
+- template <typename Src>
+- constexpr CheckedNumeric(Src value) // NOLINT(runtime/explicit)
+- : state_(value) {
+- static_assert(std::is_arithmetic<Src>::value, "Argument must be numeric.");
+- }
+-
+- // This is not an explicit constructor because we want a seamless conversion
+- // from StrictNumeric types.
+- template <typename Src>
+- constexpr CheckedNumeric(
+- StrictNumeric<Src> value) // NOLINT(runtime/explicit)
+- : state_(static_cast<Src>(value)) {}
+-
+- // IsValid() - The public API to test if a CheckedNumeric is currently valid.
+- // A range checked destination type can be supplied using the Dst template
+- // parameter.
+- template <typename Dst = T>
+- constexpr bool IsValid() const {
+- return state_.is_valid() &&
+- IsValueInRangeForNumericType<Dst>(state_.value());
+- }
+-
+- // AssignIfValid(Dst) - Assigns the underlying value if it is currently valid
+- // and is within the range supported by the destination type. Returns true if
+- // successful and false otherwise.
+- template <typename Dst>
+-#if defined(__clang__) || defined(__GNUC__)
+- __attribute__((warn_unused_result))
+-#elif defined(_MSC_VER)
+- _Check_return_
+-#endif
+- constexpr bool
+- AssignIfValid(Dst* result) const {
+- return BASE_NUMERICS_LIKELY(IsValid<Dst>())
+- ? ((*result = static_cast<Dst>(state_.value())), true)
+- : false;
+- }
+-
+- // ValueOrDie() - The primary accessor for the underlying value. If the
+- // current state is not valid it will CHECK and crash.
+- // A range checked destination type can be supplied using the Dst template
+- // parameter, which will trigger a CHECK if the value is not in bounds for
+- // the destination.
+- // The CHECK behavior can be overridden by supplying a handler as a
+- // template parameter, for test code, etc. However, the handler cannot access
+- // the underlying value, and it is not available through other means.
+- template <typename Dst = T, class CheckHandler = CheckOnFailure>
+- constexpr StrictNumeric<Dst> ValueOrDie() const {
+- return BASE_NUMERICS_LIKELY(IsValid<Dst>())
+- ? static_cast<Dst>(state_.value())
+- : CheckHandler::template HandleFailure<Dst>();
+- }
+-
+- // ValueOrDefault(T default_value) - A convenience method that returns the
+- // current value if the state is valid, and the supplied default_value for
+- // any other state.
+- // A range checked destination type can be supplied using the Dst template
+- // parameter. WARNING: This function may fail to compile or CHECK at runtime
+- // if the supplied default_value is not within range of the destination type.
+- template <typename Dst = T, typename Src>
+- constexpr StrictNumeric<Dst> ValueOrDefault(const Src default_value) const {
+- return BASE_NUMERICS_LIKELY(IsValid<Dst>())
+- ? static_cast<Dst>(state_.value())
+- : checked_cast<Dst>(default_value);
+- }
+-
+- // Returns a checked numeric of the specified type, cast from the current
+- // CheckedNumeric. If the current state is invalid or the destination cannot
+- // represent the result then the returned CheckedNumeric will be invalid.
+- template <typename Dst>
+- constexpr CheckedNumeric<typename UnderlyingType<Dst>::type> Cast() const {
+- return *this;
+- }
+-
+- // This friend method is available solely for providing more detailed logging
+- // in the the tests. Do not implement it in production code, because the
+- // underlying values may change at any time.
+- template <typename U>
+- friend U GetNumericValueForTest(const CheckedNumeric<U>& src);
+-
+- // Prototypes for the supported arithmetic operator overloads.
+- template <typename Src>
+- constexpr CheckedNumeric& operator+=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator-=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator*=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator/=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator%=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator<<=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator>>=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator&=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator|=(const Src rhs);
+- template <typename Src>
+- constexpr CheckedNumeric& operator^=(const Src rhs);
+-
+- constexpr CheckedNumeric operator-() const {
+- // The negation of two's complement int min is int min, so we simply
+- // check for that in the constexpr case.
+- // We use an optimized code path for a known run-time variable.
+- return MustTreatAsConstexpr(state_.value()) || !std::is_signed<T>::value ||
+- std::is_floating_point<T>::value
+- ? CheckedNumeric<T>(
+- NegateWrapper(state_.value()),
+- IsValid() && (!std::is_signed<T>::value ||
+- std::is_floating_point<T>::value ||
+- NegateWrapper(state_.value()) !=
+- std::numeric_limits<T>::lowest()))
+- : FastRuntimeNegate();
+- }
+-
+- constexpr CheckedNumeric operator~() const {
+- return CheckedNumeric<decltype(InvertWrapper(T()))>(
+- InvertWrapper(state_.value()), IsValid());
+- }
+-
+- constexpr CheckedNumeric Abs() const {
+- return !IsValueNegative(state_.value()) ? *this : -*this;
+- }
+-
+- template <typename U>
+- constexpr CheckedNumeric<typename MathWrapper<CheckedMaxOp, T, U>::type> Max(
+- const U rhs) const {
+- using R = typename UnderlyingType<U>::type;
+- using result_type = typename MathWrapper<CheckedMaxOp, T, U>::type;
+- // TODO(jschuh): This can be converted to the MathOp version and remain
+- // constexpr once we have C++14 support.
+- return CheckedNumeric<result_type>(
+- static_cast<result_type>(
+- IsGreater<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
+- ? state_.value()
+- : Wrapper<U>::value(rhs)),
+- state_.is_valid() && Wrapper<U>::is_valid(rhs));
+- }
+-
+- template <typename U>
+- constexpr CheckedNumeric<typename MathWrapper<CheckedMinOp, T, U>::type> Min(
+- const U rhs) const {
+- using R = typename UnderlyingType<U>::type;
+- using result_type = typename MathWrapper<CheckedMinOp, T, U>::type;
+- // TODO(jschuh): This can be converted to the MathOp version and remain
+- // constexpr once we have C++14 support.
+- return CheckedNumeric<result_type>(
+- static_cast<result_type>(
+- IsLess<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
+- ? state_.value()
+- : Wrapper<U>::value(rhs)),
+- state_.is_valid() && Wrapper<U>::is_valid(rhs));
+- }
+-
+- // This function is available only for integral types. It returns an unsigned
+- // integer of the same width as the source type, containing the absolute value
+- // of the source, and properly handling signed min.
+- constexpr CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>
+- UnsignedAbs() const {
+- return CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>(
+- SafeUnsignedAbs(state_.value()), state_.is_valid());
+- }
+-
+- constexpr CheckedNumeric& operator++() {
+- *this += 1;
+- return *this;
+- }
+-
+- constexpr CheckedNumeric operator++(int) {
+- CheckedNumeric value = *this;
+- *this += 1;
+- return value;
+- }
+-
+- constexpr CheckedNumeric& operator--() {
+- *this -= 1;
+- return *this;
+- }
+-
+- constexpr CheckedNumeric operator--(int) {
+- CheckedNumeric value = *this;
+- *this -= 1;
+- return value;
+- }
+-
+- // These perform the actual math operations on the CheckedNumerics.
+- // Binary arithmetic operations.
+- template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+- static constexpr CheckedNumeric MathOp(const L lhs, const R rhs) {
+- using Math = typename MathWrapper<M, L, R>::math;
+- T result = 0;
+- bool is_valid =
+- Wrapper<L>::is_valid(lhs) && Wrapper<R>::is_valid(rhs) &&
+- Math::Do(Wrapper<L>::value(lhs), Wrapper<R>::value(rhs), &result);
+- return CheckedNumeric<T>(result, is_valid);
+- }
+-
+- // Assignment arithmetic operations.
+- template <template <typename, typename, typename> class M, typename R>
+- constexpr CheckedNumeric& MathOp(const R rhs) {
+- using Math = typename MathWrapper<M, T, R>::math;
+- T result = 0; // Using T as the destination saves a range check.
+- bool is_valid = state_.is_valid() && Wrapper<R>::is_valid(rhs) &&
+- Math::Do(state_.value(), Wrapper<R>::value(rhs), &result);
+- *this = CheckedNumeric<T>(result, is_valid);
+- return *this;
+- }
+-
+- private:
+- CheckedNumericState<T> state_;
+-
+- CheckedNumeric FastRuntimeNegate() const {
+- T result;
+- bool success = CheckedSubOp<T, T>::Do(T(0), state_.value(), &result);
+- return CheckedNumeric<T>(result, IsValid() && success);
+- }
+-
+- template <typename Src>
+- constexpr CheckedNumeric(Src value, bool is_valid)
+- : state_(value, is_valid) {}
+-
+- // These wrappers allow us to handle state the same way for both
+- // CheckedNumeric and POD arithmetic types.
+- template <typename Src>
+- struct Wrapper {
+- static constexpr bool is_valid(Src) { return true; }
+- static constexpr Src value(Src value) { return value; }
+- };
+-
+- template <typename Src>
+- struct Wrapper<CheckedNumeric<Src>> {
+- static constexpr bool is_valid(const CheckedNumeric<Src> v) {
+- return v.IsValid();
+- }
+- static constexpr Src value(const CheckedNumeric<Src> v) {
+- return v.state_.value();
+- }
+- };
+-
+- template <typename Src>
+- struct Wrapper<StrictNumeric<Src>> {
+- static constexpr bool is_valid(const StrictNumeric<Src>) { return true; }
+- static constexpr Src value(const StrictNumeric<Src> v) {
+- return static_cast<Src>(v);
+- }
+- };
+-};
+-
+-// Convenience functions to avoid the ugly template disambiguator syntax.
+-template <typename Dst, typename Src>
+-constexpr bool IsValidForType(const CheckedNumeric<Src> value) {
+- return value.template IsValid<Dst>();
+-}
+-
+-template <typename Dst, typename Src>
+-constexpr StrictNumeric<Dst> ValueOrDieForType(
+- const CheckedNumeric<Src> value) {
+- return value.template ValueOrDie<Dst>();
+-}
+-
+-template <typename Dst, typename Src, typename Default>
+-constexpr StrictNumeric<Dst> ValueOrDefaultForType(
+- const CheckedNumeric<Src> value,
+- const Default default_value) {
+- return value.template ValueOrDefault<Dst>(default_value);
+-}
+-
+-// Convience wrapper to return a new CheckedNumeric from the provided arithmetic
+-// or CheckedNumericType.
+-template <typename T>
+-constexpr CheckedNumeric<typename UnderlyingType<T>::type> MakeCheckedNum(
+- const T value) {
+- return value;
+-}
+-
+-// These implement the variadic wrapper for the math operations.
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+-constexpr CheckedNumeric<typename MathWrapper<M, L, R>::type> CheckMathOp(
+- const L lhs,
+- const R rhs) {
+- using Math = typename MathWrapper<M, L, R>::math;
+- return CheckedNumeric<typename Math::result_type>::template MathOp<M>(lhs,
+- rhs);
+-}
+-
+-// General purpose wrapper template for arithmetic operations.
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R,
+- typename... Args>
+-constexpr CheckedNumeric<typename ResultType<M, L, R, Args...>::type>
+-CheckMathOp(const L lhs, const R rhs, const Args... args) {
+- return CheckMathOp<M>(CheckMathOp<M>(lhs, rhs), args...);
+-}
+-
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Add, +, +=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Sub, -, -=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Mul, *, *=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Div, /, /=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Mod, %, %=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Lsh, <<, <<=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Rsh, >>, >>=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, And, &, &=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Or, |, |=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Checked, Check, Xor, ^, ^=)
+-BASE_NUMERIC_ARITHMETIC_VARIADIC(Checked, Check, Max)
+-BASE_NUMERIC_ARITHMETIC_VARIADIC(Checked, Check, Min)
+-
+-// These are some extra StrictNumeric operators to support simple pointer
+-// arithmetic with our result types. Since wrapping on a pointer is always
+-// bad, we trigger the CHECK condition here.
+-template <typename L, typename R>
+-L* operator+(L* lhs, const StrictNumeric<R> rhs) {
+- uintptr_t result = CheckAdd(reinterpret_cast<uintptr_t>(lhs),
+- CheckMul(sizeof(L), static_cast<R>(rhs)))
+- .template ValueOrDie<uintptr_t>();
+- return reinterpret_cast<L*>(result);
+-}
+-
+-template <typename L, typename R>
+-L* operator-(L* lhs, const StrictNumeric<R> rhs) {
+- uintptr_t result = CheckSub(reinterpret_cast<uintptr_t>(lhs),
+- CheckMul(sizeof(L), static_cast<R>(rhs)))
+- .template ValueOrDie<uintptr_t>();
+- return reinterpret_cast<L*>(result);
+-}
+-
+-} // namespace internal
+-
+-using internal::CheckedNumeric;
+-using internal::IsValidForType;
+-using internal::ValueOrDieForType;
+-using internal::ValueOrDefaultForType;
+-using internal::MakeCheckedNum;
+-using internal::CheckMax;
+-using internal::CheckMin;
+-using internal::CheckAdd;
+-using internal::CheckSub;
+-using internal::CheckMul;
+-using internal::CheckDiv;
+-using internal::CheckMod;
+-using internal::CheckLsh;
+-using internal::CheckRsh;
+-using internal::CheckAnd;
+-using internal::CheckOr;
+-using internal::CheckXor;
+-
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/checked_math_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/checked_math_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/checked_math_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/checked_math_impl.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,579 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_IMPL_H_
+-#define THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_IMPL_H_
+-
+-#include <stddef.h>
+-#include <stdint.h>
+-
+-#include <climits>
+-#include <cmath>
+-#include <cstdlib>
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/safe_conversions.h"
+-#include "third_party/base/numerics/safe_math_shared_impl.h"
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-template <typename T>
+-constexpr bool CheckedAddImpl(T x, T y, T* result) {
+- static_assert(std::is_integral<T>::value, "Type must be integral");
+- // Since the value of x+y is undefined if we have a signed type, we compute
+- // it using the unsigned type of the same size.
+- using UnsignedDst = typename std::make_unsigned<T>::type;
+- using SignedDst = typename std::make_signed<T>::type;
+- UnsignedDst ux = static_cast<UnsignedDst>(x);
+- UnsignedDst uy = static_cast<UnsignedDst>(y);
+- UnsignedDst uresult = static_cast<UnsignedDst>(ux + uy);
+- *result = static_cast<T>(uresult);
+- // Addition is valid if the sign of (x + y) is equal to either that of x or
+- // that of y.
+- return (std::is_signed<T>::value)
+- ? static_cast<SignedDst>((uresult ^ ux) & (uresult ^ uy)) >= 0
+- : uresult >= uy; // Unsigned is either valid or underflow.
+-}
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedAddOp {};
+-
+-template <typename T, typename U>
+-struct CheckedAddOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- // TODO(jschuh) Make this "constexpr if" once we're C++17.
+- if (CheckedAddFastOp<T, U>::is_supported)
+- return CheckedAddFastOp<T, U>::Do(x, y, result);
+-
+- // Double the underlying type up to a full machine word.
+- using FastPromotion = typename FastIntegerArithmeticPromotion<T, U>::type;
+- using Promotion =
+- typename std::conditional<(IntegerBitsPlusSign<FastPromotion>::value >
+- IntegerBitsPlusSign<intptr_t>::value),
+- typename BigEnoughPromotion<T, U>::type,
+- FastPromotion>::type;
+- // Fail if either operand is out of range for the promoted type.
+- // TODO(jschuh): This could be made to work for a broader range of values.
+- if (BASE_NUMERICS_UNLIKELY(!IsValueInRangeForNumericType<Promotion>(x) ||
+- !IsValueInRangeForNumericType<Promotion>(y))) {
+- return false;
+- }
+-
+- Promotion presult = {};
+- bool is_valid = true;
+- if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+- presult = static_cast<Promotion>(x) + static_cast<Promotion>(y);
+- } else {
+- is_valid = CheckedAddImpl(static_cast<Promotion>(x),
+- static_cast<Promotion>(y), &presult);
+- }
+- *result = static_cast<V>(presult);
+- return is_valid && IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-template <typename T>
+-constexpr bool CheckedSubImpl(T x, T y, T* result) {
+- static_assert(std::is_integral<T>::value, "Type must be integral");
+- // Since the value of x+y is undefined if we have a signed type, we compute
+- // it using the unsigned type of the same size.
+- using UnsignedDst = typename std::make_unsigned<T>::type;
+- using SignedDst = typename std::make_signed<T>::type;
+- UnsignedDst ux = static_cast<UnsignedDst>(x);
+- UnsignedDst uy = static_cast<UnsignedDst>(y);
+- UnsignedDst uresult = static_cast<UnsignedDst>(ux - uy);
+- *result = static_cast<T>(uresult);
+- // Subtraction is valid if either x and y have same sign, or (x-y) and x have
+- // the same sign.
+- return (std::is_signed<T>::value)
+- ? static_cast<SignedDst>((uresult ^ ux) & (ux ^ uy)) >= 0
+- : x >= y;
+-}
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedSubOp {};
+-
+-template <typename T, typename U>
+-struct CheckedSubOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- // TODO(jschuh) Make this "constexpr if" once we're C++17.
+- if (CheckedSubFastOp<T, U>::is_supported)
+- return CheckedSubFastOp<T, U>::Do(x, y, result);
+-
+- // Double the underlying type up to a full machine word.
+- using FastPromotion = typename FastIntegerArithmeticPromotion<T, U>::type;
+- using Promotion =
+- typename std::conditional<(IntegerBitsPlusSign<FastPromotion>::value >
+- IntegerBitsPlusSign<intptr_t>::value),
+- typename BigEnoughPromotion<T, U>::type,
+- FastPromotion>::type;
+- // Fail if either operand is out of range for the promoted type.
+- // TODO(jschuh): This could be made to work for a broader range of values.
+- if (BASE_NUMERICS_UNLIKELY(!IsValueInRangeForNumericType<Promotion>(x) ||
+- !IsValueInRangeForNumericType<Promotion>(y))) {
+- return false;
+- }
+-
+- Promotion presult = {};
+- bool is_valid = true;
+- if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+- presult = static_cast<Promotion>(x) - static_cast<Promotion>(y);
+- } else {
+- is_valid = CheckedSubImpl(static_cast<Promotion>(x),
+- static_cast<Promotion>(y), &presult);
+- }
+- *result = static_cast<V>(presult);
+- return is_valid && IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-template <typename T>
+-constexpr bool CheckedMulImpl(T x, T y, T* result) {
+- static_assert(std::is_integral<T>::value, "Type must be integral");
+- // Since the value of x*y is potentially undefined if we have a signed type,
+- // we compute it using the unsigned type of the same size.
+- using UnsignedDst = typename std::make_unsigned<T>::type;
+- using SignedDst = typename std::make_signed<T>::type;
+- const UnsignedDst ux = SafeUnsignedAbs(x);
+- const UnsignedDst uy = SafeUnsignedAbs(y);
+- UnsignedDst uresult = static_cast<UnsignedDst>(ux * uy);
+- const bool is_negative =
+- std::is_signed<T>::value && static_cast<SignedDst>(x ^ y) < 0;
+- *result = is_negative ? 0 - uresult : uresult;
+- // We have a fast out for unsigned identity or zero on the second operand.
+- // After that it's an unsigned overflow check on the absolute value, with
+- // a +1 bound for a negative result.
+- return uy <= UnsignedDst(!std::is_signed<T>::value || is_negative) ||
+- ux <= (std::numeric_limits<T>::max() + UnsignedDst(is_negative)) / uy;
+-}
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedMulOp {};
+-
+-template <typename T, typename U>
+-struct CheckedMulOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- // TODO(jschuh) Make this "constexpr if" once we're C++17.
+- if (CheckedMulFastOp<T, U>::is_supported)
+- return CheckedMulFastOp<T, U>::Do(x, y, result);
+-
+- using Promotion = typename FastIntegerArithmeticPromotion<T, U>::type;
+- // Verify the destination type can hold the result (always true for 0).
+- if (BASE_NUMERICS_UNLIKELY((!IsValueInRangeForNumericType<Promotion>(x) ||
+- !IsValueInRangeForNumericType<Promotion>(y)) &&
+- x && y)) {
+- return false;
+- }
+-
+- Promotion presult = {};
+- bool is_valid = true;
+- if (CheckedMulFastOp<Promotion, Promotion>::is_supported) {
+- // The fast op may be available with the promoted type.
+- is_valid = CheckedMulFastOp<Promotion, Promotion>::Do(x, y, &presult);
+- } else if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+- presult = static_cast<Promotion>(x) * static_cast<Promotion>(y);
+- } else {
+- is_valid = CheckedMulImpl(static_cast<Promotion>(x),
+- static_cast<Promotion>(y), &presult);
+- }
+- *result = static_cast<V>(presult);
+- return is_valid && IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-// Division just requires a check for a zero denominator or an invalid negation
+-// on signed min/-1.
+-template <typename T, typename U, class Enable = void>
+-struct CheckedDivOp {};
+-
+-template <typename T, typename U>
+-struct CheckedDivOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- if (BASE_NUMERICS_UNLIKELY(!y))
+- return false;
+-
+- // The overflow check can be compiled away if we don't have the exact
+- // combination of types needed to trigger this case.
+- using Promotion = typename BigEnoughPromotion<T, U>::type;
+- if (BASE_NUMERICS_UNLIKELY(
+- (std::is_signed<T>::value && std::is_signed<U>::value &&
+- IsTypeInRangeForNumericType<T, Promotion>::value &&
+- static_cast<Promotion>(x) ==
+- std::numeric_limits<Promotion>::lowest() &&
+- y == static_cast<U>(-1)))) {
+- return false;
+- }
+-
+- // This branch always compiles away if the above branch wasn't removed.
+- if (BASE_NUMERICS_UNLIKELY((!IsValueInRangeForNumericType<Promotion>(x) ||
+- !IsValueInRangeForNumericType<Promotion>(y)) &&
+- x)) {
+- return false;
+- }
+-
+- Promotion presult = Promotion(x) / Promotion(y);
+- *result = static_cast<V>(presult);
+- return IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedModOp {};
+-
+-template <typename T, typename U>
+-struct CheckedModOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- if (BASE_NUMERICS_UNLIKELY(!y))
+- return false;
+-
+- using Promotion = typename BigEnoughPromotion<T, U>::type;
+- if (BASE_NUMERICS_UNLIKELY(
+- (std::is_signed<T>::value && std::is_signed<U>::value &&
+- IsTypeInRangeForNumericType<T, Promotion>::value &&
+- static_cast<Promotion>(x) ==
+- std::numeric_limits<Promotion>::lowest() &&
+- y == static_cast<U>(-1)))) {
+- *result = 0;
+- return true;
+- }
+-
+- Promotion presult = static_cast<Promotion>(x) % static_cast<Promotion>(y);
+- *result = static_cast<Promotion>(presult);
+- return IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedLshOp {};
+-
+-// Left shift. Shifts less than 0 or greater than or equal to the number
+-// of bits in the promoted type are undefined. Shifts of negative values
+-// are undefined. Otherwise it is defined when the result fits.
+-template <typename T, typename U>
+-struct CheckedLshOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = T;
+- template <typename V>
+- static constexpr bool Do(T x, U shift, V* result) {
+- // Disallow negative numbers and verify the shift is in bounds.
+- if (BASE_NUMERICS_LIKELY(!IsValueNegative(x) &&
+- as_unsigned(shift) <
+- as_unsigned(std::numeric_limits<T>::digits))) {
+- // Shift as unsigned to avoid undefined behavior.
+- *result = static_cast<V>(as_unsigned(x) << shift);
+- // If the shift can be reversed, we know it was valid.
+- return *result >> shift == x;
+- }
+-
+- // Handle the legal corner-case of a full-width signed shift of zero.
+- return std::is_signed<T>::value && !x &&
+- as_unsigned(shift) == as_unsigned(std::numeric_limits<T>::digits);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedRshOp {};
+-
+-// Right shift. Shifts less than 0 or greater than or equal to the number
+-// of bits in the promoted type are undefined. Otherwise, it is always defined,
+-// but a right shift of a negative value is implementation-dependent.
+-template <typename T, typename U>
+-struct CheckedRshOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = T;
+- template <typename V>
+- static bool Do(T x, U shift, V* result) {
+- // Use the type conversion push negative values out of range.
+- if (BASE_NUMERICS_LIKELY(as_unsigned(shift) <
+- IntegerBitsPlusSign<T>::value)) {
+- T tmp = x >> shift;
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+- return false;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedAndOp {};
+-
+-// For simplicity we support only unsigned integer results.
+-template <typename T, typename U>
+-struct CheckedAndOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- result_type tmp = static_cast<result_type>(x) & static_cast<result_type>(y);
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedOrOp {};
+-
+-// For simplicity we support only unsigned integers.
+-template <typename T, typename U>
+-struct CheckedOrOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- result_type tmp = static_cast<result_type>(x) | static_cast<result_type>(y);
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct CheckedXorOp {};
+-
+-// For simplicity we support only unsigned integers.
+-template <typename T, typename U>
+-struct CheckedXorOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- result_type tmp = static_cast<result_type>(x) ^ static_cast<result_type>(y);
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+-};
+-
+-// Max doesn't really need to be implemented this way because it can't fail,
+-// but it makes the code much cleaner to use the MathOp wrappers.
+-template <typename T, typename U, class Enable = void>
+-struct CheckedMaxOp {};
+-
+-template <typename T, typename U>
+-struct CheckedMaxOp<
+- T,
+- U,
+- typename std::enable_if<std::is_arithmetic<T>::value &&
+- std::is_arithmetic<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- result_type tmp = IsGreater<T, U>::Test(x, y) ? static_cast<result_type>(x)
+- : static_cast<result_type>(y);
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+-};
+-
+-// Min doesn't really need to be implemented this way because it can't fail,
+-// but it makes the code much cleaner to use the MathOp wrappers.
+-template <typename T, typename U, class Enable = void>
+-struct CheckedMinOp {};
+-
+-template <typename T, typename U>
+-struct CheckedMinOp<
+- T,
+- U,
+- typename std::enable_if<std::is_arithmetic<T>::value &&
+- std::is_arithmetic<U>::value>::type> {
+- using result_type = typename LowestValuePromotion<T, U>::type;
+- template <typename V>
+- static constexpr bool Do(T x, U y, V* result) {
+- result_type tmp = IsLess<T, U>::Test(x, y) ? static_cast<result_type>(x)
+- : static_cast<result_type>(y);
+- *result = static_cast<V>(tmp);
+- return IsValueInRangeForNumericType<V>(tmp);
+- }
+-};
+-
+-// This is just boilerplate that wraps the standard floating point arithmetic.
+-// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
+-#define BASE_FLOAT_ARITHMETIC_OPS(NAME, OP) \
+- template <typename T, typename U> \
+- struct Checked##NAME##Op< \
+- T, U, \
+- typename std::enable_if<std::is_floating_point<T>::value || \
+- std::is_floating_point<U>::value>::type> { \
+- using result_type = typename MaxExponentPromotion<T, U>::type; \
+- template <typename V> \
+- static constexpr bool Do(T x, U y, V* result) { \
+- using Promotion = typename MaxExponentPromotion<T, U>::type; \
+- Promotion presult = x OP y; \
+- *result = static_cast<V>(presult); \
+- return IsValueInRangeForNumericType<V>(presult); \
+- } \
+- };
+-
+-BASE_FLOAT_ARITHMETIC_OPS(Add, +)
+-BASE_FLOAT_ARITHMETIC_OPS(Sub, -)
+-BASE_FLOAT_ARITHMETIC_OPS(Mul, *)
+-BASE_FLOAT_ARITHMETIC_OPS(Div, /)
+-
+-#undef BASE_FLOAT_ARITHMETIC_OPS
+-
+-// Floats carry around their validity state with them, but integers do not. So,
+-// we wrap the underlying value in a specialization in order to hide that detail
+-// and expose an interface via accessors.
+-enum NumericRepresentation {
+- NUMERIC_INTEGER,
+- NUMERIC_FLOATING,
+- NUMERIC_UNKNOWN
+-};
+-
+-template <typename NumericType>
+-struct GetNumericRepresentation {
+- static const NumericRepresentation value =
+- std::is_integral<NumericType>::value
+- ? NUMERIC_INTEGER
+- : (std::is_floating_point<NumericType>::value ? NUMERIC_FLOATING
+- : NUMERIC_UNKNOWN);
+-};
+-
+-template <typename T,
+- NumericRepresentation type = GetNumericRepresentation<T>::value>
+-class CheckedNumericState {};
+-
+-// Integrals require quite a bit of additional housekeeping to manage state.
+-template <typename T>
+-class CheckedNumericState<T, NUMERIC_INTEGER> {
+- private:
+- // is_valid_ precedes value_ because member intializers in the constructors
+- // are evaluated in field order, and is_valid_ must be read when initializing
+- // value_.
+- bool is_valid_;
+- T value_;
+-
+- // Ensures that a type conversion does not trigger undefined behavior.
+- template <typename Src>
+- static constexpr T WellDefinedConversionOrZero(const Src value,
+- const bool is_valid) {
+- using SrcType = typename internal::UnderlyingType<Src>::type;
+- return (std::is_integral<SrcType>::value || is_valid)
+- ? static_cast<T>(value)
+- : static_cast<T>(0);
+- }
+-
+- public:
+- template <typename Src, NumericRepresentation type>
+- friend class CheckedNumericState;
+-
+- constexpr CheckedNumericState() : is_valid_(true), value_(0) {}
+-
+- template <typename Src>
+- constexpr CheckedNumericState(Src value, bool is_valid)
+- : is_valid_(is_valid && IsValueInRangeForNumericType<T>(value)),
+- value_(WellDefinedConversionOrZero(value, is_valid_)) {
+- static_assert(std::is_arithmetic<Src>::value, "Argument must be numeric.");
+- }
+-
+- // Copy constructor.
+- template <typename Src>
+- constexpr CheckedNumericState(const CheckedNumericState<Src>& rhs)
+- : is_valid_(rhs.IsValid()),
+- value_(WellDefinedConversionOrZero(rhs.value(), is_valid_)) {}
+-
+- template <typename Src>
+- constexpr explicit CheckedNumericState(Src value)
+- : is_valid_(IsValueInRangeForNumericType<T>(value)),
+- value_(WellDefinedConversionOrZero(value, is_valid_)) {}
+-
+- constexpr bool is_valid() const { return is_valid_; }
+- constexpr T value() const { return value_; }
+-};
+-
+-// Floating points maintain their own validity, but need translation wrappers.
+-template <typename T>
+-class CheckedNumericState<T, NUMERIC_FLOATING> {
+- private:
+- T value_;
+-
+- // Ensures that a type conversion does not trigger undefined behavior.
+- template <typename Src>
+- static constexpr T WellDefinedConversionOrNaN(const Src value,
+- const bool is_valid) {
+- using SrcType = typename internal::UnderlyingType<Src>::type;
+- return (StaticDstRangeRelationToSrcRange<T, SrcType>::value ==
+- NUMERIC_RANGE_CONTAINED ||
+- is_valid)
+- ? static_cast<T>(value)
+- : std::numeric_limits<T>::quiet_NaN();
+- }
+-
+- public:
+- template <typename Src, NumericRepresentation type>
+- friend class CheckedNumericState;
+-
+- constexpr CheckedNumericState() : value_(0.0) {}
+-
+- template <typename Src>
+- constexpr CheckedNumericState(Src value, bool is_valid)
+- : value_(WellDefinedConversionOrNaN(value, is_valid)) {}
+-
+- template <typename Src>
+- constexpr explicit CheckedNumericState(Src value)
+- : value_(WellDefinedConversionOrNaN(
+- value,
+- IsValueInRangeForNumericType<T>(value))) {}
+-
+- // Copy constructor.
+- template <typename Src>
+- constexpr CheckedNumericState(const CheckedNumericState<Src>& rhs)
+- : value_(WellDefinedConversionOrNaN(
+- rhs.value(),
+- rhs.is_valid() && IsValueInRangeForNumericType<T>(rhs.value()))) {}
+-
+- constexpr bool is_valid() const {
+- // Written this way because std::isfinite is not reliably constexpr.
+- return MustTreatAsConstexpr(value_)
+- ? value_ <= std::numeric_limits<T>::max() &&
+- value_ >= std::numeric_limits<T>::lowest()
+- : std::isfinite(value_);
+- }
+- constexpr T value() const { return value_; }
+-};
+-
+-} // namespace internal
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_CHECKED_MATH_IMPL_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/clamped_math.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/clamped_math.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/clamped_math.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/clamped_math.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,266 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_H_
+-#define THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_H_
+-
+-#include <stddef.h>
+-
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/clamped_math_impl.h"
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-template <typename T>
+-class ClampedNumeric {
+- static_assert(std::is_arithmetic<T>::value,
+- "ClampedNumeric<T>: T must be a numeric type.");
+-
+- public:
+- using type = T;
+-
+- constexpr ClampedNumeric() : value_(0) {}
+-
+- // Copy constructor.
+- template <typename Src>
+- constexpr ClampedNumeric(const ClampedNumeric<Src>& rhs)
+- : value_(saturated_cast<T>(rhs.value_)) {}
+-
+- template <typename Src>
+- friend class ClampedNumeric;
+-
+- // This is not an explicit constructor because we implicitly upgrade regular
+- // numerics to ClampedNumerics to make them easier to use.
+- template <typename Src>
+- constexpr ClampedNumeric(Src value) // NOLINT(runtime/explicit)
+- : value_(saturated_cast<T>(value)) {
+- static_assert(std::is_arithmetic<Src>::value, "Argument must be numeric.");
+- }
+-
+- // This is not an explicit constructor because we want a seamless conversion
+- // from StrictNumeric types.
+- template <typename Src>
+- constexpr ClampedNumeric(
+- StrictNumeric<Src> value) // NOLINT(runtime/explicit)
+- : value_(saturated_cast<T>(static_cast<Src>(value))) {}
+-
+- // Returns a ClampedNumeric of the specified type, cast from the current
+- // ClampedNumeric, and saturated to the destination type.
+- template <typename Dst>
+- constexpr ClampedNumeric<typename UnderlyingType<Dst>::type> Cast() const {
+- return *this;
+- }
+-
+- // Prototypes for the supported arithmetic operator overloads.
+- template <typename Src>
+- constexpr ClampedNumeric& operator+=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator-=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator*=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator/=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator%=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator<<=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator>>=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator&=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator|=(const Src rhs);
+- template <typename Src>
+- constexpr ClampedNumeric& operator^=(const Src rhs);
+-
+- constexpr ClampedNumeric operator-() const {
+- // The negation of two's complement int min is int min, so that's the
+- // only overflow case where we will saturate.
+- return ClampedNumeric<T>(SaturatedNegWrapper(value_));
+- }
+-
+- constexpr ClampedNumeric operator~() const {
+- return ClampedNumeric<decltype(InvertWrapper(T()))>(InvertWrapper(value_));
+- }
+-
+- constexpr ClampedNumeric Abs() const {
+- // The negation of two's complement int min is int min, so that's the
+- // only overflow case where we will saturate.
+- return ClampedNumeric<T>(SaturatedAbsWrapper(value_));
+- }
+-
+- template <typename U>
+- constexpr ClampedNumeric<typename MathWrapper<ClampedMaxOp, T, U>::type> Max(
+- const U rhs) const {
+- using result_type = typename MathWrapper<ClampedMaxOp, T, U>::type;
+- return ClampedNumeric<result_type>(
+- ClampedMaxOp<T, U>::Do(value_, Wrapper<U>::value(rhs)));
+- }
+-
+- template <typename U>
+- constexpr ClampedNumeric<typename MathWrapper<ClampedMinOp, T, U>::type> Min(
+- const U rhs) const {
+- using result_type = typename MathWrapper<ClampedMinOp, T, U>::type;
+- return ClampedNumeric<result_type>(
+- ClampedMinOp<T, U>::Do(value_, Wrapper<U>::value(rhs)));
+- }
+-
+- // This function is available only for integral types. It returns an unsigned
+- // integer of the same width as the source type, containing the absolute value
+- // of the source, and properly handling signed min.
+- constexpr ClampedNumeric<typename UnsignedOrFloatForSize<T>::type>
+- UnsignedAbs() const {
+- return ClampedNumeric<typename UnsignedOrFloatForSize<T>::type>(
+- SafeUnsignedAbs(value_));
+- }
+-
+- constexpr ClampedNumeric& operator++() {
+- *this += 1;
+- return *this;
+- }
+-
+- constexpr ClampedNumeric operator++(int) {
+- ClampedNumeric value = *this;
+- *this += 1;
+- return value;
+- }
+-
+- constexpr ClampedNumeric& operator--() {
+- *this -= 1;
+- return *this;
+- }
+-
+- constexpr ClampedNumeric operator--(int) {
+- ClampedNumeric value = *this;
+- *this -= 1;
+- return value;
+- }
+-
+- // These perform the actual math operations on the ClampedNumerics.
+- // Binary arithmetic operations.
+- template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+- static constexpr ClampedNumeric MathOp(const L lhs, const R rhs) {
+- using Math = typename MathWrapper<M, L, R>::math;
+- return ClampedNumeric<T>(
+- Math::template Do<T>(Wrapper<L>::value(lhs), Wrapper<R>::value(rhs)));
+- }
+-
+- // Assignment arithmetic operations.
+- template <template <typename, typename, typename> class M, typename R>
+- constexpr ClampedNumeric& MathOp(const R rhs) {
+- using Math = typename MathWrapper<M, T, R>::math;
+- *this =
+- ClampedNumeric<T>(Math::template Do<T>(value_, Wrapper<R>::value(rhs)));
+- return *this;
+- }
+-
+- template <typename Dst>
+- constexpr operator Dst() const {
+- return saturated_cast<typename ArithmeticOrUnderlyingEnum<Dst>::type>(
+- value_);
+- }
+-
+- // This method extracts the raw integer value without saturating it to the
+- // destination type as the conversion operator does. This is useful when
+- // e.g. assigning to an auto type or passing as a deduced template parameter.
+- constexpr T RawValue() const { return value_; }
+-
+- private:
+- T value_;
+-
+- // These wrappers allow us to handle state the same way for both
+- // ClampedNumeric and POD arithmetic types.
+- template <typename Src>
+- struct Wrapper {
+- static constexpr Src value(Src value) {
+- return static_cast<typename UnderlyingType<Src>::type>(value);
+- }
+- };
+-};
+-
+-// Convience wrapper to return a new ClampedNumeric from the provided arithmetic
+-// or ClampedNumericType.
+-template <typename T>
+-constexpr ClampedNumeric<typename UnderlyingType<T>::type> MakeClampedNum(
+- const T value) {
+- return value;
+-}
+-
+-#if !BASE_NUMERICS_DISABLE_OSTREAM_OPERATORS
+-// Overload the ostream output operator to make logging work nicely.
+-template <typename T>
+-std::ostream& operator<<(std::ostream& os, const ClampedNumeric<T>& value) {
+- os << static_cast<T>(value);
+- return os;
+-}
+-#endif
+-
+-// These implement the variadic wrapper for the math operations.
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+-constexpr ClampedNumeric<typename MathWrapper<M, L, R>::type> ClampMathOp(
+- const L lhs,
+- const R rhs) {
+- using Math = typename MathWrapper<M, L, R>::math;
+- return ClampedNumeric<typename Math::result_type>::template MathOp<M>(lhs,
+- rhs);
+-}
+-
+-// General purpose wrapper template for arithmetic operations.
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R,
+- typename... Args>
+-constexpr ClampedNumeric<typename ResultType<M, L, R, Args...>::type>
+-ClampMathOp(const L lhs, const R rhs, const Args... args) {
+- return ClampMathOp<M>(ClampMathOp<M>(lhs, rhs), args...);
+-}
+-
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Add, +, +=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Sub, -, -=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Mul, *, *=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Div, /, /=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Mod, %, %=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Lsh, <<, <<=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Rsh, >>, >>=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, And, &, &=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Or, |, |=)
+-BASE_NUMERIC_ARITHMETIC_OPERATORS(Clamped, Clamp, Xor, ^, ^=)
+-BASE_NUMERIC_ARITHMETIC_VARIADIC(Clamped, Clamp, Max)
+-BASE_NUMERIC_ARITHMETIC_VARIADIC(Clamped, Clamp, Min)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsLess, <)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsLessOrEqual, <=)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsGreater, >)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsGreaterOrEqual, >=)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsEqual, ==)
+-BASE_NUMERIC_COMPARISON_OPERATORS(Clamped, IsNotEqual, !=)
+-
+-} // namespace internal
+-
+-using internal::ClampedNumeric;
+-using internal::MakeClampedNum;
+-using internal::ClampMax;
+-using internal::ClampMin;
+-using internal::ClampAdd;
+-using internal::ClampSub;
+-using internal::ClampMul;
+-using internal::ClampDiv;
+-using internal::ClampMod;
+-using internal::ClampLsh;
+-using internal::ClampRsh;
+-using internal::ClampAnd;
+-using internal::ClampOr;
+-using internal::ClampXor;
+-
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/clamped_math_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/clamped_math_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/clamped_math_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/clamped_math_impl.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,343 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_IMPL_H_
+-#define THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_IMPL_H_
+-
+-#include <stddef.h>
+-#include <stdint.h>
+-
+-#include <climits>
+-#include <cmath>
+-#include <cstdlib>
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/checked_math.h"
+-#include "third_party/base/numerics/safe_conversions.h"
+-#include "third_party/base/numerics/safe_math_shared_impl.h"
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_signed<T>::value>::type* = nullptr>
+-constexpr T SaturatedNegWrapper(T value) {
+- return MustTreatAsConstexpr(value) || !ClampedNegFastOp<T>::is_supported
+- ? (NegateWrapper(value) != std::numeric_limits<T>::lowest()
+- ? NegateWrapper(value)
+- : std::numeric_limits<T>::max())
+- : ClampedNegFastOp<T>::Do(value);
+-}
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value &&
+- !std::is_signed<T>::value>::type* = nullptr>
+-constexpr T SaturatedNegWrapper(T value) {
+- return T(0);
+-}
+-
+-template <
+- typename T,
+- typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
+-constexpr T SaturatedNegWrapper(T value) {
+- return -value;
+-}
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
+-constexpr T SaturatedAbsWrapper(T value) {
+- // The calculation below is a static identity for unsigned types, but for
+- // signed integer types it provides a non-branching, saturated absolute value.
+- // This works because SafeUnsignedAbs() returns an unsigned type, which can
+- // represent the absolute value of all negative numbers of an equal-width
+- // integer type. The call to IsValueNegative() then detects overflow in the
+- // special case of numeric_limits<T>::min(), by evaluating the bit pattern as
+- // a signed integer value. If it is the overflow case, we end up subtracting
+- // one from the unsigned result, thus saturating to numeric_limits<T>::max().
+- return static_cast<T>(SafeUnsignedAbs(value) -
+- IsValueNegative<T>(SafeUnsignedAbs(value)));
+-}
+-
+-template <
+- typename T,
+- typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
+-constexpr T SaturatedAbsWrapper(T value) {
+- return value < 0 ? -value : value;
+-}
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedAddOp {};
+-
+-template <typename T, typename U>
+-struct ClampedAddOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- if (ClampedAddFastOp<T, U>::is_supported)
+- return ClampedAddFastOp<T, U>::template Do<V>(x, y);
+-
+- static_assert(std::is_same<V, result_type>::value ||
+- IsTypeInRangeForNumericType<U, V>::value,
+- "The saturation result cannot be determined from the "
+- "provided types.");
+- const V saturated = CommonMaxOrMin<V>(IsValueNegative(y));
+- V result = {};
+- return BASE_NUMERICS_LIKELY((CheckedAddOp<T, U>::Do(x, y, &result)))
+- ? result
+- : saturated;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedSubOp {};
+-
+-template <typename T, typename U>
+-struct ClampedSubOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- // TODO(jschuh) Make this "constexpr if" once we're C++17.
+- if (ClampedSubFastOp<T, U>::is_supported)
+- return ClampedSubFastOp<T, U>::template Do<V>(x, y);
+-
+- static_assert(std::is_same<V, result_type>::value ||
+- IsTypeInRangeForNumericType<U, V>::value,
+- "The saturation result cannot be determined from the "
+- "provided types.");
+- const V saturated = CommonMaxOrMin<V>(!IsValueNegative(y));
+- V result = {};
+- return BASE_NUMERICS_LIKELY((CheckedSubOp<T, U>::Do(x, y, &result)))
+- ? result
+- : saturated;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedMulOp {};
+-
+-template <typename T, typename U>
+-struct ClampedMulOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- // TODO(jschuh) Make this "constexpr if" once we're C++17.
+- if (ClampedMulFastOp<T, U>::is_supported)
+- return ClampedMulFastOp<T, U>::template Do<V>(x, y);
+-
+- V result = {};
+- const V saturated =
+- CommonMaxOrMin<V>(IsValueNegative(x) ^ IsValueNegative(y));
+- return BASE_NUMERICS_LIKELY((CheckedMulOp<T, U>::Do(x, y, &result)))
+- ? result
+- : saturated;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedDivOp {};
+-
+-template <typename T, typename U>
+-struct ClampedDivOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- V result = {};
+- if (BASE_NUMERICS_LIKELY((CheckedDivOp<T, U>::Do(x, y, &result))))
+- return result;
+- // Saturation goes to max, min, or NaN (if x is zero).
+- return x ? CommonMaxOrMin<V>(IsValueNegative(x) ^ IsValueNegative(y))
+- : SaturationDefaultLimits<V>::NaN();
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedModOp {};
+-
+-template <typename T, typename U>
+-struct ClampedModOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- V result = {};
+- return BASE_NUMERICS_LIKELY((CheckedModOp<T, U>::Do(x, y, &result)))
+- ? result
+- : x;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedLshOp {};
+-
+-// Left shift. Non-zero values saturate in the direction of the sign. A zero
+-// shifted by any value always results in zero.
+-template <typename T, typename U>
+-struct ClampedLshOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = T;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U shift) {
+- static_assert(!std::is_signed<U>::value, "Shift value must be unsigned.");
+- if (BASE_NUMERICS_LIKELY(shift < std::numeric_limits<T>::digits)) {
+- // Shift as unsigned to avoid undefined behavior.
+- V result = static_cast<V>(as_unsigned(x) << shift);
+- // If the shift can be reversed, we know it was valid.
+- if (BASE_NUMERICS_LIKELY(result >> shift == x))
+- return result;
+- }
+- return x ? CommonMaxOrMin<V>(IsValueNegative(x)) : 0;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedRshOp {};
+-
+-// Right shift. Negative values saturate to -1. Positive or 0 saturates to 0.
+-template <typename T, typename U>
+-struct ClampedRshOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = T;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U shift) {
+- static_assert(!std::is_signed<U>::value, "Shift value must be unsigned.");
+- // Signed right shift is odd, because it saturates to -1 or 0.
+- const V saturated = as_unsigned(V(0)) - IsValueNegative(x);
+- return BASE_NUMERICS_LIKELY(shift < IntegerBitsPlusSign<T>::value)
+- ? saturated_cast<V>(x >> shift)
+- : saturated;
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedAndOp {};
+-
+-template <typename T, typename U>
+-struct ClampedAndOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr V Do(T x, U y) {
+- return static_cast<result_type>(x) & static_cast<result_type>(y);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedOrOp {};
+-
+-// For simplicity we promote to unsigned integers.
+-template <typename T, typename U>
+-struct ClampedOrOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr V Do(T x, U y) {
+- return static_cast<result_type>(x) | static_cast<result_type>(y);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedXorOp {};
+-
+-// For simplicity we support only unsigned integers.
+-template <typename T, typename U>
+-struct ClampedXorOp<T,
+- U,
+- typename std::enable_if<std::is_integral<T>::value &&
+- std::is_integral<U>::value>::type> {
+- using result_type = typename std::make_unsigned<
+- typename MaxExponentPromotion<T, U>::type>::type;
+- template <typename V>
+- static constexpr V Do(T x, U y) {
+- return static_cast<result_type>(x) ^ static_cast<result_type>(y);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedMaxOp {};
+-
+-template <typename T, typename U>
+-struct ClampedMaxOp<
+- T,
+- U,
+- typename std::enable_if<std::is_arithmetic<T>::value &&
+- std::is_arithmetic<U>::value>::type> {
+- using result_type = typename MaxExponentPromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- return IsGreater<T, U>::Test(x, y) ? saturated_cast<V>(x)
+- : saturated_cast<V>(y);
+- }
+-};
+-
+-template <typename T, typename U, class Enable = void>
+-struct ClampedMinOp {};
+-
+-template <typename T, typename U>
+-struct ClampedMinOp<
+- T,
+- U,
+- typename std::enable_if<std::is_arithmetic<T>::value &&
+- std::is_arithmetic<U>::value>::type> {
+- using result_type = typename LowestValuePromotion<T, U>::type;
+- template <typename V = result_type>
+- static constexpr V Do(T x, U y) {
+- return IsLess<T, U>::Test(x, y) ? saturated_cast<V>(x)
+- : saturated_cast<V>(y);
+- }
+-};
+-
+-// This is just boilerplate that wraps the standard floating point arithmetic.
+-// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
+-#define BASE_FLOAT_ARITHMETIC_OPS(NAME, OP) \
+- template <typename T, typename U> \
+- struct Clamped##NAME##Op< \
+- T, U, \
+- typename std::enable_if<std::is_floating_point<T>::value || \
+- std::is_floating_point<U>::value>::type> { \
+- using result_type = typename MaxExponentPromotion<T, U>::type; \
+- template <typename V = result_type> \
+- static constexpr V Do(T x, U y) { \
+- return saturated_cast<V>(x OP y); \
+- } \
+- };
+-
+-BASE_FLOAT_ARITHMETIC_OPS(Add, +)
+-BASE_FLOAT_ARITHMETIC_OPS(Sub, -)
+-BASE_FLOAT_ARITHMETIC_OPS(Mul, *)
+-BASE_FLOAT_ARITHMETIC_OPS(Div, /)
+-
+-#undef BASE_FLOAT_ARITHMETIC_OPS
+-
+-} // namespace internal
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_CLAMPED_MATH_IMPL_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_conversions.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_conversions.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_conversions.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_conversions.h 2020-05-02 03:06:13.000000000 +0200
+@@ -8,21 +8,18 @@
+ #include <stddef.h>
+
+ #include <limits>
++#include <ostream>
+ #include <type_traits>
+
+ #include "third_party/base/numerics/safe_conversions_impl.h"
+
+-#if !defined(__native_client__) && (defined(__ARMEL__) || defined(__arch64__))
++#if defined(__ARMEL__) || defined(__arch64__)
+ #include "third_party/base/numerics/safe_conversions_arm_impl.h"
+ #define BASE_HAS_OPTIMIZED_SAFE_CONVERSIONS (1)
+ #else
+ #define BASE_HAS_OPTIMIZED_SAFE_CONVERSIONS (0)
+ #endif
+
+-#if !BASE_NUMERICS_DISABLE_OSTREAM_OPERATORS
+-#include <ostream>
+-#endif
+-
+ namespace pdfium {
+ namespace base {
+ namespace internal {
+@@ -312,14 +309,12 @@
+ return value;
+ }
+
+-#if !BASE_NUMERICS_DISABLE_OSTREAM_OPERATORS
+ // Overload the ostream output operator to make logging work nicely.
+ template <typename T>
+ std::ostream& operator<<(std::ostream& os, const StrictNumeric<T>& value) {
+ os << static_cast<T>(value);
+ return os;
+ }
+-#endif
+
+ #define BASE_NUMERIC_COMPARISON_OPERATORS(CLASS, NAME, OP) \
+ template <typename L, typename R, \
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_conversions_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_conversions_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_conversions_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_conversions_impl.h 2020-05-02 03:06:13.000000000 +0200
+@@ -81,9 +81,8 @@
+ constexpr typename std::make_unsigned<T>::type SafeUnsignedAbs(T value) {
+ static_assert(std::is_integral<T>::value, "Type must be integral");
+ using UnsignedT = typename std::make_unsigned<T>::type;
+- return IsValueNegative(value)
+- ? static_cast<UnsignedT>(0u - static_cast<UnsignedT>(value))
+- : static_cast<UnsignedT>(value);
++ return IsValueNegative(value) ? 0 - static_cast<UnsignedT>(value)
++ : static_cast<UnsignedT>(value);
+ }
+
+ // This allows us to switch paths on known compile-time constants.
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math.h 2020-05-02 03:06:13.000000000 +0200
+@@ -1,12 +1,510 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
++// Copyright 2014 The Chromium Authors. All rights reserved.
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+
+ #ifndef THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_H_
+ #define THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_H_
+
+-#include "third_party/base/numerics/checked_math.h"
+-#include "third_party/base/numerics/clamped_math.h"
+-#include "third_party/base/numerics/safe_conversions.h"
++#include <stddef.h>
++
++#include <limits>
++#include <type_traits>
++
++#include "third_party/base/numerics/safe_math_impl.h"
++
++namespace pdfium {
++namespace base {
++namespace internal {
++
++// CheckedNumeric<> implements all the logic and operators for detecting integer
++// boundary conditions such as overflow, underflow, and invalid conversions.
++// The CheckedNumeric type implicitly converts from floating point and integer
++// data types, and contains overloads for basic arithmetic operations (i.e.: +,
++// -, *, / for all types and %, <<, >>, &, |, ^ for integers). Type promotions
++// are a slightly modified version of the standard C arithmetic rules with the
++// two differences being that there is no default promotion to int and bitwise
++// logical operations always return an unsigned of the wider type.
++//
++// You may also use one of the variadic convenience functions, which accept
++// standard arithmetic or CheckedNumeric types, perform arithmetic operations,
++// and return a CheckedNumeric result. The supported functions are:
++// CheckAdd() - Addition.
++// CheckSub() - Subtraction.
++// CheckMul() - Multiplication.
++// CheckDiv() - Division.
++// CheckMod() - Modulous (integer only).
++// CheckLsh() - Left integer shift (integer only).
++// CheckRsh() - Right integer shift (integer only).
++// CheckAnd() - Bitwise AND (integer only with unsigned result).
++// CheckOr() - Bitwise OR (integer only with unsigned result).
++// CheckXor() - Bitwise XOR (integer only with unsigned result).
++// CheckMax() - Maximum of supplied arguments.
++// CheckMin() - Minimum of supplied arguments.
++//
++// The unary negation, increment, and decrement operators are supported, along
++// with the following unary arithmetic methods, which return a new
++// CheckedNumeric as a result of the operation:
++// Abs() - Absolute value.
++// UnsignedAbs() - Absolute value as an equal-width unsigned underlying type
++// (valid for only integral types).
++// Max() - Returns whichever is greater of the current instance or argument.
++// The underlying return type is whichever has the greatest magnitude.
++// Min() - Returns whichever is lowest of the current instance or argument.
++// The underlying return type is whichever has can represent the lowest
++// number in the smallest width (e.g. int8_t over unsigned, int over
++// int8_t, and float over int).
++//
++// The following methods convert from CheckedNumeric to standard numeric values:
++// AssignIfValid() - Assigns the underlying value to the supplied destination
++// pointer if the value is currently valid and within the range
++// supported by the destination type. Returns true on success.
++// ****************************************************************************
++// * WARNING: All of the following functions return a StrictNumeric, which *
++// * is valid for comparison and assignment operations, but will trigger a *
++// * compile failure on attempts to assign to a type of insufficient range. *
++// ****************************************************************************
++// IsValid() - Returns true if the underlying numeric value is valid (i.e. has
++// has not wrapped and is not the result of an invalid conversion).
++// ValueOrDie() - Returns the underlying value. If the state is not valid this
++// call will crash on a CHECK.
++// ValueOrDefault() - Returns the current value, or the supplied default if the
++// state is not valid (will not trigger a CHECK).
++//
++// The following wrapper functions can be used to avoid the template
++// disambiguator syntax when converting a destination type.
++// IsValidForType<>() in place of: a.template IsValid<Dst>()
++// ValueOrDieForType<>() in place of: a.template ValueOrDie()
++// ValueOrDefaultForType<>() in place of: a.template ValueOrDefault(default)
++//
++// The following are general utility methods that are useful for converting
++// between arithmetic types and CheckedNumeric types:
++// CheckedNumeric::Cast<Dst>() - Instance method returning a CheckedNumeric
++// derived from casting the current instance to a CheckedNumeric of
++// the supplied destination type.
++// MakeCheckedNum() - Creates a new CheckedNumeric from the underlying type of
++// the supplied arithmetic, CheckedNumeric, or StrictNumeric type.
++//
++// Comparison operations are explicitly not supported because they could result
++// in a crash on an unexpected CHECK condition. You should use patterns like the
++// following for comparisons:
++// CheckedNumeric<size_t> checked_size = untrusted_input_value;
++// checked_size += HEADER LENGTH;
++// if (checked_size.IsValid() && checked_size.ValueOrDie() < buffer_size)
++// Do stuff...
++
++template <typename T>
++class CheckedNumeric {
++ static_assert(std::is_arithmetic<T>::value,
++ "CheckedNumeric<T>: T must be a numeric type.");
++
++ public:
++ using type = T;
++
++ constexpr CheckedNumeric() = default;
++
++ // Copy constructor.
++ template <typename Src>
++ constexpr CheckedNumeric(const CheckedNumeric<Src>& rhs)
++ : state_(rhs.state_.value(), rhs.IsValid()) {}
++
++ template <typename Src>
++ friend class CheckedNumeric;
++
++ // This is not an explicit constructor because we implicitly upgrade regular
++ // numerics to CheckedNumerics to make them easier to use.
++ template <typename Src>
++ constexpr CheckedNumeric(Src value) // NOLINT(runtime/explicit)
++ : state_(value) {
++ static_assert(std::is_arithmetic<Src>::value, "Argument must be numeric.");
++ }
++
++ // This is not an explicit constructor because we want a seamless conversion
++ // from StrictNumeric types.
++ template <typename Src>
++ constexpr CheckedNumeric(
++ StrictNumeric<Src> value) // NOLINT(runtime/explicit)
++ : state_(static_cast<Src>(value)) {}
++
++ // IsValid() - The public API to test if a CheckedNumeric is currently valid.
++ // A range checked destination type can be supplied using the Dst template
++ // parameter.
++ template <typename Dst = T>
++ constexpr bool IsValid() const {
++ return state_.is_valid() &&
++ IsValueInRangeForNumericType<Dst>(state_.value());
++ }
++
++ // AssignIfValid(Dst) - Assigns the underlying value if it is currently valid
++ // and is within the range supported by the destination type. Returns true if
++ // successful and false otherwise.
++ template <typename Dst>
++ constexpr bool AssignIfValid(Dst* result) const {
++ return IsValid<Dst>() ? ((*result = static_cast<Dst>(state_.value())), true)
++ : false;
++ }
++
++ // ValueOrDie() - The primary accessor for the underlying value. If the
++ // current state is not valid it will CHECK and crash.
++ // A range checked destination type can be supplied using the Dst template
++ // parameter, which will trigger a CHECK if the value is not in bounds for
++ // the destination.
++ // The CHECK behavior can be overridden by supplying a handler as a
++ // template parameter, for test code, etc. However, the handler cannot access
++ // the underlying value, and it is not available through other means.
++ template <typename Dst = T, class CheckHandler = CheckOnFailure>
++ constexpr StrictNumeric<Dst> ValueOrDie() const {
++ return IsValid<Dst>() ? static_cast<Dst>(state_.value())
++ : CheckHandler::template HandleFailure<Dst>();
++ }
++
++ // ValueOrDefault(T default_value) - A convenience method that returns the
++ // current value if the state is valid, and the supplied default_value for
++ // any other state.
++ // A range checked destination type can be supplied using the Dst template
++ // parameter. WARNING: This function may fail to compile or CHECK at runtime
++ // if the supplied default_value is not within range of the destination type.
++ template <typename Dst = T, typename Src>
++ constexpr StrictNumeric<Dst> ValueOrDefault(const Src default_value) const {
++ return IsValid<Dst>() ? static_cast<Dst>(state_.value())
++ : checked_cast<Dst>(default_value);
++ }
++
++ // Returns a checked numeric of the specified type, cast from the current
++ // CheckedNumeric. If the current state is invalid or the destination cannot
++ // represent the result then the returned CheckedNumeric will be invalid.
++ template <typename Dst>
++ constexpr CheckedNumeric<typename UnderlyingType<Dst>::type> Cast() const {
++ return *this;
++ }
++
++ // This friend method is available solely for providing more detailed logging
++ // in the tests. Do not implement it in production code, because the
++ // underlying values may change at any time.
++ template <typename U>
++ friend U GetNumericValueForTest(const CheckedNumeric<U>& src);
++
++ // Prototypes for the supported arithmetic operator overloads.
++ template <typename Src>
++ CheckedNumeric& operator+=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator-=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator*=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator/=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator%=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator<<=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator>>=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator&=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator|=(const Src rhs);
++ template <typename Src>
++ CheckedNumeric& operator^=(const Src rhs);
++
++ constexpr CheckedNumeric operator-() const {
++ return CheckedNumeric<T>(
++ NegateWrapper(state_.value()),
++ IsValid() &&
++ (!std::is_signed<T>::value || std::is_floating_point<T>::value ||
++ NegateWrapper(state_.value()) !=
++ std::numeric_limits<T>::lowest()));
++ }
++
++ constexpr CheckedNumeric operator~() const {
++ return CheckedNumeric<decltype(InvertWrapper(T()))>(
++ InvertWrapper(state_.value()), IsValid());
++ }
++
++ constexpr CheckedNumeric Abs() const {
++ return CheckedNumeric<T>(
++ AbsWrapper(state_.value()),
++ IsValid() &&
++ (!std::is_signed<T>::value || std::is_floating_point<T>::value ||
++ AbsWrapper(state_.value()) != std::numeric_limits<T>::lowest()));
++ }
++
++ template <typename U>
++ constexpr CheckedNumeric<typename MathWrapper<CheckedMaxOp, T, U>::type> Max(
++ const U rhs) const {
++ using R = typename UnderlyingType<U>::type;
++ using result_type = typename MathWrapper<CheckedMaxOp, T, U>::type;
++ // TODO(jschuh): This can be converted to the MathOp version and remain
++ // constexpr once we have C++14 support.
++ return CheckedNumeric<result_type>(
++ static_cast<result_type>(
++ IsGreater<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
++ ? state_.value()
++ : Wrapper<U>::value(rhs)),
++ state_.is_valid() && Wrapper<U>::is_valid(rhs));
++ }
++
++ template <typename U>
++ constexpr CheckedNumeric<typename MathWrapper<CheckedMinOp, T, U>::type> Min(
++ const U rhs) const {
++ using R = typename UnderlyingType<U>::type;
++ using result_type = typename MathWrapper<CheckedMinOp, T, U>::type;
++ // TODO(jschuh): This can be converted to the MathOp version and remain
++ // constexpr once we have C++14 support.
++ return CheckedNumeric<result_type>(
++ static_cast<result_type>(
++ IsLess<T, R>::Test(state_.value(), Wrapper<U>::value(rhs))
++ ? state_.value()
++ : Wrapper<U>::value(rhs)),
++ state_.is_valid() && Wrapper<U>::is_valid(rhs));
++ }
++
++ // This function is available only for integral types. It returns an unsigned
++ // integer of the same width as the source type, containing the absolute value
++ // of the source, and properly handling signed min.
++ constexpr CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>
++ UnsignedAbs() const {
++ return CheckedNumeric<typename UnsignedOrFloatForSize<T>::type>(
++ SafeUnsignedAbs(state_.value()), state_.is_valid());
++ }
++
++ CheckedNumeric& operator++() {
++ *this += 1;
++ return *this;
++ }
++
++ CheckedNumeric operator++(int) {
++ CheckedNumeric value = *this;
++ *this += 1;
++ return value;
++ }
++
++ CheckedNumeric& operator--() {
++ *this -= 1;
++ return *this;
++ }
++
++ CheckedNumeric operator--(int) {
++ CheckedNumeric value = *this;
++ *this -= 1;
++ return value;
++ }
++
++ // These perform the actual math operations on the CheckedNumerics.
++ // Binary arithmetic operations.
++ template <template <typename, typename, typename> class M,
++ typename L,
++ typename R>
++ static CheckedNumeric MathOp(const L lhs, const R rhs) {
++ using Math = typename MathWrapper<M, L, R>::math;
++ T result = 0;
++ bool is_valid =
++ Wrapper<L>::is_valid(lhs) && Wrapper<R>::is_valid(rhs) &&
++ Math::Do(Wrapper<L>::value(lhs), Wrapper<R>::value(rhs), &result);
++ return CheckedNumeric<T>(result, is_valid);
++ }
++
++ // Assignment arithmetic operations.
++ template <template <typename, typename, typename> class M, typename R>
++ CheckedNumeric& MathOp(const R rhs) {
++ using Math = typename MathWrapper<M, T, R>::math;
++ T result = 0; // Using T as the destination saves a range check.
++ bool is_valid = state_.is_valid() && Wrapper<R>::is_valid(rhs) &&
++ Math::Do(state_.value(), Wrapper<R>::value(rhs), &result);
++ *this = CheckedNumeric<T>(result, is_valid);
++ return *this;
++ }
++
++ private:
++ CheckedNumericState<T> state_;
++
++ template <typename Src>
++ constexpr CheckedNumeric(Src value, bool is_valid)
++ : state_(value, is_valid) {}
++
++ // These wrappers allow us to handle state the same way for both
++ // CheckedNumeric and POD arithmetic types.
++ template <typename Src>
++ struct Wrapper {
++ static constexpr bool is_valid(Src) { return true; }
++ static constexpr Src value(Src value) { return value; }
++ };
++
++ template <typename Src>
++ struct Wrapper<CheckedNumeric<Src>> {
++ static constexpr bool is_valid(const CheckedNumeric<Src> v) {
++ return v.IsValid();
++ }
++ static constexpr Src value(const CheckedNumeric<Src> v) {
++ return v.state_.value();
++ }
++ };
++
++ template <typename Src>
++ struct Wrapper<StrictNumeric<Src>> {
++ static constexpr bool is_valid(const StrictNumeric<Src>) { return true; }
++ static constexpr Src value(const StrictNumeric<Src> v) {
++ return static_cast<Src>(v);
++ }
++ };
++};
++
++// Convenience functions to avoid the ugly template disambiguator syntax.
++template <typename Dst, typename Src>
++constexpr bool IsValidForType(const CheckedNumeric<Src> value) {
++ return value.template IsValid<Dst>();
++}
++
++template <typename Dst, typename Src>
++constexpr StrictNumeric<Dst> ValueOrDieForType(
++ const CheckedNumeric<Src> value) {
++ return value.template ValueOrDie<Dst>();
++}
++
++template <typename Dst, typename Src, typename Default>
++constexpr StrictNumeric<Dst> ValueOrDefaultForType(
++ const CheckedNumeric<Src> value,
++ const Default default_value) {
++ return value.template ValueOrDefault<Dst>(default_value);
++}
++
++// These variadic templates work out the return types.
++// TODO(jschuh): Rip all this out once we have C++14 non-trailing auto support.
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R,
++ typename... Args>
++struct ResultType;
++
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R>
++struct ResultType<M, L, R> {
++ using type = typename MathWrapper<M, L, R>::type;
++};
++
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R,
++ typename... Args>
++struct ResultType {
++ using type =
++ typename ResultType<M, typename ResultType<M, L, R>::type, Args...>::type;
++};
++
++// Convience wrapper to return a new CheckedNumeric from the provided arithmetic
++// or CheckedNumericType.
++template <typename T>
++constexpr CheckedNumeric<typename UnderlyingType<T>::type> MakeCheckedNum(
++ const T value) {
++ return value;
++}
++
++// These implement the variadic wrapper for the math operations.
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R>
++CheckedNumeric<typename MathWrapper<M, L, R>::type> ChkMathOp(const L lhs,
++ const R rhs) {
++ using Math = typename MathWrapper<M, L, R>::math;
++ return CheckedNumeric<typename Math::result_type>::template MathOp<M>(lhs,
++ rhs);
++}
++
++// General purpose wrapper template for arithmetic operations.
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R,
++ typename... Args>
++CheckedNumeric<typename ResultType<M, L, R, Args...>::type>
++ChkMathOp(const L lhs, const R rhs, const Args... args) {
++ auto tmp = ChkMathOp<M>(lhs, rhs);
++ return tmp.IsValid() ? ChkMathOp<M>(tmp, args...)
++ : decltype(ChkMathOp<M>(tmp, args...))(tmp);
++}
++
++// The following macros are just boilerplate for the standard arithmetic
++// operator overloads and variadic function templates. A macro isn't the nicest
++// solution, but it beats rewriting these over and over again.
++#define BASE_NUMERIC_ARITHMETIC_VARIADIC(NAME) \
++ template <typename L, typename R, typename... Args> \
++ CheckedNumeric<typename ResultType<Checked##NAME##Op, L, R, Args...>::type> \
++ Check##NAME(const L lhs, const R rhs, const Args... args) { \
++ return ChkMathOp<Checked##NAME##Op, L, R, Args...>(lhs, rhs, args...); \
++ }
++
++#define BASE_NUMERIC_ARITHMETIC_OPERATORS(NAME, OP, COMPOUND_OP) \
++ /* Binary arithmetic operator for all CheckedNumeric operations. */ \
++ template <typename L, typename R, \
++ typename std::enable_if<IsCheckedOp<L, R>::value>::type* = \
++ nullptr> \
++ CheckedNumeric<typename MathWrapper<Checked##NAME##Op, L, R>::type> \
++ operator OP(const L lhs, const R rhs) { \
++ return decltype(lhs OP rhs)::template MathOp<Checked##NAME##Op>(lhs, rhs); \
++ } \
++ /* Assignment arithmetic operator implementation from CheckedNumeric. */ \
++ template <typename L> \
++ template <typename R> \
++ CheckedNumeric<L>& CheckedNumeric<L>::operator COMPOUND_OP(const R rhs) { \
++ return MathOp<Checked##NAME##Op>(rhs); \
++ } \
++ /* Variadic arithmetic functions that return CheckedNumeric. */ \
++ BASE_NUMERIC_ARITHMETIC_VARIADIC(NAME)
++
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Add, +, +=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Sub, -, -=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Mul, *, *=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Div, /, /=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Mod, %, %=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Lsh, <<, <<=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Rsh, >>, >>=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(And, &, &=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Or, |, |=)
++BASE_NUMERIC_ARITHMETIC_OPERATORS(Xor, ^, ^=)
++BASE_NUMERIC_ARITHMETIC_VARIADIC(Max)
++BASE_NUMERIC_ARITHMETIC_VARIADIC(Min)
++
++#undef BASE_NUMERIC_ARITHMETIC_VARIADIC
++#undef BASE_NUMERIC_ARITHMETIC_OPERATORS
++
++// These are some extra StrictNumeric operators to support simple pointer
++// arithmetic with our result types. Since wrapping on a pointer is always
++// bad, we trigger the CHECK condition here.
++template <typename L, typename R>
++L* operator+(L* lhs, const StrictNumeric<R> rhs) {
++ uintptr_t result = CheckAdd(reinterpret_cast<uintptr_t>(lhs),
++ CheckMul(sizeof(L), static_cast<R>(rhs)))
++ .template ValueOrDie<uintptr_t>();
++ return reinterpret_cast<L*>(result);
++}
++
++template <typename L, typename R>
++L* operator-(L* lhs, const StrictNumeric<R> rhs) {
++ uintptr_t result = CheckSub(reinterpret_cast<uintptr_t>(lhs),
++ CheckMul(sizeof(L), static_cast<R>(rhs)))
++ .template ValueOrDie<uintptr_t>();
++ return reinterpret_cast<L*>(result);
++}
++
++} // namespace internal
++
++using internal::CheckedNumeric;
++using internal::IsValidForType;
++using internal::ValueOrDieForType;
++using internal::ValueOrDefaultForType;
++using internal::MakeCheckedNum;
++using internal::CheckMax;
++using internal::CheckMin;
++using internal::CheckAdd;
++using internal::CheckSub;
++using internal::CheckMul;
++using internal::CheckDiv;
++using internal::CheckMod;
++using internal::CheckLsh;
++using internal::CheckRsh;
++using internal::CheckAnd;
++using internal::CheckOr;
++using internal::CheckXor;
++
++} // namespace base
++} // namespace pdfium
+
+ #endif // THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_arm_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_arm_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_arm_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_arm_impl.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,124 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_ARM_IMPL_H_
+-#define THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_ARM_IMPL_H_
+-
+-#include <cassert>
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/safe_conversions.h"
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-template <typename T, typename U>
+-struct CheckedMulFastAsmOp {
+- static const bool is_supported =
+- FastIntegerArithmeticPromotion<T, U>::is_contained;
+-
+- // The following is much more efficient than the Clang and GCC builtins for
+- // performing overflow-checked multiplication when a twice wider type is
+- // available. The below compiles down to 2-3 instructions, depending on the
+- // width of the types in use.
+- // As an example, an int32_t multiply compiles to:
+- // smull r0, r1, r0, r1
+- // cmp r1, r1, asr #31
+- // And an int16_t multiply compiles to:
+- // smulbb r1, r1, r0
+- // asr r2, r1, #16
+- // cmp r2, r1, asr #15
+- template <typename V>
+- __attribute__((always_inline)) static bool Do(T x, U y, V* result) {
+- using Promotion = typename FastIntegerArithmeticPromotion<T, U>::type;
+- Promotion presult;
+-
+- presult = static_cast<Promotion>(x) * static_cast<Promotion>(y);
+- *result = static_cast<V>(presult);
+- return IsValueInRangeForNumericType<V>(presult);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedAddFastAsmOp {
+- static const bool is_supported =
+- BigEnoughPromotion<T, U>::is_contained &&
+- IsTypeInRangeForNumericType<
+- int32_t,
+- typename BigEnoughPromotion<T, U>::type>::value;
+-
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- // This will get promoted to an int, so let the compiler do whatever is
+- // clever and rely on the saturated cast to bounds check.
+- if (IsIntegerArithmeticSafe<int, T, U>::value)
+- return saturated_cast<V>(x + y);
+-
+- int32_t result;
+- int32_t x_i32 = checked_cast<int32_t>(x);
+- int32_t y_i32 = checked_cast<int32_t>(y);
+-
+- asm("qadd %[result], %[first], %[second]"
+- : [result] "=r"(result)
+- : [first] "r"(x_i32), [second] "r"(y_i32));
+- return saturated_cast<V>(result);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedSubFastAsmOp {
+- static const bool is_supported =
+- BigEnoughPromotion<T, U>::is_contained &&
+- IsTypeInRangeForNumericType<
+- int32_t,
+- typename BigEnoughPromotion<T, U>::type>::value;
+-
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- // This will get promoted to an int, so let the compiler do whatever is
+- // clever and rely on the saturated cast to bounds check.
+- if (IsIntegerArithmeticSafe<int, T, U>::value)
+- return saturated_cast<V>(x - y);
+-
+- int32_t result;
+- int32_t x_i32 = checked_cast<int32_t>(x);
+- int32_t y_i32 = checked_cast<int32_t>(y);
+-
+- asm("qsub %[result], %[first], %[second]"
+- : [result] "=r"(result)
+- : [first] "r"(x_i32), [second] "r"(y_i32));
+- return saturated_cast<V>(result);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedMulFastAsmOp {
+- static const bool is_supported = CheckedMulFastAsmOp<T, U>::is_supported;
+-
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- // Use the CheckedMulFastAsmOp for full-width 32-bit values, because
+- // it's fewer instructions than promoting and then saturating.
+- if (!IsIntegerArithmeticSafe<int32_t, T, U>::value &&
+- !IsIntegerArithmeticSafe<uint32_t, T, U>::value) {
+- V result;
+- if (CheckedMulFastAsmOp<T, U>::Do(x, y, &result))
+- return result;
+- return CommonMaxOrMin<V>(IsValueNegative(x) ^ IsValueNegative(y));
+- }
+-
+- assert((FastIntegerArithmeticPromotion<T, U>::is_contained));
+- using Promotion = typename FastIntegerArithmeticPromotion<T, U>::type;
+- return saturated_cast<V>(static_cast<Promotion>(x) *
+- static_cast<Promotion>(y));
+- }
+-};
+-
+-} // namespace internal
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_ARM_IMPL_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_clang_gcc_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_clang_gcc_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_clang_gcc_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_clang_gcc_impl.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,159 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_CLANG_GCC_IMPL_H_
+-#define THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_CLANG_GCC_IMPL_H_
+-
+-#include <cassert>
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/safe_conversions.h"
+-
+-#if !defined(__native_client__) && (defined(__ARMEL__) || defined(__arch64__))
+-#include "third_party/base/numerics/safe_math_arm_impl.h"
+-#define BASE_HAS_ASSEMBLER_SAFE_MATH (1)
+-#else
+-#define BASE_HAS_ASSEMBLER_SAFE_MATH (0)
+-#endif
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-// These are the non-functioning boilerplate implementations of the optimized
+-// safe math routines.
+-#if !BASE_HAS_ASSEMBLER_SAFE_MATH
+-template <typename T, typename U>
+-struct CheckedMulFastAsmOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr bool Do(T, U, V*) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<bool>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedAddFastAsmOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedSubFastAsmOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedMulFastAsmOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-#endif // BASE_HAS_ASSEMBLER_SAFE_MATH
+-#undef BASE_HAS_ASSEMBLER_SAFE_MATH
+-
+-template <typename T, typename U>
+-struct CheckedAddFastOp {
+- static const bool is_supported = true;
+- template <typename V>
+- __attribute__((always_inline)) static constexpr bool Do(T x, U y, V* result) {
+- return !__builtin_add_overflow(x, y, result);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct CheckedSubFastOp {
+- static const bool is_supported = true;
+- template <typename V>
+- __attribute__((always_inline)) static constexpr bool Do(T x, U y, V* result) {
+- return !__builtin_sub_overflow(x, y, result);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct CheckedMulFastOp {
+-#if defined(__clang__)
+- // TODO(jschuh): Get the Clang runtime library issues sorted out so we can
+- // support full-width, mixed-sign multiply builtins.
+- // https://crbug.com/613003
+- // We can support intptr_t, uintptr_t, or a smaller common type.
+- static const bool is_supported =
+- (IsTypeInRangeForNumericType<intptr_t, T>::value &&
+- IsTypeInRangeForNumericType<intptr_t, U>::value) ||
+- (IsTypeInRangeForNumericType<uintptr_t, T>::value &&
+- IsTypeInRangeForNumericType<uintptr_t, U>::value);
+-#else
+- static const bool is_supported = true;
+-#endif
+- template <typename V>
+- __attribute__((always_inline)) static constexpr bool Do(T x, U y, V* result) {
+- return CheckedMulFastAsmOp<T, U>::is_supported
+- ? CheckedMulFastAsmOp<T, U>::Do(x, y, result)
+- : !__builtin_mul_overflow(x, y, result);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedAddFastOp {
+- static const bool is_supported = ClampedAddFastAsmOp<T, U>::is_supported;
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- return ClampedAddFastAsmOp<T, U>::template Do<V>(x, y);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedSubFastOp {
+- static const bool is_supported = ClampedSubFastAsmOp<T, U>::is_supported;
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- return ClampedSubFastAsmOp<T, U>::template Do<V>(x, y);
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedMulFastOp {
+- static const bool is_supported = ClampedMulFastAsmOp<T, U>::is_supported;
+- template <typename V>
+- __attribute__((always_inline)) static V Do(T x, U y) {
+- return ClampedMulFastAsmOp<T, U>::template Do<V>(x, y);
+- }
+-};
+-
+-template <typename T>
+-struct ClampedNegFastOp {
+- static const bool is_supported = std::is_signed<T>::value;
+- __attribute__((always_inline)) static T Do(T value) {
+- // Use this when there is no assembler path available.
+- if (!ClampedSubFastAsmOp<T, T>::is_supported) {
+- T result;
+- return !__builtin_sub_overflow(T(0), value, &result)
+- ? result
+- : std::numeric_limits<T>::max();
+- }
+-
+- // Fallback to the normal subtraction path.
+- return ClampedSubFastOp<T, T>::template Do<T>(T(0), value);
+- }
+-};
+-
+-} // namespace internal
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_CLANG_GCC_IMPL_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_impl.h 1970-01-01 01:00:00.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_impl.h 2020-05-02 03:06:13.000000000 +0200
+@@ -0,0 +1,647 @@
++// Copyright 2014 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_IMPL_H_
++#define THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_IMPL_H_
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include <climits>
++#include <cmath>
++#include <cstdlib>
++#include <limits>
++#include <type_traits>
++
++#include "third_party/base/numerics/safe_conversions.h"
++
++namespace pdfium {
++namespace base {
++namespace internal {
++
++// Everything from here up to the floating point operations is portable C++,
++// but it may not be fast. This code could be split based on
++// platform/architecture and replaced with potentially faster implementations.
++
++// This is used for UnsignedAbs, where we need to support floating-point
++// template instantiations even though we don't actually support the operations.
++// However, there is no corresponding implementation of e.g. SafeUnsignedAbs,
++// so the float versions will not compile.
++template <typename Numeric,
++ bool IsInteger = std::is_integral<Numeric>::value,
++ bool IsFloat = std::is_floating_point<Numeric>::value>
++struct UnsignedOrFloatForSize;
++
++template <typename Numeric>
++struct UnsignedOrFloatForSize<Numeric, true, false> {
++ using type = typename std::make_unsigned<Numeric>::type;
++};
++
++template <typename Numeric>
++struct UnsignedOrFloatForSize<Numeric, false, true> {
++ using type = Numeric;
++};
++
++// Probe for builtin math overflow support on Clang and version check on GCC.
++#if defined(EMSCRIPTEN)
++// Emscripten Clang reports that it has the builtins, it may be lowered to an
++// instruction that is unsupported in asm.js
++#define USE_OVERFLOW_BUILTINS (0)
++#elif defined(__has_builtin)
++#define USE_OVERFLOW_BUILTINS (__has_builtin(__builtin_add_overflow))
++#elif defined(__GNUC__)
++#define USE_OVERFLOW_BUILTINS (__GNUC__ >= 5)
++#else
++#define USE_OVERFLOW_BUILTINS (0)
++#endif
++
++template <typename T>
++bool CheckedAddImpl(T x, T y, T* result) {
++ static_assert(std::is_integral<T>::value, "Type must be integral");
++ // Since the value of x+y is undefined if we have a signed type, we compute
++ // it using the unsigned type of the same size.
++ using UnsignedDst = typename std::make_unsigned<T>::type;
++ using SignedDst = typename std::make_signed<T>::type;
++ auto ux = static_cast<UnsignedDst>(x);
++ auto uy = static_cast<UnsignedDst>(y);
++ auto uresult = static_cast<UnsignedDst>(ux + uy);
++ *result = static_cast<T>(uresult);
++ // Addition is valid if the sign of (x + y) is equal to either that of x or
++ // that of y.
++ return (std::is_signed<T>::value)
++ ? static_cast<SignedDst>((uresult ^ ux) & (uresult ^ uy)) >= 0
++ : uresult >= uy; // Unsigned is either valid or underflow.
++}
++
++template <typename T, typename U, class Enable = void>
++struct CheckedAddOp {};
++
++template <typename T, typename U>
++struct CheckedAddOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V>
++ static bool Do(T x, U y, V* result) {
++#if USE_OVERFLOW_BUILTINS
++ return !__builtin_add_overflow(x, y, result);
++#else
++ using Promotion = typename BigEnoughPromotion<T, U>::type;
++ Promotion presult;
++ // Fail if either operand is out of range for the promoted type.
++ // TODO(jschuh): This could be made to work for a broader range of values.
++ bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
++ IsValueInRangeForNumericType<Promotion>(y);
++
++ if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
++ presult = static_cast<Promotion>(x) + static_cast<Promotion>(y);
++ } else {
++ is_valid &= CheckedAddImpl(static_cast<Promotion>(x),
++ static_cast<Promotion>(y), &presult);
++ }
++ *result = static_cast<V>(presult);
++ return is_valid && IsValueInRangeForNumericType<V>(presult);
++#endif
++ }
++};
++
++template <typename T>
++bool CheckedSubImpl(T x, T y, T* result) {
++ static_assert(std::is_integral<T>::value, "Type must be integral");
++ // Since the value of x+y is undefined if we have a signed type, we compute
++ // it using the unsigned type of the same size.
++ using UnsignedDst = typename std::make_unsigned<T>::type;
++ using SignedDst = typename std::make_signed<T>::type;
++ auto ux = static_cast<UnsignedDst>(x);
++ auto uy = static_cast<UnsignedDst>(y);
++ auto uresult = static_cast<UnsignedDst>(ux - uy);
++ *result = static_cast<T>(uresult);
++ // Subtraction is valid if either x and y have same sign, or (x-y) and x have
++ // the same sign.
++ return (std::is_signed<T>::value)
++ ? static_cast<SignedDst>((uresult ^ ux) & (ux ^ uy)) >= 0
++ : x >= y;
++}
++
++template <typename T, typename U, class Enable = void>
++struct CheckedSubOp {};
++
++template <typename T, typename U>
++struct CheckedSubOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V>
++ static bool Do(T x, U y, V* result) {
++#if USE_OVERFLOW_BUILTINS
++ return !__builtin_sub_overflow(x, y, result);
++#else
++ using Promotion = typename BigEnoughPromotion<T, U>::type;
++ Promotion presult;
++ // Fail if either operand is out of range for the promoted type.
++ // TODO(jschuh): This could be made to work for a broader range of values.
++ bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
++ IsValueInRangeForNumericType<Promotion>(y);
++
++ if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
++ presult = static_cast<Promotion>(x) - static_cast<Promotion>(y);
++ } else {
++ is_valid &= CheckedSubImpl(static_cast<Promotion>(x),
++ static_cast<Promotion>(y), &presult);
++ }
++ *result = static_cast<V>(presult);
++ return is_valid && IsValueInRangeForNumericType<V>(presult);
++#endif
++ }
++};
++
++template <typename T>
++bool CheckedMulImpl(T x, T y, T* result) {
++ static_assert(std::is_integral<T>::value, "Type must be integral");
++ // Since the value of x*y is potentially undefined if we have a signed type,
++ // we compute it using the unsigned type of the same size.
++ using UnsignedDst = typename std::make_unsigned<T>::type;
++ using SignedDst = typename std::make_signed<T>::type;
++ const UnsignedDst ux = SafeUnsignedAbs(x);
++ const UnsignedDst uy = SafeUnsignedAbs(y);
++ auto uresult = static_cast<UnsignedDst>(ux * uy);
++ const bool is_negative =
++ std::is_signed<T>::value && static_cast<SignedDst>(x ^ y) < 0;
++ *result = is_negative ? 0 - uresult : uresult;
++ // We have a fast out for unsigned identity or zero on the second operand.
++ // After that it's an unsigned overflow check on the absolute value, with
++ // a +1 bound for a negative result.
++ return uy <= UnsignedDst(!std::is_signed<T>::value || is_negative) ||
++ ux <= (std::numeric_limits<T>::max() + UnsignedDst(is_negative)) / uy;
++}
++
++template <typename T, typename U, class Enable = void>
++struct CheckedMulOp {};
++
++template <typename T, typename U>
++struct CheckedMulOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V>
++ static bool Do(T x, U y, V* result) {
++#if USE_OVERFLOW_BUILTINS
++#if defined(__clang__)
++ // TODO(jschuh): Get the Clang runtime library issues sorted out so we can
++ // support full-width, mixed-sign multiply builtins.
++ // https://crbug.com/613003
++ static const bool kUseMaxInt =
++ // Narrower type than uintptr_t is always safe.
++ std::numeric_limits<__typeof__(x * y)>::digits <
++ std::numeric_limits<intptr_t>::digits ||
++ // Safe for intptr_t and uintptr_t if the sign matches.
++ (IntegerBitsPlusSign<__typeof__(x * y)>::value ==
++ IntegerBitsPlusSign<intptr_t>::value &&
++ std::is_signed<T>::value == std::is_signed<U>::value);
++#else
++ static const bool kUseMaxInt = true;
++#endif
++ if (kUseMaxInt)
++ return !__builtin_mul_overflow(x, y, result);
++#endif
++ using Promotion = typename FastIntegerArithmeticPromotion<T, U>::type;
++ Promotion presult;
++ // Fail if either operand is out of range for the promoted type.
++ // TODO(jschuh): This could be made to work for a broader range of values.
++ bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
++ IsValueInRangeForNumericType<Promotion>(y);
++
++ if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
++ presult = static_cast<Promotion>(x) * static_cast<Promotion>(y);
++ } else {
++ is_valid &= CheckedMulImpl(static_cast<Promotion>(x),
++ static_cast<Promotion>(y), &presult);
++ }
++ *result = static_cast<V>(presult);
++ return is_valid && IsValueInRangeForNumericType<V>(presult);
++ }
++};
++
++// Avoid poluting the namespace once we're done with the macro.
++#undef USE_OVERFLOW_BUILTINS
++
++// Division just requires a check for a zero denominator or an invalid negation
++// on signed min/-1.
++template <typename T>
++bool CheckedDivImpl(T x, T y, T* result) {
++ static_assert(std::is_integral<T>::value, "Type must be integral");
++ if (y && (!std::is_signed<T>::value ||
++ x != std::numeric_limits<T>::lowest() || y != static_cast<T>(-1))) {
++ *result = x / y;
++ return true;
++ }
++ return false;
++}
++
++template <typename T, typename U, class Enable = void>
++struct CheckedDivOp {};
++
++template <typename T, typename U>
++struct CheckedDivOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V>
++ static bool Do(T x, U y, V* result) {
++ using Promotion = typename BigEnoughPromotion<T, U>::type;
++ Promotion presult;
++ // Fail if either operand is out of range for the promoted type.
++ // TODO(jschuh): This could be made to work for a broader range of values.
++ bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
++ IsValueInRangeForNumericType<Promotion>(y);
++ is_valid &= CheckedDivImpl(static_cast<Promotion>(x),
++ static_cast<Promotion>(y), &presult);
++ *result = static_cast<V>(presult);
++ return is_valid && IsValueInRangeForNumericType<V>(presult);
++ }
++};
++
++template <typename T>
++bool CheckedModImpl(T x, T y, T* result) {
++ static_assert(std::is_integral<T>::value, "Type must be integral");
++ if (y > 0) {
++ *result = static_cast<T>(x % y);
++ return true;
++ }
++ return false;
++}
++
++template <typename T, typename U, class Enable = void>
++struct CheckedModOp {};
++
++template <typename T, typename U>
++struct CheckedModOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V>
++ static bool Do(T x, U y, V* result) {
++ using Promotion = typename BigEnoughPromotion<T, U>::type;
++ Promotion presult;
++ bool is_valid = CheckedModImpl(static_cast<Promotion>(x),
++ static_cast<Promotion>(y), &presult);
++ *result = static_cast<V>(presult);
++ return is_valid && IsValueInRangeForNumericType<V>(presult);
++ }
++};
++
++template <typename T, typename U, class Enable = void>
++struct CheckedLshOp {};
++
++// Left shift. Shifts less than 0 or greater than or equal to the number
++// of bits in the promoted type are undefined. Shifts of negative values
++// are undefined. Otherwise it is defined when the result fits.
++template <typename T, typename U>
++struct CheckedLshOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = T;
++ template <typename V>
++ static bool Do(T x, U shift, V* result) {
++ using ShiftType = typename std::make_unsigned<T>::type;
++ static const ShiftType kBitWidth = IntegerBitsPlusSign<T>::value;
++ const auto real_shift = static_cast<ShiftType>(shift);
++ // Signed shift is not legal on negative values.
++ if (!IsValueNegative(x) && real_shift < kBitWidth) {
++ // Just use a multiplication because it's easy.
++ // TODO(jschuh): This could probably be made more efficient.
++ if (!std::is_signed<T>::value || real_shift != kBitWidth - 1)
++ return CheckedMulOp<T, T>::Do(x, static_cast<T>(1) << shift, result);
++ return !x; // Special case zero for a full width signed shift.
++ }
++ return false;
++ }
++};
++
++template <typename T, typename U, class Enable = void>
++struct CheckedRshOp {};
++
++// Right shift. Shifts less than 0 or greater than or equal to the number
++// of bits in the promoted type are undefined. Otherwise, it is always defined,
++// but a right shift of a negative value is implementation-dependent.
++template <typename T, typename U>
++struct CheckedRshOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = T;
++ template <typename V = result_type>
++ static bool Do(T x, U shift, V* result) {
++ // Use the type conversion push negative values out of range.
++ using ShiftType = typename std::make_unsigned<T>::type;
++ if (static_cast<ShiftType>(shift) < IntegerBitsPlusSign<T>::value) {
++ T tmp = x >> shift;
++ *result = static_cast<V>(tmp);
++ return IsValueInRangeForNumericType<V>(tmp);
++ }
++ return false;
++ }
++};
++
++template <typename T, typename U, class Enable = void>
++struct CheckedAndOp {};
++
++// For simplicity we support only unsigned integer results.
++template <typename T, typename U>
++struct CheckedAndOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename std::make_unsigned<
++ typename MaxExponentPromotion<T, U>::type>::type;
++ template <typename V = result_type>
++ static bool Do(T x, U y, V* result) {
++ result_type tmp = static_cast<result_type>(x) & static_cast<result_type>(y);
++ *result = static_cast<V>(tmp);
++ return IsValueInRangeForNumericType<V>(tmp);
++ }
++};
++
++template <typename T, typename U, class Enable = void>
++struct CheckedOrOp {};
++
++// For simplicity we support only unsigned integers.
++template <typename T, typename U>
++struct CheckedOrOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename std::make_unsigned<
++ typename MaxExponentPromotion<T, U>::type>::type;
++ template <typename V = result_type>
++ static bool Do(T x, U y, V* result) {
++ result_type tmp = static_cast<result_type>(x) | static_cast<result_type>(y);
++ *result = static_cast<V>(tmp);
++ return IsValueInRangeForNumericType<V>(tmp);
++ }
++};
++
++template <typename T, typename U, class Enable = void>
++struct CheckedXorOp {};
++
++// For simplicity we support only unsigned integers.
++template <typename T, typename U>
++struct CheckedXorOp<T,
++ U,
++ typename std::enable_if<std::is_integral<T>::value &&
++ std::is_integral<U>::value>::type> {
++ using result_type = typename std::make_unsigned<
++ typename MaxExponentPromotion<T, U>::type>::type;
++ template <typename V = result_type>
++ static bool Do(T x, U y, V* result) {
++ result_type tmp = static_cast<result_type>(x) ^ static_cast<result_type>(y);
++ *result = static_cast<V>(tmp);
++ return IsValueInRangeForNumericType<V>(tmp);
++ }
++};
++
++// Max doesn't really need to be implemented this way because it can't fail,
++// but it makes the code much cleaner to use the MathOp wrappers.
++template <typename T, typename U, class Enable = void>
++struct CheckedMaxOp {};
++
++template <typename T, typename U>
++struct CheckedMaxOp<
++ T,
++ U,
++ typename std::enable_if<std::is_arithmetic<T>::value &&
++ std::is_arithmetic<U>::value>::type> {
++ using result_type = typename MaxExponentPromotion<T, U>::type;
++ template <typename V = result_type>
++ static bool Do(T x, U y, V* result) {
++ *result = IsGreater<T, U>::Test(x, y) ? static_cast<result_type>(x)
++ : static_cast<result_type>(y);
++ return true;
++ }
++};
++
++// Min doesn't really need to be implemented this way because it can't fail,
++// but it makes the code much cleaner to use the MathOp wrappers.
++template <typename T, typename U, class Enable = void>
++struct CheckedMinOp {};
++
++template <typename T, typename U>
++struct CheckedMinOp<
++ T,
++ U,
++ typename std::enable_if<std::is_arithmetic<T>::value &&
++ std::is_arithmetic<U>::value>::type> {
++ using result_type = typename LowestValuePromotion<T, U>::type;
++ template <typename V = result_type>
++ static bool Do(T x, U y, V* result) {
++ *result = IsLess<T, U>::Test(x, y) ? static_cast<result_type>(x)
++ : static_cast<result_type>(y);
++ return true;
++ }
++};
++
++// This is just boilerplate that wraps the standard floating point arithmetic.
++// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
++#define BASE_FLOAT_ARITHMETIC_OPS(NAME, OP) \
++ template <typename T, typename U> \
++ struct Checked##NAME##Op< \
++ T, U, typename std::enable_if<std::is_floating_point<T>::value || \
++ std::is_floating_point<U>::value>::type> { \
++ using result_type = typename MaxExponentPromotion<T, U>::type; \
++ template <typename V> \
++ static bool Do(T x, U y, V* result) { \
++ using Promotion = typename MaxExponentPromotion<T, U>::type; \
++ Promotion presult = x OP y; \
++ *result = static_cast<V>(presult); \
++ return IsValueInRangeForNumericType<V>(presult); \
++ } \
++ };
++
++BASE_FLOAT_ARITHMETIC_OPS(Add, +)
++BASE_FLOAT_ARITHMETIC_OPS(Sub, -)
++BASE_FLOAT_ARITHMETIC_OPS(Mul, *)
++BASE_FLOAT_ARITHMETIC_OPS(Div, /)
++
++#undef BASE_FLOAT_ARITHMETIC_OPS
++
++// Wrap the unary operations to allow SFINAE when instantiating integrals versus
++// floating points. These don't perform any overflow checking. Rather, they
++// exhibit well-defined overflow semantics and rely on the caller to detect
++// if an overflow occured.
++
++template <typename T,
++ typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
++constexpr T NegateWrapper(T value) {
++ using UnsignedT = typename std::make_unsigned<T>::type;
++ // This will compile to a NEG on Intel, and is normal negation on ARM.
++ return static_cast<T>(UnsignedT(0) - static_cast<UnsignedT>(value));
++}
++
++template <
++ typename T,
++ typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
++constexpr T NegateWrapper(T value) {
++ return -value;
++}
++
++template <typename T,
++ typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
++constexpr typename std::make_unsigned<T>::type InvertWrapper(T value) {
++ return ~value;
++}
++
++template <typename T,
++ typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
++constexpr T AbsWrapper(T value) {
++ return static_cast<T>(SafeUnsignedAbs(value));
++}
++
++template <
++ typename T,
++ typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
++constexpr T AbsWrapper(T value) {
++ return value < 0 ? -value : value;
++}
++
++// Floats carry around their validity state with them, but integers do not. So,
++// we wrap the underlying value in a specialization in order to hide that detail
++// and expose an interface via accessors.
++enum NumericRepresentation {
++ NUMERIC_INTEGER,
++ NUMERIC_FLOATING,
++ NUMERIC_UNKNOWN
++};
++
++template <typename NumericType>
++struct GetNumericRepresentation {
++ static const NumericRepresentation value =
++ std::is_integral<NumericType>::value
++ ? NUMERIC_INTEGER
++ : (std::is_floating_point<NumericType>::value ? NUMERIC_FLOATING
++ : NUMERIC_UNKNOWN);
++};
++
++template <typename T, NumericRepresentation type =
++ GetNumericRepresentation<T>::value>
++class CheckedNumericState {};
++
++// Integrals require quite a bit of additional housekeeping to manage state.
++template <typename T>
++class CheckedNumericState<T, NUMERIC_INTEGER> {
++ private:
++ // is_valid_ precedes value_ because member intializers in the constructors
++ // are evaluated in field order, and is_valid_ must be read when initializing
++ // value_.
++ bool is_valid_;
++ T value_;
++
++ // Ensures that a type conversion does not trigger undefined behavior.
++ template <typename Src>
++ static constexpr T WellDefinedConversionOrZero(const Src value,
++ const bool is_valid) {
++ using SrcType = typename internal::UnderlyingType<Src>::type;
++ return (std::is_integral<SrcType>::value || is_valid)
++ ? static_cast<T>(value)
++ : static_cast<T>(0);
++ }
++
++ public:
++ template <typename Src, NumericRepresentation type>
++ friend class CheckedNumericState;
++
++ constexpr CheckedNumericState() : is_valid_(true), value_(0) {}
++
++ template <typename Src>
++ constexpr CheckedNumericState(Src value, bool is_valid)
++ : is_valid_(is_valid && IsValueInRangeForNumericType<T>(value)),
++ value_(WellDefinedConversionOrZero(value, is_valid_)) {
++ static_assert(std::is_arithmetic<Src>::value, "Argument must be numeric.");
++ }
++
++ // Copy constructor.
++ template <typename Src>
++ constexpr CheckedNumericState(const CheckedNumericState<Src>& rhs)
++ : is_valid_(rhs.IsValid()),
++ value_(WellDefinedConversionOrZero(rhs.value(), is_valid_)) {}
++
++ template <typename Src>
++ constexpr explicit CheckedNumericState(Src value)
++ : is_valid_(IsValueInRangeForNumericType<T>(value)),
++ value_(WellDefinedConversionOrZero(value, is_valid_)) {}
++
++ constexpr bool is_valid() const { return is_valid_; }
++ constexpr T value() const { return value_; }
++};
++
++// Floating points maintain their own validity, but need translation wrappers.
++template <typename T>
++class CheckedNumericState<T, NUMERIC_FLOATING> {
++ private:
++ T value_;
++
++ // Ensures that a type conversion does not trigger undefined behavior.
++ template <typename Src>
++ static constexpr T WellDefinedConversionOrNaN(const Src value,
++ const bool is_valid) {
++ using SrcType = typename internal::UnderlyingType<Src>::type;
++ return (StaticDstRangeRelationToSrcRange<T, SrcType>::value ==
++ NUMERIC_RANGE_CONTAINED ||
++ is_valid)
++ ? static_cast<T>(value)
++ : std::numeric_limits<T>::quiet_NaN();
++ }
++
++ public:
++ template <typename Src, NumericRepresentation type>
++ friend class CheckedNumericState;
++
++ constexpr CheckedNumericState() : value_(0.0) {}
++
++ template <typename Src>
++ constexpr CheckedNumericState(Src value, bool is_valid)
++ : value_(WellDefinedConversionOrNaN(value, is_valid)) {}
++
++ template <typename Src>
++ constexpr explicit CheckedNumericState(Src value)
++ : value_(WellDefinedConversionOrNaN(
++ value,
++ IsValueInRangeForNumericType<T>(value))) {}
++
++ // Copy constructor.
++ template <typename Src>
++ constexpr CheckedNumericState(const CheckedNumericState<Src>& rhs)
++ : value_(WellDefinedConversionOrNaN(
++ rhs.value(),
++ rhs.is_valid() && IsValueInRangeForNumericType<T>(rhs.value()))) {}
++
++ constexpr bool is_valid() const {
++ // Written this way because std::isfinite is not reliably constexpr.
++ // TODO(jschuh): Fix this if the libraries ever get fixed.
++ return value_ <= std::numeric_limits<T>::max() &&
++ value_ >= std::numeric_limits<T>::lowest();
++ }
++ constexpr T value() const { return value_; }
++};
++
++template <template <typename, typename, typename> class M,
++ typename L,
++ typename R>
++struct MathWrapper {
++ using math = M<typename UnderlyingType<L>::type,
++ typename UnderlyingType<R>::type,
++ void>;
++ using type = typename math::result_type;
++};
++
++} // namespace internal
++} // namespace base
++} // namespace pdfium
++
++#endif // THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_IMPL_H_
+diff -Naur workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_shared_impl.h workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_shared_impl.h
+--- workdir/UnpackedTarball/pdfium/third_party/base/numerics/safe_math_shared_impl.h 2020-10-26 19:26:04.000000000 +0100
++++ workdir/UnpackedTarball/pdfium.4137/third_party/base/numerics/safe_math_shared_impl.h 1970-01-01 01:00:00.000000000 +0100
+@@ -1,242 +0,0 @@
+-// Copyright 2017 The Chromium Authors. All rights reserved.
+-// Use of this source code is governed by a BSD-style license that can be
+-// found in the LICENSE file.
+-
+-#ifndef THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_SHARED_IMPL_H_
+-#define THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_SHARED_IMPL_H_
+-
+-#include <stddef.h>
+-#include <stdint.h>
+-
+-#include <cassert>
+-#include <climits>
+-#include <cmath>
+-#include <cstdlib>
+-#include <limits>
+-#include <type_traits>
+-
+-#include "third_party/base/numerics/safe_conversions.h"
+-
+-#ifdef __asmjs__
+-// Optimized safe math instructions are incompatible with asmjs.
+-#define BASE_HAS_OPTIMIZED_SAFE_MATH (0)
+-// Where available use builtin math overflow support on Clang and GCC.
+-#elif !defined(__native_client__) && \
+- ((defined(__clang__) && \
+- ((__clang_major__ > 3) || \
+- (__clang_major__ == 3 && __clang_minor__ >= 4))) || \
+- (defined(__GNUC__) && __GNUC__ >= 5))
+-#include "third_party/base/numerics/safe_math_clang_gcc_impl.h"
+-#define BASE_HAS_OPTIMIZED_SAFE_MATH (1)
+-#else
+-#define BASE_HAS_OPTIMIZED_SAFE_MATH (0)
+-#endif
+-
+-namespace pdfium {
+-namespace base {
+-namespace internal {
+-
+-// These are the non-functioning boilerplate implementations of the optimized
+-// safe math routines.
+-#if !BASE_HAS_OPTIMIZED_SAFE_MATH
+-template <typename T, typename U>
+-struct CheckedAddFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr bool Do(T, U, V*) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<bool>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct CheckedSubFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr bool Do(T, U, V*) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<bool>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct CheckedMulFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr bool Do(T, U, V*) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<bool>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedAddFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedSubFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-
+-template <typename T, typename U>
+-struct ClampedMulFastOp {
+- static const bool is_supported = false;
+- template <typename V>
+- static constexpr V Do(T, U) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<V>();
+- }
+-};
+-
+-template <typename T>
+-struct ClampedNegFastOp {
+- static const bool is_supported = false;
+- static constexpr T Do(T) {
+- // Force a compile failure if instantiated.
+- return CheckOnFailure::template HandleFailure<T>();
+- }
+-};
+-#endif // BASE_HAS_OPTIMIZED_SAFE_MATH
+-#undef BASE_HAS_OPTIMIZED_SAFE_MATH
+-
+-// This is used for UnsignedAbs, where we need to support floating-point
+-// template instantiations even though we don't actually support the operations.
+-// However, there is no corresponding implementation of e.g. SafeUnsignedAbs,
+-// so the float versions will not compile.
+-template <typename Numeric,
+- bool IsInteger = std::is_integral<Numeric>::value,
+- bool IsFloat = std::is_floating_point<Numeric>::value>
+-struct UnsignedOrFloatForSize;
+-
+-template <typename Numeric>
+-struct UnsignedOrFloatForSize<Numeric, true, false> {
+- using type = typename std::make_unsigned<Numeric>::type;
+-};
+-
+-template <typename Numeric>
+-struct UnsignedOrFloatForSize<Numeric, false, true> {
+- using type = Numeric;
+-};
+-
+-// Wrap the unary operations to allow SFINAE when instantiating integrals versus
+-// floating points. These don't perform any overflow checking. Rather, they
+-// exhibit well-defined overflow semantics and rely on the caller to detect
+-// if an overflow occured.
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
+-constexpr T NegateWrapper(T value) {
+- using UnsignedT = typename std::make_unsigned<T>::type;
+- // This will compile to a NEG on Intel, and is normal negation on ARM.
+- return static_cast<T>(UnsignedT(0) - static_cast<UnsignedT>(value));
+-}
+-
+-template <
+- typename T,
+- typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
+-constexpr T NegateWrapper(T value) {
+- return -value;
+-}
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
+-constexpr typename std::make_unsigned<T>::type InvertWrapper(T value) {
+- return ~value;
+-}
+-
+-template <typename T,
+- typename std::enable_if<std::is_integral<T>::value>::type* = nullptr>
+-constexpr T AbsWrapper(T value) {
+- return static_cast<T>(SafeUnsignedAbs(value));
+-}
+-
+-template <
+- typename T,
+- typename std::enable_if<std::is_floating_point<T>::value>::type* = nullptr>
+-constexpr T AbsWrapper(T value) {
+- return value < 0 ? -value : value;
+-}
+-
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+-struct MathWrapper {
+- using math = M<typename UnderlyingType<L>::type,
+- typename UnderlyingType<R>::type,
+- void>;
+- using type = typename math::result_type;
+-};
+-
+-// These variadic templates work out the return types.
+-// TODO(jschuh): Rip all this out once we have C++14 non-trailing auto support.
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R,
+- typename... Args>
+-struct ResultType;
+-
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R>
+-struct ResultType<M, L, R> {
+- using type = typename MathWrapper<M, L, R>::type;
+-};
+-
+-template <template <typename, typename, typename> class M,
+- typename L,
+- typename R,
+- typename... Args>
+-struct ResultType {
+- using type =
+- typename ResultType<M, typename ResultType<M, L, R>::type, Args...>::type;
+-};
+-
+-// The following macros are just boilerplate for the standard arithmetic
+-// operator overloads and variadic function templates. A macro isn't the nicest
+-// solution, but it beats rewriting these over and over again.
+-#define BASE_NUMERIC_ARITHMETIC_VARIADIC(CLASS, CL_ABBR, OP_NAME) \
+- template <typename L, typename R, typename... Args> \
+- constexpr CLASS##Numeric< \
+- typename ResultType<CLASS##OP_NAME##Op, L, R, Args...>::type> \
+- CL_ABBR##OP_NAME(const L lhs, const R rhs, const Args... args) { \
+- return CL_ABBR##MathOp<CLASS##OP_NAME##Op, L, R, Args...>(lhs, rhs, \
+- args...); \
+- }
+-
+-#define BASE_NUMERIC_ARITHMETIC_OPERATORS(CLASS, CL_ABBR, OP_NAME, OP, CMP_OP) \
+- /* Binary arithmetic operator for all CLASS##Numeric operations. */ \
+- template <typename L, typename R, \
+- typename std::enable_if<Is##CLASS##Op<L, R>::value>::type* = \
+- nullptr> \
+- constexpr CLASS##Numeric< \
+- typename MathWrapper<CLASS##OP_NAME##Op, L, R>::type> \
+- operator OP(const L lhs, const R rhs) { \
+- return decltype(lhs OP rhs)::template MathOp<CLASS##OP_NAME##Op>(lhs, \
+- rhs); \
+- } \
+- /* Assignment arithmetic operator implementation from CLASS##Numeric. */ \
+- template <typename L> \
+- template <typename R> \
+- constexpr CLASS##Numeric<L>& CLASS##Numeric<L>::operator CMP_OP( \
+- const R rhs) { \
+- return MathOp<CLASS##OP_NAME##Op>(rhs); \
+- } \
+- /* Variadic arithmetic functions that return CLASS##Numeric. */ \
+- BASE_NUMERIC_ARITHMETIC_VARIADIC(CLASS, CL_ABBR, OP_NAME)
+-
+-} // namespace internal
+-} // namespace base
+-} // namespace pdfium
+-
+-#endif // THIRD_PARTY_BASE_NUMERICS_SAFE_MATH_SHARED_IMPL_H_
diff --git a/external/pdfium/ubsan.patch b/external/pdfium/ubsan.patch
index 91428326fc5d..8610e24f2828 100644
--- a/external/pdfium/ubsan.patch
+++ b/external/pdfium/ubsan.patch
@@ -1,18 +1,18 @@
---- core/fxcrt/string_data_template.h
-+++ core/fxcrt/string_data_template.h
-@@ -78,7 +78,8 @@
+--- core/fxcrt/string_data_template.cpp
++++ core/fxcrt/string_data_template.cpp
+@@ -82,7 +82,8 @@ void StringDataTemplate<CharType>::CopyContentsAt(size_t offset,
+ ASSERT(nLen >= 0);
+ ASSERT(offset + nLen <= m_nAllocLength);
- void CopyContentsAt(size_t offset, const CharType* pStr, size_t nLen) {
- ASSERT(offset >= 0 && nLen >= 0 && offset + nLen <= m_nAllocLength);
-- memcpy(m_String + offset, pStr, nLen * sizeof(CharType));
-+ if (nLen != 0)
-+ memcpy(m_String + offset, pStr, nLen * sizeof(CharType));
- m_String[offset + nLen] = 0;
- }
+- memcpy(m_String + offset, pStr, nLen * sizeof(CharType));
++ if (nLen != 0)
++ memcpy(m_String + offset, pStr, nLen * sizeof(CharType));
+ m_String[offset + nLen] = 0;
+ }
---- core/fxge/cfx_facecache.cpp
-+++ core/fxge/cfx_facecache.cpp
-@@ -183,7 +183,8 @@ std::unique_ptr<CFX_GlyphBitmap> CFX_FaceCache::RenderGlyph(
+--- core/fxge/cfx_glyphcache.cpp
++++ core/fxge/cfx_glyphcache.cpp
+@@ -183,7 +183,8 @@ std::unique_ptr<CFX_GlyphBitmap> CFX_GlyphCache::RenderGlyph(
}
}
} else {
diff --git a/external/pdfium/visibility.patch.1 b/external/pdfium/visibility.patch.1
deleted file mode 100644
index 04e89b38ab10..000000000000
--- a/external/pdfium/visibility.patch.1
+++ /dev/null
@@ -1,30 +0,0 @@
-diff --git a/public/fpdfview.h b/public/fpdfview.h
-index 1ff0aeb26..f48036f2b 100644
---- a/public/fpdfview.h
-+++ b/public/fpdfview.h
-@@ -129,14 +129,20 @@ typedef int FPDF_ANNOTATION_SUBTYPE;
- // Dictionary value types.
- typedef int FPDF_OBJECT_TYPE;
-
--#if defined(_WIN32) && defined(FPDFSDK_EXPORTS)
--// On Windows system, functions are exported in a DLL
-+#if defined(PDFIUM_DLLIMPLEMENTATION)
-+#ifdef _WIN32
- #define FPDF_EXPORT __declspec(dllexport)
--#define FPDF_CALLCONV __stdcall
- #else
--#define FPDF_EXPORT
--#define FPDF_CALLCONV
-+#define FPDF_EXPORT __attribute__ ((visibility("default")))
-+#endif
-+#else
-+#ifdef _WIN32
-+#define FPDF_EXPORT __declspec(dllimport)
-+#else
-+#define FPDF_EXPORT __attribute__ ((visibility("default")))
- #endif
-+#endif
-+#define FPDF_CALLCONV
-
- // Exported Functions
- #ifdef __cplusplus
diff --git a/external/pdfium/windows7.patch.1 b/external/pdfium/windows7.patch.1
new file mode 100644
index 000000000000..d33f273ff4ca
--- /dev/null
+++ b/external/pdfium/windows7.patch.1
@@ -0,0 +1,34 @@
+diff --git a/third_party/base/win/win_util.cc b/third_party/base/win/win_util.cc
+index ae2dba84d..7a3718848 100644
+--- a/third_party/base/win/win_util.cc
++++ b/third_party/base/win/win_util.cc
+@@ -12,28 +12,7 @@ namespace base {
+ namespace win {
+
+ bool IsUser32AndGdi32Available() {
+- static auto is_user32_and_gdi32_available = []() {
+- // If win32k syscalls aren't disabled, then user32 and gdi32 are available.
+-
+- typedef decltype(
+- GetProcessMitigationPolicy)* GetProcessMitigationPolicyType;
+- GetProcessMitigationPolicyType get_process_mitigation_policy_func =
+- reinterpret_cast<GetProcessMitigationPolicyType>(GetProcAddress(
+- GetModuleHandle(L"kernel32.dll"), "GetProcessMitigationPolicy"));
+-
+- if (!get_process_mitigation_policy_func)
+- return true;
+-
+- PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {};
+- if (get_process_mitigation_policy_func(GetCurrentProcess(),
+- ProcessSystemCallDisablePolicy,
+- &policy, sizeof(policy))) {
+- return policy.DisallowWin32kSystemCalls == 0;
+- }
+-
+- return true;
+- }();
+- return is_user32_and_gdi32_available;
++ return true;
+ }
+
+ } // namespace win
diff --git a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
deleted file mode 100644
index b459a0a0bef7..000000000000
--- a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
+++ /dev/null
@@ -1,27 +0,0 @@
-From f4136a6353162db249f63ddb0f20611622ab61b4 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Wed, 27 Feb 2019 19:43:22 +0100
-Subject: [PATCH] ImageStream::getLine: fix crash on broken files
-
-Fixes #728
----
- poppler/Stream.cc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/poppler/Stream.cc b/poppler/Stream.cc
-index 33537b0e..a41435ab 100644
---- a/poppler/Stream.cc
-+++ b/poppler/Stream.cc
-@@ -496,6 +496,9 @@ unsigned char *ImageStream::getLine() {
- }
-
- int readChars = str->doGetChars(inputLineSize, inputLine);
-+ if (unlikely(readChars == -1)) {
-+ readChars = 0;
-+ }
- for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF;
- if (nBits == 1) {
- unsigned char *p = inputLine;
---
-2.20.1
-
diff --git a/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 b/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1
new file mode 100644
index 000000000000..05b2346d131f
--- /dev/null
+++ b/external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1
@@ -0,0 +1,999 @@
+[PATCH] Partially revert 814fbda28cc8a37fed3134c2db8da28f86fb5ee0
+
+"Run clang-format" in poppler/Decrypt.cc
+---
+ poppler/Decrypt.cc | 848 +++++++++++++++++++++++----------------------
+ 1 file changed, 437 insertions(+), 411 deletions(-)
+
+diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
+index 62b11702..4b388ab9 100644
+--- a/poppler/Decrypt.cc
++++ b/poppler/Decrypt.cc
+@@ -599,139 +599,167 @@ static unsigned char rc4DecryptByte(unsigned char *state, unsigned char *x, unsi
+ // Returns false if EOF was reached, true otherwise
+ static bool aesReadBlock(Stream *str, unsigned char *in, bool addPadding)
+ {
+- int c, i;
++ int c, i;
+
+- for (i = 0; i < 16; ++i) {
+- if ((c = str->getChar()) != EOF) {
+- in[i] = (unsigned char)c;
+- } else {
+- break;
+- }
++ for (i = 0; i < 16; ++i) {
++ if ((c = str->getChar()) != EOF) {
++ in[i] = (unsigned char)c;
++ } else {
++ break;
+ }
++ }
+
+- if (i == 16) {
+- return true;
+- } else {
+- if (addPadding) {
+- c = 16 - i;
+- while (i < 16) {
+- in[i++] = (unsigned char)c;
+- }
+- }
+- return false;
++ if (i == 16) {
++ return true;
++ } else {
++ if (addPadding) {
++ c = 16 - i;
++ while (i < 16) {
++ in[i++] = (unsigned char)c;
++ }
+ }
++ return false;
++ }
+ }
+
+-static const unsigned char sbox[256] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };
+-
+-static const unsigned char invSbox[256] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };
+-
+-static const unsigned int rcon[11] = { 0x00000000, // unused
+- 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 };
+-
+-static inline unsigned int subWord(unsigned int x)
+-{
+- return (sbox[x >> 24] << 24) | (sbox[(x >> 16) & 0xff] << 16) | (sbox[(x >> 8) & 0xff] << 8) | sbox[x & 0xff];
+-}
++static const unsigned char sbox[256] = {
++ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
++ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
++ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
++ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
++ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
++ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
++ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
++ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
++ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
++ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
++ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
++ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
++ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
++ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
++ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
++ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
++};
+
+-static inline unsigned int rotWord(unsigned int x)
+-{
+- return ((x << 8) & 0xffffffff) | (x >> 24);
+-}
++static const unsigned char invSbox[256] = {
++ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
++ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
++ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
++ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
++ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
++ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
++ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
++ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
++ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
++ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
++ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
++ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
++ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
++ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
++ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
++ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
++};
+
+-static inline void subBytes(unsigned char *state)
+-{
+- int i;
++static const unsigned int rcon[11] = {
++ 0x00000000, // unused
++ 0x01000000,
++ 0x02000000,
++ 0x04000000,
++ 0x08000000,
++ 0x10000000,
++ 0x20000000,
++ 0x40000000,
++ 0x80000000,
++ 0x1b000000,
++ 0x36000000
++};
+
+- for (i = 0; i < 16; ++i) {
+- state[i] = sbox[state[i]];
+- }
++static inline unsigned int subWord(unsigned int x) {
++ return (sbox[x >> 24] << 24)
++ | (sbox[(x >> 16) & 0xff] << 16)
++ | (sbox[(x >> 8) & 0xff] << 8)
++ | sbox[x & 0xff];
+ }
+
+-static inline void invSubBytes(unsigned char *state)
+-{
+- int i;
++static inline unsigned int rotWord(unsigned int x) {
++ return ((x << 8) & 0xffffffff) | (x >> 24);
++}
+
+- for (i = 0; i < 16; ++i) {
+- state[i] = invSbox[state[i]];
+- }
++static inline void subBytes(unsigned char *state) {
++ int i;
++
++ for (i = 0; i < 16; ++i) {
++ state[i] = sbox[state[i]];
++ }
+ }
+
+-static inline void shiftRows(unsigned char *state)
+-{
+- unsigned char t;
++static inline void invSubBytes(unsigned char *state) {
++ int i;
+
+- t = state[4];
+- state[4] = state[5];
+- state[5] = state[6];
+- state[6] = state[7];
+- state[7] = t;
+-
+- t = state[8];
+- state[8] = state[10];
+- state[10] = t;
+- t = state[9];
+- state[9] = state[11];
+- state[11] = t;
+-
+- t = state[15];
+- state[15] = state[14];
+- state[14] = state[13];
+- state[13] = state[12];
+- state[12] = t;
++ for (i = 0; i < 16; ++i) {
++ state[i] = invSbox[state[i]];
++ }
+ }
+
+-static inline void invShiftRows(unsigned char *state)
+-{
+- unsigned char t;
++static inline void shiftRows(unsigned char *state) {
++ unsigned char t;
++
++ t = state[4];
++ state[4] = state[5];
++ state[5] = state[6];
++ state[6] = state[7];
++ state[7] = t;
++
++ t = state[8];
++ state[8] = state[10];
++ state[10] = t;
++ t = state[9];
++ state[9] = state[11];
++ state[11] = t;
++
++ t = state[15];
++ state[15] = state[14];
++ state[14] = state[13];
++ state[13] = state[12];
++ state[12] = t;
++}
+
+- t = state[7];
+- state[7] = state[6];
+- state[6] = state[5];
+- state[5] = state[4];
+- state[4] = t;
+-
+- t = state[8];
+- state[8] = state[10];
+- state[10] = t;
+- t = state[9];
+- state[9] = state[11];
+- state[11] = t;
+-
+- t = state[12];
+- state[12] = state[13];
+- state[13] = state[14];
+- state[14] = state[15];
+- state[15] = t;
++static inline void invShiftRows(unsigned char *state) {
++ unsigned char t;
++
++ t = state[7];
++ state[7] = state[6];
++ state[6] = state[5];
++ state[5] = state[4];
++ state[4] = t;
++
++ t = state[8];
++ state[8] = state[10];
++ state[10] = t;
++ t = state[9];
++ state[9] = state[11];
++ state[11] = t;
++
++ t = state[12];
++ state[12] = state[13];
++ state[13] = state[14];
++ state[14] = state[15];
++ state[15] = t;
+ }
+
+ // {02} \cdot s
+ struct Mul02Table
+ {
+- constexpr Mul02Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- values[s] = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- }
++ constexpr Mul02Table() : values()
++ {
++ for(int s = 0; s < 256; s++) {
++ values[s] = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul02Table mul02;
+@@ -739,17 +767,17 @@ static constexpr Mul02Table mul02;
+ // {03} \cdot s
+ struct Mul03Table
+ {
+- constexpr Mul03Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- values[s] = s ^ s2;
+- }
++ constexpr Mul03Table() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ values[s] = s ^ s2;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul03Table mul03;
+@@ -757,19 +785,19 @@ static constexpr Mul03Table mul03;
+ // {09} \cdot s
+ struct Mul09Table
+ {
+- constexpr Mul09Table() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s8;
+- }
++ constexpr Mul09Table() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul09Table mul09;
+@@ -777,19 +805,19 @@ static constexpr Mul09Table mul09;
+ // {0b} \cdot s
+ struct Mul0bTable
+ {
+- constexpr Mul0bTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s2 ^ s8;
+- }
++ constexpr Mul0bTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s2 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0bTable mul0b;
+@@ -797,19 +825,19 @@ static constexpr Mul0bTable mul0b;
+ // {0d} \cdot s
+ struct Mul0dTable
+ {
+- constexpr Mul0dTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s4 ^ s8;
+- }
++ constexpr Mul0dTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s ^ s4 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0dTable mul0d;
+@@ -817,329 +845,327 @@ static constexpr Mul0dTable mul0d;
+ // {0e} \cdot s
+ struct Mul0eTable
+ {
+- constexpr Mul0eTable() : values()
+- {
+- for (int s = 0; s < 256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s2 ^ s4 ^ s8;
+- }
++ constexpr Mul0eTable() : values()
++ {
++ for(int s=0; s<256; s++) {
++ const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ values[s] = s2 ^ s4 ^ s8;
+ }
++ }
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++ constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+
+- unsigned char values[256];
++ unsigned char values[256];
+ };
+
+ static constexpr Mul0eTable mul0e;
+
+-static inline void mixColumns(unsigned char *state)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = state[c];
+- s1 = state[4 + c];
+- s2 = state[8 + c];
+- s3 = state[12 + c];
+- state[c] = mul02(s0) ^ mul03(s1) ^ s2 ^ s3;
+- state[4 + c] = s0 ^ mul02(s1) ^ mul03(s2) ^ s3;
+- state[8 + c] = s0 ^ s1 ^ mul02(s2) ^ mul03(s3);
+- state[12 + c] = mul03(s0) ^ s1 ^ s2 ^ mul02(s3);
+- }
++static inline void mixColumns(unsigned char *state) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = state[c];
++ s1 = state[4+c];
++ s2 = state[8+c];
++ s3 = state[12+c];
++ state[c] = mul02(s0) ^ mul03(s1) ^ s2 ^ s3;
++ state[4+c] = s0 ^ mul02(s1) ^ mul03(s2) ^ s3;
++ state[8+c] = s0 ^ s1 ^ mul02(s2) ^ mul03(s3);
++ state[12+c] = mul03(s0) ^ s1 ^ s2 ^ mul02(s3);
++ }
+ }
+
+-static inline void invMixColumns(unsigned char *state)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = state[c];
+- s1 = state[4 + c];
+- s2 = state[8 + c];
+- s3 = state[12 + c];
+- state[c] = mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3);
+- state[4 + c] = mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3);
+- state[8 + c] = mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3);
+- state[12 + c] = mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3);
+- }
++static inline void invMixColumns(unsigned char *state) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = state[c];
++ s1 = state[4+c];
++ s2 = state[8+c];
++ s3 = state[12+c];
++ state[c] = mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3);
++ state[4+c] = mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3);
++ state[8+c] = mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3);
++ state[12+c] = mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3);
++ }
+ }
+
+-static inline void invMixColumnsW(unsigned int *w)
+-{
+- int c;
+- unsigned char s0, s1, s2, s3;
+-
+- for (c = 0; c < 4; ++c) {
+- s0 = w[c] >> 24;
+- s1 = w[c] >> 16;
+- s2 = w[c] >> 8;
+- s3 = w[c];
+- w[c] = ((mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3)) << 24) | ((mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3)) << 16) | ((mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3)) << 8) | (mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3));
+- }
++static inline void invMixColumnsW(unsigned int *w) {
++ int c;
++ unsigned char s0, s1, s2, s3;
++
++ for (c = 0; c < 4; ++c) {
++ s0 = w[c] >> 24;
++ s1 = w[c] >> 16;
++ s2 = w[c] >> 8;
++ s3 = w[c];
++ w[c] = ((mul0e(s0) ^ mul0b(s1) ^ mul0d(s2) ^ mul09(s3)) << 24)
++ | ((mul09(s0) ^ mul0e(s1) ^ mul0b(s2) ^ mul0d(s3)) << 16)
++ | ((mul0d(s0) ^ mul09(s1) ^ mul0e(s2) ^ mul0b(s3)) << 8)
++ | (mul0b(s0) ^ mul0d(s1) ^ mul09(s2) ^ mul0e(s3));
++ }
+ }
+
+-static inline void addRoundKey(unsigned char *state, const unsigned int *w)
+-{
+- int c;
++static inline void addRoundKey(unsigned char *state, const unsigned int *w) {
++ int c;
+
+- for (c = 0; c < 4; ++c) {
+- state[c] ^= w[c] >> 24;
+- state[4 + c] ^= w[c] >> 16;
+- state[8 + c] ^= w[c] >> 8;
+- state[12 + c] ^= w[c];
+- }
++ for (c = 0; c < 4; ++c) {
++ state[c] ^= w[c] >> 24;
++ state[4+c] ^= w[c] >> 16;
++ state[8+c] ^= w[c] >> 8;
++ state[12+c] ^= w[c];
++ }
+ }
+
+-static void aesKeyExpansion(DecryptAESState *s, const unsigned char *objKey, int /*objKeyLen*/, bool decrypt)
+-{
+- unsigned int temp;
+- int i, round;
++static void aesKeyExpansion(DecryptAESState *s,
++ const unsigned char *objKey, int /*objKeyLen*/, bool decrypt) {
++ unsigned int temp;
++ int i, round;
+
+- //~ this assumes objKeyLen == 16
++ //~ this assumes objKeyLen == 16
+
+- for (i = 0; i < 4; ++i) {
+- s->w[i] = (objKey[4 * i] << 24) + (objKey[4 * i + 1] << 16) + (objKey[4 * i + 2] << 8) + objKey[4 * i + 3];
+- }
+- for (i = 4; i < 44; ++i) {
+- temp = s->w[i - 1];
+- if (!(i & 3)) {
+- temp = subWord(rotWord(temp)) ^ rcon[i / 4];
+- }
+- s->w[i] = s->w[i - 4] ^ temp;
++ for (i = 0; i < 4; ++i) {
++ s->w[i] = (objKey[4*i] << 24) + (objKey[4*i+1] << 16) +
++ (objKey[4*i+2] << 8) + objKey[4*i+3];
++ }
++ for (i = 4; i < 44; ++i) {
++ temp = s->w[i-1];
++ if (!(i & 3)) {
++ temp = subWord(rotWord(temp)) ^ rcon[i/4];
+ }
++ s->w[i] = s->w[i-4] ^ temp;
++ }
+
+- /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
+- if (decrypt) {
+- for (round = 1; round <= 9; ++round) {
+- invMixColumnsW(&s->w[round * 4]);
+- }
++ /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
++ if (decrypt) {
++ for (round = 1; round <= 9; ++round) {
++ invMixColumnsW(&s->w[round * 4]);
+ }
++ }
+ }
+
+-static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in)
+-{
+- int c, round;
+-
+- // initial state (input is xor'd with previous output because of CBC)
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c] ^ s->buf[4 * c];
+- s->state[4 + c] = in[4 * c + 1] ^ s->buf[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2] ^ s->buf[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3] ^ s->buf[4 * c + 3];
+- }
++static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in) {
++ int c, round;
+
+- // round 0
+- addRoundKey(s->state, &s->w[0]);
++ // initial state (input is xor'd with previous output because of CBC)
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c] ^ s->buf[4*c];
++ s->state[4+c] = in[4*c+1] ^ s->buf[4*c+1];
++ s->state[8+c] = in[4*c+2] ^ s->buf[4*c+2];
++ s->state[12+c] = in[4*c+3] ^ s->buf[4*c+3];
++ }
+
+- // rounds 1-9
+- for (round = 1; round <= 9; ++round) {
+- subBytes(s->state);
+- shiftRows(s->state);
+- mixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[0]);
+
+- // round 10
++ // rounds 1-9
++ for (round = 1; round <= 9; ++round) {
+ subBytes(s->state);
+ shiftRows(s->state);
+- addRoundKey(s->state, &s->w[10 * 4]);
+-
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c];
+- s->buf[4 * c + 1] = s->state[4 + c];
+- s->buf[4 * c + 2] = s->state[8 + c];
+- s->buf[4 * c + 3] = s->state[12 + c];
+- }
+-
+- s->bufIdx = 0;
++ mixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 10
++ subBytes(s->state);
++ shiftRows(s->state);
++ addRoundKey(s->state, &s->w[10 * 4]);
++
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c];
++ s->buf[4*c+1] = s->state[4+c];
++ s->buf[4*c+2] = s->state[8+c];
++ s->buf[4*c+3] = s->state[12+c];
++ }
++
++ s->bufIdx = 0;
+ }
+
+-static void aesDecryptBlock(DecryptAESState *s, const unsigned char *in, bool last)
+-{
+- int c, round, n, i;
+-
+- // initial state
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c];
+- s->state[4 + c] = in[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3];
+- }
++static void aesDecryptBlock(DecryptAESState *s, const unsigned char *in, bool last) {
++ int c, round, n, i;
+
+- // round 0
+- addRoundKey(s->state, &s->w[10 * 4]);
++ // initial state
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c];
++ s->state[4+c] = in[4*c+1];
++ s->state[8+c] = in[4*c+2];
++ s->state[12+c] = in[4*c+3];
++ }
+
+- // rounds 1-9
+- for (round = 9; round >= 1; --round) {
+- invSubBytes(s->state);
+- invShiftRows(s->state);
+- invMixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[10 * 4]);
+
+- // round 10
++ // rounds 1-9
++ for (round = 9; round >= 1; --round) {
+ invSubBytes(s->state);
+ invShiftRows(s->state);
+- addRoundKey(s->state, &s->w[0]);
+-
+- // CBC
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c] ^ s->cbc[4 * c];
+- s->buf[4 * c + 1] = s->state[4 + c] ^ s->cbc[4 * c + 1];
+- s->buf[4 * c + 2] = s->state[8 + c] ^ s->cbc[4 * c + 2];
+- s->buf[4 * c + 3] = s->state[12 + c] ^ s->cbc[4 * c + 3];
+- }
+-
+- // save the input block for the next CBC
+- for (i = 0; i < 16; ++i) {
+- s->cbc[i] = in[i];
+- }
+-
+- // remove padding
+- s->bufIdx = 0;
+- if (last) {
+- n = s->buf[15];
+- if (n < 1 || n > 16) { // this should never happen
+- n = 16;
+- }
+- for (i = 15; i >= n; --i) {
+- s->buf[i] = s->buf[i - n];
+- }
+- s->bufIdx = n;
+- }
++ invMixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 10
++ invSubBytes(s->state);
++ invShiftRows(s->state);
++ addRoundKey(s->state, &s->w[0]);
++
++ // CBC
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c] ^ s->cbc[4*c];
++ s->buf[4*c+1] = s->state[4+c] ^ s->cbc[4*c+1];
++ s->buf[4*c+2] = s->state[8+c] ^ s->cbc[4*c+2];
++ s->buf[4*c+3] = s->state[12+c] ^ s->cbc[4*c+3];
++ }
++
++ // save the input block for the next CBC
++ for (i = 0; i < 16; ++i) {
++ s->cbc[i] = in[i];
++ }
++
++ // remove padding
++ s->bufIdx = 0;
++ if (last) {
++ n = s->buf[15];
++ if (n < 1 || n > 16) { // this should never happen
++ n = 16;
++ }
++ for (i = 15; i >= n; --i) {
++ s->buf[i] = s->buf[i-n];
++ }
++ s->bufIdx = n;
++ }
+ }
+
+ //------------------------------------------------------------------------
+ // AES-256 decryption
+ //------------------------------------------------------------------------
+
+-static void aes256KeyExpansion(DecryptAES256State *s, const unsigned char *objKey, int objKeyLen, bool decrypt)
+-{
+- unsigned int temp;
+- int i, round;
+-
+- //~ this assumes objKeyLen == 32
+-
+- for (i = 0; i < 8; ++i) {
+- s->w[i] = (objKey[4 * i] << 24) + (objKey[4 * i + 1] << 16) + (objKey[4 * i + 2] << 8) + objKey[4 * i + 3];
+- }
+- for (i = 8; i < 60; ++i) {
+- temp = s->w[i - 1];
+- if ((i & 7) == 0) {
+- temp = subWord(rotWord(temp)) ^ rcon[i / 8];
+- } else if ((i & 7) == 4) {
+- temp = subWord(temp);
+- }
+- s->w[i] = s->w[i - 8] ^ temp;
+- }
+-
+- /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
+- if (decrypt) {
+- for (round = 1; round <= 13; ++round) {
+- invMixColumnsW(&s->w[round * 4]);
+- }
++static void aes256KeyExpansion(DecryptAES256State *s,
++ const unsigned char *objKey, int objKeyLen, bool decrypt) {
++ unsigned int temp;
++ int i, round;
++
++ //~ this assumes objKeyLen == 32
++
++ for (i = 0; i < 8; ++i) {
++ s->w[i] = (objKey[4*i] << 24) + (objKey[4*i+1] << 16) +
++ (objKey[4*i+2] << 8) + objKey[4*i+3];
++ }
++ for (i = 8; i < 60; ++i) {
++ temp = s->w[i-1];
++ if ((i & 7) == 0) {
++ temp = subWord(rotWord(temp)) ^ rcon[i/8];
++ } else if ((i & 7) == 4) {
++ temp = subWord(temp);
++ }
++ s->w[i] = s->w[i-8] ^ temp;
++ }
++
++ /* In case of decryption, adjust the key schedule for the equivalent inverse cipher */
++ if (decrypt) {
++ for (round = 1; round <= 13; ++round) {
++ invMixColumnsW(&s->w[round * 4]);
+ }
++ }
+ }
+
+-static void aes256EncryptBlock(DecryptAES256State *s, const unsigned char *in)
+-{
+- int c, round;
+-
+- // initial state (input is xor'd with previous output because of CBC)
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c] ^ s->buf[4 * c];
+- s->state[4 + c] = in[4 * c + 1] ^ s->buf[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2] ^ s->buf[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3] ^ s->buf[4 * c + 3];
+- }
++static void aes256EncryptBlock(DecryptAES256State *s, const unsigned char *in) {
++ int c, round;
+
+- // round 0
+- addRoundKey(s->state, &s->w[0]);
++ // initial state (input is xor'd with previous output because of CBC)
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c] ^ s->buf[4*c];
++ s->state[4+c] = in[4*c+1] ^ s->buf[4*c+1];
++ s->state[8+c] = in[4*c+2] ^ s->buf[4*c+2];
++ s->state[12+c] = in[4*c+3] ^ s->buf[4*c+3];
++ }
+
+- // rounds 1-13
+- for (round = 1; round <= 13; ++round) {
+- subBytes(s->state);
+- shiftRows(s->state);
+- mixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[0]);
+
+- // round 14
++ // rounds 1-13
++ for (round = 1; round <= 13; ++round) {
+ subBytes(s->state);
+ shiftRows(s->state);
+- addRoundKey(s->state, &s->w[14 * 4]);
+-
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c];
+- s->buf[4 * c + 1] = s->state[4 + c];
+- s->buf[4 * c + 2] = s->state[8 + c];
+- s->buf[4 * c + 3] = s->state[12 + c];
+- }
+-
+- s->bufIdx = 0;
++ mixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 14
++ subBytes(s->state);
++ shiftRows(s->state);
++ addRoundKey(s->state, &s->w[14 * 4]);
++
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c];
++ s->buf[4*c+1] = s->state[4+c];
++ s->buf[4*c+2] = s->state[8+c];
++ s->buf[4*c+3] = s->state[12+c];
++ }
++
++ s->bufIdx = 0;
+ }
+
+-static void aes256DecryptBlock(DecryptAES256State *s, const unsigned char *in, bool last)
+-{
+- int c, round, n, i;
+-
+- // initial state
+- for (c = 0; c < 4; ++c) {
+- s->state[c] = in[4 * c];
+- s->state[4 + c] = in[4 * c + 1];
+- s->state[8 + c] = in[4 * c + 2];
+- s->state[12 + c] = in[4 * c + 3];
+- }
++static void aes256DecryptBlock(DecryptAES256State *s, const unsigned char *in, bool last) {
++ int c, round, n, i;
+
+- // round 0
+- addRoundKey(s->state, &s->w[14 * 4]);
++ // initial state
++ for (c = 0; c < 4; ++c) {
++ s->state[c] = in[4*c];
++ s->state[4+c] = in[4*c+1];
++ s->state[8+c] = in[4*c+2];
++ s->state[12+c] = in[4*c+3];
++ }
+
+- // rounds 13-1
+- for (round = 13; round >= 1; --round) {
+- invSubBytes(s->state);
+- invShiftRows(s->state);
+- invMixColumns(s->state);
+- addRoundKey(s->state, &s->w[round * 4]);
+- }
++ // round 0
++ addRoundKey(s->state, &s->w[14 * 4]);
+
+- // round 14
++ // rounds 13-1
++ for (round = 13; round >= 1; --round) {
+ invSubBytes(s->state);
+ invShiftRows(s->state);
+- addRoundKey(s->state, &s->w[0]);
+-
+- // CBC
+- for (c = 0; c < 4; ++c) {
+- s->buf[4 * c] = s->state[c] ^ s->cbc[4 * c];
+- s->buf[4 * c + 1] = s->state[4 + c] ^ s->cbc[4 * c + 1];
+- s->buf[4 * c + 2] = s->state[8 + c] ^ s->cbc[4 * c + 2];
+- s->buf[4 * c + 3] = s->state[12 + c] ^ s->cbc[4 * c + 3];
+- }
+-
+- // save the input block for the next CBC
+- for (i = 0; i < 16; ++i) {
+- s->cbc[i] = in[i];
+- }
+-
+- // remove padding
+- s->bufIdx = 0;
+- if (last) {
+- n = s->buf[15];
+- if (n < 1 || n > 16) { // this should never happen
+- n = 16;
+- }
+- for (i = 15; i >= n; --i) {
+- s->buf[i] = s->buf[i - n];
+- }
+- s->bufIdx = n;
+- if (n > 16) {
+- error(errSyntaxError, -1, "Reducing bufIdx from {0:d} to 16 to not crash", n);
+- s->bufIdx = 16;
+- }
++ invMixColumns(s->state);
++ addRoundKey(s->state, &s->w[round * 4]);
++ }
++
++ // round 14
++ invSubBytes(s->state);
++ invShiftRows(s->state);
++ addRoundKey(s->state, &s->w[0]);
++
++ // CBC
++ for (c = 0; c < 4; ++c) {
++ s->buf[4*c] = s->state[c] ^ s->cbc[4*c];
++ s->buf[4*c+1] = s->state[4+c] ^ s->cbc[4*c+1];
++ s->buf[4*c+2] = s->state[8+c] ^ s->cbc[4*c+2];
++ s->buf[4*c+3] = s->state[12+c] ^ s->cbc[4*c+3];
++ }
++
++ // save the input block for the next CBC
++ for (i = 0; i < 16; ++i) {
++ s->cbc[i] = in[i];
++ }
++
++ // remove padding
++ s->bufIdx = 0;
++ if (last) {
++ n = s->buf[15];
++ if (n < 1 || n > 16) { // this should never happen
++ n = 16;
++ }
++ for (i = 15; i >= n; --i) {
++ s->buf[i] = s->buf[i-n];
++ }
++ s->bufIdx = n;
++ if (n > 16)
++ {
++ error(errSyntaxError, -1, "Reducing bufIdx from {0:d} to 16 to not crash", n);
++ s->bufIdx = 16;
+ }
++ }
+ }
+
+ //------------------------------------------------------------------------
+--
+2.29.2
+
diff --git a/external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1 b/external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1
new file mode 100644
index 000000000000..26fdc10dec50
--- /dev/null
+++ b/external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1
@@ -0,0 +1,169 @@
+Revert "Make the mul tables be calculated at compile time with constexpr"
+
+This reverts commit e0ef346c0f669140076c4cf443f07ea0770996da.
+---
+ poppler/Decrypt.cc | 134 ++++++++++++---------------------------------
+ 1 file changed, 35 insertions(+), 99 deletions(-)
+
+diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
+index 57945778..f5062929 100644
+--- a/poppler/Decrypt.cc
++++ b/poppler/Decrypt.cc
+@@ -763,119 +763,55 @@ static inline void invShiftRows(unsigned char *state) {
+ }
+
+ // {02} \cdot s
+-struct Mul02Table
+-{
+- constexpr Mul02Table() : values()
+- {
+- for(int s = 0; s < 256; s++) {
+- values[s] = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- }
+- }
+-
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+-
+- unsigned char values[256];
+-};
+-
+-static constexpr Mul02Table mul02;
++static inline unsigned char mul02(unsigned char s) {
++ return (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++}
+
+ // {03} \cdot s
+-struct Mul03Table
+-{
+- constexpr Mul03Table() : values()
+- {
+- for(int s=0; s<256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- values[s] = s ^ s2;
+- }
+- }
+-
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+-
+- unsigned char values[256];
+-};
+-
+-static constexpr Mul03Table mul03;
++static inline unsigned char mul03(unsigned char s) {
++ unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ return s ^ s2;
++}
+
+ // {09} \cdot s
+-struct Mul09Table
+-{
+- constexpr Mul09Table() : values()
+- {
+- for(int s=0; s<256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s8;
+- }
+- }
+-
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+-
+- unsigned char values[256];
+-};
++static inline unsigned char mul09(unsigned char s) {
++ unsigned char s2, s4, s8;
+
+-static constexpr Mul09Table mul09;
++ s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ return s ^ s8;
++}
+
+ // {0b} \cdot s
+-struct Mul0bTable
+-{
+- constexpr Mul0bTable() : values()
+- {
+- for(int s=0; s<256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s2 ^ s8;
+- }
+- }
+-
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++static inline unsigned char mul0b(unsigned char s) {
++ unsigned char s2, s4, s8;
+
+- unsigned char values[256];
+-};
+-
+-static constexpr Mul0bTable mul0b;
++ s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ return s ^ s2 ^ s8;
++}
+
+ // {0d} \cdot s
+-struct Mul0dTable
+-{
+- constexpr Mul0dTable() : values()
+- {
+- for(int s=0; s<256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s ^ s4 ^ s8;
+- }
+- }
++static inline unsigned char mul0d(unsigned char s) {
++ unsigned char s2, s4, s8;
+
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
+-
+- unsigned char values[256];
+-};
+-
+-static constexpr Mul0dTable mul0d;
++ s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ return s ^ s4 ^ s8;
++}
+
+ // {0e} \cdot s
+-struct Mul0eTable
+-{
+- constexpr Mul0eTable() : values()
+- {
+- for(int s=0; s<256; s++) {
+- const unsigned char s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
+- const unsigned char s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
+- const unsigned char s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
+- values[s] = s2 ^ s4 ^ s8;
+- }
+- }
+-
+- constexpr unsigned char operator()(uint8_t i) const { return values[i]; }
++static inline unsigned char mul0e(unsigned char s) {
++ unsigned char s2, s4, s8;
+
+- unsigned char values[256];
+-};
+-
+-static constexpr Mul0eTable mul0e;
++ s2 = (s & 0x80) ? ((s << 1) ^ 0x1b) : (s << 1);
++ s4 = (s2 & 0x80) ? ((s2 << 1) ^ 0x1b) : (s2 << 1);
++ s8 = (s4 & 0x80) ? ((s4 << 1) ^ 0x1b) : (s4 << 1);
++ return s2 ^ s4 ^ s8;
++}
+
+ static inline void mixColumns(unsigned char *state) {
+ int c;
+--
+2.21.0
+
diff --git a/external/poppler/StaticLibrary_poppler.mk b/external/poppler/StaticLibrary_poppler.mk
index aa5ed693eb22..994b175fee6e 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -51,11 +51,27 @@ endif
$(eval $(call gb_StaticLibrary_set_generated_cxx_suffix,poppler,cc))
+$(eval $(call gb_StaticLibrary_add_generated_cobjects,poppler,\
+ UnpackedTarball/poppler/poppler/CourierWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/SymbolWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesRomanWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/ZapfDingbatsWidths.pregenerated \
+))
+
$(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/goo/gfile \
UnpackedTarball/poppler/goo/GooTimer \
UnpackedTarball/poppler/goo/GooString \
- UnpackedTarball/poppler/goo/FixedPoint \
UnpackedTarball/poppler/goo/NetPBMWriter \
UnpackedTarball/poppler/goo/PNGWriter \
UnpackedTarball/poppler/goo/TiffWriter \
@@ -73,8 +89,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
UnpackedTarball/poppler/poppler/Array \
- UnpackedTarball/poppler/poppler/BuiltinFont \
- UnpackedTarball/poppler/poppler/BuiltinFontTables \
+ UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
UnpackedTarball/poppler/poppler/Catalog \
UnpackedTarball/poppler/poppler/CertificateInfo \
@@ -96,6 +111,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Hints \
UnpackedTarball/poppler/poppler/JArithmeticDecoder \
UnpackedTarball/poppler/poppler/JBIG2Stream \
+ UnpackedTarball/poppler/poppler/JSInfo \
UnpackedTarball/poppler/poppler/Lexer \
UnpackedTarball/poppler/poppler/Link \
UnpackedTarball/poppler/poppler/Linearization \
@@ -110,6 +126,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/PageTransition \
UnpackedTarball/poppler/poppler/Parser \
UnpackedTarball/poppler/poppler/PDFDoc \
+ UnpackedTarball/poppler/poppler/PDFDocBuilder \
UnpackedTarball/poppler/poppler/PDFDocEncoding \
UnpackedTarball/poppler/poppler/PDFDocFactory \
UnpackedTarball/poppler/poppler/ProfileData \
diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk
index 151fa5d0444f..0f29d38e097c 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -14,7 +14,8 @@ $(eval $(call gb_UnpackedTarball_set_tarball,poppler,$(POPPLER_TARBALL),,poppler
$(eval $(call gb_UnpackedTarball_add_patches,poppler,\
external/poppler/poppler-config.patch.1 \
external/poppler/poppler-c++11.patch.1 \
- external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 \
+ external/poppler/0001-Partially-revert-814fbda28cc8a37fed3134c2db8da28f86f.patch.1 \
+ external/poppler/0001-Revert-Make-the-mul-tables-be-calculated-at-compile-.patch.1 \
))
# std::make_unique is only available in C++14
@@ -23,7 +24,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,poppler,\
# be happy with std::make_unique so just skip it
ifneq ($(OS_FOR_BUILD),MACOSX)
$(eval $(call gb_UnpackedTarball_set_post_action,poppler,\
- env -i PATH="$(PATH)" $(FIND) . -name '*.cc' -exec sed -i -e 's/std::make_unique/o3tl::make_unique/' {} \\; \
+ env -i PATH="$(if $(filter WNT,$(OS)),/usr/bin,$(PATH))" $(FIND) . -name '*.cc' -exec sed -i -e 's/std::make_unique/o3tl::make_unique/' {} \\; \
))
endif
diff --git a/external/poppler/poppler-c++11.patch.1 b/external/poppler/poppler-c++11.patch.1
index 5a4d1a24e2e2..9e607b381de0 100644
--- a/external/poppler/poppler-c++11.patch.1
+++ b/external/poppler/poppler-c++11.patch.1
@@ -12,18 +12,18 @@ remove usage of newfangled C++ that baseline toolchains don't support
namespace {
@@ -366,7 +366,7 @@
- }
+ }
#else
- // First try to atomically open the file with CLOEXEC
-- const std::string modeStr = mode + "e"s;
-+ const std::string modeStr = mode + std::string("e");
- FILE *file = fopen(path, modeStr.c_str());
- if (file != nullptr)
- return file;
+ // First try to atomically open the file with CLOEXEC
+- const std::string modeStr = mode + "e"s;
++ const std::string modeStr = mode + std::string("e");
+ FILE *file = fopen(path, modeStr.c_str());
+ if (file != nullptr)
+ return file;
--- poppler/goo/gmem.h.orig 2019-01-16 11:25:28.161920038 +0100
+++ poppler/goo/gmem.h 2019-01-16 11:25:53.756882295 +0100
@@ -177,4 +177,6 @@
- return std::strncpy(r, s, n);
+ return std::strncpy(r, s, n);
}
+#include <o3tl/make_unique.hxx>
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index 1c68806276f7..b902402ea4e7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -1,5 +1,7 @@
*three* poppler config headers
+note: to get the 3rd one, use -DENABLE_CPP=on
+
mkdir build && cd build && cmake .. -DENABLE_DCTDECODER=libjpeg -DHAVE_CAIRO=off -DENABLE_LIBOPENJPEG=none -DENABLE_CMS=none -DENABLE_LIBCURL=off -DENABLE_ZLIB=off -DENABLE_ZLIB_UNCOMPRESS=off -DENABLE_NSS3=off -DENABLE_LIBPNG=off -DENABLE_LIBTIFF=off -DENABLE_SPLASH=off -DENABLE_UTILS=off -DENABLE_CPP=off -DENABLE_GLIB=off -DENABLE_GOBJECT_INTROSPECTION=off -DENABLE_GTK_DOC=off -DENABLE_QT5=off
manually disabled these because cmake failed to do it:
@@ -14,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,221 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -120,21 +122,6 @@ index 0fbd336a..451213f8 100644
+#endif
+
+#if !defined(_WIN32)
-+/* Define to 1 if you have the `rand_r' function. */
-+#define HAVE_RAND_R 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcpy_s' function. */
-+#define HAVE_STRCPY_S 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcat_s' function. */
-+#define HAVE_STRCAT_S 1
-+#endif
-+
-+#if !defined(_WIN32)
+/* Defines if strtok_r is available on your system */
+#define HAVE_STRTOK_R 1
+#endif
@@ -147,9 +134,6 @@ index 0fbd336a..451213f8 100644
+#define HAVE_POPEN 1
+#endif
+
-+/* Use splash for rendering. */
-+/* #undef HAVE_SPLASH */
-+
+#if !defined(__APPLE__) && !defined(_WIN32)
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
@@ -179,9 +163,6 @@ index 0fbd336a..451213f8 100644
+/* Define as const if the declaration of iconv() needs const. */
+#define ICONV_CONST
+
-+/* Enable multithreading support. */
-+#define MULTITHREADED 1
-+
+/* Generate OPI comments in PS output. */
+#define OPI_SUPPORT 1
+
@@ -195,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.74.0"
++#define PACKAGE_STRING "poppler 21.01.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -204,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.74.0"
++#define PACKAGE_VERSION "21.01.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -212,23 +193,17 @@ index 0fbd336a..451213f8 100644
+/* Support for curl based doc builder is compiled in. */
+/* #undef POPPLER_HAS_CURL_SUPPORT */
+
-+/* Include support for CMYK rasterization */
-+/* #undef SPLASH_CMYK */
-+
+/* Enable word list support. */
+#define TEXTOUT_WORD_LIST 1
+
+/* Defines if use cms */
+/* #undef USE_CMS */
+
-+/* Use fixed point arithmetic in the Splash backend */
-+/* #undef USE_FIXEDPOINT */
-+
+/* Use single precision arithmetic in the Splash backend */
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "0.74.0"
++#define VERSION "21.01.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -268,7 +243,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,168 @@
+@@ -0,0 +1,166 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -288,6 +263,9 @@ index 0fbd336a..451213f8 100644
+// Copyright (C) 2014 Hib Eris <hib@hiberis.nl>
+// Copyright (C) 2016 Tor Lillqvist <tml@collabora.com>
+// Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
++// Copyright (C) 2018 Adam Reichold <adam.reichold@t-online.de>
++// Copyright (C) 2018 Stefan Brüns <stefan.bruens@rwth-aachen.de>
++// Copyright (C) 2020 Albert Astals Cid <aacid@kde.org>
+//
+// To see a description of the changes please see the Changelog file that
+// came with your tarball or type make ChangeLog if you are building from git
@@ -304,17 +282,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.74.0"
-+#endif
-+
-+/* Enable multithreading support. */
-+#ifndef MULTITHREADED
-+#define MULTITHREADED 1
-+#endif
-+
-+/* Use fixedpoint. */
-+#ifndef USE_FIXEDPOINT
-+/* #undef USE_FIXEDPOINT */
++#define POPPLER_VERSION "21.01.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -396,17 +364,22 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_CMS */
+#endif
+
-+// Also, there are preprocessor symbols in the header files
-+// that are used but never defined when building poppler using configure
-+// or cmake: DISABLE_OUTLINE, DEBUG_MEM,
-+// ENABLE_PLUGINS, DEBUG_FORMS
++/* Use header-only classes from Boost in the Splash backend */
++#ifndef USE_BOOST_HEADERS
++/* #undef USE_BOOST_HEADERS */
++#endif
++
++/* Is splash backend available */
++#ifndef HAVE_SPLASH
++/* #undef HAVE_SPLASH */
++#endif
+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2018 The Poppler Developers - http://poppler.freedesktop.org"
++#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org"
+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
@@ -424,7 +397,7 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
-+#include <stdio.h> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
++#include <cstdio> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
+#ifdef __MINGW_PRINTF_FORMAT
+#define GCC_PRINTF_FORMAT(fmt_index, va_index) \
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
@@ -466,9 +439,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "0.74.0"
-+#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 74
++#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION_MAJOR 21
++#define POPPLER_VERSION_MINOR 1
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
diff --git a/external/postgresql/ExternalPackage_postgresql.mk b/external/postgresql/ExternalPackage_postgresql.mk
new file mode 100644
index 000000000000..f6c9a9bb6deb
--- /dev/null
+++ b/external/postgresql/ExternalPackage_postgresql.mk
@@ -0,0 +1,16 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalPackage_ExternalPackage,postgresql,postgresql))
+
+$(eval $(call gb_ExternalPackage_use_external_project,postgresql,postgresql))
+
+$(eval $(call gb_ExternalPackage_add_file,postgresql,$(LIBO_LIB_FOLDER)/libpq.dll,$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.dll))
+
+# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/ExternalProject_postgresql.mk b/external/postgresql/ExternalProject_postgresql.mk
index f6617e52fcd8..1e0c7d848047 100644
--- a/external/postgresql/ExternalProject_postgresql.mk
+++ b/external/postgresql/ExternalProject_postgresql.mk
@@ -12,7 +12,6 @@ $(eval $(call gb_ExternalProject_ExternalProject,postgresql))
$(eval $(call gb_ExternalProject_use_externals,postgresql,\
openldap \
openssl \
- zlib \
))
$(eval $(call gb_ExternalProject_register_targets,postgresql,\
@@ -25,8 +24,9 @@ $(eval $(call gb_ExternalProject_use_nmake,postgresql,build))
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_ExternalProject_run,build,\
- nmake -f win32.mak USE_SSL=1 USE_LDAP=1 \
- ,src)
+ MSBFLAGS=/p:Platform=$(if $(filter X86_64,$(CPUNAME)),x64,Win32) \
+ $(PERL) build.pl $(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release) libpq \
+ ,src/tools/msvc)
else
@@ -55,20 +55,24 @@ postgresql_LDFLAGS += \
endif
+# note: as of 13.1, zlib is not needed by libpq
+# passing MAKELEVEL=0 is required to find internal headers
$(call gb_ExternalProject_get_state_target,postgresql,build) :
$(call gb_ExternalProject_run,build,\
./configure \
- --without-readline --disable-shared --with-ldap \
+ --without-readline \
+ --without-zlib \
+ --with-ldap \
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
$(if $(DISABLE_OPENSSL),,--with-openssl \
- $(if $(WITH_KRB5), --with-krb5) \
$(if $(WITH_GSSAPI),--with-gssapi)) \
+ CFLAGS="-fPIC" \
CPPFLAGS="$(postgresql_CPPFLAGS)" \
LDFLAGS="$(postgresql_LDFLAGS)" \
EXTRA_LDAP_LIBS="-llber -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4" \
&& cd src/interfaces/libpq \
- && MAKEFLAGS= && $(MAKE) all-static-lib)
+ && MAKEFLAGS= && $(MAKE) MAKELEVEL=0 all-static-lib)
endif
diff --git a/external/postgresql/Module_postgresql.mk b/external/postgresql/Module_postgresql.mk
index 1f655c6e5034..7ea89dad3b39 100644
--- a/external/postgresql/Module_postgresql.mk
+++ b/external/postgresql/Module_postgresql.mk
@@ -14,4 +14,10 @@ $(eval $(call gb_Module_add_targets,postgresql,\
UnpackedTarball_postgresql \
))
+ifeq ($(OS),WNT)
+$(eval $(call gb_Module_add_targets,postgresql,\
+ ExternalPackage_postgresql \
+))
+endif # WNT
+
# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/UnpackedTarball_postgresql.mk b/external/postgresql/UnpackedTarball_postgresql.mk
index 2e41bf66d806..c95aef25f663 100644
--- a/external/postgresql/UnpackedTarball_postgresql.mk
+++ b/external/postgresql/UnpackedTarball_postgresql.mk
@@ -11,18 +11,10 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,postgresql))
$(eval $(call gb_UnpackedTarball_set_tarball,postgresql,$(POSTGRESQL_TARBALL),,postgresql))
-$(eval $(call gb_UnpackedTarball_set_patchlevel,postgresql,3))
-
$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
- external/postgresql/postgresql-libs-leak.patch \
- external/postgresql/postgresql-9.2.1-autoreconf.patch \
- external/postgresql/postgresql-9.2.1-libreoffice.patch \
+ external/postgresql/postgres-msvc-build.patch.1 \
))
-ifeq ($(SYSTEM_ZLIB),)
-$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \
- external/postgresql/internal-zlib.patch.1 \
-))
-endif
+$(eval $(call gb_UnpackedTarball_add_file,postgresql,src/tools/msvc/config.pl,external/postgresql/config.pl))
# vim: set noet sw=4 ts=4:
diff --git a/external/postgresql/config.pl b/external/postgresql/config.pl
new file mode 100644
index 000000000000..ae163ebbd166
--- /dev/null
+++ b/external/postgresql/config.pl
@@ -0,0 +1 @@
+$config->{openssl} = "$ENV{WORKDIR}/UnpackedTarball/openssl";
diff --git a/external/postgresql/internal-zlib.patch.1 b/external/postgresql/internal-zlib.patch.1
deleted file mode 100644
index ac2b728e1314..000000000000
--- a/external/postgresql/internal-zlib.patch.1
+++ /dev/null
@@ -1,29 +0,0 @@
-diff -up postgresql/configure.dt postgresql/configure
---- postgresql/configure.dt 2016-11-03 17:34:17.282388226 +0100
-+++ postgresql/configure 2016-11-03 17:34:35.004202484 +0100
-@@ -8566,13 +8566,13 @@ fi
-
- if test "$with_zlib" = yes; then
-
--{ $as_echo "$as_me:$LINENO: checking for inflate in -lz" >&5
--$as_echo_n "checking for inflate in -lz... " >&6; }
-+{ $as_echo "$as_me:$LINENO: checking for inflate in -lzlib" >&5
-+$as_echo_n "checking for inflate in -lzlib... " >&6; }
- if test "${ac_cv_lib_z_inflate+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_check_lib_save_LIBS=$LIBS
--LIBS="-lz $LIBS"
-+LIBS="-lzlib $LIBS"
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
-@@ -8636,7 +8636,7 @@ if test "x$ac_cv_lib_z_inflate" = x""yes
- #define HAVE_LIBZ 1
- _ACEOF
-
-- LIBS="-lz $LIBS"
-+ LIBS="-lzlib $LIBS"
-
- else
- { { $as_echo "$as_me:$LINENO: error: zlib library not found
diff --git a/external/postgresql/postgres-msvc-build.patch.1 b/external/postgresql/postgres-msvc-build.patch.1
new file mode 100644
index 000000000000..4ccd82aa28fb
--- /dev/null
+++ b/external/postgresql/postgres-msvc-build.patch.1
@@ -0,0 +1,110 @@
+Cygwin perl calls /bin/sh which can't resolve to .exe
+
+Also Cygwin perl has $Config{osname} different from MSWin32, and why even check that?
+
+--- postgresql/src/tools/msvc/build.pl.orig 2021-01-19 17:36:09.801463500 +0100
++++ postgresql/src/tools/msvc/build.pl 2021-01-19 17:36:20.426821300 +0100
+@@ -55,13 +55,13 @@
+ if ($buildwhat)
+ {
+ system(
+- "msbuild $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
++ "msbuild.exe $buildwhat.vcxproj /verbosity:normal $msbflags /p:Configuration=$bconf"
+ );
+ }
+ else
+ {
+ system(
+- "msbuild pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
++ "msbuild.exe pgsql.sln /verbosity:normal $msbflags /p:Configuration=$bconf"
+ );
+ }
+
+--- postgresql/src/tools/msvc/Project.pm.orig 2021-01-19 17:59:18.799237700 +0100
++++ postgresql/src/tools/msvc/Project.pm 2021-01-19 17:59:48.487711700 +0100
+@@ -22,7 +22,7 @@
+ my $self = {
+ name => $name,
+ type => $type,
+- guid => $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE',
++ guid => Win32::GuidGen(),
+ files => {},
+ references => [],
+ libraries => [],
+--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 18:03:04.594229100 +0100
++++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 18:04:13.677610100 +0100
+@@ -59,7 +59,7 @@
+ {
+ my $self = shift;
+
+- if ($^O eq "MSWin32")
++ if (1) #($^O eq "MSWin32")
+ {
+ # Examine CL help output to determine if we are in 32 or 64-bit mode.
+ my $output = `cl /? 2>&1`;
+@@ -1081,7 +1081,7 @@
+ }
+ if ($fld ne "")
+ {
+- $flduid{$fld} = $^O eq "MSWin32" ? Win32::GuidGen() : 'FAKE';
++ $flduid{$fld} = Win32::GuidGen();
+ print $sln <<EOF;
+ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "$fld", "$fld", "$flduid{$fld}"
+ EndProject
+--- postgresql/src/tools/msvc/VSObjectFactory.pm.orig 2021-01-19 18:06:42.633421700 +0100
++++ postgresql/src/tools/msvc/VSObjectFactory.pm 2021-01-19 18:06:28.663523200 +0100
+@@ -111,7 +111,7 @@
+
+ sub DetermineVisualStudioVersion
+ {
+- if ($^O eq "MSWin32")
++ if (1) # ($^O eq "MSWin32")
+ {
+ # To determine version of Visual Studio we use nmake as it has
+ # existed for a long time and still exists in current Visual
+--- postgresql/src/tools/msvc/Mkvcbuild.pm.orig 2021-01-19 18:23:59.830153900 +0100
++++ postgresql/src/tools/msvc/Mkvcbuild.pm 2021-01-19 18:24:04.095411300 +0100
+@@ -9,7 +9,7 @@
+ use warnings;
+
+ use Carp;
+-use if ($^O eq "MSWin32"), 'Win32';
++use Win32;
+ use Project;
+ use Solution;
+ use Cwd;
+--- postgresql/src/tools/msvc/Solution.pm.orig 2021-01-19 20:27:21.366237600 +0100
++++ postgresql/src/tools/msvc/Solution.pm 2021-01-19 20:28:17.773662900 +0100
+@@ -126,7 +126,8 @@
+ # openssl.exe is in the specified directory.
+ # Quote the .exe name in case it has spaces
+ my $opensslcmd =
+- qq("$self->{options}->{openssl}\\bin\\openssl.exe" version 2>&1);
++ qq("$self->{options}->{openssl}\\out32dll\\openssl.exe" version 2>&1);
++ print "$opensslcmd";
+ my $sslout = `$opensslcmd`;
+
+ $? >> 8 == 0
+@@ -964,8 +964,8 @@
+ # On both Win32 and Win64 the same library
+ # names are used without a debugging context.
+ $dbgsuffix = 0;
+- $libsslpath = '\lib\libssl.lib';
+- $libcryptopath = '\lib\libcrypto.lib';
++ $libsslpath = '\libssl.lib';
++ $libcryptopath = '\libcrypto.lib';
+ }
+
+ $proj->AddLibrary($self->{options}->{openssl} . $libsslpath,
+@@ -990,9 +990,9 @@
+ # to be here, so don't ask for it in last
+ # parameter.
+ $proj->AddLibrary(
+- $self->{options}->{openssl} . '\lib\ssleay32.lib', 0);
++ $self->{options}->{openssl} . '\out32dll\ssleay32.lib', 0);
+ $proj->AddLibrary(
+- $self->{options}->{openssl} . '\lib\libeay32.lib', 0);
++ $self->{options}->{openssl} . '\out32dll\libeay32.lib', 0);
+ }
+ }
+ }
diff --git a/external/postgresql/postgresql-9.2.1-autoreconf.patch b/external/postgresql/postgresql-9.2.1-autoreconf.patch
deleted file mode 100644
index 9cbf84f252c8..000000000000
--- a/external/postgresql/postgresql-9.2.1-autoreconf.patch
+++ /dev/null
@@ -1,521 +0,0 @@
---- misc/build/postgresql-9.1.1/configure 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/configure 2012-02-03 11:50:07.000000000 +0100
-@@ -830,6 +830,7 @@
- with_krb_srvnam
- with_pam
- with_ldap
-+with_mozldap
- with_bonjour
- with_openssl
- with_selinux
-@@ -1527,6 +1528,7 @@
- [postgres]
- --with-pam build with PAM support
- --with-ldap build with LDAP support
-+ --with-mozldap build with Mozilla LDAP support
- --with-bonjour build with Bonjour support
- --with-openssl build with OpenSSL support
- --with-selinux build with SELinux support
-@@ -5412,6 +5414,42 @@
-
-
-
-+{ $as_echo "$as_me:$LINENO: checking whether to use Mozilla C SDK for LDAP support" >&5
-+$as_echo_n "checking whether to use Mozilla C SDK for LDAP support... " >&6; }
-+
-+
-+
-+# Check whether --with-mozldap was given.
-+if test "${with_mozldap+set}" = set; then
-+ withval=$with_mozldap;
-+ case $withval in
-+ yes)
-+
-+cat >>confdefs.h <<\_ACEOF
-+#define USE_MOZLDAP 1
-+_ACEOF
-+
-+ ;;
-+ no)
-+ :
-+ ;;
-+ *)
-+ { { $as_echo "$as_me:$LINENO: error: no argument expected for --with-mozldap option" >&5
-+$as_echo "$as_me: error: no argument expected for --with-mozldap option" >&2;}
-+ { (exit 1); exit 1; }; }
-+ ;;
-+ esac
-+
-+else
-+ with_mozldap=no
-+
-+fi
-+
-+
-+{ $as_echo "$as_me:$LINENO: result: $with_mozldap" >&5
-+$as_echo "$with_mozldap" >&6; }
-+
-+
-
- #
- # Kerberos configuration parameters
-@@ -8627,11 +8665,11 @@
- *** Not using spinlocks will cause poor performance." >&2;}
- fi
-
--if test "$with_gssapi" = yes ; then
-+if test "$with_krb5" = yes ; then
- if test "$PORTNAME" != "win32"; then
-- { $as_echo "$as_me:$LINENO: checking for library containing gss_init_sec_context" >&5
--$as_echo_n "checking for library containing gss_init_sec_context... " >&6; }
--if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
-+ { $as_echo "$as_me:$LINENO: checking for library containing com_err" >&5
-+$as_echo_n "checking for library containing com_err... " >&6; }
-+if test "${ac_cv_search_com_err+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_func_search_save_LIBS=$LIBS
-@@ -8648,16 +8686,16 @@
- #ifdef __cplusplus
- extern "C"
- #endif
--char gss_init_sec_context ();
-+char com_err ();
- int
- main ()
- {
--return gss_init_sec_context ();
-+return com_err ();
- ;
- return 0;
- }
- _ACEOF
--for ac_lib in '' gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'; do
-+for ac_lib in '' com_err 'com_err -lssl -lcrypto' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
-@@ -8685,7 +8723,7 @@
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
-- ac_cv_search_gss_init_sec_context=$ac_res
-+ ac_cv_search_com_err=$ac_res
- else
- $as_echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-@@ -8696,40 +8734,33 @@
- rm -rf conftest.dSYM
- rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext
-- if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
-+ if test "${ac_cv_search_com_err+set}" = set; then
- break
- fi
- done
--if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
-+if test "${ac_cv_search_com_err+set}" = set; then
- :
- else
-- ac_cv_search_gss_init_sec_context=no
-+ ac_cv_search_com_err=no
- fi
- rm conftest.$ac_ext
- LIBS=$ac_func_search_save_LIBS
- fi
--{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_gss_init_sec_context" >&5
--$as_echo "$ac_cv_search_gss_init_sec_context" >&6; }
--ac_res=$ac_cv_search_gss_init_sec_context
-+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_com_err" >&5
-+$as_echo "$ac_cv_search_com_err" >&6; }
-+ac_res=$ac_cv_search_com_err
- if test "$ac_res" != no; then
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
- else
-- { { $as_echo "$as_me:$LINENO: error: could not find function 'gss_init_sec_context' required for GSSAPI" >&5
--$as_echo "$as_me: error: could not find function 'gss_init_sec_context' required for GSSAPI" >&2;}
-+ { { $as_echo "$as_me:$LINENO: error: could not find function 'com_err' required for Kerberos 5" >&5
-+$as_echo "$as_me: error: could not find function 'com_err' required for Kerberos 5" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-- else
-- LIBS="$LIBS -lgssapi32"
-- fi
--fi
--
--if test "$with_krb5" = yes ; then
-- if test "$PORTNAME" != "win32"; then
-- { $as_echo "$as_me:$LINENO: checking for library containing com_err" >&5
--$as_echo_n "checking for library containing com_err... " >&6; }
--if test "${ac_cv_search_com_err+set}" = set; then
-+ { $as_echo "$as_me:$LINENO: checking for library containing krb5_sendauth" >&5
-+$as_echo_n "checking for library containing krb5_sendauth... " >&6; }
-+if test "${ac_cv_search_krb5_sendauth+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_func_search_save_LIBS=$LIBS
-@@ -8746,16 +8777,16 @@
- #ifdef __cplusplus
- extern "C"
- #endif
--char com_err ();
-+char krb5_sendauth ();
- int
- main ()
- {
--return com_err ();
-+return krb5_sendauth ();
- ;
- return 0;
- }
- _ACEOF
--for ac_lib in '' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken' com_err 'com_err -lssl -lcrypto'; do
-+for ac_lib in '' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
-@@ -8783,7 +8814,7 @@
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
-- ac_cv_search_com_err=$ac_res
-+ ac_cv_search_krb5_sendauth=$ac_res
- else
- $as_echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-@@ -8794,33 +8825,34 @@
- rm -rf conftest.dSYM
- rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext
-- if test "${ac_cv_search_com_err+set}" = set; then
-+ if test "${ac_cv_search_krb5_sendauth+set}" = set; then
- break
- fi
- done
--if test "${ac_cv_search_com_err+set}" = set; then
-+if test "${ac_cv_search_krb5_sendauth+set}" = set; then
- :
- else
-- ac_cv_search_com_err=no
-+ ac_cv_search_krb5_sendauth=no
- fi
- rm conftest.$ac_ext
- LIBS=$ac_func_search_save_LIBS
- fi
--{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_com_err" >&5
--$as_echo "$ac_cv_search_com_err" >&6; }
--ac_res=$ac_cv_search_com_err
-+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_krb5_sendauth" >&5
-+$as_echo "$ac_cv_search_krb5_sendauth" >&6; }
-+ac_res=$ac_cv_search_krb5_sendauth
- if test "$ac_res" != no; then
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
- else
-- { { $as_echo "$as_me:$LINENO: error: could not find function 'com_err' required for Kerberos 5" >&5
--$as_echo "$as_me: error: could not find function 'com_err' required for Kerberos 5" >&2;}
-+ { { $as_echo "$as_me:$LINENO: error: could not find function 'krb5_sendauth' required for Kerberos 5" >&5
-+$as_echo "$as_me: error: could not find function 'krb5_sendauth' required for Kerberos 5" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-- { $as_echo "$as_me:$LINENO: checking for library containing krb5_sendauth" >&5
--$as_echo_n "checking for library containing krb5_sendauth... " >&6; }
--if test "${ac_cv_search_krb5_sendauth+set}" = set; then
-+ else
-+ { $as_echo "$as_me:$LINENO: checking for library containing com_err" >&5
-+$as_echo_n "checking for library containing com_err... " >&6; }
-+if test "${ac_cv_search_com_err+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_func_search_save_LIBS=$LIBS
-@@ -8837,16 +8869,16 @@
- #ifdef __cplusplus
- extern "C"
- #endif
--char krb5_sendauth ();
-+char com_err ();
- int
- main ()
- {
--return krb5_sendauth ();
-+return com_err ();
- ;
- return 0;
- }
- _ACEOF
--for ac_lib in '' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'; do
-+for ac_lib in '' 'comerr32 -lkrb5_32'; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
-@@ -8874,7 +8906,7 @@
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
-- ac_cv_search_krb5_sendauth=$ac_res
-+ ac_cv_search_com_err=$ac_res
- else
- $as_echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-@@ -8885,34 +8917,38 @@
- rm -rf conftest.dSYM
- rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext
-- if test "${ac_cv_search_krb5_sendauth+set}" = set; then
-+ if test "${ac_cv_search_com_err+set}" = set; then
- break
- fi
- done
--if test "${ac_cv_search_krb5_sendauth+set}" = set; then
-+if test "${ac_cv_search_com_err+set}" = set; then
- :
- else
-- ac_cv_search_krb5_sendauth=no
-+ ac_cv_search_com_err=no
- fi
- rm conftest.$ac_ext
- LIBS=$ac_func_search_save_LIBS
- fi
--{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_krb5_sendauth" >&5
--$as_echo "$ac_cv_search_krb5_sendauth" >&6; }
--ac_res=$ac_cv_search_krb5_sendauth
-+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_com_err" >&5
-+$as_echo "$ac_cv_search_com_err" >&6; }
-+ac_res=$ac_cv_search_com_err
- if test "$ac_res" != no; then
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
- else
-- { { $as_echo "$as_me:$LINENO: error: could not find function 'krb5_sendauth' required for Kerberos 5" >&5
--$as_echo "$as_me: error: could not find function 'krb5_sendauth' required for Kerberos 5" >&2;}
-+ { { $as_echo "$as_me:$LINENO: error: could not find function 'com_err' required for Kerberos 5" >&5
-+$as_echo "$as_me: error: could not find function 'com_err' required for Kerberos 5" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-- else
-- { $as_echo "$as_me:$LINENO: checking for library containing com_err" >&5
--$as_echo_n "checking for library containing com_err... " >&6; }
--if test "${ac_cv_search_com_err+set}" = set; then
-+ fi
-+fi
-+
-+if test "$with_gssapi" = yes ; then
-+ if test "$PORTNAME" != "win32"; then
-+ { $as_echo "$as_me:$LINENO: checking for library containing gss_init_sec_context" >&5
-+$as_echo_n "checking for library containing gss_init_sec_context... " >&6; }
-+if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
- $as_echo_n "(cached) " >&6
- else
- ac_func_search_save_LIBS=$LIBS
-@@ -8929,16 +8965,16 @@
- #ifdef __cplusplus
- extern "C"
- #endif
--char com_err ();
-+char gss_init_sec_context ();
- int
- main ()
- {
--return com_err ();
-+return gss_init_sec_context ();
- ;
- return 0;
- }
- _ACEOF
--for ac_lib in '' 'comerr32 -lkrb5_32'; do
-+for ac_lib in '' gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
-@@ -8966,7 +9002,7 @@
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
-- ac_cv_search_com_err=$ac_res
-+ ac_cv_search_gss_init_sec_context=$ac_res
- else
- $as_echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-@@ -8977,30 +9013,32 @@
- rm -rf conftest.dSYM
- rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext
-- if test "${ac_cv_search_com_err+set}" = set; then
-+ if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
- break
- fi
- done
--if test "${ac_cv_search_com_err+set}" = set; then
-+if test "${ac_cv_search_gss_init_sec_context+set}" = set; then
- :
- else
-- ac_cv_search_com_err=no
-+ ac_cv_search_gss_init_sec_context=no
- fi
- rm conftest.$ac_ext
- LIBS=$ac_func_search_save_LIBS
- fi
--{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_com_err" >&5
--$as_echo "$ac_cv_search_com_err" >&6; }
--ac_res=$ac_cv_search_com_err
-+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_gss_init_sec_context" >&5
-+$as_echo "$ac_cv_search_gss_init_sec_context" >&6; }
-+ac_res=$ac_cv_search_gss_init_sec_context
- if test "$ac_res" != no; then
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
- else
-- { { $as_echo "$as_me:$LINENO: error: could not find function 'com_err' required for Kerberos 5" >&5
--$as_echo "$as_me: error: could not find function 'com_err' required for Kerberos 5" >&2;}
-+ { { $as_echo "$as_me:$LINENO: error: could not find function 'gss_init_sec_context' required for GSSAPI" >&5
-+$as_echo "$as_me: error: could not find function 'gss_init_sec_context' required for GSSAPI" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-+ else
-+ LIBS="$LIBS -lgssapi32"
- fi
- fi
-
-@@ -13598,7 +13636,7 @@
- fi
-
- if test "$with_ldap" = yes ; then
-- if test "$PORTNAME" != "win32"; then
-+ if test "$PORTNAME" != "win32" || test "$with_mozldap" = "yes"; then
-
- for ac_header in ldap.h
- do
-@@ -13823,6 +13861,11 @@
-
- done
-
-+
-+cat >>confdefs.h <<\_ACEOF
-+#define USE_MICROSOFT_LDAP 1
-+_ACEOF
-+
- fi
- fi
-
-@@ -23483,7 +23526,99 @@
- # We can test for libldap_r only after we know PTHREAD_LIBS
- if test "$with_ldap" = yes ; then
- _LIBS="$LIBS"
-+ if test "$with_mozldap" = "yes"; then
- if test "$PORTNAME" != "win32"; then
-+ mozlibname=ldap50
-+ else
-+ mozlibname=nsldap32v50
-+ fi
-+
-+as_ac_Lib=`$as_echo "ac_cv_lib_$mozlibname''_ldap_bind" | $as_tr_sh`
-+{ $as_echo "$as_me:$LINENO: checking for ldap_bind in -l$mozlibname" >&5
-+$as_echo_n "checking for ldap_bind in -l$mozlibname... " >&6; }
-+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then
-+ $as_echo_n "(cached) " >&6
-+else
-+ ac_check_lib_save_LIBS=$LIBS
-+LIBS="-l$mozlibname $PTHREAD_CFLAGS $PTHREAD_LIBS $EXTRA_LDAP_LIBS $LIBS"
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+
-+/* Override any GCC internal prototype to avoid an error.
-+ Use char because int might match the return type of a GCC
-+ builtin and then its argument prototype would still apply. */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char ldap_bind ();
-+int
-+main ()
-+{
-+return ldap_bind ();
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+rm -f conftest.$ac_objext conftest$ac_exeext
-+if { (ac_try="$ac_link"
-+case "(($ac_try" in
-+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+ *) ac_try_echo=$ac_try;;
-+esac
-+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-+$as_echo "$ac_try_echo") >&5
-+ (eval "$ac_link") 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } && {
-+ test -z "$ac_c_werror_flag" ||
-+ test ! -s conftest.err
-+ } && test -s conftest$ac_exeext && {
-+ test "$cross_compiling" = yes ||
-+ $as_test_x conftest$ac_exeext
-+ }; then
-+ eval "$as_ac_Lib=yes"
-+else
-+ $as_echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ eval "$as_ac_Lib=no"
-+fi
-+
-+rm -rf conftest.dSYM
-+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-+ conftest$ac_exeext conftest.$ac_ext
-+LIBS=$ac_check_lib_save_LIBS
-+fi
-+ac_res=`eval 'as_val=${'$as_ac_Lib'}
-+ $as_echo "$as_val"'`
-+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-+$as_echo "$ac_res" >&6; }
-+as_val=`eval 'as_val=${'$as_ac_Lib'}
-+ $as_echo "$as_val"'`
-+ if test "x$as_val" = x""yes; then
-+ cat >>confdefs.h <<_ACEOF
-+#define `$as_echo "HAVE_LIB$mozlibname" | $as_tr_cpp` 1
-+_ACEOF
-+
-+ LIBS="-l$mozlibname $LIBS"
-+
-+else
-+ { { $as_echo "$as_me:$LINENO: error: library \"$mozlibname\" is required for Mozilla LDAP" >&5
-+$as_echo "$as_me: error: library \"$mozlibname\" is required for Mozilla LDAP" >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+
-+ LDAP_LIBS_FE="-l$mozlibname $EXTRA_LDAP_LIBS"
-+ LDAP_LIBS_BE="-l$mozlibname $EXTRA_LDAP_LIBS"
-+ elif test "$PORTNAME" != "win32"; then
-
- { $as_echo "$as_me:$LINENO: checking for ldap_bind in -lldap" >&5
- $as_echo_n "checking for ldap_bind in -lldap... " >&6; }
---- misc/build/postgresql-9.1.1/src/include/pg_config.h.in 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/src/include/pg_config.h.in 2012-02-03 11:50:07.000000000 +0100
-@@ -758,6 +758,13 @@
- (--with-libxslt) */
- #undef USE_LIBXSLT
-
-+/* Defined when using Microsof LDAP */
-+#undef USE_MICROSOFT_LDAP
-+
-+/* Define to 1 to use the Mozilla LDAP C SDK instead of platform default
-+ (OpenLDAP or Microsoft LDAP). (--with-mozldap) */
-+#undef USE_MOZLDAP
-+
- /* Define to select named POSIX semaphores. */
- #undef USE_NAMED_POSIX_SEMAPHORES
-
-
diff --git a/external/postgresql/postgresql-9.2.1-libreoffice.patch b/external/postgresql/postgresql-9.2.1-libreoffice.patch
deleted file mode 100644
index 174ee8551a78..000000000000
--- a/external/postgresql/postgresql-9.2.1-libreoffice.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- misc/build/postgresql-9.1.1/src/interfaces/libpq/Makefile 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/Makefile 2011-12-15 09:02:18.000000000 +0100
-@@ -148,3 +148,6 @@
- maintainer-clean: distclean maintainer-clean-lib
- $(MAKE) -C test $@
- rm -f libpq-dist.rc
-+
-+libpq-flags.mk:
-+ @printf '%s\n' 'LIBPQ_DEP_LIBS+=$(SHLIB_LINK)' > '$@'
---- misc/build/postgresql-9.1.1/src/interfaces/libpq/win32.mak 2011-12-14 14:28:59.000000000 +0100
-+++ misc/build/postgresql-9.1.1.patched/src/interfaces/libpq/win32.mak 2011-12-15 09:11:37.000000000 +0100
-@@ -11,14 +11,12 @@
- !ENDIF
-
- !IFDEF DEBUG
--OPT=/Od /Zi /MDd
-+OPT=/Od /Zi
- LOPT=/DEBUG
--DEBUGDEF=/D _DEBUG
--OUTFILENAME=libpqd
-+OUTFILENAME=libpq
- !ELSE
- OPT=/O2 /MD
- LOPT=
--DEBUGDEF=/D NDEBUG
- OUTFILENAME=libpq
- !ENDIF
-
-@@ -67,18 +66,11 @@
- CPP=cl.exe
- RSC=rc.exe
-
--!IFDEF DEBUG
--OUTDIR=.\Debug
--INTDIR=.\Debug
--CPP_OBJS=.\Debug/
--!ELSE
--OUTDIR=.\Release
--INTDIR=.\Release
--CPP_OBJS=.\Release/
--!ENDIF
--
-+OUTDIR=.
-+INTDIR=.
-+CPP_OBJS=./
-
--ALL : config "$(OUTDIR)\$(OUTFILENAME).lib" "$(OUTDIR)\$(OUTFILENAME).dll"
-+ALL : config "$(OUTDIR)\$(OUTFILENAME).lib"
-
- CLEAN :
- -@erase "$(INTDIR)\getaddrinfo.obj"
-@@ -178,10 +170,11 @@
- "$(OUTDIR)" :
- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
--CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. /I "$(SSL_INC)" \
-+CPP_PROJ=/nologo /W3 /EHsc $(OPT) /I "..\..\include" /I "..\..\include\port\win32" /I "..\..\include\port\win32_msvc" /I "..\..\port" /I. $(SOLARINC) /I $(WORKDIR)/UnpackedTarball/openssl/include \
- /D "FRONTEND" $(DEBUGDEF) \
- /D "WIN32" /D "_WINDOWS" /Fp"$(INTDIR)\libpq.pch" \
- /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c \
-+ /D "_CRT_NONSTDC_NO_DEPRECATE" \
- /D "_CRT_SECURE_NO_DEPRECATE" $(ADD_DEFINES)
-
- !IFDEF USE_SSL
-@@ -222,7 +215,7 @@
- <<
-
- "$(INTDIR)\libpq.res" : "$(INTDIR)" libpq-dist.rc
-- $(RSC) $(RSC_PROJ) libpq-dist.rc
-+ $(RSC) $(SOLARINC) $(RSC_PROJ) libpq-dist.rc
-
-
- "$(OUTDIR)\$(OUTFILENAME).dll" : "$(OUTDIR)" "$(INTDIR)\libpq.res"
-
diff --git a/external/postgresql/postgresql-libs-leak.patch b/external/postgresql/postgresql-libs-leak.patch
deleted file mode 100644
index 8224137f1f97..000000000000
--- a/external/postgresql/postgresql-libs-leak.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --recursive -u misc/build/postgresql-9.1.1/configure.in misc/build/postgresql-9.1.1.patched/configure.in
---- misc/build/postgresql-9.1.1/configure.in 2011-09-22 23:57:57.000000000 +0200
-+++ misc/build/postgresql-9.1.1.patched/configure.in 2012-02-03 11:42:45.000000000 +0100
-@@ -903,18 +903,9 @@
- *** Not using spinlocks will cause poor performance.])
- fi
-
--if test "$with_gssapi" = yes ; then
-- if test "$PORTNAME" != "win32"; then
-- AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
-- [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
-- else
-- LIBS="$LIBS -lgssapi32"
-- fi
--fi
--
- if test "$with_krb5" = yes ; then
- if test "$PORTNAME" != "win32"; then
-- AC_SEARCH_LIBS(com_err, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken' com_err 'com_err -lssl -lcrypto'], [],
-+ AC_SEARCH_LIBS(com_err, [com_err 'com_err -lssl -lcrypto' krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
- [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])])
- AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [],
- [AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])])
-@@ -924,6 +915,15 @@
- fi
- fi
-
-+if test "$with_gssapi" = yes ; then
-+ if test "$PORTNAME" != "win32"; then
-+ AC_SEARCH_LIBS(gss_init_sec_context, [gssapi_krb5 gss 'gssapi -lkrb5 -lcrypto'], [],
-+ [AC_MSG_ERROR([could not find function 'gss_init_sec_context' required for GSSAPI])])
-+ else
-+ LIBS="$LIBS -lgssapi32"
-+ fi
-+fi
-+
- if test "$with_openssl" = yes ; then
- dnl Order matters!
- if test "$PORTNAME" != "win32"; then
-
diff --git a/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
new file mode 100644
index 000000000000..fdcc5cb65267
--- /dev/null
+++ b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1
@@ -0,0 +1,175 @@
+From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson <benjamin@python.org>
+Date: Mon, 18 Jan 2021 15:11:46 -0600
+Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24250)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson <benjamin@python.org>
+---
+ Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++
+ .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
+ Modules/_ctypes/callproc.c | 55 +++++++------------
+ 3 files changed, 66 insertions(+), 34 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+
+diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
+index e4c25fd880..531894fdec 100644
+--- a/Lib/ctypes/test/test_parameters.py
++++ b/Lib/ctypes/test/test_parameters.py
+@@ -201,6 +201,49 @@ def __dict__(self):
+ self.assertRaises(ArgumentError, func, 99)
+
+
++ def test_parameter_repr(self):
++ from ctypes import (
++ c_bool,
++ c_char,
++ c_wchar,
++ c_byte,
++ c_ubyte,
++ c_short,
++ c_ushort,
++ c_int,
++ c_uint,
++ c_long,
++ c_ulong,
++ c_longlong,
++ c_ulonglong,
++ c_float,
++ c_double,
++ c_longdouble,
++ c_char_p,
++ c_wchar_p,
++ c_void_p,
++ )
++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
++
+ ################################################################
+
+ if __name__ == '__main__':
+diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+new file mode 100644
+index 0000000000..7df65a156f
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+@@ -0,0 +1,2 @@
++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
++:class:`ctypes.c_longdouble` values.
+diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
+index 70e416b950..9fcf95f543 100644
+--- a/Modules/_ctypes/callproc.c
++++ b/Modules/_ctypes/callproc.c
+@@ -451,54 +451,43 @@ PyCArg_dealloc(PyCArgObject *self)
+ static PyObject *
+ PyCArg_repr(PyCArgObject *self)
+ {
+- char buffer[256];
+ switch(self->tag) {
+ case 'b':
+ case 'B':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.b);
+- break;
+ case 'h':
+ case 'H':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.h);
+- break;
+ case 'i':
+ case 'I':
+- sprintf(buffer, "<cparam '%c' (%d)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
+ self->tag, self->value.i);
+- break;
+ case 'l':
+ case 'L':
+- sprintf(buffer, "<cparam '%c' (%ld)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
+ self->tag, self->value.l);
+- break;
+
+ #ifdef HAVE_LONG_LONG
+ case 'q':
+ case 'Q':
+- sprintf(buffer,
+-#ifdef MS_WIN32
+- "<cparam '%c' (%I64d)>",
+-#else
+- "<cparam '%c' (%qd)>",
+-#endif
++ return PyUnicode_FromFormat("<cparam '%c' (%qd)>",
+ self->tag, self->value.q);
+- break;
+ #endif
+ case 'd':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.d);
+- break;
+- case 'f':
+- sprintf(buffer, "<cparam '%c' (%f)>",
+- self->tag, self->value.f);
+- break;
+-
++ case 'f': {
++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
++ if (f == NULL) {
++ return NULL;
++ }
++ { PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
++ Py_DECREF(f);
++ return result; }
++ }
+ case 'c':
+- sprintf(buffer, "<cparam '%c' (%c)>",
++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
+ self->tag, self->value.c);
+- break;
+
+ /* Hm, are these 'z' and 'Z' codes useful at all?
+ Shouldn't they be replaced by the functionality of c_string
+@@ -507,16 +495,14 @@ PyCArg_repr(PyCArgObject *self)
+ case 'z':
+ case 'Z':
+ case 'P':
+- sprintf(buffer, "<cparam '%c' (%p)>",
++ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
+ self->tag, self->value.p);
+ break;
+
+ default:
+- sprintf(buffer, "<cparam '%c' at %p>",
+- self->tag, self);
+- break;
++ return PyUnicode_FromFormat("<cparam '%c' at %p>",
++ (unsigned char)self->tag, (void *)self);
+ }
+- return PyUnicode_FromString(buffer);
+ }
+
+ static PyMemberDef PyCArgType_members[] = {
+--
+2.29.2
+
diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk
index 09edc2a099f2..99547f384844 100644
--- a/external/python3/ExternalProject_python3.mk
+++ b/external/python3/ExternalProject_python3.mk
@@ -42,9 +42,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) :
else
-# this was added in 2004, hopefully is obsolete now (and why only intel anyway)? $(if $(filter SOLARIS-INTEL,$(OS)$(CPUNAME)),--disable-ipv6)
-
-# --with-system-expat: this should find the one in the solver (or system)
+# --with-system-expat: this should find the one in the workdir (or system)
# create a symlink "LO_lib" because the .so are in a directory with platform
# specific name like build/lib.linux-x86_64-3.3
@@ -66,7 +64,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) :
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
$(if $(ENABLE_VALGRIND),--with-valgrind) \
--prefix=/python-inst \
- $(if $(filter MACOSX,$(OS)),,--with-system-expat) \
+ --with-system-expat \
$(if $(filter AIX,$(OS)), \
--disable-ipv6 --with-threads OPT="-g0 -fwrapv -O3 -Wall", \
$(if $(gb_Module_CURRENTMODULE_DEBUG_ENABLED), \
diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk
index 66a82955e440..81a392f76f48 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -23,11 +23,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\
external/python3/python-3.5.4-msvc-disable.patch.1 \
external/python3/python-3.3.0-pythreadstate.patch.1 \
external/python3/python-3.3.0-clang.patch.1 \
- external/python3/python-3.3.5-pyexpat-symbols.patch.1 \
external/python3/ubsan.patch.0 \
external/python3/python-3.5.tweak.strip.soabi.patch \
external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \
- external/python3/python-3.5.7-c99.patch.1 \
+ external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 \
))
ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),)
diff --git a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 b/external/python3/python-3.3.5-pyexpat-symbols.patch.1
deleted file mode 100644
index c04c78cf36e7..000000000000
--- a/external/python3/python-3.3.5-pyexpat-symbols.patch.1
+++ /dev/null
@@ -1,28 +0,0 @@
-HACK: Fix build breakage on MacOS:
-
-*** WARNING: renaming "pyexpat" since importing it failed: dlopen(build/lib.macosx-10.6-i386-3.3/pyexpat.so, 2): Symbol not found: _XML_ErrorString
-
-This reverts c242a8f30806 from the python hg repo:
-
-restore namespacing of pyexpat symbols (closes #19186)
-
-
-See http://bugs.python.org/issue19186#msg214069
-
-The recommendation to include Modules/inc at first broke the Linux build...
-
-So do it this way, as it was before. Needs some realignment later.
-
---- python3/Modules/expat/expat_external.h
-+++ python3/Modules/expat/expat_external.h
-@@ -7,10 +7,6 @@
-
- /* External API definitions */
-
--/* Namespace external symbols to allow multiple libexpat version to
-- co-exist. */
--#include "pyexpatns.h"
--
- #if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__)
- #define XML_USE_MSC_EXTENSIONS 1
- #endif
diff --git a/external/python3/python-3.5.7-c99.patch.1 b/external/python3/python-3.5.7-c99.patch.1
deleted file mode 100644
index 558166d9953f..000000000000
--- a/external/python3/python-3.5.7-c99.patch.1
+++ /dev/null
@@ -1,62 +0,0 @@
-remove C99 which isn't suppored by all compilers yet
-
---- python3/Modules/_pickle.c.orig 2019-04-03 16:34:01.380124314 +0200
-+++ python3/Modules/_pickle.c 2019-04-03 16:35:18.579005171 +0200
-@@ -674,9 +674,12 @@
- PyErr_NoMemory();
- return NULL;
- }
-- for (size_t i = 0; i < self->mt_allocated; i++) {
-+ {
-+ size_t i;
-+ for (i = 0; i < self->mt_allocated; i++) {
- Py_XINCREF(self->mt_table[i].me_key);
- }
-+ }
- memcpy(new->mt_table, self->mt_table,
- sizeof(PyMemoEntry) * self->mt_allocated);
-
-@@ -4204,7 +4207,9 @@
- return NULL;
-
- memo = self->pickler->memo;
-- for (size_t i = 0; i < memo->mt_allocated; ++i) {
-+ {
-+ size_t i;
-+ for (i = 0; i < memo->mt_allocated; ++i) {
- PyMemoEntry entry = memo->mt_table[i];
- if (entry.me_key != NULL) {
- int status;
-@@ -4225,6 +4230,7 @@
- goto error;
- }
- }
-+ }
- return new_memo;
-
- error:
-@@ -6791,10 +6797,13 @@
- if (new_memo == NULL)
- return -1;
-
-- for (size_t i = 0; i < new_memo_size; i++) {
-+ {
-+ size_t i;
-+ for (i = 0; i < new_memo_size; i++) {
- Py_XINCREF(unpickler->memo[i]);
- new_memo[i] = unpickler->memo[i];
- }
-+ }
- }
- else if (PyDict_Check(obj)) {
- Py_ssize_t i = 0;
-@@ -6839,7 +6848,8 @@
-
- error:
- if (new_memo_size) {
-- for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) {
-+ size_t i;
-+ for (i = new_memo_size - 1; i != SIZE_MAX; i--) {
- Py_XDECREF(new_memo[i]);
- }
- PyMem_FREE(new_memo);
diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk
index 517b11a3d14f..fbdc8b6f5510 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
external/redland/raptor/xml2-config.patch \
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 \
+ external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \
external/redland/raptor/libtool.patch \
))
diff --git a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
new file mode 100644
index 000000000000..1fb279df3e4d
--- /dev/null
+++ b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ /* check it wasn't an earlier declaration too */
+ for(j = 0; j < nspace_declarations_count; j++)
+- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+ declare_me = 0;
+ break;
+ }
+--
+2.28.0
+
diff --git a/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1 b/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
new file mode 100644
index 000000000000..51607ca6ee73
--- /dev/null
+++ b/external/xmlsec/0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
@@ -0,0 +1,68 @@
+From a39b110cb2c25680259a38b2f397b350151bc6e7 Mon Sep 17 00:00:00 2001
+From: Michael Stahl <michael.stahl@allotropia.de>
+Date: Wed, 7 Apr 2021 16:43:48 +0200
+Subject: [PATCH] xmlSecX509DataGetNodeContent(): don't return 0 for non-empty
+ elements
+
+LibreOffice wants to write the content of KeyInfo itself and thus writes
+X509Certificate element with content.
+
+But then xmlSecMSCngKeyDataX509XmlWrite() writes a duplicate
+X509Certificate element, which then makes a new additional consistency
+check in LO unhappy.
+
+The duplicate is written because xmlSecX509DataGetNodeContent() returns
+0 because it only checks for empty nodes; if there are only non-empty
+nodes a fallback to XMLSEC_X509DATA_DEFAULT occurs in all backends.
+
+Change the return value to be non-0 without changing the signature of
+the function, as it is apparently public.
+
+This doesn't happen in LO in the NSS backend due to another accident,
+where the private key flag isn't set when the X509Certificate is read,
+but otherwise the code is the same.
+---
+ src/x509.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/x509.c b/src/x509.c
+index ed8788ae..dac8bd2b 100644
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -60,22 +60,33 @@ xmlSecX509DataGetNodeContent (xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
++ } else {
++ /* ensure return value isn't 0 if there are non-empty elements */
++ content |= (XMLSEC_X509DATA_CERTIFICATE_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_SUBJECTNAME_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_ISSUERSERIAL_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SKI_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_SKI_NODE << 16);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CRL_NODE;
++ } else {
++ content |= (XMLSEC_X509DATA_CRL_NODE << 16);
+ }
+ } else {
+ /* todo: fail on unknown child node? */
+--
+2.30.2
+
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 24be126f1d84..61502e7cc7b7 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,9 +11,9 @@ xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
-xmlsec_patches += xmlsec1-customkeymanage.patch.1
# Backport of <https://github.com/lsh123/xmlsec/pull/172>.
xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
+xmlsec_patches += 0001-xmlSecX509DataGetNodeContent-don-t-return-0-for-non-.patch.1
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
diff --git a/external/xmlsec/xmlsec1-customkeymanage.patch.1 b/external/xmlsec/xmlsec1-customkeymanage.patch.1
deleted file mode 100644
index 14595da6df16..000000000000
--- a/external/xmlsec/xmlsec1-customkeymanage.patch.1
+++ /dev/null
@@ -1,4321 +0,0 @@
-From 57f9146c45b1819afdd79a96a77ea55fb84ddb50 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos@collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:19:12 +0100
-Subject: [PATCH] xmlsec1-customkeymanage.patch
-
-Conflicts:
- include/xmlsec/nss/app.h
- include/xmlsec/nss/keysstore.h
- src/nss/Makefile.in
- src/nss/hmac.c
- src/nss/keysstore.c
- src/nss/pkikeys.c
- src/nss/symkeys.c
- src/nss/x509.c
- src/nss/x509vfy.c
----
- include/xmlsec/nss/Makefile.am | 3 +
- include/xmlsec/nss/Makefile.in | 3 +
- include/xmlsec/nss/akmngr.h | 56 +++
- include/xmlsec/nss/app.h | 5 +
- include/xmlsec/nss/ciphers.h | 35 ++
- include/xmlsec/nss/keysstore.h | 4 +
- include/xmlsec/nss/tokens.h | 182 ++++++++++
- src/nss/Makefile.am | 2 +
- src/nss/Makefile.in | 20 ++
- src/nss/akmngr.c | 384 ++++++++++++++++++++
- src/nss/hmac.c | 6 +-
- src/nss/keysstore.c | 772 +++++++++++++++++++++++++++++------------
- src/nss/pkikeys.c | 81 ++---
- src/nss/symkeys.c | 705 +++++++++++++++++++++++++++++++++++--
- src/nss/tokens.c | 544 +++++++++++++++++++++++++++++
- src/nss/x509.c | 491 ++++++--------------------
- src/nss/x509vfy.c | 248 +++++--------
- 17 files changed, 2703 insertions(+), 838 deletions(-)
- create mode 100644 include/xmlsec/nss/akmngr.h
- create mode 100644 include/xmlsec/nss/ciphers.h
- create mode 100644 include/xmlsec/nss/tokens.h
- create mode 100644 src/nss/akmngr.c
- create mode 100644 src/nss/tokens.c
-
-diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
-index e3521622..997ca7fd 100644
---- a/include/xmlsec/nss/Makefile.am
-+++ b/include/xmlsec/nss/Makefile.am
-@@ -10,6 +10,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- install-exec-hook:
-diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
-index 6fecb4f5..672d10e7 100644
---- a/include/xmlsec/nss/Makefile.in
-+++ b/include/xmlsec/nss/Makefile.in
-@@ -407,6 +407,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- all: all-am
-diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
-new file mode 100644
-index 00000000..80535110
---- /dev/null
-+++ b/include/xmlsec/nss/akmngr.h
-@@ -0,0 +1,56 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
-index 93f6c637..03f6aa14 100644
---- a/include/xmlsec/nss/app.h
-+++ b/include/xmlsec/nss/app.h
-@@ -22,6 +22,9 @@ extern "C" {
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/transforms.h>
-
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+
- /********************************************************************
- *
- * Init/shutdown
-@@ -40,6 +43,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlS
- xmlSecKeyPtr key);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
- const char* uri);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
- const char* filename,
- xmlSecKeyDataType type);
-diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
-new file mode 100644
-index 00000000..607eb1e0
---- /dev/null
-+++ b/include/xmlsec/nss/ciphers.h
-@@ -0,0 +1,35 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
-index eb64d3c3..369a1453 100644
---- a/include/xmlsec/nss/keysstore.h
-+++ b/include/xmlsec/nss/keysstore.h
-@@ -16,6 +16,8 @@ extern "C" {
- #endif /* __cplusplus */
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/nss/tokens.h>
-
- /****************************************************************************
- *
-@@ -31,6 +33,8 @@ extern "C" {
- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
- xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
- const char *uri,
- xmlSecKeysMngrPtr keysMngr);
-diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h
-new file mode 100644
-index 00000000..444c5614
---- /dev/null
-+++ b/include/xmlsec/nss/tokens.h
-@@ -0,0 +1,182 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
-diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
-index e666f33c..ec9e7896 100644
---- a/src/nss/Makefile.am
-+++ b/src/nss/Makefile.am
-@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
-index 2861e3ce..7532d90e 100644
---- a/src/nss/Makefile.in
-+++ b/src/nss/Makefile.in
-@@ -140,6 +140,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
- libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
- libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
- libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
-+ libxmlsec1_nss_la-akmngr.lo \
-+ libxmlsec1_nss_la-tokens.lo \
- $(am__objects_1)
- libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
- AM_V_lt = $(am__v_lt_@AM_V@)
-@@ -474,6 +476,8 @@ libxmlsec1_nss_la_SOURCES = \
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-@@ -584,6 +588,8 @@ distclean-compile:
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
-
- .c.o:
- @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@@ -616,6 +622,20 @@ libxmlsec1_nss_la-app.lo: app.c
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-
-+libxmlsec1_nss_la-akmngr.lo: akmngr.c
-+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+
-+libxmlsec1_nss_la-tokens.lo: tokens.c
-+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo $(DEPDIR)/libxmlsec1_nss_la-tokens.Plo
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
-+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+
- libxmlsec1_nss_la-bignum.lo: bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
-diff --git a/src/nss/akmngr.c b/src/nss/akmngr.c
-new file mode 100644
-index 00000000..65b94ac5
---- /dev/null
-+++ b/src/nss/akmngr.c
-@@ -0,0 +1,384 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-diff --git a/src/nss/hmac.c b/src/nss/hmac.c
-index 558d4b93..2ef668c1 100644
---- a/src/nss/hmac.c
-+++ b/src/nss/hmac.c
-@@ -23,8 +23,8 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-
- /* sizes in bits */
- #define XMLSEC_NSS_MIN_HMAC_SIZE 80
-@@ -355,9 +355,9 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- keyItem.data = xmlSecBufferGetData(buffer);
- keyItem.len = xmlSecBufferGetSize(buffer);
-
-- slot = PK11_GetBestSlot(ctx->digestType, NULL);
-+ slot = xmlSecNssSlotGet(ctx->digestType);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
-+ xmlSecNssError("xmlSecNssSlotGet", xmlSecTransformGetName(transform));
- return(-1);
- }
-
-diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
-index 0976e4a9..03baa887 100644
---- a/src/nss/keysstore.c
-+++ b/src/nss/keysstore.c
-@@ -1,36 +1,56 @@
- /*
- * XML Security Library (http://www.aleksey.com/xmlsec).
- *
-- * Nss keys store that uses Simple Keys Store under the hood. Uses the
-- * Nss DB as a backing store for the finding keys, but the NSS DB is
-- * not written to by the keys store.
-- * So, if store->findkey is done and the key is not found in the simple
-- * keys store, the NSS DB is looked up.
-- * If store is called to adopt a key, that key is not written to the NSS
-- * DB.
-- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
-- * source of keys for xmlsec
-- *
- * This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
- * Copyright (c) 2003 America Online, Inc. All rights reserved.
- */
-+
-+/**
-+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
-+ * list is a backup repository for the finding keys. If a key is not found from
-+ * the key list, the NSS slot list is looked up.
-+ *
-+ * Any key in the key list will not save to pkcs11 slot. When a store to called
-+ * to adopt a key, the key is resident in the key list; While a store to called
-+ * to set a is resident in the key list; While a store to called to set a slot
-+ * list, which means that the keys in the listed slot can be used for xml sign-
-+ * nature or encryption.
-+ *
-+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
-+ *
-+ * The framework will decrease the user interfaces to administrate xmlSec crypto
-+ * engine. He can only focus on NSS layer functions. For examples, after the
-+ * user set up a slot list handler to the keys store, he do not need to do any
-+ * other work atop xmlSec interfaces, his action on the slot list handler, such
-+ * as add a token to, delete a token from the list, will directly effect the key
-+ * store behaviors.
-+ *
-+ * For example, a scenariio:
-+ * 0. Create a slot list;( NSS interfaces )
-+ * 1. Create a keys store;( xmlSec interfaces )
-+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
-+ * 3. Add a slot to the slot list;( NSS interfaces )
-+ * 4. Perform xml signature; ( xmlSec Interfaces )
-+ * 5. Deleter a slot from the slot list;( NSS interfaces )
-+ * 6. Perform xml encryption; ( xmlSec Interfaces )
-+ * 7. Perform xml signature;( xmlSec Interfaces )
-+ * 8. Destroy the keys store;( xmlSec Interfaces )
-+ * 8. Destroy the slot list.( NSS Interfaces )
-+ */
- #include "globals.h"
-
- #include <stdlib.h>
- #include <string.h>
-
- #include <nss.h>
--#include <cert.h>
- #include <pk11func.h>
-+#include <prinit.h>
- #include <keyhi.h>
-
--#include <libxml/tree.h>
--
- #include <xmlsec/xmlsec.h>
--#include <xmlsec/buffer.h>
--#include <xmlsec/base64.h>
-+#include <xmlsec/keys.h>
- #include <xmlsec/errors.h>
- #include <xmlsec/xmltree.h>
-
-@@ -38,82 +58,461 @@
-
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/keysstore.h>
--#include <xmlsec/nss/x509.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/ciphers.h>
- #include <xmlsec/nss/pkikeys.h>
-
- /****************************************************************************
- *
-- * Nss Keys Store. Uses Simple Keys Store under the hood
-+ * Internal NSS key store context
- *
-- * Simple Keys Store ptr is located after xmlSecKeyStore
-+ * This context is located after xmlSecKeyStore
- *
- ***************************************************************************/
--#define xmlSecNssKeysStoreSize \
-- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
-+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
-
--#define xmlSecNssKeysStoreGetSS(store) \
-- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
-- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
-- (xmlSecKeyStorePtr*)NULL)
-+struct _xmlSecNssKeysStoreCtx {
-+ xmlSecPtrListPtr keyList ;
-+ xmlSecPtrListPtr slotList ;
-+} ;
-
--static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
--static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
--static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
-- const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--
--static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-- sizeof(xmlSecKeyStoreKlass),
-- xmlSecNssKeysStoreSize,
--
-- /* data */
-- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
-+#define xmlSecNssKeysStoreSize \
-+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
-+
-+#define xmlSecNssKeysStoreGetCtx( data ) \
-+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
-+
-+int xmlSecNssKeysStoreAdoptKeySlot(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->slotList == NULL ) {
-+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ return 0 ;
-+}
-
-- /* constructors/destructor */
-- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
-- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
-- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
-+int xmlSecNssKeysStoreAdoptKey(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->keyList == NULL ) {
-+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-
-- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
-+/*
-+ * xmlSecKeyStoreInitializeMethod:
-+ * @store: the store.
-+ *
-+ * Keys store specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+static int
-+xmlSecNssKeysStoreInitialize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ context->keyList = NULL ;
-+ context->slotList = NULL ;
-+
-+ return 0 ;
-+}
-
- /**
-- * xmlSecNssKeysStoreGetKlass:
- *
-- * The Nss list based keys store klass.
-+ * xmlSecKeyStoreFinalizeMethod:
-+ * @store: the store.
- *
-- * Returns: Nss list based keys store klass.
-+ * Keys store specific finalization (destroy) method.
- */
--xmlSecKeyStoreId
--xmlSecNssKeysStoreGetKlass(void) {
-- return(&xmlSecNssKeysStoreKlass);
-+void
-+xmlSecNssKeysStoreFinalize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
-+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
-+ }
-+
-+ if( context->keyList != NULL ) {
-+ xmlSecPtrListDestroy( context->keyList ) ;
-+ context->keyList = NULL ;
-+ }
-+
-+ if( context->slotList != NULL ) {
-+ xmlSecPtrListDestroy( context->slotList ) ;
-+ context->slotList = NULL ;
-+ }
- }
-
--/**
-- * xmlSecNssKeysStoreAdoptKey:
-- * @store: the pointer to Nss keys store.
-- * @key: the pointer to key.
-+xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKeyFromSlot(
-+ PK11SlotInfo* slot,
-+ const xmlChar* name,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecKeyDataPtr data = NULL ;
-+ int length ;
-+
-+ xmlSecAssert2( slot != NULL , NULL ) ;
-+ xmlSecAssert2( name != NULL , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
-+ PK11SymKey* symKey ;
-+ PK11SymKey* curKey ;
-+
-+ /* Find symmetric key from the slot by name */
-+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
-+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
-+ /* Check the key request */
-+ length = PK11_GetKeyLength( curKey ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ break ;
-+ }
-+
-+ /* Destroy the sym key list */
-+ for( curKey = symKey ; curKey != NULL ; ) {
-+ symKey = curKey ;
-+ curKey = PK11_GetNextSymKey( symKey ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ SECKEYPublicKeyList* pubKeyList ;
-+ SECKEYPublicKey* pubKey ;
-+ SECKEYPublicKeyListNode* curPub ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
-+ pubKey = NULL ;
-+ curPub = PUBKEY_LIST_HEAD(pubKeyList);
-+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
-+ /* Check the key request */
-+ length = SECKEY_PublicKeyStrength( curPub->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ pubKey = curPub->key ;
-+ break ;
-+ }
-+
-+ if( pubKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the public key list */
-+ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ SECKEYPrivateKeyList* priKeyList = NULL ;
-+ SECKEYPrivateKey* priKey = NULL ;
-+ SECKEYPrivateKeyListNode* curPri ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
-+ priKey = NULL ;
-+ curPri = PRIVKEY_LIST_HEAD(priKeyList);
-+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
-+ /* Check the key request */
-+ length = PK11_SignatureLen( curPri->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ priKey = curPri->key ;
-+ break ;
-+ }
-+
-+ if( priKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the private key list */
-+ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
-+ }
-+
-+ /* If we have gotten the key value */
-+ if( data != NULL ) {
-+ if( ( key = xmlSecKeyCreate() ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDestroy( key ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ return(key);
-+}
-+
-+/**
-+ * xmlSecKeyStoreFindKeyMethod:
-+ * @store: the store.
-+ * @name: the desired key name.
-+ * @keyInfoCtx: the pointer to key info context.
- *
-- * Adds @key to the @store.
-+ * Keys store specific find method. The caller is responsible for destroying
-+ * the returned key using #xmlSecKeyDestroy method.
- *
-- * Returns: 0 on success or a negative value if an error occurs.
-+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
- */
--int
--xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
-- xmlSecKeyStorePtr *ss;
-+static xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKey(
-+ xmlSecKeyStorePtr store ,
-+ const xmlChar* name ,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecNssKeySlotPtr keySlot = NULL ;
-+ xmlSecSize pos ;
-+ xmlSecSize size ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((key != NULL), -1);
-+ /*-
-+ * Look for key at keyList at first.
-+ */
-+ if( context->keyList != NULL ) {
-+ size = xmlSecPtrListGetSize( context->keyList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
-+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
-+ return xmlSecKeyDuplicate( key ) ;
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Find the key from slotList
-+ */
-+ if( context->slotList != NULL ) {
-+ PK11SlotInfo* slot = NULL ;
-+
-+ size = xmlSecPtrListGetSize( context->slotList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ if( slot == NULL ) {
-+ continue ;
-+ } else {
-+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
-+ if( key == NULL ) {
-+ continue ;
-+ } else {
-+ return( key ) ;
-+ }
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Create a session key if we can not find the key from keyList and slotList
-+ */
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
-+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ return key ;
-+ }
-+
-+ /**
-+ * We have no way to find the key any more.
-+ */
-+ return NULL ;
-+}
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+ sizeof( xmlSecKeyStoreKlass ) ,
-+ xmlSecNssKeysStoreSize ,
-+ BAD_CAST "implicit_nss_keys_store" ,
-+ xmlSecNssKeysStoreInitialize ,
-+ xmlSecNssKeysStoreFinalize ,
-+ xmlSecNssKeysStoreFindKey ,
-+ NULL ,
-+ NULL
-+} ;
-
-- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
-+/**
-+ * xmlSecNssKeysStoreGetKlass:
-+ *
-+ * The simple list based keys store klass.
-+ *
-+ */
-+xmlSecKeyStoreId
-+xmlSecNssKeysStoreGetKlass( void ) {
-+ return &xmlSecNssKeysStoreKlass ;
- }
-
-+/**************************
-+ * Application routines
-+ */
-+
- /**
- * xmlSecNssKeysStoreLoad:
- * @store: the pointer to Nss keys store.
-@@ -227,191 +626,126 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- */
- int
- xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
-- xmlSecKeyStorePtr *ss;
-+ xmlSecKeyInfoCtx keyInfoCtx;
-+ xmlSecNssKeysStoreCtxPtr context ;
-+ xmlSecPtrListPtr list;
-+ xmlSecKeyPtr key;
-+ xmlSecSize i, keysSize;
-+ xmlDocPtr doc;
-+ xmlNodePtr cur;
-+ xmlSecKeyDataPtr data;
-+ xmlSecPtrListPtr idsList;
-+ xmlSecKeyDataId dataId;
-+ xmlSecSize idsSize, j;
-+ int ret;
-
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((filename != NULL), -1);
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
-+ xmlSecAssert2(filename != NULL, -1);
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ xmlSecAssert2( context != NULL, -1 );
-
-- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
--}
--
--static int
--xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1);
-+ list = context->keyList ;
-+ xmlSecAssert2( list != NULL, -1 );
-+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
-
-- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
-- if(*ss == NULL) {
-+ /* create doc */
-+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
-+ if(doc == NULL) {
- xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
- xmlSecKeyStoreGetName(store));
- return(-1);
- }
-
-- return(0);
--}
--
--static void
--xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert((ss != NULL) && (*ss != NULL));
--
-- xmlSecKeyStoreDestroy(*ss);
--}
--
--static xmlSecKeyPtr
--xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecKeyStorePtr* ss;
-- xmlSecKeyPtr key = NULL;
-- xmlSecKeyPtr retval = NULL;
-- xmlSecKeyReqPtr keyReq = NULL;
-- CERTCertificate *cert = NULL;
-- SECKEYPublicKey *pubkey = NULL;
-- SECKEYPrivateKey *privkey = NULL;
-- xmlSecKeyDataPtr data = NULL;
-- xmlSecKeyDataPtr x509Data = NULL;
-- int ret;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
--
-- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
-- if (key != NULL) {
-- return (key);
-- }
--
-- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
-- * we must have a name to lookup keys in NSS DB.
-- */
-- if (name == NULL) {
-- goto done;
-- }
-+ idsList = xmlSecKeyDataIdsGet();
-+ xmlSecAssert2(idsList != NULL, -1);
-
-- /* what type of key are we looking for?
-- * TBD: For now, we'll look only for public/private keys using the
-- * name as a cert nickname. Later on, we can attempt to find
-- * symmetric keys using PK11_FindFixedKey
-- */
-- keyReq = &(keyInfoCtx->keyReq);
-- if (keyReq->keyType &
-- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
-- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
-- if (cert == NULL) {
-- goto done;
-- }
-+ keysSize = xmlSecPtrListGetSize(list);
-+ idsSize = xmlSecPtrListGetSize(idsList);
-+ for(i = 0; i < keysSize; ++i) {
-+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
-+ xmlSecAssert2(key != NULL, -1);
-
-- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
-- pubkey = CERT_ExtractPublicKey(cert);
-- if (pubkey == NULL) {
-- xmlSecNssError("CERT_ExtractPublicKey", NULL);
-- goto done;
-- }
-+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
-- privkey = PK11_FindKeyByAnyCert(cert, NULL);
-- if (privkey == NULL) {
-- xmlSecNssError("PK11_FindKeyByAnyCert", NULL);
-- goto done;
-+ /* special data key name */
-+ if(xmlSecKeyGetName(key) != NULL) {
-+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
- }
-
-- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
-- if(data == NULL) {
-- xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
-- goto done;
-- }
-- privkey = NULL;
-- pubkey = NULL;
-+ /* create nodes for other keys data */
-+ for(j = 0; j < idsSize; ++j) {
-+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
-+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
-
-- key = xmlSecKeyCreate();
-- if (key == NULL) {
-- xmlSecInternalError("xmlSecKeyCreate", NULL);
-- return (NULL);
-- }
-+ if(dataId->dataNodeName == NULL) {
-+ continue;
-+ }
-
-- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
-- if(x509Data == NULL) {
-- xmlSecInternalError("xmlSecKeyDataCreate",
-- xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id));
-- goto done;
-- }
-+ data = xmlSecKeyGetData(key, dataId);
-+ if(data == NULL) {
-+ continue;
-+ }
-
-- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-- }
-- cert = CERT_DupCertificate(cert);
-- if (cert == NULL) {
-- xmlSecNssError("CERT_DupCertificate",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
- }
-
-- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
-+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- cert = NULL;
-
-- ret = xmlSecKeySetValue(key, data);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeySetValue",
-- xmlSecKeyDataGetName(data));
-- goto done;
-- }
-- data = NULL;
-+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
-+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
-+ keyInfoCtx.keyReq.keyType = type;
-+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
-
-- ret = xmlSecKeyAdoptData(key, x509Data);
-+ /* finally write key in the node */
-+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeyAdoptData",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoNodeWrite",
-+ xmlSecKeyStoreGetName(store));
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- x509Data = NULL;
-
-- retval = key;
-- key = NULL;
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- }
-
--done:
-- if (cert != NULL) {
-- CERT_DestroyCertificate(cert);
-- }
-- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-- }
-- if (privkey != NULL) {
-- SECKEY_DestroyPrivateKey(privkey);
-- }
-- if (data != NULL) {
-- xmlSecKeyDataDestroy(data);
-- }
-- if (x509Data != NULL) {
-- xmlSecKeyDataDestroy(x509Data);
-- }
-- if (key != NULL) {
-- xmlSecKeyDestroy(key);
-+ /* now write result */
-+ ret = xmlSaveFormatFile(filename, doc, 1);
-+ if (ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSaveFormatFile",
-+ XMLSEC_ERRORS_R_XML_FAILED,
-+ "filename=%s",
-+ xmlSecErrorsSafeString(filename));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- return (retval);
-+ xmlFreeDoc(doc);
-+ return(0);
- }
-diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
-index 25828aec..0a15dae5 100644
---- a/src/nss/pkikeys.c
-+++ b/src/nss/pkikeys.c
-@@ -24,6 +24,7 @@
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/bignum.h>
- #include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
-
- /**************************************************************************
- *
-@@ -115,6 +116,8 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
- xmlSecNssPKIKeyDataCtxPtr ctxSrc)
- {
- xmlSecNSSPKIKeyDataCtxFree(ctxDst);
-+ ctxDst->privkey = NULL ;
-+ ctxDst->pubkey = NULL ;
- if (ctxSrc->privkey != NULL) {
- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
- if(ctxDst->privkey == NULL) {
-@@ -563,9 +566,10 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_DSA, NULL);
-+ slot = xmlSecNssSlotGet(CKM_DSA);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("xmlSecNssSlotGet",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -713,14 +717,14 @@ done:
- if (slot != NULL) {
- PK11_FreeSlot(slot);
- }
-- if (ret != 0) {
-+
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (data != NULL) {
- xmlSecKeyDataDestroy(data);
- }
-- }
-+
- return(ret);
- }
-
-@@ -739,7 +743,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
-@@ -826,36 +830,32 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- j = PQG_PBITS_TO_INDEX(sizeBits);
- rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data),
-+ xmlSecNssError2("PK11_PQG_ParamGen",
-+ xmlSecKeyDataGetName(data),
- "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
- rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
- if (rv != SECSuccess || res != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data),
-- "size=%lu", (unsigned long)sizeBits);
-- goto done;
-- }
--
-- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-+ xmlSecNssError2("PK11_PQG_VerifyParams",
-+ xmlSecKeyDataGetName(data),
-+ "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
-+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
-
- if((privkey == NULL) || (pubkey == NULL)) {
-- xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data));
-+ xmlSecNssError("PK11_GenerateKeyPair",
-+ xmlSecKeyDataGetName(data));
-+
-+ ret = -1;
- goto done;
- }
-
-@@ -866,6 +866,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- goto done;
- }
-
-+ privkey = NULL ;
-+ pubkey = NULL ;
- ret = 0;
-
- done:
-@@ -878,16 +880,13 @@ done:
- if (pqgVerify != NULL) {
- PK11_PQG_DestroyVerify(pqgVerify);
- }
-- if (ret == 0) {
-- return (0);
-- }
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
- }
-- return(-1);
-+ return(ret);
- }
-
- static xmlSecKeyDataType
-@@ -897,10 +896,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
-- } else {
-+ } else if( ctx->pubkey != NULL ) {
- return(xmlSecKeyDataTypePublic);
- }
-
-@@ -914,7 +913,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-@@ -1101,9 +1100,10 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("PK11_GetBestSlot",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -1226,7 +1226,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1282,19 +1282,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- params.keySizeInBits = sizeBits;
- params.pe = 65537;
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-- goto done;
-- }
--
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
- if(privkey == NULL || pubkey == NULL) {
-@@ -1354,7 +1343,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
-
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
-index c88be8b2..2807f934 100644
---- a/src/nss/symkeys.c
-+++ b/src/nss/symkeys.c
-@@ -14,20 +14,41 @@
- #include <stdio.h>
- #include <string.h>
-
-+#include <pk11func.h>
-+#include <nss.h>
-+
- #include <xmlsec/xmlsec.h>
- #include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/tokens.h>
-
- /*****************************************************************************
- *
-- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
-+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
- *
- ****************************************************************************/
-+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
-+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
-+
-+struct _xmlSecNssSymKeyDataCtx {
-+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
-+ PK11SlotInfo* slot ; /* the key resident slot */
-+ PK11SymKey* symkey ; /* the symmetic key */
-+} ;
-+
-+#define xmlSecNssSymKeyDataSize \
-+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
-+
-+#define xmlSecNssSymKeyDataGetCtx( data ) \
-+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
-+
- static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
- static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-@@ -66,107 +87,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecNssSymKeyDataKlassCheck((data)->id))
-
-+/**
-+ * xmlSecNssSymKeyDataAdoptKey:
-+ * @data: the pointer to symmetric key data.
-+ * @symkey: the symmetric key
-+ *
-+ * Set the value of symmetric key data.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+int
-+xmlSecNssSymKeyDataAdoptKey(
-+ xmlSecKeyDataPtr data ,
-+ PK11SymKey* symkey
-+) {
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
-+ xmlSecAssert2( symkey != NULL, -1 ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ xmlSecAssert2(context != NULL, -1);
-+
-+ context->cipher = PK11_GetMechanism( symkey ) ;
-+
-+ if( context->slot != NULL ) {
-+ PK11_FreeSlot( context->slot ) ;
-+ context->slot = NULL ;
-+ }
-+ context->slot = PK11_GetSlotFromKey( symkey ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
-+
-+ return 0 ;
-+}
-+
-+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyDataPtr data = NULL ;
-+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
-+
-+ xmlSecAssert2( symKey != NULL , NULL ) ;
-+
-+ mechanism = PK11_GetMechanism( symKey ) ;
-+ switch( mechanism ) {
-+ case CKM_DES3_KEY_GEN :
-+ case CKM_DES3_CBC :
-+ case CKM_DES3_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ case CKM_AES_KEY_GEN :
-+ case CKM_AES_CBC :
-+ case CKM_AES_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ default :
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "Unsupported mechanism" ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataAdoptKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ return data ;
-+}
-+
-+
-+PK11SymKey*
-+xmlSecNssSymKeyDataGetKey(
-+ xmlSecKeyDataPtr data
-+) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ PK11SymKey* symkey ;
-+
-+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, NULL);
-+
-+ if( ctx->symkey != NULL ) {
-+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
-+ } else {
-+ symkey = NULL ;
-+ }
-+
-+ return(symkey);
-+}
-+
- static int
- xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
-+
-+ /* Set the block cipher mechanism */
-+#ifndef XMLSEC_NO_DES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_DES3_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_AES_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ "Unsupported block cipher" ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueInitialize(data));
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-+ xmlSecNssSymKeyDataCtxPtr ctxDst;
-+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
-- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
-+ xmlSecAssert2(ctxDst != NULL, -1);
-+
-+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
-+ xmlSecAssert2(ctxSrc != NULL, -1);
-+
-+ ctxDst->cipher = ctxSrc->cipher ;
-+
-+ if( ctxSrc->slot != NULL ) {
-+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+
-+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
-+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
-+ } else {
-+ if( ctxDst->slot != NULL ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+ }
-+
-+ if( ctxSrc->symkey != NULL ) {
-+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+
-+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
-+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
-+ } else {
-+ if( ctxDst->symkey != NULL ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+ }
-+
-+ return(0);
- }
-
- static void
- xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert(ctx != NULL);
-
-- xmlSecKeyDataBinaryValueFinalize(data);
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+
-+ ctx->cipher = CKM_INVALID_MECHANISM ;
- }
-
- static int
- xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecBufferPtr keyBuf;
-+ xmlSecSize len;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Create a buffer for raw symmetric key value */
-+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Read the raw key value */
-+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
-+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* raw key material has been copied into symKey, it isn't used any more */
-+ xmlSecBufferDestroy( keyBuf ) ;
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+ xmlSecBufferPtr keyBuf ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Create key data buffer with raw kwy material */
-+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
-+ if(keyBuf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
-+
-+ /* Write raw key material into current xml node */
-+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferBase64NodeContentWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = buf ;
-+ keyItem.len = bufSize ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ *bufSize = keyItem->len;
-+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
-+ if( *buf == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ memcpy((*buf), keyItem->data, (*bufSize));
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
-- xmlSecBufferPtr buffer;
-+ PK11SymKey* symkey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ int ret;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, -1);
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ if( sizeBits % 8 != 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "Symmetric key size must be octuple");
-+ return(-1);
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_Authenticate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-+
-+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
-+ if( symkey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_KeyGen" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-
-- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+ ctx->slot = slot ;
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+ ctx->symkey = symkey ;
-+
-+ return 0;
- }
-
- static xmlSecKeyDataType
- xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
-- xmlSecBufferPtr buffer;
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return xmlSecKeyDataTypeUnknown ;
-+ }
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-+ if( context->symkey != NULL ) {
-+ type |= xmlSecKeyDataTypeSymmetric ;
-+ } else {
-+ type |= xmlSecKeyDataTypeUnknown ;
-+ }
-
-- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-+ return type ;
- }
-
- static xmlSecSize
- xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr context ;
-+ unsigned int length = 0 ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return 0 ;
-+ }
-+
-+ if( context->symkey != NULL ) {
-+ length = PK11_GetKeyLength( context->symkey ) ;
-+ length *= 8 ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueGetSize(data));
-+ return length ;
- }
-
- static void
- xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
-- xmlSecKeyDataBinaryValueDebugDump(data, output);
-+ /* print only size, everything else is sensitive */
-+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
-+ xmlSecKeyDataGetSize(data)) ;
- }
-
- static void
- xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
-- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
-+ /* print only size, everything else is sensitive */
-+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
-+ xmlSecKeyDataGetSize(data)) ;
- }
-
- static int
-@@ -200,7 +857,7 @@ xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
- *************************************************************************/
- static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameAESKeyValue,
-@@ -281,7 +938,7 @@ xmlSecNssKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
- *************************************************************************/
- static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameDESKeyValue,
-@@ -363,7 +1020,7 @@ xmlSecNssKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize
- *************************************************************************/
- static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
- sizeof(xmlSecKeyDataKlass),
-- xmlSecKeyDataBinarySize,
-+ xmlSecNssSymKeyDataSize,
-
- /* data */
- xmlSecNameHMACKeyValue,
-diff --git a/src/nss/tokens.c b/src/nss/tokens.c
-new file mode 100644
-index 00000000..40ad9bbe
---- /dev/null
-+++ b/src/nss/tokens.c
-@@ -0,0 +1,544 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright..................................
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+
-+/**
-+ * In order to ensure that particular crypto operation is performed on
-+ * particular crypto device, a subclass of xmlSecList is used to store slot and
-+ * mechanism information.
-+ *
-+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
-+ * this mechanism only can perform on the slot; otherwise, it can perform on
-+ * every eligibl slot in the list.
-+ *
-+ * When try to find a slot for a particular mechanism, the slot bound with
-+ * avaliable mechanism will be looked up firstly.
-+ */
-+#include "globals.h"
-+#include <string.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/errors.h>
-+#include <xmlsec/list.h>
-+
-+#include <xmlsec/nss/tokens.h>
-+
-+int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( keySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+ CK_MECHANISM_TYPE_PTR newList ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( mechanism != CKM_INVALID_MECHANISM ) {
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
-+ *( newList + counter ) = mechanism ;
-+ for( counter -= 1 ; counter >= 0 ; counter -- )
-+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
-+
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = newList ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
-+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
-+ }
-+
-+ break ;
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-+CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->mechanismList ;
-+ else
-+ return NULL ;
-+}
-+
-+int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( slot != NULL && keySlot->slot != slot ) {
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) {
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
-+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
-+
-+ if( slot != NULL ) {
-+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL ) {
-+ xmlFree( keySlot->mechanismList ) ;
-+ keySlot->mechanismList = NULL ;
-+ }
-+
-+ if( keySlot->slot != NULL ) {
-+ PK11_FreeSlot( keySlot->slot ) ;
-+ keySlot->slot = NULL ;
-+ }
-+
-+}
-+
-+PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ if( keySlot != NULL )
-+ return keySlot->slot ;
-+ else
-+ return NULL ;
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
-+
-+ return( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ CK_MECHANISM_TYPE_PTR mech ;
-+ int counter ;
-+
-+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
-+ xmlSecAssert2( keySlot != NULL , -1 ) ;
-+
-+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
-+ if( newKeySlot->slot != NULL )
-+ PK11_FreeSlot( newKeySlot->slot ) ;
-+
-+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
-+ }
-+
-+ if( keySlot->mechanismList != CK_NULL_PTR ) {
-+ xmlFree( newKeySlot->mechanismList ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
-+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
-+ if( newKeySlot->mechanismList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+ for( ; counter >= 0 ; counter -- )
-+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
-+ }
-+
-+ return( 0 );
-+}
-+
-+xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeySlotPtr newKeySlot ;
-+ int ret ;
-+
-+ xmlSecAssert2( keySlot != NULL , NULL ) ;
-+
-+ newKeySlot = xmlSecNssKeySlotCreate() ;
-+ if( newKeySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( NULL );
-+ }
-+
-+ return( newKeySlot );
-+}
-+
-+void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+
-+ if( keySlot->mechanismList != NULL )
-+ xmlFree( keySlot->mechanismList ) ;
-+
-+ if( keySlot->slot != NULL )
-+ PK11_FreeSlot( keySlot->slot ) ;
-+
-+ xmlFree( keySlot ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ int counter ;
-+
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
-+ if( *( keySlot->mechanismList + counter ) == type )
-+ return(1) ;
-+ }
-+
-+ return( 0 ) ;
-+}
-+
-+int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecAssert2( keySlot != NULL , 0 ) ;
-+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
-+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
-+
-+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
-+ return(1);
-+ } else
-+ return(0);
-+}
-+
-+void
-+xmlSecNssKeySlotDebugDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+ xmlSecAssert( keySlot != NULL ) ;
-+ xmlSecAssert( output != NULL ) ;
-+
-+ fprintf( output, "== KEY SLOT\n" );
-+}
-+
-+void
-+xmlSecNssKeySlotDebugXmlDump(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ FILE* output
-+) {
-+}
-+
-+/**
-+ * Key Slot List
-+ */
-+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
-+ BAD_CAST "mechanism-list",
-+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
-+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
-+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
-+};
-+
-+xmlSecPtrListId
-+xmlSecNssKeySlotListGetKlass(void) {
-+ return(&xmlSecNssKeySlotPtrListKlass);
-+}
-+
-+
-+/*-
-+ * Global PKCS#11 crypto token repository -- Key slot list
-+ */
-+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
-+
-+PK11SlotInfo*
-+xmlSecNssSlotGet(
-+ CK_MECHANISM_TYPE type
-+) {
-+ PK11SlotInfo* slot = NULL ;
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ slot = PK11_GetBestSlot( type , NULL ) ;
-+ } else {
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the mechanism is bound with a special slot.
-+ * If no bound slot, we try to find the first eligible slot in the list.
-+ */
-+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 2 ;
-+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ flag = 1 ;
-+ }
-+
-+ if( flag == 2 )
-+ break ;
-+ }
-+ if( slot != NULL )
-+ slot = PK11_ReferenceSlot( slot ) ;
-+ }
-+
-+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
-+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return( NULL );
-+ }
-+ }
-+
-+ return slot ;
-+}
-+
-+int
-+xmlSecNssSlotInitialize(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+
-+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
-+ if( _xmlSecNssKeySlotList == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return( -1 );
-+ }
-+
-+ return(0);
-+}
-+
-+void
-+xmlSecNssSlotShutdown(
-+ void
-+) {
-+ if( _xmlSecNssKeySlotList != NULL ) {
-+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
-+ _xmlSecNssKeySlotList = NULL ;
-+ }
-+}
-+
-+int
-+xmlSecNssSlotAdopt(
-+ PK11SlotInfo* slot,
-+ CK_MECHANISM_TYPE type
-+) {
-+ xmlSecNssKeySlotPtr keySlot ;
-+ xmlSecSize ksSize ;
-+ xmlSecSize ksPos ;
-+ char flag ;
-+
-+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
-+ xmlSecAssert2( slot != NULL, -1 ) ;
-+
-+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
-+
-+ /*-
-+ * Firstly, checking whether the slot is in the repository already.
-+ */
-+ flag = 0 ;
-+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
-+ /* If find the slot in the list */
-+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ flag = 1 ;
-+ }
-+ }
-+
-+ /* If the slot do not in the list, add a new item to the list */
-+ if( flag == 0 ) {
-+ /* Create a new KeySlot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1);
-+ }
-+
-+ /* Initialize the keySlot with a slot */
-+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+
-+ /* If mechnism type is valid, bind the slot with the mechanism */
-+ if( type != CKM_INVALID_MECHANISM ) {
-+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ /* Add keySlot into the list */
-+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return(-1);
-+ }
-+ }
-+
-+ return(0);
-+}
-+
-diff --git a/src/nss/x509.c b/src/nss/x509.c
-index 9c6c46f1..c95522d6 100644
---- a/src/nss/x509.c
-+++ b/src/nss/x509.c
-@@ -61,33 +61,18 @@ static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPt
- static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
--static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
-- xmlNodePtr node,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-@@ -104,9 +89,6 @@ static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
- static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
- int base64LineWrap);
--static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
--static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
--static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
- static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
- FILE* output);
- static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
-@@ -700,29 +682,22 @@ static int
- xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataPtr data;
-+ xmlNodePtr cur;
-+ xmlChar* buf;
- CERTCertificate* cert;
- CERTSignedCrl* crl;
- xmlSecSize size, pos;
-- int content = 0;
-- int ret;
-
- xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
-- content = xmlSecX509DataGetNodeContent (node, keyInfoCtx);
-- if (content < 0) {
-- xmlSecInternalError2("xmlSecX509DataGetNodeContent",
-- xmlSecKeyDataKlassGetName(id),
-- "content=%d", content);
-- return(-1);
-- } else if(content == 0) {
-- /* by default we are writing certificates and crls */
-- content = XMLSEC_X509DATA_DEFAULT;
-+ /* todo: flag in ctx remove all existing content */
-+ if (0) {
-+ xmlNodeSetContent(node, NULL);
- }
-
-- /* get x509 data */
- data = xmlSecKeyGetData(key, id);
- if(data == NULL) {
- /* no x509 data in the key */
-@@ -740,67 +715,65 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- return(-1);
- }
-
-- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
-- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite",
-+ /* set base64 lines size from context */
-+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
-+ if(buf == NULL) {
-+ xmlSecInternalError2("xmlSecNssX509CertBase64DerWrite",
- xmlSecKeyDataKlassGetName(id),
- "pos=%d", pos);
- return(-1);
-- }
- }
-
-- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
-- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite",
-+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecInternalError2("xmlSecAddChild",
- xmlSecKeyDataKlassGetName(id),
- "pos=%d", pos);
-+ xmlFree(buf);
- return(-1);
-- }
- }
-+ /* todo: add \n around base64 data - from context */
-+ /* todo: add errors check */
-+ xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
-+ xmlNodeSetContent(cur, buf);
-+ xmlFree(buf);
-+ }
-
-- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
-- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite",
-- xmlSecKeyDataKlassGetName(id),
-- "pos=%d", pos);
-- return(-1);
-- }
-+ /* write crls */
-+ size = xmlSecNssKeyDataX509GetCrlsSize(data);
-+ for(pos = 0; pos < size; ++pos) {
-+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
-+ if(crl == NULL) {
-+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
-+ xmlSecKeyDataKlassGetName(id),
-+ "pos=%d", pos);
-+ return(-1);
- }
-
-- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
-- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecInternalError2("xmlSecNssX509SKINodeWrite",
-- xmlSecKeyDataKlassGetName(id),
-- "pos=%d", pos);
-- return(-1);
-- }
-+ /* set base64 lines size from context */
-+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
-+ if(buf == NULL) {
-+ xmlSecInternalError2("xmlSecNssX509CrlBase64DerWrite",
-+ xmlSecKeyDataKlassGetName(id),
-+ "pos=%d", pos);
-+ return(-1);
- }
-- }
--
-- /* write crls if needed */
-- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
-- size = xmlSecNssKeyDataX509GetCrlsSize(data);
-- for(pos = 0; pos < size; ++pos) {
-- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
-- if(crl == NULL) {
-- xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
-- xmlSecKeyDataKlassGetName(id),
-- "pos=%d", pos);
-- return(-1);
-- }
-
-- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
-- if(ret < 0) {
-- xmlSecInternalError2("xmlSecNssX509CRLNodeWrite",
-- xmlSecKeyDataKlassGetName(id),
-- "pos=%d", pos);
-- return(-1);
-- }
-+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecAddChild",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "new_node=%s",
-+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
-+ xmlFree(buf);
-+ return(-1);
- }
-+ /* todo: add \n around base64 data - from context */
-+ /* todo: add errors check */
-+ xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
-+ xmlNodeSetContent(cur, buf);
- }
-
- return(0);
-@@ -988,37 +961,6 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
- }
-
- static int
--xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlChar* buf;
-- xmlNodePtr cur;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
-- xmlSecAssert2(keyInfoCtx != NULL, -1);
--
-- /* set base64 lines size from context */
-- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL);
-- return(-1);
-- }
--
-- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
--
-- /* todo: add \n around base64 data - from context */
-- /* todo: add errors check */
-- xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
-- return(0);
--}
--
--static int
- xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlChar* subject;
-@@ -1038,15 +980,11 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
- }
-
- subject = xmlNodeGetContent(node);
-- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
-- if(subject != NULL) {
-- xmlFree(subject);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
-+ if(subject == NULL) {
-+ xmlSecInvalidNodeContentError(node,
-+ xmlSecKeyDataGetName(data),
-+ "empty");
- return(-1);
-- }
-- return(0);
- }
-
- cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
-@@ -1077,40 +1015,6 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
- }
-
- static int
--xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlChar* buf = NULL;
-- xmlNodePtr cur = NULL;
-- int ret;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- buf = xmlSecNssX509NameWrite(&(cert->subject));
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL);
-- return(-1);
-- }
--
-- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
--
-- ret = xmlSecNodeEncodeAndSetContent(cur, buf);
-- if(ret < 0) {
-- xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
--
-- /* done */
-- xmlFree(buf);
-- return(0);
--}
--
--static int
- xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlNodePtr cur;
-@@ -1132,18 +1036,11 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
- }
-
- cur = xmlSecGetNextElementNode(node->children);
-- if(cur == NULL) {
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-- xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL,
-- xmlSecKeyDataGetName(data));
-- return(-1);
-- }
-- return(0);
-- }
-
- /* the first is required node X509IssuerName */
-- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
-- xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data));
-+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
-+ xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL,
-+ xmlSecKeyDataGetName(data));
- return(-1);
- }
- issuerName = xmlNodeGetContent(cur);
-@@ -1207,62 +1104,6 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
- }
-
- static int
--xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlNodePtr cur;
-- xmlNodePtr issuerNameNode;
-- xmlNodePtr issuerNumberNode;
-- xmlChar* buf;
-- int ret;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- /* create xml nodes */
-- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL);
-- return(-1);
-- }
--
-- issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
-- if(issuerNameNode == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL);
-- return(-1);
-- }
--
-- issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
-- if(issuerNumberNode == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL);
-- return(-1);
-- }
--
-- /* write data */
-- buf = xmlSecNssX509NameWrite(&(cert->issuer));
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL);
-- return(-1);
-- }
--
-- ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
-- if(ret < 0) {
-- xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
-- xmlFree(buf);
--
-- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL);
-- return(-1);
-- }
-- xmlNodeSetContent(issuerNumberNode, buf);
-- xmlFree(buf);
--
-- return(0);
--}
--
--static int
- xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlChar* ski;
-@@ -1282,15 +1123,9 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
- }
-
- ski = xmlNodeGetContent(node);
-- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
-- if(ski != NULL) {
-- xmlFree(ski);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-+ if(ski == NULL) {
- xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
- return(-1);
-- }
-- return(0);
- }
-
- cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
-@@ -1319,40 +1154,6 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
- }
-
- static int
--xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
-- xmlChar *buf = NULL;
-- xmlNodePtr cur = NULL;
-- int ret;
--
-- xmlSecAssert2(cert != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
--
-- buf = xmlSecNssX509SKIWrite(cert);
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssX509SKIWrite", NULL);
-- return(-1);
-- }
--
-- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
--
-- ret = xmlSecNodeEncodeAndSetContent(cur, buf);
-- if(ret < 0) {
-- xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
--
-- /* done */
-- xmlFree(buf);
-- return(0);
--}
--
--static int
- xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar *content;
- CERTSignedCrl* crl;
-@@ -1362,15 +1163,9 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlNodeGetContent(node);
-- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
-- if(content != NULL) {
-- xmlFree(content);
-- }
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
-+ if(content == NULL){
- xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
- return(-1);
-- }
-- return(0);
- }
-
- crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
-@@ -1387,38 +1182,6 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
- }
-
- static int
--xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlChar* buf = NULL;
-- xmlNodePtr cur = NULL;
--
-- xmlSecAssert2(crl != NULL, -1);
-- xmlSecAssert2(node != NULL, -1);
-- xmlSecAssert2(keyInfoCtx != NULL, -1);
--
-- /* set base64 lines size from context */
-- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
-- if(buf == NULL) {
-- xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL);
-- return(-1);
-- }
--
-- cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
-- if(cur == NULL) {
-- xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL);
-- xmlFree(buf);
-- return(-1);
-- }
-- /* todo: add \n around base64 data - from context */
-- /* todo: add errors check */
-- xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
-- xmlNodeSetContent(cur, buf);
-- xmlFree(buf);
--
-- return(0);
--}
--
--
--static int
- xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecNssX509DataCtxPtr ctx;
-@@ -1427,6 +1190,10 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- SECStatus status;
- PRTime notBefore, notAfter;
-
-+ PK11SlotInfo* slot ;
-+ SECKEYPublicKey *pubKey = NULL;
-+ SECKEYPrivateKey *priKey = NULL;
-+
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-@@ -1456,12 +1223,64 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- return(-1);
- }
-
-+ /*-
-+ * Get Public key from cert, which does not always work for sign
-+ * action.
-+ *
- keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecInternalError("xmlSecNssX509CertGetKey",
- xmlSecKeyDataGetName(data));
- return(-1);
- }
-+ */
-+ /*-
-+ * I'll search key according to KeyReq.
-+ */
-+ slot = cert->slot ;
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == x