Gentoo Bug 252576 - net-libs/courier-authlib <0.62.0: SQL-Injection vulnerability (CVE-2008-2380)

------- Comment #8 From Steffen 'j0inty' Stollfuß 2009-02-23 17:38:46 0000 -------

Hi,

I ran into trouble while compiling the courier-authlib-0.62.2 on amd64.

/bin/sh ./libtool --tag=CC   --mode=link x86_64-pc-linux-gnu-gcc 
-march=k8-sse3 -O2 -pipe -fforce-addr -Wall -I.. -I./..  -Wl,-O1 -o libuse
rdb.la  userdb.lo userdb2.lo userdbmkpw.lo
/var/tmp/portage/net-libs/courier-authlib-0.62.2/work/courier-authlib-0.62.2/userdb/libtool:
line 190: libtool: link: not configured to buil
d any kind of library: command not found
/var/tmp/portage/net-libs/courier-authlib-0.62.2/work/courier-authlib-0.62.2/userdb/libtool:
line 190: libtool: link: See the  documentation
 for more information.: command not found
/var/tmp/portage/net-libs/courier-authlib-0.62.2/work/courier-authlib-0.62.2/userdb/libtool:
line 190: libtool: link: Fatal configuration er
ror.: command not found
make[3]: *** [libuserdb.la] Fehler 127
make[3]: *** Warte auf noch nicht beendete Prozesse...


I will attach the build log and the emerge --info, too.



bier vhosts.d # emerge --info
Portage 2.1.6.7 (hardened/linux/amd64/2008.0, gcc-4.3.3,
glibc-2.9_p20081201-r2, 2.6.28-hardened x86_64)
=================================================================
System uname:
Linux-2.6.28-hardened-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_5600+-with-glibc2.2.5
Timestamp of tree: Mon, 23 Feb 2009 15:45:02 +0000
app-shells/bash:     3.2_p48-r1
dev-java/java-config: 1.3.7-r1, 2.1.7
dev-lang/python:     2.4.4-r6, 2.5.4-r2
dev-python/pycrypto: 2.0.1-r6
dev-util/cmake:      2.6.2-r1
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.4.3-r1
sys-apps/sandbox:    1.3.8
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.5, 1.7.9-r1, 1.10.2
sys-devel/binutils:  2.19.1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.28-r1
ABI="amd64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ALSA_CARDS="hda_intel"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug
rate route share shm softvol"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm
authn_default authn_file authz_dbm authz_default authz_groupfile authz_host
authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir
disk_cache env expires ext_filter file_cache filter headers include info
log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling
status unique_id userdir usertrack vhost_alias"
APACHE2_MPMS="prefork"
ARCH="amd64"
ASFLAGS_x86="--32"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CDEFINE_amd64="__x86_64__"
CDEFINE_x86="__i386__"
CFLAGS="-march=k8-sse3 -O2 -pipe -fforce-addr"
CFLAGS_x86="-m32"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x86="i686-pc-linux-gnu"
CLASSPATH="."
CLEAN_DELAY="5"
COLLISION_IGNORE="/lib/modules"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/
/etc/eselect/postgresql /etc/gconf /etc/gentoo-release
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo
/etc/udev/rules.d"
CVS_RSH="ssh"
CXXFLAGS="-march=k8-sse3 -O2 -pipe -fforce-addr"
DEFAULT_ABI="amd64"
DISTDIR="/datapool/portage/distfiles"
EDITOR="/bin/nano"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--ask --verbose --nospinner"
EMERGE_WARNING_DELAY="10"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms
strict unmerge-orphans userfetch"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}"
"${URI}""
GAMES_DATADIR="/datapool/games"
GAMES_DATADIR_BASE="/datapool"
GAMES_PREFIX_OPT="/datapool/games"
GCC_SPECS=""
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
http://ftp.uni-erlangen.de/pub/mirrors/gentoo/
ftp://ftp.tu-clausthal.de/pub/gentoo/"
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.19.1/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.3.3/info"
INPUT_DEVICES="keyboard mouse evdev"
JAVAC="/bin/javac"
JDK_HOME=""
KERNEL="linux"
LANG="de_DE.UTF-8"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses
text"
LC_ADDRESS="de_DE.UTF-8"
LC_ALL="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_CTYPE="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LDFLAGS="-Wl,-O1"
LDFLAGS_x86="-m elf_i386"
LESS="-R -M --shift 5"
LESSCHARSET="UTF-8"
LESSOPEN="|lesspipe.sh %s"
LIBDIR_amd64="lib64"
LIBDIR_ppc="lib32"
LIBDIR_ppc64="lib64"
LIBDIR_sparc32="lib32"
LIBDIR_sparc64="lib64"
LIBDIR_x86="lib32"
LINGUAS="de en_GB"
LOGNAME="root"
LS_COLORS="rs=0:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:"
MAKEOPTS="-j4"
MANPATH="/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.19.1/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.3.3/man:/etc/java-config/system-vm/man/:/usr/lib64/php5/man/:/usr/share/postgresql-8.3/man"
MULTILIB_ABIS="amd64 x86"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32
/usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)"
NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb
php profiler soa visualweb webcommon websvccommon xml"
ORACLE_HOME="/usr/lib/oracle/xe/app/oracle/product/10.2.0/server"
ORACLE_SID="XE"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.3"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64
alpha hppa sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib64/portage/bin"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_COUNTER_HASH="b6aa543ad34e8ec36cae5f41e8ee8ed6"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_PYM_PATH="/usr/lib64/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --stats --timeout=180 --exclude=/distfiles
--exclude=/local --exclude=/packages"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/layman/webapps-experimental
/usr/local/portage/overlay"
PORT_LOGDIR="/datapool/portage/logs"
PROFILE_ONLY_VARIABLES="ARCH ELIBC KERNEL USERLAND"
PWD="/etc/apache2/vhosts.d"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O
"${DISTDIR}/${FILE}" "${URI}""
ROOT="/"
ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.3"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
SHLVL="2"
STAGE1_USE="hardened multilib nptl nptlonly pic"
STY="517.pts-1.bier"
SUPPORT_ALSA="1"
SYMLINK_LIB="yes"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
TERM="screen"
TERMCAP="SC|screen|VT 100/ANSI X3.64 virtual terminal:\
        :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:bs:bt=\E[Z:\
        :cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:ct=\E[3g:\
        :do=^J:nd=\E[C:pt:rc=\E8:rs=\Ec:sc=\E7:st=\EH:up=\EM:\
        :le=^H:bl=^G:cr=^M:it#8:ho=\E[H:nw=\EE:ta=^I:is=\E)0:\
        :li#59:co#120:am:xn:xv:LP:sr=\EM:al=\E[L:AL=\E[%dL:\
        :cs=\E[%i%d;%dr:dl=\E[M:DL=\E[%dM:dc=\E[P:DC=\E[%dP:\
        :im=\E[4h:ei=\E[4l:mi:IC=\E[%d@:ks=\E[?1h\E=:\
        :ke=\E[?1l\E>:vi=\E[?25l:ve=\E[34h\E[?25h:vs=\E[34l:\
        :ti=\E[?1049h:te=\E[?1049l:us=\E[4m:ue=\E[24m:so=\E[3m:\
        :se=\E[23m:mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:ms:\
        :Co#8:pa#64:AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:AX:\
        :vb=\Eg:G0:as=\E(0:ae=\E(B:\
       
:ac=\140\140aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00:\
        :po=\E[5i:pf=\E[4i:Z0=\E[?3h:Z1=\E[?3l:k0=\E[10~:\
        :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\
        :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:\
        :F2=\E[24~:F3=\E[1;2P:F4=\E[1;2Q:F5=\E[1;2R:F6=\E[1;2S:\
        :F7=\E[15;2~:F8=\E[17;2~:F9=\E[18;2~:FA=\E[19;2~:kb=^H:\
        :K2=\EOE:kB=\E[Z:kF=\E[1;2B:kR=\E[1;2A:*4=\E[3;2~:\
        :*7=\E[1;2F:#2=\E[1;2H:#3=\E[2;2~:#4=\E[1;2D:%c=\E[6;2~:\
        :%e=\E[5;2~:%i=\E[1;2C:kh=\E[1~:@1=\E[1~:kH=\E[4~:\
        :@7=\E[4~:kN=\E[6~:kP=\E[5~:kI=\E[2~:kD=\E[3~:ku=\EOA:\
        :kd=\EOB:kr=\EOC:kl=\EOD:km:"
TNS_ADMIN="/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/"
USE="3dnow 3dnowext X509 aac acl acpi alsa amd64 apache2 bash-completion berkdb
bzip2 cli cracklib crypt ctype curl cvs dedicated dri encode ext2 ext3 ffmpeg
flac gdbm git gnutls gpm hardened icecast iconv iproute2 isdnlog java jpeg
jpeg2k justify kerberos libedit logrotate loop-aes lzo mercurial midi mmx mp3
mp4 mssql mudflap multilib mysql mysqli ncurses nfs nls nptl nptlonly ogg
openmp pam pcre perforce perl php pic png postgres pppd python readline
reflection reiserfs samba sasl session speex spl sqlite sse sse2 sse3 ssl
subversion sysfs tcpd theora tiff tls unicode urandom usb vhosts vim-syntax
vorbis webdav x264 xinetd xml xorg xpm xsl xvid zip zlib"
ALSA_CARDS="hda_intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare
dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter
mmap_emul mulaw multi null plug rate route share shm softvol"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm
authn_default authn_file authz_dbm authz_default authz_groupfile authz_host
authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir
disk_cache env expires ext_filter file_cache filter headers include info
log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling
status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="prefork"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses
text" LINGUAS="de en_GB" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel
mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware
voodoo"
USER="root"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS
CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS
INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS
NETBEANS_MODULES USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults:pkginternal:env.d"
VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage
sis tdfx trident vesa vga via vmware voodoo"
WINDOW="0"
_="/usr/bin/emerge"

Filename	Description	Type	Creator	Created	Size	Actions
net-libs:courier-authlib-0.62.2:20090223-162200.log	courier-authlib-0.62.2 build log	text/plain	Steffen 'j0inty' Stollfuß	2009-02-23 17:39 0000	150.68 KB	Details
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 252576 depends on:			Show dependency tree
Bug 252576 blocks:			Show dependency tree

Bugzilla Bug 252576

net-libs/courier-authlib <0.62.0: SQL-Injection vulnerability (CVE-2008-2380)

Last modified: 2009-03-11 19:36:41 0000