Comment 1 Matthias Geerdsen (RETIRED) 2007-01-06 13:43:48 UTC

i am hijacking this bug for security, since this fixes a security issue

compnerd, pls assign security issues to the security team... we will handle stable marking

no need to restrict this bug either, since the issue is public and arch teams cannot access it this way

Comment 2 Raúl Porcel (RETIRED) 2007-01-06 17:14:34 UTC

In x86:

Emerges and seems to work.

However: 
Running eautoreconf in '/var/tmp/portage/mono-1.2.2.1/work/mono-1.2.2.1/libgc' ...
QA Notice: ${WANT_AUTOCONF} variable unset. Please report on http://bugs.gentoo.org/
QA Notice: ${WANT_AUTOMAKE} variable unset. Please report on http://bugs.gentoo.org/

Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18-gentoo-r6 i686)
=================================================================
System uname: 2.6.18-gentoo-r6 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.12.6
Last Sync: Sat, 06 Jan 2007 09:50:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ "
LC_ALL="en_US.ISO-8859-15"
MAKEOPTS="-j2"
PKGDIR="/tmp/lea/var/tmp/binpkgs"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --dele
te --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.belnet.be/packages/gentoo-portage"
USE="x86 X alsa_cards_pcsp alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plug
ins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_
pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_i
oplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_p
cm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate a
lsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol bitmap-fonts bzi
p2 cairo cdr cli cracklib crypt dbus dlloader dri dvd dvdr eds elibc_glibc emboss encode fam firefox fortra
n gif gpm gstreamer gtk hal iconv input_devices_evdev input_devices_keyboard input_devices_mouse isdnlog jp
eg kernel_linux ldap libg++ mad mikmod mp3 mpeg ncurses nptl nptlonly ogg opengl pam pcre perl png ppds ppp
d python qt3 qt4 quicktime readline reflection sdl session spell spl ssl tcpd truetype truetype-fonts type1
-fonts udev unicode userland_GNU video_cards_vesa vorbis win32codecs xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 3 Christian Faulhammer (RETIRED) 2007-01-06 18:58:26 UTC

x86 does the monkey

Comment 4 Tobias Scherbaum (RETIRED) 2007-01-08 19:54:16 UTC

ppc stable

Comment 5 Michael Cummings (RETIRED) 2007-01-09 00:32:21 UTC

I could not get this package to pass the test phase - is it supposed to? Looking at the portage log I see a lot of reference to /root/.config - eh? It builds and installs, but does not pass testing. Do you have any example apps I can run against it to confirm it's working? 

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2007-01-09 08:32:01 UTC

dotnet, please advise.

Comment 7 Saleem Abdulrasool (RETIRED) 2007-01-11 06:13:52 UTC

You could try many of the various dot-net apps in portage (tomboy, muine, blam), as anything we give you would most likely be of little value.

Comment 8 Olivier Crete (RETIRED) 2007-01-14 03:00:57 UTC

stable on amd64.... 
the tests fail.... if its ok.. please use RESTRICT=test.... otherwise fix it ;)

Comment 9 Olivier Crete (RETIRED) 2007-01-14 03:11:54 UTC

oops

Comment 10 Raphael Marichez (Falco) (RETIRED) 2007-01-14 17:37:16 UTC

Thanks everybody, everything is ok now AFAIK, now it's time to vote for a GLSA or not.

I vote for a GLSA because the exploit is trivial and can have severe consequences (disclosure of passwords, etc)

Comment 11 Sune Kloppenborg Jeppesen (RETIRED) 2007-01-14 18:42:19 UTC

I vote YES.

Comment 12 Matt Drew (RETIRED) 2007-01-14 18:48:44 UTC

padawan /vote YES

Comment 13 Raphael Marichez (Falco) (RETIRED) 2007-01-17 21:48:34 UTC

GLSA 200701-12