From owner-freebsd-openoffice@FreeBSD.ORG  Wed Sep 15 02:37:06 2004
Return-Path: <owner-freebsd-openoffice@FreeBSD.ORG>
Delivered-To: freebsd-openoffice@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 36F5616A4CE; Wed, 15 Sep 2004 02:37:06 +0000 (GMT)
Received: from satie.private.org (YahooBB219196184005.bbtec.net
	[219.196.184.5])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9223D43D53; Wed, 15 Sep 2004 02:37:05 +0000 (GMT)
	(envelope-from chat95@mac.com)
Received: from localhost (localhost [127.0.0.1])
	by satie.private.org (8.12.10/8.12.10) with ESMTP id i8F2b237001737;
	Wed, 15 Sep 2004 11:37:02 +0900 (JST)
	(envelope-from chat95@mac.com)
Date: Wed, 15 Sep 2004 11:37:02 +0900 (JST)
Message-Id: <20040915.113702.607953676.chat95@mac.com>
To: nectar@FreeBSD.org
From: NAKATA Maho <chat95@mac.com>
In-Reply-To: <20040914232905.GD95323@madman.celabo.org>
References: <20040914022410.GA83483@madman.celabo.org>
	<20040915.064258.730550294.chat95@mac.com>
	<20040914232905.GD95323@madman.celabo.org>
Organization: private
X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: openoffice@FreeBSD.org
cc: portmgr@FreeBSD.org
Subject: Re: openoffice --- document disclosure
X-BeenThere: freebsd-openoffice@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting OpenOffice to FreeBSD <freebsd-openoffice.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-openoffice>,
	<mailto:freebsd-openoffice-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-openoffice>
List-Post: <mailto:freebsd-openoffice@freebsd.org>
List-Help: <mailto:freebsd-openoffice-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-openoffice>,
	<mailto:freebsd-openoffice-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2004 02:37:06 -0000

In Message-ID: <20040914232905.GD95323@madman.celabo.org> 
"Jacques A. Vidrine" <nectar@FreeBSD.org> wrote:

Dear nectar and portmgr:

Dear portmgr:
o I forgot to bump PORTREVISION
o I should change VuXML entry < 1.1.2_1 
Please approve!
thank you very much!
 
Dear nectar:

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v
retrieving revision 1.165
diff -u -r1.165 Makefile
--- Makefile    14 Sep 2004 22:20:51 -0000      1.165
+++ Makefile    15 Sep 2004 02:35:18 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=      openoffice
 PORTVERSION=   1.1.2
+PORTREVISION=  1
 CATEGORIES+=   editors
 MASTER_SITES+=  ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \
                ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \

cvs server: Diffing .
Index: vuln.xml
===================================================================
RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.218
diff -u -r1.218 vuln.xml
--- vuln.xml    14 Sep 2004 03:38:59 -0000      1.218
+++ vuln.xml    15 Sep 2004 02:36:34 -0000
@@ -176,7 +176,7 @@
        <name>tr-openoffice</name>
        <name>zh-openoffice-CN</name>
        <name>zh-openoffice-TW</name>
-       <range><ge>0</ge></range>
+       <range><ge>1.1.2_1</ge></range>
       </package>
     </affects>
     <description>
cvs server: Diffing files

is sufficient?

> Actually there are so many version in the ports tree that I'm not sure
> that they are all covered.  Assistance here would be appreciated.  If
> you are not going to correct OOo 1.0.3, that's fine... we just need to
> make sure that we do specify the *corrected* version numbers.  e.g., I
> guess now that you have committed a fix, you must bump PORTREVISION
> and the VuXML entry needs to be changed to `< 1.1.2_1' for the
> appropriate ports.

You covered almost all:

my commit at least fixed for
arabic/openoffice-1.1
chinese/openoffice-1.1-zh_CN
chinese/openoffice-1.1-zh_TW
editors/openoffice-1.1
editors/openoffice-1.1-ca
editors/openoffice-1.1-cs
editors/openoffice-1.1-dk
editors/openoffice-1.1-el
editors/openoffice-1.1-es
editors/openoffice-1.1-et
editors/openoffice-1.1-fi
editors/openoffice-1.1-it
editors/openoffice-1.1-nl
editors/openoffice-1.1-se
editors/openoffice-1.1-sk
editors/openoffice-1.1-sl_SI
editors/openoffice-1.1-tr
french/openoffice-1.1
german/openoffice-1.1
hungarian/openoffice-1.1
japanese/openoffice-1.1
korean/openoffice-1.1
polish/openoffice-1.1
portuguese/openoffice-1.1-pt_BR
portuguese/openoffice-1.1-pt_PT
russian/openoffice-1.1

and not fixed for 
openoffice-1.1-devel.
which has same vulnerability.
Nevertheless it will be fixed in very soon, and not very
influencing...

and also you cover:
chinese/openoffice-1.0-zh_CN
chinese/openoffice-1.0-zh_TW
editors/openoffice-1.0
editors/openoffice-1.0-ar
editors/openoffice-1.0-dk
editors/openoffice-1.0-es
editors/openoffice-1.0-gr
editors/openoffice-1.0-it
editors/openoffice-1.0-nl
editors/openoffice-1.0-se
editors/openoffice-1.0-tr
french/openoffice-1.0
german/openoffice-1.0
japanese/openoffice-1.0
korean/openoffice-1.0
polish/openoffice-1.0
portuguese/openoffice-1.0
russian/openoffice-1.0 

these port might have mozilla vulnerability and also
have problems.

> Hmm, OK.  Yesterday I entered VuXML information about several Mozilla
> vulnerabilities that affected many different version of Mozilla.  I
> also know of about 8 more that I've yet to document.  It will be
> difficult to determine which of these actually affect OpenOffice, so
> it may be best to fix them...
thanks a lot.

best reagards,
--nakata maho