Univention Bugzilla – Bug 57340
libreoffice: Multiple issues (4.4)
Last modified: 2024-05-29 12:32:00 CEST
New Debian libreoffice 1:6.1.5-3~deb9u3 fixes: This update addresses the following issue: 1:6.1.5-3~deb9u3 (Sat, 25 May 2024 19:33:00 +0000) * Team upload by ELTS security team. * Fix CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allowed an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
--- mirror/ftp/4.4/unmaintained/4.4-2/source/libreoffice_5.2.7-1+deb9u11.dsc +++ apt/ucs_4.4-0-errata4.4-9/source/libreoffice_6.1.5-3~deb9u3.dsc @@ -1,4 +1,183 @@ -1:5.2.7-1+deb9u11 [Fri, 06 Sep 2019 11:53:15 +0200] Rene Engelhard <rene@debian.org>: +1:6.1.5-3~deb9u3 [Sat, 25 May 2024 19:33:00 +0000] Bastien Roucariès <rouca@debian.org>: + + * Team upload by ELTS security team. + * Fix CVE-2024-3044: Unchecked script execution in + Graphic on-click binding in affected LibreOffice + versions allowed an attacker to create a document + which without prompt will execute scripts built-into + LibreOffice on clicking a graphic. + Such scripts were previously deemed trusted + but are now deemed untrusted. + +1:6.1.5-3~deb9u2 [Thu, 28 Dec 2023 09:25:58 +0000] Bastien Roucariès <rouca@debian.org>: + + * Upload by ELTS security team. + * Fix CVE-2023-6185: An Improper Input Validation vulnerability + was found in GStreamer integration of The Document + Foundation LibreOffice allows an attacker to execute arbitrary + GStreamer plugins. In affected versions the filename of the + embedded video is not sufficiently escaped when passed to + GStreamer enabling an attacker to run arbitrary + gstreamer plugins depending on what plugins are installed + on the target system. + * Fix CVE-2023-6186: LibreOffice supports hyperlinks. + In addition to the typical common protocols such as + http/https hyperlinks can also have target URLs that + can launch built-in macros or dispatch built-in + internal commands. In affected version of LibreOffice + there are scenarios where these can be executed without warning + if the user activates such hyperlinks. In later versions + the users's explicit macro execution permissions + for the document are now consulted if these non-typical + hyperlinks can be executed. The possibility to use these + variants of hyperlink targets for floating frames has been removed. + * Fix CVE-2020-12802: LibreOffice has a 'stealth mode' in which only + documents from locations deemed 'trusted' are allowed to + retrieve remote resources. This mode is not the default mode, + but can be enabled by users who want to disable LibreOffice's ability + to include remote resources within a document. A flaw existed + where remote graphic links loaded from docx documents were omitted + from this protection. + * Fix CVE-2020-12801: If LibreOffice has an encrypted document + open and crashes, that document is auto-saved encrypted. + On restart, LibreOffice offers to restore the document + and prompts for the password to decrypt it. If the recovery + is successful, and if the file format of the recovered document + was not LibreOffice's default ODF file format, then affected versions + of LibreOffice default that subsequent saves of the document + are unencrypted. This may lead to a user accidentally saving + a MSOffice file format document unencrypted while believing + it to be encrypted. + * Fix CVE-2020-12803: ODF documents can contain forms to be + filled out by the user. Similar to HTML forms, the contained + form data can be submitted to a URI, for example, to an external + web server. To create submittable forms, ODF implements the + XForms W3C standard, which allows data to be submitted without + the need for macros or other active scripting. LibreOffice allowed + forms to be submitted to any URI, including file: URIs, enabling + form submissions to overwrite local files. User-interaction + is required to submit the form, but to avoid the possibility + of malicious documents engineered to maximize the possibility of + inadvertent user submission this feature has now been limited to + http[s] URIs, removing the possibility to overwrite local files. + +1:6.1.5-3~deb9u1 [Fri, 08 Sep 2023 20:01:47 +0000] Bastien Roucariès <rouca@debian.org>: + + [ Rene Engelhard ] + * Rebuild for stretch-backports. + + * debian/patches/apparmor-{cleanups,mesa,opencl}.diff, debian/patches/series, + debian/rules: revert this and apparmor >= 2.13.1 recommends; stretch doesn't + have apparmor on per default but let's go sure + * debian/control.in, debian/patches/series, debian/libreoffice-base-drivers.NEWS, + debian/patches/use-mariadb-java-instead-of-mysql-java.diff: revert for + stretch-backports... + * debian/patches/disableClassPathURLCheck.diff: revert configure check for + stretch-backports + * tarballs/*, debian/source/include-binaries: include needed internal + stuff + + [ Bastien Roucariès ] + * Upload to stretch as a backport + * Import patch for 1:6.1.5-3+deb10u10 + * Use external xmlsec in order to avoid FTBFS + +1:6.1.5-3+deb10u10 [Sat, 12 Aug 2023 19:58:29 +0000] Bastien Roucariès <rouca@debian.org>: + + * CVE-2023-2255: Improper access control in editor components of + LibreOffice allowed an attacker to craft + a document that would cause external links to be loaded without prompt. + In the affected versions of LibreOffice documents + that used "floating frames" + linked to external files, would load the contents of those frames + without prompting the user for permission to do so. + This was inconsistent with the treatment of other linked + content in LibreOffice. + +1:6.1.5-3+deb10u9 [Fri, 11 Aug 2023 19:09:29 +0000] Bastien Roucariès <rouca@debian.org>: + + * Team upload by the LTS team + * CVE-2022-3874: Libreoffice may be configured to add an empty + entry to the Java class path. + This may lead to run arbitrary Java code from the + current directory. + * CVE-2023-0950: Improper Validation of Array Index vulnerability in the + spreadsheet component allows an attacker to craft a + spreadsheet document that will cause an array index + underflow when loaded. In the affected versions of LibreOffice + certain malformed spreadsheet formulas, such as AGGREGATE, + could be created with less parameters passed to the formula + interpreter than it expected, leading to an array index + underflow, in which case there is a risk that arbitrary + code could be executed. + +1:6.1.5-3+deb10u8 [Sat, 25 Mar 2023 10:55:37 +0000] Bastien Roucariès <rouca@debian.org>: + + * Add salsa testsuite + * CVE-2022-26307: add Initialization Vectors to password storage. + LibreOffice supports the storage of passwords for web connections in + the user’s configuration database. The stored passwords are encrypted + with a single master key provided by the user. A flaw in LibreOffice + existed where master key was poorly encoded resulting in weakening its + entropy from 128 to 43 bits making the stored passwords vulerable to a + brute force attack if an attacker has access to the users stored + config. + * fix CVE-2022-26306: LibreOffice supports the storage of passwords for + web connections in the user’s configuration database. The stored + passwords are encrypted with a single master key provided by the + user. A flaw in LibreOffice existed where the required initialization + vector for encryption was always the same which weakens the security + of the encryption making them vulnerable if an attacker has access to + the user's configuration data + * CVE-2022-26305: compare authors using Thumbprint + An Improper Certificate Validation vulnerability in LibreOffice + existed where determining if a macro was signed by a trusted author + was done by only matching the serial number and issuer string of the + used certificate with that of a trusted certificate. This is not + sufficient to verify that the macro was actually signed with the + certificate. An adversary could therefore create an arbitrary + certificate with a serial number and an issuer string identical to a + trusted certificate which LibreOffice would present as belonging to + the trusted author, potentially leading to the user to execute + arbitrary code contained in macros improperly trusted. + * CVE-2021-25636: only use X509Data + LibreOffice supports digital signatures of ODF documents and macros + within documents, presenting visual aids that no alteration of the + document occurred since the last signing and that the signature is + valid. An Improper Certificate Validation vulnerability in LibreOffice + allowed an attacker to create a digitally signed ODF document, by + manipulating the documentsignatures.xml or macrosignatures.xml stream + within the document to contain both "X509Data" and "KeyValue" children + of the "KeyInfo" tag, which when opened caused LibreOffice to verify + using the "KeyValue" but to report verification with the unrelated + "X509Data" value. + * CVE-2022-3140: Insufficient validation of "vnd.libreoffice.command" + URI schemes. LibreOffice supports Office URI Schemes to enable browser + integration of LibreOffice with MS SharePoint server. An additional + scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In + the affected versions of LibreOffice links using that scheme could be + constructed to call internal macros with arbitrary arguments. Which + when clicked on, or activated by document events, could result in + arbitrary script execution without warning. + +1:6.1.5-3+deb10u7 [Mon, 08 Mar 2021 13:13:24 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/fix-PYTHONPATH.diff: backport upstream fix to + not leave a bare trailing : in PYTHONPATH as it causes unconditional + loading of encodings.py from . (closes: #984703) + +1:6.1.5-3+deb10u6 [Sat, 01 Feb 2020 15:13:43 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/glm-0.9.9-ctor.diff: add from master, fix opengl slide + transitions with glm >= 0.9.9 (closes: #917927) + +1:6.1.5-3+deb10u5 [Thu, 31 Oct 2019 18:26:41 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/Postgresql-12-no-adsrc.diff: add from + libreoffice-6-3 branch; fix the postgresql driver with + PostgreSQL 12 (closes: #943873) + +1:6.1.5-3+deb10u4 [Fri, 06 Sep 2019 11:52:03 +0200] Rene Engelhard <rene@debian.org>: * debian/patches/expand-pyuno-path-separators.diff. debian/patches/construct-final-url-from-parsed-output.diff, @@ -7,4 +186,1202 @@ debian/patches/Improve-check.diff: add from libreoffice-6-3(-0,-1) branch - more fixes... (CVE-2019-9854/CVE-2019-9855) - + * debian/patches/allow-link-updates-in-an-intermediate-linked-document.diff: + add from libreoffice-6-2 branch - fix regression from CVE-2018-6871 + +1:6.1.5-3+deb10u3 [Tue, 06 Aug 2019 19:47:48 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/expand-LibreLogo-checks-to-global-events.diff, + debian/patches/decode-url-escape-codes-and-check-each-path-segment.diff: + debian/patches/keep-name-percent-encoded.diff + debian/patches/Properly-obtain-location.diff: + backport from libreoffice-6-3-0 branch - more fixes for CVE-2019-9848 and + CVE-2018-16858 + (CVE-2019-9850/CVE-2019-9851/CVE-2019-9852/CVE-2019-9853) + +1:6.1.5-3+deb10u2 [Tue, 18 Jun 2019 20:36:04 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/More-uses-of-referer-URL-with-SvxBrushItem.diff: + add patch from libreoffice-6-2 branch to fix CVE-2019-9849 + +1:6.1.5-3+deb10u1 [Sun, 09 Jun 2019 10:27:49 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/sanitize-LibreLogo-calls.diff, + debian/patches/explictly-exclude-LibreLogo-from-XScript-usage.diff: + add from git; fixing CVE-2019-9848 + +1:6.1.5-3 [Thu, 11 Apr 2019 22:39:53 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou + era 'Reiwa', from libreoffice-6-1 branch + +1:6.1.5-2 [Wed, 03 Apr 2019 13:19:34 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/mention-java-common-package.diff: update message to + reflect current config dir... + * debian/patches/java.vendor-Debian.diff: make jvmfwk recognize "Debian" + as java.vendor as that's what is set in openjdk 11 >= 11.0.3+4-2 + - see #926009 (closes: #926318) + + * debian/control.gtk3.in: + - make libreoffice-gtk3 recommend gstreamer1.0-gtk3 (see LP: #1820062) + * debian/rules: + - remove i386 special-casing for openjdk-8 and -9 from old "stack clash + fix broken on i386" days preventing removal openjdk-8 + (closes: #926281) + +1:6.1.5-1 [Sat, 02 Feb 2019 21:49:54 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/patches/tdf123077.diff: add from libreoffice-6-1 branch + (closes: #920859) + * debian/control.in, debian/rules: recommend fonts-noto-{,ui}-core + instead of transitional fonts-noto-hinted (closes: #920960) + +1:6.1.5~rc1-2 [Thu, 24 Jan 2019 23:49:14 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/jdk-11.0.2-javadoc.diff: backport from master + (closes: #920331) + +1:6.1.5~rc1-1 [Wed, 16 Jan 2019 22:00:43 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + [ Rene Engelhard ] + * debian/rules: + - add mesa-opencl-icd | beignet-opencl-icd as alternatives to + ocl-icd-libopencl1 + + [ Vincas Dargis ] + * debian/patches/apparmor-opencl.diff: Include OpenCL abstractions to fix + OpenCL usage in Calc + +1:6.1.4-4 [Sun, 13 Jan 2019 08:25:12 +0100] Rene Engelhard <rene@debian.org>: + + * debian/control.in: bump recommends for apparmor to >= 2.13.1 and conflict + against apparmor (<< 2.13.1~) (closes: #918499) + * debian/control.in, debian/rules: make apparmor recommends/conflicts + dependant on ENABLE_APPARMOR_PROFILES=y + * debian/control.transitonals.in: add missing {misc:Depends} for -ogltrans + * debian/control.kde*.in: Replaces: libreoffice-kde (<< 1:6.1.0~alpha1-1) + (closes: #919103) + +1:6.1.4-3 [Mon, 31 Dec 2018 22:57:41 +0000] Rene Engelhard <rene@debian.org>: + + * reupload will full control... + +1:6.1.4-2 [Sun, 30 Dec 2018 15:25:38 +0000] Rene Engelhard <rene@debian.org>: + + * debian/patches/m68k-fix-parameter-type.patch: as name says, + thanks John Paul Adrian Glaubitz (closes: #917539) + * debian/patches/lo-xlate-lang-be.diff: belarussian -> belarusian + (closes: #917795) + + * debian/tests/smoketest: fix + * debian/rules: fix libcmis version check (and mysqlcppconn build-dep) + * debian/rules, debian/control*in, debian/scripts/gid2pkgdirs.sh: + merge -ogltrans into -impress + +1:6.1.4-1 [Sat, 15 Dec 2018 14:02:18 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release + - show partial signatures even if cert validation fails + (CERT-Bund#2018100828000257) + + * debian/patches/disableClassPathURLCheck.diff: add new upstream + configure check for this (from master) + + * debian/patches/mdds-1.4.1.diff, debian/patches/orcus-0.14.diff, + debian/rules, debian/shlibs.override.orcus: + use mdds 1.4.x and orcus 0.14.x + + * debian/rules, debian/control.firebird.in: + - enable Firebird on BE archs + * debian/rules: + - fix running the odk/build-examples* tests on _all builds + - disable gdrive stuff. chromium isn't in buster anymore and gdrive didn't + work with chromiums id/secret anyway) (closes: #909152) + - build-depend on libmysqlcppconn >= 1.1.9-4 if building with libcmis 0.5.2 + (snapshots) since LO will pick up c++17 then and otherwise it'll break + - debian/tests/smoketest: skip test on big-endian architectures (see below) + + * merge from Ubuntu: + [ Evangelos Foutras ] + - poppler-fix-build-0-70.patch: fix build failure with poppler >= 0.70 + [ Olivier Tilloy ] + - debian/patches/poppler-dropped-gbool.patch: cherry-pick + upstream commit to fix build failure with poppler >= 0.71 + (see https://gerrit.libreoffice.org/#/c/63625/) + (closes: #915726) + - debian/tests/smoketest: revert previous change and skip the test + altogether on s390x, where unit tests are intentionally not built + +1:6.1.3-2 [Sat, 24 Nov 2018 10:59:44 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/apparmor-mesa.diff: #include mesa abstraction + (closes: #905437) + * debian/patches/disableClassPathURLCheck.diff: add workaround to + fix build with openjdks with S8195874 included - add + -Djdk.net.URLClassPath.disableClassPathURLCheck=true to JAVAIFLAGS; + see https://gerrit.libreoffice.org/#/c/63118/2 + + * debian/patches/use-mariadb-java-instead-of-mysql-java.diff: as name says; + use org.mariadb.jdbc.Driver instead of com.mysql.jdbc.Driver + * debian/control.in: + - Suggest libmariadb-java instead of libmysql-java. See #912916 for more + information. + * debian/patches/jdbc-driver-classpaths.diff: add org.mariadb.jdbc.Driver + classpath pointing to /usr/share/java/mariadb-java-client.jar + * debian/libreoffice-base.bug-script.in: add libmariadb-java + (closes: #913360, thanks Markus Koschany) + + * debian/libreoffice-base-drivers.NEWS: add NEWS about above change + * debian/libreoffice-base.{postrm,preinst}.in: remove manual + --package $DPKG_MAINTSCRIPT_PACKAGE, since dpkg-divert defaults to it + since 1.16.0 anyway if not specified (see #912140). + * debian/control.in: update -core versioned Breaks: to -kde5, not -kde, thanks + Julien Cristau + +1:6.1.3-1 [Mon, 29 Oct 2018 21:29:20 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release + - keeps pyuno script processing below base uri (fixes CVE-2018-16858) + +1:6.1.3~rc1-2 [Sun, 28 Oct 2018 17:16:36 +0000] Rene Engelhard <rene@debian.org>: + + * debian/patches/patches/fix-tests-openjdk11.patch: fix odk examples' + build with Java11 (from upstream master) + + * debian/tests/control: mark pyuno-import, uno-import, test-extension, + test-extension-shared and the sdk/util/check.pl and apparmor tests as + superficial + +1:6.1.3~rc1-1 [Wed, 10 Oct 2018 21:25:32 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + - accepts to insert empty field with 'not null' database constraint + (closes: #910576) + + * debian/patches/DefaultLabel-only-for-interactively-created-OBJs.diff: add + from master (closes: #907710) + +1:6.1.2-1 [Thu, 20 Sep 2018 23:43:47 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release + +1:6.1.1-1 [Mon, 10 Sep 2018 23:38:40 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/patches/fix-gtk3_kde5-filepicker-infinite-loop.diff: add from + libreoffice-6-1 branch: fixes possible infinite loop in gtk3_kde5 + filepicker (closes: #906987) + +1:6.1.1~rc1-2 [Fri, 31 Aug 2018 12:45:39 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/apparmor-fixes.diff: add patch from master to + allow printing to file + * debian/patches/do-not-reset-permissions-on-save.diff: as name says, + from libreoffice-6-1 branch (closes: #907476) + + * debian/rules: move libdbahsqllo.so from -base-drivers to -base-core + (closes: #907397) + * debian/control.in: + - add Replaces: for above + - bump ure Dependency in -core to (>= 6.1.1~) (closes: #907650) + +1:6.1.1~rc1-1 [Fri, 24 Aug 2018 18:57:08 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/apparmor-kde.diff: backport AppArmor KDE fixes from + master + * debian/control.in: + - *really* recommend apparmor (>= 2.13) + +1:6.1.0-1 [Sun, 12 Aug 2018 08:13:03 +0200] Rene Engelhard <rene@debian.org>: + + * Libreoffice 6.1.0 final (identical to rc3) + + * debian/patches/apparmor-fixes.diff: add patch from libreoffice-6-1 + branch to fix saving of documents in apparmor enforce mode + (closes: #905442) + * debian/patches/apparmor-cleanups.diff: use dri-enumerate abstraction of + apparmor; add from https://gerrit.libreoffice.org/#/c/58589 + + * debian/control.in: + - recommend apparmor (>= 2.13) for above + - make -common also depend on -style-colibre, since it apparently also + is needed to have LO draw iit's check/radiobuttons correctly + (closes: #904598, #905408, #905819) + +1:6.1.0~rc3-1 [Thu, 02 Aug 2018 21:06:53 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/do-not-hide-test-output.diff: also do not hide PythonTests + output + + * debian/control.in: add Breaks/Replaces: libreoffice-common (<< + 1:6.1.0~alpha1-1) to libreoffice-help-common (closes: #905185) + * debian/tests/control, debian/tests/smoketest: use "skippable" restriction + and return 77 instead of 0 if running into the timeout + * debian/tests/*: use $AUTOPKGTEST_TMP instead of $ADTTMP + * debian/rules: + - don't suggest libreoffice-spellcheck-tr (for + libreoffice-zemberek) anymore - dead upstream. thanks Muhammet Kara + - support new "terse" in DEB_BUILD_OPTIONS + - replace #!/usr/bin/env perl shebangs in some files by #!/usr/bin/perl + - also fix up ../00/usr/share/libreoffice/help/... in doc-base.... + +1:6.1.0~rc2-3 [Mon, 23 Jul 2018 18:54:04 +0000] Rene Engelhard <rene@debian.org>: + + * debian/tests/control: + - "timeout" is in coreutils... + * debian/rules: + - add | firefox at the end of the -help browser depends (closes: #904312) + +1:6.1.0~rc2-2 [Sat, 21 Jul 2018 23:52:12 +0000] Rene Engelhard <rene@debian.org>: + + * upload to unstable + +1:6.1.0~rc2-1 [Thu, 19 Jul 2018 22:17:15 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/apparmor-allow-java.security.diff: allow + /etc/java-??-openjdk/security/java.security read access, denied because + it's a symlink (closes: #903900) + + * debian/tests/control: add missing libreoffice-dev dependency for the + "smoketest" test + * debian/tests/uno: run config_host.mk with (e.g.) BUILD_KDE=n to avoid + configure failure because qmake is not correctly found + * debian/rules: + - don't depend on x-www-browser, only "qutebrowser" provides it. + Use firefox-esr | epiphany-browser | konqueror | chromium which is + the order xdg-open (which is used to actually open the help) does, too + (closes: #904022) + - temporarily disable dwz. fails since the change to gcc 8 + +1:6.1.0~rc1-2 [Thu, 05 Jul 2018 21:31:20 +0000] Rene Engelhard <rene@debian.org>: + + * rebuild with correct control (all languages...) + +1:6.1.0~rc1-1 [Wed, 04 Jul 2018 23:50:05 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/rules: + - make the tests fatal again (where they were before - amd64/arm64), + the "broken" hsqldb->firebird auto-migration got disabled for 6.1 + - fix PYTHON_VERSION override to work again; + export PYTHON_{CFLAGS,LIBS} ourselves + * debian/control.transitionals.in: make libreoffice-kde "all" again since + it its built everywhere since last upload + * debian/uno-libs3.symbols: add sal PRIVATE_x.y* symbols (closes: #902898) + +1:6.1.0~beta2-1 [Sun, 17 Jun 2018 10:09:05 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + - fixes moving keyboard focus to sidebar styles panel after pressing F11 + (closes: #870476) + + * debian/patches/allow-opensymbol-rebuild.diff: from upstream + https://gerrit.libreoffice.org/#/c/54938/, add new --enable-build-opensymbol + * debian/patches/gtk3-kde5-32bit.diff: add patch from + https://gerrit.libreoffice.org/#/c/55474 to fix gtk3_kde5 filepicker build + on 32bit + * debian/patches/do-not-hide-test-output.diff: don't use tee since that hides + the failure (and -o pipefail doesn't work), just use plain 2>&1 and no log + + * debian/rules: + - allow fontforge additionally to of fontforge-nox + - remove custom build-opensymbol target; use new --enable-build-opensymbol + - fix i386 conditional for not adding a (not fullfillable on stretch + even with backports) default-jdk (>= 2:1.9) build-dep + - don't enable dwz on stretch-backports, the needed debhelper conflicts + against the (needed via libgpgmepp-dev) stable qt5-qmake :/ + - remove USE_DWZ_MULTIFILE conditional (which was disabled), + default since debhelper 11.3 + - make BUILD_TEST_PACKAGES=y be based on DEB_BUILD_PROFILES, not + DEB_BUILD_OPTIONS + - enable gtk3_kde also on 32bit archs + - ignore test failures for now; broke already in beta1-1 but was hidden by + the do-not-hide-test-output.diff bug, so no regression. Needs to be + investigated. + * debian/control.test-packages.in: + - add Build-Profiles: <!nocheck> + * debian/control.sdk.in: + - add Build-Profiles: <!nodoc> for -dev-doc + * debian/control.in: + - the colibre change was reverted; make -common depend on -style-tango + +1:6.1.0~beta1-1 [Fri, 25 May 2018 11:29:12 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + - allows rk on .gnupg/random_seed to fix hang on gpg encryption + (closes: #899380) + + * debian/tests/patches/odk-build-examples-standalone.diff: make apply again + * debian/patches/do-not-hide-test-output.diff: as name says. to prevent + slow(er) archs/buildds timing about because e.g. the new uitests might take + too long without an output + * debian/patches/no-ant-check-if-unneeded.diff: as name says, only check + for ant if we really need it for building something + + * debian/rules: + - build-depend on fontforge-nox and rebuild opens___.tff from OpenSymbol.sfd + - fix numbertext-data-recommends substvar + - optimize the build-indep build a bit more + + remove build-indep dependency on build-arch to not run the full + testsuite on -A (build-indep) builds. + Only run the odk "check" (SDK files) and build-example tests + + build without --enable-symbols on build-indep builds + - enable (gtk3_)kde5 (and qt5) only on 64bit archs for now + - make -help-xx depend with = on -help-common and -help-common depend on + x-www-browser, too, it already contains HTML + - rebuild smoketestdoc.sxw; install it into libreoffice-smoketest-data + - move ant to Build-Depends-Indep + * debian/tests/odk-build-examples: fix + * debian/control.in: move numbertext-data-recommends to Depends: as the + numbertext stuff is used for ooxml im/export.. (theoretical, since + libnumbertext depends on it already, but...) + * debian/copyright: add the various (c)'s of OpenSymbol.sfd + * debian/libreoffice-help-common.links: symlink normalize.css to + /usr/share/javascript/normalize.css/normalize.css and depend on + libjs-normalize.css (closes: #898788), but mention ./help3xsl/normalize.css + in copyright + * debian/tests/*: + - remove build-needed in smoketest and build some needed parts ourselves. + Add missing LD_LIBRARY_PATH and use + /usr/share/libreoffice/smoketestdoc.sxw. Enable + - honour $ADTTMP + - rename junit-subsequentcheck to junit + - add "uno" test running the bridgetest using /usr/lib/libreoffice/uno. + only depends on "ure" + - run "perl odk/util/check.pl /usr/lib/libreoffice/sdk" + * debian/rules, debian/control.systray.in: the systray "Quickstarter" is + finally gone upstream. + +1:6.1.0~beta1~git20180507-1 [Mon, 07 May 2018 20:42:58 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream snapshot + + * debian/patches/disable-tests-somehow-needing-more-fonts.diff, + debian/patches/tdf108963-test.diff: remove. Obsolete after Liberation + fix + + * debian/libreoffice-help-common.doc-base: ... rename + * debian/libreoffice-help.doc-base.in: ... here and only use as template. + Update Index: for localized "index" (text/shared/main0108.html) and fix + Section: + * debian/rules: + - move also the -help-common parts to /usr/share + - create/populate libreoffice-help-xx .doc-base files + - use internal libetonyek on stretch-backports + - use -type f for pupulating Files: in .doc-base to leave out dirs... + - stop special-casing i386 to explicitly use openjdk (9), use default-java + again and add appropriate versioned build-depends + - install the language-specific media/helpimg/xx into their correct packages + - fix build with -B/all (unpackaged help) languages + - add Build-Conflicts: against "broken" fonts-liberation + - remove explicit SAL_USE_VCLPLUGIN="svp" from make check call since it's + apparently unneeded (and even actually harmful) now + * debian/rules, debian/control.in: add stuff for new libnumbertext usage + * debian/lo-java-ref.in: move to Programming/Java + * debian/tests/odk-build-examples: build also new split-out + CustomTarget_odk/build-examples_java + +1:6.1.0~alpha1-1 [Fri, 27 Apr 2018 04:57:42 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream alpha release + - fixes cross-file links with xlsx files (closes: #658569) + - apparently preserves conditional formatting with copy paste operations + (again) (closes: #868349) + - fixes crash on typing any character with IME in Wayland + (closes: #898632) + + * debian/patches/no-packagekit-per-default.diff: use the new config options + to disable the packagekit install stuff + * debian/patches/odk-no-dot.diff: remove, see below + + * debian/rules: + - install TestExtension.oxt into a new libreoffice-smoketest-data package + which can be used by autopkgtests + - enable gtk3_kde vclplug (closes: #752230) and "kde5" (kde5be) + - re-enable pdfium on arm64 again; is now not using its internal allocator + anymore + - use new $(call java_dependency, default-jdk) for default-jdk builddep + - add Build-Depends-Indep: on graphviz, since Debians doxygen sets + HAVE_DOT to YES (see #818787) and upstreams configure.ac now checks for + this and fails if "dot" isn't present. + * debian/tests/*: add autopkgtest to test install TestExtension.oxt + (user and shared) + * debian/tests/*: add initial version of a autopkgtest to run the smoketest, + build smoketestdoc.sxw here for now (and a full build...). Disabled for now. + * debian/control.transitionals.in: add -kde -> kde5 transitional package + * debian/libreoffice-sdbc-firebird.bug-script.in: remove, firebird not + experimental anymore + * debian/control.in: + - update for new icon defaults, make -common depend on -style-colibre and + -gnome recommend -style-elementary + * debian/control*in, debian/rules, debian/libreoffice-help-common.doc-base: + build with --with-help=html and split common files into a new + libreoffice-help-common + + * merge from Ubuntu: + - debian/patches/hide-maths-desktop-file.patch: hide + math icon from the shell (see #883734) + +1:6.0.4~rc1-4 [Tue, 24 Apr 2018 11:46:54 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/patches/disable-java-in-odk-build-examples-on-zero-vm.diff: + as name says, the test builds many Java projects without a output and on + Zero this is slow -> "hangs" gets killed because of inactivity + * explicitely disable junit tests when determining that java uses the Zero VM + +1:6.0.4~rc1-3 [Sat, 21 Apr 2018 19:11:50 +0200] Rene Engelhard <rene@debian.org>: + + * debian/rules: + - sigh. readd lost if to disable make check on big-endian archs. + +1:6.0.4~rc1-2 [Sat, 21 Apr 2018 17:20:41 +0200] Rene Engelhard <rene@debian.org>: + + * debian/rules: + - clean up/simplify test on/off/fatal handling and use findstring + as everywhere else + - disable running make check on armel and mipsel. hangs. + +1:6.0.4~rc1-1 [Wed, 18 Apr 2018 14:27:06 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/appstream-ignore-startcenter.diff: add + X-AppStream-Ignore=True to startcenter.desktop, thanks Olivier + (closes: #892364) + +1:6.0.3-1 [Mon, 02 Apr 2018 14:48:09 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/patches/gpg-overly-long-filenames-fix.diff: backport + https://gerrit.libreoffice.org/#/c/50978/ fix to fix gpg encryption + test ("File name too long") + * debian/patches/disable-flaky-tests.diff: remove disabling of + testODFEncryptedGPG. + * debian/patches/check-for-gpgconf-and-run-user.diff: as name says, + don't fail when gpgconf --create-socketdir doesn't work because + /run/user/<uid> doesn't exist... Check for it. + + * debian/rules: + - add explicit gpg-agent and gpgconf build-dependencies + - add explicit python3-distutils build-dependency as + python3.6 3.6.5~rc1-2 dropped its python3-distutils dependency... + +1:6.0.2-1 [Wed, 28 Feb 2018 18:37:57 +0100] Rene Engelhard <rene@debian.org>: + + [ Rene Engelhard ] + * New upstream release + + * debian/patches/orcus-0.13.3.diff: backport patches to fix build/tests + against orcus 0.13.3 + * debian/patches/disable-some-sc-tests-with-internal-cppunit.diff: update + + * debian/watch: update for the multiple tarballs + * debian/copyright: remove Files-Excluded: for files already removed by + upstreams pack script anyway to allow mk-origtargz doing --symlink + * debian/scripts/mk-origtargz: own mk-origtargz.. + + * debian/rules: + - --disable-pdfium on arm64 + - actually build without -g if ENABLE_SYMBOLS=n + - add get-orig-source target for "real" upstream tarballs + - fix libvisio dependency + - bump runtime (and test) depends for liborcus to >= 0.13.3 + * debian/control.in: + - recommend xdg-utils in -common (for xdg-{open,email}) + + [ Olivier Tilloy ] + * debian/rules: define ${java-common-depends} when building + libreoffice-wiki-publisher and libreoffice-nlpsolver (closes: #891765) + +1:6.0.1-1 [Thu, 08 Feb 2018 19:29:39 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release + - fixes CVE-2018-1055: libreoffice: Remote arbitrary file disclosure + vulnerability via WEBSERVICE formula + + * debian/control.in: bump ure Depends for -core to (>= 6.0.0~) + (closes: #889074) + * debian/rules: + - use internal mdds for stretch-backports + * debian/tests/control: make uicheck depend on libreoffice-l10n-{he,ja} + for the text direction UI Test + + * merge from Ubuntu: + - Bump shlibs overrides for libvisio and orcus + +1:6.0.0-1 [Mon, 29 Jan 2018 18:52:54 +0100] Rene Engelhard <rene@debian.org>: + + * LibreOffice 6.0.0 final release (identical to rc3) + + * upload to unstable + + * debian/patches/glm-0.9.9.diff: fix build with glm 0.9.9 (closes: #888737) + + * merge from Ubuntu: + - debian/patches/apparmor-fixes.diff: allow JVM execution + + * debian/rules: + - re-enable system-glm; bump libglm-dev build-depdendency to + libglm-dev (>= 0.9.9~a2) when using gcc >= 7.3 + - re-enable -systray. Actually in stock 6.0 upstream debs the feature *is + still in the options... + +1:6.0.0~rc3-2 [Sat, 27 Jan 2018 14:37:23 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/disable-flaky-tests.diff: disable testODFEncryptedGPG test; + the signing parts work, so... + +1:6.0.0~rc3-1 [Sat, 27 Jan 2018 11:36:59 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/apparmor-fixes.diff: add patch from master with syntax + fixes. Also include X abstractions and allow .mozilla/firefox/** reading + * debian/patches/apparmor-updates.diff: more gpg stuff: gpg(sm), .gnupg/* + (both together closes: #887593) + * debian/rules, debian/source/include-binaries: temporarily use internal glm; + configure check fails since the gcc 7.3 upload + +1:6.0.0~rc2-1 [Thu, 11 Jan 2018 23:05:44 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/poppler-0.62.diff: backport from master to fix build with + poppler 0.62 + + * debian/rules: + - rename 30_opensymbol.conf to 30-opensymbol.conf for consistency + +1:6.0.0~rc1-1 [Wed, 20 Dec 2017 17:41:30 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + - fixes keyboard navigation for textboxes in slide layout (closes: #870387) + - fixes Glue points in Draw (closes: #883989) + + * debian/patches/apparmor-usrmerge.diff: allow also /usr/bin/dash (etc.) + - usrmerge... + + * debian/libreoffice-common.bug-script.in: revert running aa-status; + Might not exist and actually displaying the status needs root. People + shouldn't run reportbug as root, though... + * debian/rules: + - stop passing --disable-report-builder to build-archs configure since + even though it's built the report builder doesn't work then. Move + from Build-Depends-Indep: to Build-Depends: again (closes: #875688); + - update ar FONT_SUGGESTS: fonts-arabeyes -> + fonts-kacst, fonts-hosny-amiri, fonts-sil-scheherazade, fonts-hosny-thabit + * debian/rules, debian/control*.in: + s/REPORTDESIGN/REPORTBUILDER/ and + control.reportdesign.in -> control.reportbuilder.in while we're at it + * debian/copyright: + - mention sysui/desktop/apparmor/* copyright/license + - mention icon_themes/elementary*/* copyright/license + * debian/control.in: + - remove fonts-noto-unhinted from Recommends: again per + upstream suggestion + - recommend both fonts-liberation (LO ships 2 + Narrow from 1) + * debian/rules, debian/control.in: recommend and build-depend against + fonts-liberation2 instead of fonts-liberation since that is actually + what LO upstream ships (see above) + +1:6.0.0~beta2-1 [Fri, 08 Dec 2017 00:44:28 +0100] Rene Engelhard <rene@debian.org>: + + [ Rene Engelhard ] + * New upstream beta release + + * debian/patches/apparmor-complain.diff: set complain mode for oosplash + and soffice.bin profiles + * debian/patches/sal-fix-kfreebsd-build.diff: add from gerrit + + * debian/control.in: remove openjdk conflicts ... + * debian/rules: ... and make them Depends in JAVA_RUNTIME_DEPENDS for the + Java-using packages. Also allow openjdk-9 everywhere + This doesn't prevent usage of the "broken" JDK but otherwise we "break" + jodconverter/natbraille in testing... And linux 4.14.2-1 is also supposed to + fix the regression finally... + This also closes: #882436 + + * debian/rules: + - stop installing disabled symlinks for apparmor (closes: #883800) + - actually install the OpenSymbol fontconfig snippet into a + /etc/fonts.d/30_opensymbol.conf + - change BRAND_BASE_DIR in fundamentalrc so that we don't get + /usr/lib/libreoffice/program/../program/xpdfimport calls. We know + the path and the apparmor profile doesn't allow this + * debian/libreoffice-common.bug-script.in: run aa-status + * debian/control.in: add gnupg to Suggests + + [ intrigeri ] + * debian/README.Debian: document how to debug and customize the included + AppArmor profiles + +1:6.0.0~beta1-2 [Mon, 04 Dec 2017 19:01:27 +0100] Rene Engelhard <rene@debian.org>: + + * debian/libreoffice-common.{triggers,postinst}.in, + debian/shell-lib-lool.sh: add trigger updating LOOLs systemplate + * debian/libreoffice-common.triggers.in: switch to interest-noawait triggers + + * merge from Ubuntu: + - debian/patches/fix-includes-in-aarch64-bridge.patch: add from master + +1:6.0.0~beta1-1 [Sat, 25 Nov 2017 17:17:54 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + + * debian/patches/ww8export-HAVE_MORE_FONTS.diff: move ... + * debian/patches/disable-tests-somehow-needing-more-fonts.diff: ... here + and patch also ooxmlexport4 + + * debian/rules: + - use (dh_)dwz and (if enabled) install the multifile file into + uno-libs3-dbgsym. + Thanks Matthias Klose for the hint. + Make *-dbgsym depend on uno-libs3-dbgsym which should contain the above + file and is recommended anyway because of the gdb helpers. + - be consequent and enable the junit tests on arm64 now that + those work. + - stop passing --disable-database-connectivity for no-Base archs + (closes: #874274) + - explicitly use and depend on openjdk 9 on i386 now that #876069 is fixed. + - replace some manual dpkg-parsechangelog calls with + $(DEB_VERSION) and $(DEB_DISTRIBUTION) and fix logic for + --disable-dependency-tracking + - enable missed sr-Latn but merge into -sr + - install the apparmor profiles disabled for now (closes: #882597) + * debian/libreoffice-sdbc-firebird.maintscript: remove (redundant) + $DPKG_MAINTSCRIPT_PACKAGE and update version (closes: #880426) + * debian/rules, debian/libreoffice-common.maintscript: fix path in/for + apparmor profiles (add missing /). mv_conffile the files to the new + name... + * debian/control.in: make -core conflict against openjdk-{6,7,8}-jre-headless + on i386- -java-common would make more sense, but it's Arch: all.. + * debian/control.in: + - add fonts-noto-hinted, fonts-noto-mono, fonts-noto-unhinted to + Recommends + - clean up mozilla suggests to just firefox-esr | thunderbird | firefox + - add versions to openjdk-{7,8}-jre-headless conflicts now that they are + also supposed to be fixed + * debian/control.{kde.}.in: suggest the "certificate managers" for gpg: + gpa, seahorse, kleopatra | kgpg + +1:6.0.0~alpha1-1 [Fri, 20 Oct 2017 13:42:40 +0000] Rene Engelhard <rene@debian.org>: + + [ Rene Engelhard ] + * New upstream alpha release + + * debian/patches/tdf108963-test.diff: adapt test to what we get; the + text _is_ rotated on export, so... + + * merge from Ubuntu, thanks Rico Tzschichholz: + - Add "elementary" style package + + * debian/rules: + - finally stop building -systray. GNOME 3.26 doesn't show it anymore, + and in 6.0 the feature is not completely removed yet but the UI for + setting it is already gone anyway.... + + [ Rico Tzschichholz ] + * Add Kannada (kn) langpack + +1:5.4.3~rc1-1 [Fri, 20 Oct 2017 13:40:01 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/no-check-if-root.diff: remove (senseful, IMHO!) check + given policy implies "build" should be able to run as root... :( + * debian/patches/avoid-throwing-cpp-exceptions-across-libgpeg-c-frames.diff: + add from master, fixing CppunitTest_vcl_filters_test on arm* + * debian/patches/debian-hardened-buildflags-CPPFLAGS.diff: split this up, + into the CPPFLAGS part here .. + * debian/patches/debian-hardened-buildflags-no-LO-fstack-protector-strong.diff: + and the removal of the explicit default -fstack-protector-strong here. + * debian/patches/arm64-bridges-no-stack-protector-strong.diff: add from master: + go sure that we build gcc3_linux_aarch64/cpp2uno.cxx only with + -fstack-protector. Works for us by chance because of above + debian-hardened-buildflags-no-LO-fstack-protector-strong.diff + * debian/patches/arm64-disable-sc-functions-test.diff: add patch from master + to disable the sc_*_functions_test on arm64 (as for x86). + + * debian/rules: + - *really* fix -dbgsym 0775 permissions by manually fixing them after + mkdir -p's (dh_fixperms doesn't run on -dbgsym) which apparently + create them as 775 (at least on the buildds) + - fix libreoffice-dev-doc.doc-base.lo-idl-ref (again) + - add missing dependency to build-arch to install-arch + - make armhf/arm64 test failures fatal now that above test is fixed which + was the only one failing; upstream apparently also builds armhf/arm64 + flatpaks now for flathub + * debian/copyright: + - fix various missing-license-paragraph-in-dep5-copyright + +1:5.4.2-3 [Tue, 10 Oct 2017 21:28:41 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/ww8export-HAVE_MORE_FONTS.diff, debian/rules: revert + change of -2. Actually doesn't work. (Did in a testbuild, but...) + +1:5.4.2-2 [Tue, 10 Oct 2017 14:33:23 +0000] Rene Engelhard <rene@debian.org>: + + * debian/patches/ww8export-HAVE_MORE_FONTS.diff: remove again ... + * debian/rules: ... and install LOs fc_local.conf to instdir before make + check + + * debian/control.{lang,help},in: remove | language-support-translations-* + Depends:/Recommends: to unconfuse piuparts + +1:5.4.2-1 [Sun, 08 Oct 2017 11:38:20 +0200] Rene Engelhard <rene@debian.org>: + + * LibreOffice 5.4.2 final release (identical to rc2) + + * upload to unstable + + * debian/patches/disable-flaky-tests.diff: disable chart2_dump test + (closes: #877794) + * debian/patches/ww8export-HAVE_MORE_FONTS.diff: temporarily(?) disable + testTableKeep test, fails with --without-fonts even though Liberation + is in Build-Depends:... + + * debian/libreoffice-sdbc-firebird.maintscript: restore, we need it + from upgrades involving jessie since jessies version gets kept on + jessie->stretch upgrades... (closes: #877494) + +1:5.4.2~rc2-1 [Fri, 29 Sep 2017 15:33:05 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/control.help.in: drop now obsolete Depends on + libreoffice-style-default (closes: #877175) + +1:5.4.2~rc1-1 [Fri, 22 Sep 2017 09:21:11 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/icu-no-icu-config.diff: don't use icu-config for + determining the ICU version; doesn't exist in (Debian's) ICU 59.1 anymore + + * debian/rules: + - move STRETCH_BACKPORT conditional for coinmp lower in rules so it + gets honoured and make libwps/libmwaw internal unconditionally + (RUN_MAKE_CHECK=n on BE archs)... + - move images_helpimg.zip to usr/share like the others; remove obsolete + helpimg mangling in the "other" images_*.zip + * debian/control.in: remove -style-default provides since it doesn't help at + all on default changes; depend on tango since that apparently is now the + (last) fallback (closes: #874196) + * debian/control.gtk?.in: remove -style-tango recommends, obsoleted by + above + +1:5.4.1-1 [Tue, 29 Aug 2017 16:39:44 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release + - fixes middle click paste (closes: #871588) + + * debian/patches/stop-shipping-mimelnk-desktop-files.diff: as name says + (closes: #872001) + * debian/patches/java9.diff: backport Java 9 patch from master + + * debian/rules: + - install appstream stuff into /usr/share/metainfo. sigh. + - make -writer-dbgsym recommend -core-dbgsym as it wants some gdb stuff + from it + - set UNO_LIBS_DBG_ROOT to fix gdb helper installation for uno-libs3 again + and make -core-dbgsym recommends uno-libs3-dbgsym (same reason as above) + - generate and install apparmor profiles + - be consequent and bump the build-dependencies for the DLP libs when + we run the tests; based on patch by Rico Tzschichholz + - run dh_strip_nondeterminism + - disable -kde and the (unmaintained for LO) oxygen theme. + Qt4 should go away. See + https://lists.debian.org/debian-devel-announce/2017/08/msg00006.html + - set locale to en-US.UTF-8 also for make check, the dbaccess tests + fail in some frenchy locale... + - remove libbz2-dev from Build-Depends, coinutils got fixed + - move pagein-{calc,draw,impress,writer} to their respective packages + - move dk.mk from -dev-common to -dev as it's not arch-indep, thanks + Rico Tzschichholz + * debian/scripts/gid2pkgdirs.sh: fix move of types/*.rdb and services/*.rdb + to core and move pagein-common there too. They reference libmergedlo.so + which doesn't exist on all archs (closes: #873443) + * debian/control*in: + - move to policy 4.0.1; extra -> optional + - Breaks/Replaces for above + +1:5.4.0-1 [Tue, 25 Jul 2017 22:30:57 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * upload to unstable + + * debian/patches/examples-fix-SDK_AUTO_DEPLOYMENT-check.diff: don't try + to do "auto deployment" when SDK_AUTO_DEPLOYMENT = NO... + * debian/patches/libebook-1.2.so.19.diff: backport from master; adds + libebook-1.2.so.19 (e-d-s 3.24+) to EApi.cxx + + * debian/rules: + - strip librhino-java from java:Depends, we use the internal one still.. + - add pstoedit, imagemagick and ghostscript as (test) Build-Depends: + * debian/control.in: + - add ghostscript to the "EPS Suggests" + * debian/rules. debian/control.in: + - add libsane-suggests substvar to prepare for libsane1 + + * merge from Ubuntu, thanks Rico Tzschichholz + - don't recommend libreoffice-sdbc-firebird if firebird is disabled + + [ Rico Tzschichholz ] + - fix get_libebook_dep.sh for libebook1.2-dev (>= 3.24) + +1:5.4.0~rc2-1 [Sat, 15 Jul 2017 10:16:28 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/mediawiki-oor-replace.diff: back to ="fuse" for Paths.xcu + as otherwise it overwrites Template paths and breaks the python wizards + (closes: #867209) + + * debian/tests/control, debian/uitest: improve, we can only run the test + now; remove build-needed + * debian/tests/control, debian/tests/sdk-examples: move ... + * debian/tests/control, debian/tests/odk-build-examples: ... here and use + upstreams odk/build-examples check directly. + (Needs zip, python3-uno and libreoffice-officbean as new test Depends:) + * debian/tests/odk-build-examples: actually set -e... + * debian/rules, debian/tests/control: remove extra hackery to add our + Build-Depends(-Indep): to debian/tests/control.in; misses some packages + (e.g. ant) and it should work at least since autopktest 3.16 from Jul 2015; + use @builddeps@ instead + * debian/tests/control, debian/tests/*uno-import.diff: split; make + pyuno-import test import pyuno while uno-import does import uno + (the uichecks do the former). Add python3 dependency for safety. + * debian/test/control: sort by importance + * debian/tests/: unapply patch after the make (or on error) so that the + next test can patch it... + * debian/tests/*: more cleanups for newer autopkgtests; use allow-stderr + instead of manual 2>&1 + + * debian/rules: + - be consequent and set RUN_PYTESTS=n (and RUN_MAKE_UICHECK=n) where we set + RUN_MAKE_CHECK=n + - be consequent and add $(IGNORE_MAKE_CHECK_FAILURES) also to the "extra" + test runs + - disable the tests on bigendian archs: hang (failures non-fatal anyway.) + - make i386 make check notfatal for now given the i386 Java Stack Clash + regression + * debian/control.in: + - make -common Conflicts: older mediawikis to go sure + + * merge from Ubuntu, thanks Rico Tzschichholz + - Bump soname in shlibs.override.orcus + +1:5.4.0~rc1-1 [Mon, 26 Jun 2017 19:25:59 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/tests/control.in, debian/tests/uicheck, + debian/tests/patches/uicheck-standalone.diff: add initial version + of autopgktest running uitest + + * debian/rules, debian/patches/system-xmlsec.diff: backport patch from + master and add conditional for system-xmlsec. use it. + + * debian/rules, debian/control.lokit.in: + - move /usr/share/gir-1.0/LOKDocView-0.1.gir to libreofficekit-dev and + make libreofficekit-dev depend on gir1.2-lokdocview-0.1 as per gir + policy + * debian/rules: + - clean up JRE Depends; we consider java6_architectures as Java arch, so + let's remove the Java5 alternatives + * debian/copyright, debian/source/include-binaries: remove xmlsec + * debian/rules: + - fix dh_missing call + * debian/tests/sdk-examples: DevelopersGuide/OfficeDev/DesktopEnvironment + needs -ljawt. Build this to check this and the JAVA_PROC_TYPE setting also. + +1:5.4.0~beta2-4 [Mon, 12 Jun 2017 23:44:55 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/gb_SUPPRESS_TESTS.diff: add more tests to suppress + (from master) + * debian/patches/odk-settings-JAVA_PROC_TYPE.diff: set correct + JAVA_PROC_TYPE for arm{el,hf}, mips* and ppc64el + * debian/patches/gerrit_38597.diff: add from gerrit for master, fixes + i386 tests + + * debian/rules, debian/scripts/locale-gen: upstream insists on using + en_US.UTF-8 for the tests. "Steal" the locale-gen stuff from gcc + * debian/control.in: make -core depend on ure (>= 5.4.0~beta2~) + (closes: #864690) + * debian/control.in: + - make -gstreamer recommend gstreamer1.0-plugins-bad as we apparently + want/need gtksink + + * merge from Ubuntu: + - debian/tests/patches/java-subsequentcheck-standalone.diff: refreshed + +1:5.4.0~beta2-3 [Fri, 09 Jun 2017 05:18:08 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/series, also-suppress-odk-build-examples.diff: sigh. + don't do that yet, not yet ready.... + +1:5.4.0~beta2-2 [Thu, 08 Jun 2017 15:55:59 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/disable-db-tests.diff: update + + * debian/rules: + - try harder and also export LC_ALL=C.UTF-8 for uitest as the + buildd/sbuild sets LC_ALL=POSIX already + - fix icon installation in install-indep + +1:5.4.0~beta2-1 [Wed, 07 Jun 2017 19:42:57 +0000] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + - is now able to do "insert->image, choose pdf". Not insert->docunent + but close enough, so this closes: #814598 + (unfortunately only using internal pdfium. sigh.) + + * debian/scripts/gid2pkgdirs.sh, debian/control{,.transitionals}.in: + remove extra libreoffice-pdfimport, merge (even though the poppler + dependency...) back to -common/-core since it has the above new feature and + otherwise it may get confusing what is what. + + * debian/rules, debian/patches/cppunit-optional.diff: as name says; + make cppunit build-dep optional and add <!nocheck> to the build-dep + * debian/patches/disable-unneeded-test-programs.diff : micro-optimisation; + as name says. + * debian/gb_SUPPRESS_TESTS.diff: backport from master, allow checks build + but not run them + + * tarballs/pdfium-3064.tar.bz2, debian/copyright, + debian/source/include-binaries, debian/libreoffice-core.lintian-overrides: + include pdfium; override embedded-library for lcms2 + + * debian/rules: + - adapt for (upcoming) usage of dh_missing + - run build-nocheck with --without-junit --without-cppunit to configure + and run check with them; build the checks with gb_SUPPRESS_TESTS first + before running them + - replace symlinks /usr/share/applications/*.desktop. move + /usr/lib/libreoffice/share/xdg/*.desktop (except qstart.desktop) to + them instead. Fixes e.g. appstream-generator for our appstream data + (which cannot handle the symlinks...) + - enable running make uicheck + +1:5.3.3-2 [Sat, 27 May 2017 10:52:43 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/sensible-lomua.diff: sync upstreams + "add xdg-email as the default email route" into here + + * debian/rules: + - fix logic error; make -g1 etc work also with noddebs. Build with those + flags also if building no -dbgsym + - move DPKG_EXPORT_BUILDFLAGS and buildflags.mk include later to make it + effective (worked before, but...) + - fix /usr/share/libreoffice/program/classes/unoil.jar symlink + * debian/control.in: + - remove obsolete Pre-Depends + * debian/rules, debian/control.in: remove now unneeded dejavu-depends + substvar, simply use fonts-dejavu. Move from Depends: to Recommends: like + the other fonts + * debian/copyright: fix (add missing .'s) + +1:5.3.3-1 [Thu, 04 May 2017 20:33:52 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/control.in: + - recommend new fonts-open-sans + +1:5.3.2-1 [Wed, 29 Mar 2017 12:48:44 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/patches/help-msg-add-package-info.diff, + debian/patches/mention-java-common-package.diff, + debian/patches/mediawiki-oor-replace.diff: + debian/patches/series: actually update the patches and re-enable... + + * debian/rules: + - move /usr/include/libreoffice/sal/typesizes.h symlink to -dev + instead of -dev-common (closes: #858199) + * debian/control.in: + - add missing -java-common Depends: to -script-provider-{bsh,js} + * debian/control.mediawiki.in: + - add missing JRE depends + (thanks to Daniel Richard G. for those two, see #858655) + * debian/control.in: + - make libreoffice meta-package only recommend libreoffice-java-common + (closes: #858655) + +1:5.3.1-1 [Wed, 08 Mar 2017 02:02:25 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/rules, debian/libreoffice-dev-doc.links, debian/lo*.in: + install SDK documentation into /usr/share/doc/libreoffice/sdk (and adapt + dev-docs symlinks/doc-base stuff). Remove extra license file (thanks + lintian) which otherwise would still install over the symlink. + * debian/control.sdk.in: update -devs libreoffice-dev-doc Conflicts to + (<< 1:5.2.5-2~) and add Conflicts: libreoffice (<< 1:5.2.5-2~) to both + -dev*- for safety + * debian/rules: + - enable mergelibs only on 64bit archs (and i386), ld goes to OOM on + mips(el) for example... + - allow build with gold (maybe for LTO?) + - ignore "libreoffice" for --link-doc + - fix dh_installdocs calls to install copyright for "libreoffice" + - symlink /usr/share/libreoffice/program/classes/unoil.jar to + /usr/share/java/unoil.jar to "dedup" it + - run rdfind to get duplicated /usr/share/icons/gnome symlinked to + hicolor if identical (closes: #835515); add rdlink/symlinks B-D-I + - fix generating lo-idl-ref doc-base file + * debian/control.in, debian/rules, debian/scripts/cleandupes: remove unused + fdupes B-D-I and commented-out usage + * debian/rules, debian/control.in: recommend -sdbc-firebird only where it's + built (LE) to prepare for it being a dependency when firebird will be the + default embedded engine + +1:5.3.0-1 [Wed, 01 Feb 2017 01:25:24 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release + + * debian/rules: + - add support for building with clang + - move from hardcoded C(XX)FLAGS for -g -> -g1 to recommended + DEB_C(XX)FLAGS_MAINT_* + * debian/missing-sources: + - add source of jquery 3.1.1 (from libjs-jquery package) for + helpcontent2/source/jquery-3.1.1.min.js + +1:5.3.0~rc2-1 [Tue, 17 Jan 2017 01:31:09 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/change-from-glew-to-epoxy.diff: update + * debian/patches/m68k-use-mlong-jump-table-offsets.diff: add; + as name says + + * debian/rules: + - build-depend on gcc-7/g++-7 (>= 7-20170106) for m68k for + -mlong-jump-table-offsets + +1:5.3.0~rc1-2 [Sat, 24 Dec 2016 01:01:40 +0100] Rene Engelhard <rene@debian.org>: + + * debian/rules: + - readd somehow lost libgl1-mesa-dev build-dependency... + +1:5.3.0~rc1-1 [Fri, 23 Dec 2016 21:17:03 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream release candidate + + * debian/patches/change-from-glew-to-epoxy.diff: backport from master; + as name says + * debian/patches/gtk3-opengl-slideshow.diff: backport from master to fix + ogltrans generically with gtk3 + * debian/patches/disable-flaky-tests.diff: also disable svx.AccessibleShape + + * debian/control.ogltrans.in: + - add Conflicts: libreoffice-gtk3 (<< 1:5.2.4~rc2) + + * debian/rules: + - change glew conditionals/build-deps to epoxy + - ENABLE_GDRIVE=y again on armhf and arm64 + +1:5.3.0~beta2-1 [Sun, 11 Dec 2016 10:40:18 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + + * debian/patches/m68k-alignment.diff: add patch from John Paul Adrian + Glaubitz to fix m68k alignment + + * debian/libreoffice-sdbc-firebird.NEWS: add NEWS entry about the format + incompatibility + * debian/rules: revert ENABLE_GDRIVE=y on arm* as chromium got uploaded + without it to sid and it's gone from experimental again on those + +1:5.3.0~beta1-1 [Wed, 23 Nov 2016 12:43:18 +0100] Rene Engelhard <rene@debian.org>: + + * New upstream beta release + + * try using just the used tarballs to avoid confusion and to shrink the + .orig (they are downloaded anyway and not in the .orig) + - remove unneeded tarballs from tarballs + - include needed tarballs in include-binaries + - update debian/copyright (remove many, add forgotten swingEx + fix src -> tarballs; actually add MPL-2.0/ASF blurb) + - update README.Debian-source + + * debian/patches/fix-system-lpsolve-build.diff: rename to .. + * build-against-shared-lpsolve.diff: ... this to make the purpose more clear + * debian/patches/fix-system-lpsolve-build.diff: add new one adding + -llpsolve55_pic test/linkage (disabled) + * debian/patches/no-openssl.diff: don't uselessly check for openssl and + don't require openssl in postgresql-sdbc-impl, not (directly) used + + * debian/scripts/get_libvlc_dep.sh: fix to work again (also) with + new multiarchified libvlc5 + + * debian/rules: + - don't install ChangeLog (now done automatically by dh compat >= 7) as + it doubles -common/-core size and increases font-opensymbol *by 10* + - ENABLE_GDRIVE=y also on armhf and arm64 as we've chromium there now, too + - enable mysql-connector again now that libmysqlcppconn _and_ + mysql-workbench are built against mariadb. + Bump Build-Dependency on libmysqlcppconn to >= 1.1.7-4 to go sure + we're getting a >= 1.1.7 dependency + Fix adding the libmysqlcppconn-dev Build-Dep in the default case + * debian/control.in: + - add Breaks: browser-plugin-libreoffice to libreoffice-core + (closes: #843980) + * debian/control.firebird.in: fix substvar: s/server/engine/ + * debian/libreoffice-common.maintscript: remove apparently unneeded quotes + which now breaks at dpkg-maintscript-helper call... (closes: #844683) + +1:5.3.0~alpha1-1 [Thu, 20 Oct 2016 15:46:34 +0200] Rene Engelhard <rene@debian.org>: + + * New upstream alpha release + - fixes typo in VCL.xcu; s/Tino/Tinos/ (closes: #834580) + - fixes (experimental) Gtk print dialog crash (closes: #839701) + - fixes copy paste cells between two tables of two documents with Gtk3 + (closes: #834622) + - fixes tooltips when dragging/filling cells with Gtk3 (closes: #831977) + + * debian/control.{lang,help}.in: use ${help-l10n-virtual-version} as + versioned Provides + * debian/rules, debian/control.transitionals.in: remove jessie->stretch + transitionals again + * debian/rules, control.gcj.in: cleanup: + - remove support for gcj (and thus building -gcj "native") completely; + removed upstream; and also openjdk-9 apparently will drop support for + source/target 1.5 (which gcj only supports) and gcc-7 apparently even + will drop gcj, too + (also the officeotron/odfvalidator stuff fails because due to the java-gcj + in the path for safety reasons it picks up gcj..) + - use java6_architectures for computing OOO_JAVA_ARCHS + * debian/copyright: add schema/*/* to Files-Excluded: :/ + * debian/uno-libs3.symbols: update + * debian/rules: + - bump dh compat to 10 + - re-enable firebird (closes: #841253) + +1:5.2.7-1+deb9u11 [Fri, 06 Sep 2019 11:53:15 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/expand-pyuno-path-separators.diff. + debian/patches/construct-final-url-from-parsed-output.diff, + debian/patches/an-absolute-uri-is-invalid-input.diff, + debian/patches/Improve-check-for-absolute-URI.diff, + debian/patches/Improve-check.diff: add from + libreoffice-6-3(-0,-1) branch - more fixes... + (CVE-2019-9854/CVE-2019-9855) + <http://piuparts.knut.univention.de/4.4-9/#8823948148225707108>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Freexian ships dbgsym packages and new packages [4.4-9] 3353eda841 Bug #57340: libreoffice 1:6.1.5-3~deb9u3 doc/errata/staging/libreoffice.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) [4.4-9] 68a19b7f23 Bug #57340: libreoffice 1:6.1.5-3~deb9u3 doc/errata/staging/libreoffice.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1578>