Author: Jamie Strandboge
Revision Date: 2008-11-06 16:58:20 UTC

* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted WMF files
  - patches/src680/workspace.sjfixes06.diff: fix integer overflows in
    wmf/winwmf.cxx.
  - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
  - CVE-2008-2237
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted EMF files
  - patches/src680/workspace.sjfixes09-gutsy.diff: fix multiple parser flaws
    in wmf/enhwmf.cxx.
  - adapted from http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
  - CVE-2008-2238

Author: Jamie Strandboge
Revision Date: 2008-11-06 16:58:20 UTC

* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted WMF files
  - patches/src680/workspace.sjfixes06.diff: fix integer overflows in
    wmf/winwmf.cxx.
  - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
  - CVE-2008-2237
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted EMF files
  - patches/src680/workspace.sjfixes09-gutsy.diff: fix multiple parser flaws
    in wmf/enhwmf.cxx.
  - adapted from http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
  - CVE-2008-2238

Author: Chris Cheney
Revision Date: 2007-11-26 16:56:09 UTC

debian/rules: Loosen file move to libdba680l?.so since
OpenOffice encodes architecture information into soname.

Author: Kees Cook
Revision Date: 2008-04-23 09:50:05 UTC

[ Chris Cheney ]
* ooo-build/patches/src680/workspace.fwk82.diff,
  ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745,
  CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
* ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where
  the document can be manipulated so that the signature dialog display a
  false issuer

[ Kees Cook ]
* ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes
  backported for HSQLDB Java method calling (CVE-2007-4575).

Author: Kees Cook
Revision Date: 2008-04-23 09:50:05 UTC

[ Chris Cheney ]
* ooo-build/patches/src680/workspace.fwk82.diff,
  ooo-build/patches/src680/workspace.sjfixes03.diff: fix CVE-2007-5745,
  CVE-2007-5746,CVE-2007-5747 and CVE-2008-0320
* ooo-build/patches/src680/cws-jl85.diff: fix XML signing problem where
  the document can be manipulated so that the signature dialog display a
  false issuer

[ Kees Cook ]
* ooo-build/patches/src680/workspace.hsql1808.diff: upstream fixes
  backported for HSQLDB Java method calling (CVE-2007-4575).

Author: Chris Cheney
Revision Date: 2007-10-01 15:03:49 UTC

ooo-build/patches/src680/itiff.diff: fix tiff heap overflow
(CVE-2007-2834)

Author: Matthias Klose
Revision Date: 2006-12-01 10:32:55 UTC

* Disable the Shrink patchset (optimizations only), disabled in
  ooo-build by default. Ubuntu #62432.
* Fix crash in draw/impress on amd64 (taken from FC). Ubuntu #64919.
* Update cs desktop menu translations from Rosetta.
* Merge from Debian:
  - fix regcomp installation. Ubuntu #66466.
* Updated catalan GSI file (Jordi Mallach).
* Updated kurdish GSI file (Erdal Ronahi), do not re-import the
  kurdish translations into Rosetta, which are manually fixed in
  Rosetta.
* broffice.org: Divert the Ubuntu bitmap files, not the community
  bitmap files (universe only).
* Extract the language data for Kannado (kn), Tsonga (ts), Swahili (sw).
* Fix a race condition for parallel builds.

Author: Chris Cheney
Revision Date: 2007-10-01 15:03:49 UTC

ooo-build/patches/src680/itiff.diff: fix tiff heap overflow
(CVE-2007-2834)

Author: Matthias Klose
Revision Date: 2006-10-15 23:46:30 UTC

* Re-add ooo-build/po/ooo-build.pot with the current templates.
* Reimport current desktop menu translations from Rosetta.
  Ubuntu #66283.

Author: Jamie Strandboge
Revision Date: 2008-11-06 17:45:49 UTC

* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted WMF files
  - patches/src680/workspace.sjfixes06.diff: fix integer overflows in
    wmf/winwmf.cxx.
  - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
  - CVE-2008-2237
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted EMF files
  - patches/src680/workspace.sjfixes09-plus-nStart.diff: fix multiple parser
    flaws in wmf/enhwmf.cxx.
  - adapted from http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
  - CVE-2008-2238

Author: Matthias Klose
Revision Date: 2006-09-19 10:42:52 UTC

openoffice.org-impress: Replaces earlier versions of
openoffice.org-common. Ubuntu #58798 and duplicates.

Author: Jamie Strandboge
Revision Date: 2008-11-06 17:45:49 UTC

* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted WMF files
  - patches/src680/workspace.sjfixes06.diff: fix integer overflows in
    wmf/winwmf.cxx.
  - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
  - CVE-2008-2237
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
  code execution when processing crafted EMF files
  - patches/src680/workspace.sjfixes09-plus-nStart.diff: fix multiple parser
    flaws in wmf/enhwmf.cxx.
  - adapted from http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
  - CVE-2008-2238

Author: Adam Conrad
Revision Date: 2006-05-28 23:13:26 UTC

[ Matthias Klose ]
* Remove documentation files in openoffice.org-dev, which are
  also in openoffice.org-dev-doc. Ubuntu #46681.
* openoffice.org{,-base,-calc,-math,-draw,-impress,-writer,-kde,-gnome}:
  Do not conflict with the current version of the transition packages.
* Use the desktop files from ooo-build/desktop, more complete regarding
  current translations.

[ Adam Conrad ]
* Since we're using the other desktop files, do the OpenOffice.org
  s/Spreadsheet/Presentation/ fix for Impress there as well.
* Fix up some breakage in debian/control, WRT to duplicate Conflicts
  and Replaces stanzas that are being interpreted in fun ways.

Author: Matthias Klose
Revision Date: 2005-09-29 02:21:20 UTC

* New upstream version (import of OpenDocument formats).
* Synchronize with Debian.
* debian/rules:
  - Don't install the hyphen files.
  - Call dh_desktop.
* debian/control.in:
  - Adjust dependencies for 1.1.5.
* debian/control.lang.in:
  - Adjust dependencies for 1.1.5.
* Update xhosa translation for 1.1.5.
* Register applications for OpenDocument formats.

Author: Ubuntu Archive Auto-Sync
Revision Date: 2005-10-08 17:07:03 UTC

Automated backport upload; no source changes.

Author: Martin Pitt
Revision Date: 2006-07-04 10:17:02 UTC

* SECURITY UPDATE: Arbitrary code execution with crafted documents.
* Took patches from Debian's 1.1.3-9sarge1 and 1.1.3-9sarge2, thanks to Rene
  Engelhard!
* ooo-build/patches/OOO_1_1/sax+source+expatwrap+xml2utf.cxx.diff:
  security patch again (from upstream); fix memory corruption bug;
  it was possible to write values to arbritrary memory when
  opening special files. (CVE-2006-3117)
* ooo-build/patches/OOO_1_1/6438334-macros-so7-sfx2.diff: add patch
  from upstream to fix macro handling security bug; it was possible to
  embed macros in documents without OOo seeing them and executing them
  without any user interaction. (CVE-2006-2198)
* ooo-build/patches/OOO_1_1/6438333-applets-so7-officecfg.diff: add patch
  from upstream to disable Java applets feature because it's possible
  to write Java applets breaking out of the sandbox (NB: the normal
  packages don't build with Java so are not affected, but the
  openoffice.org-java addon package is) (CVE-2006-2199)
* debian/scripts/vars.i386: disable mozab on i386, too; uses mozilla
  *1.0* code and is a security nightmare. Already done pre-sarge for ppc,
  s390 and sparc but forgotten for i386 :/
* debian/MANIFEST.i386: update

Author: Matthias Klose
Revision Date: 2005-04-06 01:56:48 UTC

* Prefer a working font for the greek ui serif font. Ubuntu #2374.
* Hide more seldom used OOo menu entries.
* Fix display of accented characters for documents created with
  the OOo version from warty. Ubuntu #7538.

Author: Martin Pitt
Revision Date: 2005-04-30 06:39:50 UTC

* SECURITY UPDATE: Fix buffer overflow on malicious documents.
* Added patch CAN-2005-0941.patch:
  - sot/source/sdstor/stgole.cxx(), StgCompObjStream::Load(): Ignore
    the upper 16 bits of document-specified length (32 bit) since at
    allocation it is truncated to a 16-bit value, which can lead to
    wraparounds. [CAN-2005-0941]

Author: Nathaniel McCallum
Revision Date: 2004-09-23 16:48:02 UTC

* ooo-build/patches/OOO_1_1_2/apply: add these new patches
  - ooo-build/patches/OOO_1_1/security-tmp-dir.diff: upstream security fix
      . Ubuntu bug #1308
  - ooo-build/patches/OOO_1_1/gnome_desktop_files.diff:
      . combines desktop-menu-names.diff and desktop-mime.diff. bug #1188
      . add rtf mimetypes to Writer's mimetypes. bug #1638
      . add ppt mimetype to Impress's mimetypes. bug #1494
  - ooo-build/patches/OOO_1_1/ubuntu-splash.diff:
      . add Ubuntu as the vendor
      . reset splash to default OOo splash. bug #1076
* ooo-build/patches/OOO_1_1_2/apply: remove the patches replaced
    . debian-splash.diff
    . desktop-menu-names.diff
    . desktop-mime.diff
* debian/rules: don't build debian splash image
* debian/rules: don't change translations for woody