Bugzilla Bug 204760

Five vulnerabilities deemed "critical" have been addressed in PostgreSQL. The
fixed version are 8.2.6, 8.1.11, 8.0.15, 7.4.19, 7.3.21. Ergo, all versions
currently in portage are affected and need to be updated.

The following text is reproduced from the announcement:

Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature,
PostgreSQL allows users to create indexes on the results of user-defined
functions, known as "expression indexes". This provided two vulnerabilities to
privilege escalation: (1) index functions were executed as the superuser and
not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET
SESSION AUTHORIZATION were permitted within index functions. Both of these
holes have now been closed.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,
CVE-2007-4769): three separate issues in the regular expression libraries used
by PostgreSQL allowed malicious users to initiate a denial-of-service by
passing certain regular expressions in SQL queries. First, users could create
infinite loops using some specific regular expressions. Second, certain complex
regular expressions could consume excessive amounts of memory. Third,
out-of-range backref numbers could be used to crash the backend. All of these
issues have been patched.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with
local trust or ident authentication could be used by a malicious user to gain
superuser privileges. This issue has been fixed, and does not affect users who
have not installed DBLink (an optional module), or who are using password
authentication for local access. This same problem was addressed in the
previous release cycle (see CVE-2007-3278), but that patch failed to close all
forms of the loophole.

Thanks for the report.

Postgresql herd, please advise.

*** Bug 205111 has been marked as a duplicate of this bug. ***

Created an attachment (id=140829) [edit]
postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files

I started off using the 8.2.5 ebuilds from postgresql-testing and changed the
SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me.

(In reply to comment #3)
> Created an attachment (id=140829) [edit]
> postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files
> I started off using the 8.2.5 ebuilds from postgresql-testing and changed the
> SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me.

Thanks for the ebuilds.  I am testing and working on committing them now.

The 8.2.6 ebuilds are now committed.  I'll try to work on bumping the other
versions tomorrow - our stable target should be 8.0.15; I'll post to this bug
when that's committed.

Thanks, Marty.

8.0.15 ebuilds are now committed.  Based on what we've got in the tree now, the
7.4 and 7.3 branches should also be stable targets.  I'll get going on those,
and finally 8.1.  7.4 and 7.3 should be committed today - hopefully 8.1 too, if
I can get it done (my dev box is old and slow).  Meanwhile, arches can start
with 8.0.15.  Thanks, Marty.

7.4.19 ebuilds committed.  Thanks, Marty

Thx Martin. 

Since this is pretty serious I'm calling arches to start testing before all
branches are fixed. Target keywords sofar are:

postgresql-7.4.19.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64
s390 sh sparc x86"
postgresql-8.0.15.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64
s390 sh sparc x86"

>>> Unpacking postgresql-7.4.19.tar.bz2 to /var/tmp/portage/dev-db/libpq-7.4.19/work
 * Applying libpq-7.4.19-gentoo.patch ...

 * Failed Patch: libpq-7.4.19-gentoo.patch !
 *  ( /usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch )
 *
 * Include in your bugreport the contents of:
 *
 *  
/var/tmp/portage/dev-db/libpq-7.4.19/temp/libpq-7.4.19-gentoo.patch-30816.out

 *
 * ERROR: dev-db/libpq-7.4.19 failed.
 * Call stack:
 *             ebuild.sh, line 1701:  Called dyn_unpack
 *             ebuild.sh, line  817:  Called qa_call 'src_unpack'
 *             ebuild.sh, line   44:  Called src_unpack
 *   libpq-7.4.19.ebuild, line   44:  Called epatch
'/usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch'
 *         eutils.eclass, line  304:  Called die
 * The specific snippet of code:
 *                              die "Failed Patch: ${patchname}!"
 *  The die message:
 *   Failed Patch: libpq-7.4.19-gentoo.patch!

(8.0.15 applies without problems)

Commits for 8.1.11 and 7.3.21 are now done.

7.3.21 is the stable target for that branch.

Also, upstream has advised that 7.3.21 will be the last upstream release of the
7.3 branch.

Thanks, Marty.

I'll take a look at the 7.4.19 problem.

The libpq problem had to do with me not adding the files with -ko.  It also
affected 7.3.21.  Fixes for both are committed now.

Thanks, Marty

~dev-db/libpq-8.1.11 seems to be missing - I can't commit postgresql stable (on
x86). repoman is complaining...
and btw, all patches apply fine now.

stable on x86, on behalf of maekke...libpq 8.1.11 is missing and "Ebuild has
redundant cd ${S} statement on line:" Check your repoman output.

7.3.21 ppc64 stable now.  Will wait on db/libpq-8.1.11 to complete the db side
too.

Grr...sorry about 8.1.11.  I don't know how I missed that.  It's committed now,
and I fixed the unquoted errors in the 7.4 libpq ebuilds.  Once keywording has
settled, I'll fix the rest of the repoman warnings.

Is it true that 8.1* is not a stabilisation target? Even if it were, with
8.1.11 in the tree, 8.1.9 could now be removed safely (i.e. without upsetting
anyone).

dev-db/libpq-7.4.19  USE="nls pam readline ssl zlib -kerberos"
dev-db/postgresql-7.4.19  USE="doc nls pam python readline ssl test zlib
-kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Emerges on AMD64.
* Test phase enabled.
* Works.

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0,
2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology
TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/
http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion
berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc
dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk
gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu
libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz
mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd
python quicktime readline realmedia reflection samba sdl session smp spell spl
sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts
type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg
xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp
atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801
hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate
route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick"
KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

All three stable for HPPA.

Here's the keyword situation:

(vulnerable)     -> (not vulnerable)
7.3.19   ( arch) -> 7.3.21
7.4.17   ( arch) -> 7.4.19
8.0.13   ( arch) -> 8.0.15
8.1.9    (~arch) -> 8.1.11
8.2.4-r1 (~arch) -> 8.2.6


Stable targets for all arches are:
=dev-db/postgresql-7.3.21
=dev-db/postgresql-7.4.19
=dev-db/postgresql-8.0.15

(and their corresponding libpq's)

Ok, I *think* ppc64 is cool now.  Readd if not.

alpha/ia64/sparc stable

Created an attachment (id=141001) [edit]
postgresql-7.3.21-build.log

Thanks Robert, that clarified things a lot.

dev-db/libpq-7.3.21 USE="nls pam readline ssl zlib -kerberos -pg-intdatetime%"
dev-db/postgresql-7.3.21  USE="doc nls pam python readline ssl test zlib
-kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Test phase enabled.
* Failed to emerge.. (build.log attached)

>>> Completed installing postgresql-7.3.21 into /var/tmp/portage/dev-db/postgresql-7.3.21/image/

ecompressdir: bzip2 -9 usr/share/man
strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment
(...)
   usr/lib64/postgresql/timetravel.so
   usr/lib64/postgresql/string_io.so
   usr/lib64/postgresql/tablefunc.so
   usr/lib64/postgresql/tsearch.so
   usr/lib64/postgresql/user_locks.so
   usr/lib64/libecpg.so.3.4.1
   usr/lib/python2.4/site-packages/_pgmodule.so
   usr/lib64/libecpg.a

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * query.c:239: warning: implicit declaration of function 'tolower'

Files matching a file type that is not allowed:
   usr/lib/python2.4/site-packages/_pgmodule.so
 * 
 * ERROR: dev-db/postgresql-7.3.21 failed.
 * Call stack:
 *   misc-functions.sh, line 576:  Called install_qa_check
 *   misc-functions.sh, line 352:  Called die
 * The specific snippet of code:
 *              [[ ${abort} == yes ]] && die "multilib-strict check failed!"
 *  The die message:
 *   multilib-strict check failed!

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0,
2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology
TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/
http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion
berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc
dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk
gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu
libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz
mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd
python quicktime readline realmedia reflection samba sdl session smp spell spl
sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts
type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg
xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp
atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801
hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate
route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick"
KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

dev-db/libpq-8.0.15  USE="nls pam readline ssl threads zlib -kerberos
-pg-intdatetime"
dev-db/postgresql-8.0.15  USE="doc nls pam python readline ssl test zlib
-kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Emerges on AMD64.
* Test phase enabled.
* Works.

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0,
2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology
TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/
http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion
berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc
dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk
gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu
libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz
mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd
python quicktime readline realmedia reflection samba sdl session smp spell spl
sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts
type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg
xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp
atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801
hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate
route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick"
KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

(In reply to comment #22)

Adding the following line to the ebuild fixes the multilib failure:

sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure

ppc stable

(In reply to comment #24)
> (In reply to comment #22)
> Adding the following line to the ebuild fixes the multilib failure:
> sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure

OK, this patch is committed to the 7.3.21 ebuild.  I don't have an AMD64 to
test on, but it compiled cleanly on my x86.

I've also removed 8.1.9 and 8.2.4, since they're vulnerable and not stable
targets for this exercise.

amd64 all done.

I lied. Missed out 7.4, but that's just been fixed.

All arches are fine, GLSA request filed.

and glsa 200801-15 sent, thanks everyone