diff -Nru libreoffice-4.2.8/debian/changelog libreoffice-4.2.8/debian/changelog
--- libreoffice-4.2.8/debian/changelog	2015-04-23 18:17:58.000000000 +0000
+++ libreoffice-4.2.8/debian/changelog	2015-11-02 21:08:01.000000000 +0000
@@ -1,4 +1,28 @@
-libreoffice (1:4.2.8-0ubuntu2) trusty-security; urgency=medium
+libreoffice (1:4.2.8-0ubuntu3) trusty-security; urgency=medium
+
+  * Rebuild as security update
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 02 Nov 2015 15:07:30 -0600
+
+libreoffice (1:4.2.8-0ubuntu3~trusty3) trusty; urgency=medium
+
+  * add ww8 pstatus import fix
+
+ -- Bjoern Michaelsen <bjoern.michaelsen@canonical.com>  Fri, 18 Sep 2015 14:58:55 +0200
+
+libreoffice (1:4.2.8-0ubuntu3~trusty2) trusty; urgency=medium
+
+  * add fixes for ww8 wrapping and coverity#1266485
+
+ -- Bjoern Michaelsen <bjoern.michaelsen@canonical.com>  Mon, 13 Jul 2015 17:30:25 +0200
+
+libreoffice (1:4.2.8-0ubuntu3~trusty1) trusty; urgency=medium
+
+  * add fix for link updates
+
+ -- Bjoern Michaelsen <bjoern.michaelsen@canonical.com>  Thu, 25 Jun 2015 11:35:58 +0200
+
+libreoffice (1:4.2.8-0ubuntu2) trusty; urgency=medium
 
   * avoid null deref in EditEngine
   * add checks in hwpfilter
diff -Nru libreoffice-4.2.8/debian/patches/coverity-1266485.diff libreoffice-4.2.8/debian/patches/coverity-1266485.diff
--- libreoffice-4.2.8/debian/patches/coverity-1266485.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-4.2.8/debian/patches/coverity-1266485.diff	2015-09-18 12:59:35.000000000 +0000
@@ -0,0 +1,112 @@
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Mon, 26 Jan 2015 11:26:41 +0000
+Subject: [PATCH] coverity#1266485 Untrusted value as argument
+
+(cherry picked from commit 0934ed1a40c59c169354b177d7dab4228de66171)
+
+min legal size here is > 4
+
+(cherry picked from commit 3131205c05a3fde4ef1e3322cc48ca23c443f6d3)
+
+(cherry picked from commit 964000d415bcf491704dad57aee7e0656ea60dab)
+Reviewed-on: https://gerrit.libreoffice.org/16983
+Reviewed-by: David Tardon <dtardon@redhat.com>
+Tested-by: David Tardon <dtardon@redhat.com>
+
+Conflicts:
+	vcl/source/gdi/jobset.cxx
+
+9f68d000b32623db4d949d13284043630f5689f4
+
+Change-Id: I7708ecaf5412535055584ed6c71beaa9cd71c10c
+---
+ vcl/source/gdi/jobset.cxx | 35 ++++++++++++++++++++---------------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
+--- a/vcl/source/gdi/jobset.cxx
++++ b/vcl/source/gdi/jobset.cxx
+@@ -22,6 +22,7 @@
+ #include <tools/debug.hxx>
+ #include <tools/stream.hxx>
+ #include <vcl/jobset.hxx>
++#include <boost/scoped_array.hpp>
+ 
+ #include <jobset.h>
+ 
+@@ -235,21 +236,26 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup )
+     DBG_ASSERTWARNING( rIStream.GetVersion(), "JobSetup::>> - Solar-Version not set on rOStream" );
+ 
+     {
+-        sal_Size nFirstPos = rIStream.Tell();
+-
+         sal_uInt16 nLen = 0;
+         rIStream >> nLen;
+-        if ( !nLen )
++        if (nLen <= 4)
+             return rIStream;
+ 
+         sal_uInt16 nSystem = 0;
+         rIStream >> nSystem;
+-
+-        char* pTempBuf = new char[nLen];
+-        rIStream.Read( pTempBuf,  nLen - sizeof( nLen ) - sizeof( nSystem ) );
+-        if ( nLen >= sizeof(ImplOldJobSetupData)+4 )
++        const size_t nRead = nLen - sizeof(nLen) - sizeof(nSystem);
++        if (nRead > rIStream.remainingSize())
++        {
++            SAL_WARN("vcl", "Parsing error: " << rIStream.remainingSize() <<
++                     " max possible entries, but " << nRead << " claimed, truncating");
++            return rIStream;
++        }
++        sal_Size nFirstPos = rIStream.Tell();
++        boost::scoped_array<char> pTempBuf(new char[nRead]);
++        rIStream.Read(pTempBuf.get(),  nRead);
++        if (nRead >= sizeof(ImplOldJobSetupData))
+         {
+-            ImplOldJobSetupData* pData = (ImplOldJobSetupData*)pTempBuf;
++            ImplOldJobSetupData* pData = (ImplOldJobSetupData*)pTempBuf.get();
+             if ( rJobSetup.mpData )
+             {
+                 if ( rJobSetup.mpData->mnRefCount == 1 )
+@@ -271,8 +277,8 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup )
+             if ( nSystem == JOBSET_FILE364_SYSTEM ||
+                  nSystem == JOBSET_FILE605_SYSTEM )
+             {
+-                Impl364JobSetupData* pOldJobData    = (Impl364JobSetupData*)(pTempBuf + sizeof( ImplOldJobSetupData ));
+-                sal_uInt16 nOldJobDataSize              = SVBT16ToShort( pOldJobData->nSize );
++                Impl364JobSetupData* pOldJobData    = (Impl364JobSetupData*)(pTempBuf.get() + sizeof( ImplOldJobSetupData ));
++                sal_uInt16 nOldJobDataSize          = SVBT16ToShort( pOldJobData->nSize );
+                 pJobData->mnSystem                  = SVBT16ToShort( pOldJobData->nSystem );
+                 pJobData->mnDriverDataLen           = SVBT32ToUInt32( pOldJobData->nDriverDataLen );
+                 pJobData->meOrientation             = (Orientation)SVBT16ToShort( pOldJobData->nOrientation );
+@@ -289,8 +295,8 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup )
+                 }
+                 if( nSystem == JOBSET_FILE605_SYSTEM )
+                 {
+-                    rIStream.Seek( nFirstPos + sizeof( ImplOldJobSetupData ) + 4 + sizeof( Impl364JobSetupData ) + pJobData->mnDriverDataLen );
+-                    while( rIStream.Tell() < nFirstPos + nLen )
++                    rIStream.Seek( nFirstPos + sizeof( ImplOldJobSetupData ) + sizeof( Impl364JobSetupData ) + pJobData->mnDriverDataLen );
++                    while( rIStream.Tell() < nFirstPos + nRead )
+                     {
+                         OUString aKey = read_lenPrefixed_uInt8s_ToOUString<sal_uInt16>(rIStream, RTL_TEXTENCODING_UTF8);
+                         OUString aValue = read_lenPrefixed_uInt8s_ToOUString<sal_uInt16>(rIStream, RTL_TEXTENCODING_UTF8);
+@@ -308,13 +314,12 @@ SvStream& operator>>( SvStream& rIStream, JobSetup& rJobSetup )
+                         else
+                             pJobData->maValueMap[ aKey ] = aValue;
+                     }
+-                    DBG_ASSERT( rIStream.Tell() == nFirstPos+nLen, "corrupted job setup" );
++                    DBG_ASSERT( rIStream.Tell() == nFirstPos+nRead, "corrupted job setup" );
+                     // ensure correct stream position
+-                    rIStream.Seek( nFirstPos + nLen );
++                    rIStream.Seek(nFirstPos + nRead);
+                 }
+             }
+         }
+-        delete[] pTempBuf;
+     }
+ 
+     return rIStream;
+-- 
+1.9.1
+
diff -Nru libreoffice-4.2.8/debian/patches/LinkUpdateMode-is-a-global-setting.diff libreoffice-4.2.8/debian/patches/LinkUpdateMode-is-a-global-setting.diff
--- libreoffice-4.2.8/debian/patches/LinkUpdateMode-is-a-global-setting.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-4.2.8/debian/patches/LinkUpdateMode-is-a-global-setting.diff	2015-09-18 12:59:35.000000000 +0000
@@ -0,0 +1,255 @@
+From: Stephan Bergmann <sbergman@redhat.com>
+Date: Tue, 23 Jun 2015 08:26:36 +0200
+Subject: [PATCH] LinkUpdateMode is a global setting
+
+(cherry picked from commit 77cc71476bae2b3655102e2c29d36af40a393201)
+Conflicts:
+	sw/source/core/doc/DocumentLinksAdministrationManager.cxx
+	sw/source/filter/xml/xmlimp.cxx
+
+Reviewed-on: https://gerrit.libreoffice.org/16424
+Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
+Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
+
+Change-Id: Ida1257337c6e0916f2228fe053d9c9f085183af6
+---
+ include/unotools/securityoptions.hxx       |  2 +
+ sc/source/filter/xml/xmlimprt.cxx          | 10 +++-
+ sc/source/ui/docshell/docsh4.cxx           | 18 +++++--
+ sw/source/core/doc/docnew.cxx              | 10 ++++
+ sw/source/filter/xml/xmlimp.cxx            | 78 +++++++++++++++---------------
+ unotools/source/config/securityoptions.cxx |  9 ++++
+ 6 files changed, 84 insertions(+), 43 deletions(-)
+
+diff --git a/include/unotools/securityoptions.hxx b/include/unotools/securityoptions.hxx
+--- a/include/unotools/securityoptions.hxx
++++ b/include/unotools/securityoptions.hxx
+@@ -195,6 +195,8 @@ class UNOTOOLS_DLLPUBLIC SAL_WARN_UNUSED SvtSecurityOptions : public utl::detail
+          */
+         bool isUntrustedReferer(OUString const & referer) const;
+ 
++        bool isTrustedLocationUriForUpdatingLinks(OUString const & uri) const;
++
+         /**
+            Check whether the given uri is a trusted location.
+         */
+diff --git a/sc/source/filter/xml/xmlimprt.cxx b/sc/source/filter/xml/xmlimprt.cxx
+--- a/sc/source/filter/xml/xmlimprt.cxx
++++ b/sc/source/filter/xml/xmlimprt.cxx
+@@ -2619,6 +2619,9 @@ void ScXMLImport::SetConfigurationSettings(const uno::Sequence<beans::PropertyVa
+             OUString sCTName("TrackedChangesProtectionKey");
+             OUString sVBName("VBACompatibilityMode");
+             OUString sSCName("ScriptConfiguration");
++            css::uno::Sequence<css::beans::PropertyValue> aFilteredProps(
++                aConfigProps.getLength());
++            sal_Int32 nFilteredPropsLen = 0;
+             for (sal_Int32 i = nCount - 1; i >= 0; --i)
+             {
+                 if (aConfigProps[i].Name == sCTName)
+@@ -2653,11 +2656,16 @@ void ScXMLImport::SetConfigurationSettings(const uno::Sequence<beans::PropertyVa
+                             xImportInfo->setPropertyValue( aConfigProps[i].Name, aConfigProps[i].Value );
+                     }
+                 }
++                if (aConfigProps[i].Name != "LinkUpdateMode")
++                {
++                    aFilteredProps[nFilteredPropsLen++] = aConfigProps[i];
++                }
+             }
++            aFilteredProps.realloc(nFilteredPropsLen);
+             uno::Reference <uno::XInterface> xInterface = xMultiServiceFactory->createInstance("com.sun.star.comp.SpreadsheetSettings");
+             uno::Reference <beans::XPropertySet> xProperties(xInterface, uno::UNO_QUERY);
+             if (xProperties.is())
+-                SvXMLUnitConverter::convertPropertySet(xProperties, aConfigProps);
++                SvXMLUnitConverter::convertPropertySet(xProperties, aFilteredProps);
+         }
+     }
+ }
+diff --git a/sc/source/ui/docshell/docsh4.cxx b/sc/source/ui/docshell/docsh4.cxx
+--- a/sc/source/ui/docshell/docsh4.cxx
++++ b/sc/source/ui/docshell/docsh4.cxx
+@@ -48,6 +48,7 @@ using namespace ::com::sun::star;
+ #include <svl/PasswordHelper.hxx>
+ #include <svl/documentlockfile.hxx>
+ #include <svl/sharecontrolfile.hxx>
++#include <unotools/securityoptions.hxx>
+ 
+ #include <comphelper/processfactory.hxx>
+ #include "docuno.hxx"
+@@ -426,12 +427,23 @@ void ScDocShell::Execute( SfxRequest& rReq )
+ 
+                 if (nCanUpdate == com::sun::star::document::UpdateDocMode::NO_UPDATE)
+                     nSet = LM_NEVER;
+-                else if (nCanUpdate == com::sun::star::document::UpdateDocMode::QUIET_UPDATE &&
+-                    nSet == LM_ON_DEMAND)
+-                    nSet = LM_NEVER;
+                 else if (nCanUpdate == com::sun::star::document::UpdateDocMode::FULL_UPDATE)
+                     nSet = LM_ALWAYS;
+ 
++                if (nSet == LM_ALWAYS
++                    && !(SvtSecurityOptions()
++                         .isTrustedLocationUriForUpdatingLinks(
++                             GetMedium() == nullptr
++                             ? OUString() : GetMedium()->GetName())))
++                {
++                    nSet = LM_ON_DEMAND;
++                }
++                if (nCanUpdate == css::document::UpdateDocMode::QUIET_UPDATE
++                    && nSet == LM_ON_DEMAND)
++                {
++                    nSet = LM_NEVER;
++                }
++
+                 if(nSet==LM_ON_DEMAND)
+                 {
+                     QueryBox aBox( GetActiveDialogParent(), WinBits(WB_YES_NO | WB_DEF_YES),
+diff --git a/sw/source/core/doc/docnew.cxx b/sw/source/core/doc/docnew.cxx
+--- a/sw/source/core/doc/docnew.cxx
++++ b/sw/source/core/doc/docnew.cxx
+@@ -42,6 +42,7 @@
+ #include <svl/zforlist.hxx>
+ #include <unotools/compatibility.hxx>
+ #include <unotools/lingucfg.hxx>
++#include <unotools/securityoptions.hxx>
+ #include <svx/svdpage.hxx>
+ #include <paratr.hxx>
+ #include <fchrfmt.hxx>
+@@ -980,6 +981,15 @@ void SwDoc::UpdateLinks( bool bUI )
+                 case document::UpdateDocMode::QUIET_UPDATE:bAskUpdate = false; break;
+                 case document::UpdateDocMode::FULL_UPDATE: bAskUpdate = true; break;
+             }
++            if (nLinkMode == AUTOMATIC && !bAskUpdate)
++            {
++                SfxMedium * medium = GetDocShell()->GetMedium();
++                if (!SvtSecurityOptions().isTrustedLocationUriForUpdatingLinks(
++                        medium == nullptr ? OUString() : medium->GetName()))
++                {
++                    bAskUpdate = true;
++                }
++            }
+             if( bUpdate && (bUI || !bAskUpdate) )
+             {
+                 SfxMedium* pMedium = GetDocShell()->GetMedium();
+diff --git a/sw/source/filter/xml/xmlimp.cxx b/sw/source/filter/xml/xmlimp.cxx
+--- a/sw/source/filter/xml/xmlimp.cxx
++++ b/sw/source/filter/xml/xmlimp.cxx
+@@ -1095,45 +1095,45 @@ void SwXMLImport::SetConfigurationSettings(const Sequence < PropertyValue > & aC
+     if( !xInfo.is() )
+         return;
+ 
+-    boost::unordered_set< OUString, OUStringHash > aSet;
+-    aSet.insert(OUString("ForbiddenCharacters"));
+-    aSet.insert(OUString("IsKernAsianPunctuation"));
+-    aSet.insert(OUString("CharacterCompressionType"));
+-    aSet.insert(OUString("LinkUpdateMode"));
+-    aSet.insert(OUString("FieldAutoUpdate"));
+-    aSet.insert(OUString("ChartAutoUpdate"));
+-    aSet.insert(OUString("AddParaTableSpacing"));
+-    aSet.insert(OUString("AddParaTableSpacingAtStart"));
+-    aSet.insert(OUString("PrintAnnotationMode"));
+-    aSet.insert(OUString("PrintBlackFonts"));
+-    aSet.insert(OUString("PrintControls"));
+-    aSet.insert(OUString("PrintDrawings"));
+-    aSet.insert(OUString("PrintGraphics"));
+-    aSet.insert(OUString("PrintLeftPages"));
+-    aSet.insert(OUString("PrintPageBackground"));
+-    aSet.insert(OUString("PrintProspect"));
+-    aSet.insert(OUString("PrintReversed"));
+-    aSet.insert(OUString("PrintRightPages"));
+-    aSet.insert(OUString("PrintFaxName"));
+-    aSet.insert(OUString("PrintPaperFromSetup"));
+-    aSet.insert(OUString("PrintTables"));
+-    aSet.insert(OUString("PrintSingleJobs"));
+-    aSet.insert(OUString("UpdateFromTemplate"));
+-    aSet.insert(OUString("PrinterIndependentLayout"));
+-    aSet.insert(OUString("PrintEmptyPages"));
+-    aSet.insert(OUString("SmallCapsPercentage66"));
+-    aSet.insert(OUString("TabOverflow"));
+-    aSet.insert(OUString("UnbreakableNumberings"));
+-    aSet.insert(OUString("ClippedPictures"));
+-    aSet.insert(OUString("BackgroundParaOverDrawings"));
+-    aSet.insert(OUString("TabOverMargin"));
++    boost::unordered_set< OUString, OUStringHash > aExcludeAlways;
++    aExcludeAlways.insert("LinkUpdateMode");
++    boost::unordered_set< OUString, OUStringHash > aExcludeWhenNotLoadingUserSettings;
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("ForbiddenCharacters"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("IsKernAsianPunctuation"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("CharacterCompressionType"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("FieldAutoUpdate"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("ChartAutoUpdate"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("AddParaTableSpacing"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("AddParaTableSpacingAtStart"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintAnnotationMode"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintBlackFonts"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintControls"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintDrawings"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintGraphics"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintLeftPages"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintPageBackground"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintProspect"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintReversed"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintRightPages"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintFaxName"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintPaperFromSetup"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintTables"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintSingleJobs"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("UpdateFromTemplate"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrinterIndependentLayout"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("PrintEmptyPages"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("SmallCapsPercentage66"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("TabOverflow"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("UnbreakableNumberings"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("ClippedPictures"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("BackgroundParaOverDrawings"));
++    aExcludeWhenNotLoadingUserSettings.insert(OUString("TabOverMargin"));
+ 
+     sal_Int32 nCount = aConfigProps.getLength();
+     const PropertyValue* pValues = aConfigProps.getConstArray();
+ 
+     SvtSaveOptions aSaveOpt;
+-    sal_Bool bIsUserSetting = aSaveOpt.IsLoadUserSettings(),
+-         bSet = bIsUserSetting;
++    bool bIsUserSetting = aSaveOpt.IsLoadUserSettings();
+ 
+     // for some properties we don't want to use the application
+     // default if they're missing. So we watch for them in the loop
+@@ -1173,12 +1173,12 @@ void SwXMLImport::SetConfigurationSettings(const Sequence < PropertyValue > & aC
+ 
+     while( nCount-- )
+     {
+-        if( !bIsUserSetting )
++        bool bSet = aExcludeAlways.find(pValues->Name) == aExcludeAlways.end();
++        if( bSet && !bIsUserSetting
++            && (aExcludeWhenNotLoadingUserSettings.find(pValues->Name)
++                != aExcludeWhenNotLoadingUserSettings.end()) )
+         {
+-            // test over the hash value if the entry is in the table.
+-            OUString aStr(pValues->Name);
+-
+-            bSet = aSet.find(aStr) == aSet.end();
++            bSet = false;
+         }
+ 
+         if( bSet )
+diff --git a/unotools/source/config/securityoptions.cxx b/unotools/source/config/securityoptions.cxx
+--- a/unotools/source/config/securityoptions.cxx
++++ b/unotools/source/config/securityoptions.cxx
+@@ -1082,6 +1082,15 @@ bool SvtSecurityOptions::isTrustedLocationUri(OUString const & uri) const {
+     return false;
+ }
+ 
++bool SvtSecurityOptions::isTrustedLocationUriForUpdatingLinks(
++    OUString const & uri) const
++{
++    return GetMacroSecurityLevel() == 0 || uri.isEmpty()
++        || uri.startsWithIgnoreAsciiCase("private:")
++        || isTrustedLocationUri(uri);
++}
++
++
+ sal_Int32 SvtSecurityOptions::GetMacroSecurityLevel() const
+ {
+     MutexGuard aGuard( GetInitMutex() );
+-- 
+1.9.1
+
diff -Nru libreoffice-4.2.8/debian/patches/pstatus-vector.diff libreoffice-4.2.8/debian/patches/pstatus-vector.diff
--- libreoffice-4.2.8/debian/patches/pstatus-vector.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-4.2.8/debian/patches/pstatus-vector.diff	2015-09-18 12:59:35.000000000 +0000
@@ -0,0 +1,90 @@
+From 181f2ff940aed504064a11727d17e0c32b55639a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Thu, 13 Aug 2015 10:58:06 +0100
+Subject: [PATCH] convert pStatus to vector and use at to check offsets
+
+(cherry picked from commit ea70088895ed45dc60abf18319acc1b4fa3018dd)
+
+Change-Id: I5186f6a65bb9d5ed8a0d1ab1d71f7e2c13865411
+Reviewed-on: https://gerrit.libreoffice.org/17695
+Reviewed-by: David Tardon <dtardon@redhat.com>
+Tested-by: David Tardon <dtardon@redhat.com>
+DebianPatchName: pstatus-vector.diff
+---
+ sw/source/filter/ww8/ww8scan.cxx | 18 +++++++++---------
+ sw/source/filter/ww8/ww8scan.hxx |  4 ++--
+ 2 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
+index a2d17c2..9566f8b 100644
+--- a/sw/source/filter/ww8/ww8scan.cxx
++++ b/sw/source/filter/ww8/ww8scan.cxx
+@@ -3914,7 +3914,7 @@ void WW8ReadSTTBF(bool bVer8, SvStream& rStrm, sal_uInt32 nStart, sal_Int32 nLen
+ }
+ 
+ WW8PLCFx_Book::WW8PLCFx_Book(SvStream* pTblSt, const WW8Fib& rFib)
+-    : WW8PLCFx(rFib.GetFIBVersion(), false), pStatus(0), nIsEnd(0), nBookmarkId(1)
++    : WW8PLCFx(rFib.GetFIBVersion(), false), nIsEnd(0), nBookmarkId(1)
+ {
+     if( !rFib.fcPlcfbkf || !rFib.lcbPlcfbkf || !rFib.fcPlcfbkl ||
+         !rFib.lcbPlcfbkl || !rFib.fcSttbfbkmk || !rFib.lcbSttbfbkmk )
+@@ -3939,14 +3939,12 @@ WW8PLCFx_Book::WW8PLCFx_Book(SvStream* pTblSt, const WW8Fib& rFib)
+             nIMax = pBook[0]->GetIMax();
+         if( pBook[1]->GetIMax() < nIMax )
+             nIMax = pBook[1]->GetIMax();
+-        pStatus = new eBookStatus[ nIMax ];
+-        memset( pStatus, 0, nIMax * sizeof( eBookStatus ) );
++        aStatus.resize(nIMax);
+     }
+ }
+ 
+ WW8PLCFx_Book::~WW8PLCFx_Book()
+ {
+-    delete[] pStatus;
+     delete pBook[1];
+     delete pBook[0];
+ }
+@@ -4064,18 +4062,20 @@ long WW8PLCFx_Book::GetLen() const
+     return nNum;
+ }
+ 
+-void WW8PLCFx_Book::SetStatus(sal_uInt16 nIndex, eBookStatus eStat )
++void WW8PLCFx_Book::SetStatus(sal_uInt16 nIndex, eBookStatus eStat)
+ {
+-    OSL_ENSURE(nIndex < nIMax, "set status of non existing bookmark!");
+-    pStatus[nIndex] = (eBookStatus)( pStatus[nIndex] | eStat );
++    SAL_WARN_IF(nIndex >= nIMax, "sw.ww8",
++                "bookmark index " << nIndex << " invalid");
++    eBookStatus eStatus = aStatus.at(nIndex);
++    aStatus[nIndex] = static_cast<eBookStatus>(eStatus | eStat);
+ }
+ 
+ eBookStatus WW8PLCFx_Book::GetStatus() const
+ {
+-    if( !pStatus )
++    if (aStatus.empty())
+         return BOOK_NORMAL;
+     long nEndIdx = GetHandle();
+-    return ( nEndIdx < nIMax ) ? pStatus[nEndIdx] : BOOK_NORMAL;
++    return ( nEndIdx < nIMax ) ? aStatus[nEndIdx] : BOOK_NORMAL;
+ }
+ 
+ long WW8PLCFx_Book::GetHandle() const
+diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
+index e20af3e..54dd9a5 100644
+--- a/sw/source/filter/ww8/ww8scan.hxx
++++ b/sw/source/filter/ww8/ww8scan.hxx
+@@ -717,8 +717,8 @@ class WW8PLCFx_Book : public WW8PLCFx
+ {
+ private:
+     WW8PLCFspecial* pBook[2];           // Start and End Position
+-    ::std::vector<OUString> aBookNames;   // Name
+-    eBookStatus* pStatus;
++    std::vector<OUString> aBookNames;   // Name
++    std::vector<eBookStatus> aStatus;
+     long nIMax;                         // Number of Booknotes
+     sal_uInt16 nIsEnd;
+     sal_Int32 nBookmarkId; // counter incremented by GetUniqueBookmarkName.
+-- 
+1.9.1
+
diff -Nru libreoffice-4.2.8/debian/patches/series libreoffice-4.2.8/debian/patches/series
--- libreoffice-4.2.8/debian/patches/series	2015-04-08 13:27:19.000000000 +0000
+++ libreoffice-4.2.8/debian/patches/series	2015-09-18 12:59:35.000000000 +0000
@@ -36,3 +36,7 @@
 lp-1342175.diff
 lp-1372799.diff
 check-if-reads-were-successful.diff
+LinkUpdateMode-is-a-global-setting.diff
+ww8dontwrap.diff
+coverity-1266485.diff
+pstatus-vector.diff
diff -Nru libreoffice-4.2.8/debian/patches/ww8dontwrap.diff libreoffice-4.2.8/debian/patches/ww8dontwrap.diff
--- libreoffice-4.2.8/debian/patches/ww8dontwrap.diff	1970-01-01 00:00:00.000000000 +0000
+++ libreoffice-4.2.8/debian/patches/ww8dontwrap.diff	2015-09-18 12:59:35.000000000 +0000
@@ -0,0 +1,32 @@
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Mon, 13 Jul 2015 10:31:30 +0100
+Subject: [PATCH] ww8: make sure we don't wrap around
+
+(cherry picked from commit 755b9320c81948358a1d4104c8875594b5700d39)
+Reviewed-on: https://gerrit.libreoffice.org/16981
+Reviewed-by: David Tardon <dtardon@redhat.com>
+Tested-by: David Tardon <dtardon@redhat.com>
+
+Change-Id: I667bb264f92024b72f230c2ddbba3887471345f2
+---
+ sw/source/filter/ww8/ww8scan.cxx | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
+--- a/sw/source/filter/ww8/ww8scan.cxx
++++ b/sw/source/filter/ww8/ww8scan.cxx
+@@ -1519,7 +1519,11 @@ WW8PLCFpcd* WW8ScannerBase::OpenPieceTable( SvStream* pStr, const WW8Fib* pWwF )
+         if( 2 == clxt )                         // PLCFfpcd ?
+             break;                              // PLCFfpcd gefunden
+         if( 1 == clxt )                         // clxtGrpprl ?
++        {
++            if (nGrpprl == SHRT_MAX)
++                return NULL;
+             nGrpprl++;
++        }
+         sal_uInt16 nLen(0);
+         *pStr >> nLen;
+         nLeft -= 2 + nLen;
+-- 
+1.9.1
+