Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
Just noticed the following: -rwxr-xr-x 1 root root 304490 5. Aug 2004 /usr/bin/gv probably vulnerable to http://security.gentoo.org/glsa/glsa-200408-10.xml app-text/gv-3.5.8-r4 installs /usr/X11R6/bin/gv I'm not sure, if it's only a problem with my system, but I'd think it would be good to have a gv version bump, explicitly removing /usr/bin/gv.
printing please verify. If needed please provide new ebuilds, thanks
On my system /usr/X11R6 is a symlink pointing to ../usr and not a directory. AFAIK should /usr/X11R6 always be a symlink, at least on systems with current xorg-x11 or am I wrong?
(In reply to comment #2) > On my system /usr/X11R6 is a symlink pointing to ../usr and not a directory. Yeah, this is what I thought, too. The whole thing sounds pretty suspicious to be invalid, but let's just see what printing says, as they have more insight into possible problems.
Well, on my system /usr/X11R6 isn't a symlink, running stable x11-base/xorg-x11-6.8.2-r6. If it should be a symlink there's probably something wrong with the xorg ebuild, since I always used stable X11. Interestingly I have the following useless symlink: lrwxrwxrwx 1 root root 6 18. M
Well, on my system /usr/X11R6 isn't a symlink, running stable x11-base/xorg-x11-6.8.2-r6. If it should be a symlink there's probably something wrong with the xorg ebuild, since I always used stable X11. Interestingly I have the following useless symlink: lrwxrwxrwx 1 root root 6 18. Mär 2005 /usr/X11R6/X11R6 -> ../usr as well as the following dead one: lrwxrwxrwx 1 root root 16 21. Jan 2005 /usr/lib/X11/X11 -> ../X11R6/lib/X11 Nevertheless app-text/gv should install into /usr/bin imho.
Apparently you've managed to find some sort of bug in the stable migration script that nobody else has reported. About all I can say now is, tough luck, try 7.0 -- we're not going to spend hours debugging a problem on 6.8 now.
I do not see this bug on 3.6.1-r2. In my opinion that is the most stable version, because it is the latest version :) So, I would like to see gv-3.6.1-r2 stable on x86 ppc ppc64 alpha sparc amd64 so that I can remove all the older ebuilds, thanks.
ok, here we go: arches please test and mark stable, thanks
(In reply to comment #5) > Apparently you've managed to find some sort of bug in the stable migration > script that nobody else has reported. About all I can say now is, tough luck, > try 7.0 -- we're not going to spend hours debugging a problem on 6.8 now. That no one reported the issue yet will be bound to the fact, that X works without any problems nontheless. Didn't implicate that it should be fixed for 6.8, just wanted to have your confirmation regarding the symlink issue. Would be nice, if there would be a double check for 6.9/7.0 that the symlink gets created in place of the directory, though.
(In reply to comment #8) > 6.8, just wanted to have your confirmation regarding the symlink issue. Would > be nice, if there would be a double check for 6.9/7.0 that the symlink gets > created in place of the directory, though. > There is such a check in 7.0.
Not too sure if we should do a GLSA about this one.
(In reply to comment #10) > Not too sure if we should do a GLSA about this one. Rather not. Even if others should have the same X issue, the older gv binary /should/ have been properly removed by Portage. There was the chance that others among the cc'ed users with older systems find themselves affected as well, but it's likely to be a local issue.
I've tested app-text/gv-3.6.1-r2 on x86 against a stable profile. While at the first glance, everything seemed to be fine, i discovered two problems with gv-3.6.1-r2: 1.) gv-3.6.1-r2 seems to have problems with large pdf files (> 50 pages). When trying to open such a file, i get gv prints messages like Error: /undefinedfilename in --file-- Operand stack: PDFfile (/home/antonio/docs\\ and\\ books/pcasm-book.pdf) (r) Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1 3 %oparray_pop 1 3 %oparray_pop 1 3 %oparray_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- Dictionary stack: --dict:1051/1417(ro)(G)-- --dict:0/20(G)-- --dict:68/200(L)-- Current allocation mode is local Last OS error: 2 Current file position is 1916 ESP Ghostscript 7.07.1: Unrecoverable error, exit code 1 to the terminal. Besides, gv opens an error dialog (where copy and paste doesn't work) with a message like this: Execution of gs -dNODISPLAY -dQUIET -sPDFname='/path/to/pdf' -sDSCname='/tmp/tmpfile.pdf' psf2dsc.ps -c quit failed However, the file can be viewed afterwards, but the page index is missing. Direct jumping to arbitrary pages is therefore not possible. With gv-3.5.8-r4 this problem doesn't exist. 2.) gv-r3.6.1-r2 refuses to open a dvi file on my computer which is viewable with evince without problems. But this is also the same with 3.5.8-r4. Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15-gentoo-r5 i686) ================================================================= System uname: 2.6.15-gentoo-r5 i686 AMD Athlon(tm) XP 2400+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig colission-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.inode.at/ " LANG="en_US.utf8" LC_ALL="en_US.utf8" LINGUAS="en de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aalib alsa apm audiofile avi berkdb bitmap-fonts bonobo bzip2 bzlib cairo cdr cli crypt css ctype cups curl dba dbus divx4linux dri dts dv dvd dvdr dvdread emboss encode evo exif expat fam fame fastbuild ffmpeg firefox flac foomaticdb force-cgi-redirect fortran ftp gd gdbm gif glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal idn imagemagick imlib ipv6 java jpeg junit lcms libg++ libwww mad memlimit mhash mikmod mmx mmxext mng motif mp3 mpeg nautilus ncurses nls nptl nsplugin nvidia ogg oggvorbis openal opengl pam pcre pdflib perl plotutils png posix python quicktime readline real ruby sdl session simplexml slang soap sockets speex spell spl sqlite sse ssl subtitles svga tcltk tcpd tetex theora tiff tokenizer truetype truetype-fonts type1-fonts udev unicode usb vcd video_cards_nvidia vorbis win32codecs wma xine xml xml2 xmms xsl xv xvid zlib linguas_en linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS
sparc stable (opened a couple of very big >300 page pdf files without issues, moved around, changed layout, so on and so on).
hmm, my problems with large pdf files and gv-3.6.1-r2 don't appear on this box for some reason: Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15.6 i686) ================================================================= System uname: 2.6.15.6 i686 AMD Athlon(tm) XP 1900+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig colission-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo " LC_ALL="en_US.UTF-8" LINGUAS="en de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowext X acpi alsa apm audiofile avi berkdb bitmap-fonts browserplugin bzip2 bzlib cairo cli crypt ctype dba dbus dri dvd emboss encode exif expat fam fastbuild firefox foomaticdb force-cgi-redirect fortran ftp gd gdbm gif glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal idn imlib ipv6 java jpeg lcms libg++ libwww mad memlimit mikmod mime mmx mmxext mng motif mp3 mpeg ncurses nls nptl nsplugin nvidia ogg oggvorbis opengl pam pcre pdflib perl png posix python quicktime readline real ruby sdl session simplexml soap sockets spell spl sqlite sse ssl tcpd tokenizer truetype truetype-fonts type1-fonts udev unicode usb vorbis win32codecs wma xine xml xml2 xsl xv xvid zlib linguas_en linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LDFLAGS, PORTDIR_OVERLAY Maybe this is because of the fact, that i installed gv for the first time on this system, while i did an upgrade from version 3.5.8-r4 on the box mentioned in comment 12. Note that i did not forget to run etc-update after the upgrade ...
Stable on x86, thanks for testing Matthias
Stable on ppc. No issues with large pdf documents here either.
stable on ppc64
stable on amd64.
oops, sorry about the spam.
Stable on alpha.
votes on a GLSA for this one? I tend to say no GLSA.
i tend to vote no for the reasons exposed in comment #11
Voting no and closing.
