goffice ships a copy of PCRE which is be vulnerable to several security issues as pointed out in bug #198198. PCRE 7.3 fixes the issues mentioned. goffice 0.2.1 (current stable) ships version 6.3 of PCRE. According to the ChangeLog goffice 0.3.7 requires uses the system PCRE. Gnome-office, please advise.
See bug 156984.
Gnome-office, please advise.
per bug #191555, gnumeric can't use newer versions of goffice (limited to <0.3) we could put newer releases of gnumeric but they are still considered development release. A 1.7.90 is out since yesterday so the stable release shouldn't be too far from now. @gnome-office, per the above paragraph, what's the best course of action ? I can take care of bumping gnumeric and goffice if needed.
Ubuntu ships 1.7.11 in gutsy, so I'd say put a 1.7 version in the tree.
ping.
00:23 < EvaSDK> dang: hey, just so you know, I haven't commited work on goffice bug because the goffice/gnumeric bump doesn't work yet 00:24 < EvaSDK> latest tests tend to show that goffice-0.4.3 doesn't export all required symbol to let gnumeric-1.7.12 (last release to work with 0.4) compile
I've pushed the work on goffice slots into CVS. I hope I didn't break anything and will check tomorrow morning on a "clean" box . All apps besides gnumeric should already have relevant version checks thanks to RobbieAB (on #-desktop). If anyone can/want to do gnumeric just ping me, I couldn't make gnumeric-1.7.12 compile for me yet, and I'm not sure we want a dev release for goffice 0.5 and gnumeric-1.7.9* in tree just yet (and I'm pretty busy irl these days).
hi security, ebuilds needed to close this bug are finally in the tree. you'll need to get goffice-0.4, goffice-0.6 and gnumeric-1.8 before when can ditch goffice-0.2
[23:11] <rbu> EvaSDK: do i understand right we need both goffice 0.4.3 and 0.6.1 to be stable? [23:11] <EvaSDK> rbu: afaik, not everything is compatible with goffice-0.6 [23:11] <EvaSDK> abiword-plugins and gnumeric compile against 0.6 [23:12] <EvaSDK> but it seems gnucash doesn't know about 0.6 yet Arches, please test and mark stable x11-libs/goffice-0.4.3, x11-libs/goffice-0.6.1 and app-office/gnumeric-1.8.0. Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
OK took care of goffice-1.4 but bumped into a configure error with -1.6 on both ppc64 and ppc. checking for GNOME... yes checking for GOFFICE... configure: error: Package requirements ( glib-2.0 >= 2.8.0 gobject-2.0 >= 2.6.3 gmodule-2.0 >= 2.6.3 libgsf-1 >= 1.13.3 libxml-2.0 >= 2.4.12 pango >= 1.8.1 pangocairo >= 1.8.1 libart-2.0 >= 2.3.11 cairo >= 1.2.0 cairo-svg >= 1.2.0 cairo-pdf >= 1.2.0 cairo-ps >= 1.2.0 gtk+-2.0 >= 2.6.0 libglade-2.0 >= 2.3.6 gconf-2.0 libgnomeui-2.0 >= 2.0.0 libgsf-gnome-1 >= 1.12.2 ) were not met: No package 'cairo-svg' found How do you guys want to deal with this? I assume this is x11-libs/libsvg-cairo ?
Yeap, needs a built_with_use which I added.
Stable for HPPA.
x86 stable
*** Bug 204018 has been marked as a duplicate of this bug. ***
alpha/ia64/sparc stable
ppc and ppc64 done
amd64 done, apologies about the delay.
glsa request filed
This is how keywords look in tree now, gnumeric-1.6.3.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" gnumeric-1.8.0.ebuild:KEYWORDS="alpha amd64 ~hppa ia64 ppc ppc64 sparc x86" Did hppa miss it?
...
GLSA 200801-19, sorry for the delay.
