From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sun, 26 May 2024 13:12:50 +0000 (+0100)
Subject: Merge version 4:7.4.7-1+rpi1 and 4:7.4.7-1+deb12u2 to produce 4:7.4.7-1+rpi1+deb12u2
X-Git-Tag: archive/raspbian/4%7.4.7-1+rpi1+deb12u2^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=96be3f068cf421da4c0f708c0fc3b0d11193e4d0;p=libreoffice.git

Merge version 4:7.4.7-1+rpi1 and 4:7.4.7-1+deb12u2 to produce 4:7.4.7-1+rpi1+deb12u2
---

96be3f068cf421da4c0f708c0fc3b0d11193e4d0
diff --cc debian/changelog
index 971ed33c575,548eac75d90..7eddba2584b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,26 +1,39 @@@
- libreoffice (4:7.4.7-1+rpi1) bookworm-staging; urgency=medium
++libreoffice (4:7.4.7-1+rpi1+deb12u2) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1:6.0.2-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Fri, 27 Apr 2018 02:14:18 +0000]
 +  * Disable testsuite.
 +
 +  [changes introduced in 1:5.4.0-1+rpi1 by Peter Michael Green]
 +  * Disable pdfium, it fails to build for armv6
 +
 +  [changes introduced in 1:7.2.4-3+rpi1 by Peter Michael Green]
 +  * Use clang 11, newer versions cause armv7 contamination issues.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sat, 29 Jul 2023 11:30:18 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sun, 26 May 2024 13:12:47 +0000
++
+ libreoffice (4:7.4.7-1+deb12u2) bookworm-security; urgency=high
+ 
+   * debian/patches/add-notify-for-script-use.diff: add fix for
+     CVE-2024-3044 ("Graphic on-click binding allows unchecked script
+     execution")
+ 
+  -- Rene Engelhard <rene@debian.org>  Mon, 01 Apr 2024 11:05:27 +0200
+ 
+ libreoffice (4:7.4.7-1+deb12u1) bookworm-security; urgency=high
+ 
+   * debian/patches/escape-url-passed-to-gstreamer.diff: add from
+     libreoffice-7-5; fixes CVE-2023-6185: "Improper input validation
+     enabling arbitrary Gstreamer pipeline injection"
+   * debian/patches/floating-frame-targets-unneeded-protocols.diff,
+     debian/patches/warn-about-exotic-protocols-as-well.diff,
+     debian/patches/ignore-LO-special-purpose-hyperlinks-per-default.diff,
+     debian/patches/reuse-AllowedLinkProtocolFromDocument-{1,2}.diff:
+     add from libreoffice-7-5; fixes CVE-2023-6186: "Link targets allow
+     arbitrary script execution"
+   * debian/patches/work-around-expired-certificiate-in-test.diff: add from
+     upstream https://gerrit.libreoffice.org/c/core/+/159909
+ 
+  -- Rene Engelhard <rene@debian.org>  Tue, 28 Nov 2023 17:39:15 +0000
  
  libreoffice (4:7.4.7-1) bookworm; urgency=medium