Bug 127641 - app-text/gv: vulnerable gv binary remained on system
Bug#: 127641 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL: 
Summary: app-text/gv: vulnerable gv binary remained on system
Keywords:  
Status Whiteboard: B2? [noglsa] DerCorny
Opened: 2006-03-26 07:17 0000
Description:   Opened: 2006-03-26 07:17 0000 
Just noticed the following:

-rwxr-xr-x  1 root root 304490  5. Aug 2004  /usr/bin/gv

probably vulnerable to http://security.gentoo.org/glsa/glsa-200408-10.xml


app-text/gv-3.5.8-r4 installs

/usr/X11R6/bin/gv


I'm not sure, if it's only a problem with my system, but I'd think it would be
good to have a gv version bump, explicitly removing /usr/bin/gv.

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-03-26 07:22:13 0000 ------- 
printing please verify. If needed please provide new ebuilds, thanks

------- Comment #2 From Dominik Schäfer 2006-03-26 07:34:32 0000 ------- 
On my system /usr/X11R6 is a symlink pointing to ../usr and not a directory.
AFAIK should /usr/X11R6 always be a symlink, at least on systems with current
xorg-x11 or am I wrong?

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-03-26 07:52:23 0000 ------- 
(In reply to comment #2)
> On my system /usr/X11R6 is a symlink pointing to ../usr and not a directory.

Yeah, this is what I thought, too. The whole thing sounds pretty suspicious to
be invalid, but let's just see what printing says, as they have more insight
into possible problems.

------- Comment #4 From Carsten Lohrke 2006-03-26 08:14:55 0000 ------- 
Well, on my system /usr/X11R6 isn't a symlink, running stable
x11-base/xorg-x11-6.8.2-r6. If it should be a symlink there's probably
something wrong with the xorg ebuild, since I always used stable X11.
Interestingly I have the following useless symlink:

lrwxrwxrwx    1 root root      6 18. M

------- Comment #5 From Carsten Lohrke 2006-03-26 08:14:55 0000 ------- 
Well, on my system /usr/X11R6 isn't a symlink, running stable
x11-base/xorg-x11-6.8.2-r6. If it should be a symlink there's probably
something wrong with the xorg ebuild, since I always used stable X11.
Interestingly I have the following useless symlink:

lrwxrwxrwx    1 root root      6 18. Mär 2005  /usr/X11R6/X11R6 -> ../usr

as well as the following dead one:

lrwxrwxrwx  1 root root 16 21. Jan 2005  /usr/lib/X11/X11 -> ../X11R6/lib/X11


Nevertheless app-text/gv should install into /usr/bin imho.

------- Comment #6 From Donnie Berkholz 2006-03-26 09:32:30 0000 ------- 
Apparently you've managed to find some sort of bug in the stable migration
script that nobody else has reported. About all I can say now is, tough luck,
try 7.0 -- we're not going to spend hours debugging a problem on 6.8 now.

------- Comment #7 From Stefan Schweizer 2006-03-26 09:49:20 0000 ------- 
I do not see this bug on 3.6.1-r2.
In my opinion that is the most stable version, because it is the latest version
:)
So, I would like to see gv-3.6.1-r2 stable on x86 ppc ppc64 alpha sparc amd64
so that I can remove all the older ebuilds, thanks.

------- Comment #8 From Stefan Cornelius (RETIRED) 2006-03-26 10:03:12 0000 ------- 
ok, here we go: arches please test and mark stable, thanks

------- Comment #9 From Carsten Lohrke 2006-03-26 12:56:33 0000 ------- 
(In reply to comment #5)
> Apparently you've managed to find some sort of bug in the stable migration
> script that nobody else has reported. About all I can say now is, tough luck,
> try 7.0 -- we're not going to spend hours debugging a problem on 6.8 now.

That no one reported the issue yet will be bound to the fact, that X works
without any problems nontheless. Didn't implicate that it should be fixed for
6.8, just wanted to have your confirmation regarding the symlink issue. Would
be nice, if there would be a double check for 6.9/7.0 that the symlink gets
created in place of the directory, though.

------- Comment #10 From Joshua Baergen (RETIRED) 2006-03-26 13:10:51 0000 ------- 
(In reply to comment #8)
> 6.8, just wanted to have your confirmation regarding the symlink issue. Would
> be nice, if there would be a double check for 6.9/7.0 that the symlink gets
> created in place of the directory, though.
> 

There is such a check in 7.0.

------- Comment #11 From Thierry Carrez (RETIRED) 2006-03-27 09:35:32 0000 ------- 
Not too sure if we should do a GLSA about this one.

------- Comment #12 From Carsten Lohrke 2006-03-27 13:17:13 0000 ------- 
(In reply to comment #10)
> Not too sure if we should do a GLSA about this one.

Rather not. Even if others should have the same X issue, the older gv binary
/should/ have been properly removed by Portage. There was the chance that
others among the cc'ed users with older systems find themselves affected as
well, but it's likely to be a local issue.

------- Comment #13 From Matthias Langer 2006-03-27 20:38:10 0000 ------- 
I've tested app-text/gv-3.6.1-r2 on x86 against a stable profile. While at the
first glance, everything seemed to be fine, i discovered two problems with
gv-3.6.1-r2:

1.) gv-3.6.1-r2 seems to have problems with large pdf files (> 50 pages). When
trying to open such a file, i get gv prints messages like

Error: /undefinedfilename in --file--
Operand stack:
   PDFfile   (/home/antonio/docs\\ and\\ books/pcasm-book.pdf)   (r)
Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--  
--nostringval--   2   %stopped_push   --nostringval--   --nostringval--  
--nostringval--   false   1   %stopped_push   1   3   %oparray_pop   1   3  
%oparray_pop   1   3   %oparray_pop   .runexec2   --nostringval--  
--nostringval--   --nostringval--   2   %stopped_push   --nostringval--  
--nostringval--   --nostringval--
Dictionary stack:
   --dict:1051/1417(ro)(G)--   --dict:0/20(G)--   --dict:68/200(L)--
Current allocation mode is local
Last OS error: 2
Current file position is 1916
ESP Ghostscript 7.07.1: Unrecoverable error, exit code 1

to the terminal. Besides, gv opens an error dialog (where copy and paste
doesn't work) with a message like this:

Execution of gs -dNODISPLAY -dQUIET -sPDFname='/path/to/pdf'
-sDSCname='/tmp/tmpfile.pdf' psf2dsc.ps -c quit failed

However, the file can be viewed afterwards, but the page index is missing.
Direct jumping to arbitrary pages is therefore not possible. With gv-3.5.8-r4
this problem doesn't exist.

2.) gv-r3.6.1-r2 refuses to open a dvi file on my computer which is viewable
with evince without problems. But this is also the same with 3.5.8-r4.

Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r2,
2.6.15-gentoo-r5 i686)
=================================================================
System uname: 2.6.15-gentoo-r5 i686 AMD Athlon(tm) XP 2400+
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/
/usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig colission-protect distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.inode.at/ "
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LINGUAS="en de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aalib alsa apm audiofile avi berkdb bitmap-fonts
bonobo bzip2 bzlib cairo cdr cli crypt css ctype cups curl dba dbus divx4linux
dri dts dv dvd dvdr dvdread emboss encode evo exif expat fam fame fastbuild
ffmpeg firefox flac foomaticdb force-cgi-redirect fortran ftp gd gdbm gif glut
gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal idn imagemagick
imlib ipv6 java jpeg junit lcms libg++ libwww mad memlimit mhash mikmod mmx
mmxext mng motif mp3 mpeg nautilus ncurses nls nptl nsplugin nvidia ogg
oggvorbis openal opengl pam pcre pdflib perl plotutils png posix python
quicktime readline real ruby sdl session simplexml slang soap sockets speex
spell spl sqlite sse ssl subtitles svga tcltk tcpd tetex theora tiff tokenizer
truetype truetype-fonts type1-fonts udev unicode usb vcd video_cards_nvidia
vorbis win32codecs wma xine xml xml2 xmms xsl xv xvid zlib linguas_en
linguas_de userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LDFLAGS

------- Comment #14 From Gustavo Zacarias (RETIRED) 2006-03-28 11:24:02 0000 ------- 
sparc stable (opened a couple of very big >300 page pdf files without issues,
moved around, changed layout, so on and so on).

------- Comment #15 From Matthias Langer 2006-03-28 12:32:33 0000 ------- 
hmm, my problems with large pdf files and gv-3.6.1-r2 don't appear on this box
for some reason:

Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15.6
i686)
=================================================================
System uname: 2.6.15.6 i686 AMD Athlon(tm) XP 1900+
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig colission-protect distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo "
LC_ALL="en_US.UTF-8"
LINGUAS="en de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X acpi alsa apm audiofile avi berkdb bitmap-fonts
browserplugin bzip2 bzlib cairo cli crypt ctype dba dbus dri dvd emboss encode
exif expat fam fastbuild firefox foomaticdb force-cgi-redirect fortran ftp gd
gdbm gif glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal idn imlib
ipv6 java jpeg lcms libg++ libwww mad memlimit mikmod mime mmx mmxext mng motif
mp3 mpeg ncurses nls nptl nsplugin nvidia ogg oggvorbis opengl pam pcre pdflib
perl png posix python quicktime readline real ruby sdl session simplexml soap
sockets spell spl sqlite sse ssl tcpd tokenizer truetype truetype-fonts
type1-fonts udev unicode usb vorbis win32codecs wma xine xml xml2 xsl xv xvid
zlib linguas_en linguas_de userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LDFLAGS, PORTDIR_OVERLAY

Maybe this is because of the fact, that i installed gv for the first time on
this system, while i did an upgrade from version 3.5.8-r4 on the box mentioned
in comment 12. Note that i did not forget to run etc-update after the upgrade
...

------- Comment #16 From Mark Loeser 2006-03-28 20:43:06 0000 ------- 
Stable on x86, thanks for testing Matthias

------- Comment #17 From nixnut 2006-03-29 10:03:54 0000 ------- 
Stable on ppc.
No issues with large pdf documents here either.

------- Comment #18 From Markus Rothe 2006-03-29 11:11:17 0000 ------- 
stable on ppc64

------- Comment #19 From Patrick McLean 2006-04-01 08:00:59 0000 ------- 
stable on amd64.

------- Comment #20 From Patrick McLean 2006-04-01 08:01:28 0000 ------- 
oops, sorry about the spam.

------- Comment #21 From Bryan Østergaard (RETIRED) 2006-04-02 03:25:15 0000 ------- 
Stable on alpha.

------- Comment #22 From Matthias Geerdsen 2006-04-02 10:11:35 0000 ------- 
votes on a GLSA for this one?

I tend to say no GLSA.

------- Comment #23 From Raphael Marichez 2006-04-02 10:14:14 0000 ------- 
i tend to vote no for the reasons exposed in comment #11

------- Comment #24 From Thierry Carrez (RETIRED) 2006-04-02 10:57:56 0000 ------- 
Voting no and closing.