libreoffice-7.6.4.1

[Bruce Dubbs]

New point version.

[Joe Locash]

Patch for libxml2-2.12.x and sed for ICU 74+ are still needed.

[Joe Locash]

Just an observation from looking at the book...

I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).

[Douglas R. Reno]

Replying to Joe Locash:

Just an observation from looking at the book...

I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).

I'll do that with this update.

We're talking about patching libxml2 to fix the header removal problems (which will also be present in the next libxml2 release). Once that is done, I will rediff the patch to remove the header inclusion changes - but the const XMLError changes will still be required.

[Douglas R. Reno]

List of fixed bugs

Bugs fixed compared to 7.6.3 RC2:

    tdf#99822 FILEOPEN: Floating table objects in tables horizontal position relative to 
margin is wrong in Writer
    tdf#104288 FILESAVE RTF: File size increases with factor 5 after re-saving a certain 
RTF-document
    tdf#125580 Slightly off value when adding date plus time values
    tdf#127498 TIMEVALUE() sometimes returns a slightly less or greater than expected 
value
    tdf#127547 Freeze/crash in Microsoft Print to PDF dialog when trying to paste (Ctrl-
V) a filename in the 'Save Print Output As' dialog
    tdf#148000 FILEOPEN PPTX: curved text doesn't line break properly and becomes too 
wide
    tdf#148389 The bracket of "display of bookmarks formatting" doesn't position itself 
properly at undo
    tdf#152571 Very slow save (macOS, ARM)
    tdf#153178 FILEOPEN RTF Paragraphs before table disappear or open inside a frame 
    tdf#153194 FILEOPEN RTF Empty paragraph after page break moves to previous page 
    tdf#153693 Error in Api LanguageTool: partial words or large sections underlined 
when writing in Spanish
    tdf#153969 Text hidden when importing PDF document with RTL text and using he-IL 
locale
    tdf#155092 UI: Erratic behaviour after resizing spreadsheet window size
    tdf#155266 VIEWING / SCROLLING: very laggy jerky scrolling on macOS Writer: scroll 
lag
    tdf#156565 FILESAVE PDF Using tabulator inside a link results to a PAC2021 
"Inconsistent entry found" error
    tdf#157589 PDF: Conversion of pdf to docx or doc collapses all content onto one page 
    tdf#157768 Highlighted no-break space not rendered in pdf and print-preview
    tdf#157816 PAC gives >"Link" annotation is not nested inside a "Link" structure 
element< error with references and caption frame
    tdf#157911 Wrong borders for tables split across multiple pages
    tdf#157992 UI Changing a spelling error in the spelling dialog removes footnote from 
the edited sentence
    tdf#158044 RTF import paragraph style attribute handling wrong
    tdf#158072 Fails to apply AutoFilter or Standard Filter in Mail Merge dialog after 
it was applied once successfully (Writer+Calc)
    tdf#158083 FILESAVE RTF Images are saved twice
    tdf#158090 No way to run signed macros from unsigned document in Medium security level
    tdf#158094 Can't remove trusted certificate in Macro Security
    tdf#158117 LanguageTool integration: "+" character not recognized for the user ID 
    tdf#158121 Math - Print settings not read after changing
    tdf#158169 Crash when using multiple Views
    tdf#158171 Crash when double-clicking DeepL translation dialog OK button
    tdf#158202 Candy template turns blue when applied a second time from sidebar's 
Master Slides deck
    tdf#158203 Freshes template turns blue when applied a second time from sidebar's 
Master Slides deck
    tdf#158204 Midnightblue template turns light blue if applied from sidebar's Master 
Slides deck
    tdf#158224 EDITING CRASH Cannot convert bitmap to polygons [Noel Grandin]
    tdf#158265 Cell Format Date changes cell value in case of high resolution date/time 
values
    tdf#158307 Android Viewer: Formula bar in Calc partially cut off with large font 
size (Accessibility)
    tdf#158331 Android Viewer: "Save as" creates 0 byte file (with Experimentation Mode 
turned off)
    tdf#158336 "**Expression is Faulty**" after copying/pasting formula in another table 
    tdf#158338 Opening file with image when JAWS is running causes endless loop
    tdf#158341 FILEOPEN DOCX Endless loop on opening file
    tdf#158396 Frame title should show DocumentTitle when set in MediaDescriptor
    tdf#158398 Android Viewer: Improve display of spreadsheet row/column headers

[Douglas R. Reno]

This version fixes CVE-2023-6345, the critical Skia security vulnerability that's under active exploitation (we fixed this in qtwebengine on 12/01/2023): ​https://git.libreoffice.org/core/+/f1b017b19918df3406e77992ff499207235952c0

This is going to need a security advisory.

[Douglas R. Reno]

Fixed at 8d0bd18ad54347749dec129ebae20bd15d1ec686

I filed SA-12.0-054. The attack vector would be a malicious image inside of a document.

[Douglas R. Reno]

The security advisory needs to be updated. Two additional vulnerabilities were fixed - CVE-2023-6185, and CVE-2023-6186

[Douglas R. Reno]

CVE-2023-6185: LibreOffice supports embedded videos in file formats via platform audio/video support. Typically under Linux this is via gstreamer. In affected version of LibreOffice the filename of the embedded video is not sufficiently escaped when passed to gstreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

CVE-2023-6186: LibreOffice supports hyperlinks. In addition to the typical common protocols such as http/https hyperlinks can also have target URLs that can launch built-in macros or dispatch built-in internal commands. In affected version of LibreOffice there are scenarios where these can be executed without warning if the user activates such hyperlinks. In later versions the users's explicit macro execution permissions for the document are now consulted if these non-typical hyperlinks can be executed. The possibility to use these variants of hyperlink targets for floating frames has been removed.

Updated SA-12.0-054 to record new details on these vulnerabilities.