| Summary: | x11-libs/goffice <0.3.7 Multiple issues in embedded PCRE | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | esigra, gnome-office+disabled, notify |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/27543/ | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 156984 | ||
| Bug Blocks: | |||
|
Description
Robert Buchholz (RETIRED)
2007-11-07 17:47:34 UTC
See bug 156984. Gnome-office, please advise. per bug #191555, gnumeric can't use newer versions of goffice (limited to <0.3) we could put newer releases of gnumeric but they are still considered development release. A 1.7.90 is out since yesterday so the stable release shouldn't be too far from now. @gnome-office, per the above paragraph, what's the best course of action ? I can take care of bumping gnumeric and goffice if needed. Ubuntu ships 1.7.11 in gutsy, so I'd say put a 1.7 version in the tree. ping. 00:23 < EvaSDK> dang: hey, just so you know, I haven't commited work on goffice
bug because the goffice/gnumeric bump doesn't work yet
00:24 < EvaSDK> latest tests tend to show that goffice-0.4.3 doesn't export all
required symbol to let gnumeric-1.7.12 (last release to work
with 0.4) compile
I've pushed the work on goffice slots into CVS. I hope I didn't break anything and will check tomorrow morning on a "clean" box . All apps besides gnumeric should already have relevant version checks thanks to RobbieAB (on #-desktop). If anyone can/want to do gnumeric just ping me, I couldn't make gnumeric-1.7.12 compile for me yet, and I'm not sure we want a dev release for goffice 0.5 and gnumeric-1.7.9* in tree just yet (and I'm pretty busy irl these days). hi security, ebuilds needed to close this bug are finally in the tree. you'll need to get goffice-0.4, goffice-0.6 and gnumeric-1.8 before when can ditch goffice-0.2 [23:11] <rbu> EvaSDK: do i understand right we need both goffice 0.4.3 and 0.6.1 to be stable? [23:11] <EvaSDK> rbu: afaik, not everything is compatible with goffice-0.6 [23:11] <EvaSDK> abiword-plugins and gnumeric compile against 0.6 [23:12] <EvaSDK> but it seems gnucash doesn't know about 0.6 yet Arches, please test and mark stable x11-libs/goffice-0.4.3, x11-libs/goffice-0.6.1 and app-office/gnumeric-1.8.0. Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" OK took care of goffice-1.4 but bumped into a configure error with -1.6 on both ppc64 and ppc.
checking for GNOME... yes
checking for GOFFICE... configure: error: Package requirements (
glib-2.0 >= 2.8.0
gobject-2.0 >= 2.6.3
gmodule-2.0 >= 2.6.3
libgsf-1 >= 1.13.3
libxml-2.0 >= 2.4.12
pango >= 1.8.1
pangocairo >= 1.8.1
libart-2.0 >= 2.3.11
cairo >= 1.2.0
cairo-svg >= 1.2.0
cairo-pdf >= 1.2.0
cairo-ps >= 1.2.0
gtk+-2.0 >= 2.6.0
libglade-2.0 >= 2.3.6
gconf-2.0
libgnomeui-2.0 >= 2.0.0
libgsf-gnome-1 >= 1.12.2
) were not met:
No package 'cairo-svg' found
How do you guys want to deal with this? I assume this is x11-libs/libsvg-cairo ?
Yeap, needs a built_with_use which I added. Stable for HPPA. x86 stable *** Bug 204018 has been marked as a duplicate of this bug. *** alpha/ia64/sparc stable ppc and ppc64 done amd64 done, apologies about the delay. glsa request filed This is how keywords look in tree now, gnumeric-1.6.3.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" gnumeric-1.8.0.ebuild:KEYWORDS="alpha amd64 ~hppa ia64 ppc ppc64 sparc x86" Did hppa miss it? ... GLSA 200801-19, sorry for the delay. |