Ubuntu
openoffice.org package

OpenOffice.org broken after security update of libicu libicu36 in Gutsy

Bug #207906 reported by Miguel Telleria de Esteban
254
Affects Status Importance Assigned to Milestone
icu (Ubuntu)
Invalid
Undecided
Unassigned
openoffice.org (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: openoffice.org

After the security update of package libicu36 from version 3.6.3 to
3.6.3ubuntu0.1 on 20th March 2008 OpenOffice.org won't start
complaining with the following message:

(in one line)
/usr/lib/openoffice/program/soffice.bin: symbol lookup error: /usr/lib/openoffice/program/i18npool.uno.so: undefined symbol: u_isalnum_3_6

We have found the connection to libicu36 via this debian bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447799,

In Debian they chose to leave it unchanged because they had the OOo
version 2.2, however it says that the version 2.3.0 (the same as in
Ubuntu Gutsy onwards) is affected.

Therefore we suggest to recompile the OOo packages again with the new
libicu36 and publish them as another security update.

-- System Information:
Ubuntu Release: Gutsy
  APT prefers gutsy-updates
  APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, 'gutsy-backports'), (500, 'gutsy')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-14-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openoffice.org depends on:
ii openoffice.org-base 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - data
ii openoffice.org-calc 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - spre
ii openoffice.org-core 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite archit
ii openoffice.org-draw 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - draw
ii openoffice.org-impres 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - pres
ii openoffice.org-java-c 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite Java s
ii openoffice.org-math 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - equa
ii openoffice.org-writer 1:2.3.0-1ubuntu5.3 OpenOffice.org office suite - word

Revision history for this message
Miguel Telleria de Esteban (snapy) wrote :

I consider it a security bug because it seems that now the only way to execute openoffice in gutsy is with an unsecure downgraded libicu36.

In fact the security update should have included OpenOffice packages as well.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. I cannot reproduce this bug on amd64 or i386. The Debian bug was for an experimental version of libicu38 and openoffice.org. I launched Impress, Calc, Writer, Base and Draw all successfully. With the exception of an additional symbol for setMaxCapacity, no symbols changed with this update.

Please post your /etc/apt/sources.list file as well as the output of:
$ apt-cache policy openoffice.org-core libicu36

Changed in openoffice.org:
assignee: nobody → jamie-strandboge
status: New → Incomplete
Revision history for this message
Miguel Telleria de Esteban (snapy) wrote :

Hello, here is the output of

       apt-cache policy openoffice.org-core libicu36

openoffice.org-core:
  Installed: 1:2.3.0-1ubuntu5.3
  Candidate: 1:2.3.0-1ubuntu5.3
  Version table:
 *** 1:2.3.0-1ubuntu5.3 0
        500 http://es.archive.ubuntu.com gutsy-updates/main Packages
        100 /var/lib/dpkg/status
     1:2.3.0-1ubuntu5 0
        500 http://es.archive.ubuntu.com gutsy/main Packages
libicu36:
  Installed: 3.6-3ubuntu0.1
  Candidate: 3.6-3ubuntu0.1
  Version table:
 *** 3.6-3ubuntu0.1 0
        500 http://es.archive.ubuntu.com gutsy-updates/main Packages
        500 http://security.ubuntu.com gutsy-security/main Packages
        500 http://archive.ubuntu.com gutsy-security/main Packages
        100 /var/lib/dpkg/status
     3.6-3 0
        500 http://es.archive.ubuntu.com gutsy/main Packages

Here is my sources.list with the comments removed.

deb http://es.archive.ubuntu.com/ubuntu/ gutsy main restricted
deb-src http://es.archive.ubuntu.com/ubuntu/ gutsy main restricted

deb http://es.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted
deb-src http://es.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted

deb http://es.archive.ubuntu.com/ubuntu/ gutsy universe
deb-src http://es.archive.ubuntu.com/ubuntu/ gutsy universe

deb http://es.archive.ubuntu.com/ubuntu/ gutsy multiverse
deb-src http://es.archive.ubuntu.com/ubuntu/ gutsy multiverse

deb http://security.ubuntu.com/ubuntu gutsy-security main restricted
deb-src http://security.ubuntu.com/ubuntu gutsy-security main restricted
deb http://security.ubuntu.com/ubuntu gutsy-security universe
deb-src http://security.ubuntu.com/ubuntu gutsy-security universe
deb http://security.ubuntu.com/ubuntu gutsy-security multiverse
deb-src http://security.ubuntu.com/ubuntu gutsy-security multiverse

#AUTOMATIX REPOS START
deb http://www.getautomatix.com/apt gutsy main
deb http://archive.canonical.com/ubuntu gutsy partner
deb http://archive.ubuntu.com/ubuntu gutsy-backports main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu gutsy-updates universe multiverse
deb http://archive.ubuntu.com/ubuntu gutsy-security main restricted universe multiverse
#AUTOMATIX REPOS END

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While the packages I asked for are correct, the -backports and automatix sources.list lines lead me to think there is an interaction between incompatible packages in these repositories. Please post steps to reproduce and then try removing the packages you installed from these repositories and see if the problem goes away. You might also check the output of this command:

$ dpkg -l | grep openoffice.org

All of the packages listed should have the same version.

Jamie Strandboge (jdstrand)
Changed in icu:
status: New → Incomplete
Revision history for this message
Chris Cheney (ccheney) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in openoffice.org:
assignee: jdstrand → nobody
status: Incomplete → Invalid
Changed in icu:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.