| Age | Commit message (Collapse) | Author |
|---|
|
Fixes CVE-2022-29824.
Change-Id: I31d6ec794b01dee0bb17022ef2e18d2acd8255df
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133813
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f670422a01e7336ba8a554331f3781ec7f5c4e8c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133831
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Fixes CVE-2018-25032
external/zlib/ubsan.patch: remove, fixed upstream
Change-Id: I2aa9a9008b9cf7efd970c5fff0df7029204204f8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132358
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bfb6c4c65781a610d21409d974227d73f264f41a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132192
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2022-23308
Change-Id: I1b3bf5cf58d7d1f39c224b0d898176c95107fbf5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130241
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d50a7151431335d1431bccef000ae39f84bdf135)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130260
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: Ibec5c6b2a321c48725e0888135c09d9b1835d0b7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
Change-Id: I1cb0449411fe938fe47ab47cead685fd04e137dd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130156
Tested-by: Jenkins
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
Fixes CVE-2021-30560
Change-Id: I334662ddc40955780321133be9aee23858e04dc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130023
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ia9e1c68bd13974ec7403016197cc2d91c193f7bb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129860
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 7cd3013a3704b8365e295f4260e242273d45d27e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129841
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
Change-Id: I1f2694abd9f577e0b4fedbf27118b52be8a1a688
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129180
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
|
|
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Includes: nss: upgrade to release 3.71
* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126250
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
Fixes CVE-2021-23222.
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125146
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
The changelogs tend to mention "crash in malformed files" a lot.
Change-Id: Iadc1d9cc23abd09a8fff58ba0cb7a7803236a542
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125034
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 03bc0f97205593547ddf1fc8d4fb396479bcab6d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124973
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2020-36230 and CVE-2020-36229 in libldap, plus lots of
other CVEs that affect only the server.
Unfortunately it looks like NSS support was removed in release 2.5.0.
Change-Id: Ie43d7da1b9e92b5712f9cd22c4613648394c696f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124914
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 9393325c1db9fa25037d208607b71adb567a8bbc)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124860
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2019-12900
Change-Id: If3fcfff78a61c60014ba6d96f1ee0c432ccc52a1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124758
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 1289125532a029dc80e4ee3d0a49dca253f51888)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124762
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
includes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
Change-Id: I0047bdaa7e6e3aed1317eb014d2051a4d5ac5964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123852
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I25aa71d214eec3a131a7b11dfe292764061a127c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122182
Tested-by: Jenkins
Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
(cherry picked from commit 95406f2e172df13ae9c6536ca1378cd7fca3b2de)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122129
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
Change-Id: I0a2b43f291ef15f0bdacfb33b5396658efd1ea2d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121047
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 61626cf179bf2166462e4e9d3222caaf388e81e0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121055
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Fixes CVE-2021-3712, CVE-2021-3711 (not obvious if any of them affect LO)
Change-Id: I98652348977a5a3c728f1d4fdf7293b76a93b630
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121026
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 5c391f4346e86bd5d7528fbb42a3af64f98a03d3)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120986
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
|
|
Change-Id: Ibd930ab4f97e2f74868b73163d7f2f46fb466749
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120436
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
* Fixes CVE-2020-8284 CVE-2021-22924
* Also fixes these which don't look relevant to LO:
CVE-2020-8231
CVE-2020-8285 CVE-2020-8286
CVE-2021-22876 CVE-2021-22890
CVE-2021-22897 CVE-2021-22898 CVE-2021-22901
CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926
* disable some new protocols and dependencies
* remove curl-ios.patch.1 as the code no longer exists upstream
Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119261
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
So we don't build 3.8.8rc1 anymore. I didn't look into 3.9.
Change-Id: Ife7d898c913b9b164168b0ef23a055deea55815f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117757
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
(cherry picked from commit c22fc8e1f60bb98a87d22e7ff9bd3290dbb9fe02)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117854
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Bundle the files from poppler_data and provide the path to them to
poppler when the bundled poppler library is used.
Change-Id: I13a2ef861303a0be17aa0a861ef8ac96ed8a93be
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117523
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 648e4106cc002ff5b8184a8c104f93cb06e4b540)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117714
|
|
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116092
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes:
CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
* external/libxml2/ubsan.patch.0: remove, fixed upstream
Change-Id: I347dc854b862e78bde87d3e57cf5fdb584ca5673
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115913
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Iad586802e89b19701a20bebff06b238b617af2a9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115769
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Change-Id: I32836175a877349777dcbb6eb7b0d813aa31199a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115479
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
Change-Id: I38c85fb3e30ffd1f7fc0a11948fc01338f7bb205
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115444
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ibb26390e6cc13c925f499bf95cfc6177d8c9b735
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115355
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
We've been using a version from 2015. And it appears that most (all?)
crashreports generated on Windows have unusable backtraces, so maybe
this update helps with that.
Change-Id: Ied4a7943e6023c625bcd9060f18b4b90c00ad29b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113750
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
And drop the 2 upstreamed patches.
Change-Id: Ia821023d9cc06df5e9e7aef82c070ad1c98b67e4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114894
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Culmus font 0.131 updated to 0.133
Change-Id: Icd79dbef8dc350362ea4c4a7ed2ff05a1b95a1a5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114738
Reviewed-by: Hossein <hossein.ir@gmail.com>
Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
Tested-by: Jenkins
|
|
Change-Id: Ia56693bac2dea931664caa79a6b1e90bf7a58c93
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114155
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
Its build system has switches to scons, so build the library
using gbuild.
Change-Id: I45b784e65e4987c25baf3fa1477816c744663bf0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114107
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
The m91 snapshot seems to cause a number of Vulkan problems.
My commit already worked around one, but there are apparently
others, such as very slow startup, or a failed Skia assertion
triggered by VCL Skia's copyArea().
This reverts commit 09d850e46903a528d4b08d3fdf03c3964d79fbc5.
Change-Id: I4f1832ba76db15cab8eccbe115d21c989da3c841
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114089
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Change-Id: I82050e9695b9aa49c33ee16d345bb64595b00bbc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113978
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
...using Java 1.4 java.util.logging.Logger instead also for the last remaining
uses in reportbuilder.
(The mention in swext/mediawiki/src/THIRDPARTYLICENSEREADME.html was presumably
a leftover from 4b6ceed4a4a9b152905a8b1712ffb9bd61373c16 "swext: Wiki Publisher
does not use those apache-commons libraries".)
Change-Id: Ia0bc598fe5844ced11cae497548ec7d09453a99d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113939
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I6ffa01f092455f79bb3690875e1b286ae2298832
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113819
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
I didn't check all commits, but the most likely fix was "Fix hang
on SSL connection close with IIS (issue #11)". The server from
this bug report is a "Microsoft-IIS/10.0", according to the output
from "curl --dump-header".
Not sure this bug is critical enough to bump the neon dependency
in configure.
Change-Id: I3e20bad1aa732641e6f8a83316e58fc7513186c6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113495
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
Change-Id: Ie01fdee7379c398fe7df7c140e2f0059bea71abe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113380
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Change-Id: I93b9a32a82098a7b45e899ef29349c48276aa724
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113067
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
It's no longer used by Android Viewer and use in
the online-based Android app has already been removed
in online commit
commit 2a52d768dd61f2ef8fedccb32f015c9095915935
Date: Wed Feb 19 09:05:56 2020 +0100
android shell: Remove the 'storage framework', we have content providers.
Change-Id: I468c7121eb495eb8b1a8892f14f2c289b94b7a93
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112766
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.weghorn@posteo.de>
|
|
It was replaced by ZXing library.
Change-Id: I49eb809586c7b4ba3a93fd77f804bfc93fead669
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112701
Reviewed-by: René Engelhard <rene@debian.org>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
|
|
Change-Id: I0023f6ce8315427b1a3deaf755e78ae06475b08c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112053
Reviewed-by: René Engelhard <rene@debian.org>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: René Engelhard <rene@debian.org>
Tested-by: Jenkins
|
|
Including chrome/m89, which wasn't included before because of
tdf#140023.
Change-Id: I64f1de8e10eab2d92a9383ce8104be5afca40101
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111792
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Fixes CVE-2021-3177 plus these less important ones:
CVE-2021-23336 CVE-2020-27619 CVE-2020-26116 CVE-2019-20907
Change-Id: Idbe072a9db1faf8363b4f7795b9fde71c26969f0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111208
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
That update started using SkSamplingOptions to specify image scaling
quality. Some places using SkImage::makeShader() should use
the quality instead of default SkSamplingOptions ctor, but even with that
fix the test document still uses the default nearest quality. Since
chrome/m90 will introduce further changes related to this, I'll just
revert to m88 and revisit this with m90.
This reverts commit 2cf9b8e265e9694803f55e30f2f392abfa512a5a.
Change-Id: Iea0e57b7e7b804675d393e4088532a6f617bfd43
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110541
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
– New language modules: Irish, Luganda, Maltese and Marathi
– tdf#136368 fix Old Hungarian transliteration
– Fixes in Finnish, Thai and Ukrainian language modules.
See https://github.com/Numbertext/libnumbertext/releases/tag/1.0.7
and https://github.com/Numbertext/libnumbertext/blob/1.0.7/ChangeLog
Change-Id: If98c6098e5d66a4fee8c316e10c8c8a69202e10f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110235
Tested-by: Jenkins
Reviewed-by: László Németh <nemeth@numbertext.org>
|
|
Change-Id: Ibc59469b74d54a2b307ea708ea5c4a752532f0b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109840
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Change-Id: I82517728139a4b270d98e2694f2a21b248c80d4f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109568
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
Fixes CVE-2020-25694, plus a bunch more CVE that don't look relevant.
* --with-krb5 no longer exists, neither does --disable-shared
* remove internal-zlib.patch.1:
zlib is only used by pg_* tools / contrib/pgcrypto
* remove postgresql-libs-leak.patch:
some relic from pre-gbuild times, not clear what the point is for
static libs
* remove postgresql-9.2.1-libreoffice.patch:
another dmake .mk file relic, and the win32 nmake build system was
removed
* add postgres-msvc-build.patch.1 to fix Cygwin perl and openssl
* on WNT, libpq.dll is now built, no longer static lib
Change-Id: Ic0232a28801b2f604d9f4e33d5621ae3362defaa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109640
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I8c813005d8a1165e0baab81fd9f8b47c0aa3aa62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109387
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
