From owner-freebsd-openoffice@FreeBSD.ORG Mon Sep 13 04:59:41 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 617FF16A4CE for ; Mon, 13 Sep 2004 04:59:41 +0000 (GMT) Received: from satie.private.org (qclgw.qcl.t.u-tokyo.ac.jp [133.11.70.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2779743D31 for ; Mon, 13 Sep 2004 04:59:40 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8D4xZki004053 for ; Mon, 13 Sep 2004 13:59:35 +0900 (JST) (envelope-from chat95@mac.com) Date: Mon, 13 Sep 2004 13:59:34 +0900 (JST) Message-Id: <20040913.135934.719889393.chat95@mac.com> To: openoffice@FreeBSD.org From: NAKATA Maho In-Reply-To: <20040908.133546.730550768.chat95@mac.com> References: <20040908.133546.730550768.chat95@mac.com> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: /usr/ports/editors/openoffice-1.1 compiled successfully with 4.10-RELEASE + Xorg X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 04:59:41 -0000 /usr/ports/editors/openoffice-1.1 compiled successfully with 4.10-RELEASE + Xorg Subject tells all. --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Mon Sep 13 11:03:40 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52AF016A4CE for ; Mon, 13 Sep 2004 11:03:40 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 484BE43D2D for ; Mon, 13 Sep 2004 11:03:40 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8DB3eqc050284 for ; Mon, 13 Sep 2004 11:03:40 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8DB3d0Z050278 for openoffice@freebsd.org; Mon, 13 Sep 2004 11:03:39 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 Sep 2004 11:03:39 GMT Message-Id: <200409131103.i8DB3d0Z050278@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: openoffice@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 11:03:40 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2003/05/11] ports/52068 openoffice portupgrade of editors/openoffice .org-1. a [2003/05/12] ports/52087 openoffice error while building japanese/openoffice o [2004/01/23] ports/61760 openoffice OpenOffice-1.1 still stalls in install on o [2004/03/24] ports/64678 openoffice openoffice 1.1 upgrade fails due to JDK c o [2004/05/31] ports/67413 openoffice OpenOffice 1.1 PDF Export is BROKEN 5 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2004/04/03] ports/65115 openoffice incomplete distinfo o [2004/05/10] ports/66480 openoffice openoffice-1.1.1 port uses root's $HOME f 2 problems total. From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 02:24:31 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 589EB16A4CE for ; Tue, 14 Sep 2004 02:24:31 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D7C343D54 for ; Tue, 14 Sep 2004 02:24:31 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 9E4D75487E for ; Mon, 13 Sep 2004 21:24:30 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 45021-08 for ; Mon, 13 Sep 2004 21:24:20 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id 177A35485D for ; Mon, 13 Sep 2004 21:24:20 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id E72F86D466; Mon, 13 Sep 2004 21:24:10 -0500 (CDT) Date: Mon, 13 Sep 2004 21:24:10 -0500 From: "Jacques A. Vidrine" To: openoffice@FreeBSD.org Message-ID: <20040914022410.GA83483@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , openoffice@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 02:24:31 -0000 Hi Guys! This issue seems reasonably serious to me: http://vuxml.freebsd.org/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html Is it possible to have the OpenOffice ports patched before 5.3-RELEASE? Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 06:39:53 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D70216A4CE; Tue, 14 Sep 2004 06:39:53 +0000 (GMT) Received: from satie.private.org (qclgw.qcl.t.u-tokyo.ac.jp [133.11.70.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4B2543D1F; Tue, 14 Sep 2004 06:39:51 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8E6dkGT026840; Tue, 14 Sep 2004 15:39:48 +0900 (JST) (envelope-from chat95@mac.com) Date: Tue, 14 Sep 2004 15:39:46 +0900 (JST) Message-Id: <20040914.153946.607956605.chat95@mac.com> To: nectar@FreeBSD.org From: NAKATA Maho In-Reply-To: <20040914022410.GA83483@madman.celabo.org> References: <20040914022410.GA83483@madman.celabo.org> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: openoffice@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 06:39:53 -0000 In Message-ID: <20040914022410.GA83483@madman.celabo.org> "Jacques A. Vidrine" wrote: Hello nectar, > Is it possible to have the OpenOffice ports patched before 5.3-RELEASE? I'll handle this, please wait until tomorrow. Best regards, --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 21:43:02 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE2FE16A4CE; Tue, 14 Sep 2004 21:43:02 +0000 (GMT) Received: from satie.private.org (YahooBB219196184005.bbtec.net [219.196.184.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AEAC43D46; Tue, 14 Sep 2004 21:43:02 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8ELgw89007414; Wed, 15 Sep 2004 06:42:58 +0900 (JST) (envelope-from chat95@mac.com) Date: Wed, 15 Sep 2004 06:42:58 +0900 (JST) Message-Id: <20040915.064258.730550294.chat95@mac.com> To: nectar@FreeBSD.org, portmgr@FreeBSD.org From: NAKATA Maho In-Reply-To: <20040914022410.GA83483@madman.celabo.org> References: <20040914022410.GA83483@madman.celabo.org> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: openoffice@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 21:43:03 -0000 In Message-ID: <20040914022410.GA83483@madman.celabo.org> "Jacques A. Vidrine" wrote: Hello nectar, and portmgr portmger: I would like to fix this problem as soon as possible, I confirmed that this security vulenrablity was fixed with patch. please approve o adding /usr/ports/editors/openoffice-1.1/files/patch-security-tmp-dir change Makefile to: o fcvs diff -u Makefile Index: Makefile =================================================================== RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v retrieving revision 1.164 diff -u -r1.164 Makefile --- Makefile 31 Aug 2004 12:09:57 -0000 1.164 +++ Makefile 14 Sep 2004 21:42:23 -0000 @@ -36,6 +36,8 @@ USE_BISON= yes USE_GMAKE= yes USE_REINPLACE= yes +#mozilla 1.0 seems to have security vulnerability +WITHOUT_MOZILLA= yes .if !defined(WITHOUT_JAVA) USE_JAVA= 1.4+ ---------------------------------------------------------------------- > This issue seems reasonably serious to me: > http://vuxml.freebsd.org/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html okay. thank you very much for your report. One point. Affected packages 0 <= ar-openoffice 0 <= ca-openoffice 0 <= cs-openoffice 0 <= de-openoffice 0 <= dk-openoffice 0 <= el-openoffice 0 <= es-openoffice 0 <= et-openoffice 0 <= fi-openoffice 0 <= fr-openoffice 0 <= gr-openoffice 0 <= hu-openoffice 0 <= it-openoffice 0 <= ja-openoffice 0 <= ko-openoffice 0 <= nl-openoffice 0 <= openoffice 0 <= pl-openoffice 0 <= pt-openoffice 0 <= pt_BR-openoffice 0 <= ru-openoffice 0 <= se-openoffice 0 <= sk-openoffice 0 <= sl-openoffice-SI 0 <= tr-openoffice 0 <= zh-openoffice-CN 0 <= zh-openoffice-TW openoffice and not openoffice-1.1? I think they should be *-openoffice-1.1-*. Currently I don't want to maintain OOo 1.0.3 ports since they shoule be obsolated, also openoffice-1.0 might not build for 5.3-RELEASE since there is a change in make(1). > Is it possible to have the OpenOffice ports patched before 5.3-RELEASE? I will commit the patch (slightly changed, though) by mmeeks at the IZ: http://www.openoffice.org/issues/show_bug.cgi?id=33357 This patch was committed and confirmed that this risk is avoided. 1. Launch OpenOffice. 2. List /tmp contents. Locate the directory 'sv*.tmp' 3. Type in some contents in the document and save it. 4. List the contents of the directory /tmp/sv*.tmp/ 5. Do not close OpenOffice. 'su' to a different user. 6. Copy the file under /tmp/sv*.tmp/ to home directory. -> Now Permission denied. BTW: OOo uses mozilla 1.0 runtime, and it also has security vulnerability. portsaudit tells and some discussios somewhere at opneoffice@freebsd.org and freebsd-users-jp@jp.freebsd.org (in Japanese). I'll mark as WITHOUT_MOZILLA for a while so as to avoid this problem also. http://www.FreeBSD.org/ports/portaudit/730db824-e216-11d8-9b0a-000347a4fa7d.html http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html http://www.FreeBSD.org/ports/portaudit/abe47a5a-e23c-11d8-9b0a-000347a4fa7d.html Best regards, --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 22:05:04 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E38C216A4CE; Tue, 14 Sep 2004 22:05:03 +0000 (GMT) Received: from copernicus.clarkeadvertising.com (copernicus.clarkeadvertising.com [63.243.39.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F84C43D39; Tue, 14 Sep 2004 22:05:03 +0000 (GMT) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (creme-brulee.marcuscom [24.172.16.118] (may be forged))i8EM51CJ096206; Tue, 14 Sep 2004 18:05:01 -0400 (EDT) (envelope-from marcus@marcuscom.com) Received: from [10.2.1.2] (vpn-client-2.marcuscom.com [10.2.1.2]) i8EM3vRN090085; Tue, 14 Sep 2004 18:03:58 -0400 (EDT) (envelope-from marcus@marcuscom.com) Message-ID: <41476B0A.3060405@marcuscom.com> Date: Tue, 14 Sep 2004 18:04:58 -0400 From: Joe Marcus Clarke Organization: MarcusCom, Inc. User-Agent: Mozilla Thunderbird 0.7.3 (Macintosh/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: NAKATA Maho References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> In-Reply-To: <20040915.064258.730550294.chat95@mac.com> X-Enigmail-Version: 0.85.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on copernicus.clarkeadvertising.com cc: nectar@FreeBSD.org cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 22:05:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NAKATA Maho wrote: | In Message-ID: <20040914022410.GA83483@madman.celabo.org> | "Jacques A. Vidrine" wrote: | | Hello nectar, and portmgr | | portmger: I would like to fix this problem as soon as possible, | I confirmed that this security vulenrablity was fixed with patch. | please approve | o adding /usr/ports/editors/openoffice-1.1/files/patch-security-tmp-dir | change Makefile to: | o fcvs diff -u Makefile | Index: Makefile | =================================================================== | RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v | retrieving revision 1.164 | diff -u -r1.164 Makefile | --- Makefile 31 Aug 2004 12:09:57 -0000 1.164 | +++ Makefile 14 Sep 2004 21:42:23 -0000 | @@ -36,6 +36,8 @@ | USE_BISON= yes | USE_GMAKE= yes | USE_REINPLACE= yes | +#mozilla 1.0 seems to have security vulnerability | +WITHOUT_MOZILLA= yes | | .if !defined(WITHOUT_JAVA) | USE_JAVA= 1.4+ | | ---------------------------------------------------------------------- | |>This issue seems reasonably serious to me: |>http://vuxml.freebsd.org/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html | | okay. thank you very much for your report. | | One point. | Affected packages | 0 <= ar-openoffice | 0 <= ca-openoffice | 0 <= cs-openoffice | 0 <= de-openoffice | 0 <= dk-openoffice | 0 <= el-openoffice | 0 <= es-openoffice | 0 <= et-openoffice | 0 <= fi-openoffice | 0 <= fr-openoffice | 0 <= gr-openoffice | 0 <= hu-openoffice | 0 <= it-openoffice | 0 <= ja-openoffice | 0 <= ko-openoffice | 0 <= nl-openoffice | 0 <= openoffice | 0 <= pl-openoffice | 0 <= pt-openoffice | 0 <= pt_BR-openoffice | 0 <= ru-openoffice | 0 <= se-openoffice | 0 <= sk-openoffice | 0 <= sl-openoffice-SI | 0 <= tr-openoffice | 0 <= zh-openoffice-CN | 0 <= zh-openoffice-TW | | openoffice and not openoffice-1.1? | I think they should be *-openoffice-1.1-*. | Currently I don't want to maintain OOo 1.0.3 ports since | they shoule be obsolated, also openoffice-1.0 might not | build for 5.3-RELEASE since there is a change in make(1). | | |>Is it possible to have the OpenOffice ports patched before 5.3-RELEASE? | | | I will commit the patch (slightly changed, though) by mmeeks | at the IZ: http://www.openoffice.org/issues/show_bug.cgi?id=33357 | | This patch was committed and confirmed that this risk is avoided. | 1. Launch OpenOffice. | 2. List /tmp contents. Locate the directory 'sv*.tmp' | 3. Type in some contents in the document and save it. | 4. List the contents of the directory /tmp/sv*.tmp/ | 5. Do not close OpenOffice. 'su' to a different user. | 6. Copy the file under /tmp/sv*.tmp/ to home directory. | -> Now Permission denied. | | BTW: | OOo uses mozilla 1.0 runtime, and it also has security vulnerability. | portsaudit tells and some discussios somewhere at opneoffice@freebsd.org | and freebsd-users-jp@jp.freebsd.org (in Japanese). | I'll mark as WITHOUT_MOZILLA for a while so as to avoid this problem also. Approved. Joe | | http://www.FreeBSD.org/ports/portaudit/730db824-e216-11d8-9b0a-000347a4fa7d.html | http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html | http://www.FreeBSD.org/ports/portaudit/abe47a5a-e23c-11d8-9b0a-000347a4fa7d.html | | Best regards, | --nakata maho | | - -- PGP Key : http://www.marcuscom.com/pgp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBR2sKb2iPiv4Uz4cRAupIAJ4i8lsKj4gJzS/ufyDR9c+KaszC7QCgkW5J QLXCGH+66cHPfJ7mT6yJhkA= =wUXQ -----END PGP SIGNATURE----- From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 22:21:31 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E712E16A4CE; Tue, 14 Sep 2004 22:21:31 +0000 (GMT) Received: from satie.private.org (YahooBB219196184005.bbtec.net [219.196.184.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DD9C43D1F; Tue, 14 Sep 2004 22:21:31 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8EMLQ89007789; Wed, 15 Sep 2004 07:21:27 +0900 (JST) (envelope-from chat95@mac.com) Date: Wed, 15 Sep 2004 07:21:26 +0900 (JST) Message-Id: <20040915.072126.640898861.chat95@mac.com> To: marcus@marcuscom.com From: NAKATA Maho In-Reply-To: <41476B0A.3060405@marcuscom.com> References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> <41476B0A.3060405@marcuscom.com> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: nectar@FreeBSD.org cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 22:21:32 -0000 In Message-ID: <41476B0A.3060405@marcuscom.com> Joe Marcus Clarke wrote: > Approved. committed, thank you! --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Tue Sep 14 23:29:26 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1552816A4CE; Tue, 14 Sep 2004 23:29:26 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 800A343D39; Tue, 14 Sep 2004 23:29:25 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id E36EA54861; Tue, 14 Sep 2004 18:29:24 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 53398-10; Tue, 14 Sep 2004 18:29:13 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id B18F55485D; Tue, 14 Sep 2004 18:29:13 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 7B9166D466; Tue, 14 Sep 2004 18:29:05 -0500 (CDT) Date: Tue, 14 Sep 2004 18:29:05 -0500 From: "Jacques A. Vidrine" To: NAKATA Maho Message-ID: <20040914232905.GD95323@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , NAKATA Maho , portmgr@FreeBSD.org, openoffice@FreeBSD.org References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040915.064258.730550294.chat95@mac.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 23:29:26 -0000 On Wed, Sep 15, 2004 at 06:42:58AM +0900, NAKATA Maho wrote: > In Message-ID: <20040914022410.GA83483@madman.celabo.org> > "Jacques A. Vidrine" wrote: > > Hello nectar, and portmgr > > portmger: I would like to fix this problem as soon as possible, > I confirmed that this security vulenrablity was fixed with patch. > please approve > o adding /usr/ports/editors/openoffice-1.1/files/patch-security-tmp-dir > change Makefile to: > o fcvs diff -u Makefile > Index: Makefile > =================================================================== > RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v > retrieving revision 1.164 > diff -u -r1.164 Makefile > --- Makefile 31 Aug 2004 12:09:57 -0000 1.164 > +++ Makefile 14 Sep 2004 21:42:23 -0000 > @@ -36,6 +36,8 @@ > USE_BISON= yes > USE_GMAKE= yes > USE_REINPLACE= yes > +#mozilla 1.0 seems to have security vulnerability > +WITHOUT_MOZILLA= yes > > .if !defined(WITHOUT_JAVA) > USE_JAVA= 1.4+ > > ---------------------------------------------------------------------- > > This issue seems reasonably serious to me: > > http://vuxml.freebsd.org/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html > okay. thank you very much for your report. And thanks very much for handling! > > One point. > Affected packages > 0 <= ar-openoffice > 0 <= ca-openoffice > 0 <= cs-openoffice > 0 <= de-openoffice > 0 <= dk-openoffice > 0 <= el-openoffice > 0 <= es-openoffice > 0 <= et-openoffice > 0 <= fi-openoffice > 0 <= fr-openoffice > 0 <= gr-openoffice > 0 <= hu-openoffice > 0 <= it-openoffice > 0 <= ja-openoffice > 0 <= ko-openoffice > 0 <= nl-openoffice > 0 <= openoffice > 0 <= pl-openoffice > 0 <= pt-openoffice > 0 <= pt_BR-openoffice > 0 <= ru-openoffice > 0 <= se-openoffice > 0 <= sk-openoffice > 0 <= sl-openoffice-SI > 0 <= tr-openoffice > 0 <= zh-openoffice-CN > 0 <= zh-openoffice-TW > > openoffice and not openoffice-1.1? > I think they should be *-openoffice-1.1-*. > Currently I don't want to maintain OOo 1.0.3 ports since > they shoule be obsolated, also openoffice-1.0 might not > build for 5.3-RELEASE since there is a change in make(1). Actually there are so many version in the ports tree that I'm not sure that they are all covered. Assistance here would be appreciated. If you are not going to correct OOo 1.0.3, that's fine... we just need to make sure that we do specify the *corrected* version numbers. e.g., I guess now that you have committed a fix, you must bump PORTREVISION and the VuXML entry needs to be changed to `< 1.1.2_1' for the appropriate ports. Which packages are affected by your commit? Obviously `openoffice', but which language specific ones? All of them? > > Is it possible to have the OpenOffice ports patched before 5.3-RELEASE? > > I will commit the patch (slightly changed, though) by mmeeks > at the IZ: http://www.openoffice.org/issues/show_bug.cgi?id=33357 > > This patch was committed and confirmed that this risk is avoided. > 1. Launch OpenOffice. > 2. List /tmp contents. Locate the directory 'sv*.tmp' > 3. Type in some contents in the document and save it. > 4. List the contents of the directory /tmp/sv*.tmp/ > 5. Do not close OpenOffice. 'su' to a different user. > 6. Copy the file under /tmp/sv*.tmp/ to home directory. > -> Now Permission denied. > > BTW: > OOo uses mozilla 1.0 runtime, and it also has security vulnerability. > portsaudit tells and some discussios somewhere at opneoffice@freebsd.org > and freebsd-users-jp@jp.freebsd.org (in Japanese). > I'll mark as WITHOUT_MOZILLA for a while so as to avoid this problem also. Hmm, OK. Yesterday I entered VuXML information about several Mozilla vulnerabilities that affected many different version of Mozilla. I also know of about 8 more that I've yet to document. It will be difficult to determine which of these actually affect OpenOffice, so it may be best to fix them... Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 02:37:06 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36F5616A4CE; Wed, 15 Sep 2004 02:37:06 +0000 (GMT) Received: from satie.private.org (YahooBB219196184005.bbtec.net [219.196.184.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9223D43D53; Wed, 15 Sep 2004 02:37:05 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8F2b237001737; Wed, 15 Sep 2004 11:37:02 +0900 (JST) (envelope-from chat95@mac.com) Date: Wed, 15 Sep 2004 11:37:02 +0900 (JST) Message-Id: <20040915.113702.607953676.chat95@mac.com> To: nectar@FreeBSD.org From: NAKATA Maho In-Reply-To: <20040914232905.GD95323@madman.celabo.org> References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> <20040914232905.GD95323@madman.celabo.org> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 02:37:06 -0000 In Message-ID: <20040914232905.GD95323@madman.celabo.org> "Jacques A. Vidrine" wrote: Dear nectar and portmgr: Dear portmgr: o I forgot to bump PORTREVISION o I should change VuXML entry < 1.1.2_1 Please approve! thank you very much! Dear nectar: Index: Makefile =================================================================== RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v retrieving revision 1.165 diff -u -r1.165 Makefile --- Makefile 14 Sep 2004 22:20:51 -0000 1.165 +++ Makefile 15 Sep 2004 02:35:18 -0000 @@ -7,6 +7,7 @@ PORTNAME= openoffice PORTVERSION= 1.1.2 +PORTREVISION= 1 CATEGORIES+= editors MASTER_SITES+= ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \ ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \ cvs server: Diffing . Index: vuln.xml =================================================================== RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.218 diff -u -r1.218 vuln.xml --- vuln.xml 14 Sep 2004 03:38:59 -0000 1.218 +++ vuln.xml 15 Sep 2004 02:36:34 -0000 @@ -176,7 +176,7 @@ tr-openoffice zh-openoffice-CN zh-openoffice-TW - 0 + 1.1.2_1 cvs server: Diffing files is sufficient? > Actually there are so many version in the ports tree that I'm not sure > that they are all covered. Assistance here would be appreciated. If > you are not going to correct OOo 1.0.3, that's fine... we just need to > make sure that we do specify the *corrected* version numbers. e.g., I > guess now that you have committed a fix, you must bump PORTREVISION > and the VuXML entry needs to be changed to `< 1.1.2_1' for the > appropriate ports. You covered almost all: my commit at least fixed for arabic/openoffice-1.1 chinese/openoffice-1.1-zh_CN chinese/openoffice-1.1-zh_TW editors/openoffice-1.1 editors/openoffice-1.1-ca editors/openoffice-1.1-cs editors/openoffice-1.1-dk editors/openoffice-1.1-el editors/openoffice-1.1-es editors/openoffice-1.1-et editors/openoffice-1.1-fi editors/openoffice-1.1-it editors/openoffice-1.1-nl editors/openoffice-1.1-se editors/openoffice-1.1-sk editors/openoffice-1.1-sl_SI editors/openoffice-1.1-tr french/openoffice-1.1 german/openoffice-1.1 hungarian/openoffice-1.1 japanese/openoffice-1.1 korean/openoffice-1.1 polish/openoffice-1.1 portuguese/openoffice-1.1-pt_BR portuguese/openoffice-1.1-pt_PT russian/openoffice-1.1 and not fixed for openoffice-1.1-devel. which has same vulnerability. Nevertheless it will be fixed in very soon, and not very influencing... and also you cover: chinese/openoffice-1.0-zh_CN chinese/openoffice-1.0-zh_TW editors/openoffice-1.0 editors/openoffice-1.0-ar editors/openoffice-1.0-dk editors/openoffice-1.0-es editors/openoffice-1.0-gr editors/openoffice-1.0-it editors/openoffice-1.0-nl editors/openoffice-1.0-se editors/openoffice-1.0-tr french/openoffice-1.0 german/openoffice-1.0 japanese/openoffice-1.0 korean/openoffice-1.0 polish/openoffice-1.0 portuguese/openoffice-1.0 russian/openoffice-1.0 these port might have mozilla vulnerability and also have problems. > Hmm, OK. Yesterday I entered VuXML information about several Mozilla > vulnerabilities that affected many different version of Mozilla. I > also know of about 8 more that I've yet to document. It will be > difficult to determine which of these actually affect OpenOffice, so > it may be best to fix them... thanks a lot. best reagards, --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 02:46:20 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09BB416A4CE; Wed, 15 Sep 2004 02:46:20 +0000 (GMT) Received: from copernicus.clarkeadvertising.com (copernicus.clarkeadvertising.com [63.243.39.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65C7443D2F; Wed, 15 Sep 2004 02:46:19 +0000 (GMT) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (creme-brulee.marcuscom [24.172.16.118] (may be forged))i8F2kHHQ005251; Tue, 14 Sep 2004 22:46:17 -0400 (EDT) (envelope-from marcus@marcuscom.com) Received: from [192.168.1.4] (shumai.marcuscom.com [192.168.1.4]) i8F2jDEe091995; Tue, 14 Sep 2004 22:45:13 -0400 (EDT) (envelope-from marcus@marcuscom.com) From: Joe Marcus Clarke To: NAKATA Maho In-Reply-To: <20040915.113702.607953676.chat95@mac.com> References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> <20040914232905.GD95323@madman.celabo.org> <20040915.113702.607953676.chat95@mac.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-sES4JpbD27ZjRjjUZqG/" Organization: MarcusCom, Inc. Message-Id: <1095216369.87679.11.camel@shumai.marcuscom.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Tue, 14 Sep 2004 22:46:09 -0400 X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on copernicus.clarkeadvertising.com cc: nectar@FreeBSD.org cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 02:46:20 -0000 --=-sES4JpbD27ZjRjjUZqG/ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-09-14 at 22:37, NAKATA Maho wrote: > In Message-ID: <20040914232905.GD95323@madman.celabo.org>=20 > "Jacques A. Vidrine" wrote: >=20 > Dear nectar and portmgr: >=20 > Dear portmgr: > o I forgot to bump PORTREVISION > o I should change VuXML entry < 1.1.2_1=20 > Please approve! > thank you very much! PORTREVISION bump is approved. Joe >=20 --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-sES4JpbD27ZjRjjUZqG/ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBR6zxb2iPiv4Uz4cRApnbAJ0d3DLA+5toDZ+Gy+9Fweia+apGywCfdYpi bWWFbck4gEVbrNqqqFxDV40= =rA7c -----END PGP SIGNATURE----- --=-sES4JpbD27ZjRjjUZqG/-- From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 02:55:03 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D02316A4CE; Wed, 15 Sep 2004 02:55:03 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F48243D49; Wed, 15 Sep 2004 02:55:03 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id A643A54887; Tue, 14 Sep 2004 21:55:02 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 55245-06; Tue, 14 Sep 2004 21:54:51 -0500 (CDT) Received: from lum.celabo.org (dhcp-207.celabo.org [10.0.1.207]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id A76635487F; Tue, 14 Sep 2004 21:54:51 -0500 (CDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by lum.celabo.org (Postfix) with ESMTP id B62EA41E208; Tue, 14 Sep 2004 21:54:44 -0500 (CDT) Message-ID: <4147AEF4.8090700@FreeBSD.org> Date: Tue, 14 Sep 2004 21:54:44 -0500 From: Jacques Vidrine User-Agent: Mozilla Thunderbird 0.8 (Macintosh/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: NAKATA Maho References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> <20040914232905.GD95323@madman.celabo.org> <20040915.113702.607953676.chat95@mac.com> In-Reply-To: <20040915.113702.607953676.chat95@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 02:55:03 -0000 NAKATA Maho wrote: > In Message-ID: <20040914232905.GD95323@madman.celabo.org> > "Jacques A. Vidrine" wrote: > > Dear nectar and portmgr: > > Dear portmgr: > o I forgot to bump PORTREVISION > o I should change VuXML entry < 1.1.2_1 > Please approve! > thank you very much! > > Dear nectar: > > Index: Makefile > =================================================================== > RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v > retrieving revision 1.165 > diff -u -r1.165 Makefile > --- Makefile 14 Sep 2004 22:20:51 -0000 1.165 > +++ Makefile 15 Sep 2004 02:35:18 -0000 > @@ -7,6 +7,7 @@ > > PORTNAME= openoffice > PORTVERSION= 1.1.2 > +PORTREVISION= 1 > CATEGORIES+= editors > MASTER_SITES+= ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \ > ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \ > > cvs server: Diffing . > Index: vuln.xml > =================================================================== > RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v > retrieving revision 1.218 > diff -u -r1.218 vuln.xml > --- vuln.xml 14 Sep 2004 03:38:59 -0000 1.218 > +++ vuln.xml 15 Sep 2004 02:36:34 -0000 > @@ -176,7 +176,7 @@ > tr-openoffice > zh-openoffice-CN > zh-openoffice-TW > - 0 > + 1.1.2_1 > > > > cvs server: Diffing files > > is sufficient? Yes, I think that will be just fine. Normally, I would encourage you to make the VuXML commit yourself, but because of the ports freeze, I will handle it this time. > You covered almost all: > > my commit at least fixed for > arabic/openoffice-1.1 [...] > > and not fixed for > openoffice-1.1-devel. > which has same vulnerability. > Nevertheless it will be fixed in very soon, and not very > influencing... > > and also you cover: > chinese/openoffice-1.0-zh_CN [...] > these port might have mozilla vulnerability and also > have problems. OK. Thanks for your attention! -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 03:10:33 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D85D916A4CF; Wed, 15 Sep 2004 03:10:33 +0000 (GMT) Received: from mail.soaustin.net (mail.soaustin.net [207.200.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA81443D53; Wed, 15 Sep 2004 03:10:33 +0000 (GMT) (envelope-from linimon@lonesome.com) Received: by mail.soaustin.net (Postfix, from userid 502) id 69345148EA; Tue, 14 Sep 2004 22:10:33 -0500 (CDT) Date: Tue, 14 Sep 2004 22:10:33 -0500 (CDT) From: Mark Linimon X-X-Sender: linimon@pancho To: NAKATA Maho In-Reply-To: <20040915.113702.607953676.chat95@mac.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: nectar@FreeBSD.org cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 03:10:34 -0000 please go ahead. mcl From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 03:27:48 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1411516A4CE; Wed, 15 Sep 2004 03:27:48 +0000 (GMT) Received: from satie.private.org (YahooBB219196184005.bbtec.net [219.196.184.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7118743D58; Wed, 15 Sep 2004 03:27:47 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8F3Rg37001900; Wed, 15 Sep 2004 12:27:43 +0900 (JST) (envelope-from chat95@mac.com) Date: Wed, 15 Sep 2004 12:27:42 +0900 (JST) Message-Id: <20040915.122742.640901785.chat95@mac.com> To: marcus@marcuscom.com From: NAKATA Maho In-Reply-To: <1095216369.87679.11.camel@shumai.marcuscom.com> References: <20040914232905.GD95323@madman.celabo.org> <20040915.113702.607953676.chat95@mac.com> <1095216369.87679.11.camel@shumai.marcuscom.com> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: nectar@FreeBSD.org cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 03:27:48 -0000 In Message-ID: <1095216369.87679.11.camel@shumai.marcuscom.com> Joe Marcus Clarke wrote: > PORTREVISION bump is approved. thank you very much for your hard work, committed! --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Wed Sep 15 04:37:52 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 888CC16A4CE; Wed, 15 Sep 2004 04:37:52 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C0A943D6D; Wed, 15 Sep 2004 04:37:52 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id B09EB54888; Tue, 14 Sep 2004 23:37:51 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 56023-05; Tue, 14 Sep 2004 23:37:41 -0500 (CDT) Received: from lum.celabo.org (dhcp-207.celabo.org [10.0.1.207]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id D580154861; Tue, 14 Sep 2004 23:37:40 -0500 (CDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by lum.celabo.org (Postfix) with ESMTP id 47F8441E214; Tue, 14 Sep 2004 21:59:33 -0500 (CDT) Message-ID: <4147B015.7000408@FreeBSD.org> Date: Tue, 14 Sep 2004 21:59:33 -0500 From: Jacques Vidrine User-Agent: Mozilla Thunderbird 0.8 (Macintosh/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 References: <20040914022410.GA83483@madman.celabo.org> <20040915.064258.730550294.chat95@mac.com> <20040914232905.GD95323@madman.celabo.org> <20040915.113702.607953676.chat95@mac.com> <4147AEF4.8090700@FreeBSD.org> In-Reply-To: <4147AEF4.8090700@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: openoffice@FreeBSD.org cc: portmgr@FreeBSD.org Subject: Re: openoffice --- document disclosure X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 04:37:52 -0000 Jacques Vidrine wrote: > NAKATA Maho wrote: > >> In Message-ID: <20040914232905.GD95323@madman.celabo.org> "Jacques A. >> Vidrine" wrote: >> >> Dear nectar and portmgr: >> >> Dear portmgr: >> o I forgot to bump PORTREVISION >> o I should change VuXML entry < 1.1.2_1 Please approve! >> thank you very much! >> >> Dear nectar: >> >> Index: Makefile >> =================================================================== >> RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v >> retrieving revision 1.165 >> diff -u -r1.165 Makefile >> --- Makefile 14 Sep 2004 22:20:51 -0000 1.165 >> +++ Makefile 15 Sep 2004 02:35:18 -0000 >> @@ -7,6 +7,7 @@ >> >> PORTNAME= openoffice >> PORTVERSION= 1.1.2 >> +PORTREVISION= 1 >> CATEGORIES+= editors >> MASTER_SITES+= >> ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \ >> >> ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \ >> >> cvs server: Diffing . >> Index: vuln.xml >> =================================================================== >> RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v >> retrieving revision 1.218 >> diff -u -r1.218 vuln.xml >> --- vuln.xml 14 Sep 2004 03:38:59 -0000 1.218 >> +++ vuln.xml 15 Sep 2004 02:36:34 -0000 >> @@ -176,7 +176,7 @@ >> tr-openoffice >> zh-openoffice-CN >> zh-openoffice-TW >> - 0 >> + 1.1.2_1 >> >> >> >> cvs server: Diffing files >> >> is sufficient? > > > Yes, I think that will be just fine. My mistake, I did not read carefully enough. The correct thing I believe (and what I will commit) is 1.1.2_1 2.0 In other words, the affected versions are X < 1.1.2_1 or X >= 2.0. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-openoffice@FreeBSD.ORG Thu Sep 16 07:01:30 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F29516A4CE for ; Thu, 16 Sep 2004 07:01:30 +0000 (GMT) Received: from uranus.ubs.com (uranus.ubs.com [193.134.254.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2361043D4C for ; Thu, 16 Sep 2004 07:01:30 +0000 (GMT) (envelope-from georg.wagner@ubs.com) Received: from svpegasus2-outbound.flur.zuerich.ubs.ch (svpegasus2 [160.59.228.179]) by uranus.ubs.com (Postfix) with ESMTP id BB735302D; Thu, 16 Sep 2004 09:01:26 +0200 (MEST) Received: from svpegasus2.flur.zuerich.ubs.ch (localhost [127.0.0.1]) by svpegasus2-outbound.flur.zuerich.ubs.ch (Postfix) with ESMTP id 68650ACD; Thu, 16 Sep 2004 09:01:26 +0200 (MEST) Received: from ubs.com (w01b1ibf.flur.zuerich.ubs.ch [160.59.91.21]) by svpegasus2.flur.zuerich.ubs.ch (Postfix) with ESMTP id 3FE8F687; Thu, 16 Sep 2004 09:01:26 +0200 (MEST) Message-ID: <41493A46.7050104@ubs.com> Date: Thu, 16 Sep 2004 09:01:26 +0200 From: Georg Wagner User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.0 (NSEUPD V44 14.11.2003) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openoffice@FreeBSD.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: problems with arabic fonts with openoffice 1.1.2 and 1.1.3 on FreeBSD X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 07:01:30 -0000 I have tested OOo 1.1.2 and OOo 1.1.3 on FreeBSD 5.2.1 (XFree86 and Xorg) and 4.10/XFree86 . On both platforms there is a problem with arabic fonts. They are not rendered correctly. All letters of arabic texts are more or less written on a heap (above each other). I suppose that these error is platform dependant since I did not hear about any problems with linux recently. But I know that Mandrake Linux has had this problem too. On this platform it was related to the version of libfreetype. Is this error already known or even beeing actively investigated? Since this error seems to be platform related to whom should I send an error report? Regards Georg Wagner -- From owner-freebsd-openoffice@FreeBSD.ORG Thu Sep 16 16:52:55 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A30416A4CE for ; Thu, 16 Sep 2004 16:52:55 +0000 (GMT) Received: from ring.vpop.net (ring.vpop.net [207.178.248.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2166C43D31 for ; Thu, 16 Sep 2004 16:52:55 +0000 (GMT) (envelope-from mreimer@vpop.net) Received: from [70.56.77.194] (bilbo.vpop.net [70.56.77.194]) by ring.vpop.net (Postfix) with ESMTP id CFD1CAFA9A3; Thu, 16 Sep 2004 09:52:49 -0700 (PDT) From: Matthew Reimer Organization: VPOP Technologies, Inc. To: openoffice@freebsd.org Date: Thu, 16 Sep 2004 09:52:52 -0700 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409160952.52485.mreimer@vpop.net> cc: Georg Wagner Subject: Re: problems with arabic fonts with openoffice 1.1.2 and 1.1.3 on FreeBSD X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 16:52:55 -0000 Georg Wagner wrote: > I have tested OOo 1.1.2 and OOo 1.1.3 on FreeBSD 5.2.1 (XFree86 and > Xorg) and 4.10/XFree86 . > > On both platforms there is a problem with arabic fonts. They are not > rendered correctly. All letters of arabic texts are more or less > written on a heap (above each other). > > I suppose that these error is platform dependant since I did not hear > about any problems with linux recently. But I know that Mandrake Linux > has had this problem too. On this platform it was related to the version > of libfreetype. > > Is this error already known or even beeing actively investigated? Since > this error seems to be platform related to whom should I send an error > report? > > Regards > > Georg Wagner Does this describe your problem: http://www.openoffice.org/issues/show_bug.cgi?id=28567 Matt From owner-freebsd-openoffice@FreeBSD.ORG Fri Sep 17 03:38:11 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC9D316A4CE; Fri, 17 Sep 2004 03:38:11 +0000 (GMT) Received: from satie.private.org (qclgw.qcl.t.u-tokyo.ac.jp [133.11.70.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5D4543D53; Fri, 17 Sep 2004 03:38:10 +0000 (GMT) (envelope-from chat95@mac.com) Received: from localhost (localhost [127.0.0.1]) by satie.private.org (8.12.10/8.12.10) with ESMTP id i8H3c4jR002569; Fri, 17 Sep 2004 12:38:06 +0900 (JST) (envelope-from chat95@mac.com) Date: Fri, 17 Sep 2004 12:38:04 +0900 (JST) Message-Id: <20040917.123804.893775576.chat95@mac.com> To: nectar@FreeBSD.org, openoffice@FreeBSD.org From: NAKATA Maho In-Reply-To: <41499F06.80200@sun.com> References: <20040914.194619.276750997.chat95@mac.com> <41499F06.80200@sun.com> Organization: private X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [dev] security vulnerability of using mozilla runtime? X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 03:38:11 -0000 Dear nectar and all I recieved a message about mozilla runtime which OOo port inernally use= s. Some people and portsaudit show us there are security risks using mozilla 1.0.2, however, there not seem to be security vulnerabilities. I'll delete WITHOUT_MOZILLA=3Dyes as soon as possible. In Message-ID: <41499F06.80200@sun.com> = Frank Sch=F6nheit wrote: > hello Nakata, > = > > o using mozilla runtime which came with OOo distribution inherits t= his > > security vulnerability? > = > none of the mentioned security holes should affect OOo 1.x, since the= > respective code is not used in 1.x. > For 2.0, we offer SSL encryption for LDAP address data access, using > Mozilla's LDAP/SSL libraries, so the third vulnarability you mention > would indeed also affect OOo 2.0. I think we will change to the lates= t > available 1.7.x before OOo 2.0 is shipped. > = > Thanks & Ciao > Frank thanks! --nakata maho From owner-freebsd-openoffice@FreeBSD.ORG Fri Sep 17 19:23:06 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E91B516A4CE; Fri, 17 Sep 2004 19:23:06 +0000 (GMT) Received: from ctb-mesg6.saix.net (ctb-mesg6.saix.net [196.25.240.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71E9F43D1F; Fri, 17 Sep 2004 19:23:06 +0000 (GMT) (envelope-from elixr@corpdial.co.za) Received: from SCHMIDT (rrba-ip-nas-1-p05.telkom-ipnet.co.za [155.239.84.5]) by ctb-mesg6.saix.net (Postfix) with SMTP id 69496B5D6; Fri, 17 Sep 2004 21:22:56 +0200 (SAST) Message-ID: <056e01c49cf4$54dbf0f0$0554ef9b@SCHMIDT> From: "Schmidts" To: "Andy Fawcett" , References: <54410EF4-FCB3-11D8-B720-00039312D914@fillmore-labs.com><200409021053.08334.andy@athame.co.uk><20040902210032.13dbe3c9.lehmann@ans-netz.de> <200409022244.38931.andy@athame.co.uk> Date: Fri, 17 Sep 2004 21:12:28 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 cc: mka_fuhrmann@arcor.de cc: openoffice@freebsd.org cc: eikemeier@fillmore-labs.com Subject: Re:Please remove my email address from your mailing list X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 19:23:07 -0000 Hi Please would you remove my email address from your mailing list Thank you Bernadette ----- Original Message ----- From: "Andy Fawcett" To: Cc: ; ; ; Sent: Thursday, September 02, 2004 8:44 PM Subject: Re: FreeBSD 5.3 Beta2 - OO does not compile > On Thursday 02 September 2004 22:00, Oliver Lehmann wrote: > > Andy Fawcett wrote: > > > I have 5.3-BETA2, built without libc_r to ensure I don't get > > > threading library conflicts (NOLIBC_R defined). I've made sure that > > > the libc_r.* files are not present on the system. > > > > > > When building OOo-1.1, the first failure is in gcc32 in the > > > gcc-java stuff. It tries to link against libc_r, and I needed to > > > define WITHOUT_LIBJAVA=yes to avoid this. > > > > I've no problem with compiling openoffice @5.3-BETA2... my make.conf > > says.. > > > > [...] > > .elif ${_MY_PORTNAME} == "openoffice-1.1" > > WITHOUT_MOZILLA= yo > > WITHOUT_JAVA= yo > > #WITH_CCACHE= yo > > .elif ${_MY_PORTNAME} == "popt" > > [...] > > > > So maybe try defining WITHOUT_MOZILLA and WITHOUT_JAVA - but it > > should work w/o defining them- at least with java. And mozilla of > > course by overriding the vuln. warnings... > > Thanks, I'd pretty much got to this point myself, but it's good to hear > confirmation it works for someone else too. > > However, I do find it a bit strange that one of the premier applications > has not been made safe wrt threading libs, especially after the major > efforts made over the last year to get the ports tree into shape ready > for libc_r NOT being the default lib. > > Maybe there's time before the freeze tomorrow to change these flags to > be the CORRECT default values for 5.3-RELEASE? (similarly for gcc32, > which is required for building OOo). > > Cheers, > > A. > -- > Andy Fawcett | andy@athame.co.uk > | tap@kde.org > "In an open world without walls and fences, | tap@lspace.org > we wouldn't need Windows and Gates." -- anon | tap@fruitsalad.org > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" From owner-freebsd-openoffice@FreeBSD.ORG Sat Sep 18 16:13:41 2004 Return-Path: Delivered-To: freebsd-openoffice@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CB2316A4CE for ; Sat, 18 Sep 2004 16:13:41 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25E9D43D41 for ; Sat, 18 Sep 2004 16:13:41 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 9A40554887; Sat, 18 Sep 2004 11:13:40 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 97169-02; Sat, 18 Sep 2004 11:13:30 -0500 (CDT) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 0A2905485D; Sat, 18 Sep 2004 11:13:30 -0500 (CDT) Received: by lum.celabo.org (Postfix, from userid 1001) id 3D7C042B1E3; Sat, 18 Sep 2004 11:05:45 -0500 (CDT) Date: Sat, 18 Sep 2004 11:05:45 -0500 From: "Jacques A. Vidrine" To: NAKATA Maho Message-ID: <20040918160545.GB11428@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , NAKATA Maho , openoffice@FreeBSD.org References: <20040914.194619.276750997.chat95@mac.com> <41499F06.80200@sun.com> <20040917.123804.893775576.chat95@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040917.123804.893775576.chat95@mac.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: openoffice@FreeBSD.org Subject: Re: [dev] security vulnerability of using mozilla runtime? X-BeenThere: freebsd-openoffice@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting OpenOffice to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 16:13:41 -0000 On Fri, Sep 17, 2004 at 12:38:04PM +0900, NAKATA Maho wrote: > Dear nectar and all > > I recieved a message about mozilla runtime which OOo port inernally uses. > Some people and portsaudit show us there are security risks using > mozilla 1.0.2, however, there not seem to be security vulnerabilities. > I'll delete WITHOUT_MOZILLA=yes as soon as possible. Thanks for the update! Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org