RE: Vulnerability fixed in LibreOffice - Impact on Users

Until the analysis of the situation is available at < http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713> there is not much useful information. My limited understanding is that the bug is in the import of Microsoft Word .doc documents into LibreOffice. Unless this bug was introduced b

Re: Vulnerability fixed in LibreOffice

Hi Am 05.10.11 19:14, schrieb FR web forum: Good morning, TDF has published a fix for LibO: http://wp.me/p1byPE-bQ Do you know if OOo is impacted too? As discribed on my homepage (http://www.raphaelbircher.ch/computer_tagebuch.php), I will try to make a patch for the OOo 3.3 for Mac OS X. A

Re: Editorial Calendar for the project Blog

Thanks Dave and Gavin. There was a comment in the moderation queue which I've now approved. It's for the Linux Buildfest. Marcus Am 10/06/2011 09:01 PM, schrieb Dave Fisher: Hi, Gavin has created accounts for Jürgen and Marcus and set you both for Author permission. I have upgraded Mar

Re: [CODE] Linux build break: GPERF unset (rev. 1179044)

--- On Thu, 10/6/11, Pedro Giffuni wrote: ... > > > >    if ($platform =~ > > m/solaris|darwin|freebsd|linux/) > > > > but I guess this will break on other platforms too. > > I don't get why it was moved inside the if. > > > > I was only consistent with the comment. I committed a > workaround

RE: Vulnerability fixed in LibreOffice

I don't want to go deep into this. I do want to point out that observers can't tell when they are seeing a newcomer-to-Apache-PPMC insisting on what the Apache Way is, versus what the Apache Way is. This is a podling. Of the 55-or-so established PPMC members, around 5 were already Apache comm

Re: [CODE] Linux build break: GPERF unset (rev. 1179044)

--- On Thu, 10/6/11, Ariel Constenla-Haile wrote: ... > > GPERF is not exported due to changes in > http://svn.apache.org/viewvc/incubator/ooo/trunk/main/set_soenv.in?r1=1174172&r2=1179044&pathrev=1179044&diff_format=h > That would be me indeed :(. Do you guys have pointyhats for people that bre

Re: Editorial Calendar for the project Blog

Hi, Gavin has created accounts for Jürgen and Marcus and set you both for Author permission. I have upgraded Marcus to Admin role. Since Andy Brown has left for now, I put him at Limited role, if he returns then we can restore Admin if he would like. Current Admins are Marcus and Dave. Curre

[CODE] Linux build break: GPERF unset (rev. 1179044)

Hi there, build breaks on Linux in writerfilter/source/ooxml: LD_LIBRARY_PATH=/mnt/build/openoffice/apache/trunk/main/solver/340/unxlngx6.pro/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} /mnt/build/openoffice/apache/trunk/main/solver/340/unxlngx6.pro/bin/xsltproc gperffasttokenhandler.xsl ../../u

Re: Vulnerability fixed in LibreOffice

On Oct 6, 2011, at 9:26 AM, Ross Gardler wrote: > On 6 October 2011 17:16, Rory O'Farrell wrote: >> On Thu, 6 Oct 2011 17:06:36 +0100 >> Ross Gardler wrote: >> >>> On 6 October 2011 16:53, Rory O'Farrell wrote: >>> Responsible Apache people need to rethink their insistence on their

Re: Vulnerability fixed in LibreOffice

Hi, Ross Gardler wrote on 2011-10-06 18:26: I understand where you are coming from. There is a misunderstanding about The Apache Way. There are very few things that are fixed in stone. However, newcomers often rely on written descriptions of common practice and assume that such a description is

Re: Vulnerability fixed in LibreOffice

On 6 October 2011 17:16, Rory O'Farrell wrote: > On Thu, 6 Oct 2011 17:06:36 +0100 > Ross Gardler wrote: > >> On 6 October 2011 16:53, Rory O'Farrell wrote: >> >> > Responsible Apache people need to rethink >> > their insistence on their method to the exclusion of all other >> > methods. >> >> P

Re: Vulnerability fixed in LibreOffice

On Thu, 6 Oct 2011 17:06:36 +0100 Ross Gardler wrote: > On 6 October 2011 16:53, Rory O'Farrell wrote: > > > Responsible Apache people need to rethink > > their insistence on their method to the exclusion of all other > > methods. > > Please read the comments in this thread by an OOo mentor, S

Re: Vulnerability fixed in LibreOffice

On 6 October 2011 16:53, Rory O'Farrell wrote: > Responsible Apache people need to rethink > their insistence on their method to the exclusion of all other > methods. Please read the comments in this thread by an OOo mentor, Shane Curcuru. Please also see the advice and guidance of Dirk, a long

Re: Vulnerability fixed in LibreOffice

Dave Fisher wrote: > > I may remind you that, at the point > > of responsible disclosure to securityteam@ooo, the > > ooo-security@apache list was still in the process of being > > setup/populated, and there was an ongoing policy discussion here. > > When that discussion was settled it seems someo

Re: Vulnerability fixed in LibreOffice

On Thu, 06 Oct 2011 17:43:57 +0200 Florian Effenberger wrote: > No, I was personally told that I should not be involved on that > list, because of ICLA-PPMC-whatever-abbreviation things and > that at Apache things are different. So, don't blame me. My > proposal was to use the existing mailing lis

Re: Vulnerability fixed in LibreOffice

On Thu, Oct 6, 2011 at 5:25 PM, Dave Fisher wrote: > Hi - > > I blame Oracle, it is nearly 4 months and NO domain transfer. > it doesn't help anybody ;-) > > On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote: > > > Jim Jagielski wrote: > >> I agree it needs to be addressed. What is ironic is

Re: Vulnerability fixed in LibreOffice

Hi, Dave Fisher wrote on 2011-10-06 17:25: When that discussion was settled it seems someone on the TDF side should have taken some initiative to inform AOOo at our list. To not have that happen was not in any spirit of cooperation. as Thorsten said, AOOo was informed. There was one AOOo re

Re: Vulnerability fixed in LibreOffice

--- On Thu, 10/6/11, Dave Fisher wrote: > Hi - > > I blame Oracle, it is nearly 4 months and NO domain > transfer. > According to an email in this list by Andrew Rist on Fri, 9/9/11: "openoffice.org domains transferred to ASF" Cheers, Pedro.

Re: Vulnerability fixed in LibreOffice

On 6 Oct 2011, at 16:07, Shane Curcuru wrote: > I think we've completely lost sight of "B", a place where Apache OpenOffice > PPMC members and trusted others of related projects can work together. Given > the interrelationships of code between OpenOffice and LibreOffice and others, > I would

Re: Boost regex

--- On Wed, 10/5/11, Pedro Giffuni wrote: ... > > Now that we are using ICU regex I think we can get rid > of the Boost experimental Regex and it's README. > > I'll remove both tomorrow unless someone beats me to it. > Actually, there's no hurry, I think I'll just wait for the initial SGA work

Re: Vulnerability fixed in LibreOffice

Hi - I blame Oracle, it is nearly 4 months and NO domain transfer. On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote: > Jim Jagielski wrote: >> I agree it needs to be addressed. What is ironic is that this >> discussion did NOT result in a breakdown of B at all, but >> rather a breakdown in an

Re: Vulnerability fixed in LibreOffice

On Thu, Oct 6, 2011 at 5:07 PM, Shane Curcuru wrote: > Wow, has this thread not gone anywhere, nor been as polite as I'd hope. > > > > Fundamentally, the ASF has delegated responsibility for all future Apache > OpenOffice releases to the Apache OpenOffice PPMC. I believe and support > them

Re: Solve SVG visualization without cairo and librsvg

Hello Armin; --- On Thu, 10/6/11, Armin Le Grand wrote: >     Hi Pedro, > > On 06.10.2011 06:30, Pedro Giffuni wrote: > >   Hi; > > > > Perhaps someone can explain what the agg_module does? > It's rather interesting, > > and apparently it has some relationship with SVG: > > http://www.antigrain

Re: [patch] Fix for #i118484#

On Thu, Oct 6, 2011 at 3:11 PM, Armin Le Grand wrote: >Hi *, > > I submitted and fixed task #118484# and added a patch to that task (see > https://issues.apache.org/ooo/**show_bug.cgi?id=118484). > Please may someone review and apply it

Re: Vulnerability fixed in LibreOffice

Jim Jagielski wrote: > I agree it needs to be addressed. What is ironic is that this > discussion did NOT result in a breakdown of B at all, but > rather a breakdown in another entity also not having a policy > in place in sharing info with other community members. > Hi Jim, since this is ambiguou

Re: Vulnerability fixed in LibreOffice

Wow, has this thread not gone anywhere, nor been as polite as I'd hope. Fundamentally, the ASF has delegated responsibility for all future Apache OpenOffice releases to the Apache OpenOffice PPMC. I believe and support them having a private security@ list that only PPMC members are allo

Re: Vulnerability fixed in LibreOffice

Hi, Dirk-Willem van Gulik wrote on 2011-10-06 15:00: Reading the exchanges - I think language was getting in the way of things. no. It was very clearly stated the existing security group would not be used anymore, since less contacts were preferred. It was rather clear, and once again disapp

Re: Vulnerability fixed in LibreOffice

Hi, Jürgen Schmidt wrote on 2011-10-06 14:40: My idea is to simply use the existing securityt...@openoffice.orglist for collaborative work on this topic. LibreOffice has also a separate security list, right. So i don't see your point here. I proposed that, Rob Weir refused to continue with

Re: Vulnerability fixed in LibreOffice

On Oct 6, 2011, at 9:27 AM, Simon Phipps wrote: > On Thu, Oct 6, 2011 at 2:00 PM, Dirk-Willem van Gulik > wrote: > >> >> >> Reading the exchanges - I think language was getting in the way of things. >> > > I really don't think so. I think two issues have been conflated: > A: How AOOo manages

Re: Vulnerability fixed in LibreOffice

On Thu, Oct 6, 2011 at 2:00 PM, Dirk-Willem van Gulik wrote: > > > Reading the exchanges - I think language was getting in the way of things. > I really don't think so. I think two issues have been conflated: A: How AOOo manages its own security process. B: How AOOo collaborates on security issue

[patch] Fix for #i118484#

Hi *, I submitted and fixed task #118484# and added a patch to that task (see https://issues.apache.org/ooo/show_bug.cgi?id=118484). Please may someone review and apply it. Thanks in advance, Armin -- ALG

Re: Vulnerability fixed in LibreOffice

On 6 Oct 2011, at 13:22, Florian Effenberger wrote: > Dirk-Willem van Gulik wrote on 2011-10-06 14:14: >> Furthermore - there is nothing stopping you from having a knownsecurity@ >> group more focused on security - and having this as your first (more public) >> port of call. > > for years, ther

Re: Solve SVG visualization without cairo and librsvg

Armin Le Grand wrote: > Not with SVG, but with canvas as it looks. It's used in > canvas/source/tools for canvastools, see ENABLE_AGG and SYSTEM_AGG > vars. I cannot tell if this is actively used, there are (dependent > on ENABLE_AGG) two files in canvas/source/tools (bitmap.cxx and > image.cxx) wh

Re: Vulnerability fixed in LibreOffice

On Thu, Oct 6, 2011 at 1:48 PM, Florian Effenberger < flo...@documentfoundation.org> wrote: > Hi, > > Jürgen Schmidt wrote on 2011-10-06 13:18: > >> If a TDF or ASF list is secondary for me but i would volunteer to join >> this >> mailing list to help on this topic in the future. But maybe we shou

Re: Vulnerability fixed in LibreOffice

Hi, Dirk-Willem van Gulik wrote on 2011-10-06 14:14: Furthermore - there is nothing stopping you from having a knownsecurity@ group more focused on security - and having this as your first (more public) port of call. for years, there has been security@ooo. That group knows each other very w

Re: Vulnerability fixed in LibreOffice

On 6 Oct 2011, at 12:48, Florian Effenberger wrote: > Jürgen Schmidt wrote on 2011-10-06 13:18: >> If a TDF or ASF list is secondary for me but i would volunteer to join this >> mailing list to help on this topic in the future. But maybe we should try to >> keep the existing and knownsecurityt..

Re: Vulnerability fixed in LibreOffice

Hi, Jürgen Schmidt wrote on 2011-10-06 13:18: If a TDF or ASF list is secondary for me but i would volunteer to join this mailing list to help on this topic in the future. But maybe we should try to keep the existing and knownsecurityt...@openoffice.org mailing list and I see no reason why it s

Re: Vulnerability fixed in LibreOffice

On Thu, Oct 6, 2011 at 1:45 AM, Simon Phipps wrote: > > On 6 Oct 2011, at 00:25, Dennis E. Hamilton wrote: > > > Whatever the arrangement is to become, it should not have a single point > of failure in achieving coordination on common-mode/mono-culture > vulnerabilities. > > Agreed. Let's design

Re: Solve SVG visualization without cairo and librsvg

Hi Pedro, On 06.10.2011 06:30, Pedro Giffuni wrote: Hi; Perhaps someone can explain what the agg_module does? It's rather interesting, and apparently it has some relationship with SVG: http://www.antigrain.com/ Not with SVG, but with canvas as it looks. It's used in canvas/source/

Re: Solve SVG visualization without cairo and librsvg

Hi Dave, On 05.10.2011 18:05, Dave Fisher wrote: On Oct 4, 2011, at 2:57 AM, Armin Le Grand wrote: On 27.09.2011 10:18, Armin Le Grand wrote: ... - still an external renderer, screen and all outputs would use a bitmap visualization Yes, it is still external, but it seems to suppo

Re: GStreamer avmedia plugin as copyleft?

On Thu, Oct 6, 2011 at 10:09 AM, Alexander Thurgood wrote: > Le 05/10/11 21:07, Mathias Bauer a écrit : > > Hi Mathias, > > > > > Of course that would probably mean that our Linux version won't run out > > of the box on most Linux machines as the old OOo version did. It will > > run only on those

Re: Vulnerability fixed in LibreOffice

> Anyone can post to anyone's security list. But they are private lists. It > is the part where discretion must occur in handling vulnerabilities until > >the fix is in and a CVE is posted that happens privately and that might work > better with some shared membership on the security lists.

[CODE] gtk system tray icon and libegg

Hi there, the GTK system tray is broken: 1) ENABLE_QUICKSTART_APPLET is not defined, so ShutdownIcon::IsQuickstarterInstalled() returns false, instead of trying to load libqstart_gtk.so http://svn.apache.org/viewvc/incubator/ooo/trunk/main/sfx2/source/appl/shutdownicon.cxx?view=markup#l76

Re: GStreamer avmedia plugin as copyleft?

Le 05/10/11 21:07, Mathias Bauer a écrit : Hi Mathias, > > Of course that would probably mean that our Linux version won't run out > of the box on most Linux machines as the old OOo version did. It will > run only on those computers that have compatible versions of all > libraries installed in t

Re: [DISCUSS] Having New Committers also be on the PPMC

On Tue, Oct 4, 2011 at 3:26 AM, Shane Curcuru wrote: > I had a few comments (I previously sent to another list) about PPMC vs. > committer sets (i.e. either offering commit separately, or only in > conjunction with PPMC membership): > > Note that making the distinction (or not) is strictly up to

Re: configure: error: X Development libraries not found

On Wed, Oct 5, 2011 at 9:50 PM, Pedro Giffuni wrote: > Hi guys; > > This basic configuration was working yesterday: > > CPPFLAGS=-I/usr/local/include > LDFLAGS=-L/usr/local/lib > ./configure --disable-mozilla --without-junit --disable-odk > --with-gperf=/usr/local/bin/gperf --with-gnu-patch=/usr/