Overview Repositories Revisions Requests Users Attributes Meta
Security update for LibreOffice and related libraries

This update for LibreOffice and some library dependencies (cmis-client,
libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps)
fixes the following issues:

Changes in libreoffice:
- Provide l10n-pt from pt-PT
- boo#945047 - LO-L3: LO is duplicating master pages, extended fix
- boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files
* deleted RPATH prevented loading of bundled 3rd party RDF handler libs

- Version update to 5.0.4.2:
* Final of the 5.0.4 series

- boo#945047 - LO-L3: LO is duplicating master pages

- Version update to 5.0.4.1:
* rc1 of 5.0.4 with various regression fixes

- boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer

- Version update to 5.0.3.2:
* Final tag of 5.0.3 release

- Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported
- Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect
- boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters

- Version update to 5.0.3RC1 as it should fix i586 test failure
- Update text2number extension to 1.5.0

- obsolete libreoffice-mono
- pentaho-flow-reporting require is conditional on system_libs

- Update icon theme dependencies
* https://lists.debian.org/debian-openoffice/2015/09/msg00343.html

- Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075
boo#945692:
* Small tweaks compared to rc1
- For sake of completion this release also contains security fixes
for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551

- Use gcc48 to build on sle11sp4

- Make debuginfo's smaller on IBS.

- Fix chrpath call after the libs got -lo suffixing

- Add patch to fix qt4 features detection:
* kde4filepicker.patch

- Split out gtk3 UI to separate subpkg that requires gnome subpkg
* This is to allow people to test gtk3 while it not being default

- Version update to 5.0.2 rc1:
* Various small tweaks and integration of our SLE11 patchsets

- Update constraints to 30 GB on disk

- Version bump to 5.0.1 rc2:
* breeze icons extension
* Credits update
* Various small fixes

- Version bump to 5.0.1 rc1:
* Various small fixes
* Has some commits around screen rendering -> could fix kde bugs

- Kill branding-openSUSE, stick to TDF branding.

- Version bump to 5.0 rc5:
* Bunch of final touchups here and there
- Remove some upstreamed patches:
* old-cairo.patch

- Add explicit requires over libmysqlclient_r18, should cover boo#829430

- Add patch to build with old cairo (sle11).

- Version bump to 5.0 rc3:
* Various more fixes closing on the 5.0 release

- Update to 5.0 rc2:
* Few small fixes and updates in internal libraries

- Version bump to 5.0 rc1, remove obsolete patches:
* 0001-Fix-could-not-convert-.-const-char-to-const-rtl-OUSt.patch
* 0001-writerperfect-fix-gcc-4.7-build.patch

- More chrpat love for sle11

- Add python-importlib to build/requirements on py2 distros

- Provide/obsolete crystal icons so they are purged and not left over

- Fix breeze icons handling, drop crystal icons.

- Version bump to 5.0.0.beta3:
* Drop merged patch 0001-Make-cpp-poppler-version.h-header-optional.patch
* Update some internal tarballs so we keep building
- based on these bumps update the buildrequires too

- Generate python cache files wrt boo#929793

- Update %post scriptlets to work on sle11 again

- Split out the share -> lib linker to hopefully allow sle11 build

- One more fix for help handling boo#915996

- Version bump to 4.4.3 release:
* Various small fixes all around

- Disable verbose build to pass check on maximal size of log

- We need pre/post for libreoffice in langpkgs

- Use old java for detection and old commons-lang/codec to pass
brp check on java from sle11
* 0001-Make-HAVE_JAVA6-be-always-false.patch

- Revert last changeset, it is caused by something else this time:
* 0001-Set-source-and-target-params-for-java.patch

- Set source/target for javac when building to work on SLE11:
* 0001-Set-source-and-target-params-for-java.patch

- Try to deal with rpath on bundled libs

- Fix python3_sitelib not being around for py2

- Add internal make for too old system
- One more stab on poppler switch:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Update the old-poppler patch to work correctly:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Sort out more external tarballs for the no-system-libs approach

- Add basic external tarballs needed for without-system-libraries

- Add patch to check for poppler more nicely to work on older distros:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Try to pass configure without system libs

- Allow switch between py2 and py3
- Move external dependencies in conditional thus allow build on
SLE11

- Add conditional for noarch subpackages
- Add switch in configure to detect more of internal/external stuff

- Add conditional for appdatastore thing and redo it to impact the
spec less
- Add systemlibs switch to be used in attempt to build sle11 build

- Silence more scarry messages by boo#900186
* Fixes autocorr symlinking
* Cleans UNO cache in more pretty way

- Clean up the uno cache removal to not display scarry message
boo#900186

- Remove patch to look for help in /usr/share, we symlink it back to
lib, so there is no actual need to search for it directly, migth
fix boo#915996:
* officecfg-help-in-usr-share.diff

- --disable-collada
* reportedly it does not work in LibreOffice 4.4
- added version numbers to some BuildRequires lines

- Require flow engine too on base

- Fix build on SLE12 and 13.1 by adding conditional for appdata install

- Fixup the installed appdata.xml files: they reference a .desktop
file that are not installed by libreoffice (boo#926375).

- Version bump to 4.4.2:
* 2nd bugfix update for the 4.4 series

- BuildRequires: libodfgen-devel >= 0.1

- added version numbers to some BuildRequires lines
- build does not require python3-lxml
- build requires librevenge-devel >= 0.0.1
- vlc media backend is broken, don't use it. Only gstreamer should be used.
- Install the .appdata.xml files shipped by upstream: allow LO to
be shown in AppStream based software centers.

- Move pretrans to pre

- Version bump to 4.4.1 first bugfix release of the series

- Reduce bit the compilation preparations as we prepped most of the
things by _constraints and it is no longer needed

- %pre is not enough the script needs to be rewritten in lua

- Move removal of obsolete dirs from %pretrans to %pre boo#916181

- Version bump to 4.4.0 final:
* First in the 4.4 series
* First release to have the new UI elements without old hardcoded
sizes
* Various improvements all around.

- Version bump to 4.4.0rc2:
* Various bugfixes, just bumping to see if we still build fine.

- That verbose switch for configure was really really bad idea

- generic images.zip for galaxy icons seem gone so remove
- Do not supplement kde3 stuff, it is way beyond obsolete

- Remove vlc conditional
- korea.xcd is no more so remove
- Really use mergelib

- Disable telepathy, it really is experimental like hell

- Version bump to 4.4.0rc1:
* New 4.4 branch release with additional features
- Enable collada:
* New bundled collada2gltf tarball:
4b87018f7fff1d054939d19920b751a0-collada2gltf-master-cb1d97788a.tar.bz2
- Remove errorous self-obsolete in lang pkgs.
- Version bump to 4.3.3.2:
* Various bugfixes from maintenance branch to copy openSUSE.
* Also contains fix for boo#900214 and boo#900218 CVE-2014-3693
- fix regression in bullets (boo#897903).
- Add masterpage_style_parent.odp as new file for regression test
for bullets.
Changes in cmis-client:
- Update to version 0.5.0
+ Completely removed the dependency on InMemory server for unit tests
+ Minimized the number of HTTP requests sent by
SessionFactory::createSession
+ Added Session::getBaseTypes()
- Bump soname to 0_5-5
- Bump incname to 0.5

Changes in libetonyek:
- Version bump to 0.1.3:
* Various small fixes
* More imported now imported
* Now use mdds to help with some hashing
- Version bump to 0.1.2:
* Initial support for pages and numbers
* Ditch libetonyek-0.1.1-constants.patch as we do not require
us to build for older boost

Changes in libmwaw:
- Version bump to 0.3.6:
- Added a minimal parser for ApplePict v1.v2, ie. no clipping, does not
take in account the copy mode: srcCopy, srcOr, ...
- Extended the --with-docs configure option to allow to build doc only
for the API classes: --with-docs=no|api|full .
- Added a parser for MacDraft v4-v5 documents.
- RagTime v5-v6 parser: try to retrieve the main layouts and the
picture/shape/textbox, ie. now, it generates result but it is
still very imcomplete...
- MWAW{Graphic,Presentation,Text}Listener: corrected a problem in openGroup
which may create to incorrect document.
- Created an MWAWEmbeddedObject class to store a picture with various
representations.
- MWAW*Listener: renamed insertPicture to insertShape, added a function to
insert a texbox in a MWAWGraphicShape (which only insert a basic textbox).
- Fixed many crashes and hangs when importing broken files, found with the
help of american-fuzzy-lop.
- And several other minor fixes and improvements.
- Version bump to 0.3.5
* Various small fixes on 0.3 series, nothing big woth mention

Changes in libodfgen:
- Version bump to 0.1.4:
- drawing interface: do no forget to call startDocument/endDocument when
writing in the manifest
- metadata: added handler for 'template' metadata, unknown metadata are
written in a meta:user-defined elements,
- defineSheetNumberingStyle: can now define styles for the whole document
(and not only for the actual sheet)
- update doxygen configuration file + add a make astyle command
- Allow writing meta:creation-date metadata element for drawings and
presentations too.
- Improve handling of headings. Most importantly, write valid ODF.
- Write meta:generator metadata element.
- Add initial support for embedded fonts. It is currently limited to Flat
ODF output.

- Upgrade to version 0.1.2
* Use text:h element for headings. Any paragraph with
text:outline-level property is recognized as a heading.
* Handle layers.
* Improve handling of styles. Particularly, do not emit
duplicate styles.
* Slightly improve documentation.
* Handle master pages.
* Do not expect that integer properties are always in inches.
* Fix misspelled style:paragraph-properties element in
presentation notes.
* Only export public symbols on Linux.
* Fix bogus XML-escaping of metadata values.
* And many other improvements and fixes.

Changes in libpagemaker:
- Initial package based on upstream libpagemaker 0.0.2

Changes in libreoffice-share-linker:

- Initial commit, split out from main libreoffice package to workaround
issues on SLE11 build

Changes in mdds:

- Update to version 0.12.1:
* Various small fixes on 0.12 series
* Just move define up and comment why we redefine docdir
* more types are possible in segment_tree data structures
(previously only pointers were possible)
* added sorted_string_map
* multi_type_vector bugfixes

Changes in libwps:

- Update to version 0.4.1:
+ QuattroPro: correct a mistake when reading negative cell's position.
+ Fix some Windows build problems.
+ Fix more than 10 hangs when reading damaged files, found with the help
of american-fuzzy-lop.
+ Performance: improve the sheet's output generation.
+ add support for unknown encoding files (ie. DOS file)
+ add potential support for converting Lotus, ... documents,
+ accept to convert all Lotus Wk1 files and Symphony Wk1 files,
+ add support for Lotus Wk3 and Wk4 documents,
+ add support for Quattro Pro Wq1 and Wq2 documents,
+ only in debug mode, add pre-support for Lotus Wk5..., must allow to
retrieve the main sheets content's with no formatting,
+ add potential support for asking the document's password ( but do nothing )
+ correct some compiler warnings when compiling in debug mode.
+ Fix parsing of floating-point numbers in specific cases.
+ Fix several minor issues reported by Coverity and Clang.
+ Check arguments of public functions. Passing NULL no longer causes
a crash.
+ Use symbol visibility on Linux. The library only exports the public
functions now.
+ Import @TERM and @CTERM functions (fdo#86241).
+ Handle LICS character encoding in spreadsheets (fdo#87222).
+ Fix a crash when reading a broken file, found with the help of
american-fuzzy-lop.

Fixed bugs
bnc#951579
: [LibreOffice] Calc 5.0 fails to open ods files
bnc#910805
VUL-1: CVE-2014-8146: libreoffice: heap overflow
bnc#910806
VUL-1: CVE-2014-8147: libreoffice: integer overflow
bnc#954345
Insert-->Image-->Insert as Link hangs writer.
bnc#889755
PPTX: chart axis number format incorrect
bnc#934423
VUL-0: CVE-2015-4551: LibreOffice: Arbitrary file disclosure vulnerability in Calc and Writer
bnc#679938
LO-L3: saving to doc file the chapter name in the header does not change with chapters
bnc#900214
VUL-0: CVE-2014-3693: LibreOffice Impress Remote Control Use-after-Free Vulnerability
bnc#945047
LO is duplicating master pages
bnc#900218
LibreOffice: "Document as E-mail" vulnerability
bnc#929793
LibreOffice: ship precompiled python cache files
bnc#936190
VUL-0: CVE-2015-5213: LibreOffice: "Piece Table Counter" Invalid Check Design Error Vulnerability
bnc#926375
AppStream: libreoffice packages do not show up in GNOME Software
bnc#945692
[TRACKERBUG] FATE#318856: [ECO] Update LibreOffice to latest stable version on SLE11
bnc#907636
VUL-1: CVE-2014-9093: libreoffice: crash importing malformed .rtf
bnc#943075
[TRACKERBUG] FATE#319071: [ECO] Update LibreOffice to latest stable version
bnc#915996
LibreOffice doesn't show internal Help
bnc#940838
VUL-0: CVE-2015-5214: LibreOffice: Bookmark Status Memory Corruption Vulnerability
bnc#900186
Uninstalling libreoffice packages lead to bunch of warning/error messages
bnc#939996
Some bits from DOCX file are not imported
bnc#916181
can't install libreoffice on a new root filesystem with RPM command without having previously installed bash
bnc#936188
VUL-0: CVE-2015-5212: LibreOffice: "PrinterSetup Length" Integer Underflow Vulnerability
bnc#829430
[Crash] Libreoffice 4.0 stable: missing dependency libmysqlclient_r.so for libreoffice-base-drivers-mysql package
bnc#897903
libreoffice: Indented enumeration broken
CVE-CVE-2014-8147
CVE-CVE-2014-3693
CVE-CVE-2014-8146
CVE-CVE-2015-5212
CVE-CVE-2015-45513
CVE-CVE-2015-5213
CVE-CVE-2014-9093
CVE-CVE-2015-5214
CVE-CVE-2015-4551
Selected Binaries
openSUSE Build Service is sponsored by
Places