Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 201244 (CVE-2007-6208) - mail-client/claws-mail < 3.0.2-r1 sylprint Insecure temporary file creation (CVE-2007-6208)
Summary: mail-client/claws-mail < 3.0.2-r1 sylprint Insecure temporary file creation (...
Status: RESOLVED FIXED
Alias: CVE-2007-6208
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: B3 [glsa]
Keywords:
: 201394 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-12-04 16:07 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-06 09:56 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 16:07:37 UTC
CVE-2007-6208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6208):
  sylprint.pl in claws mail tools (claws-mail-tools) allows local users to
  overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID]
  temporary file.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 16:10:47 UTC
Ticho and net-mail, please advise.
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2007-12-04 18:51:31 UTC
Upstream decided to remove the unmaintained script from distribution tarball, so we're doing the same for all claws-mail ebuilds currently in the tree, including 3.0.0, which is marked stable for all arches. After my commit, all three claws-mail ebuilds are safe in regards to this bug.

To push this fix to users, please stabilize 3.0.2, which is a pure bugfix release over 3.0.0, and I've been meaning to ask for its stabilization anyway - no point in bumping to 3.0.0-r1 with this fix, only to ask for 3.0.2 stabilization few days later, right?
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 19:05:27 UTC
please revbump the 3.0.2 and 3.1.0 ebuilds first so ~arch users also get a forced upgrade.
Comment 4 Andrej Kacian (RETIRED) gentoo-dev 2007-12-04 20:44:03 UTC
Good idea, done. 3.0.2-r1 is the target for stabilization then.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:16:28 UTC
Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1.
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 6 Thomas Tuttle 2007-12-05 00:01:48 UTC
Does not compile on amd64.

Build log:

	for file in OOo2claws-mail.pl acroread2claws-mail.pl claws-mail-compose-insert-files.pl calypso_convert.pl convert_mbox.pl eud2gc.py filter_conv.pl filter_conv_new.pl fix_date.sh freshmeat_search.pl gif2xface.pl google_msgid.pl google_search.pl kmail2claws-mail.pl kmail2claws-mail_v2.pl kmail-mailbox2claws-mail.pl mairix.sh mew2claws-mail.pl multiwebsearch.pl nautilus2claws-mail.sh outlook2claws-mail.pl popfile-link.sh sylprint.pl sylprint.rc tb2claws-mail tbird2claws.py textviewer.pl textviewer.sh thunderbird-filters-convertor.pl update-po uudec uuooffice vcard2xml.py kdeservicemenu/install.sh kdeservicemenu/claws-mail-kdeservicemenu.pl; do \
	if [ ! -e ../tools/$file ]; then \
	todir=../tools; \
	dir=$(dirname $file); \
	if [ ! $dir = . ]; then \
	todir=$todir/$dir; \
	fi; \
	cp ../tools/$file $todir; \
	fi; \
	done;
cp: cannot stat `../tools/sylprint.pl': No such file or directory
cp: cannot stat `../tools/sylprint.rc': No such file or directory
chmod u+x OOo2claws-mail.pl acroread2claws-mail.pl claws-mail-compose-insert-files.pl calypso_convert.pl convert_mbox.pl eud2gc.py filter_conv.pl filter_conv_new.pl fix_date.sh freshmeat_search.pl gif2xface.pl google_msgid.pl google_search.pl kmail2claws-mail.pl kmail2claws-mail_v2.pl kmail-mailbox2claws-mail.pl mairix.sh mew2claws-mail.pl multiwebsearch.pl nautilus2claws-mail.sh outlook2claws-mail.pl popfile-link.sh sylprint.pl sylprint.rc tb2claws-mail tbird2claws.py textviewer.pl textviewer.sh thunderbird-filters-convertor.pl update-po uudec uuooffice vcard2xml.py kdeservicemenu/install.sh kdeservicemenu/claws-mail-kdeservicemenu.pl
chmod: cannot access `sylprint.pl': No such file or directory
chmod: cannot access `sylprint.rc': No such file or directory
make[2]: *** [all-local] Error 1
make[2]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/work/claws-mail-3.0.2/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/work/claws-mail-3.0.2'
make: *** [all] Error 2
 * 
 * ERROR: mail-client/claws-mail-3.0.2-r1 failed.
 * Call stack:
 *                    ebuild.sh, line 1701:  Called dyn_compile
 *                    ebuild.sh, line 1039:  Called qa_call 'src_compile'
 *                    ebuild.sh, line   44:  Called src_compile
 *   claws-mail-3.0.2-r1.ebuild, line   90:  Called die
 * The specific snippet of code:
 *   	emake || die
 *  The die message:
 *   (no error message)
 * 
 * If you need support, post the topmost build error, and the call stack if relevant.
 * A complete build log is located at '/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/temp/build.log'.
 * 

 * Messages for package mail-client/claws-mail-3.0.2-r1:

 * 
 * ERROR: mail-client/claws-mail-3.0.2-r1 failed.
 * Call stack:
 *                    ebuild.sh, line 1701:  Called dyn_compile
 *                    ebuild.sh, line 1039:  Called qa_call 'src_compile'
 *                    ebuild.sh, line   44:  Called src_compile
 *   claws-mail-3.0.2-r1.ebuild, line   90:  Called die
 * The specific snippet of code:
 *   	emake || die
 *  The die message:
 *   (no error message)
 * 
 * If you need support, post the topmost build error, and the call stack if relevant.
 * A complete build log is located at '/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/temp/build.log'.
 * 

emerge --info:

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r9 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r9 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Timestamp of tree: Tue, 04 Dec 2007 23:30:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6, 2.5.1-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.cites.uiuc.edu/pub/gentoo/"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 berkdb bitmap-fonts cli cracklib crypt cups dri flac fortran gdbm gif gpm iconv ipv6 isdnlog jpeg midi mmx mp3 mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre perl png pppd python readline reflection session spl sse sse2 ssl tcpd test truetype-fonts type1-fonts unicode vorbis xorg xv zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="i810 vesa vga"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 7 manwe 2007-12-05 03:04:14 UTC
Yup. The same for me. 

# emerge --info
Portage 2.1.4_rc4 (default-linux/amd64/2007.0, gcc-4.2.2, glibc-2.7-r0, 2.6.23-kamikaze5-endar-v19 x86_64)
=================================================================
System uname: 2.6.23-kamikaze5-endar-v19 x86_64 AMD Turion(tm) 64 Mobile Technology MT-32
Timestamp of tree: Wed, 05 Dec 2007 01:46:01 +0000
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.3
dev-lang/python:     2.5.1-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0_rc6
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ABI="amd64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ALSA_CARDS="intel8x0 usb-audio"
ALSA_PCM_PLUGINS="ioplug dmix empty copy rate null route share shm softvol lfloat linear"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ARCH="amd64"
ASFLAGS_x86="--32"
AUTOCLEAN="yes"
CAMERAS="canon ptp2"
CBUILD="x86_64-pc-linux-gnu"
CDEFINE_amd64="__x86_64__"
CDEFINE_x86="__i386__"
CFLAGS="-O2 -pipe -msse3 -march=athlon64"
CFLAGS_x86="-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x86="i686-pc-linux-gnu"
CLASSPATH="."
CLEAN_DELAY="5"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CVS_RSH="ssh"
CXXFLAGS="-O2 -pipe -msse3 -march=athlon64"
DBUS_SESSION_BUS_ADDRESS="unix:path=/var/run/dbus/system_bus_socket"
DEFAULT_ABI="amd64"
DISPLAY=":0.0"
DISTDIR="/usr/portage/distfiles"
EDITOR="/usr/bin/vim"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--verbose --ask --tree"
EMERGE_WARNING_DELAY="10"
FEATURES="distlocks metadata-transfer moo parallel-fetch prelink sandbox sfperms strict unmerge-orphans userfetch"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}"
GCC_SPECS=""
GDK_USE_XFT="1"
GENTOO_MIRRORS="http://src.gentoo.pl/ http://gentoo.prz.rzeszow.pl/ http://gentoo.po.opole.pl http://dev.gentoo.org/~vapier/dist"
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.18/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.2.2/info"
INPUT_DEVICES="mouse keyboard synaptics"
JAVAC="/etc/java-config-2/current-system-vm/bin/javac"
JAVA_HOME="/etc/java-config-2/current-system-vm"
JDK_HOME="/etc/java-config-2/current-system-vm"
KERNEL="linux"
LANG="pl_PL"
LANGUAGE="48"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LC_ALL="pl_PL"
LDFLAGS_x86="-m elf_i386 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"
LIBDIR_amd64="lib64"
LIBDIR_x86="lib32"
LINGUAS="pl"
LOGNAME="root"
MAKEOPTS="-j3"
MULTILIB_ABIS="amd64 x86"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib /usr/lib /usr/kde/*/lib /usr/qt/*/lib usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)"
OOO_FORCE_DESKTOP="gnome"
OPENGL_PROFILE="nvidia"
PATH="/home/manwe/.bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.2.2:/opt/vmware/workstation/bin:/sbin:/usr/games/bin"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib64/portage/bin"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ECLASS_WARNING_ENABLE="0"
PORTAGE_ELOG_CLASSES="warn error info log qa"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="19"
PORTAGE_PYM_PATH="/usr/lib64/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portages/layman/custom-kernels /usr/portages/layman/arcon-portage /usr/portages/layman/php-testing /usr/portages/layman/php-experimental /usr/portages/layman/xeffects /usr/portages/layman/initng /usr/portages/manwe"
PORT_LOGDIR="/var/log/portage"
PRELINK_PATH_MASK="/opt:/usr/lib64/klibc"
PWD="/root"
PYTHONPATH="/usr/lib64/portage/pym"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.2.2:/opt/vmware/workstation/bin"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
SHLVL="2"
STAGE1_USE="nptl nptlonly unicode"
SYMLINK_LIB="yes"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
TERM="rxvt"
USE="3dnow 3dnowext X a52 aac aalib acpi aiglx alsa amd64 apache2 apm bash-completion bcmath berkdb bluetooth branding browserplugin bzip2 calendar cdinstall cdr crypt cups dbus directfb dvd dvdr dvdread encode fbcon ffmpeg ftp gd-exteral gif glut gpm gtk2 ieee1394 irda jabber javascript jpeg libwww lm_sensors madwifi mmx mozilla mp3 mpd mpeg3 mysql ncurses newspr nls nptl nptlonly nsplugin nvidia ogg opengl pam pcmcia pdf perl php png samba soap spell sse sse2 sse3 ssl svg tiff truetype truetype-fonts usb vim wifi with-x wmf xcomposite xinerama xorg xosd xv xvid" ALSA_CARDS="intel8x0 usb-audio" ALSA_PCM_PLUGINS="ioplug dmix empty copy rate null route share shm softvol lfloat linear" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="pl" USERLAND="GNU" VIDEO_CARDS="nvidia nv fbdev"
USER="root"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
Comment 8 Alexandre Rostovtsev (RETIRED) gentoo-dev 2007-12-05 06:18:58 UTC
I also get the same compile error on the recently-bumped claws-mail-3.1.0-r1

Portage 2.1.4_rc7 (default-linux/amd64/2007.0/desktop, gcc-4.2.2, glibc-2.7-r0, 2.6.23-gentoo-r3-cfs-v24 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3-cfs-v24 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Wed, 05 Dec 2007 05:01:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.3
dev-lang/python:     2.4.4-r7, 2.5.1-r4
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3, 2.17-r2, 2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64 ~amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
Comment 9 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-05 07:30:09 UTC
x86 stable
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-05 07:48:45 UTC
(In reply to comment #9)
> x86 stable

 Ok, we are back to ~x86.  As I thought it has been the revision I have used for such a long time, I stabled straight away.  But: 3.1.0-r1 and 3.0.2-r1 fail with the same error.

chmod: cannot access `sylprint.pl': No such file or directory
chmod: cannot access `sylprint.rc': No such file or directory
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2007-12-05 09:53:47 UTC
un-cc'ing arches.
Comment 12 Jakub Moc (RETIRED) gentoo-dev 2007-12-05 19:41:12 UTC
*** Bug 201394 has been marked as a duplicate of this bug. ***
Comment 13 Andrej Kacian (RETIRED) gentoo-dev 2007-12-05 21:30:27 UTC
3.0.2-r1 and 3.1.0-r1 fixed. Sorry about the delay, real life keeps insisting on being real for me.
Comment 14 Robert Buchholz (RETIRED) gentoo-dev 2007-12-05 22:35:59 UTC
second round...

Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1.
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 15 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-06 07:12:27 UTC
x86 stable for sure now...thanks Andrej.
Comment 16 Boney McCracker 2007-12-06 13:54:48 UTC
(In reply to comment #14)
> second round...
> 
> Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1.
> Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
> 
Unofficial: builds for me now on ppc.  Thanks.
Comment 17 Raúl Porcel (RETIRED) gentoo-dev 2007-12-06 15:03:02 UTC
alpha/sparc stable
Comment 18 Jeroen Roovers gentoo-dev 2007-12-06 18:21:28 UTC
Stable for HPPA.
Comment 19 Peter Weller (RETIRED) gentoo-dev 2007-12-06 19:51:18 UTC
Stable for amd64
Comment 20 Ferris McCormick (RETIRED) gentoo-dev 2007-12-06 21:04:41 UTC
Although -3.1.0-r1 is not part of this bug, it does fix the same security violation.  And it had the same problem leading to this retest effort.  So I'll report that -3.1.0-r1 is now good on sparc.  See Comment 13 above.
Comment 21 Markus Rothe (RETIRED) gentoo-dev 2007-12-07 14:08:14 UTC
ppc64 stable
Comment 22 Tobias Scherbaum (RETIRED) gentoo-dev 2007-12-07 16:56:09 UTC
ppc stable
Comment 23 Wendall Cada 2007-12-07 22:24:31 UTC
Just removing sylprint is not a fix. The compile currently dies for claws-mail-3.1.0-r1 ~x86 with the following error:
cp: cannot stat `../tools/sylprint.pl': No such file or directory
cp: cannot stat `../tools/sylprint.rc': No such file or directory
...
chmod: cannot access `sylprint.pl': No such file or directory
chmod: cannot access `sylprint.rc': No such file or directory
make[2]: *** [all-local] Error 1
make[2]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.1.0-r1/work/claws-mail-3.1.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.1.0-r1/work/claws-mail-3.1.0'
make: *** [all] Error 2
 * 
 * ERROR: mail-client/claws-mail-3.1.0-r1 failed.
Comment 24 Andrej Kacian (RETIRED) gentoo-dev 2007-12-08 01:07:01 UTC
(In reply to comment #23)
> Just removing sylprint is not a fix. The compile currently dies for
> claws-mail-3.1.0-r1 ~x86 with the following error:
> cp: cannot stat `../tools/sylprint.pl': No such file or directory
> cp: cannot stat `../tools/sylprint.rc': No such file or directory

Wendall, this has already been fixed - see comment #13. Sync please.
Comment 25 Wendall Cada 2007-12-08 02:09:22 UTC
Thanks. Working great now. Thanks for the quick patch! :)
Comment 26 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-08 23:38:32 UTC
voting time. I tend to vote Yes.
Comment 27 Sune Kloppenborg Jeppesen gentoo-dev 2008-01-06 18:12:02 UTC
Voting YES.
Comment 28 Robert Buchholz (RETIRED) gentoo-dev 2008-01-06 23:01:37 UTC
YES, request filed.
Comment 29 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-01-09 21:50:39 UTC
GLSA 200801-03
Comment 30 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:56:12 UTC
Does not affect current (2008.0) release. Removing release.