summaryrefslogtreecommitdiff
path: root/download.lst
AgeCommit message (Collapse)Author
2019-11-27update Skia to chrome-m79Luboš Luňák
Change-Id: Ie79f4752c4d0978b816774674bc923e6973289f8
2019-11-27initial build of the Skia libraryLuboš Luňák
Not quite complete yet, missing e.g. Vulkan sources, and the setup is not completely correct either. Change-Id: I2283bf12f0d226ff8a34554deae5a7bd69045971
2019-11-27external: update xmlsec to 1.2.29Miklos Vajna
Change-Id: Ic65bedd208e45dfb58e27d297c231d7d5ce7385f Reviewed-on: https://gerrit.libreoffice.org/83835 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-11-26nss: upgrade to release 3.47.1Michael Stahl
Fixes CVE-2019-11745. Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream. Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08 Reviewed-on: https://gerrit.libreoffice.org/83673 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
2019-11-21libxslt: upgrade to release 1.1.34Michael Stahl
Fixes CVE-2019-18197. Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1. Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9 Reviewed-on: https://gerrit.libreoffice.org/83312 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
2019-11-20libxml2: upgrade to release 2.9.10Michael Stahl
... which is, surprisingly enough, required to build the latest libxslt. Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94 Reviewed-on: https://gerrit.libreoffice.org/83311 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
2019-11-20poppler: upgrade to release 0.82.0Michael Stahl
fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543 CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873 CVE-2019-10872 CVE-2019-10871 CVE-2019-10018 remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35 Reviewed-on: https://gerrit.libreoffice.org/83308 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
2019-11-19python3: upgrade to release 3.5.9Michael Stahl
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056 and expat CVE-2019-15903. python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a mystery why --with-system-expat is used everywhere but on MacOSX, where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no obvious reason, so try to remove the special case and get rid of the patch. Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96 Reviewed-on: https://gerrit.libreoffice.org/83117 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
2019-11-13external: update pdfium to 3963Miklos Vajna
Also simplify visibility.patch.1. Change-Id: I8b4ed78b314a1a1f7d31467f782877f056429cc2 Reviewed-on: https://gerrit.libreoffice.org/82548 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-10-30Update to language-subtag-registry-2019-09-16Eike Rathke
Change-Id: Iebbf6a2b77951e4e952dd2da42b374c8ec00ad7b Reviewed-on: https://gerrit.libreoffice.org/81718 Reviewed-by: Eike Rathke <erack@redhat.com> Tested-by: Jenkins
2019-10-30Upgrade to ICU 65.1Eike Rathke
sberg says: On Windows, implicit --enable-extras first causes a build breaker in workdir/UnpackedTarball/icu/source/extras/scrptrun when linking, because Windows link.exe doesn't understand -o. But even with a patch > --- source/extra/scrptrun/Makefile.in > +++ source/extra/scrptrun/Makefile.in > @@ -74,7 +74,7 @@ > && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status > > $(TARGET) : $(OBJECTS) > - $(LINK.cc) -o $@ $^ $(LIBS) > + $(LINK.cc) $(OUTOPT)$@ $^ $(LIBS) > $(POST_BUILD_STEP) > > invoke: linking would still fail with a missing ../../lib/icuucdd.lib, which is apparently expanded from $(LIBS) there, but I have no idea where it should be built but isn't. Lets hope that --disable-extras is sufficient for our needs. Change-Id: I6d0117b230caa41abf488fcd069028e3474700f8 Reviewed-on: https://gerrit.libreoffice.org/81632 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2019-10-28Upgrade to ICU 64.2Eike Rathke
As an interim step to upgrade to ICU 65.1 Adds new scripts and Unicode blocks from Unicode 12. Change-Id: Idc4a6b29ffb04bcb424522fcbd29a8db0428c056 Reviewed-on: https://gerrit.libreoffice.org/81611 Reviewed-by: Eike Rathke <erack@redhat.com> Tested-by: Jenkins
2019-10-11Update orcus to 0.15.3.Kohei Yoshida
Change-Id: Idf7cca7b09594fe4452006fe884577725adf0c0e Reviewed-on: https://gerrit.libreoffice.org/80632 Tested-by: Jenkins Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
2019-10-07openssl 1.0.2tCaolán McNamara
Change-Id: Ideb980a07632e75e2bc7fffa851b8419e727c13b Reviewed-on: https://gerrit.libreoffice.org/80340 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
2019-09-16latest expatCaolán McNamara
Change-Id: Ia98c9718ccd8e18b5f56851027bde944164f05c4 Reviewed-on: https://gerrit.libreoffice.org/78976 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
2019-09-11external: update pdfium to 3896Miklos Vajna
Change-Id: I9d47d9afed47e01657b42fbfdb06e7fc91a150c8 Reviewed-on: https://gerrit.libreoffice.org/78806 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-08-29Update liborcus to 0.15.2.Kohei Yoshida
Change-Id: I1a16e7ba9a096862933536268dacf5ab49476896 Reviewed-on: https://gerrit.libreoffice.org/78246 Tested-by: Jenkins Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
2019-08-23Update orcus to 0.15.1.Kohei Yoshida
Change-Id: Ifd945d03719bf2ed1fb145b405f1ea9297ebeb68 Reviewed-on: https://gerrit.libreoffice.org/77983 Tested-by: Jenkins Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
2019-08-20Update HarfBbuzz to 2.6.0Khaled Hosny
Change-Id: I7983dd10fe6599a2473caf0da04a0df3e63e9b2a Reviewed-on: https://gerrit.libreoffice.org/77790 Tested-by: Jenkins Reviewed-by: Khaled Hosny <khaledhosny@eglug.org>
2019-08-17upload libvisio 0.1.7David Tardon
Change-Id: I4eb115c7c085b325370e9cd8f80e1b03f16f5033 Reviewed-on: https://gerrit.libreoffice.org/77640 Tested-by: Jenkins Reviewed-by: David Tardon <dtardon@redhat.com>
2019-08-17upload libabw 0.1.3David Tardon
Change-Id: Ibb45a473f49a9ba8f9cf53593dead375ac8a1951 Reviewed-on: https://gerrit.libreoffice.org/77639 Tested-by: Jenkins Reviewed-by: David Tardon <dtardon@redhat.com>
2019-08-15Correctly pack mdds 1.5.0.Kohei Yoshida
Turns out the earlier mdds 1.5.0 package was not correctly packaged. I've fixed that now, and re-published the 1.5.0 package, which does contain the patch from Lubos. Change-Id: I1ff7d6568568860f7cccd3be3bc29aaaebe7fd73 Reviewed-on: https://gerrit.libreoffice.org/77483 Tested-by: Jenkins Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
2019-08-15Switch mdds to 1.5.0 and liborcus to 0.15.0.Kohei Yoshida
Change-Id: Ibff9a5e0f0771e4cf12b4dc3985661a01195e265 Reviewed-on: https://gerrit.libreoffice.org/77482 Tested-by: Jenkins Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
2019-07-17tdf#126079 update Source Serif font to 3.0Andras Timar
Change-Id: I3d12b7307ad61f7fa73b19ff9ce7f82aebe3b162 Reviewed-on: https://gerrit.libreoffice.org/75758 Tested-by: Jenkins Reviewed-by: Andras Timar <andras.timar@collabora.com>
2019-07-17external: update pdfium to 3849Miklos Vajna
Change-Id: I616f57bd9de72b078500a290bf9ff89c71773f26 Reviewed-on: https://gerrit.libreoffice.org/75736 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-07-14tdf#120047 use new opens___.ttf version 102.11Andras Timar
Change-Id: Iad48c663708dc9cda00d2a8534981f34c1c6f9d0 Reviewed-on: https://gerrit.libreoffice.org/75577 Tested-by: Jenkins Reviewed-by: Andras Timar <andras.timar@collabora.com>
2019-07-10nss: upgrade to release 3.45Michael Stahl
Fixes CVE-2019-11729 CVE-2019-11719 CVE-2019-11727, and the less important CVE-2018-12384 and CVE-2018-12404 from intermediate releases. Since NSS 3.44 it's possible to build as static libraries and for iOS; drop the nss-chromium-nss-static.patch and nss-more-static.patch and hope that it works. Drop one hunk from nss.patch that looks fixed upstream. Change-Id: I7f37ac36f7f8dfd49d0bfb4a6185ca49d4f618a3 Reviewed-on: https://gerrit.libreoffice.org/75344 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-07-02bundle external: qrcodegenShubham Goyal
The bundle helps to generate QR code in LO. Change-Id: Iaa9225a72d15806c929d30951cefd3f3fee8960e Reviewed-on: https://gerrit.libreoffice.org/73302 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-05-22curl: upgrade to release 7.65.0Michael Stahl
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit Windows because fortunately we don't use /LARGEADDRESSAWARE flag to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux the user-space VM is 3GB so an exploit might be possible. Apparently there's no code in LO that uses the CURLU_URLENCODE flag. The other one, CVE-2019-5436, doesn't matter because we disable tftp. Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9 Reviewed-on: https://gerrit.libreoffice.org/72732 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-05-21external: update pdfium to 3794Miklos Vajna
Change-Id: Ie4c42943445813c7c50bf06cb710cedf2a61f3a9 Reviewed-on: https://gerrit.libreoffice.org/72619 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-05-03Related: tdf#124942 upgrade epoxy to 1.5.3Caolán McNamara
https://github.com/anholt/libepoxy/issues/180 sounds very similar and 1.5.3 apparently fixes that Change-Id: I009f5bc82f9e8326a7028ed29d86733cce649d15 Reviewed-on: https://gerrit.libreoffice.org/71733 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
2019-05-02libpng: upgrade to release 1.6.37Michael Stahl
Fixes CVE-2019-7317. Change-Id: I3374f5cbd6552e2c1569d63ee680d0c1d9389621 Reviewed-on: https://gerrit.libreoffice.org/71663 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-04-24extern: update xmlsec to 1.2.28Miklos Vajna
Meant to fix the build problems reported in the mail thread starting at <https://lists.freedesktop.org/archives/libreoffice/2019-March/082340.html> "Build failure with latest ICU 64.1". Change-Id: I006b92f4737f5e56e50527dd954e8c0d339e75dc Reviewed-on: https://gerrit.libreoffice.org/71143 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-04-21upload libmwaw 0.3.15David Tardon
Change-Id: I496204ead6c495c4fee2cee18a5b9d0fd22eb8c0 Reviewed-on: https://gerrit.libreoffice.org/70951 Tested-by: Jenkins Reviewed-by: David Tardon <dtardon@redhat.com>
2019-04-06Upgrade to language-subtag-registry-2019-04-03Eike Rathke
Change-Id: I4713b15061e831e1dfeccf8d59e46c0aa2ac4a18 Reviewed-on: https://gerrit.libreoffice.org/70351 Reviewed-by: Eike Rathke <erack@redhat.com> Tested-by: Jenkins
2019-04-03python3: upgrade to release 3.5.7Michael Stahl
Fixes CVE-2019-9636 CVE-2019-5010 CVE-2018-14647 Change-Id: If0a115960aed1ee90b63e6716c844669f0ec91e5 Reviewed-on: https://gerrit.libreoffice.org/70182 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-03-13external: update pdfium to 3730Miklos Vajna
Change-Id: Iaaac797812b2addd1e5693dbb4338fc1c506a26d Reviewed-on: https://gerrit.libreoffice.org/69134 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-03-12poppler: upgrade to release 0.74.0Michael Stahl
Fixes CVE-2019-7310. Add patch to fix CVE-2019-9200 too. CVE-2018-20662 looks irrelevant because we don't build pdfunite tool. Change-Id: I5e7ddabbb341f6bfefb376d552b50c4006f41906 Reviewed-on: https://gerrit.libreoffice.org/69094 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-03-05Upgrade to latest HarfBuzz 2.3.1Stephan Bergmann
As a side-effect, this gets rid of some Clang -fsanitize=implicit-signed-integer-truncation warnings. The various external/harfbuzz/*.patch no longer applied and appear not to be necessary any more. (But a new external/harfbuzz/msvc.patch became necessary.) <https://dev-www.libreoffice.org/src/harfbuzz-2.3.1.tar.bz2> was downloaded from <https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-2.3.1.tar.bz2>, and HARFBUZZ_SHA256SUM in download.lst matches <https://www.freedesktop.org/ software/harfbuzz/release/harfbuzz-2.3.1.tar.bz2.sha256>. Change-Id: Ic85acd14b4f488b3d88ce1bafc93be271928006e Reviewed-on: https://gerrit.libreoffice.org/68731 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2019-02-27openssl: upgrade to release 1.0.2rMichael Stahl
Fixes CVE-2019-1559, plus a couple low-severity CVEs. Change-Id: Icb6849ca5f33cb1169ce303505b2e32636e3b25b Reviewed-on: https://gerrit.libreoffice.org/68430 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-02-20mDNSResponder: upgrade to release 878.200.35Michael Stahl
Apple can't afford the costly GPG licenses to sign releases apparently, but the sha256 matches some OpenWRT and FreshPorts repos... Fixes CVE-2015-7988. Removing windows build patches, fixed upstream (except for the last hunk of the SOCKET patch, but that is in code that is only used on MacOSX). Change-Id: I9fdba5929badb75f995c66da0850d188780e7beb Reviewed-on: https://gerrit.libreoffice.org/68092 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-02-20libjpeg-turbo: upgrade to release 1.5.3Michael Stahl
Fixes CVE-2017-15232, which looks rather minor. Change-Id: Icffb0c5160bef79577431a02eb10ed9492e01d11 Reviewed-on: https://gerrit.libreoffice.org/68091 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-02-20cairo: upgrade to release 1.16.0Michael Stahl
This fixes some minor CVEs. Not including the fix for CVE-2018-18064, which does not affect LO because we use the default implementation of FT_Memory which uses free/malloc. Change-Id: Ic047ed52cff3fdeba068f1b8d303c6c96c69addd Reviewed-on: https://gerrit.libreoffice.org/68088 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-02-20freetype: upgrade to release 2.9.1Michael Stahl
Fixes CVE-2018-6942. Remove freetype-msvc-disable-sse2.patch.1 (doesn't apply and freetype is only used on Android). Change-Id: Ia89329f758a077c1493cdea45f99e5f58d1ef265 Reviewed-on: https://gerrit.libreoffice.org/68087 Reviewed-by: Michael Stahl <Michael.Stahl@cib.de> Tested-by: Michael Stahl <Michael.Stahl@cib.de>
2019-02-06curl: upgrade to release 7.64.0Michael Stahl
fixes CVE-2018-16890 and CVE-2019-3822 Change-Id: I4c0021a5002590659cbfbdf642a7704a05309bf2 Reviewed-on: https://gerrit.libreoffice.org/67444 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-01-28Upgrade libatomic_ops to latest libatomic_ops-7.6.8.tar.gzStephan Bergmann
...from <https://github.com/ivmai/libatomic_ops/wiki/Download>. (The md5sum given there is 99128f05e3e3f4e0cd39aa23f23bbe0c.) The old version of external/libatomic_ops failed to build at least when building a Flatpak for aarch64, see <https://flathub.org/builds/#/builders/39/builds/702/steps/5/logs/stdio>: [...] > Making all in src > Making all in atomic_ops > Making all in sysdeps > In file included from atomic_ops_stack.h:32, > from atomic_ops_malloc.c:20: > atomic_ops.h:343:4: error: #error Cannot implement AO_compare_and_swap_full on this architecture. > # error Cannot implement AO_compare_and_swap_full on this architecture. > ^~~~~ > atomic_ops.c:97:1: error: unknown type name ‘AO_TS_t’; did you mean ‘AO_TS_T’? > AO_TS_t AO_locks[AO_HASH_SIZE] = { > ^~~~~~~ > AO_TS_T [...] (cf. <https://github.com/flathub/org.libreoffice.LibreOffice/pull/67/commits/ 48b22dbabc06f1822df74f755096cf0ea5ba2499> "Upgrade libatomic_ops to latest libatomic_ops-7.6.8.tar.gz") Change-Id: Icc040cc47f45f71577995a2ff9c63df97150bdea Reviewed-on: https://gerrit.libreoffice.org/66983 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2019-01-17upgrade to python 3.5.6Caolán McNamara
Change-Id: I6cdfc50b2385c426e20ce0e9b216b18c763249b8 Reviewed-on: https://gerrit.libreoffice.org/66506 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
2019-01-16lcms2: upgrade to release 2.9Michael Stahl
... at least, that's the plan - this is harder than it appears, as the upstream maintainer appears to have released version 2.9 at least 3 times: - Fedora has a file evidently downloaded before Nov. 17 with SHA512 of e30ad5a9a1ab9e7aaace9431434caa19a5ff6143db46644aba971a5ee37a265b26bf738e886d766405a7eb45a9d620d67c7ab3684ace86a107cf5a76642c04a5 - Gentoo has a file evidently downloaded before Nov. 19 with SHA256 of d4ad6f8718f7f9dc8b2a3276c9f237aa3f5eccdcf98b86dedc4262d8a1e7f009 - Debian has a file evidently downloaded before Dec. 17 with SHA256 of 48c6fdf98396fa245ed86e622028caf49b96fa22f3e5734f853f806fbc8e7d20 The lcms2-2.9.tar.gz available from sourceforge currently matches the one Debian has, so let's use it. * 0017-Upgrade-Visual-studio-2017-15.8.patch added (fixing CVE-2018-16435) * 0001-Added-an-extra-check-to-MLU-bounds.patch.1 removed (fixed upstream) Change-Id: Iab8dada8f6d77d5b2da8560993380b3332bc02f6 Reviewed-on: https://gerrit.libreoffice.org/66400 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
2019-01-16external: update pdfium to 3667Miklos Vajna
Change-Id: Ie4f0cc8f06432e182ce7ffcae5269075d12658ef Reviewed-on: https://gerrit.libreoffice.org/66408 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2019-01-15curl: upgrade to release 7.63.0Michael Stahl
fixes CVE-2018-16840 Change-Id: Ica995a28a71eb5d5277d045d57fee9ba0f88883f Reviewed-on: https://gerrit.libreoffice.org/66328 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>