RE: Officially releasing a patch for CVE-2016-1513

The patched DLL is shipped with an external digital signature. I guess we could ask that to be installed alongside it. That would be a good tell-tale. The web site where the patch is downloadable from will have hashes for the archive containing the patched library and will also have an exter

Re: updated curl patch

On 24 Jul, Dennis E. Hamilton wrote: > > >> -Original Message- >> From: Don Lewis [mailto:truck...@apache.org] >> Sent: Sunday, July 24, 2016 14:51 >> To: dev@openoffice.apache.org; dennis.hamil...@acm.org >> Subject: Re: updated curl patch >> >> On 24 Jul, Dennis E. Hamilton wrote: >>

Re: Buildbots update

On 24 Jul, Andrea Pescetti wrote: > On 22/07/2016 Don Lewis wrote: >> On 22 Jul, Damjan Jovanovic wrote: >>> I've progressed much further > > Thanks Damjan for the (as usual) great progress. > >>> Buildbots >>> should immediately fail the build if ./bootstrap fails >> Yes, there is no sense in co

RE: updated curl patch

> -Original Message- > From: Don Lewis [mailto:truck...@apache.org] > Sent: Sunday, July 24, 2016 14:51 > To: dev@openoffice.apache.org; dennis.hamil...@acm.org > Subject: Re: updated curl patch > > On 24 Jul, Dennis E. Hamilton wrote: > > > > > >> -Original Message- > >> From: D

Re: Officially releasing a patch for CVE-2016-1513

On 24 Jul, Don Lewis wrote: > At a minimum, we should publish the hash values of buggy and fixed > versions of the library. That might not help someone who builds and > installs from source since the build not be completely repeatable. > For instance the library might contain a timestamp. Adding

Re: Officially releasing a patch for CVE-2016-1513

On 24 Jul, Andrea Pescetti wrote: > While the severity of the security bug we disclosed > http://www.openoffice.org/security/cves/CVE-2016-1513.html is not > particularly high (it is classified as "Medium" with no known exploits > and anti-virus software can detect malicious documents), we shoul

RE: Officially releasing a patch for CVE-2016-1513

[BCC to PMC, AOO Security team where how to accomplish this has been under discussion] +1 from me, all the way down the line. > -Original Message- > From: Andrea Pescetti [mailto:pesce...@apache.org] > Sent: Sunday, July 24, 2016 14:38 > To: dev@openoffice.apache.org > Subject: Officiall

Re: updated curl patch

On 24 Jul, Dennis E. Hamilton wrote: > > >> -Original Message- >> From: Don Lewis [mailto:truck...@apache.org] >> Sent: Sunday, July 24, 2016 12:24 >> To: dev@openoffice.apache.org >> Subject: updated curl patch >> >> I've updated my curl patch here: >>

Officially releasing a patch for CVE-2016-1513

While the severity of the security bug we disclosed http://www.openoffice.org/security/cves/CVE-2016-1513.html is not particularly high (it is classified as "Medium" with no known exploits and anti-virus software can detect malicious documents), we should release an update incorporating the -al

Re: Editing Download page

Am 07/24/2016 06:25 PM, schrieb Dennis E. Hamilton: Marcus, A little correction here and there ... -Original Message- From: Marcus [mailto:marcus.m...@wtnet.de] My technical additions need a bit more time but in the meantime here are my text suggestions: Box headline: "Developers Need

Re: Editing Download page

I would also suggest to revisit the intro programs for development which were put on hold indefinetly and at the momento there is really no good way to 'learn' the AOO sourcecode. Most of the wiki Dev documentation might also need some review. Specially key pages like conventions, and recent change

Re: Editing Download page

On 24/07/2016 Marcus wrote: now it's here: http://ooo-site.staging.apache.org/download/index.html Looks good to me (text and layout). I'd simply replace the title with "Help wanted" for consistency with the ASF-wide site that Dennis mentioned (and also because we are already using the box for

RE: updated curl patch

> -Original Message- > From: Don Lewis [mailto:truck...@apache.org] > Sent: Sunday, July 24, 2016 12:24 > To: dev@openoffice.apache.org > Subject: updated curl patch > > I've updated my curl patch here: > > > I've build tested it on Fre

Re: Editing Download page

Am 07/24/2016 06:25 PM, schrieb Dennis E. Hamilton: Marcus, A little correction here and there ... -Original Message- From: Marcus [mailto:marcus.m...@wtnet.de] My technical additions need a bit more time but in the meantime here are my text suggestions: Box headline: "Developers Need

updated curl patch

I've updated my curl patch here: I've build tested it on FreeBSD 10, 64-bit CentOS 7, 64-bit Ubuntu 12, and Windows 7. I've run tested it on CentOS and Windows by doing a File->Open and specifying a ftp:// URL. I did the same with the FreeBSD po

Re: Buildbots update

On 24 Jul, Damjan Jovanovic wrote: > On Fri, Jul 22, 2016 at 9:39 PM, Don Lewis wrote: > >> On 22 Jul, Damjan Jovanovic wrote: >> > I've progressed much further, and openoffice-fbsd-nightly, >> > openoffice-linux32-nightly, openoffice-linux64-nightly, and >> > openoffice-linux64-rat are now build

RE: [DISCUSS] Places for Installation, Startup, Troubleshooting, Caveats, Tips, Workarounds, and maybe FAQ?

Still ... > [BCC to dev and users lists - please keep the conversation on doc@ for > now, at least by BCC, since it pertains to use of the wiki(s).] Of course, I could simply be over-thinking this whole thing and it would be more valuable to do something. I still would like any feedback that the

Re: Buildbots update

On 22/07/2016 Don Lewis wrote: On 22 Jul, Damjan Jovanovic wrote: I've progressed much further Thanks Damjan for the (as usual) great progress. Buildbots should immediately fail the build if ./bootstrap fails Yes, there is no sense in continuing if bootstrap fails Yes, sure. 5 hours is

Re: ./bootstrap: LWP::Protocol::https replaced by java.net.URLConnection

On 7/24/2016 10:24 AM, Damjan Jovanovic wrote: ... So how do we download files now? Java. Java supports https:// out of the box, is very portable between operating systems and CPUs, uses its own root CA certificates, is already used on all the buildbots, and is documented as being a mandatory bu

[DISCUSS] Places for Installation, Startup, Troubleshooting, Caveats, Tips, Workarounds, and maybe FAQ?

[BCC to dev and users lists - please keep the conversation on doc@ for now, at least by BCC, since it pertains to use of the wiki(s).] I notice that the User Guide draft does not provide connection to topics around installation, startup, and so on, at least not at the top level,

./bootstrap: LWP::Protocol::https replaced by java.net.URLConnection

Hi Both we and Infra have been battling with the buildbots for far too long, and the inability to do https:// downloads consistently due to missing LWP::Protocol::https has been a major thorn in our side. Perl in AOO is not going well. CPAN modules don't install easily: in both CentOS 5 and (Infr

Re: Buildbots update

On Fri, Jul 22, 2016 at 9:39 PM, Don Lewis wrote: > On 22 Jul, Damjan Jovanovic wrote: > > I've progressed much further, and openoffice-fbsd-nightly, > > openoffice-linux32-nightly, openoffice-linux64-nightly, and > > openoffice-linux64-rat are now building, while > openoffice-linux32-snapshot >

RE: Editing Download page

Marcus, A little correction here and there ... > -Original Message- > From: Marcus [mailto:marcus.m...@wtnet.de] > My technical additions need a bit more time but in the meantime here are > my text suggestions: > > Box headline: > "Developers Needed" > > Box text: > "Are you a software

Re: Buildbots update

On Fri, Jul 22, 2016 at 12:09 AM, Damjan Jovanovic wrote: > I've progressed much further, and openoffice-fbsd-nightly, > openoffice-linux32-nightly, openoffice-linux64-nightly, and > openoffice-linux64-rat are now building, while openoffice-linux32-snapshot > is only temporarily breaking due to S

Re: Clean up on main page for www.openoffice.org

On Sun, Jul 24, 2016 at 7:40 AM, Marcus wrote: > Am 07/23/2016 12:59 AM, schrieb Kay Schenk: > >> >> >> On 07/22/2016 03:52 PM, Marcus wrote: >> >>> Am 07/23/2016 12:47 AM, schrieb kaysch...@apache.org: >>> Is there any problem with removing VERY old entries from: http://www.openoffice.

RE: Is it time to shut down this effort?

> -Original Message- > From: Keith N. McKenna [mailto:keith.mcke...@comcast.net] > Sent: Saturday, July 23, 2016 18:24 > To: dev@openoffice.apache.org > Subject: Re: Is it time to shut down this effort? > > Dennis E. Hamilton wrote: > > [BCC dev@ (really, this time)] > > > >> -Origin

RE: Editing Download page

> -Original Message- > From: Patricia Shanahan [mailto:p...@acm.org] > Sent: Saturday, July 23, 2016 19:18 > To: dev@openoffice.apache.org > Subject: Re: Editing Download page > > Marcus: > > Please add "Experienced lead technical writers" to the requested skills. > See the "Is it time

RE: [DISCUSS] HELP WANTED: Putting Help Wanted on OpenOffice.org

Recent discussions about help-wanted for Apache OpenOffice bring to mind that we have not taken advantage of this. It is useful in that it provides a single item (could be on download page and other places) that expands into as mucy coverage as we are willing write items for. Please take a loo

Re: Editing Download page

Am 07/23/2016 12:49 AM, schrieb Marcus: Am 07/22/2016 10:14 PM, schrieb Marcus: Am 07/22/2016 08:35 PM, schrieb Patricia Shanahan: [...] I didn't interpret it as a commitment to do the changes, and I am in a Just Do It mood this week. If you can do the changes, great. OK, I don't want to slo

Re: Clean up on main page for www.openoffice.org

Am 07/23/2016 12:59 AM, schrieb Kay Schenk: On 07/22/2016 03:52 PM, Marcus wrote: Am 07/23/2016 12:47 AM, schrieb kaysch...@apache.org: Is there any problem with removing VERY old entries from: http://www.openoffice.org/ We still have references to events in 2014, 2013 that I feel should be