Age | Commit message (Collapse) | Author |
|
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations"
Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135248
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
Fixes CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781
plus 6 more CVEs that shouldn't affect LO.
Remove obsolete configure-eval-fix.patch.0.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134225
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 58a3bf5199818e30ef4207213f29692d81b519c6)
upgrade to curl-7.81.0
Change-Id: I0a34239bfb16bf19e25bf374c7f36c4cdf1776c1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128783
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 40a84af1bdd7b3c414a8a78ca32b0951c03f9976)
Change-Id: Ifbd7ff5acf390df1d95d6b8be0dc7751e4753bbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134246
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
This release includes a revised block position search implementation
that shouldn't touch the internal STL iterators so that even if you
pass an invalid position hint, it should not trigger process
termination.
Change-Id: I8c76eb012ba7ce304ff10b38de468b7c9c6cce2b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134140
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134152
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
Fixes CVE-2022-29824.
Change-Id: I31d6ec794b01dee0bb17022ef2e18d2acd8255df
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133813
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f670422a01e7336ba8a554331f3781ec7f5c4e8c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133731
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
fixing only regression of hu_Hung
transliteration of punctuation marks.
Add unit test for the fix.
Regression from commit 98fd4fcdc61202846e0957cb6aaed9e4a2d2c520
"tdf#136368 bump to libnumbertext 1.0.8".
(cherry picked from commit d925d1ca9e03863650dd3e450331598624f21724)
Change-Id: Ie92cad96f48f0a7f735bc9cde93a0fded4681800
Conflicts:
sw/qa/extras/uiwriter/uiwriter6.cxx
Change-Id: I7b49467943c97582dba0e5aca20c02a92c43deff
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132492
Tested-by: László Németh <nemeth@numbertext.org>
Reviewed-by: László Németh <nemeth@numbertext.org>
|
|
Fixes CVE-2018-25032
external/zlib/ubsan.patch: remove, fixed upstream
Change-Id: I2aa9a9008b9cf7efd970c5fff0df7029204204f8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132358
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bfb6c4c65781a610d21409d974227d73f264f41a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132191
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Fixes CVE-2022-23308
Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130259
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Change-Id: Ibec5c6b2a321c48725e0888135c09d9b1835d0b7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd
|
|
Fixes CVE-2021-30560
Change-Id: I334662ddc40955780321133be9aee23858e04dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130022
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
This commit implements a WebP reader and writer for both lossless
and lossy WebP, export dialog options for selecting lossless/lossy
and quality for lossy, and various internal support for the format.
Since writing WebP to e.g. ODT documents would make those images
unreadable by previous versions with no WebP support, support
for that is explicitly disabled in GraphicFilter, to be enabled
somewhen later.
Change-Id: I9b10f6da6faa78a0bb74415a92e9f163c14685f7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128920
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
|
|
Change-Id: Ia9e1c68bd13974ec7403016197cc2d91c193f7bb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129860
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 7cd3013a3704b8365e295f4260e242273d45d27e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129840
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ib05a6d6418563fd9333821594f0aca5ab724f3e8
Reviewed-on: https://gerrit.libreoffice.org/79099
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
(cherry picked from commit 21dc27ab7834fe4d5783a9f4bd412c08cacc26b4)
Change-Id: I666665c801367ff760b14b9f474952e9894b4791
|
|
Change-Id: I6c08476710ab541ff9b9407f5d874dbb038990df
|
|
Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129072
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Icd1034f4c6b43605f5d43fe28f7e0d191311daf0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127664
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 568a5bba2a30ab588b52677106bf209d4c0df758)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128084
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
* remove GPGME_CAN_EXPORT_MINIMAL_KEY, upstream now has support for
key export flags in c++ wrapper (gpgmepp >= 1.14)
* therefore, external/gpgmepp/add-minimal-keyexport.patch now fully
obsolete, tweaked xmlsecurity code to use upstream function
* bits of external/gpgmepp/find-libgpg-error-libassuan.patch are
upstream now (configure and makefile pieces, though we keep
configure.ac changes for the while - to not pick up system versions
too easily)
* external/gpgmepp/gpgme.git-fe2892618c20cd40c342cce26ffb6ac4644fd3c3.patch.1
was from upstream anyway, removed
Change-Id: I991c20c0eeff0f9135e97c991afcb905be55a959
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127665
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 78dae8b20b85686d1a642415195d2e10fbb2dc1f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128085
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Iecd4a131f9c5b43bb03c5f9c4b6c7efe36e443aa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127663
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 7d50d74d0a10b4811b82f66dc5ac5a696c2974c7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128083
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
– Soros.py: fix FutureWarning: Possible nested set at position, reported by Rene Engelhard
– tdf#136368 fix Old Hungarian transliteration
– fixes for Chinese, French, Marathi, Polish, Ukrainian
Change-Id: I99f56b8a6089bc94f43056bcdedcae89ff4e68c9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127821
Tested-by: Jenkins
Reviewed-by: László Németh <nemeth@numbertext.org>
(cherry picked from commit 98fd4fcdc61202846e0957cb6aaed9e4a2d2c520)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127773
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
Change-Id: I76c0d57da63c1e35f80b13071793dbbb27cb218a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126655
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
(cherry picked from commit aadbac5467bb6ab768f87ed6ec003c55159d54aa)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126886
|
|
Change-Id: I7d5e5432d75caf671434977b48b415839cbf90b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126795
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
(cherry picked from commit e9fdfd353f163bd327af5666adb64ab35922a7db)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126810
|
|
Change-Id: Id28cd361237ce67b76a865ad4291ccece521af85
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126768
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit c74d59a8b47bb8228c297a60e6b5b0cc5e08aa53)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126809
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126233
Tested-by: Jenkins
|
|
Change-Id: I55ab0b25389dcce3263b38a2de12c437b47751c5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125821
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
(cherry picked from commit e95a808020de12351714965f5656e893d94d50f4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125830
|
|
Unicode 14, 5 new scripts, 12 new Unicode blocks.
In i18npool/qa/cppunit/test_breakiterator.cxx
TestBreakIterator::testLao() had to be disabled/adapted.
Needs to be investigated, see comments there.
As is, Lao script word break has regressions.
Correct UBLOCK_TANGUT_SUPPLEMENT Unicode range endpoint to
0x18D7F, see
https://www.unicode.org/versions/Unicode14.0.0/erratafixed.html
for which ublock_getCode(0x18D8F) now returned UBLOCK_NO_BLOCK and
thus luckily the assert in svx/source/dialog/charmap.cxx hit.
Change-Id: I4bad16ecfab3f44be365b8f884c57f34af68218e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125322
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
Fixes CVE-2021-23222.
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I545adce0491e48fad2bfc4003695bd96cc911f22
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125068
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
The changelogs tend to mention "crash in malformed files" a lot.
Change-Id: Iadc1d9cc23abd09a8fff58ba0cb7a7803236a542
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125034
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I42c6ff24237614b2c0d5dc2aa0bcfd9bf7ee89e1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125010
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
<https://dev-www.libreoffice.org/src/boost_1_77_0.tar.xz> has been generated (on
Fedora 35) with
> $ wget https://boostorg.jfrog.io/artifactory/main/release/1.77.0/source/boost_1_77_0.tar.bz2
> $ printf 'fc9f85fc030e233142908241af7a846e60630aa7388de9a5fafb1f3a26840854 boost_1_77_0.tar.bz2' | sha256sum -c # cf. <https://www.boost.org/users/history/version_1_77_0.html>
> boost_1_77_0.tar.bz2: OK
> $ external/boost/repack_tarball.sh boost_1_77_0.tar.bz2
> Unpacking boost_1_77_0.tar.bz2 ...
> Removing unnecessary files ...
> Creating boost_1_77_0.tar.xz ...
> Cleaning up ...
> 9b334d6c6d7af5a0687280788cd84444398b8e0b472cd88e52bbc3c3ef11d98e boost_1_77_0.tar.xz
> Done.
Change-Id: I527cad7eb2f311d968da371f268644bdd31f6462
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124947
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Duplication of external tarballs in flatpak-manifest.in is a maintenance
nightmare.
The only difference between the current flatpak-manifest.in and the one
generated from:
make -s cmd cmd='${SRCDIR}/solenv/bin/generate-flatpak-manifest.sh master' > org.libreoffice.LibreOffice.json
... is that the current one contains an outdated reference to
zxing-cpp-1.1.1.tar.gz which was upgraded to zxing-cpp-1.2.0.tar.gz
in download.lst.
Change-Id: I98ab9346244f2c0d788da391928fcb4ffebbe23f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124891
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
...by partially reverting 9ba2231084fb788c66a3bbc16cab7c02f35b41a2"download.lst:
define OPENSYMBOL variables like everything else", which caused
> Makefile.fetch:102: *** "fetch_Download_item: no checksum found for b7cae45ad2c23551fd6ccb8ae2c1f59e-numbertext_0.9.5.oxt. Please define NUMBERTEXT_EXTENSION_SHA256SUM in download.lst.". Stop.
Change-Id: Ib9e2032ab3cbb825863d9b5c7744ba7bdad0e1f5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124927
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
No reason why the filename should be defined in configure?
Remove unused NUMBERTEXT_EXTENSION_SHA256SUM.
Change-Id: I3d3084e2052cb98ddbe2c1cf10691dcc5d716d19
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124889
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I0abca87c983a431c4ee8c9c117d54480e3f4df75
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124887
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I8302f4fed3f7c9a1c2a1b374114066b1327f34c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124844
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2019-12900
Change-Id: If3fcfff78a61c60014ba6d96f1ee0c432ccc52a1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124758
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I9e856fc2d61f1789a6f1702514837860539a0f49
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124573
Tested-by: Jenkins
Tested-by: René Engelhard <rene@debian.org>
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: Ib2b919bb7545f05631aed2e6176a97aeb866ee84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122772
Tested-by: Jenkins
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
simd enabled for x86_64 and x86, arm/aarch64 might be worth exploring
too
Change-Id: Ic2726ee8c6b6e59ca983b977ee2731f5b78b97d1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123898
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I5914c16db85c688b38575f510a44c7ddb043d2e2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123888
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I39ca17984cc03de815386343b2f4c4fffd5c861e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123891
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
langtag-valencia.patch.0 merged as:
https://bitbucket.org/tagoh/liblangtag/commits/fe35532a0b98d5a8179b9edee0d61ea8db9b5921
external/liblangtag/Wformat-overflow.patch redundant since:
https://bitbucket.org/tagoh/liblangtag/commits/49135ef561f309078f0bfd6e1f15052769cf75b4
Change-Id: Ieeb19679837f03a6938c97f069d6fb1e6dd9a30d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123890
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I794e188daf2d50c457a80bc3b12bfafd0c91c8aa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123887
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I40c3239495c6050add3ce2343453241f8c825d62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123886
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
removed epoxy.pyresource-leak.patch in favor of upstream
https://github.com/anholt/libepoxy/pull/243/commits/d0b319e27b874a13f6b41f4759c272b08d74cb8a
Change-Id: I9d3545b1dcf9dbdd5e28a54e13477a027636c444
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123882
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123883
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream
Change-Id: I2bcfbbdd29651c75537419caab9a3cce5d564131
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123817
Tested-by: Jenkins
Reviewed-by: Tor Lillqvist <tml@collabora.com>
|
|
Change-Id: I4e86b163a9abef88f26c6c0ae91ae0a4008658f1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122485
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|