Age | Commit message (Collapse) | Author |
|
Change-Id: Ie79f4752c4d0978b816774674bc923e6973289f8
|
|
Not quite complete yet, missing e.g. Vulkan sources, and the setup
is not completely correct either.
Change-Id: I2283bf12f0d226ff8a34554deae5a7bd69045971
|
|
Change-Id: Ic65bedd208e45dfb58e27d297c231d7d5ce7385f
Reviewed-on: https://gerrit.libreoffice.org/83835
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Fixes CVE-2019-11745.
Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream.
Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08
Reviewed-on: https://gerrit.libreoffice.org/83673
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Fixes CVE-2019-18197.
Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
... which is, surprisingly enough, required to build the latest libxslt.
Change-Id: Ifbb36ed61b8f68185f9c788f63a8edeb58899f94
Reviewed-on: https://gerrit.libreoffice.org/83311
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543
CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873
CVE-2019-10872 CVE-2019-10871 CVE-2019-10018
remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35
Reviewed-on: https://gerrit.libreoffice.org/83308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056
and expat CVE-2019-15903.
python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a
mystery why --with-system-expat is used everywhere but on MacOSX,
where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no
obvious reason, so try to remove the special case and get rid of the
patch.
Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96
Reviewed-on: https://gerrit.libreoffice.org/83117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
|
Also simplify visibility.patch.1.
Change-Id: I8b4ed78b314a1a1f7d31467f782877f056429cc2
Reviewed-on: https://gerrit.libreoffice.org/82548
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Iebbf6a2b77951e4e952dd2da42b374c8ec00ad7b
Reviewed-on: https://gerrit.libreoffice.org/81718
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
sberg says: On Windows, implicit --enable-extras first causes a build breaker
in workdir/UnpackedTarball/icu/source/extras/scrptrun when linking, because
Windows link.exe doesn't understand -o. But even with a patch
> --- source/extra/scrptrun/Makefile.in
> +++ source/extra/scrptrun/Makefile.in
> @@ -74,7 +74,7 @@
> && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
>
> $(TARGET) : $(OBJECTS)
> - $(LINK.cc) -o $@ $^ $(LIBS)
> + $(LINK.cc) $(OUTOPT)$@ $^ $(LIBS)
> $(POST_BUILD_STEP)
>
> invoke:
linking would still fail with a missing ../../lib/icuucdd.lib, which is
apparently expanded from $(LIBS) there, but I have no idea where it should be
built but isn't. Lets hope that --disable-extras is sufficient for our needs.
Change-Id: I6d0117b230caa41abf488fcd069028e3474700f8
Reviewed-on: https://gerrit.libreoffice.org/81632
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
As an interim step to upgrade to ICU 65.1
Adds new scripts and Unicode blocks from Unicode 12.
Change-Id: Idc4a6b29ffb04bcb424522fcbd29a8db0428c056
Reviewed-on: https://gerrit.libreoffice.org/81611
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
Change-Id: Idf7cca7b09594fe4452006fe884577725adf0c0e
Reviewed-on: https://gerrit.libreoffice.org/80632
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: Ideb980a07632e75e2bc7fffa851b8419e727c13b
Reviewed-on: https://gerrit.libreoffice.org/80340
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ia98c9718ccd8e18b5f56851027bde944164f05c4
Reviewed-on: https://gerrit.libreoffice.org/78976
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I9d47d9afed47e01657b42fbfdb06e7fc91a150c8
Reviewed-on: https://gerrit.libreoffice.org/78806
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I1a16e7ba9a096862933536268dacf5ab49476896
Reviewed-on: https://gerrit.libreoffice.org/78246
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: Ifd945d03719bf2ed1fb145b405f1ea9297ebeb68
Reviewed-on: https://gerrit.libreoffice.org/77983
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: I7983dd10fe6599a2473caf0da04a0df3e63e9b2a
Reviewed-on: https://gerrit.libreoffice.org/77790
Tested-by: Jenkins
Reviewed-by: Khaled Hosny <khaledhosny@eglug.org>
|
|
Change-Id: I4eb115c7c085b325370e9cd8f80e1b03f16f5033
Reviewed-on: https://gerrit.libreoffice.org/77640
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Change-Id: Ibb45a473f49a9ba8f9cf53593dead375ac8a1951
Reviewed-on: https://gerrit.libreoffice.org/77639
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Turns out the earlier mdds 1.5.0 package was not correctly packaged.
I've fixed that now, and re-published the 1.5.0 package, which does
contain the patch from Lubos.
Change-Id: I1ff7d6568568860f7cccd3be3bc29aaaebe7fd73
Reviewed-on: https://gerrit.libreoffice.org/77483
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: Ibff9a5e0f0771e4cf12b4dc3985661a01195e265
Reviewed-on: https://gerrit.libreoffice.org/77482
Tested-by: Jenkins
Reviewed-by: Kohei Yoshida <kohei@libreoffice.org>
|
|
Change-Id: I3d12b7307ad61f7fa73b19ff9ce7f82aebe3b162
Reviewed-on: https://gerrit.libreoffice.org/75758
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Change-Id: I616f57bd9de72b078500a290bf9ff89c71773f26
Reviewed-on: https://gerrit.libreoffice.org/75736
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Iad48c663708dc9cda00d2a8534981f34c1c6f9d0
Reviewed-on: https://gerrit.libreoffice.org/75577
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
Fixes CVE-2019-11729 CVE-2019-11719 CVE-2019-11727, and the less
important CVE-2018-12384 and CVE-2018-12404 from intermediate releases.
Since NSS 3.44 it's possible to build as static libraries and for iOS;
drop the nss-chromium-nss-static.patch and nss-more-static.patch and
hope that it works.
Drop one hunk from nss.patch that looks fixed upstream.
Change-Id: I7f37ac36f7f8dfd49d0bfb4a6185ca49d4f618a3
Reviewed-on: https://gerrit.libreoffice.org/75344
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
The bundle helps to generate QR code in LO.
Change-Id: Iaa9225a72d15806c929d30951cefd3f3fee8960e
Reviewed-on: https://gerrit.libreoffice.org/73302
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.
Apparently there's no code in LO that uses the CURLU_URLENCODE flag.
The other one, CVE-2019-5436, doesn't matter because we disable tftp.
Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: Ie4c42943445813c7c50bf06cb710cedf2a61f3a9
Reviewed-on: https://gerrit.libreoffice.org/72619
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
https://github.com/anholt/libepoxy/issues/180 sounds very similar and
1.5.3 apparently fixes that
Change-Id: I009f5bc82f9e8326a7028ed29d86733cce649d15
Reviewed-on: https://gerrit.libreoffice.org/71733
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
Fixes CVE-2019-7317.
Change-Id: I3374f5cbd6552e2c1569d63ee680d0c1d9389621
Reviewed-on: https://gerrit.libreoffice.org/71663
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Meant to fix the build problems reported in the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2019-March/082340.html>
"Build failure with latest ICU 64.1".
Change-Id: I006b92f4737f5e56e50527dd954e8c0d339e75dc
Reviewed-on: https://gerrit.libreoffice.org/71143
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I496204ead6c495c4fee2cee18a5b9d0fd22eb8c0
Reviewed-on: https://gerrit.libreoffice.org/70951
Tested-by: Jenkins
Reviewed-by: David Tardon <dtardon@redhat.com>
|
|
Change-Id: I4713b15061e831e1dfeccf8d59e46c0aa2ac4a18
Reviewed-on: https://gerrit.libreoffice.org/70351
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
|
|
Fixes CVE-2019-9636 CVE-2019-5010 CVE-2018-14647
Change-Id: If0a115960aed1ee90b63e6716c844669f0ec91e5
Reviewed-on: https://gerrit.libreoffice.org/70182
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: Iaaac797812b2addd1e5693dbb4338fc1c506a26d
Reviewed-on: https://gerrit.libreoffice.org/69134
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Fixes CVE-2019-7310.
Add patch to fix CVE-2019-9200 too.
CVE-2018-20662 looks irrelevant because we don't build pdfunite tool.
Change-Id: I5e7ddabbb341f6bfefb376d552b50c4006f41906
Reviewed-on: https://gerrit.libreoffice.org/69094
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
As a side-effect, this gets rid of some Clang
-fsanitize=implicit-signed-integer-truncation warnings.
The various external/harfbuzz/*.patch no longer applied and appear not to be
necessary any more. (But a new external/harfbuzz/msvc.patch became necessary.)
<https://dev-www.libreoffice.org/src/harfbuzz-2.3.1.tar.bz2> was downloaded from
<https://www.freedesktop.org/software/harfbuzz/release/harfbuzz-2.3.1.tar.bz2>,
and HARFBUZZ_SHA256SUM in download.lst matches <https://www.freedesktop.org/
software/harfbuzz/release/harfbuzz-2.3.1.tar.bz2.sha256>.
Change-Id: Ic85acd14b4f488b3d88ce1bafc93be271928006e
Reviewed-on: https://gerrit.libreoffice.org/68731
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Fixes CVE-2019-1559, plus a couple low-severity CVEs.
Change-Id: Icb6849ca5f33cb1169ce303505b2e32636e3b25b
Reviewed-on: https://gerrit.libreoffice.org/68430
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Apple can't afford the costly GPG licenses to sign releases apparently,
but the sha256 matches some OpenWRT and FreshPorts repos...
Fixes CVE-2015-7988.
Removing windows build patches, fixed upstream (except for the last hunk
of the SOCKET patch, but that is in code that is only used on MacOSX).
Change-Id: I9fdba5929badb75f995c66da0850d188780e7beb
Reviewed-on: https://gerrit.libreoffice.org/68092
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Fixes CVE-2017-15232, which looks rather minor.
Change-Id: Icffb0c5160bef79577431a02eb10ed9492e01d11
Reviewed-on: https://gerrit.libreoffice.org/68091
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
This fixes some minor CVEs.
Not including the fix for CVE-2018-18064, which does not affect LO
because we use the default implementation of FT_Memory which uses
free/malloc.
Change-Id: Ic047ed52cff3fdeba068f1b8d303c6c96c69addd
Reviewed-on: https://gerrit.libreoffice.org/68088
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Fixes CVE-2018-6942.
Remove freetype-msvc-disable-sse2.patch.1 (doesn't apply and freetype is
only used on Android).
Change-Id: Ia89329f758a077c1493cdea45f99e5f58d1ef265
Reviewed-on: https://gerrit.libreoffice.org/68087
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
fixes CVE-2018-16890 and CVE-2019-3822
Change-Id: I4c0021a5002590659cbfbdf642a7704a05309bf2
Reviewed-on: https://gerrit.libreoffice.org/67444
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
...from <https://github.com/ivmai/libatomic_ops/wiki/Download>. (The md5sum
given there is 99128f05e3e3f4e0cd39aa23f23bbe0c.)
The old version of external/libatomic_ops failed to build at least when building
a Flatpak for aarch64, see
<https://flathub.org/builds/#/builders/39/builds/702/steps/5/logs/stdio>:
[...]
> Making all in src
> Making all in atomic_ops
> Making all in sysdeps
> In file included from atomic_ops_stack.h:32,
> from atomic_ops_malloc.c:20:
> atomic_ops.h:343:4: error: #error Cannot implement AO_compare_and_swap_full on this architecture.
> # error Cannot implement AO_compare_and_swap_full on this architecture.
> ^~~~~
> atomic_ops.c:97:1: error: unknown type name ‘AO_TS_t’; did you mean ‘AO_TS_T’?
> AO_TS_t AO_locks[AO_HASH_SIZE] = {
> ^~~~~~~
> AO_TS_T
[...]
(cf. <https://github.com/flathub/org.libreoffice.LibreOffice/pull/67/commits/
48b22dbabc06f1822df74f755096cf0ea5ba2499> "Upgrade libatomic_ops to latest
libatomic_ops-7.6.8.tar.gz")
Change-Id: Icc040cc47f45f71577995a2ff9c63df97150bdea
Reviewed-on: https://gerrit.libreoffice.org/66983
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I6cdfc50b2385c426e20ce0e9b216b18c763249b8
Reviewed-on: https://gerrit.libreoffice.org/66506
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
|
|
... at least, that's the plan - this is harder than it appears, as the
upstream maintainer appears to have released version 2.9 at least 3
times:
- Fedora has a file evidently downloaded before Nov. 17 with SHA512 of e30ad5a9a1ab9e7aaace9431434caa19a5ff6143db46644aba971a5ee37a265b26bf738e886d766405a7eb45a9d620d67c7ab3684ace86a107cf5a76642c04a5
- Gentoo has a file evidently downloaded before Nov. 19 with SHA256 of d4ad6f8718f7f9dc8b2a3276c9f237aa3f5eccdcf98b86dedc4262d8a1e7f009
- Debian has a file evidently downloaded before Dec. 17 with SHA256 of 48c6fdf98396fa245ed86e622028caf49b96fa22f3e5734f853f806fbc8e7d20
The lcms2-2.9.tar.gz available from sourceforge currently matches the
one Debian has, so let's use it.
* 0017-Upgrade-Visual-studio-2017-15.8.patch added (fixing CVE-2018-16435)
* 0001-Added-an-extra-check-to-MLU-bounds.patch.1 removed (fixed upstream)
Change-Id: Iab8dada8f6d77d5b2da8560993380b3332bc02f6
Reviewed-on: https://gerrit.libreoffice.org/66400
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|
|
Change-Id: Ie4f0cc8f06432e182ce7ffcae5269075d12658ef
Reviewed-on: https://gerrit.libreoffice.org/66408
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
fixes CVE-2018-16840
Change-Id: Ica995a28a71eb5d5277d045d57fee9ba0f88883f
Reviewed-on: https://gerrit.libreoffice.org/66328
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
|