Mailinglist Archive: opensuse-updates (170 mails)

< Previous Next >
openSUSE-SU-2016:0588-1: moderate: Security update for LibreOffice and related libraries
openSUSE Security Update: Security update for LibreOffice and related
libraries
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:0588-1
Rating: moderate
References: #679938 #829430 #889755 #897903 #900186 #900214
#900218 #907636 #910805 #910806 #915996 #916181
#926375 #929793 #934423 #936188 #936190 #939996
#940838 #943075 #945047 #945692 #951579 #954345

Cross-References: CVE-2014-3693 CVE-2014-8146 CVE-2014-8147
CVE-2014-9093 CVE-2015-4551 CVE-2015-45513
CVE-2015-5212 CVE-2015-5213 CVE-2015-5214

Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 15 fixes is
now available.

Description:

This update for LibreOffice and some library dependencies (cmis-client,
libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker,
mdds, libwps) fixes the following issues:

Changes in libreoffice:
- Provide l10n-pt from pt-PT
- boo#945047 - LO-L3: LO is duplicating master pages, extended fix
- boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files
* deleted RPATH prevented loading of bundled 3rd party RDF handler libs

- Version update to 5.0.4.2:
* Final of the 5.0.4 series

- boo#945047 - LO-L3: LO is duplicating master pages

- Version update to 5.0.4.1:
* rc1 of 5.0.4 with various regression fixes

- boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer

- Version update to 5.0.3.2:
* Final tag of 5.0.3 release

- Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported
- Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect
- boo#679938 - LO-L3: saving to doc file the chapter name in the header
does not change with chapters

- Version update to 5.0.3RC1 as it should fix i586 test failure
- Update text2number extension to 1.5.0

- obsolete libreoffice-mono
- pentaho-flow-reporting require is conditional on system_libs

- Update icon theme dependencies
* https://lists.debian.org/debian-openoffice/2015/09/msg00343.html

- Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075
boo#945692:
* Small tweaks compared to rc1
- For sake of completion this release also contains security fixes for
boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093, boo#934423
CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214,
boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423
CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146,
boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188
CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551,
boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190
CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551

- Use gcc48 to build on sle11sp4

- Make debuginfo's smaller on IBS.

- Fix chrpath call after the libs got -lo suffixing

- Add patch to fix qt4 features detection:
* kde4filepicker.patch

- Split out gtk3 UI to separate subpkg that requires gnome subpkg
* This is to allow people to test gtk3 while it not being default

- Version update to 5.0.2 rc1:
* Various small tweaks and integration of our SLE11 patchsets

- Update constraints to 30 GB on disk

- Version bump to 5.0.1 rc2:
* breeze icons extension
* Credits update
* Various small fixes

- Version bump to 5.0.1 rc1:
* Various small fixes
* Has some commits around screen rendering -> could fix kde bugs

- Kill branding-openSUSE, stick to TDF branding.

- Version bump to 5.0 rc5:
* Bunch of final touchups here and there
- Remove some upstreamed patches:
* old-cairo.patch

- Add explicit requires over libmysqlclient_r18, should cover boo#829430

- Add patch to build with old cairo (sle11).

- Version bump to 5.0 rc3:
* Various more fixes closing on the 5.0 release

- Update to 5.0 rc2:
* Few small fixes and updates in internal libraries

- Version bump to 5.0 rc1, remove obsolete patches:
* 0001-Fix-could-not-convert-.-const-char-to-const-rtl-OUSt.patch
* 0001-writerperfect-fix-gcc-4.7-build.patch

- More chrpat love for sle11

- Add python-importlib to build/requirements on py2 distros

- Provide/obsolete crystal icons so they are purged and not left over

- Fix breeze icons handling, drop crystal icons.

- Version bump to 5.0.0.beta3:
* Drop merged patch 0001-Make-cpp-poppler-version.h-header-optional.patch
* Update some internal tarballs so we keep building
- based on these bumps update the buildrequires too

- Generate python cache files wrt boo#929793

- Update %post scriptlets to work on sle11 again

- Split out the share -> lib linker to hopefully allow sle11 build

- One more fix for help handling boo#915996

- Version bump to 4.4.3 release:
* Various small fixes all around

- Disable verbose build to pass check on maximal size of log

- We need pre/post for libreoffice in langpkgs

- Use old java for detection and old commons-lang/codec to pass brp check
on java from sle11
* 0001-Make-HAVE_JAVA6-be-always-false.patch

- Revert last changeset, it is caused by something else this time:
* 0001-Set-source-and-target-params-for-java.patch

- Set source/target for javac when building to work on SLE11:
* 0001-Set-source-and-target-params-for-java.patch

- Try to deal with rpath on bundled libs

- Fix python3_sitelib not being around for py2

- Add internal make for too old system
- One more stab on poppler switch:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Update the old-poppler patch to work correctly:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Sort out more external tarballs for the no-system-libs approach

- Add basic external tarballs needed for without-system-libraries

- Add patch to check for poppler more nicely to work on older distros:
* 0001-Make-cpp-poppler-version.h-header-optional.patch

- Try to pass configure without system libs

- Allow switch between py2 and py3
- Move external dependencies in conditional thus allow build on SLE11

- Add conditional for noarch subpackages
- Add switch in configure to detect more of internal/external stuff

- Add conditional for appdatastore thing and redo it to impact the spec
less
- Add systemlibs switch to be used in attempt to build sle11 build

- Silence more scarry messages by boo#900186
* Fixes autocorr symlinking
* Cleans UNO cache in more pretty way

- Clean up the uno cache removal to not display scarry message boo#900186

- Remove patch to look for help in /usr/share, we symlink it back to lib,
so there is no actual need to search for it directly, migth fix
boo#915996:
* officecfg-help-in-usr-share.diff

- --disable-collada
* reportedly it does not work in LibreOffice 4.4
- added version numbers to some BuildRequires lines

- Require flow engine too on base

- Fix build on SLE12 and 13.1 by adding conditional for appdata install

- Fixup the installed appdata.xml files: they reference a .desktop file
that are not installed by libreoffice (boo#926375).

- Version bump to 4.4.2:
* 2nd bugfix update for the 4.4 series

- BuildRequires: libodfgen-devel >= 0.1

- added version numbers to some BuildRequires lines
- build does not require python3-lxml
- build requires librevenge-devel >= 0.0.1
- vlc media backend is broken, don't use it. Only gstreamer should be used.
- Install the .appdata.xml files shipped by upstream: allow LO to be shown
in AppStream based software centers.

- Move pretrans to pre

- Version bump to 4.4.1 first bugfix release of the series

- Reduce bit the compilation preparations as we prepped most of the things
by _constraints and it is no longer needed

- %pre is not enough the script needs to be rewritten in lua

- Move removal of obsolete dirs from %pretrans to %pre boo#916181

- Version bump to 4.4.0 final:
* First in the 4.4 series
* First release to have the new UI elements without old hardcoded sizes
* Various improvements all around.

- Version bump to 4.4.0rc2:
* Various bugfixes, just bumping to see if we still build fine.

- That verbose switch for configure was really really bad idea

- generic images.zip for galaxy icons seem gone so remove
- Do not supplement kde3 stuff, it is way beyond obsolete

- Remove vlc conditional
- korea.xcd is no more so remove
- Really use mergelib

- Disable telepathy, it really is experimental like hell

- Version bump to 4.4.0rc1:
* New 4.4 branch release with additional features
- Enable collada:
* New bundled collada2gltf tarball:
4b87018f7fff1d054939d19920b751a0-collada2gltf-master-cb1d97788a.tar.bz2
- Remove errorous self-obsolete in lang pkgs.
- Version bump to 4.3.3.2:
* Various bugfixes from maintenance branch to copy openSUSE.
* Also contains fix for boo#900214 and boo#900218 CVE-2014-3693
- fix regression in bullets (boo#897903).
- Add masterpage_style_parent.odp as new file for regression test for
bullets. Changes in cmis-client:
- Update to version 0.5.0
+ Completely removed the dependency on InMemory server for unit tests
+ Minimized the number of HTTP requests sent by
SessionFactory::createSession
+ Added Session::getBaseTypes()
- Bump soname to 0_5-5
- Bump incname to 0.5

Changes in libetonyek:
- Version bump to 0.1.3:
* Various small fixes
* More imported now imported
* Now use mdds to help with some hashing
- Version bump to 0.1.2:
* Initial support for pages and numbers
* Ditch libetonyek-0.1.1-constants.patch as we do not require us to
build for older boost

Changes in libmwaw:
- Version bump to 0.3.6:
- Added a minimal parser for ApplePict v1.v2, ie. no clipping, does not
take in account the copy mode: srcCopy, srcOr, ...
- Extended the --with-docs configure option to allow to build doc only
for the API classes: --with-docs=no|api|full .
- Added a parser for MacDraft v4-v5 documents.
- RagTime v5-v6 parser: try to retrieve the main layouts and the
picture/shape/textbox, ie. now, it generates result but it is still
very imcomplete...
- MWAW{Graphic,Presentation,Text}Listener: corrected a problem in
openGroup which may create to incorrect document.
- Created an MWAWEmbeddedObject class to store a picture with various
representations.
- MWAW*Listener: renamed insertPicture to insertShape, added a function
to insert a texbox in a MWAWGraphicShape (which only insert a basic
textbox).
- Fixed many crashes and hangs when importing broken files, found with
the help of american-fuzzy-lop.
- And several other minor fixes and improvements.
- Version bump to 0.3.5
* Various small fixes on 0.3 series, nothing big woth mention

Changes in libodfgen:
- Version bump to 0.1.4:
- drawing interface: do no forget to call startDocument/endDocument when
writing in the manifest
- metadata: added handler for 'template' metadata, unknown metadata are
written in a meta:user-defined elements,
- defineSheetNumberingStyle: can now define styles for the whole
document (and not only for the actual sheet)
- update doxygen configuration file + add a make astyle command
- Allow writing meta:creation-date metadata element for drawings and
presentations too.
- Improve handling of headings. Most importantly, write valid ODF.
- Write meta:generator metadata element.
- Add initial support for embedded fonts. It is currently limited to
Flat ODF output.

- Upgrade to version 0.1.2
* Use text:h element for headings. Any paragraph with text:outline-level
property is recognized as a heading.
* Handle layers.
* Improve handling of styles. Particularly, do not emit duplicate styles.
* Slightly improve documentation.
* Handle master pages.
* Do not expect that integer properties are always in inches.
* Fix misspelled style:paragraph-properties element in presentation
notes.
* Only export public symbols on Linux.
* Fix bogus XML-escaping of metadata values.
* And many other improvements and fixes.

Changes in libpagemaker:
- Initial package based on upstream libpagemaker 0.0.2

Changes in libreoffice-share-linker:

- Initial commit, split out from main libreoffice package to workaround
issues on SLE11 build

Changes in mdds:

- Update to version 0.12.1:
* Various small fixes on 0.12 series
* Just move define up and comment why we redefine docdir
* more types are possible in segment_tree data structures (previously
only pointers were possible)
* added sorted_string_map
* multi_type_vector bugfixes

Changes in libwps:

- Update to version 0.4.1:
+ QuattroPro: correct a mistake when reading negative cell's position.
+ Fix some Windows build problems.
+ Fix more than 10 hangs when reading damaged files, found with the help
of american-fuzzy-lop.
+ Performance: improve the sheet's output generation.
+ add support for unknown encoding files (ie. DOS file)
+ add potential support for converting Lotus, ... documents,
+ accept to convert all Lotus Wk1 files and Symphony Wk1 files,
+ add support for Lotus Wk3 and Wk4 documents,
+ add support for Quattro Pro Wq1 and Wq2 documents,
+ only in debug mode, add pre-support for Lotus Wk5..., must allow to
retrieve the main sheets content's with no formatting,
+ add potential support for asking the document's password ( but do
nothing )
+ correct some compiler warnings when compiling in debug mode.
+ Fix parsing of floating-point numbers in specific cases.
+ Fix several minor issues reported by Coverity and Clang.
+ Check arguments of public functions. Passing NULL no longer causes a
crash.
+ Use symbol visibility on Linux. The library only exports the public
functions now.
+ Import @TERM and @CTERM functions (fdo#86241).
+ Handle LICS character encoding in spreadsheets (fdo#87222).
+ Fix a crash when reading a broken file, found with the help of
american-fuzzy-lop.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-273=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

cmis-client-0.5.0-4.3.2
cmis-client-debuginfo-0.5.0-4.3.2
cmis-client-debugsource-0.5.0-4.3.2
libcmis-0_5-5-0.5.0-4.3.2
libcmis-0_5-5-debuginfo-0.5.0-4.3.2
libcmis-c-0_5-5-0.5.0-4.3.2
libcmis-c-0_5-5-debuginfo-0.5.0-4.3.2
libcmis-c-devel-0.5.0-4.3.2
libcmis-devel-0.5.0-4.3.2
libetonyek-0_1-1-0.1.3-2.3.2
libetonyek-0_1-1-debuginfo-0.1.3-2.3.2
libetonyek-debugsource-0.1.3-2.3.2
libetonyek-devel-0.1.3-2.3.2
libetonyek-tools-0.1.3-2.3.2
libetonyek-tools-debuginfo-0.1.3-2.3.2
libmwaw-0_3-3-0.3.6-2.7.2
libmwaw-0_3-3-debuginfo-0.3.6-2.7.2
libmwaw-debugsource-0.3.6-2.7.2
libmwaw-devel-0.3.6-2.7.2
libmwaw-tools-0.3.6-2.7.2
libmwaw-tools-debuginfo-0.3.6-2.7.2
libodfgen-0_1-1-0.1.4-2.3.2
libodfgen-0_1-1-debuginfo-0.1.4-2.3.2
libodfgen-debugsource-0.1.4-2.3.2
libodfgen-devel-0.1.4-2.3.2
libpagemaker-0_0-0-0.0.2-2.2
libpagemaker-0_0-0-debuginfo-0.0.2-2.2
libpagemaker-debugsource-0.0.2-2.2
libpagemaker-devel-0.0.2-2.2
libpagemaker-tools-0.0.2-2.2
libpagemaker-tools-debuginfo-0.0.2-2.2
libreoffice-5.0.4.2-28.1
libreoffice-base-5.0.4.2-28.1
libreoffice-base-debuginfo-5.0.4.2-28.1
libreoffice-base-drivers-mysql-5.0.4.2-28.1
libreoffice-base-drivers-mysql-debuginfo-5.0.4.2-28.1
libreoffice-base-drivers-postgresql-5.0.4.2-28.1
libreoffice-base-drivers-postgresql-debuginfo-5.0.4.2-28.1
libreoffice-calc-5.0.4.2-28.1
libreoffice-calc-debuginfo-5.0.4.2-28.1
libreoffice-calc-extensions-5.0.4.2-28.1
libreoffice-debuginfo-5.0.4.2-28.1
libreoffice-debugsource-5.0.4.2-28.1
libreoffice-draw-5.0.4.2-28.1
libreoffice-draw-debuginfo-5.0.4.2-28.1
libreoffice-filters-optional-5.0.4.2-28.1
libreoffice-gnome-5.0.4.2-28.1
libreoffice-gnome-debuginfo-5.0.4.2-28.1
libreoffice-gtk3-5.0.4.2-28.1
libreoffice-gtk3-debuginfo-5.0.4.2-28.1
libreoffice-impress-5.0.4.2-28.1
libreoffice-impress-debuginfo-5.0.4.2-28.1
libreoffice-kde4-5.0.4.2-28.1
libreoffice-kde4-debuginfo-5.0.4.2-28.1
libreoffice-mailmerge-5.0.4.2-28.1
libreoffice-math-5.0.4.2-28.1
libreoffice-math-debuginfo-5.0.4.2-28.1
libreoffice-officebean-5.0.4.2-28.1
libreoffice-officebean-debuginfo-5.0.4.2-28.1
libreoffice-pyuno-5.0.4.2-28.1
libreoffice-pyuno-debuginfo-5.0.4.2-28.1
libreoffice-sdk-5.0.4.2-28.1
libreoffice-sdk-debuginfo-5.0.4.2-28.1
libreoffice-sdk-doc-5.0.4.2-28.1
libreoffice-writer-5.0.4.2-28.1
libreoffice-writer-debuginfo-5.0.4.2-28.1
libreoffice-writer-extensions-5.0.4.2-28.1
libwps-0_4-4-0.4.1-2.4.2
libwps-0_4-4-debuginfo-0.4.1-2.4.2
libwps-debugsource-0.4.1-2.4.2
libwps-devel-0.4.1-2.4.2
libwps-tools-0.4.1-2.4.2
libwps-tools-debuginfo-0.4.1-2.4.2

- openSUSE 13.2 (noarch):

libetonyek-devel-doc-0.1.3-2.3.2
libmwaw-devel-doc-0.3.6-2.7.2
libodfgen-devel-doc-0.1.4-2.3.2
libpagemaker-devel-doc-0.0.2-2.2
libreoffice-branding-upstream-5.0.4.2-28.1
libreoffice-icon-theme-breeze-5.0.4.2-28.1
libreoffice-icon-theme-galaxy-5.0.4.2-28.1
libreoffice-icon-theme-hicontrast-5.0.4.2-28.1
libreoffice-icon-theme-oxygen-5.0.4.2-28.1
libreoffice-icon-theme-sifr-5.0.4.2-28.1
libreoffice-icon-theme-tango-5.0.4.2-28.1
libreoffice-l10n-af-5.0.4.2-28.1
libreoffice-l10n-ar-5.0.4.2-28.1
libreoffice-l10n-as-5.0.4.2-28.1
libreoffice-l10n-bg-5.0.4.2-28.1
libreoffice-l10n-bn-5.0.4.2-28.1
libreoffice-l10n-br-5.0.4.2-28.1
libreoffice-l10n-ca-5.0.4.2-28.1
libreoffice-l10n-cs-5.0.4.2-28.1
libreoffice-l10n-cy-5.0.4.2-28.1
libreoffice-l10n-da-5.0.4.2-28.1
libreoffice-l10n-de-5.0.4.2-28.1
libreoffice-l10n-dz-5.0.4.2-28.1
libreoffice-l10n-el-5.0.4.2-28.1
libreoffice-l10n-en-5.0.4.2-28.1
libreoffice-l10n-es-5.0.4.2-28.1
libreoffice-l10n-et-5.0.4.2-28.1
libreoffice-l10n-eu-5.0.4.2-28.1
libreoffice-l10n-fa-5.0.4.2-28.1
libreoffice-l10n-fi-5.0.4.2-28.1
libreoffice-l10n-fr-5.0.4.2-28.1
libreoffice-l10n-ga-5.0.4.2-28.1
libreoffice-l10n-gl-5.0.4.2-28.1
libreoffice-l10n-gu-5.0.4.2-28.1
libreoffice-l10n-he-5.0.4.2-28.1
libreoffice-l10n-hi-5.0.4.2-28.1
libreoffice-l10n-hr-5.0.4.2-28.1
libreoffice-l10n-hu-5.0.4.2-28.1
libreoffice-l10n-it-5.0.4.2-28.1
libreoffice-l10n-ja-5.0.4.2-28.1
libreoffice-l10n-kk-5.0.4.2-28.1
libreoffice-l10n-kn-5.0.4.2-28.1
libreoffice-l10n-ko-5.0.4.2-28.1
libreoffice-l10n-lt-5.0.4.2-28.1
libreoffice-l10n-lv-5.0.4.2-28.1
libreoffice-l10n-mai-5.0.4.2-28.1
libreoffice-l10n-ml-5.0.4.2-28.1
libreoffice-l10n-mr-5.0.4.2-28.1
libreoffice-l10n-nb-5.0.4.2-28.1
libreoffice-l10n-nl-5.0.4.2-28.1
libreoffice-l10n-nn-5.0.4.2-28.1
libreoffice-l10n-nr-5.0.4.2-28.1
libreoffice-l10n-nso-5.0.4.2-28.1
libreoffice-l10n-or-5.0.4.2-28.1
libreoffice-l10n-pa-5.0.4.2-28.1
libreoffice-l10n-pl-5.0.4.2-28.1
libreoffice-l10n-pt-BR-5.0.4.2-28.1
libreoffice-l10n-pt-PT-5.0.4.2-28.1
libreoffice-l10n-ro-5.0.4.2-28.1
libreoffice-l10n-ru-5.0.4.2-28.1
libreoffice-l10n-si-5.0.4.2-28.1
libreoffice-l10n-sk-5.0.4.2-28.1
libreoffice-l10n-sl-5.0.4.2-28.1
libreoffice-l10n-sr-5.0.4.2-28.1
libreoffice-l10n-ss-5.0.4.2-28.1
libreoffice-l10n-st-5.0.4.2-28.1
libreoffice-l10n-sv-5.0.4.2-28.1
libreoffice-l10n-ta-5.0.4.2-28.1
libreoffice-l10n-te-5.0.4.2-28.1
libreoffice-l10n-th-5.0.4.2-28.1
libreoffice-l10n-tn-5.0.4.2-28.1
libreoffice-l10n-tr-5.0.4.2-28.1
libreoffice-l10n-ts-5.0.4.2-28.1
libreoffice-l10n-uk-5.0.4.2-28.1
libreoffice-l10n-ve-5.0.4.2-28.1
libreoffice-l10n-xh-5.0.4.2-28.1
libreoffice-l10n-zh-Hans-5.0.4.2-28.1
libreoffice-l10n-zh-Hant-5.0.4.2-28.1
libreoffice-l10n-zu-5.0.4.2-28.1
libreoffice-share-linker-1-2.2
mdds-devel-0.12.1-2.4.2


References:

https://www.suse.com/security/cve/CVE-2014-3693.html
https://www.suse.com/security/cve/CVE-2014-8146.html
https://www.suse.com/security/cve/CVE-2014-8147.html
https://www.suse.com/security/cve/CVE-2014-9093.html
https://www.suse.com/security/cve/CVE-2015-4551.html
https://www.suse.com/security/cve/CVE-2015-45513.html
https://www.suse.com/security/cve/CVE-2015-5212.html
https://www.suse.com/security/cve/CVE-2015-5213.html
https://www.suse.com/security/cve/CVE-2015-5214.html
https://bugzilla.suse.com/679938
https://bugzilla.suse.com/829430
https://bugzilla.suse.com/889755
https://bugzilla.suse.com/897903
https://bugzilla.suse.com/900186
https://bugzilla.suse.com/900214
https://bugzilla.suse.com/900218
https://bugzilla.suse.com/907636
https://bugzilla.suse.com/910805
https://bugzilla.suse.com/910806
https://bugzilla.suse.com/915996
https://bugzilla.suse.com/916181
https://bugzilla.suse.com/926375
https://bugzilla.suse.com/929793
https://bugzilla.suse.com/934423
https://bugzilla.suse.com/936188
https://bugzilla.suse.com/936190
https://bugzilla.suse.com/939996
https://bugzilla.suse.com/940838
https://bugzilla.suse.com/943075
https://bugzilla.suse.com/945047
https://bugzilla.suse.com/945692
https://bugzilla.suse.com/951579
https://bugzilla.suse.com/954345


< Previous Next >
This Thread
  • No further messages