Bugzilla Bug 198385

goffice ships a copy of PCRE which is be vulnerable to several security issues
as pointed out in bug #198198.

PCRE 7.3 fixes the issues mentioned. goffice 0.2.1  (current stable) ships
version 6.3 of PCRE. 

According to the ChangeLog goffice 0.3.7 requires uses the system PCRE.

Gnome-office, please advise.

See bug 156984.

Gnome-office, please advise.

per bug #191555, gnumeric can't use newer versions of goffice (limited to <0.3)
we could put newer releases of gnumeric but they are still considered
development release. A 1.7.90 is out since yesterday so the stable release
shouldn't be too far from now.

@gnome-office, per the above paragraph, what's the best course of action ? I
can take care of bumping gnumeric and goffice if needed.

Ubuntu ships 1.7.11 in gutsy, so I'd say put a 1.7 version in the tree.

ping.

00:23 < EvaSDK> dang: hey, just so you know, I haven't commited work on goffice 
                bug because the goffice/gnumeric bump doesn't work yet
00:24 < EvaSDK> latest tests tend to show that goffice-0.4.3 doesn't export all 
                required symbol to let gnumeric-1.7.12 (last release to work 
                with 0.4) compile

I've pushed the work on goffice slots into CVS. I hope I didn't break anything
and will check tomorrow morning on a "clean" box .

All apps besides gnumeric should already have relevant version checks thanks to
RobbieAB (on #-desktop). If anyone can/want to do gnumeric just ping me, I
couldn't make gnumeric-1.7.12 compile for me yet, and I'm not sure we want a
dev release for goffice 0.5 and gnumeric-1.7.9* in tree just yet (and I'm
pretty busy irl these days).

hi security, ebuilds needed to close this bug are finally in the tree.

you'll need to get goffice-0.4, goffice-0.6 and gnumeric-1.8 before when can
ditch goffice-0.2

[23:11] <rbu> EvaSDK: do i understand right we need both goffice 0.4.3 and
0.6.1 to be stable?
[23:11] <EvaSDK> rbu: afaik, not everything is compatible with goffice-0.6
[23:11] <EvaSDK> abiword-plugins and gnumeric compile against 0.6
[23:12] <EvaSDK> but it seems gnucash doesn't know about 0.6 yet

Arches, please test and mark stable x11-libs/goffice-0.4.3,
x11-libs/goffice-0.6.1 and app-office/gnumeric-1.8.0.
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

OK took care of goffice-1.4  but bumped into a configure error with -1.6 on
both ppc64 and ppc.  

checking for GNOME... yes
checking for GOFFICE... configure: error: Package requirements (
        glib-2.0                >= 2.8.0
        gobject-2.0             >= 2.6.3
        gmodule-2.0             >= 2.6.3
        libgsf-1                >= 1.13.3
        libxml-2.0              >= 2.4.12
        pango                   >= 1.8.1
        pangocairo              >= 1.8.1
        libart-2.0              >= 2.3.11
        cairo                   >= 1.2.0
        cairo-svg               >= 1.2.0
        cairo-pdf               >= 1.2.0
        cairo-ps                >= 1.2.0

        gtk+-2.0                >= 2.6.0
        libglade-2.0            >= 2.3.6

        gconf-2.0
        libgnomeui-2.0          >= 2.0.0
        libgsf-gnome-1          >= 1.12.2
) were not met:

No package 'cairo-svg' found

How do you guys want to deal with this?  I assume this is x11-libs/libsvg-cairo
?  

Yeap, needs a built_with_use which I added.

Stable for HPPA.

x86 stable

*** Bug 204018 has been marked as a duplicate of this bug. ***

alpha/ia64/sparc stable

ppc and ppc64 done

amd64 done, apologies about the delay.

glsa request filed

This is how keywords look in tree now,

gnumeric-1.6.3.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
gnumeric-1.8.0.ebuild:KEYWORDS="alpha amd64 ~hppa ia64 ppc ppc64 sparc x86"

Did hppa miss it?

...

GLSA 200801-19, sorry for the delay.