Gentoo Bug 196865 - app-emulation/emul-linux-x86-baselibs: Multiple issues

Description:

Opened: 2007-10-24 02:25 0000

emul-linux-x86-baselibs-10.2 contains these files which are vulnerable to
security bugs fixed in their source packages:

* cups-1.2.6:          bug 170881, GLSA 200703-28
* file-4.18.tbz2:      bug 171452, bug 174217, GLSA 200704-13
* lcms-1.14-r1.tbz2:   bug 179156
* libpng-1.2.15.tbz2:  bug 178004, bug 195261
* openssl-0.9.8d.tbz2: bug 188799, bug 194039, bug 195634

------- Comment #1 From Robert Buchholz 2007-10-24 02:27:26 0000 -------

amd64, please advise.

------- Comment #2 From Robert Buchholz 2007-11-08 03:22:55 0000 -------

* sys-auth/nss_ldap should be upgraded to 257.2 or later, see bug 198390.

------- Comment #3 From Robert Buchholz 2007-11-08 03:24:50 0000 -------

*** Bug 197467 has been marked as a duplicate of this bug. ***

------- Comment #4 From Mike Doty 2007-11-14 07:24:48 0000 -------

app-emulation/emul-linux-x86-qtlibs-20071114 in tree ~amd64 + p.masked.  This
was produced with a new build system.  We intend for these ebuilds to go stable
in time for releng(really soon)

------- Comment #5 From Mike Doty 2007-11-14 07:25:42 0000 -------

s/qtlibs/baselibs (my copypasta fails)

------- Comment #6 From Togge 2007-11-14 19:40:02 0000 -------

Might not be anything rellevant, but emerge gives this:

 * Messages for package app-emulation/emul-linux-x86-baselibs-20071114:

 * QA Notice: The following shared libraries lack a SONAME
 * 
/var/tmp/portage/app-emulation/emul-linux-x86-baselibs-20071114/image/lib32/libnss_ldap-2.5.so
 * QA Notice: Found an absolute symlink in a library directory:
 *            usr/lib32/libslang.so.1 -> /usr/lib32/libslang-utf8.so.1
 *            It should be a relative symlink if in the same directory
 *            or a linker script if it crosses the /usr boundary.
 * QA Notice: Found an absolute symlink in a library directory:
 *            usr/lib32/libslang.so.1.4.9 -> /usr/lib32/libslang-utf8.so.1.4.9
 *            It should be a relative symlink if in the same directory
 *            or a linker script if it crosses the /usr boundary.
 * QA Notice: Found an absolute symlink in a library directory:
 *            usr/lib32/libslang.so -> /usr/lib32/libslang-utf8.so
 *            It should be a relative symlink if in the same directory
 *            or a linker script if it crosses the /usr boundary.

------- Comment #7 From Togge 2007-11-16 19:34:12 0000 -------

--- amd64 ---
app-emulation/emul-linux-x86-baselibs-20071114 - USE:

1: emerges
2: passes collision-protect, (multilib-)strict, test
3: works (tested with mozilla-*-bin, acroread, googleearth, acroread has
multiple font issues but that is for another bug I guess)

Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.1.2,
glibc-2.6.1-r0, 2.6.22-gentoo-r9 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r9 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor
4200+
Timestamp of tree: Unknown
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -ggdb -march=athlon64 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe"
DISTDIR="/tmp/portage"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms splitdebug strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo              
http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/           
http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/           
http://mirror.switch.ch/mirror/gentoo/        
http://trumpetti.atm.tut.fi/gentoo/"
LANG="en_US.utf-8"
LINGUAS="en sv"
MAKEOPTS="-j3"
PKGDIR="/tmp/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/private"
SYNC="rsync://dx/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 apache2 arts asf avi
bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli
cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader
dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac
foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm
gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript
jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse
mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango
mozsvg mp3 mpeg mplayer msn mudflap mysql ncurses nls nptl nptlonly nsplugin
ntfs nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png
pppd python qt qt3 qt3support qt4 quicktime readline realmedia reflection
reiserfs samba scanner sdl session spell spl sse sse2 ssl subversion svg
symlink tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts udev
unicode usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp
wxwindows xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid
zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare
dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw
multi null plug rate route share shm softvol" ELIBC="glibc"
INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz
cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv"
USERLAND="GNU" VIDEO_CARDS="nv nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #8 From Chris Gianelloni (RETIRED) 2007-11-24 05:13:07 0000 -------

These are stable in the tree now...

------- Comment #9 From Chris Gianelloni (RETIRED) 2007-11-24 05:25:02 0000 -------

Sorry, I should have mentioned, removing amd64 now... add us back if we need to
do anything further...

------- Comment #10 From Mike Doty 2007-11-28 06:41:23 0000 -------

emul-linux-x86-baselibs-20071128 is most current.  will go stable shortly.

------- Comment #11 From Robert Buchholz 2007-12-02 12:30:08 0000 -------

request filed

------- Comment #12 From Robert Buchholz 2007-12-10 16:29:10 0000 -------

please merge e2fs >=1.40.3 for bug 201546, we'd include it in this glsa.

------- Comment #13 From Robert Buchholz 2008-01-03 19:10:45 0000 -------

latest baselibs fixes CUPS GLSA 200712-14 (bug 201570)

Arches, please test and mark stable
app-emulation/emul-linux-x86-baselibs-20071230.
Target keywords : "amd64"

------- Comment #14 From Peter Weller 2008-01-03 19:41:31 0000 -------

All done at our end

------- Comment #15 From Robert Buchholz 2008-03-18 17:36:32 0000 -------

and perl, bug 198196

------- Comment #16 From Pacho Ramos 2009-09-14 08:14:12 0000 -------

I am not sure if this is still valid with
app-emulation/emul-linux-x86-baselibs-20081109 :-/

Bug 196865 depends on:	197446		Show dependency tree
Bug 196865 blocks:	165270		Show dependency tree

Bugzilla Bug 196865

app-emulation/emul-linux-x86-baselibs: Multiple issues

Last modified: 2009-09-14 08:14:12 0000