core.git: Changes to 'feature/cib_contract891d'

Thu, 13 Feb 2025 15:47:00 -0800 

New branch 'feature/cib_contract891d' available with the following commits:
commit 394da9dfa0d05ec8dd15f7ed1ff9541b66640ec7
Author: Caolán McNamara <[email protected]>
Date:   Sun Sep 1 14:40:46 2024 +0100

    use final upstream merged fix for this boost issue
    
    Change-Id: I33a347d3c0efc4a38389d525f3c9e5f41a957d47
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172723
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>

commit 8b65220f3bac4c47fee2df01727bf19cd3c863c5
Author: Xisco Fauli <[email protected]>
Date:   Thu Aug 22 12:10:43 2024 +0200

    libcmis: fix build against boost-1.86.0
    
    Based on https://github.com/tdf/libcmis/issues/67
    
    Change-Id: I0de90a423110b03a649bd7b20f7392f3aa5a45c3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172246
    Reviewed-by: Xisco Fauli <[email protected]>
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>

commit a52a7e357c0f97075801f65ec1877072b66b49af
Author: Thorsten Behrens <[email protected]>
Date:   Fri Jan 12 12:01:29 2024 +0100

    Fix system-libfixmath
    
    Seems distros start to disagree on whether its liblibfixmath or just
    libfixmath.
    
    Change-Id: I54a42b2ba050980ae632ab3c82254131cad7787e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161969
    Tested-by: Jenkins
    Reviewed-by: Thorsten Behrens <[email protected]>

commit 4e51264c8089f109926d5c5f607d0e7244a87f62
Author: Michael Stahl <[email protected]>
Date:   Wed Jan 15 10:55:05 2025 +0100

    redland: disable all raptor parsers except for "rdfxml"
    
    It's the only one the unordf component invokes.
    
    CVE-2024-57823 CVE-2024-57822 affect the "ntriples" and "turtle"
    parsers.
    
    However it appears that the function raptor_uri_normalize_path() could
    also be called from raptor_libxml_* functions?  Somewhat unclear, let's
    add the patch just in case.
    
    Change-Id: Idd7ebbc29c63e84ca2434b06c26f7aca34bdcaa5
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/180272
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <[email protected]>

commit 00ebdaf792b90c20adfb0128e7e7b6b68382a008
Author: Taichi haradaguchi <[email protected]>
Date:   Sat Jan 6 14:49:07 2024 +0900

    Upgrade raptor to 2.0.16
    
    - Fixes CVE-2017-18926 and CVE-2020-25713.
    - drop 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1:
      merged upstream
    - drop 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1:
      merged upstream
    - drop libtool.patch: merged upstream
    - drop most of raptor-freebsd.patch.1: merged upstream
    - drop most of raptor-msvc.patch.1: merged upsttream
    - drop most of ubsan.patch: merged upstream
    - drop Wint-conversion.patch: merged upstream
    
    depend on package icu_ure to have libicuuc delivered and add corresponding
    directory to rpath-link to make sure the right copy is picked up
    use $(strip ...) in LDFLAGS to avoid having to escape , with $(COMMA)
    
    Change-Id: Ic05269ade5dae3761d98432ee504a51434a4c753
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161704
    Reviewed-by: Christian Lohmaier <[email protected]>
    Tested-by: Jenkins

commit e2766fba4c5592a5c96bb18e5287f15ad73cd81f
Author: Stephan Bergmann <[email protected]>
Date:   Sat Dec 7 17:36:22 2024 +0100

    Fix check for further exotic protocols
    
    ...that were added in 59891cd3985469bc44dbd05c9fc704eeb07f0c78 "look at
    'embedded' protocols for protocols that support them"
    
    Change-Id: I42836d6fd27cd99e39ab07e626053f002a2651f5
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178047
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <[email protected]>
    (cherry picked from commit 8075798b22f2188530f57b8747589923bfd419ef)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178065
    Tested-by: Caolán McNamara <[email protected]>
    Reviewed-by: Caolán McNamara <[email protected]>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178166
    Reviewed-by: Miklos Vajna <[email protected]>
    Tested-by: Jenkins CollaboraOffice <[email protected]>
    (cherry picked from commit a58893f2de8210008fa7bb403e9c9000869e6c04)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178294

commit c3e9b4d4fcdb6e40b8195bc9eeaaaefca439cbc0
Author: Caolán McNamara <[email protected]>
Date:   Fri Dec 6 14:41:19 2024 +0000

    look at 'embedded' protocols too
    
    Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>
    (cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987
    Reviewed-by: Stephan Bergmann <[email protected]>
    (cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178164
    Tested-by: Jenkins CollaboraOffice <[email protected]>
    Reviewed-by: Miklos Vajna <[email protected]>
    (cherry picked from commit e25d074b3163971d64d24976af1a9bd0634c8da5)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178293

commit 88de981d72fc5f525651483d8ae9452b460e6b51
Author: Caolán McNamara <[email protected]>
Date:   Fri Nov 15 12:30:39 2024 +0000

    consider VndSunStarExpand an exotic protocol
    
    and generally don't bother with it when fetching data
    from urls
    
    Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176922
    Reviewed-by: Miklos Vajna <[email protected]>
    Tested-by: Jenkins CollaboraOffice <[email protected]>
    (cherry picked from commit 4fbe740677b90d8b73842b60863e2f4c9f4ea382)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178292
    Reviewed-by: Caolán McNamara <[email protected]>

commit 29a4fe70c70f1a5e46803003ff4f0565e43c010f
Author: Caolán McNamara <[email protected]>
Date:   Fri Nov 8 16:51:47 2024 +0000

    be conservative on allowed temp font names
    
    Change-Id: Iefdc1a8c9b4c7e8c08c84f747f8287ac3c419839
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176286
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>
    Reviewed-by: Michael Stahl <[email protected]>

commit 4c1cf88fca1479c719689a882073689033250f3f
Author: Michael Stahl <[email protected]>
Date:   Fri Aug 2 14:24:29 2024 +0200

    nss: upgrade to release 3.102.1
    
    Not sure what moz#1905691 is but they did an ESR release for it...
    
    Change-Id: I271d592dd9d61157f4fbe819258c90414c1b4e52
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171425
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <[email protected]>

commit 607ce8768a8e37681bcb70b4b2b9b06e0f045cb2
Author: Xisco Fauli <[email protected]>
Date:   Tue Jun 11 09:50:36 2024 +0200

    nss: upgrade to 3.101
    
    Downloaded from 
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_101_RTM/src/nss-3.101-with-nspr-4.35.tar.gz
    
    Change-Id: I8314faf1af069a5dc438f0d53f327ae2193ca59d
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168663
    Reviewed-by: Xisco Fauli <[email protected]>
    Tested-by: Jenkins

commit a424aab7e773e8d93a470bba87fd6aeaaca85fc8
Author: Xisco Fauli <[email protected]>
Date:   Mon Mar 25 10:56:38 2024 +0100

    nss: upgrade to release 3.99
    
    Change-Id: I77ccc45854b2d0aecc288f471d94c81ad9089f85
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165273
    Tested-by: Xisco Fauli <[email protected]>
    Reviewed-by: Xisco Fauli <[email protected]>

commit fc863d265581b5aa948958a4e8e469a9e34b1f6e
Author: Michael Stahl <[email protected]>
Date:   Wed Sep 18 11:20:43 2024 +0200

    libtiff: upgrade to release 4.7.0
    
    Fixes CVE-2023-52356 CVE-2024-7006
    
    ofz65182.patch was apparently merged upstream and then reverted;
    Caolán suggested to drop the patch and see if ofz still finds a problem
    there.
    
    Change-Id: I0967708f19a7151b020372eca3c906b30f693db9
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173602
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <[email protected]>

commit 9ff90f8fbf271d860487debaaeb02ae829d127a6
Author: Caolán McNamara <[email protected]>
Date:   Sun Jun 30 21:18:36 2024 +0100

    upgrade to tiff-4.6.0t
    
    Change-Id: I6e521a84dc6d08d754c42200094ebec214637de2
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169777
    Reviewed-by: Caolán McNamara <[email protected]>
    Tested-by: Jenkins

commit 84bb8ebbe2bb71694adf27cb7e76a973627394fc
Author: Michael Stahl <[email protected]>
Date:   Tue Sep 10 10:30:00 2024 +0200

    expat: upgrade to release 2.6.3
    
    Fixes CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
    
    Change-Id: I17f7d9a5c540e7d2005515f1f4fd79e0a5c631ca
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173124
    Reviewed-by: Michael Stahl <[email protected]>
    Tested-by: Jenkins

commit 9d4355a9990eacd8ab0079b1ad0c6306b7e40e8f
Author: Caolán McNamara <[email protected]>
Date:   Thu Jan 30 20:37:38 2025 +0000

    Filter out more unwanted command URIs
    
    Change-Id: I24c95d73b4fee89bdf044d5dd6efc9cd89627c54
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/180970
    Tested-by: Jenkins
    Reviewed-by: Mike Kaganski <[email protected]>
    Reviewed-by: Caolán McNamara <[email protected]>

Reply via email to