I'm not exactly sure about this one, as the ebuild states freetype as a dependency, but according to the release notes¹ the OOo binary uses an internal freetype copy [1] http://development.openoffice.org/releases/2.2.1.html
Good question, the freetype dep on this predates even my involvement in the OOo-herd ;) Still: We deliver the faulty freetype with openoffice-bin: # equery f openoffice-bin | grep free /usr/lib/openoffice/program/filter/libfreetype.so.6 So we should definately stabilize openoffice-bin-2.2.1 asap. Not that you would have indicated that, but just for the record: the source based build is not vulnerable, we use the external freetype for that since ages.
amd64 and x86 please test and mark stable.
2.2.1 also fixes CVE-2007-0245
app-office/openoffice-bin-2.2.1 USE="gnome java kde" 1. emerges on x86 2. passes collision test 3. works Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.20.12 i686) ================================================================= System uname: 2.6.20.12 i686 AMD Athlon(TM) XP1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 12 Jun 2007 16:30:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.32 dev-lang/python: 2.3.5-r3, 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="3dnow 3dnowext X a52 aac acl alsa apache2 avahi berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss evo exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde kerberos ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg mudflap ncurses network nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
x86 stable, thanks Markus
amd64 done
OO.o 2.2.1 crashes here on simple actions such as ALT-H O (Options), or ALT-A N-D (new text document) Help can be opened by clicking in the icon, but the shortcuts or the mouse crashes it also. Mostly unusable, thanks that I preserved the previous version, as it takes ages to compile.
I was hitting this on package.mask: # Doug Goldstein <cardoe@gentoo.org> (15 Jun 2007) # Causes crashes for some people with mplayer and openoffice # bug #182127 bug #182058 # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243811 =x11-libs/cairo-1.4.8 in a race condition between the moment I upgraded cairo and started compiling openoffice and now that I just detected it has been masked. Sorry for the noise. gimp was crashing for me too, I just noticed yesterday
I've removed openoffice-bin-2.2.0 from the tree now, so for -bin we are ready for the GLSA
GLSA 200707-02, thanks everybody, sorry for the delay
*** Bug 184190 has been marked as a duplicate of this bug. ***
