Debian Patches

Status for libreoffice/1:7.0.4-4+deb11u10

Patch Description Author Forwarded Bugs Origin Last update
no-check-if-root.diff no
debian-opt.diff diff --git a/configure.ac b/configure.ac
index f06ef8e..91ce612 100644
no
jurt-soffice-location.diff commit b71107fb12e3c3125e0cb62c5a4f6636a80c6408

on debian-based systems, we know where our soffice binary is

diff --git a/jurt/com/sun/star/lib/util/NativeLibraryLoader.java b/jurt/com/sun/star/lib/util/NativeLibraryLoader.jav
index da22980..36664ca 100644
Bjoern Michaelsen <bjoern.michaelsen@canonical.com> no
split-evoab.diff diff --git a/scp2/source/gnome/file_gnome.scp b/scp2/source/gnome/file_gnome.scp
index c7a13c8..a3f59a6 100644
no
debian-debug.diff diff --git a/solenv/gbuild/platform/com_GCC_defs.mk b/solenv/gbuild/platform/com_GCC_defs.mk
index 9de88a2..9161a4e 100644
no
build-against-shared-lpsolve.diff diff --git a/configure.ac b/configure.ac
index cdae8b5..49f3ba2 100644
no
install-fixes.diff diff --git a/bin/distro-install-file-lists b/bin/distro-install-file-lists
index eaabf9c..c1b1ec6 100755
no
mention-java-common-package.diff diff --git a/jvmfwk/plugins/sunmajor/javaenvsetup/javaldx.cxx b/jvmfwk/plugins/sunmajor/javaenvsetup/javaldx.cxx
index 718902caba6f..3c8499b5a42c 100644
no
help-msg-add-package-info.diff diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index 1b0ea6ccb2ff..630f4330552a 100644
no
sensible-lomua.diff =================================================================== no
reportdesign-mention-package.diff diff --git a/dbaccess/inc/strings.hrc b/dbaccess/inc/strings.hrc
index 47068f43d09e..1f8b9a2331b6 100644
no
jdbc-driver-classpaths.diff diff --git a/officecfg/registry/data/org/openoffice/Office/DataAccess.xcu b/officecfg/registry/data/org/openoffice/Office/DataAccess.xcu
index 9be30a2..59c87cb 100644
no
make-package-modules-not-suck.diff diff --git a/scp2/InstallModule_draw.mk b/scp2/InstallModule_draw.mk
index a7c02be..d48edf2 100644
no
mediwiki-oor-replace.diff diff --git a/swext/mediawiki/src/registry/data/org/openoffice/Office/OptionsDialog.xcu b/swext/mediawiki/src/registry/data/org/openoffice/Office/OptionsDialog.xcu
index 2b35ced08f31..0c96070dd4f0 100644
no
debian-hardened-buildflags-CPPFLAGS.diff no
debian-hardened-buildflags-no-LO-fstack-protector-strong.diff don't hardcode -fstack-protector-strong in configure.ac/gbuild. We get the
hardening flags from dpkg-buildflags anyway.

diff --git a/solenv/gbuild/platform/com_GCC_defs.mk b/solenv/gbuild/platform/com_GCC_defs.mk
index 712a61df544f..0d50f538ba7b 100644
no
disable-flaky-tests.diff 14:13 < mst__> _rene_, the toolkit unoapi tests are known to be flaky (in some
system dependent way) e.g. on the Win@6 tinderbox it always
crashes
14:14 < mst__> _rene_, sc.ScAccessible* tests also fail on some systems some of
the time

diff --git a/toolkit/Module_toolkit.mk b/toolkit/Module_toolkit.mk
index 25db0b6..14e507c 100644
no
fix-internal-hsqldb-build.diff diff -urN hsqldb.old/patches/use-system-servlet-api.jar.diff hsqldb/patches/use-system-servlet-api.jar.diff no
javadoc-optional.diff Gemeinsame Unterverzeichnisse: odk-old/config und odk/config.
Gemeinsame Unterverzeichnisse: odk-old/docs und odk/docs.
Gemeinsame Unterverzeichnisse: odk-old/examples und odk/examples.
diff --git a/odk/Module_odk.mk b/odk/Module_odk.mk
index 32bdfc1..a174932 100644
no
hppa-is-32bit.diff diff --git a/configure.ac b/configure.ac
index 42dc3b4..f5a51c9 100644
no
no-packagekit-per-default.diff diff --git a/officecfg/registry/data/org/openoffice/Office/Common.xcu b/officecfg/registry/data/org/openoffice/Office/Common.xcu
index 3d138551b593..9cb9831f3236 100644
no
system-officeotron-and-odfvalidator.diff diff --git a/bin/odfvalidator.sh.in b/bin/odfvalidator.sh.in
index 56e2f29..9415ef6 100644
no
no-openssl.diff don't add -lssl etc if not needed (because we use system-postgresql)

diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 0fc7d25..952b140 100644
no
cppunit-optional.diff diff --git a/configure.ac b/configure.ac
index c12fe95a561c..66d327ae8fb8 100644
no
apparmor-complain.diff diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash
index fef54b7ee384..9dde31a63615 100644
no
hide-math-desktop-file.patch Hide startcenter and math from the shell Olivier Tilloy <olivier.tilloy@canonical.com> not-needed
appstream-ignore-startcenter.diff no
disable-java-in-odk-build-examples-on-zero-vm.diff diff --git a/config_host.mk.in b/config_host.mk.in
index 8cbbc5fee1d5..40e37643a0ea 100644
no
do-not-hide-test-output.diff diff --git a/odk/build-examples_common.mk b/odk/build-examples_common.mk
index abcb3a3e2593..35d45ad23413 100644
no
apparmor-allow-java.security.diff diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 2fc7fd6b5735..3fd82b08431e 100644
no
apparmor-cleanups.diff [PATCH] apparmor: use dri-enumerate abstraction
Remove backported rule and use new dri-enumerate abstraction instead.
dri-enumerate is available in AppArmor 2.13, which recently migrated
into Debian Buster.
Vincas Dargis <vindrg@gmail.com> no 2018-08-04
apparmor-mesa.diff no
disableClassPathURLCheck.diff no
use-mariadb-java-instead-of-mysql-java.diff [PATCH] mariadb Markus Koschany <apo@debian.org> no 2018-11-09
apparmor-opencl.diff AppArmor in Debian Buster now has OpenCL abstractions.

Include OpenCL abstractions to fix OpenCL usage in Calc.
===================================================================
no
fix-uicheck-tests-on-i386.patch fix rounding errors that cause autopkgtests to fail on i386 Olivier Tilloy <olivier.tilloy@canonical.com> no
fix-flaky-bridgetest.diff Add safer float comparisons to bridgetest equals() Marcus Tomlinson <marcus.tomlinson@canonical.com> no
add-access2base-doc.diff no
sc-opengl-optional.diff diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index c657bd81defc..d5678c089f41 100644
no
fix-lo-xlate-lang-nb.diff diff --git a/bin/lo-xlate-lang b/bin/lo-xlate-lang
index d158b3fd50d0..06530621731a 100755
no
disable-shortcuts_tab_navigation-uitest.diff diff --git a/cui/qa/uitest/dialogs/shortcuts.py b/cui/qa/uitest/dialogs/shortcuts.py
deleted file mode 100644
index 8a52ee42315a..000000000000
no
no-opencl-per-default.diff [PATCH] Resolves: rhbz#1432468 disable opencl by default =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2017-03-27
bigendian.diff Convert attribute value to UTF-8 when passing it to libxml2
Using toUtf8, requiring the OUString to actually contain well-formed data, but
which is likely OK for this test-code--only function, and is also what similar
dumpAsXml functions e.g. in editeng/source/items/textitem.cxx already use.

This appears to have been broken ever since the code's introduction in
553f10c71a2cc92f5f5890e24948f5277e3d2758 "add dumpAsXml() to more pool items",
and it would typically only have written the leading zero or one
(depending on the architecture's endianness) characters. (I ran across it on
big-endian s390x, where CppunitTest_sd_tiledrendering
SdTiledRenderingTest::testTdf104405 failed because of

> Entity: line 2: parser error : Input is not proper UTF-8, indicate encoding !
> Bytes: 0xCF 0x22 0x2F 0x3E
> ation=""/><SfxPoolItem whichId="4017" typeName="13SvxBulletItem" presentation="%
> ^

apparently reported from within libxml2.)
Stephan Bergmann <sbergman@redhat.com> no 2020-09-23
liborcus-0.16.diff Upgrade liborcus to 0.16.0. Kohei Yoshida <kohei@libreoffice.org> no 2020-09-09
bash-completion-DRAWDOCS-pdf.diff add pdf to DRAWDOCS for bash-completion Rene Engelhard <rene@debian.org> no 2020-11-03
fix-bluez-external.diff diff --git a/sd/Library_sd.mk b/sd/Library_sd.mk
index 9d399e8e3f5a..d70b5216fe05 100644
no
unowinreg-static-libgcc.diff diff --git a/odk/CustomTarget_unowinreg.mk b/odk/CustomTarget_unowinreg.mk
index 3a46ddfd6860..a847e1d6bb38 100644
no
pdfium-m68k.diff don't break pdfium build on m68k

used anyway in pdfium...

diff --git a/external/pdfium/configs/build_config.h b/external/pdfium/configs/build_config.h
index 22084c0a0836..6fd080e644fb 100644
no
apparmor-updates.diff diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 42053db2abef..83bd9d11f93c 100644
no
xmlsecurity-replace-XSecParser-implementation.diff xmlsecurity: replace XSecParser implementation
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.

(cherry picked from commit 12b15be8f4f930a04d8056b9219ac969b42a9784)


(cherry picked from commit 59df9e70ce1a7ec797b836bda7f9642912febc53)


(cherry picked from commit cfeb89a758b5f0ec406f0d72444e52ed2f47b85e)
Michael Stahl <michael.stahl@allotropia.de> no 2021-02-12
xmlsecurity-XSecParser-confused-about-multiple-timestamps.diff xmlsecurity: XSecParser confused about multiple timestamps
LO writes timestamp both to dc:date and xades:SigningTime elements.

The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.

Ideally something should check all read values for consistency.

(cherry picked from commit 4ab8d9c09a5873ca0aea56dafa1ab34758d52ef7)


(cherry picked from commit d2a345e1163616fe3201ef1d6c758e2e819214e0)
Michael Stahl <michael.stahl@allotropia.de> no 2021-02-18
xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff xmlsecurity: ignore elements in ds:Object that aren't signed
(cherry picked from commit 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce)
Michael Stahl <michael.stahl@allotropia.de> no 2021-02-19
default-to-CertificateValidity::INVALID.diff default to CertificateValidity::INVALID
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to

notably

commit 1e0bc66d16aee28ce8bd9582ea32178c63841902

jl137: #103420# better logging

turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2009-11-05
xmlsecurity-improve-handling-of-multiple-X509Data-elements.diff xmlsecurity: improve handling of multiple X509Data elements
Combine everything related to a certificate in a new struct X509Data.

The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().

There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.

The main point of this is enforcing a constraint from xmldsig-core 4.5.4:

All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.

(cherry picked from commit 9e82509b09f5fe2eb77bcdb8fd193c71923abb67)


It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.

How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.

One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().

Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.

(cherry picked from commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66)


(cherry picked from commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42)


Fallback to PGP if there's no X509 signing certificate because
CheckX509Data() failed prevents the dialog from popping up.

To avoid confusing the user in this situation, the dialog should
show no certificate, which is already the case.

(cherry picked from commit 90b725675c2964f4a151d802d9afedd8bc2ae1a7)


If the argument is null.

This function also should use EqualDistinguishedNames().

(cherry picked from commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d)
Michael Stahl <michael.stahl@allotropia.de> no 2021-02-25
hrk-euro.diff Resolves: tdf#150011 Add HRK Croatian Kuna conversion to EUR Euro
i18npool/source/localedata/data/hr_HR.xml
Eike Rathke <erack@redhat.com> no 2022-07-22
b0404f80577de9ff69e58390c6f6ef949fdb0139.patch [PATCH] only use X509Data
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2021-12-20
0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch [PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2022-03-03
0002-CVE-2022-26307-make-hash-encoding-match-decoding.patch [PATCH 2/4] CVE-2022-26307 make hash encoding match decoding
Seeing as old versions of the hash may be in the users config, add a
StorageVersion field to the office config Passwords section which
defaults to 0 to indicate the old hash is in use.

Try the old varient when StorageVersion is 0. When a new encoded master
password it set write StorageVersion of 1 to indicate a new hash is in
use and use the new style when StorageVersion is 1.

(cherry picked from commit e890f54dbac57f3ab5acf4fbd31222095d3e8ab6)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2022-03-21
0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch [PATCH 3/4] CVE-2022-26306 add Initialization Vectors to password storage

old ones default to the current all zero case and continue to work
as before

(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2022-03-22
0004-CVE-2022-2630-6-7-add-infobar-to-prompt-to-refresh-t.patch add infobar to prompt to refresh to replace old format
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2022-03-23
fix-e_book_client_connect_direct_sync-sig.diff diff --git a/connectivity/source/drivers/evoab2/EApi.h b/connectivity/source/drivers/evoab2/EApi.h
index 8c05f95fa2ce..928786d79f00 100644
no
ZDI-CAN-17859.diff These commands are always URLs already
Conflicts:
wizards/source/scriptforge/SF_Session.xba
Stephan Bergmann <sbergman@redhat.com> no 2022-08-30
hrk-euro-default.diff [PATCH] Resolves: tdf#150011 Switch default currency HRK Croatian Kuna to EUR Euro

HR will join Euro area on 2023-01-01.

(cherry picked from commit c58bc31ece80ccdfc88bd043787869c5e460dbd8)
Eike Rathke <erack@redhat.com> no 2022-11-27
avoid-empty-java.class.path.diff Avoid unnecessary empty -Djava.class.path= Stephan Bergmann <sbergman@redhat.com> no 2022-02-21
CVE-2023-2255.diff set Referer on loading IFrames
so tools, options, security, options,
"block any links from document not..."
applies to their contents.
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> no 2023-04-11
sc-stack-parameter-count.diff [PATCH] Obtain actual 0-parameter count for OR(), AND() and 1-parameter functions

OR and AND for legacy infix notation are classified as binary
operators but in fact are functions with parameter count. In case
no argument is supplied, GetByte() returns 0 and for that case the
implicit binary operator 2 parameters were wrongly assumed.
Similar for functions expecting 1 parameter, without argument 1
was assumed. For "real" unary and binary operators the compiler
already checks parameters. Omit OR and AND and 1-parameter
functions from this implicit assumption and return the actual 0
count.

(cherry picked from commit e7ce9bddadb2db222eaa5f594ef1de2e36d57e5c)
(cherry picked from commit d6599a2af131994487d2d9223a4fd32a8c3ddc49)
Eike Rathke <erack@redhat.com> no 2023-02-16
escape-url-passed-to-gstreamer.diff escape url passed to gstreamer
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-03
improve-macro-checks.diff diff --git a/include/sfx2/docmacromode.hxx b/include/sfx2/docmacromode.hxx
index 9533518bee9d..aa120240688e 100644
no
floating-frame-targets-unneeded-protocols.diff add some protocols that don't make sense as floating frame targets
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
(cherry picked from commit bab433911bdecb344f7ea94dbd00690241a08c54)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-03
warn-about-exotic-protocols-as-well.diff warn about exotic protocols as well
(cherry picked from commit 1305f70cff8a81a58a5a6d9c96c5bb032005389e)
(cherry picked from commit 2e1bcbb550d54278b366ec619cc5280d44d6aba4)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-04
ignore-LO-special-purpose-hyperlinks-per-default.diff default to ignoring libreoffice special-purpose protocols in calc hyperlink

(cherry picked from commit b6062623b4d69c79e90e9365ac7c5e7f11986793)
(cherry picked from commit 672716d09c54cb6fdd59baa7da4b8393cf104cd2)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-03
reuse-AllowedLinkProtocolFromDocument-1.diff reuse AllowedLinkProtocolFromDocument in writer
reorg calc hyperlink check to reuse elsewhere

(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)

reuse AllowedLinkProtocolFromDocument in writer

(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)

combine these hyperlink dispatchers into one call

(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)

we can have just one LoadURL for writer

(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-15
reuse-AllowedLinkProtocolFromDocument-2.diff reuse AllowedLinkProtocolFromDocument in impress/draw
(cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20)
=?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com> no 2023-11-22
work-around-expired-certificiate-in-test.diff diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx
index 1898d3f1377f..be3d9ebd3253 100644
no
add-notify-for-script-use.diff add notify for script use Caolán McNamara <caolan.mcnamara@collabora.com> no 2024-03-27
remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff [PATCH] remove ability to trust not validated macro signatures in high security

Giving the user the option to determine if they should trust an
invalid signature in HIGH macro security doesn't make sense.
CommonName of the signature is the most prominent feature presented
and the CommonName of a certificate can be easily forged for an
invalid signature, tricking the user into accepting an invalid
signature.

in the HIGH macro security setting only show the pop-up to
enable/disable signed macro if the certificate signature can be
validated.

cherry-picked without UI/String altering bits for 24-2

(cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
Sarper Akdemir <sarper.akdemir@allotropia.de> no 2024-06-11

All known versions for source package 'libreoffice'

Links