From d608866be8a17818409c22b2c97ef0d59152ccdc Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Sat, 3 Sep 2022 15:29:09 -0500
Subject: [PATCH] Three security updates and relevant buildfixes:

Update to thunderbird-102.2.1
Update to poppler-22.09.0
Update to curl-7.85.0
Fix building inkscape with poppler-22.09.0
Fix building libreoffice with poppler-22.09.0
---
 general/graphlib/poppler.xml       |  4 ++--
 introduction/welcome/changelog.xml | 25 +++++++++++++++++++++++++
 networking/netlibs/curl.xml        | 14 +++++++++-----
 packages.ent                       |  6 +++---
 xsoft/office/libreoffice.xml       | 21 +++++++++++----------
 xsoft/other/inkscape.xml           | 14 +++++++-------
 xsoft/other/thunderbird.xml        |  8 ++++----
 7 files changed, 61 insertions(+), 31 deletions(-)

diff --git a/general/graphlib/poppler.xml b/general/graphlib/poppler.xml
index def0c1cfe9..d6593a956c 100644
--- a/general/graphlib/poppler.xml
+++ b/general/graphlib/poppler.xml
@@ -6,9 +6,9 @@
 
   <!ENTITY poppler-download-http "https://poppler.freedesktop.org/poppler-&poppler-version;.tar.xz">
   <!ENTITY poppler-download-ftp  " ">
-  <!ENTITY poppler-md5sum        "616c33efce9fc33b0ac42336bc29a66c">
+  <!ENTITY poppler-md5sum        "20090652a3a78f7a2816db3bfcb383a3">
   <!ENTITY poppler-size          "1.8 MB">
-  <!ENTITY poppler-buildsize     "112 MB (with Qt5 library and tests)">
+  <!ENTITY poppler-buildsize     "87 MB (with Qt5 library and tests)">
   <!ENTITY poppler-time          "0.8 SBU (with parallelism=4, Qt5 library, and tests)">
   <!-- Time increase might be due to git.freedesktop.org -->
 
diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml
index 6bbf216654..fd9eae39d5 100644
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@@ -41,6 +41,31 @@
       </itemizedlist>
     </listitem>
     -->
+    <listitem>
+      <para>September 3rd, 2022</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fix building inkscape with poppler-22.09. Fixes
+          <ulink url="&blfs-ticket-root;16985">#16985</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Fix building libreoffice with poppler-22.09. Fixes
+          <ulink url="&blfs-ticket-root;16986">#16986</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to thunderbird-102.2.1 (Security Update).
+          Fixes <ulink url="&blfs-ticket-root;16971">#16971</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to poppler-22.09.0 (Security Update). Fixes
+          <ulink url="&blfs-ticket-root;16969">#16969</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[renodr] - Update to curl-7.85.0 (Security Update). Fixes
+          <ulink url="&blfs-ticket-root;16968">#16968</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
 
     <listitem>
       <para>September 2nd, 2022</para>
diff --git a/networking/netlibs/curl.xml b/networking/netlibs/curl.xml
index 54b538801a..71a373e84d 100644
--- a/networking/netlibs/curl.xml
+++ b/networking/netlibs/curl.xml
@@ -6,10 +6,10 @@
 
   <!ENTITY curl-download-http "https://curl.se/download/curl-&curl-version;.tar.xz">
   <!ENTITY curl-download-ftp  " ">
-  <!ENTITY curl-md5sum        "6ce66afa416bb11b8f39cc9e059afd5b">
+  <!ENTITY curl-md5sum        "131f76c84016c45806b902330a74164f">
   <!ENTITY curl-size          "2.4 MB">
-  <!ENTITY curl-buildsize     "145 MB (add 23 MB for tests)">
-  <!ENTITY curl-time          "0.4 SBU (with parallelism=4; add 18 SBU for tests)">
+  <!ENTITY curl-buildsize     "144 MB (add 23 MB for tests)">
+  <!ENTITY curl-time          "0.2 SBU (with parallelism=4; add 16 SBU for tests)">
 ]>
 
 <sect1 id="curl" xreflabel="cURL-&curl-version;">
@@ -31,8 +31,9 @@
     <para>
       The <application>cURL</application> package contains an utility
       and a library used for transferring files with URL syntax to any of
-      the following protocols: FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP,
-      TELNET, DICT, LDAP, LDAPS and FILE. Its ability to both download
+      the following protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP,
+      HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTSP, SMB, SMBS,
+      SMTP, SMPTS, TELNET, and TFTP. Its ability to both download
       and upload files can be incorporated into other programs to support
       functions like streaming media.
     </para>
@@ -352,6 +353,9 @@ TESTDONE: 1327 tests out of 1328 reported OK: 99%
 TESTFAIL: These test cases failed: 1459
   It is a SCP test for bad .known_hosts file and fails because of a mismatch
   of error codes, I don't think it indicated a serious issue.
+[renodr] - Test results for 7.85.0 (2022-09-03), no libssh2 enabled or gssapi
+TESTDONE: 1528 tests were considered during 2041 seconds.
+TESTDONE: 1326 tests out of 1326 reported OK: 100%
 -->
 
     <para>
diff --git a/packages.ent b/packages.ent
index 7ea11bfb2a..85ac72ce9f 100644
--- a/packages.ent
+++ b/packages.ent
@@ -243,7 +243,7 @@ to avoid building libxml2 twice, which is slow with all deps -->
 <!ENTITY openjpeg2-majmin-version     "2.5">
 <!ENTITY openjpeg2-version            "&openjpeg2-majmin-version;.0">
 <!ENTITY pixman-version               "0.40.0">   <!-- Even minors only -->
-<!ENTITY poppler-version              "22.08.0">
+<!ENTITY poppler-version              "22.09.0">
 <!ENTITY potrace-version              "1.16">
 <!ENTITY qpdf-version                 "10.6.3">
 <!ENTITY qrencode-version             "4.1.1">
@@ -634,7 +634,7 @@ to avoid building libxml2 twice, which is slow with all deps -->
 
 <!-- Chapter 17 -->
 <!ENTITY c-ares-version               "1.18.1">
-<!ENTITY curl-version                 "7.84.0">
+<!ENTITY curl-version                 "7.85.0">
 <!ENTITY geoclue2-version             "2.6.0">
 <!ENTITY glib-networking-minor        "2.72">
 <!ENTITY glib-networking-version      "&glib-networking-minor;.2">
@@ -982,7 +982,7 @@ to avoid building libxml2 twice, which is slow with all deps -->
 <!ENTITY pidgin-version               "2.14.10">
 <!ENTITY rox-filer-version            "2.11">
 <!ENTITY rxvt-unicode-version         "9.30">
-<!ENTITY thunderbird-version          "102.2.0">
+<!ENTITY thunderbird-version          "102.2.1">
 <!ENTITY tigervnc-version             "1.12.0">
 <!ENTITY transmission-version         "3.00">
 <!ENTITY xarchiver-version            "0.5.4.19">
diff --git a/xsoft/office/libreoffice.xml b/xsoft/office/libreoffice.xml
index 3418a99d15..dfc708b7c5 100644
--- a/xsoft/office/libreoffice.xml
+++ b/xsoft/office/libreoffice.xml
@@ -182,14 +182,13 @@
 
 <!-- keep one commented patch, it's sure to again need one or more in a few months:-->
 
-<!--
+
       <listitem>
         <para>
           Required patch to fix building with <xref linkend="poppler"/>:
-          <ulink url="&patch-root;/libreoffice-&libreoffice-dlversion;-poppler_2204_fix-1.patch"/>
+          <ulink url="&patch-root;/libreoffice-&libreoffice-dlversion;-poppler_2209_fixes-1.patch"/>
         </para>
       </listitem>
--->
 
     </itemizedlist>
     <bridgehead renderas="sect3">LibreOffice Dependencies</bridgehead>
@@ -215,7 +214,7 @@
 
     <para role="recommended">
       <xref linkend="apache-ant"/>,
-      <xref linkend="apr"/>,
+<!--  <xref linkend="apr"/>, -->
       <xref linkend="boost"/>,
       <xref linkend="clucene"/>,
       <xref linkend="cups"/>,
@@ -236,17 +235,19 @@
       <xref linkend="libatomic_ops"/>,
       <xref linkend="lcms2"/>,
       <xref linkend="librsvg"/>,
+      <xref linkend="libtiff"/>,
+      <xref linkend="libwebp"/>,
       <xref linkend="libxml2"/> and
       <xref linkend="libxslt"/>,
       <xref linkend="lxml"/>,
       <xref linkend="mesa"/>,
-      <xref linkend="neon"/>,
+<!--  <xref linkend="neon"/>, -->
       <xref linkend="nss"/>,
       <xref linkend="openldap"/> (if connecting to an LDAP server),
       <xref linkend="poppler"/>,
       <xref linkend="postgresql"/>,
       <xref linkend="redland"/>,
-      <xref linkend="serf"/>, and
+<!--  <xref linkend="serf"/>, --> and
       <xref linkend="unixodbc"/>
     </para>
 
@@ -346,13 +347,13 @@
 cd libreoffice-&libreoffice-dlversion;</userinput></screen>
 
 <!-- keep a commented instruction if no patches are currently required -->
-<!-- fixed in 7.3.5
+
     <para>
-     Fix build failures introduced by the latest poppler version:
+     First, fix build failures introduced by the latest poppler version:
     </para>
 
-<screen><userinput>patch -Np1 -i ../libreoffice-&libreoffice-dlversion;-poppler_2204_fix-1.patch</userinput></screen>
--->
+<screen><userinput>patch -Np1 -i ../libreoffice-&libreoffice-dlversion;-poppler_2209_fixes-1.patch</userinput></screen>
+
     <para>
       If you have downloaded the dictionaries, help and translations tarballs,
       create symlinks to them from the source directory so they won't get
diff --git a/xsoft/other/inkscape.xml b/xsoft/other/inkscape.xml
index 6de31be017..fe695b9126 100644
--- a/xsoft/other/inkscape.xml
+++ b/xsoft/other/inkscape.xml
@@ -75,17 +75,17 @@
         </para>
       </listitem>
     </itemizedlist>
-<!--
+
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
         <para>
           Required patch: <ulink
-          url="&patch-root;/inkscape-&inkscape-version;-poppler_22_04_fixes-1.patch"/>
+          url="&patch-root;/inkscape-&inkscape-version;-poppler_22_09_fixes-1.patch"/>
         </para>
       </listitem>
     </itemizedlist>
--->
+
     <note>
       <para>
         The tarball <emphasis>inkscape-&inkscape-minor-version;.tar.xz</emphasis>
@@ -159,13 +159,13 @@
 
   <sect2 role="installation">
     <title>Installation of Inkscape</title>
-<!--
+
     <para>
-      First, fix Inkscape to build with poppler-22.04.0:
+      First, fix Inkscape to build with poppler-22.09.0:
     </para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../inkscape-&inkscape-version;-poppler_22_04_fixes-1.patch</userinput></screen>
--->
+<screen><userinput remap="pre">patch -Np1 -i ../inkscape-&inkscape-version;-poppler_22_09_fixes-1.patch</userinput></screen>
+
 
 <!-- If there is no test suite, then this is not needed.
      There is none if the command below is not run.
diff --git a/xsoft/other/thunderbird.xml b/xsoft/other/thunderbird.xml
index 8d44cb4e37..b6b9168631 100644
--- a/xsoft/other/thunderbird.xml
+++ b/xsoft/other/thunderbird.xml
@@ -6,10 +6,10 @@
 
   <!ENTITY thunderbird-download-http "&mozilla-http;/thunderbird/releases/&thunderbird-version;/source/thunderbird-&thunderbird-version;.source.tar.xz">
   <!ENTITY thunderbird-download-ftp  " ">
-  <!ENTITY thunderbird-md5sum        "9cbd22da350b2d097d9de0ee9f55a81e">
-  <!ENTITY thunderbird-size          "477 MB">
+  <!ENTITY thunderbird-md5sum        "63d184e973a14fc34a60d703513614bb">
+  <!ENTITY thunderbird-size          "478 MB">
   <!ENTITY thunderbird-buildsize     "7.4 GB (204 MB installed)">
-  <!ENTITY thunderbird-time          "21 SBU (on a 4-core machine)">
+  <!ENTITY thunderbird-time          "23 SBU (on a 4-core machine)">
   <!-- Removed the -j1 time because python and rust do not obey it, although
        the C/C++ code appears to obey it -->
 ]>
@@ -217,7 +217,7 @@ EOF</userinput></screen>
     <para>
       A change in cbindgen-0.24.2 causes a symbol to now be output by
       cbindgen, but it has already been defined in a header. This sed
-      prevents the build eventually failing:
+      prevents the build from eventually failing:
     </para>
 
 <screen><userinput>sed -i '/ROOT_CLIP_CHAIN/d' gfx/webrender_bindings/webrender_ffi.h</userinput></screen>