140498 2006-07-15 07:44 0000 media-gfx/xzgv security removal request 2007-10-21 13:12:54 0000 1 1 1 Unclassified Gentoo Linux Ebuilds 2006.0 All Linux RESOLVED FIXED PMASKED P2 normal --- 102804 1 jakub@gentoo.org smithj@gentoo.org algardas@yahoo.com chriswhite@gentoo.org david.e.pi.3.14@gmail.com gentoo@slave.umbr.cas.cz hkbst@gentoo.org security@gentoo.org smithj@gentoo.org ssuominen@gentoo.org jakub@gentoo.org 2006-07-15 07:44:43 0000 app-admin/gtkdiskfree-1.9.3: vulnerable via glsa(200510-01) ( ver-rev < 1.9.3-r1 ), affects ('amd64', 'ppc', 'ppc64', 'x86') app-doc/chmlib-0.31: vulnerable via glsa(200511-23) ( ver < 0.37.4 ), affects ('amd64', 'ppc', 'x86') app-doc/chmlib-0.32: vulnerable via glsa(200511-23) ( ver < 0.37.4 ), affects ('amd64', 'ppc', 'x86') app-doc/chmlib-0.33: vulnerable via glsa(200511-23) ( ver < 0.37.4 ), affects ('amd64', 'ppc', 'x86') app-doc/chmlib-0.35: vulnerable via glsa(200511-23) ( ver < 0.37.4 ), affects ('amd64', 'ppc', 'x86') app-misc/lcdproc-0.4.4-r1: vulnerable via glsa(200404-19) ( ver-rev <= 0.4.4-r1 && ver not => 0.4.5 ), affects ('amd64', 'x86') media-gfx/xzgv-0.8-r1: vulnerable via glsa(200604-10) ( ver-rev < 0.8-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 'sparc', 'x86') media-gfx/zgv-5.7-r1: vulnerable via glsa(200604-10) ( ver < 5.9 ), affects ('x86',) media-gfx/zgv-5.7-r1: vulnerable via glsa(200411-12) ( ver < 5.8 ), affects ('x86',) media-gfx/zgv-5.8: vulnerable via glsa(200604-10) ( ver < 5.9 ), affects ('x86',) media-gfx/xli-1.17.0: vulnerable via glsa(200510-26) ( ver-rev < 1.17.0-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86') media-gfx/xli-1.17.0: vulnerable via glsa(200503-05) ( ver-rev < 1.17.0-r1 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86') media-gfx/xli-1.17.0-r1: vulnerable via glsa(200510-26) ( ver-rev < 1.17.0-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc-macos', 'ppc64', 'sparc', 'x86') net-www/netscape-flash-6.0.79: vulnerable via glsa(200603-20) ( ver < 7.0.63 ), affects ('x86',) net-www/netscape-flash-6.0.79: vulnerable via glsa(200511-21) ( ver < 7.0.61 ), affects ('x86',) net-www/netscape-flash-6.0.81: vulnerable via glsa(200603-20) ( ver < 7.0.63 ), affects ('amd64', 'x86') net-www/netscape-flash-6.0.81: vulnerable via glsa(200511-21) ( ver < 7.0.61 ), affects ('amd64', 'x86') net-www/netscape-flash-7.0.25: vulnerable via glsa(200603-20) ( ver < 7.0.63 ), affects ('amd64', 'x86') net-www/netscape-flash-7.0.25: vulnerable via glsa(200511-21) ( ver < 7.0.61 ), affects ('amd64', 'x86') net-www/netscape-flash-7.0.61: vulnerable via glsa(200603-20) ( ver < 7.0.63 ), affects ('amd64', 'x86') Please, clean up the above. Thanks! ;) jakub@gentoo.org 2006-07-15 08:07:19 0000 Also: media-gfx/pngcrush-1.5.10: vulnerable via glsa(200603-18) ( ver < 1.6.2 ), affects ('amd64', 'ppc', 'ppc-macos', 'x86') media-libs/libcdaudio-0.99.9: vulnerable via glsa(200504-07) ( ver-rev < 0.99.10-r1 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 'sparc', 'x86') net-ftp/gproftpd-8.1.4: vulnerable via glsa(200502-26) ( ver < 8.1.9 ), affects ('sparc', 'x86') net-ftp/gproftpd-8.1.6: vulnerable via glsa(200502-26) ( ver < 8.1.9 ), affects ('ppc', 'sparc', 'x86') antarus@gentoo.org 2006-07-15 10:26:24 0000 Treecleaners doesn't really do this at present, although we may expand it in the future. Co-ordinate between qa and security. jakub@gentoo.org 2006-07-15 12:05:23 0000 Also: net-ftp/ftpd-0.17: vulnerable via glsa(200511-11) ( ver-rev < 0.17-r3 ), affects ('amd64', 'sparc', 'x86') net-ftp/ftpd-0.17-r1: vulnerable via glsa(200511-11) ( ver-rev < 0.17-r3 ), affects ('alpha', 'amd64', 'ppc', 'sparc', 'x86') net-ftp/ftpd-0.17-r2: vulnerable via glsa(200511-11) ( ver-rev < 0.17-r3 ), affects ('alpha', 'amd64', 'ppc', 'sparc', 'x86') and finally (needs zebedee-2.5.3 stabilized on s390) net-misc/zebedee-2.5.2: vulnerable via glsa(200509-14) ( ver < 2.5.3 && not ( ver = 2.4.1 && ver-rev => 2.4.1-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86') chriswhite@gentoo.org 2006-08-05 18:59:24 0000 media-gfx/xzg <-- smithj was seen about 3 days ago, so I want to wait for him on this one. chriswhite@gentoo.org 2006-08-05 19:15:18 0000 net-misc/zebedee waiting on s390 media-gfx/xzg waiting on smithj everything else is done, cheers. chriswhite@gentoo.org 2006-08-05 21:26:08 0000 Smithj said he's going to mask xzg so I'm going to skip that one and let him mask/remove action on it. smithj@gentoo.org 2006-08-07 13:37:04 0000 media-gfx/xzgv masked pending removal; there are much better image viewing utilities out there which are maintained. hkbst@gentoo.org 2006-08-08 01:30:09 0000 xzgv is in the fluxbox desktop guide, which is why I have it installed. what would be a good replacement? toddmarimon@earthlink.net 2006-08-08 22:13:20 0000 I too need a replacement. gentoo@slave.umbr.cas.cz 2006-08-10 10:41:57 0000 "media-gfx/xzgv masked pending removal; there are much better image viewing utilities out there which are maintained" please, could you advise some goog image viewer? I have already tried many viewers, but none have met my expectations but xzgv. I start using zgv on console and I was happy it is for X. It's simple (two pannels) and it can change image very fast using "space" and "b" keys. Is the any image viewer with this features? - like ACDSee - using simple interface - possible to use only with keys (no mouse) - only two pannel (directory navigation and file list on one, and the image on the other) - when I used ACDSee, I have switched all useless pannels and let only directory structure and file list - is really fast - can do simple image manipulation (zoom, fit to screen-enlarge,shrink), rotate - can do simple file management (mkdir, rmdir, delete, copy, move) the other very good image viewer I found is links2 html broswer (but it cannot do file management and more image manipulation) Is there any other simple image viewer like xzgv which could be fine for me? Thank you for answer. falco@gentoo.org 2006-08-10 10:54:39 0000 > please, could you advise some goog image viewer? I have already tried many > viewers, but none have met my expectations but xzgv. I start using zgv on > console and I was happy it is for X. It's simple (two pannels) and it can > change image very fast using "space" and "b" keys. Is the any image viewer with > this features? i will now use try to use gqview... but i like xzgv a lot and i would like to keep it... but i'm not allowed (yet?) to maintain gentoo packages... :( antarus@gentoo.org 2006-08-10 11:07:40 0000 (In reply to comment #11) > > please, could you advise some goog image viewer? I have already tried many > > viewers, but none have met my expectations but xzgv. I start using zgv on > > console and I was happy it is for X. It's simple (two pannels) and it can > > change image very fast using "space" and "b" keys. Is the any image viewer with > > this features? > > i will now use try to use gqview... > > but i like xzgv a lot and i would like to keep it... but i'm not allowed (yet?) > to maintain gentoo packages... :( > http://bugs.gentoo.org/show_bug.cgi?id=135271 Do your second quiz and get it approved. falco@gentoo.org 2006-08-11 02:43:26 0000 > > Do your second quiz and get it approved. yes, yes, as soon as i have time to learn all that stuff ! :) algardas@yahoo.com 2006-08-17 09:17:21 0000 (In reply to comment #7) > media-gfx/xzgv masked pending removal; there are much better image viewing > utilities out there which are maintained. > please, don't remove xzgv from portage. I have tried all other image viewers I could find in portage and none were as fast (to load, to use) and as fitting to my needs. Of course, if you can list some "better image viewing utilities", I am eager to hear it. On the other hand... xzgv seems unmaintained upstream, so the old users will have to keep one ebuild in an overlay or will have to install it manually and new users won't be presented to security issues it presents... And anyway, Raphael Marichez, how is your progress becoming a maintainer? :) jakub@gentoo.org 2006-08-17 09:27:02 0000 Folks really, moaning here about a tool that's been dead upstream for 3+ years doesn't do any good unless you are willing to take it over upstream and maintain the code. Also, bugzilla is not exactly a place to chat about good image viewers. gentoo@slave.umbr.cas.cz 2006-09-17 11:09:02 0000 Hi xzgv lovers:) I've found a few days ago new project, new image viewer ACDSee like, called Goby. I've tried it and I've created ebuild for it. It's in development, but it this stage it looks great to me. Can anyone manage ebuild for this project? http://goby.sf.net. Sorry for chating here about image viewers. Wolf. gentoo@slave.umbr.cas.cz 2006-09-17 11:10:16 0000 Created an attachment (id=97268) Ebuild for Goby Here is my ebuild for Goby. jakub@gentoo.org 2006-09-17 11:24:38 0000 Uh, stop! This bug is about *cleaning* up vulnerable cruft. Go file a new one for Goby or whatever else. No ebuilds attached here, please. Thanks. pdenapo@gmail.com 2006-10-01 16:35:42 0000 Please don't remove xzgv, it is a nice simple yet useful application. I love it. jakub@gentoo.org 2006-10-20 02:52:37 0000 Only media-gfx/xzgv left, all the rest done. z35_11@yahoo.com 2006-11-04 20:47:28 0000 Do not remove xzgv !!! i'll deal w/ xmms, but not xzgv... vapier@gentoo.org 2006-11-11 21:38:37 0000 mega bugs suck; file individual ones in the future pacho@condmat1.ciencias.uniovi.es 2006-11-26 11:09:46 0000 What is the current problem of xzgv? Thanks a lot for information :-) pacho@condmat1.ciencias.uniovi.es 2006-11-27 04:14:36 0000 Why will xzgv-0.8-r2 be removed? In main post says: media-gfx/xzgv-0.8-r1: vulnerable via glsa(200604-10) ( ver-rev < 0.8-r2 ), affects ('alpha', 'amd64', 'hppa', 'ia64', 'ppc', 'ppc64', 'sparc', 'x86') But 0.8-r2 is not affected by this bug http://bugs.gentoo.org/show_bug.cgi?id=127008 Then, 0.8-r2 doesn't need to be removed pacho@condmat1.ciencias.uniovi.es 2006-12-10 04:59:09 0000 xzgv-0.8-r2 is not affected by security bug, please, unmask it slong@rathaus.eclipse.co.uk 2007-05-18 11:33:57 0000 Um is it possible to unmask this then? (I don't see the point in filing a new bug.) ssuominen@gentoo.org 2007-07-07 22:17:32 0000 Still in tree and using GTK+-1.2. Entry in package.mask is getting stale. Please remove. ssuominen@gentoo.org 2007-07-20 08:03:34 0000 Jonathan, can we get rid of this? GTK+-1.2 needs to die. smithj@gentoo.org 2007-07-20 13:48:54 0000 kill it. kill it with fire ssuominen@gentoo.org 2007-07-21 07:50:25 0000 killed slong@rathaus.eclipse.co.uk 2007-09-02 09:51:42 0000 (In reply to comment #18) > Uh, stop! This bug is about *cleaning* up vulnerable cruft. This is *not* _vulnerable_ any more. *plop* ;P david.e.pi.3.14@gmail.com 2007-10-21 13:12:54 0000 It seems that xzgv has a new maintainer so I have opened bug 196597, requesting a new ebuild for xzgv-0.9 (which now uses gtk2 and imlib2). Sorry I didn't know if it was better to add the ebuild here or if it was better to fill a new bug report for it... 97268 2006-09-17 11:10 0000 Ebuild for Goby goby-0.3.5.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6ICQKCkRFU0NSSVBUSU9OPSJHb2J5IGlzIGFuIGltYWdlIHZpZXdlciBiYXNlZCBvbiB0aGUg R1RLKyB0b29sa2l0LiBUaGUgYWltIGlzIHRvIHByb3ZpZGUgYW4gaW50dWl0aXZlLCBBQ0RTZWUt bGlrZSB1c2VyIGV4cGVyaWVuY2UuIgpIT01FUEFHRT0iaHR0cDovL2dvYnkuc291cmNlZm9yZ2Uu bmV0LyIKU1JDX1VSST0ibWlycm9yOi8vc291cmNlZm9yZ2UvJHtQTn0vJHtQfS50YXIuYnoyIgoK TElDRU5TRT0iR1BMIgpLRVlXT1JEUz0ieDg2IgpJVVNFPSIiClJFU1RSSUNUPSJtaXJyb3IgcHJp bWFyeXVyaSIKCkRFUEVORD0ieDExLWxpYnMvZ3RrKwoJZGV2LWxpYnMvZ2xpYgoJZ25vbWUtYmFz ZS9nbm9tZS12ZnMiCgpSREVQRU5EPSJ4MTEtbGlicy9ndGsrCglkZXYtbGlicy9nbGliCglnbm9t ZS1iYXNlL2dub21lLXZmcyIKCnNyY19pbnN0YWxsKCkgewoJbWFrZSBpbnN0YWxsIERFU1RESVI9 JHtEfQp9Cg==