dgit.raspbian.org Git - libreoffice.git/log

CVE-2022-3140: check impress/calc IFrame "FrameURL" target

similar to

commit c7450d0b9d02c64ae3da467d329040787039767e
Date: Tue Aug 30 17:01:08 2022 +0100

check IFrame "FrameURL" target

Conflicts:
xmloff/source/draw/ximpshap.cxx

Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
origin: https://github.com/LibreOffice/core/commit/50c9ae7573f5d63a7cdbcd2caea0d789e97c3a3f.patch

Gbp-Pq: Name 0074-CVE-2022-3140-check-impress-calc-IFrame-FrameURL-tar.patch

CVE-2022-3140: Filter out unwanted command URIs

Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Conflicts:
desktop/source/app/cmdlineargs.cxx

origin: https://github.com/LibreOffice/core/commit/6f60a85d71f1e160bf48ca4d23cd9c99677961a2.patch
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0073-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch

CVE-2022-3140: check IFrame "FrameURL" target

similiar to

commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
Date: Wed Aug 7 17:37:11 2019 +0100

warn on load when a document binds an event to a macro

Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Conflicts:
sfx2/source/doc/iframe.cxx
sw/source/filter/html/htmlplug.cxx
sw/source/filter/xml/xmltexti.cxx
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0072-CVE-2022-3140-check-IFrame-FrameURL-target.patch

CVE-2022-3140: warn on load when a document binds an event to a macro

a) treat shared/Scripts equivalently to document scripts

This doesn't automatically warn/block running those scripts when used in a
freshly loaded document on its own however

because DocumentMacroMode::checkMacrosOnLoading will see at...

if ( m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() )

that the document contains no macros and flip the allow macros flag to true so
that potentially new uses of macros added by the user during the edit are
allowed to run

b) so, add an additional flag to indicate existence of use of macros in a document

c) for odf import, set it when a script:event-listener tag is encountered
d) for html import when registerScriptEvents or SwFormatINetFormat::SetMacroTable is called
e) for doc import when Read_F_Macro or StoreMacroCmds is called as well for good measure
f) for xls import when registerScriptEvent or ScMacroInfo::SetMacro is called
g) for oox import when VbaProject::attachMacros is called

Reviewed-on: https://gerrit.libreoffice.org/77387
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit 35fe064a67b54b0680b4845477c9b8751edda160)

Change-Id: Ic1203d8ec7dfc217aa217135033ae9db2888e19b
Reviewed-on: https://gerrit.libreoffice.org/83348
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
origin: https://github.com/LibreOffice/core/commit/96b7887cbfd24bb29e08667b027a86f79c246ce2
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0071-CVE-2022-3140-warn-on-load-when-a-document-binds-an-.patch

CVE-2022-26307: add Initialization Vectors to password storage

LibreOffice supports the storage of passwords for web connections in
the user’s configuration database. The stored passwords are encrypted
with a single master key provided by the user. A flaw in LibreOffice
existed where master key was poorly encoded resulting in weakening its
entropy from 128 to 43 bits making the stored passwords vulerable to a
brute force attack if an attacker has access to the users stored
config.

old ones default to the current all zero case and continue to work
as before

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)

(cherry picked from commit 713296ecd30bab02d41fcd23f19afed28d916701)

Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
origin: https://github.com/LibreOffice/core/commit/55d3095f14e98e5d2aadddf392911ca2d2b6dca9.patch
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-26307

Gbp-Pq: Name 0070-CVE-2022-26307-add-Initialization-Vectors-to-passwor.patch

Simplify Sequence iterations in svl [only passwordcontainer.cxx]

Needed for fixing CVE-2022-26307

Use range-based loops, STL and comphelper functions

Reviewed-on: https://gerrit.libreoffice.org/75563
Tested-by: Jenkins
Reviewed-by: Arkadiy Illarionov <qarkai@gmail.com>
(cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362)

Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b
origin: https://github.com/LibreOffice/core/commit/bfec3cf63ef43cc86e9a2fd90600d91b5fefe0c3.patch

Gbp-Pq: Name 0069-Simplify-Sequence-iterations-in-svl-only-passwordcon.patch

CVE-2022-26306, CVE-2022-26307: add infobar to prompt to refresh to replace old format

This patch ask an user to replace old format thus partially closing CVE-2022-26306, CVE-2022-26307

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)

(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)

Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
origin: https://github.com/LibreOffice/core/commit/cedd8063fed50cfd75fa3c69c4c87e2ae79b944d.patch

Gbp-Pq: Name 0068-CVE-2022-26306-CVE-2022-26307-add-infobar-to-prompt-.patch

CVE-2022-26307: make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

svl: fix crash if user cancels/closes master password dialog

(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
(cherry picked from commit 7e35d53f51bb89ed3cea5f946214afb7d81e1b1e)
origin: https://github.com/LibreOffice/core/commit/c17ba8306704d6d428d673fb0079c4276f0bc256.patch
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-26307
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Gbp-Pq: Name 0067-CVE-2022-26307-make-hash-encoding-match-decoding.patch

Subject: CVE-2021-25636: only use X509Data

LibreOffice supports digital signatures of ODF documents and macros
within documents, presenting visual aids that no alteration of the
document occurred since the last signing and that the signature is
valid. An Improper Certificate Validation vulnerability in LibreOffice
allowed an attacker to create a digitally signed ODF document, by
manipulating the documentsignatures.xml or macrosignatures.xml stream
within the document to contain both "X509Data" and "KeyValue" children
of the "KeyInfo" tag, which when opened caused LibreOffice to verify
using the "KeyValue" but to report verification with the unrelated
"X509Data" value.

Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
Signed-off-by: Bastien Roucariès <rouca@debian.org>
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2021-25636
bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
origin: https://gitlab.com/redhat/centos-stream/rpms/libreoffice/-/raw/c8s/0001-CVE-2021-25636.patch
bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Gbp-Pq: Name 0066-Subject-CVE-2021-25636-only-use-X509Data.patch

tdf#121384 don't leave a bare trailing : in PYTHONPATH

and don't insert any empty path entries if that situation
was to arise

Change-Id: I8d8183485f457c3e4385181fee07390c4bfef603
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96707
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
Tested-by: Jenkins
(cherry picked from commit b72705d5391b849fc70a0a4cac33523c0ea5d054)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96803
Tested-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name fix-PYTHONPATH.diff

opengl slide transitions not working with glm >= GLM 0.9.9.0

tracked it down to...

Removed default initialization, use GLM_FORCE_CTOR_INIT to restore the old behavior
so adding in GLM_FORCE_CTOR_INIT to get them working again

Change-Id: I1c6e7d8eb748fce40f0c518ff708708e5fb1e3d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87789
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name glm-0.9.9-ctor.diff

tdf#128111: "adsrc" doesn't exist from Postgresql 12

Before Postgresql 8.0, there was only "adsrc"
then it's been deprecated
"The adsrc field is historical, and is best not used, because it does not track outside changes
that might affect the representation of the default value.
Reverse-compiling the adbin field (with pg_get_expr for example) is a better way to display the default value
"
and finally it's been removed with version 12

See evolution with:
- https://www.postgresql.org/docs/8/catalog-pg-attrdef.html
- https://www.postgresql.org/docs/11/catalog-pg-attrdef.html
- https://www.postgresql.org/docs/12/catalog-pg-attrdef.html

Merge with https://cgit.freedesktop.org/libreoffice/core/commit/?id=1ec93ef100bb5f6ccef91f12e28ed09feb3eb38b

Change-Id: I57e9da423a23b5a96bbb64b0e026b160e9643ab9
Reviewed-on: https://gerrit.libreoffice.org/80722
(cherry picked from commit 0c46c81e04530e8f6ce4f34195d8f0443ed8bfc3)
Reviewed-on: https://gerrit.libreoffice.org/80736
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
Gbp-Pq: Name Postgresql-12-no-adsrc.diff

Resolves: tdf#126928 allow link updates in an intermediate linked document

... if link updates are allowed in the current document and that
intermediate document resides in a trusted location.

This works with both, the "Always (from trusted locations)" and
the "On request" settings under Tools -> Options -> Calc ->
General. It can't work with documents residing in a non-trusted
location as there is no way to allow updates on demand for a such
loaded document (hidden via formulas).

Reviewed-on: https://gerrit.libreoffice.org/77588
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 54bf84746a2a9a2e2aaf0df9e429b0cfd538f640)

Conflicts:
sc/source/ui/docshell/docsh4.cxx
sc/source/ui/docshell/externalrefmgr.cxx

Backported. Also includes

    commit 1663b1e8233db6c6d1c2b35639ad984961084009
    CommitDate: Tue Feb 26 21:15:57 2019 +0100

        tdf#120736: For Calc shared documents also check the original document URL

Change-Id: Ie483f7743db7c6d5cf947dc16a9c3660855f3423
Reviewed-on: https://gerrit.libreoffice.org/77613
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name allow-link-updates-in-an-intermediate-linked-document.diff

Improve check

Change-Id: I8280a81eef2ced0ff0ace51ea9f094421abafe13
Reviewed-on: https://gerrit.libreoffice.org/78108
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 761e6dd25782420bf06e4a2ff3205a79b6cbb136)
Reviewed-on: https://gerrit.libreoffice.org/78129
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Gbp-Pq: Name Improve-check.diff

Improve check for absolute URI

Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346
Reviewed-on: https://gerrit.libreoffice.org/77706
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728)
Reviewed-on: https://gerrit.libreoffice.org/77724
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name Improve-check-for-absolute-URI.diff

an absolute uri is invalid input

Change-Id: I392be4282be8ed67e3451b28d2c9f22acd4c87fc
Reviewed-on: https://gerrit.libreoffice.org/77564
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 3c076e54f736980e208f5c27ecf179aa90aea103)
Reviewed-on: https://gerrit.libreoffice.org/77571
Tested-by: Jenkins
Gbp-Pq: Name an-absolute-uri-is-invalid-input.diff

construct final url from parsed output

Change-Id: Ifd733625a439685ad307603eb2b00bf463eb9ca9
Reviewed-on: https://gerrit.libreoffice.org/77373
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 87959e5deea6d33cd35dbb3b8423056f9566710e)
Reviewed-on: https://gerrit.libreoffice.org/77379

Gbp-Pq: Name construct-final-url-from-parsed-output.diff

expand pyuno path separators

Change-Id: Ic97649ed6d4be595b308922c7bdc880cbb60b239
Reviewed-on: https://gerrit.libreoffice.org/77102
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 75903a0298218f89a199a5ac151ee0166f4469d7)
Reviewed-on: https://gerrit.libreoffice.org/77116

Gbp-Pq: Name expand-pyuno-path-separators.diff

Properly obtain location

Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77022
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name Properly-obtain-location.diff

keep name percent-encoded

Change-Id: I470c4b24192c3e3c9b556a9bbb3b084359e0033b
Reviewed-on: https://gerrit.libreoffice.org/77007
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name keep-name-percent-encoded.diff

decode url escape codes and check each path segment

Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
Reviewed-on: https://gerrit.libreoffice.org/76395
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
(cherry picked from commit 0344b7684753876a3148a47d1e131a1b13595f63)
Reviewed-on: https://gerrit.libreoffice.org/76538
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name decode-url-escape-codes-and-check-each-path-segment.diff

expand LibreLogo check to global events

Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76194
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 85cbe1f06703c0b8e1f15a3d969202d99c66f34b)
Reviewed-on: https://gerrit.libreoffice.org/76540
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name expand-LibreLogo-checks-to-global-events.diff

More uses of referer URL with SvxBrushItem

Reviewed-on: https://gerrit.libreoffice.org/73643
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit b518882de8213ef71a8003f95fbdf7689069c06d)
Conflicts:
sw/source/core/text/porfld.cxx
sw/source/core/unocore/unosett.cxx

Change-Id: I04b524784df4ef453d8b1feec13b62f183a17e23
Reviewed-on: https://gerrit.libreoffice.org/73860
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name More-uses-of-referer-URL-with-SvxBrushItem.diff

explictly-exclude-LibreLogo-from-XScript-usage

===================================================================

Gbp-Pq: Name explictly-exclude-LibreLogo-from-XScript-usage.diff

sanitize-LibreLogo-calls

===================================================================

Gbp-Pq: Name sanitize-LibreLogo-calls.diff

Introduce next Japanese gengou era 'Reiwa'

Prepare for "Japan's Y2K" Gengou calendar era switch after 2019-04-30

The emperor Akihito will abdicate on 2019-04-30. The next emperor
will be Naruhito, but so far neither the new era name (Heisei for
Akihito) nor its abbreviation or a Unicode character are
determined. At least introduce the new era with some dummy names
(Naruhito,Na,N).

Change-Id: I8c0af390ca0408ac259e47e7eaf2e49b5889c9ba
Reviewed-on: https://gerrit.libreoffice.org/58142
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Introduce next Japanese gengou era 'Reiwa'

starting from 2019-05-01, which has been announced officially.

This fills the provisional slot acknowledged at
cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb.

Change-Id: Ifb12e6afaad4c66d455f664b46ec946e80324e87
Reviewed-on: https://gerrit.libreoffice.org/70157
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/70185

Gbp-Pq: Name jp-JP-Reiwa.diff

java.vendor-Debian

===================================================================

Gbp-Pq: Name java.vendor-Debian.diff

tdf#123077 gtk3_kde5: Set KFileWidget's custom widget only once

Since the event filter is only used to set the custom
widget in the KFileWidget, it can and needs to be removed
again once this has been done; which also avoids crashes.

(s. https://gerrit.libreoffice.org/#/c/67185/ for more
infos, where the same thing is done for kde5)

Change-Id: I5c719fb17510916b4730ed5c00bb638df2f183e3
Reviewed-on: https://gerrit.libreoffice.org/67184
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.weghorn@posteo.de>
(cherry picked from commit 30cc54a4532a732a0cf6dfe9943521978ff7292f)
Reviewed-on: https://gerrit.libreoffice.org/67204
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Gbp-Pq: Name tdf123077.diff

apparmor-opencl

apparmor: Add opencl support

AppArmor in Debian Buster now has OpenCL abstractions.

Include OpenCL abstractions to fix OpenCL usage in Calc.

Gbp-Pq: Name apparmor-opencl.diff

Fix incorrect parameter type to std::min() on m68k

Last-Update: 2018-12-28

Gbp-Pq: Name m68k-fix-parameter-type.patch

[PATCH] Update orcus to 0.14.0.

And make all necessary adjustments for the new version of orcus.

Change-Id: I0dc207162a3ddfaad6da198a3d13b65f530757d5
Reviewed-on: https://gerrit.libreoffice.org/59884
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
Gbp-Pq: Name orcus-0.14.diff

[PATCH] Update mdds to 1.4.1

loplugin:constantparam

Reviewed-on: https://gerrit.libreoffice.org/58875
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit bb6f2b12e8f0bbc99a5ca93141d35fd40b043e55)

Update mdds to 1.4.1.

The largest change in 1.4.x relevant to the calc code is that the
multi_type_matrix::walk() methods now take a copy of the function
object rather than a reference, to allow for it to take an inline
lambda function. Instead, it does return a instance of the input
function object, similar to how std::for_each() behaves.

In case the function object contains a large data member, try to
make it a moveable so that it will get moved rather than copied
when going through one of the walk() methods.

Reviewed-on: https://gerrit.libreoffice.org/59584
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
(cherry picked from commit 51f73f35ea61dd81dd3194af50394b98ff1bf8e9)

mdds 1.4.1 is now a minimum requirement.

Reviewed-on: https://gerrit.libreoffice.org/59614
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
(cherry picked from commit 4d1f735fcf064b18ef2848cc1f5a2a0616b0b33d)

fd08fc4a2ed75039e5292a35ff08726e0126c77f
647bcfbdd8e0417990ed93b25c1bca00f60df709

Change-Id: I676a8408e97cc8134009f764736cad68513c89ad

Gbp-Pq: Name mdds-1.4.1.diff

[PATCH] mariadb

Gbp-Pq: Name use-mariadb-java-instead-of-mysql-java.diff

disableClassPathURLCheck

===================================================================

Gbp-Pq: Name disableClassPathURLCheck.diff

apparmor-mesa

===================================================================

Gbp-Pq: Name apparmor-mesa.diff

Java 11 no longer synthesizes DocumentView$1.class

...so, for simplicity, just include whatever generated DocumentView$*.class by
wildcard

Change-Id: I779e2709c8ef2859d68233300302dd62dbe2455f
Reviewed-on: https://gerrit.libreoffice.org/62073
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name fix-tests-openjdk11.patch

[PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699

Gbp-Pq: Name apparmor-cleanups.diff

apparmor: update program.soffice.bin for KDE

Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian
Buster with KDE desktop.

Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3
Reviewed-on: https://gerrit.libreoffice.org/58702
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Gbp-Pq: Name apparmor-kde.diff

apparmor-allow-java.security

===================================================================

Gbp-Pq: Name apparmor-allow-java.security.diff

[PATCH] test apparmor profile parsing (see tdf#114915)

idea taken from
https://salsa.debian.org/apparmor-team/apparmor-profiles-extra/commit/7fbcc4788d0e94764eeeff2f080796601241f986#546c1096cd506dbb01a47ed87a636a8e94d83b8c

Change-Id: I7e5bda9224d69530af4d30422c2fd3d60c9929d6

Gbp-Pq: Name test-apparmor-profiles.diff

[PATCH] micro-optimization: do not check for ant if we don't need it

Change-Id: I84644cddd8a318a2af23780ada9afc26fe23a9fe

Gbp-Pq: Name no-ant-check-if-unneeded.diff

do-not-hide-test-output

===================================================================

Gbp-Pq: Name do-not-hide-test-output.diff

disable-java-in-odk-build-examples-on-zero-vm

===================================================================

Gbp-Pq: Name disable-java-in-odk-build-examples-on-zero-vm.diff

appstream-ignore-startcenter

===================================================================

Gbp-Pq: Name appstream-ignore-startcenter.diff

Hide startcenter and math from the shell

Bug-Ubuntu: https://launchpad.net/bugs/1696250
Forwarded: not-needed

Gbp-Pq: Name hide-math-desktop-file.patch

apparmor-complain

===================================================================

Gbp-Pq: Name apparmor-complain.diff

disable-unused-test-programs

===================================================================

Gbp-Pq: Name disable-unused-test-programs.diff

cppunit-optional

===================================================================

Gbp-Pq: Name cppunit-optional.diff

disable-some-sc-tests-with-internal-cppunit

# fails with internal cppunit:

# fails with internal cppunit:
#
# [build LNK] CppunitTest/libtest_sc_subsequent_filters_test.so
# S=/data/rene/git/LibreOffice/master && I=$S/instdir && W=$S/workdir && /usr/bin/ccache x86_64-linux-gnu-g++ -shared -Wl,-z,noexecstack -Wl,-z,origin '-Wl,-rpath,$ORIGIN/../Library' -Wl,-rpath-link,$I/program -Wl,-z,defs -Wl,-rpath-link,/lib:/usr/lib -Wl,-z,combreloc -Wl,--hash-style=gnu -Wl,--dynamic-list-cpp-new -Wl,--dynamic-list-cpp-typeinfo -Wl,-Bsymbolic-functions -L$W/LinkTarget/StaticLibrary -L$I/sdk/lib -L$I/program -L$I/program -L$W/LinkTarget/Library -Wl,-z,relro -L/usr/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu $W/CxxObject/sc/qa/unit/subsequent_filters-test.o -Wl,--start-group -L$W/UnpackedTarball/cppunit/src/cppunit/.libs -lcppunit -lxml2 -lorcus-0.12 -lorcus-parser-0.12 -lboost_filesystem -lboost_iostreams -lz -Wl,--end-group -Wl,--no-as-needed -lmergedlo -luno_cppu -luno_cppuhelpergcc3 -lforlo -lforuilo -li18nlangtag -looxlo -luno_sal -luno_salhelpergcc3 -lsclo -lscqahelper -lsubsequenttest -ltest -lunotest -lvbahelperlo -o $W/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so
# /data/rene/git/LibreOffice/master/workdir/CxxObject/sc/qa/unit/subsequent_filters-test.o:(.data.rel.ro._ZTIN7CppUnit17AdditionalMessageE[_ZTIN7CppUnit17AdditionalMessageE]+0x10): undefined reference to `typeinfo for CppUnit::Message'
# collect2: error: ld returned 1 exit status
# /data/rene/git/LibreOffice/master/solenv/gbuild/LinkTarget.mk:598: recipe for target '/data/rene/git/LibreOffice/master/workdir/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so' failed
# make[4]: *** [/data/rene/git/LibreOffice/master/workdir/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so] Error 1
#
# interestingly, this works with system-cppunit...

Gbp-Pq: Name disable-some-sc-tests-with-internal-cppunit.diff

no-openssl

don't add -lssl etc if not needed (because we use system-postgresql)

Gbp-Pq: Name no-openssl.diff

allow-opensymbol-rebuild

===================================================================

Gbp-Pq: Name allow-opensymbol-rebuild.diff

system-officeotron-and-odfvalidator

===================================================================

Gbp-Pq: Name system-officeotron-and-odfvalidator.diff

[PATCH] Revert "always support packagekit if dbus is enabled"

This reverts commit f2984e95740cfbb9c74574f2a1225af3411d4901.

Gbp-Pq: Name no-packagekit-per-default.diff

hppa-is-32bit

===================================================================

Gbp-Pq: Name hppa-is-32bit.diff

javadoc-optional

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gbp-Pq: Name javadoc-optional.diff

fix-internal-hsqldb-build

===================================================================

Gbp-Pq: Name fix-internal-hsqldb-build.diff

disable-flaky-tests

14:13 < mst__> _rene_, the toolkit unoapi tests are known to be flaky (in some
               system dependent way) e.g. on the Win@6 tinderbox it always
               crashes
14:14 < mst__> _rene_, sc.ScAccessible* tests also fail on some systems some of
               the time

Gbp-Pq: Name disable-flaky-tests.diff

debian-hardened-buildflags-no-LO-fstack-protector-strong

don't hardcode -fstack-protector-strong in configure.ac/gbuild. We get the
hardening flags from dpkg-buildflags anyway.

Gbp-Pq: Name debian-hardened-buildflags-no-LO-fstack-protector-strong.diff

debian-hardened-buildflags-CPPFLAGS

===================================================================

Gbp-Pq: Name debian-hardened-buildflags-CPPFLAGS.diff

mediwiki-oor-replace

===================================================================

Gbp-Pq: Name mediwiki-oor-replace.diff

make-package-modules-not-suck

===================================================================

Gbp-Pq: Name make-package-modules-not-suck.diff

mysqlcppconn-libmysqlclient-SONAME

===================================================================

Gbp-Pq: Name mysqlcppconn-libmysqlclient-SONAME.diff

jdbc-driver-classpaths

Gbp-Pq: Name jdbc-driver-classpaths.diff

reportdesign-mention-package

===================================================================

Gbp-Pq: Name reportdesign-mention-package.diff

sensible-lomua

===================================================================

Gbp-Pq: Name sensible-lomua.diff

help-msg-add-package-info

===================================================================

Gbp-Pq: Name help-msg-add-package-info.diff

mention-java-common-package

===================================================================

Gbp-Pq: Name mention-java-common-package.diff

install-fixes

===================================================================

Gbp-Pq: Name install-fixes.diff

build-against-shared-lpsolve

===================================================================

Gbp-Pq: Name build-against-shared-lpsolve.diff

debian-debug

===================================================================

Gbp-Pq: Name debian-debug.diff

split-evoab

===================================================================

Gbp-Pq: Name split-evoab.diff

jurt-soffice-location

commit b71107fb12e3c3125e0cb62c5a4f6636a80c6408
Author:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
AuthorDate: Tue Jun 7 11:52:37 2011 +0200
Commit:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
CommitDate: Tue Jun 7 11:52:37 2011 +0200

    on debian-based systems, we know where our soffice binary is

Gbp-Pq: Name jurt-soffice-location.diff

debian-opt

===================================================================

Gbp-Pq: Name debian-opt.diff

no-check-if-root

===================================================================

Gbp-Pq: Name no-check-if-root.diff

libreoffice (1:6.1.5-3+deb10u11) buster-security; urgency=high

  * Team upload by LTS security team.
  * Fix CVE-2023-6185: An Improper Input Validation vulnerability
    was found in GStreamer integration of The Document
    Foundation LibreOffice allows an attacker to execute arbitrary
    GStreamer plugins. In affected versions the filename of the
    embedded video is not sufficiently escaped when passed to
    GStreamer enabling an attacker to run arbitrary
    gstreamer plugins depending on what plugins are installed
    on the target system.
  * Fix CVE-2023-6186: LibreOffice supports hyperlinks.
    In addition to the typical common protocols such as
    http/https hyperlinks can also have target URLs that
    can launch built-in macros or dispatch built-in
    internal commands. In affected version of LibreOffice
    there are scenarios where these can be executed without warning
    if the user activates such hyperlinks. In later versions
    the users's explicit macro execution permissions
    for the document are now consulted if these non-typical
    hyperlinks can be executed. The possibility to use these
    variants of hyperlink targets for floating frames has been removed.
  * Fix CVE-2020-12802: LibreOffice has a 'stealth mode' in which only
    documents from locations deemed 'trusted' are allowed to
    retrieve remote resources. This mode is not the default mode,
    but can be enabled by users who want to disable LibreOffice's ability
    to include remote resources within a document. A flaw existed
    where remote graphic links loaded from docx documents were omitted
    from this protection.
  * Fix CVE-2020-12801: If LibreOffice has an encrypted document
    open and crashes, that document is auto-saved encrypted.
    On restart, LibreOffice offers to restore the document
    and prompts for the password to decrypt it. If the recovery
    is successful, and if the file format of the recovered document
    was not LibreOffice's default ODF file format, then affected versions
    of LibreOffice default that subsequent saves of the document
    are unencrypted. This may lead to a user accidentally saving
    a MSOffice file format document unencrypted while believing
    it to be encrypted.
  * Fix CVE-2020-12803: ODF documents can contain forms to be
    filled out by the user. Similar to HTML forms, the contained
    form data can be submitted to a URI, for example, to an external
    web server. To create submittable forms, ODF implements the
    XForms W3C standard, which allows data to be submitted without
    the need for macros or other active scripting. LibreOffice allowed
    forms to be submitted to any URI, including file: URIs, enabling
    form submissions to overwrite local files. User-interaction
    is required to submit the form, but to avoid the possibility
    of malicious documents engineered to maximize the possibility of
    inadvertent user submission this feature has now been limited to
    http[s] URIs, removing the possibility to overwrite local files.

[dgit import unpatched libreoffice 1:6.1.5-3+deb10u11]

Import libreoffice_6.1.5-3+deb10u11.debian.tar.xz

[dgit import tarball libreoffice 1:6.1.5-3+deb10u11 libreoffice_6.1.5-3+deb10u11.debian.tar.xz]

Import libreoffice_6.1.5.orig.tar.xz

[dgit import orig libreoffice_6.1.5.orig.tar.xz]

Import libreoffice_6.1.5.orig-helpcontent2.tar.xz

[dgit import orig libreoffice_6.1.5.orig-helpcontent2.tar.xz]

Import libreoffice_6.1.5.orig-translations.tar.xz

[dgit import orig libreoffice_6.1.5.orig-translations.tar.xz]