From 8b20c05419241a208681897069bb62c49059d7d4 Mon Sep 17 00:00:00 2001
From: Michael Weghorn <m.weghorn@posteo.de>
Date: Wed, 27 Sep 2023 20:06:06 +0200
Subject: [PATCH] LibreOffice Viewer: Mention libwebp CVE-2023-4863 for older
 versions

... as requested in [1].

LibreOffice versions from 7.4 on have been using libwebp,
so are presumably affected.

libwebp has been updated in 7.6.2, so that one is no
longer affected. [2] [3]

[1] https://gitlab.com/fdroid/fdroiddata/-/merge_requests/13777#note_1581068714
[2] https://bugs.documentfoundation.org/show_bug.cgi?id=157231
[3] https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/
---
 .../org.documentfoundation.libreoffice.yml    | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/metadata/org.documentfoundation.libreoffice.yml b/metadata/org.documentfoundation.libreoffice.yml
index e822b64120..7546c6959d 100644
--- a/metadata/org.documentfoundation.libreoffice.yml
+++ b/metadata/org.documentfoundation.libreoffice.yml
@@ -449,6 +449,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r22b
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.0.alpha0+/d6c54b3d4ee7/F-Droid-editing
     versionCode: 17
@@ -524,6 +527,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r22b
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
     versionCode: 18
@@ -600,6 +606,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
     versionCode: 19
@@ -676,6 +685,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
     versionCode: 20
@@ -752,6 +764,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
     versionCode: 21
@@ -828,6 +843,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
     versionCode: 22
@@ -904,6 +922,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
     versionCode: 23
@@ -980,6 +1001,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
     versionCode: 24
@@ -1056,6 +1080,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
     versionCode: 25
@@ -1132,6 +1159,9 @@ Builds:
       - rm -rf workdir instdir
       - make
     ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)
 
   - versionName: 7.6.2.1/56f768401134/F-Droid-editing
     versionCode: 26