Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2616


Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1


Type: security
Severity: moderate
Issued: 2018-11-08
Description:

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues:

LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes:

The full changelog can be found on:

        https://wiki.documentfoundation.org/ReleaseNotes/6.1

Bugfixes:

- bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally
- bsc#1098891 Table in PPTX misplaced and partly blue
- bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX
- bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit

- Add more translations:
  * Belarusian
  * Bodo
  * Dogri
  * Frisian
  * Gaelic
  * Paraguayan_Guaran
  * Upper_Sorbian
  * Konkani
  * Kashmiri
  * Luxembourgish
  * Monglolian
  * Manipuri
  * Burnese
  * Occitan
  * Kinyarwanda
  * Santali
  * Sanskrit
  * Sindhi
  * Sidamo
  * Tatar
  * Uzbek
  * Upper Sorbian
  * Venetian
  * Amharic
  * Asturian
  * Tibetian
  * Bosnian
  * English GB
  * English ZA
  * Indonesian
  * Icelandic
  * Georgian
  * Khmer
  * Lao
  * Macedonian
  * Nepali
  * Oromo
  * Albanian
  * Tajik
  * Uyghur
  * Vietnamese
  * Kurdish

- Try to build all languages see bsc#1096360
- Make sure to install the KDE5/Qt5 UI/filepicker
- Try to implement safeguarding to avoid bsc#1050305
- Disable base-drivers-mysql as it needs mysqlcppcon that is only
  for mysql and not mariadb, causes issues bsc#1094779
  * Users can still connect using jdbc/odbc
- Fix java detection on machines with too many cpus

- CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606)

libepubgen was updated to 0.1.1:

- Avoid <div> inside <p> or <span>.
- Avoid writin vertical-align attribute without a value.
- Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote.
- Handle relative width for images.
- Fixed layout: write chapter names to improve navigation.
- Support writing mode.
- Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML <body> attribute.

liblangtag was updated to 0.6.2:

- use standard function
- fix leak in test

libmwaw was updated to 0.3.14:

- Support MS Multiplan 1.1 files

libnumbertext was update to 1.0.5:

- Various fixes in numerical calculations and issues reported on libreoffice tracker

libstaroffice was updated to 0.0.6:

- retrieve some StarMath's formula,
- retrieve some charts as graphic,
- retrieve some fields in sda/sdc/sdp text-boxes,
- .sdw: retrieve more attachments.

libwps was updated to 0.4.9:

- QuattroPro: add parser to .wb3 files
- Multiplan: add parser to DOS v1-v3 files
- charts: try to retrieve charts in .wk*, .wq* files
- QuattroPro: add parser to .wb[12] files

myspell-dictionaries was updated to 20181025:

- Turkish dictionary added
- Updated French dictionary

xmlsec1 was updated to 1.2.26:

- Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation
- Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto



              

Packages


  • xmlsec1-1.2.26-3.3.1