File _patchinfo of Package patchinfo.4657
<patchinfo incident="4657">
<issue id="951579" tracker="bnc">: [LibreOffice] Calc 5.0 fails to open ods files</issue>
<issue id="910805" tracker="bnc">VUL-1: CVE-2014-8146: libreoffice: heap overflow</issue>
<issue id="910806" tracker="bnc">VUL-1: CVE-2014-8147: libreoffice: integer overflow</issue>
<issue id="954345" tracker="bnc">Insert-->Image-->Insert as Link hangs writer.</issue>
<issue id="889755" tracker="bnc">PPTX: chart axis number format incorrect</issue>
<issue id="934423" tracker="bnc">VUL-0: CVE-2015-4551: LibreOffice: Arbitrary file disclosure vulnerability in Calc and Writer</issue>
<issue id="679938" tracker="bnc">LO-L3: saving to doc file the chapter name in the header does not change with chapters</issue>
<issue id="900214" tracker="bnc">VUL-0: CVE-2014-3693: LibreOffice Impress Remote Control Use-after-Free Vulnerability</issue>
<issue id="945047" tracker="bnc">LO is duplicating master pages</issue>
<issue id="900218" tracker="bnc">LibreOffice: "Document as E-mail" vulnerability</issue>
<issue id="929793" tracker="bnc">LibreOffice: ship precompiled python cache files</issue>
<issue id="936190" tracker="bnc">VUL-0: CVE-2015-5213: LibreOffice: "Piece Table Counter" Invalid Check Design Error Vulnerability</issue>
<issue id="926375" tracker="bnc">AppStream: libreoffice packages do not show up in GNOME Software</issue>
<issue id="945692" tracker="bnc">[TRACKERBUG] FATE#318856: [ECO] Update LibreOffice to latest stable version on SLE11</issue>
<issue id="907636" tracker="bnc">VUL-1: CVE-2014-9093: libreoffice: crash importing malformed .rtf</issue>
<issue id="943075" tracker="bnc">[TRACKERBUG] FATE#319071: [ECO] Update LibreOffice to latest stable version</issue>
<issue id="915996" tracker="bnc">LibreOffice doesn't show internal Help</issue>
<issue id="940838" tracker="bnc">VUL-0: CVE-2015-5214: LibreOffice: Bookmark Status Memory Corruption Vulnerability</issue>
<issue id="900186" tracker="bnc">Uninstalling libreoffice packages lead to bunch of warning/error messages</issue>
<issue id="939996" tracker="bnc">Some bits from DOCX file are not imported</issue>
<issue id="916181" tracker="bnc">can't install libreoffice on a new root filesystem with RPM command without having previously installed bash</issue>
<issue id="936188" tracker="bnc">VUL-0: CVE-2015-5212: LibreOffice: "PrinterSetup Length" Integer Underflow Vulnerability</issue>
<issue id="829430" tracker="bnc">[Crash] Libreoffice 4.0 stable: missing dependency libmysqlclient_r.so for libreoffice-base-drivers-mysql package</issue>
<issue id="897903" tracker="bnc">libreoffice: Indented enumeration broken</issue>
<issue id="CVE-2014-8147" tracker="cve" />
<issue id="CVE-2014-3693" tracker="cve" />
<issue id="CVE-2014-8146" tracker="cve" />
<issue id="CVE-2015-5212" tracker="cve" />
<issue id="CVE-2015-45513" tracker="cve" />
<issue id="CVE-2015-5213" tracker="cve" />
<issue id="CVE-2014-9093" tracker="cve" />
<issue id="CVE-2015-5214" tracker="cve" />
<issue id="CVE-2015-4551" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>scarabeus_iv</packager>
<description>This update for LibreOffice and some library dependencies (cmis-client,
libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps)
fixes the following issues:
Changes in libreoffice:
- Provide l10n-pt from pt-PT
- boo#945047 - LO-L3: LO is duplicating master pages, extended fix
- boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files
* deleted RPATH prevented loading of bundled 3rd party RDF handler libs
- Version update to 5.0.4.2:
* Final of the 5.0.4 series
- boo#945047 - LO-L3: LO is duplicating master pages
- Version update to 5.0.4.1:
* rc1 of 5.0.4 with various regression fixes
- boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer
- Version update to 5.0.3.2:
* Final tag of 5.0.3 release
- Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported
- Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect
- boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters
- Version update to 5.0.3RC1 as it should fix i586 test failure
- Update text2number extension to 1.5.0
- obsolete libreoffice-mono
- pentaho-flow-reporting require is conditional on system_libs
- Update icon theme dependencies
* https://lists.debian.org/debian-openoffice/2015/09/msg00343.html
- Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075
boo#945692:
* Small tweaks compared to rc1
- For sake of completion this release also contains security fixes
for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513,
boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213,
boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551
- Use gcc48 to build on sle11sp4
- Make debuginfo's smaller on IBS.
- Fix chrpath call after the libs got -lo suffixing
- Add patch to fix qt4 features detection:
* kde4filepicker.patch
- Split out gtk3 UI to separate subpkg that requires gnome subpkg
* This is to allow people to test gtk3 while it not being default
- Version update to 5.0.2 rc1:
* Various small tweaks and integration of our SLE11 patchsets
- Update constraints to 30 GB on disk
- Version bump to 5.0.1 rc2:
* breeze icons extension
* Credits update
* Various small fixes
- Version bump to 5.0.1 rc1:
* Various small fixes
* Has some commits around screen rendering -> could fix kde bugs
- Kill branding-openSUSE, stick to TDF branding.
- Version bump to 5.0 rc5:
* Bunch of final touchups here and there
- Remove some upstreamed patches:
* old-cairo.patch
- Add explicit requires over libmysqlclient_r18, should cover boo#829430
- Add patch to build with old cairo (sle11).
- Version bump to 5.0 rc3:
* Various more fixes closing on the 5.0 release
- Update to 5.0 rc2:
* Few small fixes and updates in internal libraries
- Version bump to 5.0 rc1, remove obsolete patches:
* 0001-Fix-could-not-convert-.-const-char-to-const-rtl-OUSt.patch
* 0001-writerperfect-fix-gcc-4.7-build.patch
- More chrpat love for sle11
- Add python-importlib to build/requirements on py2 distros
- Provide/obsolete crystal icons so they are purged and not left over
- Fix breeze icons handling, drop crystal icons.
- Version bump to 5.0.0.beta3:
* Drop merged patch 0001-Make-cpp-poppler-version.h-header-optional.patch
* Update some internal tarballs so we keep building
- based on these bumps update the buildrequires too
- Generate python cache files wrt boo#929793
- Update %post scriptlets to work on sle11 again
- Split out the share -> lib linker to hopefully allow sle11 build
- One more fix for help handling boo#915996
- Version bump to 4.4.3 release:
* Various small fixes all around
- Disable verbose build to pass check on maximal size of log
- We need pre/post for libreoffice in langpkgs
- Use old java for detection and old commons-lang/codec to pass
brp check on java from sle11
* 0001-Make-HAVE_JAVA6-be-always-false.patch
- Revert last changeset, it is caused by something else this time:
* 0001-Set-source-and-target-params-for-java.patch
- Set source/target for javac when building to work on SLE11:
* 0001-Set-source-and-target-params-for-java.patch
- Try to deal with rpath on bundled libs
- Fix python3_sitelib not being around for py2
- Add internal make for too old system
- One more stab on poppler switch:
* 0001-Make-cpp-poppler-version.h-header-optional.patch
- Update the old-poppler patch to work correctly:
* 0001-Make-cpp-poppler-version.h-header-optional.patch
- Sort out more external tarballs for the no-system-libs approach
- Add basic external tarballs needed for without-system-libraries
- Add patch to check for poppler more nicely to work on older distros:
* 0001-Make-cpp-poppler-version.h-header-optional.patch
- Try to pass configure without system libs
- Allow switch between py2 and py3
- Move external dependencies in conditional thus allow build on
SLE11
- Add conditional for noarch subpackages
- Add switch in configure to detect more of internal/external stuff
- Add conditional for appdatastore thing and redo it to impact the
spec less
- Add systemlibs switch to be used in attempt to build sle11 build
- Silence more scarry messages by boo#900186
* Fixes autocorr symlinking
* Cleans UNO cache in more pretty way
- Clean up the uno cache removal to not display scarry message
boo#900186
- Remove patch to look for help in /usr/share, we symlink it back to
lib, so there is no actual need to search for it directly, migth
fix boo#915996:
* officecfg-help-in-usr-share.diff
- --disable-collada
* reportedly it does not work in LibreOffice 4.4
- added version numbers to some BuildRequires lines
- Require flow engine too on base
- Fix build on SLE12 and 13.1 by adding conditional for appdata install
- Fixup the installed appdata.xml files: they reference a .desktop
file that are not installed by libreoffice (boo#926375).
- Version bump to 4.4.2:
* 2nd bugfix update for the 4.4 series
- BuildRequires: libodfgen-devel >= 0.1
- added version numbers to some BuildRequires lines
- build does not require python3-lxml
- build requires librevenge-devel >= 0.0.1
- vlc media backend is broken, don't use it. Only gstreamer should be used.
- Install the .appdata.xml files shipped by upstream: allow LO to
be shown in AppStream based software centers.
- Move pretrans to pre
- Version bump to 4.4.1 first bugfix release of the series
- Reduce bit the compilation preparations as we prepped most of the
things by _constraints and it is no longer needed
- %pre is not enough the script needs to be rewritten in lua
- Move removal of obsolete dirs from %pretrans to %pre boo#916181
- Version bump to 4.4.0 final:
* First in the 4.4 series
* First release to have the new UI elements without old hardcoded
sizes
* Various improvements all around.
- Version bump to 4.4.0rc2:
* Various bugfixes, just bumping to see if we still build fine.
- That verbose switch for configure was really really bad idea
- generic images.zip for galaxy icons seem gone so remove
- Do not supplement kde3 stuff, it is way beyond obsolete
- Remove vlc conditional
- korea.xcd is no more so remove
- Really use mergelib
- Disable telepathy, it really is experimental like hell
- Version bump to 4.4.0rc1:
* New 4.4 branch release with additional features
- Enable collada:
* New bundled collada2gltf tarball:
4b87018f7fff1d054939d19920b751a0-collada2gltf-master-cb1d97788a.tar.bz2
- Remove errorous self-obsolete in lang pkgs.
- Version bump to 4.3.3.2:
* Various bugfixes from maintenance branch to copy openSUSE.
* Also contains fix for boo#900214 and boo#900218 CVE-2014-3693
- fix regression in bullets (boo#897903).
- Add masterpage_style_parent.odp as new file for regression test
for bullets.
Changes in cmis-client:
- Update to version 0.5.0
+ Completely removed the dependency on InMemory server for unit tests
+ Minimized the number of HTTP requests sent by
SessionFactory::createSession
+ Added Session::getBaseTypes()
- Bump soname to 0_5-5
- Bump incname to 0.5
Changes in libetonyek:
- Version bump to 0.1.3:
* Various small fixes
* More imported now imported
* Now use mdds to help with some hashing
- Version bump to 0.1.2:
* Initial support for pages and numbers
* Ditch libetonyek-0.1.1-constants.patch as we do not require
us to build for older boost
Changes in libmwaw:
- Version bump to 0.3.6:
- Added a minimal parser for ApplePict v1.v2, ie. no clipping, does not
take in account the copy mode: srcCopy, srcOr, ...
- Extended the --with-docs configure option to allow to build doc only
for the API classes: --with-docs=no|api|full .
- Added a parser for MacDraft v4-v5 documents.
- RagTime v5-v6 parser: try to retrieve the main layouts and the
picture/shape/textbox, ie. now, it generates result but it is
still very imcomplete...
- MWAW{Graphic,Presentation,Text}Listener: corrected a problem in openGroup
which may create to incorrect document.
- Created an MWAWEmbeddedObject class to store a picture with various
representations.
- MWAW*Listener: renamed insertPicture to insertShape, added a function to
insert a texbox in a MWAWGraphicShape (which only insert a basic textbox).
- Fixed many crashes and hangs when importing broken files, found with the
help of american-fuzzy-lop.
- And several other minor fixes and improvements.
- Version bump to 0.3.5
* Various small fixes on 0.3 series, nothing big woth mention
Changes in libodfgen:
- Version bump to 0.1.4:
- drawing interface: do no forget to call startDocument/endDocument when
writing in the manifest
- metadata: added handler for 'template' metadata, unknown metadata are
written in a meta:user-defined elements,
- defineSheetNumberingStyle: can now define styles for the whole document
(and not only for the actual sheet)
- update doxygen configuration file + add a make astyle command
- Allow writing meta:creation-date metadata element for drawings and
presentations too.
- Improve handling of headings. Most importantly, write valid ODF.
- Write meta:generator metadata element.
- Add initial support for embedded fonts. It is currently limited to Flat
ODF output.
- Upgrade to version 0.1.2
* Use text:h element for headings. Any paragraph with
text:outline-level property is recognized as a heading.
* Handle layers.
* Improve handling of styles. Particularly, do not emit
duplicate styles.
* Slightly improve documentation.
* Handle master pages.
* Do not expect that integer properties are always in inches.
* Fix misspelled style:paragraph-properties element in
presentation notes.
* Only export public symbols on Linux.
* Fix bogus XML-escaping of metadata values.
* And many other improvements and fixes.
Changes in libpagemaker:
- Initial package based on upstream libpagemaker 0.0.2
Changes in libreoffice-share-linker:
- Initial commit, split out from main libreoffice package to workaround
issues on SLE11 build
Changes in mdds:
- Update to version 0.12.1:
* Various small fixes on 0.12 series
* Just move define up and comment why we redefine docdir
* more types are possible in segment_tree data structures
(previously only pointers were possible)
* added sorted_string_map
* multi_type_vector bugfixes
Changes in libwps:
- Update to version 0.4.1:
+ QuattroPro: correct a mistake when reading negative cell's position.
+ Fix some Windows build problems.
+ Fix more than 10 hangs when reading damaged files, found with the help
of american-fuzzy-lop.
+ Performance: improve the sheet's output generation.
+ add support for unknown encoding files (ie. DOS file)
+ add potential support for converting Lotus, ... documents,
+ accept to convert all Lotus Wk1 files and Symphony Wk1 files,
+ add support for Lotus Wk3 and Wk4 documents,
+ add support for Quattro Pro Wq1 and Wq2 documents,
+ only in debug mode, add pre-support for Lotus Wk5..., must allow to
retrieve the main sheets content's with no formatting,
+ add potential support for asking the document's password ( but do nothing )
+ correct some compiler warnings when compiling in debug mode.
+ Fix parsing of floating-point numbers in specific cases.
+ Fix several minor issues reported by Coverity and Clang.
+ Check arguments of public functions. Passing NULL no longer causes
a crash.
+ Use symbol visibility on Linux. The library only exports the public
functions now.
+ Import @TERM and @CTERM functions (fdo#86241).
+ Handle LICS character encoding in spreadsheets (fdo#87222).
+ Fix a crash when reading a broken file, found with the help of
american-fuzzy-lop. </description>
<summary>Security update for LibreOffice and related libraries</summary>
</patchinfo>
