* performance improvements: for example, a 23 percent improvement in certain Calc benchmarks
* further improvements to file format compatibility with Microsoft Office files
* new email integration features for users wanting to send emails in Microsoft file formats
* more control over how exported PDF documents will display when opened in a PDF reader
* support for more languages and improvements in hyphenation and thesaurus
* support for Intel architecture for Mac OS X plus improved Mac OS X System integration
* built-in check for updated versions
Youi left out the most important part from the release notes..
We also recommend OpenOffice.org 2.0.3 because it includes important security fixes. These have not been exploited but all users of any prior version of OpenOffice.org are urged to download 2.0.3. A standalone patch will be available soon.
Security Bulletin 2006-06-29
OpenOffice.org 2.0.3 fixes three security vulnerabilites that have been found through internal security audits. Although there are currently no known exploits, we urge all users of 2.0.x prior to 2.0.2 to upgrade to the new version or install their vendor's patches accordingly. Patches for users of OpenOffice.org 1.1.5 will be available shortly.
The three vulnerabilities involve:
* Java Applets, CVE-2006-2199
* Macro, CVE-2006-2198; and
* File Format, CVE-2006-3117
*** Bug 138546 has been marked as a duplicate of this bug. ***
*** Bug 138547 has been marked as a duplicate of this bug. ***
*** Bug 138567 has been marked as a duplicate of this bug. ***
openoffice please provide updated ebuilds.
And 2.0.3 is supposed to work out-of-the box as native amd64!
I want ;)
Just got back from GUADEC, so give me some time to get back on speed. Anyway, openoffice-bin should be done soon, source-built version could take a little longer, as ooo-build didn't provide a release until now (though there is one for RC7 which I could maybe use, didn't check until now).
New version of openoffice-bin and openoffice are in now, please test accordingly
Arches please test and mark stable.
This will also cause eselect-1.0.2 to go stable. Might want to verify with those folks that they are ready for it.
Stable on ppc.
(In reply to comment #12)
> This will also cause eselect-1.0.2 to go stable. Might want to verify with
> those folks that they are ready for it.
And also: eselect-oodict and all the myspell dictionaries, otherwise the users won't have the possibility to spell check anymore. Both should be straightforward though.
SPARC is ready to go stable once we hear from the eselect folks.
eselect and oodict don't work on AMD64, so openoffice-bin and a multilib install on AMD64 don't have spellcheck, and this prevents me from using openoffice-bin 2.0.3
(In reply to comment #17)
> eselect and oodict don't work on AMD64, so openoffice-bin and a multilib
> install on AMD64 don't have spellcheck, and this prevents me from using
> openoffice-bin 2.0.3
That has already been fixed yesterday, do an emerge sync and try again
Eselect team is fine with stabling 1.0.2. 1.0.3 is no option as it's still in
p.mask due to one unported module.
@x86, AMD-64-herd: At least openoffice-bin should be trivial to mark stable, so any hope in getting this done soonish?
Hmm, obviously both amd64 and x86-herds were never added, done this now. btw, as the title does not point this out: This security issues affects both openoffice and openoffice-bin
1) -bin emerges fine
2) QA: there are a lot of textrels...should I post the log?
3) tested some functions in writer, impress and calc (import of MS documents e.g.) -> works
Sorry no time to test the normal build...am leaving for the weekend soon.
(In reply to comment #23)
> 2) QA: there are a lot of textrels...should I post the log?
No, those are known. But as we use the upstream binary, there is nothing we can do about it anyway
(In reply to comment #8)
> And 2.0.3 is supposed to work out-of-the box as native amd64!
> I want ;)
regarding to this comment i didn't tried to build from source afaik it doesn't work. But for somehow it works please cc amd64 team or me so we can start testing it and keyword.
I tried building it on x86 (with USE="firefox"), but it failed because dev-libs/nspr-4.6.2 is needed (stable version is 4.6.1-r2). See bug #139453.
x86 here. After several hours compiling it works fine with this options:
[ebuild R ] app-office/openoffice-2.0.3 USE="eds gnome gtk pam xml -binfilter -cairo -debug -firefox -java -kde -ldap -mono -odk" LINGUAS="-af -ar -be_BY -bg -bn -bs -ca -cs -cy -da -de -el -en -en_GB -en_US -en_ZA -es -et -fa -fi -fr -gu_IN -he -hi_IN -hr -hu -it -ja -km -ko -lt -mk -nb -nl -nn -nr -ns -pa_IN -pl -pt -pt_BR -ru -rw -sh_YU -sk -sl -sr_CS -st -sv -sw_TZ -th -tn -tr -ts -vi -xh -zh_CN -zh_TW -zu" 0 kB
I have tested each module (write, presentation...)
x86 is done after many hours of compiling :(
I've removed the vulnerable versions now from the tree, so I think we should be fine for the GLSA
Reopening as this is really not fixed until this is issued
Updated in the 2006.1 snapshot, so I'm removing email@example.com
So what is keeping the GLSA from being issued?
Just returning from vacation, I'll look into it tomorrow.
Finally. Thanks everybody!