This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
- For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
- For the highlights of changes of version 7.4 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.4
- Security issues fixed:
- CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
- CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
- Bug fixes:
- Fix PPTX shadow effect for table offset (bsc#1204040)
- Fix ability to set the default tab size for each text object (bsc#1198666)
- Fix PPTX extra vertical space between different text formats (bsc#1200085)
- Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
- Updated bundled dependencies:
- boost version update from 1_77_0 to 1_80_0
- curl version update from 7.83.1 to 8.0.1
- icu4c-data version update from 70_1 to 72_1
- icu4c version update from 70_1 to 72_1
- pdfium version update from 4699 to 5408
- poppler version update from 21.11.0 to 22.12.0
- poppler-data version update from 0.4.10 to 0.4.11
- skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
- New build dependencies:
- fixmath-devel
- libwebp-devel
- zlib-devel
- dragonbox-devel
- at-spi2-core-devel
- libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
- New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
- New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
- Add debug code to read some private rsrc data
- Allow to read some MacWrite which does not have printer informations
- Add a parser for Scoop files
- Add a parser for ScriptWriter files
- Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
- Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
- Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use
--enable-openssl3-engines configure flag
(there will be a lot of deprecation warnings).
- The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
- Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled
-Werror and -pedantic
flags on CI builds.
- Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
- Support for OpenSSL compiled with OPENSSL_NO_ERR.
- Full support for LibreSSL 3.5.0 and above
- Several other small fixes
- Fix decrypting session key for two recipients
- Added
--privkey-openssl-engine option to enhance openssl engine support
- Remove MD5 for NSS 3.59 and above
- Fix PKCS12_parse return code handling
- Fix OpenSSL lookup
- xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
- Unload error strings in OpenSSL shutdown.
- Make userData available when executing preExecCallback function
- Add an option to use secure memset.
- Enabled XML_PARSE_HUGE for all xml parsers.
- Various build and tests fixes and improvements.
- Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
- Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
- Pass
--disable-md5 to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1