257561 – Openoffice 2.4.x ebuilds were deleted from portage to early.

Bug 257561 - Openoffice 2.4.x ebuilds were deleted from portage to early.

Summary: Openoffice 2.4.x ebuilds were deleted from portage to early.

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Office Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-02-04 06:56 UTC by Ulf Dambacher
Modified:	2009-05-26 18:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ulf Dambacher 2009-02-04 06:56:51 UTC

Openoffice 3.0 is not fit for distributed file usage and mixing of versions. 
The bugs which hits me:
1) it fails to resolve links (e.g. from deskop) when creating a lock file which can result in unlocked write access of more than one user to an oo-document.
2) ooo-2.4.x and ooo-3.x have different file locking strategies which are not compartible with each other, so you can't mix versions on the network.

A fix is on the way for 3.1 
(http://www.openoffice.org/issues/show_bug.cgi?id=96456). 
I  would be happy if you can re-install the latest 2.4 ebuilds until this version is out.

Reproducible: Always

Steps to Reproduce:
1. create a link to your favorite oo-file on the desktop
2. open this file by clicking this link
3. look where ooo creates the hidden lock file: on the desktop!
4. other users do the same and won't see your lock file.

5. Try to access a file with one user using ooo-3
6. try to access the same file with another user using ooo-2.4.x
7. both can read and write...
Actual Results:  
unpredictable file changes

Expected Results:  
an error message saying the file is accessible in read only mode

Comment 1 Serkan Kaba (RETIRED) gentoo-dev

2009-02-04 07:16:27 UTC

I think bakcporting the fix to 3.0.x is a better solution since OOO 2.4 has more security issues.

Comment 2 Ulf Dambacher 2009-02-04 07:57:02 UTC

About backporting: for gentoo-only installation this is ok, but can you tell the ubuntu people to include this backport  in their ooo-build?

Comment 3 Serkan Kaba (RETIRED) gentoo-dev

2009-02-04 09:02:59 UTC

(In reply to comment #2)
> About backporting: for gentoo-only installation this is ok, but can you tell
> the ubuntu people to include this backport  in their ooo-build?
> 

This is not a ubuntu issue tracker and yes I was meaning gentoo-only.

Comment 4 Premysl Paska 2009-02-10 12:32:33 UTC

(In reply to comment #1)
> I think bakcporting the fix to 3.0.x is a better solution since OOO 2.4 has
> more security issues.
> 

Back-porting one fix is maybe feasible, but OOo 3.0.0 had plenty of issues (and I'd guess many of them survived to 3.0.1). So I very much agree with the original bugreport.

I also don't understand the security policy you've applied. OOo is an office suite, which is mainly used locally with no threats from "outside".

And I think that by far the most common "security issue" with the current software is that something does not work properly (especially the things that used to work, i.e., regressions). ...if you consider "security issue" anything which can harm your doing/business/etc.

So why not to keep OOo 2.4.1 (or even 2.4.2) ebuild available at least with some testing or hard-masked keyword? Not everybody is keen on making overlays...

Now it is quite late to do anything about it, but please consider this point of view. Thank you.

(Note that this package is not the only affected by this unfortunate "policy". Also note that I've been careful not to use the term "security fascism";-)

Comment 5 Andreas Proschofsky (RETIRED) gentoo-dev

2009-05-26 18:03:51 UTC

Well I'm going to try to consider the points raised here for future versions. Anway: 3.1.0 has been released now, so closing this report...