First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 147652
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Wolf Giesen (RETIRED) <frilled@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 147652 depends on: Show dependency tree
Show dependency graph
Bug 147652 blocks: 147591

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-09-14 23:35 0000 
Mozilla Team, please bump firefox and firefox-bin to 1.5.0.7, thx!

See Tracker bug for info.

------- Comment #1 From Wolf Giesen (RETIRED) 2006-09-14 23:40:20 0000 ------- 
Paperwork change.

------- Comment #2 From Stefan Schweizer 2006-09-15 05:24:06 0000 ------- 
firefox-bin bumped

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-09-15 06:18:30 0000 ------- 
Arches please test and mark stable. Target keywords are:

mozilla-firefox-bin-1.5.0.7.ebuild:KEYWORDS="-* amd64 x86"

------- Comment #4 From Raúl Porcel 2006-09-15 06:42:29 0000 ------- 
mozilla-firefox-bin-1.5.0.7 x86: Works nice(this does not compile, since it's a
bin package :)).

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r7 i686)
=================================================================
System uname: 2.6.17-gentoo-r7 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.12.5
Last Sync: Thu, 14 Sep 2006 17:50:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ "
LINGUAS=""
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.belnet.be/packages/gentoo-portage"
USE="x86 X bitmap-fonts bzip2 cairo cdr cli crypt dbus dlloader dri dvd dvdr
eds elibc_glibc emboss encode fam firefox fortran gif gpm gstreamer gtk hal
input_devices_evdev input_devices_keyboard input_devices_mouse isdnlog jpeg
kernel_linux ldap libg++ mad mikmod mp3 mpeg ncurses nptl nptlonly ogg opengl
pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection sdl
session spell spl ssl tcpd truetype truetype-fonts type1-fonts udev unicode
userland_GNU video_cards_vesa vorbis win32codecs xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #5 From Joshua Jackson 2006-09-15 10:23:43 0000 ------- 
I assume that the non bin package will be coming a bit later and thus I'm
leaving us on this til that appears..however the -bin is stable with the
testing assistance of armin76 on x86 ^.^

------- Comment #6 From Christoph Mende 2006-09-15 12:59:52 0000 ------- 
- emerges fine on amd64
- passes multilib-strict
- passes collision-test
- works

Portage 2.1.1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-ck1-r3 x86_64)
=================================================================
System uname: 2.6.17-ck1-r3 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.5
Last Sync: Fri, 15 Sep 2006 18:50:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.6-r1, 2.0.28-r1
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-test distlocks metadata-transfer
multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo
ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
ftp://ftp.gentoo.mesh-solutions.com/gentoo/
ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO8859-1"
LC_ALL="en_US.ISO8859-1"
LINGUAS=""
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo
cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread
elibc_glibc emboss encode expat fam firefox fortran gdbm gif glut gpm gstreamer
gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog
jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc mad mikmod mng
mp3 mpeg musicbrainz ncurses nls nptl nptlonly ogg opengl pam pcre pdflib php
png ppds pppd quicktime readline reflection sdl session socks5 spl ssl svg tcpd
tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU v4l v4l2
video_cards_fglrx vorbis wmp x264 xine xinerama xml xorg xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS

------- Comment #7 From Olivier Crete 2006-09-15 16:36:37 0000 ------- 
the -bin is stable on amd64 too.. waiting for non-bin ebuild

------- Comment #8 From Giacomo Perale 2006-09-16 00:51:13 0000 ------- 
Mozilla Foundation Security Advisory 2006-60
(http://www.mozilla.org/security/announce/2006/mfsa2006-60.html) seems to
suggest that NSS 3.11.2 is the culprit of the vulnerability. Since Gentoo
builds firefox/thunderbird/seamonkey with the system copy of NSS, I think that
you should bump the library to release 3.11.3 as well.

------- Comment #9 From Gergan Penkov 2006-09-16 01:04:20 0000 ------- 
(In reply to comment #8)
> Mozilla Foundation Security Advisory 2006-60
> (http://www.mozilla.org/security/announce/2006/mfsa2006-60.html) seems to
> suggest that NSS 3.11.2 is the culprit of the vulnerability. Since Gentoo
> builds firefox/thunderbird/seamonkey with the system copy of NSS, I think that
> you should bump the library to release 3.11.3 as well.
> 

yes http://secunia.com/advisories/21903/ and probably nspr should be bumped
also to 4.6.3

------- Comment #10 From Stefan Schweizer 2006-09-16 01:23:05 0000 ------- 
thanks. nspr-4.6.3 and nss-3.11.3 bumped.

------- Comment #11 From Walter Meinl 2006-09-16 06:58:42 0000 ------- 
(In reply to comment #10)
> thanks. nspr-4.6.3 and nss-3.11.3 bumped.
> 

Maybe nss-3.11.3 should depend on nspr-4.6.3. The nss ebuild has still
NSPR_VER="4.6.2". Bumping the nspr version would automatically pull 4.6.3, when
nss is updated

------- Comment #12 From Simon Stelling (RETIRED) 2006-09-16 11:41:46 0000 ------- 
mozilla-firefox (non-bin) is stable on amd64, leaving us on the bug as i expect
we have to mark some nspr version too later on

------- Comment #13 From Tobias Scherbaum 2006-09-16 12:57:52 0000 ------- 
(In reply to comment #10)
> thanks. nspr-4.6.3 and nss-3.11.3 bumped.
> 

any reason you marked nspr directly stable for ia64?

------- Comment #14 From Stefan Schweizer 2006-09-16 13:49:04 0000 ------- 
because I missed that it was stable there :( And repoman did not warn me of
course. the stable marking of the previous version was also a mistake btw and
should be reverted but no one one is reacting, it is sad:

http://bugs.gentoo.org/show_bug.cgi?id=134798#c8

The new nss/nspr should probably also be stabled, I think.

anyway I reverted my erroneous ia64 stabling and changed the nss dep to 4.6.3,
thanks walter

------- Comment #15 From Christian Faulhammer 2006-09-17 03:23:38 0000 ------- 
nspr:
1) emerges fine
2) passes collision test

nss:
1) emerges fine
2) passes collision test

firefox (non bin):
1) emerges fine on both libraries above so far
dodoc: LEGAL does not exist

2) passes collision test
3) works with both updated versions of above libraries

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Sun, 17 Sep 2006 07:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash
/etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc
emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript
jikes jpeg jpeg2k kernel_linux ldap leim libg++ linguas_de lm_sensors mad
maildir matroska mbox mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule
nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg
opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python
qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell
spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype
truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev
video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows
xine xml xorg xosd xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #16 From Markus Meier 2006-09-17 12:06:55 0000 ------- 
dev-libs/nspr-4.6.3
 1.) emerges fine
 2.) passes collision test

dev-libs/nss-3.11.3
 1.) emerges fine
 2.) passes collision test

www-client/mozilla-firefox-1.5.0.7
 1.) emerges fine (with the newer version of the libraries)
 2.) passes collision test
 3.) works

emerge --info
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17.11 i686)
=================================================================
System uname: 2.6.17.11 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.5
Last Sync: Sun, 17 Sep 2006 10:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.3.5-r2, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv
usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal /usr/local/portage/testing"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdr cli crypt css cups dbus divx4linux dlloader dri
dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server
fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal
input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB
logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3
mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl
png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl
seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype
truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none
video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg
xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #17 From Matthias Langer 2006-09-17 12:17:37 0000 ------- 
mozilla-firefox-1.5.0.7  USE="gnome ipv6 java -debug -mozdevelop -xinerama
-xprint" is working fine for me on x86.

------- Comment #18 From Joshua Jackson 2006-09-18 20:26:02 0000 ------- 
x86 marked stable for non bin as well, if there's anything else that needs to
be done readd us.

------- Comment #19 From Tobias Scherbaum 2006-09-21 12:44:55 0000 ------- 
If there's something we should stable it helps in most cases to add the arches
;)

------- Comment #20 From Simon Stelling (RETIRED) 2006-09-21 13:06:59 0000 ------- 
nspr got its own bug, thus removing amd64

------- Comment #21 From Wolf Giesen (RETIRED) 2006-09-21 14:06:19 0000 ------- 
Ehr ... if I messed it up, how did the other slables turn up? :D

[re?]calling hppa, sparc, hppa

------- Comment #22 From Gustavo Zacarias (RETIRED) 2006-09-21 14:09:51 0000 ------- 
We've (sparc) stabled it before you called us.

------- Comment #23 From Wolf Giesen (RETIRED) 2006-09-21 15:33:56 0000 ------- 
Yuck :) Now I know what jaervosz meant .-))

------- Comment #24 From Tobias Scherbaum 2006-09-22 14:50:17 0000 ------- 
ppc stable, hppa is about to follow quite soon.

------- Comment #25 From Tobias Scherbaum 2006-09-22 14:57:44 0000 ------- 
hppa also stable, ready for GLSA.

------- Comment #26 From Matthias Geerdsen 2006-09-28 12:38:22 0000 ------- 
GLSA 200609-19

thanks everyone

------- Comment #27 From Joshua Kinard 2006-10-02 19:18:04 0000 ------- 
FYI, Mips stable now
First Last Prev Next    No search results available      Search page      Enter new bug