Greetings,
I'm currently running AOO 4.1.5 on Gentoo Linux, and have found an issue with clearing a Security Advisory from my system (namely GLSA 201705-10) due to OpenOffice's dependency on /usr/lib64/libgstinterfaces-0.10.so.0 by /usr/lib64/openoffice/program/libavmediagst.so. That library is provided by media-libs/gst-plugins-base-0.10.36-r2 which was deprecated due to vulnerabilities, and the current version of gst-plugins-base is 1.14.1, but unfortunately doesn't provide an updated version of libgstinterfaces.
The following is the list of CVEs that deprecated all versions of gst-plugins-base up through 1.10.2:
CVE-2016-10198, CVE-2016-10199, CVE-2016-9445, CVE-2016-9446, CVE-2016-9447, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807,
CVE-2016-9808, CVE-2016-9809, CVE-2016-9810, CVE-2016-9811, CVE-2016-9812, CVE-2016-9813, CVE-2017-5837, CVE-2016-10198, CVE-2016-10199, CVE-2016-9445, CVE-2016-9446, CVE-2016-9447, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808, CVE-2016-9809, CVE-2016-9810, CVE-2016-9811, CVE-2016-9812, CVE-2016-9813, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5846, CVE-2017-5847, CVE-2017-5848, CVE-2017-5838, CVE-2017-5839,
CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5846, CVE-2017-5847, CVE-2017-5848
Any ideas on how to proceed from here?
TIA for your help.
[Issue] Dependency on deprecated library libgstinterfaces
-
ShadowCat8
- Posts: 6
- Joined: Tue Sep 26, 2017 11:56 pm
[Issue] Dependency on deprecated library libgstinterfaces
Last edited by Hagar Delest on Sun Aug 05, 2018 11:40 am, edited 2 times in total.
Reason: Tagged issue.
Reason: Tagged issue.
"Let's think the unthinkable, let's do the undoable, let's prepare to grapple
with the ineffable itself, and see if we may not eff it after all." -- Douglas Adams
-----
Apache OpenOffice 4.1.5 on personal build of Gentoo Linux
with the ineffable itself, and see if we may not eff it after all." -- Douglas Adams
-----
Apache OpenOffice 4.1.5 on personal build of Gentoo Linux
Re: AOO dependency on deprecated library libgstinterfaces
The only thing you can do is raise a bug report at https://bz.apache.org/ooo/.
I don't think it will be fixed any time soon.
I don't think it will be fixed any time soon.
LO 6.4.4.2, Windows 10 Home 64 bit
See the Writer Guide, the Writer FAQ, the Writer Tutorials and Writer for students.
Remember: Always save your Writer files as .odt files. - see here for the many reasons why.
See the Writer Guide, the Writer FAQ, the Writer Tutorials and Writer for students.
Remember: Always save your Writer files as .odt files. - see here for the many reasons why.
Re: AOO dependency on deprecated library libgstinterfaces
This may be a topic for the development mailing list. A search for "libavmediagst.so" found that AOO 4.2.0 will use gstreamer 1.0 instead of gstreamer 0.1, but I don't know if that would fix the problem.
Issue 127722 - Update gstreamer support from 0.1 to 1.0
Openoffice and unsupported gstreamer 0.10 branch (for openoffice libavmediagst.so library)
Issue 127722 - Update gstreamer support from 0.1 to 1.0
Openoffice and unsupported gstreamer 0.10 branch (for openoffice libavmediagst.so library)
AOO 4.1.14 on Ubuntu MATE 22.04
-
ShadowCat8
- Posts: 6
- Joined: Tue Sep 26, 2017 11:56 pm
AOO dependency on deprecated library libgstinterfaces
Greetings again and thanks for the responses,
@Bill: Thanks for the links. After reading the discussion on the dev mailing list from the link you provided, it seems others have also had concerns regarding AOO's dependency on the deprecated version of the gstreamer libs. At this point, support for linking against the 1.0 versions of gstreamer and the plugins will be available in AOO 4.2.0, and there is a patch available right now for those who want to build from source. I will likely try a direct-source build on my home system to see if it will work against the latest versions of the libs, too, and will report my findings.
And, at this time, I'd like to add an extra thanks and a "Good job!" to Damjan Jovanovic for his time and efforts on this issue, as well as for providing the patch.
Lastly, @robleyd, thanks for correcting my header on the OP of this thread. Since you get no descriptions of the icons on a mouseover, I took that symbol to mean "Danger" as opposed to "Toxic".
Thanks again.
@Bill: Thanks for the links. After reading the discussion on the dev mailing list from the link you provided, it seems others have also had concerns regarding AOO's dependency on the deprecated version of the gstreamer libs. At this point, support for linking against the 1.0 versions of gstreamer and the plugins will be available in AOO 4.2.0, and there is a patch available right now for those who want to build from source. I will likely try a direct-source build on my home system to see if it will work against the latest versions of the libs, too, and will report my findings.
And, at this time, I'd like to add an extra thanks and a "Good job!" to Damjan Jovanovic for his time and efforts on this issue, as well as for providing the patch.
Lastly, @robleyd, thanks for correcting my header on the OP of this thread. Since you get no descriptions of the icons on a mouseover, I took that symbol to mean "Danger" as opposed to "Toxic".
Thanks again.
"Let's think the unthinkable, let's do the undoable, let's prepare to grapple
with the ineffable itself, and see if we may not eff it after all." -- Douglas Adams
-----
Apache OpenOffice 4.1.5 on personal build of Gentoo Linux
with the ineffable itself, and see if we may not eff it after all." -- Douglas Adams
-----
Apache OpenOffice 4.1.5 on personal build of Gentoo Linux