Bug 147653 - mail-client/mozilla-thunderbird[-bin]: Security bump to 1.5.0.7
|
Bug#:
147653
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Other
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: frilled@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: mail-client/mozilla-thunderbird[-bin]: Security bump to 1.5.0.7
|
|
Keywords:
|
|
Status Whiteboard: A2 [glsa] frilled
|
|
Opened: 2006-09-14 23:35 0000
|
Mozilla Team, please bump thunderbird and thunderbird-bin to 1.5.0.7, thx!
See Tracker bug for info.
*** Bug 147779 has been marked as a duplicate of this bug. ***
Some mozilla-thunderbird ebuild found its way into portage, but it does not
build here. See bug #147829 for details.
Sorry for the cross-bug prosting, but could someone have a look at the patch
proposed in bug #147829 and fix that ebuild in portage?
I you want to get Thunderbird stable, an ebuild that emerges well would be the
first step, don't you think? :-)
Blocker has been marked as resolved, arches, please test and mark stable. ppc
and sparc are already done, as are -bin on x86 and amd64.
www-client/mozilla-firefox-1.5.0.7 is already stable on both x86 and amd64,
only archs with it unstable are ia64, mips (and x86-fbsd)
(In reply to comment #6)
> www-client/mozilla-firefox-1.5.0.7 is already stable on both x86 and amd64,
> only archs with it unstable are ia64, mips (and x86-fbsd)
>
We are talking about the non-bin versions, which are NOT stable on x86 and
amd64.
I know, ia64 and mips can't have the bin versions of it since the only archs
that are able to run it are x86 and amd64.
hellbox ~ # grep KEYWORDS
/usr/portage/www-client/mozilla-firefox/mozilla-firefox-1.5.0.7.ebuild
KEYWORDS="-* amd64 arm hppa ~ia64 ~mips ppc sparc x86 ~x86-fbsd"
(In reply to comment #8)
> I know, ia64 and mips can't have the bin versions of it since the only archs
> that are able to run it are x86 and amd64.
>
> hellbox ~ # grep KEYWORDS
> /usr/portage/www-client/mozilla-firefox/mozilla-firefox-1.5.0.7.ebuild
> KEYWORDS="-* amd64 arm hppa ~ia64 ~mips ppc sparc x86 ~x86-fbsd"
>
This bug is about mozilla-thunderbird, not mozilla-firefox.
thunderbird is not stable for any arch but ppc and sparc:
cassandra ~ # grep KEYWORDS
/usr/portage/mail-client/mozilla-thunderbird/mozilla-thunderbird-1.5.0.7.ebuild
KEYWORDS="~amd64 ~ia64 ~mips ppc sparc ~x86 ~x86-fbsd"
cassandra ~ #
See also: http://packages.gentoo.org/ebuilds/?mozilla-thunderbird-1.5.0.7
Sorry, might need more sleep :)
1) emerges fine so far
QA Notice: pre-stripped files found:
[... a really long list ...]
2) passes collision test
3) works including Enigmail extensions
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Mon, 25 Sep 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python: 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/texmf/dvipdfm/config/
/usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash
/etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa artworkextra asf audiofile
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc
emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript
jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad
maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule
nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg
opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python
qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell
spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype
truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev
video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows
xine xml xorg xosd xv xvid zlib"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS
well x86 is done for the non bin. ^.^;;
Also CCing alpha - You still have 1.0.x in the tree which IIRC should have been
removed due to bug #141842?
amd64 stable, sorry for the delay. Also removing x86 from CC as they have
everything stablized, looks like tsunam forgot to remove them.
tsunam did not forget, he knew -bin was still missing for both amd64 and x86.
Readded them.
I obviously made a mistake, there's no mozilla-thunderbird-bin-1.5.0.7 yet,
sorry. Thanks Opfer.
No overall GLSA status yet since it makes no sense to do without -bin.
@security: Draft can be prepared, though ^^
Bugspamming some more. Please comment on the -bin issue if there is one.
Otherwise I'd propose a temporary mask for mozilla-thunderbird-bin so we can
move on.
Thanks!
please provide an updated -bin ebuild, we are getting late with this one
kloeri gave permissions for me to bump this for security reasons, this has now
been committed.
1) emerges fine
QA Notice: the following files contain runtime text relocations
Text relocations force the dynamic linker to perform extra
work at startup, waste system resources, and may pose a security
risk. On some architectures, the code may not even function
properly, if at all.
For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
Please include this file in your report:
/var/tmp/portage/mozilla-thunderbird-bin-1.5.0.7/temp/scanelf-textrel.log
TEXTREL
opt/thunderbird/extensions/talkback@mozilla.org/components/libqfaservices.so
2) passes collision test
3) works
Gentoo Base System version 1.12.5
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-suspend2-r5 i686)
=================================================================
System uname: 2.6.17-suspend2-r5 i686 Intel(R) Pentium(R) M processor 1600MHz
Last Sync: Thu, 28 Sep 2006 00:00:08 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python: 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.3
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium-m -Os -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=pentium-m -Os -pipe"
DISTDIR="/opt/distfiles"
FEATURES="autoconfig buildpkg ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms splitdebug strict test
userfetch"
GENTOO_MIRRORS="http://mirror.uni-c.dk/pub/gentoo
http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo"
LC_ALL="en_GB.utf8"
LINGUAS="da en en_GB"
MAKEOPTS="-j2"
PKGDIR="/opt/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--timeout=60"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://zlin.dk/gentoo-portage"
USE="x86 X aac acpi alsa asf bash-completion berkdb bitmap-fonts bluetooth
bzip2 cairo cdr cli crypt css cups dlloader dri dvd dvdr elibc_glibc emboss
encode fam fat fbcon ffmpeg firefox flac fortran gdbm gif gphoto2 gpm i8x0
ieee1394 imagemagick input_devices_evdev input_devices_keyboard
input_devices_mouse input_devices_synaptics input_devices_void irda irmc
isdnlog jfs jpeg kde kdehiddenvisibility kernel_linux lcd libg++ linguas_da
linguas_en linguas_en_GB logitech-mouse mad mikmod mmx mmxext mp3 mpeg mplayer
msn ncurses nls nptl nptlonly nsplugin ntfs ogg opengl pam pcre pdf perl png
ppds pppd python qt3 quicktime readline real reflection reiser4 reiserfs
scanner sdl session slp spell spl sse sse2 ssl subversion svg svga syslog tcpd
test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb
userland_GNU vcd video_cards_fbdev video_cards_fglrx video_cards_i810
video_cards_radeon video_cards_vesa vim vorbis wifi win32codecs xcomposite xfs
xine xml xorg xscreensaver xv xvid zlib"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS
-bin version
1) emerges fine so far
QA Notice: the following files contain runtime text relocations
Text relocations force the dynamic linker to perform extra
work at startup, waste system resources, and may pose a security
risk. On some architectures, the code may not even function
properly, if at all.
For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
Please include this file in your report:
/var/tmp/portage/mozilla-thunderbird-bin-1.5.0.7/temp/scanelf-textrel.log
TEXTREL
opt/thunderbird/extensions/talkback@mozilla.org/components/libqfaservice
s.so
2) passes collision test
3) works
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Thu, 28 Sep 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python: 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
please test and mark stable mail-client/mozilla-thunderbird-bin-1.5.0.7
target keywords: "-* amd64 x86"
1.) emerges fine on x86 (with the same QA-Notice as Christian)
2.) passes collision test
3.) works
emerge --info
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.18 i686)
=================================================================
System uname: 2.6.18 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz
Gentoo Base System version 1.12.5
Last Sync: Fri, 29 Sep 2006 13:50:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python: 2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.3
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom
cli crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc
emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk
hal input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad
mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl
png ppds pppd python qt3 qt4 quicktime readline reflection rtsp samba sdl
session smp spell spl sse sse2 sse3 ssl svg tcpd tetex theora threads truetype
truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev
video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml
xorg xprint xv xvid zlib"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
amd64/x86 -bin done... non-bin was already done
GLSA 200610-01
thanks everyone
