Re: How to make a Linux port of CVE-2012-0037
On Thu, Mar 22, 2012 at 5:47 PM, Rob Weir robw...@apache.org wrote: We need a few things: 1) Someone to build the patch (http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt) 2) Someone to create install instructions for the patch 3) One or more people to test the patch 4) Someone to update the website and send out an announcement #1 is actually a lot easier than it sounds. If you can build AOO 3.4 under Linux then you probably are already building the patched file. We might even just extract the relevant library from a dev snapshot install. But we need to consider what variations we need, 32 versus 64, etc. For #2 I have the source for the existing install instructions. I'm happy to share with anyone who wants to update the instructions and screenshots for Linux users. For #3, I'm sure many of us can help. We have a proof of concept file that shows the exploit that we can test against, but we need to take extreme measures to ensure that filed is not publicly disclosed. For #4, I am happy to help with the digital signature and staging to the mirrors, etc. Updating the webpage is really easy, using the Apache CMS. Anyone care to volunteer for some of these tasks? -Rob I can look at #1 and 2. it would make sense for these things each to have more than 1 person per task, IMO. Wolf -- This Apt Has Super Cow Powers - http://sourcefreedom.com Advancing Libraries Together - http://LYRASIS.org
Re: How to make a Linux port of CVE-2012-0037
Hi, Le 23 mars 12 à 19:14, Wolf Halton a écrit : On Thu, Mar 22, 2012 at 5:47 PM, Rob Weir robw...@apache.org wrote: We need a few things: 1) Someone to build the patch (http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt) 2) Someone to create install instructions for the patch [...cut...] I can look at #1 and 2. it would make sense for these things each to have more than 1 person per task, IMO. FYI, if you got an internet connexion, create the patch is a one liner (really). It took me 30 seconds to extract the change, if the version number in the instructions is correct. Ask me in private if you need the method. Regards, Eric -- qɔᴉɹə Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page L'association EducOOo : http://www.educoo.org Blog : http://eric.bachard.org/news
How to make a Linux port of CVE-2012-0037
We need a few things: 1) Someone to build the patch (http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt) 2) Someone to create install instructions for the patch 3) One or more people to test the patch 4) Someone to update the website and send out an announcement #1 is actually a lot easier than it sounds. If you can build AOO 3.4 under Linux then you probably are already building the patched file. We might even just extract the relevant library from a dev snapshot install. But we need to consider what variations we need, 32 versus 64, etc. For #2 I have the source for the existing install instructions. I'm happy to share with anyone who wants to update the instructions and screenshots for Linux users. For #3, I'm sure many of us can help. We have a proof of concept file that shows the exploit that we can test against, but we need to take extreme measures to ensure that filed is not publicly disclosed. For #4, I am happy to help with the digital signature and staging to the mirrors, etc. Updating the webpage is really easy, using the Apache CMS. Anyone care to volunteer for some of these tasks? -Rob
