dgit.raspbian.org Git - libreoffice.git/log

Merge version 1:6.1.5-3+rpi1+deb10u8 and 1:6.1.5-3+deb10u10 to produce 1:6.1.5-3+rpi1+deb10u10

Merge libreoffice (1:6.1.5-3+deb10u10) import into refs/heads/workingbranch

[3/3] CVE-2023-2255 assume IFrame script/macro support isn't needed

seems undocumented at least

Change-Id: I316e4f4f25ddb7cf6b7bac4d856a721b987207a3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151020
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152152
Tested-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-2255

Gbp-Pq: Name 0080-3-3-CVE-2023-2255-assume-IFrame-script-macro-support.patch

[2/3] CVE-2023-2255 put floating frames under managed links control

From 59beb215c3debbdbff0357092b7e7961d69a7298 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Thu, 13 Apr 2023 11:31:17 +0100
Subject: [PATCH 2/3] put floating frames under managed links control
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

like we do for sections and ole objects that link to their content

individual commits in trunk are:

extract a OCommonEmbeddedObject::SetInplaceActiveState for reuse

no behaviour change intended

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150341
Tested-by: CaolÃ¡n McNamara <caolanm@redhat.com>
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit 183e34a3f8c429c0698951e24c17844e416a3825)

use parent window as dialog parent

it makes no odds, but is more convenient for upcoming modification

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150342
Tested-by: CaolÃ¡n McNamara <caolanm@redhat.com>
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit f93edf343658abd489bde3639d2ffaefd50c0f99)

adjust IFrameObject so it could reuse mxFrame for a reload of content

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150343
Tested-by: CaolÃ¡n McNamara <caolanm@redhat.com>
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit 3a727d26fd9eb6fa140bc3f5cadf3db079d42206)

query getUserAllowsLinkUpdate for the case of content in a floating frame

similarly to how it works for the more common "normal" embedded objects

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149971
Tested-by: Jenkins
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit 52aa46468531918eabfa2031dedf50377ae72cf7)

add a route to get writer Floating Frame links under 'manage links'

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150349
Tested-by: Jenkins
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit 8b8a2844addbd262befb1a2d193dfb590dfa20be)

allow SvxOle2Shape::resetModifiedState to survive having no SdrObject

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150538
Tested-by: Jenkins
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit 02379929bd0e1d1676635f0ca1920422702ebb7c)

create the FloatingFrameShape in a separate step to inserting it

this is derived from the path taken by the AddShape(const OUString&)
function for this case. No change in behavior is intended.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150526
Tested-by: Jenkins
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit bafec47847a0b9697b3bbe9358e53f8118af3024)

add a route to get calc Floating Frame links under 'manage links'

much harder than writer because the organization and ordering
of properties and object activation etc is different.

This ended up ugly, but functions.

We set FrameURL before AddShape, we have to do it again later because it
gets cleared when the SdrOle2Obj is attached to the XShape. But we want
FrameURL to exist when AddShape triggers SetPersistName which itself
triggers SdrOle2Obj::CheckFileLink_Impl and at that point we want to
know what URL will end up being used. So bodge this by setting FrameURL
to the temp pre-SdrOle2Obj attached properties and we can smuggle it
eventually into SdrOle2Obj::SetPersistName at the right point after
PersistName is set but before SdrOle2Obj::CheckFileLink_Impl is called
in order to inform the link manager that this is an IFrame that links to
a URL

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150539
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 07179a5a5bd00f34acfa8a3f260dd834ae003c63)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150755
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
bc5333b137d2da089b3b701ff615c6ddf43063d0
7eec3132a23faafd9a2878215a0a117a67bc9bf2
83e38dfa2f84907c2de9680e91f779d34864a9ad
f90ff71d6a96342574799312f764badaf97980eb
ea059262c124e3f44249e49b4189732310d28156
d09ae0c65a55a37743ad7c184070fb8dd97d8a7f
67fc199fef9e67fa12ca7873f0fe12137aa16d8f

Change-Id: Ia1d12aa5c9afdc1347f6d4364bc6a0b7f41ee168
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152132
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-2255

Gbp-Pq: Name 0079-2-3-CVE-2023-2255-put-floating-frames-under-managed-.patch

Refresh linked OLE representation when OLE updated

Change-Id: If949778779f1a91901412938d0b0298e1d7cfc3e
Reviewed-on: https://gerrit.libreoffice.org/57357
Tested-by: Jenkins
Reviewed-by: Armin Le Grand <Armin.Le.Grand@cib.de>
Gbp-Pq: Name 0078-Refresh-linked-OLE-representation-when-OLE-updated.patch

[1/3] CVE-2023-2255 set Referer on loading IFrames

so tools, options, security, options,
"block any links from document not..."
applies to their contents.

Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221
Tested-by: Jenkins
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150751
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit acff9ca0579333b45d10ae5f8cd48172f563dddd)
(cherry picked from commit 04c8176fb40d2eb983aa0bd0a6ce65804d3f6ecd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152096
Tested-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: CaolÃ¡n McNamara <caolan.mcnamara@collabora.com>
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-2255

Gbp-Pq: Name 0077-1-3-CVE-2023-2255-set-Referer-on-loading-IFrames.patch

Subject: CVE-2023-0950 Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions From: Eike Rathke <erack@redhat.com> Date: Thu, 16 Feb 2023 20:20:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

OR and AND for legacy infix notation are classified as binary
operators but in fact are functions with parameter count. In case
no argument is supplied, GetByte() returns 0 and for that case the
implicit binary operator 2 parameters were wrongly assumed.
Similar for functions expecting 1 parameter, without argument 1
was assumed. For "real" unary and binary operators the compiler
already checks parameters. Omit OR and AND and 1-parameter
functions from this implicit assumption and return the actual 0
count.

Change-Id: Ie05398c112a98021ac2875cf7b6de994aee9d882
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147173
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147129
Reviewed-by: CaolÃ¡n McNamara <caolanm@redhat.com>
(cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147390
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2023-0950

Gbp-Pq: Name 0076-Subject-CVE-2023-0950-Obtain-actual-0-parameter-coun.patch

From 5e8f64e50f97d39e83a3358697be14db03566878 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann <sbergman@redhat.com> Date: Mon, 21 Feb 2022 11:55:21 +0100 Subject: CVE-2022-38745 Avoid unnecessary empty -Djava.class.path=

Libreoffice may be configured to add an empty entry to the Java class path.
This may lead to run arbitrary Java code from the current directory.

Debian-backport: use char szSep[] = {SAL_PATHSEPARATOR,0}; for building Ostring
path separator.

Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745
debian-bug-security: https://security-tracker.debian.org/tracker/CVE-2022-38745

Gbp-Pq: Name 0075-From-5e8f64e50f97d39e83a3358697be14db03566878-Mon-Se.patch

CVE-2022-3140: check impress/calc IFrame "FrameURL" target

similar to

commit c7450d0b9d02c64ae3da467d329040787039767e
Date: Tue Aug 30 17:01:08 2022 +0100

check IFrame "FrameURL" target

Conflicts:
xmloff/source/draw/ximpshap.cxx

Change-Id: Ibf28c29acb4476830431d02772f3ecd4b23a6a27
origin: https://github.com/LibreOffice/core/commit/50c9ae7573f5d63a7cdbcd2caea0d789e97c3a3f.patch

Gbp-Pq: Name 0074-CVE-2022-3140-check-impress-calc-IFrame-FrameURL-tar.patch

CVE-2022-3140: Filter out unwanted command URIs

Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Conflicts:
desktop/source/app/cmdlineargs.cxx

origin: https://github.com/LibreOffice/core/commit/6f60a85d71f1e160bf48ca4d23cd9c99677961a2.patch
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0073-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch

CVE-2022-3140: check IFrame "FrameURL" target

similiar to

commit b3edf85e0fe6ca03dc26e1bf531be82193bc9627
Date: Wed Aug 7 17:37:11 2019 +0100

warn on load when a document binds an event to a macro

Change-Id: Iea888b1c083d2dc69ec322309ac9ae8c5e5eb315
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139059
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Conflicts:
sfx2/source/doc/iframe.cxx
sw/source/filter/html/htmlplug.cxx
sw/source/filter/xml/xmltexti.cxx
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0072-CVE-2022-3140-check-IFrame-FrameURL-target.patch

CVE-2022-3140: warn on load when a document binds an event to a macro

a) treat shared/Scripts equivalently to document scripts

This doesn't automatically warn/block running those scripts when used in a
freshly loaded document on its own however

because DocumentMacroMode::checkMacrosOnLoading will see at...

if ( m_xData->m_rDocumentAccess.documentStorageHasMacros() || hasMacroLibrary() )

that the document contains no macros and flip the allow macros flag to true so
that potentially new uses of macros added by the user during the edit are
allowed to run

b) so, add an additional flag to indicate existence of use of macros in a document

c) for odf import, set it when a script:event-listener tag is encountered
d) for html import when registerScriptEvents or SwFormatINetFormat::SetMacroTable is called
e) for doc import when Read_F_Macro or StoreMacroCmds is called as well for good measure
f) for xls import when registerScriptEvent or ScMacroInfo::SetMacro is called
g) for oox import when VbaProject::attachMacros is called

Reviewed-on: https://gerrit.libreoffice.org/77387
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit 35fe064a67b54b0680b4845477c9b8751edda160)

Change-Id: Ic1203d8ec7dfc217aa217135033ae9db2888e19b
Reviewed-on: https://gerrit.libreoffice.org/83348
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
origin: https://github.com/LibreOffice/core/commit/96b7887cbfd24bb29e08667b027a86f79c246ce2
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0071-CVE-2022-3140-warn-on-load-when-a-document-binds-an-.patch

CVE-2022-26307: add Initialization Vectors to password storage

LibreOffice supports the storage of passwords for web connections in
the user’s configuration database. The stored passwords are encrypted
with a single master key provided by the user. A flaw in LibreOffice
existed where master key was poorly encoded resulting in weakening its
entropy from 128 to 43 bits making the stored passwords vulerable to a
brute force attack if an attacker has access to the users stored
config.

old ones default to the current all zero case and continue to work
as before

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)

(cherry picked from commit 713296ecd30bab02d41fcd23f19afed28d916701)

Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
origin: https://github.com/LibreOffice/core/commit/55d3095f14e98e5d2aadddf392911ca2d2b6dca9.patch
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-26307

Gbp-Pq: Name 0070-CVE-2022-26307-add-Initialization-Vectors-to-passwor.patch

Simplify Sequence iterations in svl [only passwordcontainer.cxx]

Needed for fixing CVE-2022-26307

Use range-based loops, STL and comphelper functions

Reviewed-on: https://gerrit.libreoffice.org/75563
Tested-by: Jenkins
Reviewed-by: Arkadiy Illarionov <qarkai@gmail.com>
(cherry picked from commit c9cce0d931b41ede0eca14b2ed2b84453f048362)

Change-Id: I1c3dbf194600bec60c0881d2d19ff07b89d8333b
origin: https://github.com/LibreOffice/core/commit/bfec3cf63ef43cc86e9a2fd90600d91b5fefe0c3.patch

Gbp-Pq: Name 0069-Simplify-Sequence-iterations-in-svl-only-passwordcon.patch

CVE-2022-26306, CVE-2022-26307: add infobar to prompt to refresh to replace old format

This patch ask an user to replace old format thus partially closing CVE-2022-26306, CVE-2022-26307

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)

(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)

Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
origin: https://github.com/LibreOffice/core/commit/cedd8063fed50cfd75fa3c69c4c87e2ae79b944d.patch

Gbp-Pq: Name 0068-CVE-2022-26306-CVE-2022-26307-add-infobar-to-prompt-.patch

CVE-2022-26307: make hash encoding match decoding

Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132080
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)

svl: fix crash if user cancels/closes master password dialog

(regression from d7ba5614d90381d68f880ca7e7c5ef8bbb1b1c43)

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133932
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbb8617ece6d946957c2eb96287081029bce530f)

Change-Id: I3174c37a5891bfc849984e0ec5c2c392b9c6e7b1
(cherry picked from commit 7e35d53f51bb89ed3cea5f946214afb7d81e1b1e)
origin: https://github.com/LibreOffice/core/commit/c17ba8306704d6d428d673fb0079c4276f0bc256.patch
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-26307
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Gbp-Pq: Name 0067-CVE-2022-26307-make-hash-encoding-match-decoding.patch

Subject: CVE-2021-25636: only use X509Data

LibreOffice supports digital signatures of ODF documents and macros
within documents, presenting visual aids that no alteration of the
document occurred since the last signing and that the signature is
valid. An Improper Certificate Validation vulnerability in LibreOffice
allowed an attacker to create a digitally signed ODF document, by
manipulating the documentsignatures.xml or macrosignatures.xml stream
within the document to contain both "X509Data" and "KeyValue" children
of the "KeyInfo" tag, which when opened caused LibreOffice to verify
using the "KeyValue" but to report verification with the unrelated
"X509Data" value.

Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
Signed-off-by: Bastien Roucariès <rouca@debian.org>
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2021-25636
bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
origin: https://gitlab.com/redhat/centos-stream/rpms/libreoffice/-/raw/c8s/0001-CVE-2021-25636.patch
bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Gbp-Pq: Name 0066-Subject-CVE-2021-25636-only-use-X509Data.patch

tdf#121384 don't leave a bare trailing : in PYTHONPATH

and don't insert any empty path entries if that situation
was to arise

Change-Id: I8d8183485f457c3e4385181fee07390c4bfef603
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96707
Reviewed-by: Tomáš Chvátal <tchvatal@suse.com>
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
Tested-by: Jenkins
(cherry picked from commit b72705d5391b849fc70a0a4cac33523c0ea5d054)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96803
Tested-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name fix-PYTHONPATH.diff

opengl slide transitions not working with glm >= GLM 0.9.9.0

tracked it down to...

Removed default initialization, use GLM_FORCE_CTOR_INIT to restore the old behavior
so adding in GLM_FORCE_CTOR_INIT to get them working again

Change-Id: I1c6e7d8eb748fce40f0c518ff708708e5fb1e3d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87789
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name glm-0.9.9-ctor.diff

tdf#128111: "adsrc" doesn't exist from Postgresql 12

Before Postgresql 8.0, there was only "adsrc"
then it's been deprecated
"The adsrc field is historical, and is best not used, because it does not track outside changes
that might affect the representation of the default value.
Reverse-compiling the adbin field (with pg_get_expr for example) is a better way to display the default value
"
and finally it's been removed with version 12

See evolution with:
- https://www.postgresql.org/docs/8/catalog-pg-attrdef.html
- https://www.postgresql.org/docs/11/catalog-pg-attrdef.html
- https://www.postgresql.org/docs/12/catalog-pg-attrdef.html

Merge with https://cgit.freedesktop.org/libreoffice/core/commit/?id=1ec93ef100bb5f6ccef91f12e28ed09feb3eb38b

Change-Id: I57e9da423a23b5a96bbb64b0e026b160e9643ab9
Reviewed-on: https://gerrit.libreoffice.org/80722
(cherry picked from commit 0c46c81e04530e8f6ce4f34195d8f0443ed8bfc3)
Reviewed-on: https://gerrit.libreoffice.org/80736
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
Gbp-Pq: Name Postgresql-12-no-adsrc.diff

Resolves: tdf#126928 allow link updates in an intermediate linked document

... if link updates are allowed in the current document and that
intermediate document resides in a trusted location.

This works with both, the "Always (from trusted locations)" and
the "On request" settings under Tools -> Options -> Calc ->
General. It can't work with documents residing in a non-trusted
location as there is no way to allow updates on demand for a such
loaded document (hidden via formulas).

Reviewed-on: https://gerrit.libreoffice.org/77588
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 54bf84746a2a9a2e2aaf0df9e429b0cfd538f640)

Conflicts:
sc/source/ui/docshell/docsh4.cxx
sc/source/ui/docshell/externalrefmgr.cxx

Backported. Also includes

    commit 1663b1e8233db6c6d1c2b35639ad984961084009
    CommitDate: Tue Feb 26 21:15:57 2019 +0100

        tdf#120736: For Calc shared documents also check the original document URL

Change-Id: Ie483f7743db7c6d5cf947dc16a9c3660855f3423
Reviewed-on: https://gerrit.libreoffice.org/77613
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name allow-link-updates-in-an-intermediate-linked-document.diff

Improve check

Change-Id: I8280a81eef2ced0ff0ace51ea9f094421abafe13
Reviewed-on: https://gerrit.libreoffice.org/78108
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 761e6dd25782420bf06e4a2ff3205a79b6cbb136)
Reviewed-on: https://gerrit.libreoffice.org/78129
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Gbp-Pq: Name Improve-check.diff

Improve check for absolute URI

Change-Id: I4dee44832107f72f8f3fb68554428dc1e646c346
Reviewed-on: https://gerrit.libreoffice.org/77706
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit c79efeb66f7951305d0334bc288aee1c571a8728)
Reviewed-on: https://gerrit.libreoffice.org/77724
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Gbp-Pq: Name Improve-check-for-absolute-URI.diff

an absolute uri is invalid input

Change-Id: I392be4282be8ed67e3451b28d2c9f22acd4c87fc
Reviewed-on: https://gerrit.libreoffice.org/77564
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 3c076e54f736980e208f5c27ecf179aa90aea103)
Reviewed-on: https://gerrit.libreoffice.org/77571
Tested-by: Jenkins
Gbp-Pq: Name an-absolute-uri-is-invalid-input.diff

construct final url from parsed output

Change-Id: Ifd733625a439685ad307603eb2b00bf463eb9ca9
Reviewed-on: https://gerrit.libreoffice.org/77373
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 87959e5deea6d33cd35dbb3b8423056f9566710e)
Reviewed-on: https://gerrit.libreoffice.org/77379

Gbp-Pq: Name construct-final-url-from-parsed-output.diff

expand pyuno path separators

Change-Id: Ic97649ed6d4be595b308922c7bdc880cbb60b239
Reviewed-on: https://gerrit.libreoffice.org/77102
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 75903a0298218f89a199a5ac151ee0166f4469d7)
Reviewed-on: https://gerrit.libreoffice.org/77116

Gbp-Pq: Name expand-pyuno-path-separators.diff

Properly obtain location

Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77022
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name Properly-obtain-location.diff

keep name percent-encoded

Change-Id: I470c4b24192c3e3c9b556a9bbb3b084359e0033b
Reviewed-on: https://gerrit.libreoffice.org/77007
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name keep-name-percent-encoded.diff

decode url escape codes and check each path segment

Change-Id: Ie8f7cef912e8dacbc2a0bca73534a7a242a53ca1
Reviewed-on: https://gerrit.libreoffice.org/76395
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
(cherry picked from commit 0344b7684753876a3148a47d1e131a1b13595f63)
Reviewed-on: https://gerrit.libreoffice.org/76538
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name decode-url-escape-codes-and-check-each-path-segment.diff

expand LibreLogo check to global events

Change-Id: I7f436983ba0eb4b76b02d08ee52626e54b103d5f
Reviewed-on: https://gerrit.libreoffice.org/76194
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 85cbe1f06703c0b8e1f15a3d969202d99c66f34b)
Reviewed-on: https://gerrit.libreoffice.org/76540
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Gbp-Pq: Name expand-LibreLogo-checks-to-global-events.diff

More uses of referer URL with SvxBrushItem

Reviewed-on: https://gerrit.libreoffice.org/73643
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit b518882de8213ef71a8003f95fbdf7689069c06d)
Conflicts:
sw/source/core/text/porfld.cxx
sw/source/core/unocore/unosett.cxx

Change-Id: I04b524784df4ef453d8b1feec13b62f183a17e23
Reviewed-on: https://gerrit.libreoffice.org/73860
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name More-uses-of-referer-URL-with-SvxBrushItem.diff

explictly-exclude-LibreLogo-from-XScript-usage

===================================================================

Gbp-Pq: Name explictly-exclude-LibreLogo-from-XScript-usage.diff

sanitize-LibreLogo-calls

===================================================================

Gbp-Pq: Name sanitize-LibreLogo-calls.diff

Introduce next Japanese gengou era 'Reiwa'

Prepare for "Japan's Y2K" Gengou calendar era switch after 2019-04-30

The emperor Akihito will abdicate on 2019-04-30. The next emperor
will be Naruhito, but so far neither the new era name (Heisei for
Akihito) nor its abbreviation or a Unicode character are
determined. At least introduce the new era with some dummy names
(Naruhito,Na,N).

Change-Id: I8c0af390ca0408ac259e47e7eaf2e49b5889c9ba
Reviewed-on: https://gerrit.libreoffice.org/58142
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Introduce next Japanese gengou era 'Reiwa'

starting from 2019-05-01, which has been announced officially.

This fills the provisional slot acknowledged at
cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb.

Change-Id: Ifb12e6afaad4c66d455f664b46ec946e80324e87
Reviewed-on: https://gerrit.libreoffice.org/70157
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
Reviewed-on: https://gerrit.libreoffice.org/70185

Gbp-Pq: Name jp-JP-Reiwa.diff

java.vendor-Debian

===================================================================

Gbp-Pq: Name java.vendor-Debian.diff

tdf#123077 gtk3_kde5: Set KFileWidget's custom widget only once

Since the event filter is only used to set the custom
widget in the KFileWidget, it can and needs to be removed
again once this has been done; which also avoids crashes.

(s. https://gerrit.libreoffice.org/#/c/67185/ for more
infos, where the same thing is done for kde5)

Change-Id: I5c719fb17510916b4730ed5c00bb638df2f183e3
Reviewed-on: https://gerrit.libreoffice.org/67184
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.weghorn@posteo.de>
(cherry picked from commit 30cc54a4532a732a0cf6dfe9943521978ff7292f)
Reviewed-on: https://gerrit.libreoffice.org/67204
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Gbp-Pq: Name tdf123077.diff

apparmor-opencl

apparmor: Add opencl support

AppArmor in Debian Buster now has OpenCL abstractions.

Include OpenCL abstractions to fix OpenCL usage in Calc.

Gbp-Pq: Name apparmor-opencl.diff

Fix incorrect parameter type to std::min() on m68k

Last-Update: 2018-12-28

Gbp-Pq: Name m68k-fix-parameter-type.patch

[PATCH] Update orcus to 0.14.0.

And make all necessary adjustments for the new version of orcus.

Change-Id: I0dc207162a3ddfaad6da198a3d13b65f530757d5
Reviewed-on: https://gerrit.libreoffice.org/59884
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
Gbp-Pq: Name orcus-0.14.diff

[PATCH] Update mdds to 1.4.1

loplugin:constantparam

Reviewed-on: https://gerrit.libreoffice.org/58875
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit bb6f2b12e8f0bbc99a5ca93141d35fd40b043e55)

Update mdds to 1.4.1.

The largest change in 1.4.x relevant to the calc code is that the
multi_type_matrix::walk() methods now take a copy of the function
object rather than a reference, to allow for it to take an inline
lambda function. Instead, it does return a instance of the input
function object, similar to how std::for_each() behaves.

In case the function object contains a large data member, try to
make it a moveable so that it will get moved rather than copied
when going through one of the walk() methods.

Reviewed-on: https://gerrit.libreoffice.org/59584
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
(cherry picked from commit 51f73f35ea61dd81dd3194af50394b98ff1bf8e9)

mdds 1.4.1 is now a minimum requirement.

Reviewed-on: https://gerrit.libreoffice.org/59614
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <libreoffice@kohei.us>
(cherry picked from commit 4d1f735fcf064b18ef2848cc1f5a2a0616b0b33d)

fd08fc4a2ed75039e5292a35ff08726e0126c77f
647bcfbdd8e0417990ed93b25c1bca00f60df709

Change-Id: I676a8408e97cc8134009f764736cad68513c89ad

Gbp-Pq: Name mdds-1.4.1.diff

[PATCH] mariadb

Gbp-Pq: Name use-mariadb-java-instead-of-mysql-java.diff

disableClassPathURLCheck

===================================================================

Gbp-Pq: Name disableClassPathURLCheck.diff

apparmor-mesa

===================================================================

Gbp-Pq: Name apparmor-mesa.diff

Java 11 no longer synthesizes DocumentView$1.class

...so, for simplicity, just include whatever generated DocumentView$*.class by
wildcard

Change-Id: I779e2709c8ef2859d68233300302dd62dbe2455f
Reviewed-on: https://gerrit.libreoffice.org/62073
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Gbp-Pq: Name fix-tests-openjdk11.patch

[PATCH] apparmor: use dri-enumerate abstraction

Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.

Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699

Gbp-Pq: Name apparmor-cleanups.diff

apparmor: update program.soffice.bin for KDE

Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian
Buster with KDE desktop.

Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3
Reviewed-on: https://gerrit.libreoffice.org/58702
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Gbp-Pq: Name apparmor-kde.diff

apparmor-allow-java.security

===================================================================

Gbp-Pq: Name apparmor-allow-java.security.diff

[PATCH] test apparmor profile parsing (see tdf#114915)

idea taken from
https://salsa.debian.org/apparmor-team/apparmor-profiles-extra/commit/7fbcc4788d0e94764eeeff2f080796601241f986#546c1096cd506dbb01a47ed87a636a8e94d83b8c

Change-Id: I7e5bda9224d69530af4d30422c2fd3d60c9929d6

Gbp-Pq: Name test-apparmor-profiles.diff

[PATCH] micro-optimization: do not check for ant if we don't need it

Change-Id: I84644cddd8a318a2af23780ada9afc26fe23a9fe

Gbp-Pq: Name no-ant-check-if-unneeded.diff

do-not-hide-test-output

===================================================================

Gbp-Pq: Name do-not-hide-test-output.diff

disable-java-in-odk-build-examples-on-zero-vm

===================================================================

Gbp-Pq: Name disable-java-in-odk-build-examples-on-zero-vm.diff

appstream-ignore-startcenter

===================================================================

Gbp-Pq: Name appstream-ignore-startcenter.diff

Hide startcenter and math from the shell

Bug-Ubuntu: https://launchpad.net/bugs/1696250
Forwarded: not-needed

Gbp-Pq: Name hide-math-desktop-file.patch

apparmor-complain

===================================================================

Gbp-Pq: Name apparmor-complain.diff

disable-unused-test-programs

===================================================================

Gbp-Pq: Name disable-unused-test-programs.diff

cppunit-optional

===================================================================

Gbp-Pq: Name cppunit-optional.diff

disable-some-sc-tests-with-internal-cppunit

# fails with internal cppunit:

# fails with internal cppunit:
#
# [build LNK] CppunitTest/libtest_sc_subsequent_filters_test.so
# S=/data/rene/git/LibreOffice/master && I=$S/instdir && W=$S/workdir && /usr/bin/ccache x86_64-linux-gnu-g++ -shared -Wl,-z,noexecstack -Wl,-z,origin '-Wl,-rpath,$ORIGIN/../Library' -Wl,-rpath-link,$I/program -Wl,-z,defs -Wl,-rpath-link,/lib:/usr/lib -Wl,-z,combreloc -Wl,--hash-style=gnu -Wl,--dynamic-list-cpp-new -Wl,--dynamic-list-cpp-typeinfo -Wl,-Bsymbolic-functions -L$W/LinkTarget/StaticLibrary -L$I/sdk/lib -L$I/program -L$I/program -L$W/LinkTarget/Library -Wl,-z,relro -L/usr/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu $W/CxxObject/sc/qa/unit/subsequent_filters-test.o -Wl,--start-group -L$W/UnpackedTarball/cppunit/src/cppunit/.libs -lcppunit -lxml2 -lorcus-0.12 -lorcus-parser-0.12 -lboost_filesystem -lboost_iostreams -lz -Wl,--end-group -Wl,--no-as-needed -lmergedlo -luno_cppu -luno_cppuhelpergcc3 -lforlo -lforuilo -li18nlangtag -looxlo -luno_sal -luno_salhelpergcc3 -lsclo -lscqahelper -lsubsequenttest -ltest -lunotest -lvbahelperlo -o $W/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so
# /data/rene/git/LibreOffice/master/workdir/CxxObject/sc/qa/unit/subsequent_filters-test.o:(.data.rel.ro._ZTIN7CppUnit17AdditionalMessageE[_ZTIN7CppUnit17AdditionalMessageE]+0x10): undefined reference to `typeinfo for CppUnit::Message'
# collect2: error: ld returned 1 exit status
# /data/rene/git/LibreOffice/master/solenv/gbuild/LinkTarget.mk:598: recipe for target '/data/rene/git/LibreOffice/master/workdir/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so' failed
# make[4]: *** [/data/rene/git/LibreOffice/master/workdir/LinkTarget/CppunitTest/libtest_sc_subsequent_filters_test.so] Error 1
#
# interestingly, this works with system-cppunit...

Gbp-Pq: Name disable-some-sc-tests-with-internal-cppunit.diff

no-openssl

don't add -lssl etc if not needed (because we use system-postgresql)

Gbp-Pq: Name no-openssl.diff

allow-opensymbol-rebuild

===================================================================

Gbp-Pq: Name allow-opensymbol-rebuild.diff

system-officeotron-and-odfvalidator

===================================================================

Gbp-Pq: Name system-officeotron-and-odfvalidator.diff

[PATCH] Revert "always support packagekit if dbus is enabled"

This reverts commit f2984e95740cfbb9c74574f2a1225af3411d4901.

Gbp-Pq: Name no-packagekit-per-default.diff

hppa-is-32bit

===================================================================

Gbp-Pq: Name hppa-is-32bit.diff

javadoc-optional

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.

Gbp-Pq: Name javadoc-optional.diff

fix-internal-hsqldb-build

===================================================================

Gbp-Pq: Name fix-internal-hsqldb-build.diff

disable-flaky-tests

14:13 < mst__> _rene_, the toolkit unoapi tests are known to be flaky (in some
               system dependent way) e.g. on the Win@6 tinderbox it always
               crashes
14:14 < mst__> _rene_, sc.ScAccessible* tests also fail on some systems some of
               the time

Gbp-Pq: Name disable-flaky-tests.diff

debian-hardened-buildflags-no-LO-fstack-protector-strong

don't hardcode -fstack-protector-strong in configure.ac/gbuild. We get the
hardening flags from dpkg-buildflags anyway.

Gbp-Pq: Name debian-hardened-buildflags-no-LO-fstack-protector-strong.diff

debian-hardened-buildflags-CPPFLAGS

===================================================================

Gbp-Pq: Name debian-hardened-buildflags-CPPFLAGS.diff

mediwiki-oor-replace

===================================================================

Gbp-Pq: Name mediwiki-oor-replace.diff

make-package-modules-not-suck

===================================================================

Gbp-Pq: Name make-package-modules-not-suck.diff

mysqlcppconn-libmysqlclient-SONAME

===================================================================

Gbp-Pq: Name mysqlcppconn-libmysqlclient-SONAME.diff

jdbc-driver-classpaths

Gbp-Pq: Name jdbc-driver-classpaths.diff

reportdesign-mention-package

===================================================================

Gbp-Pq: Name reportdesign-mention-package.diff

sensible-lomua

===================================================================

Gbp-Pq: Name sensible-lomua.diff

help-msg-add-package-info

===================================================================

Gbp-Pq: Name help-msg-add-package-info.diff

mention-java-common-package

===================================================================

Gbp-Pq: Name mention-java-common-package.diff

install-fixes

===================================================================

Gbp-Pq: Name install-fixes.diff

build-against-shared-lpsolve

===================================================================

Gbp-Pq: Name build-against-shared-lpsolve.diff

debian-debug

===================================================================

Gbp-Pq: Name debian-debug.diff

split-evoab

===================================================================

Gbp-Pq: Name split-evoab.diff

jurt-soffice-location

commit b71107fb12e3c3125e0cb62c5a4f6636a80c6408
Author:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
AuthorDate: Tue Jun 7 11:52:37 2011 +0200
Commit:     Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
CommitDate: Tue Jun 7 11:52:37 2011 +0200

    on debian-based systems, we know where our soffice binary is

Gbp-Pq: Name jurt-soffice-location.diff

debian-opt

===================================================================

Gbp-Pq: Name debian-opt.diff

no-check-if-root

===================================================================

Gbp-Pq: Name no-check-if-root.diff

libreoffice (1:6.1.5-3+deb10u10) buster-security; urgency=medium

  * CVE-2023-2255: Improper access control in editor components of
    LibreOffice allowed an attacker to craft
    a document that would cause external links to be loaded without prompt.
    In the affected versions of LibreOffice documents
    that used "floating frames"
    linked to external files, would load the contents of those frames
    without prompting the user for permission to do so.
    This was inconsistent with the treatment of other linked
    content in LibreOffice.

[dgit import unpatched libreoffice 1:6.1.5-3+deb10u10]

Import libreoffice_6.1.5-3+deb10u10.debian.tar.xz

[dgit import tarball libreoffice 1:6.1.5-3+deb10u10 libreoffice_6.1.5-3+deb10u10.debian.tar.xz]

Merge version 1:6.1.5-3+rpi1+deb10u7 and 1:6.1.5-3+deb10u8 to produce 1:6.1.5-3+rpi1+deb10u8

Merge libreoffice (1:6.1.5-3+deb10u8) import into refs/heads/workingbranch