Apache OpenOffice was released on 21 Sep 2019. @chithanh, please update this package. 1. Announcing Apache OpenOffice 4.1.7: https://blogs.apache.org/OOo/entry/announcing-apache-openoffice-4-13 2. Relase notes: https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.7+Release+Notes 3. Download page: https://www.openoffice.org/download/ Main improvements include: * Adds support for AdoptOpenJDK as well as Oracle Java * Possible crash in Freetype code * Crash in Writer when linking frames on OS/2 * Apache OpenOffice TM in Splash screen has different background I early tested to install a release candidate of AOO 4.1.7 "Apache_OpenOffice_4.1.7_Linux_x86-64_install-rpm_en-US.tar.gz" on Gentoo Linux with several Java VM being installed: 1. dev-java/oracle-jdk-bin-1.8.0.202 is recognized by AOO as "Oracle Corporation 1.8.0_202" at /opt/oracle-jdk-bin-1.8.0.202/jre/ 2. dev-java/icedtea-bin-3.13.0 is recognized by AOO as "AdoptOpenJDK 11.0.4" at /opt/openjdk-jre-bin-11.0.4_p11/ 3. dev-java/openjdk-jre-bin-11.0.4_p11 (without "gentoo-vm" USE flag) wasn't auto-detected, after manual addition is recognized by AOO as "OpenJDK 1.8.0_222" at /opt/icedtea-bin-3.13.0/jre/ At the first run of oowriter I recieved warning: "javaldx: invalid settings. User must select a JRE from options dialog!" that disappeared after Java VM selection. "Help" and "Bibliography Database" ran and seems to be work with all of installed Java VM implementations. Reproducible: Always
Fixed in Apache OpenOffice 4.1.7 CVE-2019-9853 [1]: Insufficient URL decoding flaw in categorizing macro location. [1] https://www.openoffice.org/security/cves/CVE-2019-9853.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=625ae773f5aca1a8a4ec3060712400bae0212f74 commit 625ae773f5aca1a8a4ec3060712400bae0212f74 Author: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> AuthorDate: 2019-10-18 11:55:16 +0000 Commit: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> CommitDate: 2019-10-18 11:55:16 +0000 app-office/openoffice-bin: bump to 4.1.7, address security vulnerability Bug: https://bugs.gentoo.org/show_bug.cgi?id=677248 Bug: https://bugs.gentoo.org/show_bug.cgi?id=695358 Signed-off-by: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.16 app-office/openoffice-bin/Manifest | 80 +++++++++ .../openoffice-bin/openoffice-bin-4.1.7.ebuild | 193 +++++++++++++++++++++ 2 files changed, 273 insertions(+)
stabilization will be handled in bug 677248.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e2dd43b77d92aefb0df825c6b500468cf7bdcec commit 2e2dd43b77d92aefb0df825c6b500468cf7bdcec Author: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> AuthorDate: 2019-10-24 05:53:22 +0000 Commit: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> CommitDate: 2019-10-24 05:53:22 +0000 app-office/openoffice-bin: remove vulnerable version Bug: https://bugs.gentoo.org/show_bug.cgi?id=677248 Bug: https://bugs.gentoo.org/show_bug.cgi?id=695358 Signed-off-by: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> app-office/openoffice-bin/Manifest | 80 --------- .../openoffice-bin/openoffice-bin-4.1.6.ebuild | 183 --------------------- 2 files changed, 263 deletions(-)
Arches and Maintainer(s), Thank you for your work.
