Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
patchinfo.27131
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.27131
<patchinfo incident="27131"> <issue tracker="jsc" id="PED-1785"/> <issue tracker="jsc" id="PED-3561"/> <issue tracker="jsc" id="PED-3550"/> <issue tracker="cve" id="2023-0950"/> <issue tracker="cve" id="2023-2255"/> <issue tracker="bnc" id="1209242">VUL-0: CVE-2023-0950: libreoffice: stack underflow in ScInterpreter</issue> <issue tracker="bnc" id="1211746">VUL-0: CVE-2023-2255: libreoffice: Remote documents loaded without prompt via IFrame</issue> <issue tracker="bnc" id="1204040">PPTX: shadow effect for table offset too far to the right</issue> <issue tracker="bnc" id="1198666">Need to be able to set the default tab size for each text object</issue> <issue tracker="bnc" id="1200085">FILEOPEN PPTX: extra paragraph after some 2-line text with link</issue> <issue tracker="bnc" id="1210687">binutils-gold is unmaintained and will be dropped</issue> <packager>dspinella</packager> <rating>important</rating> <category>feature</category> <summary>Feature update for LibreOffice</summary> <description>This update for LibreOffice fixes the following issues: libreoffice: - Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Security issues fixed: + CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) + CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: + Fix PPTX shadow effect for table offset (bsc#1204040) + Fix ability to set the default tab size for each text object (bsc#1198666) + Fix PPTX extra vertical space between different text formats (bsc#1200085) + Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: - New package at version 1.1.3 (jsc#PED-1785) * New dependency for LibreOffice 7.4 fixmath: - New package at version 2022.07.20 (jsc#PED-1785) * New dependency for LibreOffice 7.4 libmwaw: - Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * Add debug code to read some private rsrc data * Allow to read some MacWrite which does not have printer informations * Add a parser for Scoop files * Add a parser for ScriptWriter files * Add a parser for ReadySetGo 1-4 files xmlsec1: - Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder - Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor