Overview

File _patchinfo of Package patchinfo.27131

<patchinfo incident="27131">
  <issue tracker="jsc" id="PED-1785"/>
  <issue tracker="jsc" id="PED-3561"/>
  <issue tracker="jsc" id="PED-3550"/>
  <issue tracker="cve" id="2023-0950"/>
  <issue tracker="cve" id="2023-2255"/>
  <issue tracker="bnc" id="1209242">VUL-0: CVE-2023-0950: libreoffice: stack underflow in ScInterpreter</issue>
  <issue tracker="bnc" id="1211746">VUL-0: CVE-2023-2255: libreoffice: Remote documents loaded without prompt via IFrame</issue>
  <issue tracker="bnc" id="1204040">PPTX: shadow effect for table offset too far to the right</issue>
  <issue tracker="bnc" id="1198666">Need to be able to set the default tab size for each text object</issue>
  <issue tracker="bnc" id="1200085">FILEOPEN PPTX: extra paragraph after some 2-line text with link</issue>
  <issue tracker="bnc" id="1210687">binutils-gold is unmaintained and will be dropped</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>feature</category>
  <summary>Feature update for LibreOffice</summary>
  <description>This update for LibreOffice fixes the following issues:
    
libreoffice:

- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
  * For the highlights of changes of version 7.5 please consult the official release notes:
    https://wiki.documentfoundation.org/ReleaseNotes/7.5
  * For the highlights of changes of version 7.4 please consult the official release notes:
    https://wiki.documentfoundation.org/ReleaseNotes/7.4
  * Security issues fixed:
    + CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
    + CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
  * Bug fixes:
    + Fix PPTX shadow effect for table offset (bsc#1204040)
    + Fix ability to set the default tab size for each text object (bsc#1198666)
    + Fix PPTX extra vertical space between different text formats (bsc#1200085)
    + Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
  * Updated bundled dependencies:    
    * boost version update from 1_77_0 to 1_80_0
    * curl version update from 7.83.1 to 8.0.1
    * icu4c-data version update from 70_1 to 72_1
    * icu4c version update from 70_1 to 72_1
    * pdfium version update from 4699 to 5408
    * poppler version update from 21.11.0 to 22.12.0
    * poppler-data version update from 0.4.10 to 0.4.11
    * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466    
  * New build dependencies:
    * fixmath-devel
    * libwebp-devel
    * zlib-devel
    * dragonbox-devel
    * at-spi2-core-devel
    * libtiff-devel

dragonbox:

- New package at version 1.1.3 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

fixmath:

- New package at version 2022.07.20 (jsc#PED-1785)
    * New dependency for LibreOffice 7.4

libmwaw:

- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
  * Add debug code to read some private rsrc data
  * Allow to read some MacWrite which does not have printer informations
  * Add a parser for Scoop files
  * Add a parser for ScriptWriter files
  * Add a parser for ReadySetGo 1-4 files

xmlsec1:
    
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
  * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier.
  * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
    against OpenSSL 3.0.
    To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag 
    (there will be a lot of deprecation warnings).
  * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
    XMLSec Library.
  * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` 
    flags on CI builds.
  * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
  * Support for OpenSSL compiled with OPENSSL_NO_ERR.
  * Full support for LibreSSL 3.5.0 and above
  * Several other small fixes
  * Fix decrypting session key for two recipients 
  * Added `--privkey-openssl-engine` option to enhance openssl engine support
  * Remove MD5 for NSS 3.59 and above
  * Fix PKCS12_parse return code handling
  * Fix OpenSSL lookup
  * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
  * Unload error strings in OpenSSL shutdown.
  * Make userData available when executing preExecCallback function
  * Add an option to use secure memset.
  * Enabled XML_PARSE_HUGE for all xml parsers.
  * Various build and tests fixes and improvements.
  * Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
  * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
  * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
    use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
    https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places